Slashdot Mirror
Security Threat Changing, Says Symantec CEO
narramissic writes "At the Symantec Vision event in Tokyo Thursday, chairman and CEO John Thompson spoke about a shift his company has observed in the threat posed to computer users and companies by hackers. 'While a few years ago many people were much more focused on attacking the machine and attacking the broad-based activities that were going on online, now all of a sudden we've noticed a significant shift in both the type of attack and the motivation of the attack,' he said. 'The attacks that we see today are more targeted and more silent and their objective is to create true financial harm as opposed to visibility for the attackers.'"
I've read this ... like 5000 times
Anyone else accidentally read that as "CEO Jack Thompson" the first couple times?
Karma: Incomprehensible (Mostly affected by posting at +5, reading at -1, and metamoderating everything unfair.)
I guess now they want money instead of just bragging rights.
In the land of the blind, the one-eyed man is usually crucified.
foiled!
Anyway, I think the hackers have grown up, they no longer need a name for themselves, that's what myspace is for. Now they can focus on world domination.
CEO: Quick! Vista is too secure and our products are too badly written to rewrite them for Vista. We need a new business model!
Marketing Department: There's this... threat, yeah, threat... to like, businesses. They have a lot of money... maybe we can sham them for a few more years?
CEO: Brilliant!
A. CEOs know nothing
... which ones?!?!?
B. Corporations are useless
C. Symantec couldn't find a virus if it was handed to them on a floppy disk
D. We pay them 10s of thousands of dollars a year, and their support is worthless. You can't get them to contact you when needing them due to an infection taking down your network, yet they bug the crap out of you to complete the "support survey" sent after the call where they didn't help.
We had a zero day attack. We used free sources and in-house scripts and such to resolve. From the first minute we asked Symantec for help, and they were worthless. They told us virus defs had been out for years to find the virus, but this wasn't true. Their wonderful "deepsite" response that came back after we sent them the actual infection stated, and I quote, "uses some specific vulnerabilities."
In the end, we actually paid them more money for nothing and fixed it ourselves using free information and tools available online as well as in-house work. Good team we got here. Bad team at Symantec.
'Nuf said
How much does this guy make a year? I can give him a few more tips if they'll pay me, too.
"The need to build the internet comes from something inside us, something programmed... something we can't resist."
What the heck does that even mean? As best I can tell from context in TFA, it's a typographical error, and they meant "board-based," which makes sense when paired with the idea of simple defacement. But I could also see it being corporate-speak for "a broad range of attacks" or something.
"Broad-based" sounds like a pornographic term, as opposed to "dude-based" I suppose. Which also makes some sense, since pornographic sites seemed like high-profile targets for defacement.
what the hell is a 'junk character', anyway?
Ok so I've read the news clip and I'm not to sure what is being said. How is what is being described anything new, much less a "major shift."
~ In Trust, We Trust ~
That motherfucker sold me some really BAD crack. oh wait, John Thompson. You're still gonna die at the hands of Wolf Bearclaw FAG!!!
- Wolf Bearclaw
"businesses will have to spend more time and energy on making sure that data is not just secure but also recording which users are accessing and manipulating information stored in corporate databases" which are housed overseas and manned by guys who would kind of like to behead your infidel children.
Good. Now maybe people will take these threats seriously. When I started using computers (in the 80's) viruses were a serious threat. People talked about viruses with fear in their voice. These days they're just a nuisance.
Oooh, that virus sends itself to all your buddies in your address book. How TERRIBLE! Wow, a virus pops up windows on your screen even though you didn't ask for it. How NAUGHTY!
When I started using PC's, viruses would wipe out your entire drive. They would delete critical files. They would overwrite your boot sector. They would wipout your FAT table. Now THOSE were some viruses!
Once viruses get back to the level of actual harm, maybe people will stop clicking around willy nilly and will start to invest--on both the corporate and consumer sides--in some real security.
Have fun: Join D.N.A. (National Dyslexics Association)
The new security threat is from Symantec products!
It's preloaded on new computers and there's nothing you can do to prevent it. Once you get the computer, it begs you to install it, if you do, god help you. If you change your mind about using norton, well... you've got a long night ahead of you, crack open a bottle of wine and fire up regedit.
And if you don't uninstall it, and let it lapse, it'll be peppering you with "renew norton!" for the next thousand years. Ditto with McAffee.
These cures are worse than the disease. At least a zombied computer isn't spitting up "Renew NOW" dialog boxes.
-----
Says Semantec CEO
objective is to create true financial harm as opposed to visibility
-----
And thought one CEO has the guts to spill their buisiness plan to general public.
