It's a dangerous world, and it's only getting worse. By 2006, you can expect security threats to shift and grow. Johannes Ullrich, chief technology officer for the Internet Storm Center at the SANS Institute, expects the cat-and-mouse game between attackers and PC owners to continue, with next-generation hacks becoming more persistent and pernicious. Spyware, for example, will seed itself all over a victim's Windows Registry and hard disk, making it difficult for automated tools to pull out all the weeds. Ullrich also expects attacks to become more fault-tolerant. An attack could employ two or more programs that monitor each other to ensure that the infection is not rooted out of the system by antivirus software.
Spreading to Handhelds
This past summer, the first virus infecting Pocket PCs and cell phones emerged, including a variation that uses Bluetooth connections to jump among handsets. It is only the first salvo, says Ullrich, in a barrage that will target devices of all stripes. "Everything that uses an IP address will be a target," he warns.
Chip makers and OS writers are fighting back, trying to close one of the most exploited holes: the buffer overrun. Viruses often create overruns by flooding a PC with more code or data than expected, leaving the excess code in an unprotected space on that system where it can execute. So AMD's Athlon 64 processor includes an NX bit, which flags code for execution. Combined with an NX bit-aware OS--such as Windows XP with SP2--this feature sterilizes miscreant code that overflows programming boundaries by leaving it untagged. Desktops with this CPU enjoy the functionality today. But Ullrich worries that network routers and mobile devices will not provide buffer overrun protection for some time.