“The single biggest problem today is botnets”

Patric Runald

Patric Runald, Senior Security Specialist at the F-Secure response lab in the Asia-Pacific region, spoke to Dominic K about security threats on the OS front with an emphasis on mobile OS platforms

How vulnerable are the operating systems of servers, desktops, mobiles, etc?

On the PC end it is Windows. This is because they hold a major marketshare and probably the virus writers are also lazy! It is easier to target the most popular operating systems since you can attack a larger number of users who connect through it. On the mobile front it is Symbian.

On the server end we observed last month that 60 percent of the attacks were on Apache, the Linux-based web server. One reason behind this could be that a fair amount of its source code is easily available on the Internet.

I feel that a major reason behind all these attacks is social nature. If you think of Macintosh users, it is a small community when compared to Windows. Macintosh users typically love the Mac. They love other Mac users and would not harm the operating system they like. The same case applies a bit to Unix and Linux. Unix and Linux users and their open source community are very enthusiastic about the operating system they use.

However, Windows users usually just don’t care. They run Windows because it is pre-installed on their PC when they bought it, so they have no other option.

What is the state of mobile security at present?

The number of mobile phone users is increasing. The total number of mobile viruses until yesterday (May 9, 2006) is 203, so the threat is not that high in the mobile end when compared to PCs.

We are seeing signs of evolution in mobile phone viruses since they are much quicker when it comes to spreading than computer viruses. Earlier, mobile viruses used to spread quite slowly, but later they picked up speed.

Mobile malware such as viruses, worms and Trojans have become nuisances that smartphone users have to deal with on an increasing basis. Malware can cause unwanted billing, delete valuable information on the device, or make the phone unusable.

Is mobile security a bigger issue in Asia considering the high usage of technologies such as Bluetooth?

Mobile phone viruses and security issues are widespread as compared to Europe. Most of the viruses are spread through Bluetooth. To be hit Bluetooth should be turned on and the phone should be in a discoverable mode. This means that anyone can connect to you or try to connect to you.

Let me share my personal experience. I had Bluetooth turned on for about 18 months and I was hit just once in Europe. However in Singapore I was hit four times in just two months.

The first mobile viruses were actually found in the Philippines. China adds four million new subscribers every month, but India is catching up.

Is there any new technology to protect mobile and PC environments?

No. We are working on enhancing the current product features and security levels on anti-spam, anti-phishing and intrusion detecting-type systems. We plan to have built-in intrusion prevention systems and firewalls built into the mobile phone.

The way we plan to bring these products is through mobile phone operators and ISPs. We already have it on the Nokia Communicator series, and we are developing it for the Windows mobile.

According to you, which is the most serious security threat at present?

The single biggest problem we have today in the PC world is botnets. These are basically a network of infected machines controlled by a group of hackers or someone who controls the machines remotely.

Most of the new malware we see today in Windows are botnets. They can install software, adware and utilise your PC and bandwidth for DoS attacks by entering through the back door…it’s a big way to make money.

DDoS attacks are extremely difficult to deal with. The way F-Secure tries to handle things is through traffic monitoring and tie-ups with ISPs. Any machine that is detected as virus-infected will be quarantined until it is cleaned. We want the infected machine off the network until it is safe. The moment it is clean it will be able to surf without the ISP’s intervention.