Sunday, January 01, 2012

Has Microsoft lost the malware war?

I thought of John Halamka was a fairly careful writer, so this comment caught my eye (emphases mine):

Life as a Healthcare CIO: The Joy of Success

... One CIO received a negative audit report because new generations of viruses are no longer stopped by state of the art anti-virus software.... No one in the industry has solved the problem...

He refers to a previous post ...

Life as a Healthcare CIO: The Growing Malware Problem

... A new virus is released on the internet every 30 seconds.   Modern viruses contain self modifying code.  The "signature" approaches used in anti-virus software to rapidly identify known viruses, does not work with this new generation of malware.

Android attacks have increased 400% in the past year.   Even the Apple App Store is not safe.

Apple OS X is not immune.  Experts estimate that some recent viruses infections are 15% Mac...

Ok, so those sentences are a huge hit on his credibility. App Store issues are in no way comparable to Android attacks, and that 15% number could only be true for Microsoft Office malware (Duqu attacks a TrueType font parsing engine), or for something none of the Mac guys I read have run into. Nobody I know in the Mac community uses antivirals - even now. The cure is, for the moment, worse than the disease.

So Halamka is a bit lost, but it is true that the Stuxnet and Duqu platforms are formidable [1]. That's presumably what Halamka is talking about, and what some CIOs are thinking.

I haven't seen this elsewhere, but I don't track the Windows world all that closely. This will be something to watch over the next few months ...

[1] Even OS X Lion is no more secure than Windows 7 (for now). The only reason those viruses aren't attacking OS X machines is because there's no money in the Mac world. If Macs were used in banks they'd be at least as vulnerable to Duqu as Windows. The future (next?) version of OS X is expected to, like iOS, run signed code only.

No comments: