Be afraid...be very afraid
Cleaning up a recent spyware infection for a friend highlighted to me what will probably be the major technology issue for 2006. He had spyware on his fully updated and secured computer that would simply not be detected by the usual software - Norton/MS Anti-spyware etc. Worse; this spyware loaded itself automatically from a compromised web site. The only way I could remove it was to scan the few dedicated anti-spyware bloggers and use a removal tool that a hacker put together.
It turns out that the vulnerabity was in Internet Explorer and known about since May and Microsoft did nothing about it until well after viruses using this hole had infected thousands of computers.
Now it turns out there is another even more dangerous flaw in Windows. According to Eric Sites, VP of Research & Development at Sunbelt Software:
Until Microsoft releases a patch for this .. bug surfing the web, reading your email, and chatting via IM is like playing Russian Roulette with your computer.
Now lets look at this in context.
In 2003 Microsoft vowed to sort out the security once and for all. They spent upwards of $200 million on developing and promoting security of Windows to restore a reputaiton that was badly destroyed after a series of high-profile virus attacks. We (the computer users), forked up to $4 billion on Anti-Virus software last year.
Yet after all this money is spent... it took Microsoft 6 months to issue a patch for Windows. And one month after viruses started spreading, none of the major Anti-Virus/Spyware companies had a removal tool. Someone is being taken for a ride. If ever there was an argument for open-sourcing the operating system, here it is.
Now a new threat appears. It is the hybrid of Spyware, Viruses and Phishing. Simply put, there is no money in writing plain viruses - but Spyware is a billion dollar industry. And it will come flying your way on a host that still too big and vulnerable to keep up. Be afraid - be very afraid.