In the grand scheme, not much ever seems to improve in computer security. No matter how much we hone our security-defense strategies, how many firewalls we deploy, how many remote-buffer overflows we reduce, and how quickly we patch our OSes, IT systems keep getting hit by malicious hackers. If the computer security industry was to measure itself on the ultimate question of whether we're doing a better job of protecting computer users, the answer would be a definitive no.
But the tide is turning, at least for the time being. I've noticed one long-term trend that's improving: Local, national, and international law-enforcement groups alike are tracking down and arresting more malicious cyber criminals. And not just the stupid and lazy ones -- some big fish have been stopped or apprehended.
[ Download Roger Grimes's new "Data Loss Prevention Deep Dive" PDF expert guide today! | Master your security with InfoWorld's interactive Security iGuide. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. | Get a dose of daily computer security news by following Roger Grimes on Twitter. ]
It's taken 20 years to see this improvement. The wheels of justice turn slowly, but we are making forward progress. For example, after decades of absolute invincibility, spam rates are finally dropping. Starting with the infamous McColo takedown, private citizens and companies are enjoying great success with locating and shutting down prolific spam originators. Although Symantec says spam still accounts for 73 percent of all email, the rate frequently drops far lower -- in the 40th and 50th percentiles -- as different botnets are taken down. And 73 percent is still less than the 80 to 90 percent we've lived with for the past five years. A few years ago, we could never stop a single botnet. Today we can crush them.
Fake antivirus software is also on the decline. Brian Krebs -- who has done a fantastic job in covering and discovering links in some of the Russian cybercrime syndicates -- has stories that speak to that trend.
Another important trend in the fight against cybercrime: High-profile attackers are being arrested. The days of guaranteed impunity are over for the most flagrant criminals. I've recently spoken with a half-dozen apprehended cyber criminals. They all told me they couldn't believe they got caught. But each made one or more mistakes along the way, enough to enable the authorities to collect evidence, obtain subpoenas, and arrest the perpetrators. What's more, the little fish and big fish are turning against each other in order to minimize their jail sentences, just like crooks do in the noncyber world.
Several factors are driving these changes. Among them, today's police forces -- even local police -- often have computer crime divisions with trained forensics investigators, thanks in part to the fact that IT security experts (including myself) have been teaching them over the past decade. Many police departments also require their workforce to attend basic cybercrime education where they receive instruction in how to handle computer evidence, what to look for, what laws to use, and what not to do. They now have gobs of good forensic software and cordoned-off forensic networks with teams of trained people. This is a far cry from the many years when I was given the single phone number for the one overworked law enforcement officer guy who might listen to me.