In separate deals, Microsoft recently joined forces with Computer Associates, and Cisco embraced Network Associates, Symantec and Trend Micro to help stamp out the increasing number of virus and worm attacks. The idea is to red-flag any computer system that isn't running up-to-date security software. It's part of a trend among the major software vendors, cooperating to remove computer security nuisances.
"We, as an industry, need to put aside our differences and solve the (security) problem," said Cisco President and CEO John Chambers, during the launch of Cisco's Network Admission Control, the program under which Cisco is partnering with antivirus vendors.
While few dispute that both Microsoft and Cisco have a genuine interest in improving the security of their systems, many experts believe that these initiatives will do more to help marketing and less to counter attacks.
"The problem with this approach is that it needs to include all the networking vendors -- not just one, or it won't work," said Russ Cooper, surgeon general at TruSecure and moderator of the NTBugtraq security discussion list.
Security experts say a physical world approach to fighting disease and crime needs to be applied to the virtual world.
If a city experiences an outbreak, like SARS, traffic is scrutinized to help stop the spread of the disease to other locations. Similarly, network traffic could be scrutinized for harmful data. "I have called for ISPs to become a checkpoint for viruses," said Cooper. "In response to an attack they should stop that traffic either by dropping the customer (temporarily) or the packet."
If there's an outbreak, then there should also be a cybercrime scene investigation team, suggested Chris Wysopal, VP of research at security consultancy @stake. "A perfect example is how the Linux Debian Team carried out computer forensics when they discovered that the Linux kernel had been compromised," he said. "They were able to figure out not only what happened but also what weakness was exploited so that they could repair it."
Certainly, there's already a level of cooperation within the industry. For example, when a new worm or virus is discovered, antivirus vendors e-mail information about it to their competitors. But they then compete on methods of detection.
"It wouldn't be a smart business decision on the part of the antivirus vendors to stamp out computer attacks," said Marc Maiffret, chief hacking officer at eEye Digital Security. "So there is always going to be a limit on the level of voluntary cooperation."
Also from Security Wire Perspectives…
- Attacks evolving toward exploiting network services
- Security Weekly Planner: The security manager's daily checklist