McAfee Outlines Plan For Stemming Malware Deluge

This concept isn't new, but it's been given a new coat of relevance by McAfee, which in its Q2 2010 threat report claims to have collected 10 million new malware samples in the first half of the year, a rate of about 55,000 a day. Portable storage device threats, fake antivirus, social media related malware are leading the charge, along with AutoRun malware and password-stealing Trojans.

David Marcus, director of security research and communications for McAfee Labs, believes the key to solving the problem is for security experts, government and industry bodies to coordinate their efforts.

"We have to do better as an industry about sharing the right kinds of information," said Marcus. "It's not just malware files -- we have to start sharing more than just the file information, we also need to be able to attribute behavior to particular individuals and groups."

The shutdown in 2008 of the malware-friendly McColo and Atrivo ISPs is an example of what needs to happen on a more regular basis, Marcus said. However, agencies like ICANN are going to have to develop procedures for gathering evidence in a more timely manner, he said.

"ICANN finally delisted McColo and Atrivo, but the problem was they took so darn long to do it. We'd like to see that kind of shutdown behavior become institutionalized," Marcus said.

"There need to be serious coordination and discussion between government agencies, otherwise they're just going to be playing what-a-mole forever and they're never going to make progress," added Marcus.

One potential roadblock is that government agencies aren’t known for being adept at sharing information, although there are signs this could be changing with the Obama administration. "One great thing about the current administration is that it's tech savvy. The president takes cybersecurity very seriously," he said.

Security researchers will also play an important role in this information sharing. As the recent rekindling of the vulnerability disclosure debate has shown, researchers have divergent views on how much time vendors should be given to patch flaws in their products. Google says it should be 60 days, while HP's Zero Day Initiative recently laid down a six month deadline.

Microsoft, meanwhile, doesn't agree with drawing a line in the sand when it comes to fixing bugs because of the many variables involved in fixing vulnerabilities. It's a view Marcus shares, and one that's no doubt been shaped by the faulty antivirus update McAfee issued in April, which caused headaches for many customers.

"Giving vendors a specific time to patch is a little unrealistic. As a vendor, you have to conduct QA testing before you can address a vulnerability," said Marcus. "When you rush patches, you get bad patches, and when you have bad patches your security problems become much worse than they were before."