Singapore Offers Safest Networks in Asia

A low broadband growth rate coupled with a lower level of pirated software use compared to the rest of the region appear to be key factors behind Singapore's positive showing in a recently released Internet security threat report, which covered the first six months of this year.

Carried out by security software provider Symantec Inc., the Symantec Asia Pacific and Japan Internet Security Threat Report provides a six-month update of Internet threat activity within the Asia Pacific and Japan (APJ) region. Countries surveyed were Australia, China, Japan, Malaysia, Philippines, Singapore, South Korea, Taiwan, Thailand and Vietnam. The report includes analysis of network-based attacks, a review of known vulnerabilities, and highlights of malicious code.

The report ranked Singapore seventh out of 10 for malicious bot-infected countries across APJ, accounting for 1 per cent of the total number of bot-infected computers in the region. China topped the charts with 78 per cent of the total. Malicious bots are software applications that run automated tasks which can be used to commit fraudulent activity, such as spam and denial-of-service attacks on networked computers.

Darric Hor, general manager of Symantec Singapore, linked the difference in ranking between the two countries to the difference in maturity of their respective broadband markets.

"Singapore has a more mature broadband market, and therefore sees lower broadband penetration growth rates. Due to greater education efforts and user awareness, broadband users may also be more aware of security issues, such as bots, and may be more capable of adequately securing their computers against such threats. ISPs (Internet Service Providers) may also be catching up to security requirements and adopting a more active approach to tackling the problem of bot infections," Hor said.

Hor's statement was echoed by Willie Low, senior market analyst for research house IDC's Asia Pacific software research. "Higher broadband penetration does bring about a higher propensity for more bot infections. The high-speed and always-on nature of broadband Internet gives perpetrators a larger window of opportunity for infection, and the resulting botnet is more accessible and 'powerful'," said Low. "The high growth rate of broadband adoption in China means that many of these users are probably relatively new to the Internet--especially high-speed Internet. These users who have just jumped onto the broadband wagon may not know how to protect themselves sufficiently.

In comparison, the broadband users in Singapore may have been using broadband for a relatively longer period of time--more mature broadband market with lower growth rate--and are more aware of the need and mechanisms to protect themselves from Internet threats."

While port blocking for consumers was generally not practiced due to the "risk of adversely impacting legitimate traffic and inadvertently causing application failures," action had been taken in the past to perform blocking in the networks when it concerned rapidly spreading threats, local ISP SingNet said in an e-mail interview with Computerworld Singapore.

"We believe user education and empowering customers with the right protection tools is better than across-the-board heavy port restriction on Internet traffic," said Chang Wai Leong, director of consumer products (broadband and Internet), SingTel.

Another local ISP Starhub declined to go into detail but told Computerworld Singapore it had measures in place to minimize the spread of detected viruses. "Our network is designed to withstand a certain load from distributed denial-of-service attacks, and we have measures to minimize the impact of such an attack. Our Internet security measures are a combination of hardware and software implementation, as well as plain human skill sets. We also have comprehensive operational procedures in place to handle a wide range of incidents," said Lim Seow Thong, vice president, IP services, Starhub.

Lower Piracy Level

Yet another factor behind Singapore's positive showing in the Symantec report could be its lower level of software piracy compared to the rest of the region. A joint study conducted by the Business Software Alliance and research firm IDC which tracked piracy of all packaged software running on personal computers in the region for the year 2006 showed Singapore to have the fourth lowest rate of software piracy in the APJ region at 39 per cent, down from 43 per cent in 2003. This figure was significantly lower than China's score of 82 per cent and the regional average of 55 per cent.

"Singapore's declining piracy rate--39 per cent in 2006--would mean that more software packages are eligible for security patches and upgrades and that would decrease the vulnerability to bot infections, as compared to China's high piracy rate of 82 per cent in 2006," said Venu Reddy, senior consulting manager, IDC Asia/Pacific consulting research.

"Pirated software is often unable to receive updates and consequently may be more vulnerable to successful exploitation. Because many bots use these types of vulnerabilities to propagate, countries with higher piracy rates will likely have a higher percentage of bot infections compared to countries with lower piracy rates," said Hor.