Q&A: Why we've already lost the war of the web

 

Gallery

By Stuart Turton

Posted on 28 Jul 2009 at 16:07

F-Secure's Mikko Hypponen paints a grim picture of the online world and explains why things are only going to get worse

F-Secure's chief research officer, Mikko Hypponen, has been in the internet security business for almost 20 years. Here he explains why the threats to our internet security have never been greater.

Q We've seen a lot of innovative malware attacks on routers, DSL modems, even BIOSes recently. How worried should we be by these developments?

A We've seen these attacks against various non-PC devices in the past, but they've never really taken off. Attackers these days are only concerned with making money. It's fairly straight forward to make money attacking Windows computers. All you really have to do is infect a PC with software that monitors what people type and then wait for them to use their credit card. That information's easy to use, or sell.

Q Microsoft gets a lot of stick for Windows's security holes? Could it be doing more?

A Those critics wouldn't like it if they got their wish. We use general-purpose operating systems because they can do whatever we want with very few restrictions. That's why we like them. If we tightened them up, they'd stop being useful. We'd have to fight them to do anything. End users get more worried about this stuff than they probably should. If you're really worried just don't use Windows – there's plenty of alternatives. Same thing applies to your web browser. You don't want to surf the web with Firefox because most of the attacks now are targeting Firefox and older versions of Internet Explorer, so don't use those.

Q Security companies make money fighting viruses, so is there really any incentive for you to win the malware war?

A People call this a war, it's not. The guys creating these attacks go out and buy all the antivirus suites and then test their attacks against them, just like PC Pro does in a group test. So, if we've released a new suite that stops one piece of malware, they'll just modify it. They have access to our weapons and we don't have access to theirs until they've already hit us. They have all the time in the world to prepare their attacks, and we have only minutes and hours to respond. It's not a war because it's not something we can win.

Q That's a bleak picture...

A Ten years ago international crime was just drug trafficking and money laundering and smuggling, but thanks to the internet the number of international crimes has exploded and yet the resources to fight these crimes hasn't changed much at all. The FBI operates in the US only. SOCA operates in the UK only. But investigating the simplest internet crime will probably require five different countries working together. The harsh reality is that in most cases we don't even know what continent criminals are working from, and in the long run it's only going to get worse. Thankfully the good things about the internet outweigh the bad. We just have to make do.