Free software and files downloaded from P2P network Kazaa will pose one of the most significant threats to corporate security in 2004, according to research from risk management specialist TruSecure.
Last year was reportedly the worst ever in terms of virus attacks, disruptive worms and security threats, but 2004 is likely to be even worse. TruSecure expects problems to arise from the sheer volume of both corporate and home users unknowingly downloading Trojans and other malware from P2P networks. Additionally, the company warns that more vulnerabilities in Windows and Internet Explorer will be exploited, causing havoc for administrators.
Bruce Hughes, senior analyst at TruSecure, said research carried out by the company has revealed that around 45 percent of the files downloaded from Kazaa contained planted viruses, back doors and Trojans: "Organisations need to warn their employees about file-sharing applications and the danger they pose to them at work and at home," he said.
Hughes expects another major worm outbreak -- similar to Slammer and MSBlast -- to disrupt IT systems and cause billions of dollars worth of damage at some point in the year, but he also warns that mass mailers, such as Sobig, will continue to mutate and spread. "We expect there to be another big event in 2004 that causes at least a billion dollars' worth of damage. The network-aware worms are perimeter-killers for organisations and we will continue to see the impact of mass mailers," he said.
However, it's not all bad news. Hughes expects that people will be less tempted to write and release malicious code onto the Internet because software companies and governments are actively hunting down virus writers: "Governments are getting more and more serious and Microsoft is putting out bounties on hackers. If they catch someone important, like the author of Blaster or Sobig, they are going to make an example and throw the book at the person," he said.
Talkback
I have worked as an IT consultant for over 15 years and have worked with dozens of large companies. In that time, I have never worked on a site where anybody was allowed to install their own software on PC's.
It was a struggle to be allowed to install the developer tools needed on some sites!
In the UK, I have yet to work on a site where installing your own software on a company machine isn't a disciplinary offence (and in some cases can lead to instant dismisal). I've actually witnessed employees being marched off site for copying software.
For security and copyright reasons, any new software must be installed through the IT/IS department. Also, on most clients sites, even the ports for external e-mail and IM clients etc. are closed and web sites like Hotmail and Yahoo mail are barred...
I would have thought this would have been standard policy for any medium to large sized organisation.
And if a consultant comes in, they usually are assigned a PC, they are not allowed to attach their own laptops etc. to the network. Although they are often allowed to use the laptop to dial into their own corporate network for e-mail.
I hear you - OTOH Try the eductaion market - at Universities the ability to control your desktop is often considered a right (not a priv)