Why UNIX?
I am not very sure he is raising this issue just to justify his AV product's position in the current turmoil due to the new M$ policy.
and how can you now there were posts before i hit "reply" because there weren't
We've got an active threat going on within our corporate network, it's already been determined to be within an existing worm family, and we get this response from one of their techs:
"We do virus *detection*, not necessarily virus removal."
You're telling that crap to a Gold support customer, Symantec, and you expect those of us in the field to give a tin shit what your opinion is?
Word of advice: quit expressing opinions and start doing your goddamned job.
...but it's to Symantec's business model, not to consumers.
And this changing threat is called "phishing." We've seen phish attacks now for what? Three to four years or more? The fact that Symantec CEO John Thompson is mentioning this so many years after it became a problem is more an indication that the company's existing line of business is doomed.
With Microsoft OneCare coming out for home users and ForeFront (formerly Antigen) coming out for busineses, coupled with security improvements in Windows Vista and the forthcoming "Longhorn" server, Symantec's days of deriving revenue from gaping hole's in Microsoft Windows security are numbered.
CEO John Thompson is right that there's a new threat out there, and he had better find a way to hype it if he plans on staying in the CEO chair for much longer.
Regards,
Anonymous Coward
P.S. Posting as AC because I work for a competitor of theirs, although we're so small they probably run ad campaigns that are ten times the size of our yearly revenue.
I don't think this is anything new... Targeted attacks for financial gain were going on since at least the 1980's, so whats new about this?
Now if only we could authorize a company of elite paramilitary types to give script kiddies and spammers the same treatment... (evil grin).
Quo usque tandem abutere, Nimbus, patientia nostra?
Just last night, the hospitatal I work at got attacked by a virus cluster. In my 10 years of IT work, I've never seen anything like it. It focused on WindowsNT4.0 server, and when it hit, it had no less than 10 seperate trojans and viruses going on at the same time. We'd clean one server, and it would just get hit by another one. We figured out the address of the server that the infected machines were phoning home to, and the different virus types were all calling home to the same machine. It was like an infected machine would scan itself with a modified security analyzer, then phone home, and grab any viruses or trojans it could that would target the vulnerabilities identified by the security analyzer. Someone out there is operating a catalog of rootkits and trojans and viruses. Nastiest thing I've ever seen. When your company gets hit by one of these things, you'll know. The future of viruses involves malware security scanners and catalogs of viruses and trojans.
GIANT LUMBERING ROBOTS!
Why won't the CEO of Symantec tell it to us straight? Maybe it's because his company HAS NO SOLUTION to the lumbering robot problem?
was msblaster. All those antivirus companies do is convincing people that if they pay $200 all those shiny buttons and icons in their tray will make them invulnerable to all dangers. People believe antivirus companies and proceed to click on everything they see in the web, get infected and then there's a huge conference about "security threats" where all those $200 bills are spent. IMO prevention shouldn't mean installing tons of resource-eating software, but just teaching common sense. I am really starting to think that there should be some kind of exam before one is allowed to access the internet.
Symantec CEO John Thompson hasn't got a god damn clue what he's talking about, technically. It's all marketing tripe made up by product wonks trying to protect their little fiefdoms. The AV guys produce statistics about automated threats, the ESM dweebs jump up and down about internal automation and reporting, the Bindview guys ramble on about compliance reporting, and the ex-Veritas guys still think that storage+access=integrity(tm) or some such incomprehensible word-salad. It's all a bunch of hooey, and not even very creative at that.
So when he says that security threats are shifting from the tremendous noise of script kiddies to the eerie silence of targeted attacks by internet mafiosa, what it means is that Symantec sees more margins in enterprise products, content-aware IDS, and other tools to insinuate Symproducts deep into large orgs. The attack trends haven't changed that much, but John Thompson's cheese has been moved.
-(posting AC for guessable reasons)
Symantec security is reactive, not proactive. Which means its quite useless against specific directed attacks.
After all, AV signature is only generated AFTER the V is seen in the wild.
What we are talking about here would be very directed V (and other attack vectors). There are solutions, but the only way the Symantec can offer them is by converting to a service (not product) model.
That's putting your foot in your mouth, CEO...
Unless, of course, Symantec comes up with a proactive product solution (as much as I would wish for this, I am not holding my breath).
Ratboy.
Just another "Cubible(sic) Joe" 2 17 3061
'Our new anti-threat sotware protects you from this invisible mumbo jumbo. Ohhh don't you worry, we're still relevant because we still produce software. I mean think about it'
and i've been an anonymous coward for years.
