Blog

Virus Attacks: It’s Bad Out There and Getting Worse

Ara Trembly
Insurance Experts' Forum, December 10, 2009

My last blog entry about a particularly nasty virus attack on my business system prompted INN Editor-in-Chief Pat Speer to remark to me that things were getting pretty wild out there in cyberspace, and she could not be more correct. 

Virtually every Internet source I could find has documented increases in most kinds of malware over previous years, and predicted more doom and gloom for the years to come. But why should this be so? A whole new (and very profitable) industry has grown up around virus protection, and most of us are at least marginally aware that we need to do something to protect ourselves against intrusions, whether they be from disaffected pre-teens with nothing better to do, or from multi-national criminal syndicates who are making untold volumes of money by stealing information and often funneling the funds to terrorist organizations. 

Yet the problem continues to worsen and carriers, agents and brokers need to beware lest their customer data be compromised or stolen—a hellish nightmare in an industry that sells itself on trust. 

One reason this awful trend continues is that the bad guys and their products continue to be moving targets. Once upon a time, viruses were static pieces of software that, once recognized, could be easily dealt with. Today, however, malefactors don’t just build a virus program and keep using it, because once the virus is out there, software and security application vendors can get a look at it and develop a fix. Instead, just as with biological viruses, the bad guys continue to crank out mutations, or changes that will make the virus invisible to fixers and/or negate whatever efforts the good guys make to get rid of the offending apps. As a result, even though your anti-virus software will tell you that it has profiles on hundreds of thousands of viruses, it’s likely that the software doesn’t know about the newest variant just developed in Bulgaria, or some other far-flung place. 

Another reason is that the viruses themselves have been engineered to be more resistant to efforts to block or eliminate them. For example, the bug that attacked my systems kept hiding its own file names (or possibly changing them). Thus, tracking down the malicious files in order to delete and incinerate them became a true “cat and mouse game,” as Pat Speer called it. To make matters worse, it also did damage to one of my anti-virus programs, making it impossible for me to do a scan with that particular application. 

Yet another contributor to the increased success of malware attacks is that they are cleverly engineered to look like beneficial software. The malware that struck my system popped up out of nowhere and informed me that several evil-sounding bugs that posed a significant threat to my systems had infected my computer. The program used graphics that looked very much like Windows’ own security messages, and it is easy to imagine that many users would fall into the trap of downloading the “fix,” which is really more malware. 

I knew better, though; I wasn’t about to download any phony application. The problem, however, was that the virus went ahead and downloaded itself when I tried to close it out. When you think about it, there is virtually no way to defend yourself against such an attack short of sophisticated intrusion detection systems that are not widely installed. If experienced users can be victimized, how much worse will less seasoned users be hit? 

This is a losing battle, my friends, and unless the security industry steps up and starts marketing better intrusion and detection systems, it will only get worse. It could actually get to the point where larger enterprises will severely limit Internet access to a select number of computers or dumb terminals, which won’t be directly connected to the network. While that seems unthinkable given the way we do business in this day and age, we may in the end have no choice. 

Ara C. Trembly (www.aratremblytechnology.com) is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.

Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at ara@aratremblytechnology.com.

The opinions posted in this blog do not necessarily reflect those of Insurance Networking News or SourceMedia.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

Don’t Wrap Your Organization Too Tight With Metrics

Metrics provide a picture of how business is going, and systems are performing. But do they provide the right picture?

Insurance: The Original Shared Economy

Insurers should look to revisit the roots of the insurance process.

The Seven Flavors of Virtualization

There is no one single form of virtualization rather, different parts of the IT infrastructure require different approaches.

Can New Technology Turn Older Cars into Safer Cars?

Unless you have the means and motivation to buy a new car every year, your newest car is quickly about to become an older car.

What if Someone Kickstarted an Insurance Company

Our industry is evolving and implementing new innovations, particularly focusing on the customer experience, including the web and mobile.

The Transformative CIO

Today's technology leaders are expanding well beyond their traditional role.