If there is an overriding theme to 2005 it is the death of the worldwide computer virus. But, although the number of global outbreaks has shrunk dramatically, this is not a cause for celebration.
In the good old days malcontents wrote viruses for the recognition; it was a good hack and showed your technical prowess. The bigger commotion you created, the more 'cool' you were.
Nowadays, and this year in particular, no-one is going for bragging rights. Instead people write viruses for money, and the two main ways to get it are identity theft by installing a key logger, or by creating a slaved PC controlled by a Trojan.
The trend was spotted in January but has got steadily worse. We've only really seen a few mass virus outbreaks this year; variants of Sober spread far and wide in Spring and another has ripped through servers in the past two months.
There has also been an increasing shift in the method of virus propagation. While most still rely on social engineering to get the user to open an attachment, an increasing number want you to visit a web page that contains malware which is then injected onto a PC via improperly patched browsers.
A lot of attention was paid to browser integrity this year, and every flavour fell victim at some point. Internet Explorer was hit so many times that Secunia recommended dropping it, the techies' favourite Firefox went down with multiple flaws, Apple's Safari wasn't immune and Opera hit a bum note.
But it was not just browsers that suffered a rough ride in 2005. Applications came under the spotlight as hackers started to look for ways around corporate firewalls.
With all these attacks, patching was a bigger issue than ever this year, in particular the time taken to patch vulnerabilities. One researcher waited two years for a patch before going public on the flaw. Even after the company released 85 patches in one mega-batch questions were still being raised about its commitment to security.
The increasing conflicts between security researchers and vendors were highlighted when an ISS researcher was fired for revealing a flaw in Cisco's products. Cisco and his employers took out a gagging order and tried to get websites hosting the information shut down.
Meanwhile for every Microsoft patch released it seemed that this year there was an army of hackers working feverishly to reverse engineer the code. In August it took just three days from patch to exploit, and by October it was under 24 hours.
In its favour Microsoft hosted a session with hackers to look at Internet Explorer 7's code, something that would have been unheard of last year.
Courtesy - Iain Thomson, vnunet.com
In the good old days malcontents wrote viruses for the recognition; it was a good hack and showed your technical prowess. The bigger commotion you created, the more 'cool' you were.
Nowadays, and this year in particular, no-one is going for bragging rights. Instead people write viruses for money, and the two main ways to get it are identity theft by installing a key logger, or by creating a slaved PC controlled by a Trojan.
The trend was spotted in January but has got steadily worse. We've only really seen a few mass virus outbreaks this year; variants of Sober spread far and wide in Spring and another has ripped through servers in the past two months.
There has also been an increasing shift in the method of virus propagation. While most still rely on social engineering to get the user to open an attachment, an increasing number want you to visit a web page that contains malware which is then injected onto a PC via improperly patched browsers.
A lot of attention was paid to browser integrity this year, and every flavour fell victim at some point. Internet Explorer was hit so many times that Secunia recommended dropping it, the techies' favourite Firefox went down with multiple flaws, Apple's Safari wasn't immune and Opera hit a bum note.
But it was not just browsers that suffered a rough ride in 2005. Applications came under the spotlight as hackers started to look for ways around corporate firewalls.
With all these attacks, patching was a bigger issue than ever this year, in particular the time taken to patch vulnerabilities. One researcher waited two years for a patch before going public on the flaw. Even after the company released 85 patches in one mega-batch questions were still being raised about its commitment to security.
The increasing conflicts between security researchers and vendors were highlighted when an ISS researcher was fired for revealing a flaw in Cisco's products. Cisco and his employers took out a gagging order and tried to get websites hosting the information shut down.
Meanwhile for every Microsoft patch released it seemed that this year there was an army of hackers working feverishly to reverse engineer the code. In August it took just three days from patch to exploit, and by October it was under 24 hours.
In its favour Microsoft hosted a session with hackers to look at Internet Explorer 7's code, something that would have been unheard of last year.
Courtesy - Iain Thomson, vnunet.com