In other wods, you NEED to buy their service NOW or face financial ruin at the hands of some vodka-faced smelly Bulgarian smoking second-hand cigarette butts in a basement apartment with dripping water and sewer pipes who has a live-in girlfriend with the hairiest legs outside of italy and a nose that'll beat the wicked witch of the east.
... be very scared
"At the Symantec Vision event in Bangalore Thursday, chairman and CEO John Thompson spoke about a shift his company has observed in the threat posed to computer users and companies by hackers. 'While a few years ago many people were much more focused gaining visibility, now all of a sudden we've noticed a significant shift in both the type of attack and the motivation of the attack,' he said. 'The attacks that we see today are more targeted and more silent and their objective is to create true bodily harm to the user as opposed to true financial harm.'"
FUD. (btw, I like the new beta tagging system)
Hypocrites.. One major reason for disaster is Symantec themselves by supplying the user with a make-belief security solution while they are in fact only out for their money. I have seen this happen just too many times to be seriously appalled by Symantec..
An old neighbor of mine (computer illeterite) buys a PC which has everything installed 'out of the box' including anti-virus, and firewall and stuff. Everybody happy. Sure... For 6 months, because then the virus scanner and the firewall stop working because it was only a trial version. My neighbor sees a few warnings about "no firewall" but since everything keeps on working ("I paid for a working PC to go on the Internet didn't I?") and he simply paid for Internet access which is what he got nothing seems to be wrong.
We know better, yes. He doesn't. I think it is an OUTRAGE that assholes like Symantec provide trial versions to users who only want to use their computer and firmly believe that the software they got with their computer is software they paid for and as such see no harm if things stop working. So please don't give me this hypocrist crap. If there is one problem for comprimised Windows PC's on the Internet its Symantec themselves because they desperarly try to make more money.
It's when they use blanket statements like "hacker" that cause the most harm. If you're intelligent enough and actively participate in the "hacker" community then you'd know how much of a perjorative that using words like this is.
They should say "Network Hackers" or "Criminal Network Hackers", just to clarify it. More than likely though, the people who are doing this stuff are just script-kiddies and the real hackers are causing very few people harm.
The change was already blatantly visible a year ago. You can separate the malware of today in 2 groups:
Malware that is used to spread more malware (i.e. mail worms etc)
Malware that the first malware spreads that siphons money from you.
Now that we crack down on their servers (because you have to gather the info somewhere), and with the increasing speed we can do this (currently we're at about a week between detection and shutdown, and we're getting faster), I can see the advent of a third group: Malware that turns your computer into a data mining server.
But so far, that's still in the future. I'd wager about half a year 'til we see that group of malware emerge in force. So expect a report about it from Symantec in 2008.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Does anyone else have a problem with the statement about the goal being financial harm. I'd say that is a result... the GOAL is to steal money.
this is ~obvious~, but what it boils down to is a change in the economic realities. In the past, virus writers and other miscreants did what they did for social reasons: a sense of power, peer recognition, proof of concept, etc... Today, spammers, identity thieves, scammers, and so-on are paying cold hard cash for access to bot nets and/or comprised systems or the information which they contain. Economic forces have effectively converted one-time bullies and vandals into a new form of organized crime. Types of crimes which are evolving much faster than traditional law enforcement and lawmakers can keep up with. Sure... stealing money by any means is still stealing, but the knowledge required to catch and prosecute these kinds of criminals is not exactly common.
The Digital Sorceress
I think it is more the case that Symantec and the other well-established Information Security vendors are like dinosaurs stuck in hot tar. The environment around them is rapidly changing, and the smarter of them are now starting to recognise that their existing income streams are becoming less relevant - as Microsoft makes security improvements to their OS, and the attackers continually test against the security products to improve their ability to avoid detection. Now that they are identifying it, it is still going to take some time for them to adjust to the new environment and results are going to be mixed (when was the last major discovery by Microsoft's much-acclaimed honey-monkeys?).
The third group of malware that you predict is out there and steadily gaining strength. Malware such as Haxdoor is used to extract as much juicy information as possible, before becoming a second stage malware (the money siphon). With the presence of significant botnets, easily written spiders / robots, it becomes a matter of how you define 'malware'. For example, some security vendors are classifying the distributed SETI client as malware, because clients are too lazy to block it via policy or other enforcement methods.
Of course, there are InfoSec companies out there that have been focussed on the changing environment from the very start.
InfoSec that matters, when it counts.