Desktops under siege

The number of security threats PC users face has grown out of control in the past few years. But are SOHO users willing to pay for proper PC protection?

  • E-Mail
By  Mark Sutton Published  May 4, 2003

Security threats on the rise|~||~||~|The last few years have seen the spread of computer viruses reaching almost epidemic proportions. PC users are facing an endless stream of viruses—ILoveYou, Magistr, SirCam, Badtrans, Bugbear, Nimda, Klez, CodeRed—have all swept through networks around the world, causing untold damage and clogging systems with billions of unwanted emails. And still the virus plague goes on, despite an immeasurable amount of media coverage, leaving PC users under siege.

But it is not just viruses that are threatening desktop security. The same hackers that are busy creating and mutating viruses are also working with a whole box of tricks. Trojans, spyware, adware, keystroke loggers, DDOS agents, RATs—the list of threats goes on.

For the Middle East the security risk is particularly severe. As PC and Internet penetration grows in the region, so more and more users go online, often without a proper awareness of security issues. Where companies, organisations and end users in the West have been online for much longer than the Middle East, they have also had much longer to become aware of the need for security. This makes the under-protected networks in the Middle East a much more attractive target.
Also, with the political situation in the region being what it is, hackers around the world are looking to the Middle East for other reasons than the number of naive users that present an easy target.

The tools that the hackers can use are also getting simpler, meaning that attacks over the Internet are no longer just the preserve of the elite, but can be perpetrated by any script kiddie with an Internet connection.

“The penetration of the Internet is increasing everyday, we see more and more people getting connected to the Internet and we also see more and more [hacking] tools becoming available,” said Abdul Karim Riyaz, director of eTrust security solutions at Computer Associates Middle East. “A person who is not really very IT-savvy can get some tools from the net and use them to disastrous effect.”

||**||New products for SOHO market|~||~||~|But while big businesses and organisations have had the benefit of security consultants to help them defend their systems, the end user, whether in a small business or at home, has not had the same resource to rely on. Awareness among SOHO users is very often lacking, both of what products are available and of how to utilise them products to protect their systems.

Awareness of the need for anti-virus software has risen over the past few years, driven especially by coverage in the media, but even so, Riyaz does not believe that everybody has got the message, with a good percentage of users still not deploying anti-virus software.

Johan Du Plooy, CEO of security consultancy Risk Diversion, said there were a number of reasons why people didn’t use anti-virus software. “Sometimes there is an economic issue to it, it is not that the products are too expensive, it is just that sometimes people can’t afford to do it. Sometimes they feel intimidated to use the products, because they don’t understand the concepts—there are probably more people out there who don’t understand than who do understand the positives of using anti-virus software,” he said.

The amount of viruses that circulate for a long time certainly suggest that many users are not aware of the need to maintain their anti-virus software. In March 2003, the most common virus was Klez, a virus that has been around for a long time, prompting Graham Cluley, senior technology consultant with Sophos Anti-Virus to suggest that those who were infected could not have updated their anti-virus software for at least a year.

But despite the ongoing difficulties with educating end users, the security software companies have not given up yet. Prajit Arrakal, Symantec business unit manager at Aptec said that retail makes up approximately 35% of the distributor’s sales with Symantec, and they are starting to see demand for products other than anti-virus from the SOHO users. “On the retail front we have a product called Norton Internet Security, which contains the retail version of Norton Anti-Virus, an intrusion detection system and a firewall.

“For the last six months or so, we have seen an increase in interest from people in buying these products for their laptops or home machines. For home users, while you are connected to the Internet, you will see a lot of ping sweeps, or you may suddenly see the performance of your PC going down for no good reason—it is probably somebody fiddling around with your machine, so people are realising the need for a firewall, and intrusion detection,” he explained.

The implications of these sort of security intrusions go beyond being a mere inconvenience to the end user. Hackers can plant software that registers keystrokes, which can then be used to reveal things like credit card numbers to the hacker. Anti-virus software does not usually detect the type of hacker tools that plant this software on a PC, and often the end user puts the applications there by accident.

“People go to different web sites and download so much content—music, screensavers, and so on, and along with the content, which he assumes to be safe, could be some other content, like a trojan, or a dangerous applet, which then resides on his PC, and opens up a door for someone to take control of his PC,” Riyaz said. “There is a need for end users to understand that along with anti-virus, they have to have other software on their machine, not just to protect himself, but to protect the community as a whole.”

The use of distributed denial of service (DDOS) agents to take control of someone else’s PC, and then using that PC to launch attacks on another network has been observed by security companies for some time, but there could be implications to the home user of failing to secure their PC, said Du Plooy. “If someone uses your machine to deliver spam all over the world, somewhere along the line you could be held accountable,” he said. “If your system is being used and it costs people money, what is going to stop them from suing you?”

