« Where have all the worms gone? | Main | Why would anyone attack me? »
March 28, 2005
Malware on every device
The Register has an amusing article on exploiting cell phones. We are seeing these kinds of stories with increasing frequency of late. For example, there is a recent article on a Sybian trojan that is attacking AV. But cell phones are not the only devices that are at risk of being targeted by attackers. As devices with increased computing power proliferate, so more and more of them are going to be vulnerable.
This will extend to all sorts of devices. For example, there was the rumor about a virus in Lexus car onboard computers - which was unfounded, but none-the-less points the way to the future, since such a virus is feasible. Other devices include things such as home entertainment systems, home control systems, even toasters!
The implications of this proliferation of devices for security are huge. We can no longer rely on the old antivirus model of updating signatures to take care of the problem. Signatures are too slow, too reactive and too costly. Furthermore, devices will be vulnerable immediately they are shipped, and signature-based AV is not going to help, because by the time the user gets the device, the signatures will already be out of date, and many people won't be able to or want to keep those signatures up-to-date: according to a NCSA/AOL survey in October of last year, two-thirds of PC users do not have up to date AV.
Think about it: would you want to pay for signature updates for your TV, your car, your computer, your cellphone, your ...?