[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] Warum die Vielfalt der Cyber-Warnsysteme wichtig ist
...erklärt hier Robert Vamosi, dessen Ausgangspunkt das Homeland
Security Advisory System von Tom Ridge ist (vgl.
Hauptargument: Die Natur der Gefahren und Verwundbarkeiten ist zu
komplex, als dass eine übergreifende Warnstufe sie alle beschreiben
könnte. Ausserdem gibt es eine hilfreiche Konkurrenz der verschiedenen
privaten und (halb)staatlichen Warnsysteme.
Why one virus alert system won't fit all
By Robert Vamosi
April 17, 2002, 5:00 AM PT
When Homeland Security chief Tom Ridge unveiled the new Homeland
Security Advisory System, he added five new levels of alert--each
distinguished by its own color--to our already crowded color-coded
vocabulary. Ridge's plan is only the latest effort aimed at
standardizing warning systems in the security community these days.
There's even a semi-serious proposal afoot to have antivirus companies
conform to a standard warning scale.
I think that would be a huge mistake. There's strength in the diversity
of warning systems, if only because they allow dissenting opinions to be
heard on whether a particular threat is serious or not.
THE NUMBER OF different alert systems out there seems endless. The
military uses a 1-5 Defcon (DEFense CONdition) rating to show the status
of our armed forces. The country is usually placed on DefCon 1 or 2
alerts (the lowest levels). Computer-security companies use a variation
on this classic model. SecurityFocus, for example, now posts a daily
Internet 1-4 ThreatCon rank, and the SANS Institute's Incidents.org uses
a four-color monitor.
Perhaps the most comprehensive warning system online is GTOC from
Internet Security Services (ISS). It not only gives you an Altercon
warning (1-5), but also explains which vulnerabilities lead the company
to choose a particular warning level, and often provides links to vendor
patches (when available).
Antivirus vendors are all over the map when it comes to alerting the
public. Sophos, F-Secure, and Central Command do not use an alert scale.
More common, however, is the low, medium, and high rating system used by
McAfee, Trend Micro, and Norman. On the other hand, Symantec uses a 1-5
SO WHY SHOULDN'T we standardize these diverse rating systems? First off,
because it's very difficult to compare and rate separate threats for the
different segments of the online population. Code Red, for example,
affected Web servers, while SirCam was a classic e-mail worm that
affected home users. Then there's Nimda, which affected both Web servers
and home users. To a home user, Code Red should not be rated a high
alert, but to system administrators it should be.
More importantly, a unified scale would tuck all the diverse opinions
and views regarding what's serious and what's not into one neat package.
As most of us realize, the world of Internet vulnerabilities is not
Yes, it's time-consuming to visit several antivirus and security sites
to find out about the latest threats. But it also allows a variety of
opinions to be heard. For example, if only two antivirus companies
declare a worm to be on high alert, while everyone else thinks that worm
is a dud, you may realize you don't need to worry too much about the
TWO SITES I particularly like are created by security companies
MessageLabs and Trend Micro. MessageLabs's site tells you how many of
its customers have been infected with a given virus. For those who like
maps rather than graphs, Trend Micro offers a world map that shows where
in the world its customers are encountering viruses. It also lets you
view the top 10 viruses in the world, on any specific continent, within
any specific country.
Trend's top 10 list differs from MessageLabs' top 10, but by using these
sites together, you can get some idea where in the world a virus is
hitting--and where it is not.
I recommend signing up with several antivirus and security
companies--even those whose products you don't use--just to get a few
different perspectives. I also encourage these companies to continue to
offer competing, even contradictory information, and to not conform.
We're smart enough to figure it out for ourselves--really.
Do you favor a standardized rating system for viruses and other security
threats? Why or why not?TalkBack to me below.
Mail an infowar -
- infopeace -
de mit "unsubscribe" im Text.