Alongside firewalls and intrusion detection, SOHO users are also being offered solutions for content filtering and blocking spam. Demand for most of these solutions is still mainly at the corporate level, but with various releases aimed at the retail market, it is clear that the software companies expect to see more business in this segment sooner or later.

“Probably six months ago, most large corporations were happy with IDS and a firewall, but we are seeing more and more people focusing on content management, URL filtering and blocking and also on spam filtering,” said Riyaz. “URL filtering for blocking some of the non-productive sites that employees visit during office hours, and spam filtering of traffic coming into the network, but still a good percentage of companies are not aware of the bandwidth and resources that are being utilised by this useless mail.”

||**||Why won't users pay for anti-virus?|~||~||~|But even though the software companies are developing these solutions, getting them to the small users that need them is another challenge. Mainly, it is a question of economics—retail sales are much more expensive compared to corporate sales. “We have been focusing on the corporates, because there is one door to knock on and a couple of hundred licences to land,” Du Plooy explained.

Justin Doo, managing director of Trend Micro Benelux, Middle East & Africa, said that while Trend has done retail pushes in the past, it is a difficult market to make work. “Retail strategy takes a totally different model. We have to get inside the mindset of the customer, the brand has to be seen, but that is the very obvious bit, there is a heck of a lot more that needs to be put in place,” he said.

One of the major concerns with retail is the cost of having to ship boxed products, which typically don’t sell at a very high margin. Another concern is being able to provide adequate support for a large, and uneducated customer base. On top of these factors are problems unique to the way anti-virus software has been promoted.
Often anti-virus software has promoted through free trials, either available as a download or included on a promotional CD. While this is a good way to get the product to the customer, Doo believes it reduces the perception of worth of the product, and also many customers simply switch between one free trial to the next, without ever paying for the application.

Another popular marketing ploy with anti-virus software has been pre-installing the software on new PCs. This has almost become standard practice with most of the big name brands, but has failed to gain much uptake among local PC assemblers, who have concentrated on price rather than value addition. Also, getting customers to change their pre-loaded software, which is usually just a 30 or 90 day trial licence, to a full year’s licence is not easy. “For someone to upgrade is quite easy, when it expires it tells them to click on a particular URL, and they can upgrade online, but if you look at the conversion of OEM into full retail I would estimate it at 20-25%,” Arakkal said.

Online selling of security software has also been used to target the SOHO market—Computer Associates for example, has a whole suite of products available for around $40 through its web site, but both vendors report that there is the usual resistance to buying online from this region, such that both of them are looking to channel partners when it comes to selling to the retail market. CA is aiming for a big push to channel partners, to try and regain some of the market recognition that its Innoculate and Innoculan products used to enjoy, said Riyaz, and will be revamping its structure to provide more technical and marketing support, as well as aggressive pricing for the channel.

For Aptec and Symantec, the aim is to change the mindset of some of its retailer partners, to make them more proactive in selling desktop security. “This is where more and more we are relying on our Software Partners [Symantec’s retail level partners]. From this market the trend has always been the consumer coming and asking for a product rather than somebody pushing a product. We are hoping to change that, with the structures we are putting in place as a value-added distributor. When we have new products hitting the market, we will have some sort of programme to upsell the products.”

||**||Handheld security|~||~||~|Although anti-virus software and other security solutions may seem like a hard sell to SOHO users, there is one segment of the market that is likely to create a lot of demand for security in the near future. More and more mobile professionals are switching not just to handheld devices such as Pocket PC, smart phones and PDAs, often with always-on connections. The problem is, that often these devices are bought by the user themselves, and then integrated with their company’s network, with no thought for the security implications.

“We as end users are the IT manager’s ultimate nightmare,” said Justin Doo of Trend Micro. “I bought a Palm the other day—I got the manual out, quickstart, plug this in, plug that in, put the software CD in your drive and away you go—did I tell anybody I was doing it? No.”

The situation is typical of how these devices are finding their way into the corporate environment, Doo said. With end users downloading software and beaming files to each other, it is almost impossible for the IT manager to keep track of what is going in and out of the network, causing a major security problem.

To remedy the situation, Trend offers anti-virus software for the Palm, which can be downloaded for free. Of course, it requires a certain degree of end user awareness to make sure that the software is downloaded before other applications, but Doo said that it at least gives the IT manager the basic tools to manage handheld security.

“It is freeware. The reason we give it away is it will typically appeal to somebody who has already got Trend on their desktop, you need the desktop agent to pick up the [virus] pattern files. We could charge for it, but for an IT manager, it is edge of network, so it is far easier for him to be able to have an internal site on his network, [to host the software] and educate his users that he will support certain handhelds,” he said.||**||

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code