From the Security Experts

April 16, 2009

Real or Perceived: Dealing with Internet Threats

By Chief Executive Officer

From a publicity standpoint there is no doubt that Conficker has exceeded the expectations of its developers. They probably weren’t expecting a feature on Sixty Minutes but they got one, and it had the intended effect. A multitude of Internet users are now acutely aware that there is a new threat in town and people are worried. My mother called me, as she often does when she hears about such things, and asked what she should do. She understood that the desktop protections she has can be subverted and mentioned friends were considering just unplugging their computers and staying offline for awhile. 

Conficker injects a new set of malicious capabilities into the Internet experience and the fact that it has not yet revealed a grand malicious purpose is really beside the point. What is the point is that Conficker can be used for many malicious purposes and can be directed at many targets simultaneously. Even though network operators, security companies, and end users are on red alert, and some are even monitoring the progression of this new threat with wonderful graphics showing a near complete global coverage ratio the worm has achieved, many are still taking a wait and see approach to dealing with Conficker. 
We can’t keep arriving at this point without concluding that, real or illusory, we need to figure out a better way to deal with threats, in a way that accounts for the angst people increasingly feel. Going online is becoming a game of chicken, and that is just not what most Internet users are looking for (and paying for). Everyman needs to be completely comfortable when they access the Internet, rather than completely confounded. 
Perhaps the only bright spot is that some ISPs are actually looking into doing something about this new threat. To get there, they have to go beyond addressing the potential network threat and actively consider dealing with the problem my mother faces – namely, the ever increasing and unpleasant tension in the online experience. The average user gets told desktop solutions can be rendered ineffective once the worm is in control, and are then resilient and resistant to discovery and remediation. Having seasoned Internet users weigh in with commentary about how “they have never had their credentials, money, identity…” stolen does little to ease the tension. Average users see them for what they are: experts who have skills and experience that they don’t. Simply telling users “don’t worry” is not enough anymore, certainly not for my mother. 
I have written before about a Trusted Internet Experience and remain convinced that it is a worthy and achievable goal. Enabling a Trusted Internet Experience will allow individuals to browse, interact and transact online without fear of identity theft or exposure to illegal or malicious content. It preserves the freedom to explore, create and share content, while maintaining privacy and removing the immense burden on Internet users to provide and maintain the technology needed to protect themselves from an increasingly complex and continually changing range of online threats. 
I have always believed that the DNS can play a central role in delivering the Trusted Internet Experience and that belief continues to be validated.   The experience with Dan Kaminsky’s vulnerability and now with Conficker are recent examples of how the DNS has proven, and will continue to prove, to be tremendously useful in deterring threats to networks and end user subscribers. Authoritative DNS servers have played a role thus far but caching servers can become the first line of defense when loaded with Conficker domains (or any other malicious domains for that matter). With this approach service providers are in control of their own destiny, and more importantly in control of the subscriber experience. They also gather important data about infected hosts for subsequent remediation efforts.  
The role of the DNS does not stop with Conficker, or with botnets in general. It can be inducted in other battles – to stop spam that carries malicious links that lead unsuspecting subscribers to malware, to prevent accidental exposure to horrific content on the Internet, to debarb phishing attacks, and more. Additional evidence of the power and the possibilities of the DNS emerges every day. 

Edited by Jessica Kostek