Home 12 Things You (Probably) Didn’t Know About Online Security

12 Things You (Probably) Didn’t Know About Online Security

At the RSA Conference in San Francisco last week, I got the chance to sit down with Stephen Cobb, a distinguished security researcher for the IT security company ESET. We talked about a lot of things, including Android security issues and how walled gardens have their uses.

(See also In The Security World, Android Is The New Windows.)

It was a great conversation, touching on a wide variety of fascinating aspects of online and mobile security, and I wanted to share as many of them as possible.

This list seemed like the best way to do that. And while not every one of the dirty-dozen points presented here may surprise you, I can pretty much guarantee that few people will already know – or agree with – everything on the list:

1. Big Data is not new to the anti-virus industry. Turns out the anti-virus companies have been doing traffic analysis, incident sharing and code sharing for decades, Cobb claims. They just didn’t call it Big Data until the term become fashionable.

2. Anti-virus companies have been practicing co-opetition since the 1980s, when they realized there was no percentage in one company being able to stop one virus while you needed another company to stop a different virus. They quietly began sharing virus signatures and other information, Cobb says.

3. All the major Web browsers share information on malware sites and other threats. Chrome, Internet Explorer, Firefox and the others all share which URLs to flag, for example. That’s why when NBC.com was hacked recently and started spewing malware, everybody was able to block it almost immediately.

4. One of the hardest parts of securing Big Data is knowing where the data is actually stored. In the old days, when data was collected and stored, it didn’t really move much. Now, in the cloud, Cobbs says we don’t really know where data is stored. Malware creators are intent on exploiting that, but what form that will take remains to be seen.

5. One reason more high-value targets haven’t been hacked is that there is still so much low-hanging fruit for the bad guys to go after. According to Cobb, so far, there hasn’t been much need to try and crack the hardest targets.

6. Most attacks take the form of malware or hacking. Of the hacking attacks, Cobb says, 80% go after passwords that are either non-existent, guessed or stolen.

7. Anti-virus hasn’t been about matching virus signatures for years. Some people say the anti-virus model doesn’t work because so much new malware is coming out all the time that anti-virus solutions can’t possibly keep up. But Cobb protests that most anti-virus software is continually detecting previously unseen malware.

8. People who know what they’re doing on the Internet might be able to get by with no anti-virus software. But Cobb says people are fooling themselves when they claim: “I don’t run anti-virus software and I’ve never been hacked.” “Are you really OK telling everyone you know – your mom, for instance – not to run anti-virus software?” he asks.

9. There’s still an incredible amount of spam out there. You don’t see it, but it’s still there. It’s using a a huge amount of datacenter power to block it, but it’s built into the network security appliance and you don’t have to deal with it.

10. The overall trend is for increasing levels of security to be compressed into the core, to become part of a standard install. That’s happened to anti-spam, to firewalls and it’s happening to anti-virus, too.

11. It’s a lot harder to write 64-bit malware than it is to write 32-bit malware. And that could help lower the number of attacks on 64-bit systems.

12. In many ways, hacking behavior seems to have gotten better over the years – at least in the United States, Cobb says. But we are now increasingly exposed to other, more dangerous places. The globalization of the Net has caught up with us even as the value of hacking has one way up. Today, hackers aren’t just messing with us, Cobb notes, they’re stealing from us. And that’s a big new incentive.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.