Symantec CEO: Take new tack against Net attacks

John Thompson tells the Comdex crowd that they can tighten up security if they integrate their systems better--and advises them not to rely on Linux as a solution to virus problems.

Michael Kanellos
Michael Kanellos Staff Writer, CNET News.com
Michael Kanellos is editor at large at CNET News.com, where he covers hardware, research and development, start-ups and the tech industry overseas.
3 min read
LAS VEGAS--Better computer security can be achieved, but it is going to be a mammoth task, according to John Thompson, chief executive of Symantec.

The increasing number and sophistication of computer attacks requires that companies, businesspersons and consumers rethink their strategies for dealing with worms and other exploits, Thompson said during a keynote speech at Comdex here Wednesday. The focus on security needs to shift from cleaning up after a problem to anticipating potential problems, he said, with automated patch management and better coordination of software and hardware.

"Security needs to move beyond its niche focus," he said. "We need more integrated security technologies."

Otherwise, it will be impossible to keep up, Thompson claimed.

"More than 100 new viruses are identified every week--and 60 new software (problems) every week," he said. "We saw a 19 percent increase in attack activity in the first half" of 2003.

Special coverage
Comdex gets down to business
Complete News.com coverage of
the technology trade show.

Nastier types of bugs are also being developed all the time, he noted. In the relatively near future, the world will likely see the debut of damaging threats the industry is calling "Warhol" attacks, as they are likely to achieve fame by spreading across the Internet in 15 minutes. "Flash" threats might be able to blanket the Internet in 30 seconds.

"Day Zero" threats, which exploit previously unknown vulnerabilities, will hit without warning, the Symantec CEO added.

To further complicate things, the rise in attacks will occur in tandem with a growing need to simplify technology, he said. In Boston, for example, the Internet Home Alliance, a trade group dedicated to promoting the connected home, is running a pilot scheme that has 20 families living in fully Internet-enabled homes and reporting about their experiences. Such Web-connected appliances will have to be properly protected against hacker attacks.

"There may come a point where users look at technology as more of a liability," Thompson said, adding that the modern version of hell just might involve being "condemned to set up a home Wi-Fi network linking a number of PCs with a badly written manual and technology support, putting you on hold for eternity."

That security problems remain rife doesn't mean the topic isn't being taken seriously by the industry and its customers. The U.S. government is providing $30 million to the U.S. Office of Personal Management's Cyber Corps Scholarship For Service program, to encourage college students to go into the security technology field. In the program, students are given scholarships, but then have to work for the government for a limited time after graduation.

Corporations are also taking action to stem attacks, such as creating more homogeneous computing environments or taking part in initiatives such as the Network Admissions Control program to ban insecure mobile devices from corporate networks, announced Tuesday by Cisco Systems.

Thompson stated that a shift to Linux from Microsoft wouldn't be a sure way to avoid the kind of recent suffering caused by viruses that exploited holes in Microsoft code.

"If and when the Linux target set gets as rich as Microsoft's, I believe you will find more vulnerabilities than you do today."

Spam--for a fee
In his keynote, Thompson largely showed the confidence of someone who has delivered a lot of speeches, but he did show some fire when the follow-on discussion came to spam, or unsolicited junk e-mail. He hates the stuff--more specifically, he hates that network providers don't stop it.

The problem, he maintained, could be solved if carriers charged spammers for sending hundreds of thousands of e-mails or simply stopped carrying traffic from sites spouting a huge amount of e-mail.

"If you are going to send all of this crap over my network, damn right, you should pay for it," he said during a question-and-answer session after his speech. At least with junk mail, "you know someone had to put it together and send it."

Legislation won't be the answer, according to Thompson. "I don't think it is enforceable. How does the U.S. enforce spam? How does Virginia stop spam? It is illogical," he said.