Software // Enterprise Applications
News
3/22/2004
03:42 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Security Watch: Flaws Exploited Faster

The only good news in last week's report from security vendor Symantec Corp. is that the rate at which Internet vulnerabilities were being found leveled off at seven per day in the last six months of 2003. The bad news is that now those flaws are being exploited much more quickly.

A concern of security pros is the time from when a vulnerability is disclosed publicly--often by software makers, who publish patches at the same time--and when writers of worms or viruses write malicious code to exploit it. "We looked at the life cycle from vulnerability to attack, and we could see that the speed is consistently getting faster and faster," says Vincent Weafer, senior director of Symantec Security Response. Weafer compares the three weeks it took for the Blaster worm to emerge last August to the three days that elapsed between the recent leak of Microsoft source code and an attack based on that code. The compressed time leaves businesses increasingly vulnerable, since days or months can pass before typical companies deploy patches.

Compounding the problem is the fact that blended threats, such as viruses that install backdoors for hackers after successful infections, are on the rise. They tend to be more sophisticated and damaging. Blended threats make up more than half of the top 10 malicious-code submissions Symantec received in the latter half of 2003. Of the top 50 submissions, backdoor-capable code increased 123%.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A UBM Tech Radio episode on the changing economics of Flash storage used in data tiering -- sponsored by Dell.
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.