Security: What to watch in 2005

Posted on January 03rd, 2005

Every year makes five predictions on security trends to watch in the coming year. You can see how the last year’s predictions panned out here. 

  1. Signature-based antivirus software is finished.
    Almost since its inception the antivirus industry has relied on signature-based systems. Each new virus is assigned a signature which is used to stop it entering the system. Sadly this kind of approach on its own is failing under the sheer volume of viruses, around 1,300 in the past month according to some estimates.Instead the industry will move towards a combination of signatures and heuristics. The latter involves monitoring file activity on the computer and blocking suspicious files or activities. For example, only malicious code needs to carry its own SMTP engine in an email so blocking all such files is a sensible step.
  2. Spam rates will regularly hit 90 per cent of all emails
    There is no end in sight for the spam wars and, as we get more and more accustomed to their tricks, the spammers will pump out more and more emails to try and get a better return. Spammers are increasingly trying dictionary attacks, similar to the methods used by hackers. This involves spamming a portal with emails addressed to every name in the book in the hope of hitting someone. There is no technical fix in sight for spam and, although the recent strengthening of anti-spam penalties is a good step, legislation won’t solve the problem either. The spammers will simply move to countries where no such laws exist. This problem isn’t going to go away for a while.
  3. Cyber-terrorists will remain mythical
    For all the talk of cyber-terrorists waiting to wreak havoc on the global village with carefully planted viruses or sneaky hacking there’s no evidence that such groups exist. Terrorists tend to deal in the physical and the direct. If bombs are going off in major cities then many people are terrorised. If their email doesn’t work they aren’t terrorised, they are inconvenienced. A far bigger danger is the large number of organised criminals aiming for your online bank account and worrying about terrorist hackers is a distraction.
  4. No Longhorn in 2005
    A slightly riskier prediction than the same one last year but still as true. Longhorn has already had one of the three pillars of its design withdrawn, and it may be slimmed down further as Microsoft struggles to release it. To be fair the company did take a lot of resources from the Longhorn project to deal with Windows XP Service Pack 2 this year, but for a behemoth like Microsoft that’s hardly an excuse. Even if the partially neutered Longhorn does make an appearance in 2005, it is likely to be rather buggy and only rolled out very carefully with a few trusted partners. It will be the brave administrator who takes the risk of using the first version of Longhorn.
  5. No security, no connection
    This last one’s a bit of a flier but the first steps will be in place by the end of the year. The major hardware, software and web companies are banding together to agree security standards, with the aim of making networks choosier about whom they admit. The idea is that when you try and log onto a website or join a corporate server your machine is scanned to see how secure it is. If you have a virus, or are simply not up-to-date with patches, the host will either limit your access or refuse admission. This is going to cause a lot of upsets when introduced, but the industry seems committed to it.