Government recycles 2009 Symantec Threat Report as strategic defence review cyberjustification

Responding to the challenge I placed in my last post, Simon Waters directed my attention to the Symantec Global Internet Security Threat Report trends for 2009. I think he's nailed it. You'll recall that Home Secretary Theresa May was...

Share

Responding to the challenge I placed in my last post, Simon Waters directed my attention to the Symantec Global Internet Security Threat Report trends for 2009. I think he's nailed it.

You'll recall that Home Secretary Theresa May was interviewed on the Radio 4 Today programme and stated:

You just have to look at some of the figures, in fact over 50%, just about 51% of the malicious software threats that have been ever identified, were identified in 2009.

Now compare this with the report, page 47:

In 2009, Symantec created 2,895,802 new malicious code signatures (figure 10). This is a 71 percent increase over 2008, when 1,691,323 new malicious code signatures were added. Although the percentage increase in signatures added is less than the 139 percent increase from 2007 to 2008, the overall number of malicious code signatures by the end of 2009 grew to 5,724,106. This means that of all the malicious code signatures created by Symantec, 51 percent of that total was created in 2009. This is slightly less than 2008, when approximately 60 percent of all signatures at the time were created.

I don't want to overanalyse this, so I'll just state a few thoughts for consideration:

1) A database of malicious code signatures is not a 1-to-1 mapping with the number of "software threats" out there on the internet. A closer analogy would be the number of mugshots in a criminal database - you can expand the database enormously by taking lots of photographs of a smaller, if probably still growing, band of criminals. You take dozens of mugshots per criminal, so a vastly larger database does not mean vastly more criminality.

2) "Software threats" are people, and/or active exploitation mechanisms that are created by people. There are not 5,724,106 evil hackers in the world - more people than are in either of Denmark or Slovakia. Because "software threats" are not people there is no need to consider whether they will invade you; when organising your defence you instead should look to the health of your installed base of computer hardware and software, and consider how resistant it and its users are against any threats they might encounter. Think "vaccinating your children" and "strong autoimmune response", not "James Bond" or "Operation Desert Storm".

3) If the Government are arguing along these lines, it's clear that Windows is the primary target under consideration for policy and spending - there are no mentions of Unix, Linux, Android, or iPhone in the Symantec report. Apple is only mentioned in respect of the Safari browser, which also runs on Windows. Considering this strategic focus and looking at Britain's current deployment of Windows platforms, I propose an alternative cybersecurity strategy of splitting the GCHQ funding with the NHS, and making Symantec's Norton Anti-Virus available on prescription.

Wouldn't that make us all much safer?

Promoted