Pages

Thursday, September 07, 2006

Risk displacement and hardware viruses

Check out this timely column from Adrian Kingsley-Hughes:

As Windows becomes harder to crack, could virus writers start to target hardware? "On August 25th, security firm Symantec engineers announced they had discovered a virus that leveraged a flaw in the AMD64 CPU. This virus, called W32/W64.Bounds, was capable of binding itself to Windows executables in such a way that made it hard to detect. However, it's now been shown that this virus doesn't have anything to do with in AMD CPUs, but instead with the X86-64 instruction set itself. But could this be a sign of things to come?"

Anyone who has heard me talk about risk displacement will know my answer to his question: Yes.

As you harden security in one area, softer areas will be targeted. Savvy security managers at large companies learned this in the nineties. As they began to install firewalls most attackers moved on to target other, less protected networks. In fact, this phenomenon is at the heart of the Turntide anti-spam technology that I helped develop. We bet that spam software would not waste bandwidth trying to stuff spam into networks that appear incapable of accepting spam at a high rate of messages per second. We were right.

And as Adrian points out in his column, widely deployed hardware is an attractive target for malware authors. The first Microsoft Word virus did not show up until Word was the most widely used word processing application. Email viruses did not appear until email was widely used. So the big variable in the emergence of a hardware virus threat is the extent to which a "hard to crack" version of Windows is deployed.

BTW, Adrian's web site is a gold mine of useful information about PC hardware and software, check it out at http://www.pcdoctor-guide.com/wordpress/.