April 9, 2009 By Casey Mayville
Photo: Melih Abdulhayoglu, security expert and CEO of Comodo security
Over the past week or so, the Conficker worm has raised more than a few security questions. When will it appear? What will it do? How do you protect against it?
A new breed of virus, Conficker seemingly has the ability to infect computers by simply inhabiting a Web site or turning up in an e-mail inbox. Users were instructed to install an emergency patch released by Microsoft which would prevent the virus from exploiting the buffer overflow vulnerability.
But this new worm has brought the issue of how we deal with security to the forefront. Must we always have to come up with patches, fixes and other forms of reactive security to keep our computers safe? In a recent interview with security expert and Comodo security CEO, Melih Abdulhayoglu, an alternative form of security was brought to light: default-deny based systems. And although this white-listing form of security is not a new concept, recent security breaches and the rising number of identity theft cases force us to re-think the way we fight cyber-terrorism. Abdulhayoglu offers a possible solution to these growing security issues.
The Internet has changed the way we communicate, the way we do our jobs and, essentially, the way we live our lives. With so much of our personal and financial information online, security should be a top priority. And seeing as how in 2008, the revenue from Internet crimes surpassed revenue from drug trafficking crimes, it is evident that a very lucrative living can be made stealing this information.
Abdulhayoglu said we need to change the way we fight the war on Internet crime. "In the first World War, we fought war from the trenches. Today we have fighter jets dropping bombs. The way we engage in war in the physical world has evolved. In the online world, we are still fighting the malware war from the trenches. The way we fight the war needs to change."
He said the way to do this is by adopting a default-deny based system on a large scale. This multi-layered approach to security would almost completely eliminate the need for anti-virus software and never-ending security patches and fixes.
"Think about a house. Your first layer of security is a door, which is the prevention layer," said Abdulhayoglu. "Using the current default-allow system, anyone gets to come through the door unless they are on the 'black-list.' This is ineffective because new malware is popping up everyday and will not be identified (or put on the black-list) until it has caused damage. Using the default-deny system, no one gets to come through that door unless they are on the 'white-list'," he continued.
"The second layer of security is the burglar alarm, which is the detection layer. Most anti-virus systems have this layer of security, but will only ring the alarm if the burglar is one it recognizes. If it is a new burglar in town, he can go ahead and come right it," said Abdulhayoglu. "But combined with the prevention layer, detection is useful as a back-up tool."
"The last layer of security is the homeowner's insurance, or a patch or fix, which is the cure if all else fails," Abdulhayoglu said. "That is an example of a default-deny based security system. All we're doing is putting some doors in place and saying we'll only open those doors if [applications] are legitimate."
Abdulhayoglu claims that the inconveniences with the default-deny based system are minimal in exchange for increased security. The white-list database Comodo uses contains millions of approved Web sites and applications. If the Web site or application that is trying to be accessed is unknown, a dialog box