Experton Group Weekly IT News

Trojans Top Security Vulnerability list; Firefox To More Secure Development

By: Jerald Murphy

A recent security survey found that Banker Trojans constitute malware malicious code, while a separate report expanded on the security risks associated with cloud computing. In other news, Mozilla Corp. announced it intends to develop security metrics for Firefox.

Focal Points:

• A recent study conducted by Panda Security PandaLabs found that Trojans constituted 63 percent of all new malicious codes. Trojans were followed by Adware, at over 22 percent. For Trojans, Banker Trojans are both the most prevalent and dangerous of Trojan infections. The report cites the Sinowal, Banbra, and Bancos Trojans as the most active ones. Worms currently constitute over 13 percent of malware infections.
• A recent study from Enterprise Applications Consulting showed that cloud computing can pose many security risks. Some of the potential vulnerabilities include compliance issues, data integrity, and service availability, in addition to general security risks. Since cloud computing gives up direct control over the infrastructure and potentially data, IT executives need to think carefully about what types of applications are appropriate to use for cloud computing. In addition, many standards that have been developed for services and compliance, have not yet been translated into appropriate standards for cloud computing. One example of a compliance issue is that the Health Insurance Portability and Accountability Act (HIPAA) has no specific statements or standards regarding Offshoring of information.
• Officials from Mozilla said that they started a program that is intended to measure security metrics while developing Firefox. The program will measure how well developers deal with security challenges. The program will track both how security is handled, as well as how long it takes to protect end users once any vulnerabilities are discovered. One of the significant aspects of this development effort is that it will be completely open and public. Mozilla officials want the security community to be able to provide feedback on their security measures. Readers interested in finding more information out on this project can find it at Mozilla's security blog.

Experton Group believes security viruses will continue to spread faster than remediation efforts can be effective. As a result, application developers will need to be much more methodical in developing secure code in the first place, while an effort should move to include a data-centric effort on security protection. IT executives should develop metrics that track the change in overall corporate security posture, and move to incrementally improve the overall posture, focusing on shoring up areas of greatest risk to the business.