This week in our seminar we discussed cybercrime, including its implications/impacts and how to stop/prevent its spread. We discussed some truly fascinating topics, but I want to discuss in my post today a very interesting thought I had that we did not discuss, which is the trend of computer malware over time. Today, it personally seems as if computer viruses and malware are not a threat to my personal daily computer use. I don’t use any sort of third-party antivirus software, and I’m not too careful while I browse the Internet. However, I have not gotten a visible virus in years. Five to ten years ago, I could not say the same. Computer viruses were a huge problem plaguing the computer industry. Antivirus software was pushed as a necessity for any computer, and restoring a computer was a routine task.
I was curious why this was the case, so I went and did some research. I found a thread on Quora that makes some interesting points on this topic. First, a reason we do not perceive computer malware as a threat as much as we did before because it is no longer intrusive. Everyone’s computer has malware and viruses on it, but the nature of the malware has changed. Malware has transformed over the years from being an intrusive attack to a stealthily listening for information in the background. Secondly, security on the operating system level has become much better for both Windows and Mac in the recent past, which has closed much of the vulnerabilities already exposed. Thus, security has become less of an issue on a personal level because of increased security in the operating systems and the transformation of malware. In short, malware today is more likely to come in the form of unintrusive botnets (like the attack on Dyn) or other tactics than a traditional computer virus.
Great work, Doug. I agree with your analysis. It’s not only that OS manufacturers have built more secure systems, but the wide-spread adoption of automatic update systems closes the window on known vulnerabilities much quicker today than 10 years ago. (Software manufacturers still distribute applications and OSes with bugs!)
Your other comment is correct too. Around 10-15 years ago, we began to see the segmentation of the market around software vulnerabilities. It used to be that a lone hacker would discover a vulnerability, craft a worm or virus based on it, and then cause some kind of disruption with it. This was a very vertical market. Then cybercriminals realized that this was a missed opportunity. They might not have the sophistication to discover vulnerabilities or craft a virus, but they knew how to monetize the use of a worm or virus. Black markets arose buying discovered vulnerabilities and the skills of black hackers to code a virus or worm. Now, you can buy access to loads of zombie machines. No longer is the hacker that discovered the vulnerability wanting attention from the end users because they’re getting lots of attention from those interested in buying their skills. There’s a whole market out there that’s not looking for attention from the end user because they’re quietly stealing your compute cycles, network bandwidth, and maybe your personal information. You might want to be more careful browsing the Internet.