The United States Computer Emergency Readiness Team (US-CERT) is a partnership between the Department of Homeland Security and the public and private sectors. Established in 2003 to protect the nation's Internet infrastructure, US-CERT coordinates defense against and responses to cyber attacks across the nation.
US-CERT is the operational arm of the National Cyber Security Division and is charged with improving computer security preparedness and response to cyber attacks in the United States. US-CERT is responsible for
- analyzing and reducing cyber threats and vulnerabilities
- disseminating cyber threat warning information
- coordinating incident response activities
The CAN-SPAM Act of 2003 (Controlling the Assault of Non-Solicited Pornography and Marketing Act) establishes requirements for those who send commercial email, spells out penalties for spammers and companies whose products are advertised in spam if they violate the law, and gives consumers the right to ask emailers to stop spamming them.
The law, which became effective January 1, 2004, covers email whose primary purpose is advertising or promoting a commercial product or service, including content on a Web site. A "transactional or relationship message" - email that facilitates an agreed-upon transaction or updates a customer in an existing business relationship - may not contain false or misleading routing information, but otherwise is exempt from most provisions of the CAN-SPAM Act. The Federal Trade Commission is charged with enforcing the act.
A major way of intercepting spam is to keep a list of known sources. If the law is strcitly obeyed, the anti-spam industry data bases would be more complete.
Spammers frequently use false names, addresses, phone numbers, and other contact information to set up "disposable" accounts at various Internet service providers. This would now be illegal. Some have criticized the act calling it the “You CAN SPAM Act” because in their view it legalize rather than bans spam.
The Anti-Phishing Working Group (APWG) founded in November 2003 is an industry association focused on eliminating the identity theft and fraud that result from the growing problem of phishing and email spoofing. The organization provides a forum to discuss phishing issues, define the scope of the phishing problem in terms of hard and soft costs, and share information and best practices for eliminating the problem. Membership is open to qualified financial institutions, online retailers, ISPs, the law enforcement community, and solutions providers. There are currently over 800 organizations participating in the APWG and more than 1200 members. APWG reports that there were 13,141 new, unique phishing email messages reported in February. The average monthly growth rate since July 2004 (2,625) is 26%. The number of phishing web sites supporting these attacks also held steady, rising 1.8% from 2578 to 2625 in the month of February. In January, the number of reported hijacked brands remained at 64.
The APWG and the Financial Services Technology Consortium (FSTC) have agreed to partner with each other to identify and evaluate solutions to phishing. The FSTC is a consortium of leading North American-based banks and other financial institutions that sponsors collaborative technology development.
In an effort to help law enforcement agencies identify and bring to justice those who illegally release damaging worms, viruses, and other types of malicious code on the Internet, Microsoft has created the Microsoft Antivirus Reward Program, initially funded with $5 million. Through this program, Microsoft will offer monetary rewards to persons who provide information that leads to the arrest and conviction of those responsible for launching malicious viruses and worms on the Internet. Both the Federal Bureau of Investigation and the Secret Service, in coordination with Interpol, will investigate leads that are provided through this program in order to identify and prosecute those responsible for such crimes that harm the private industry and the public.
The major goal of Windows XP Service Pack 2 from Microsoft is to reduce common openings for attack on the Windows operating system. It introduces a set of security technologies that will help improve Windows XP-based computers' ability to withstand malicious attacks from viruses and worms. The technologies include Network protection, Memory protection, Improved email security, and Safer browsing
Among other things an improved Windows Firewall is enabled by default. The Remote Procedure Call (RPC) has been made less vulnerable to outside attack and new permission levels have been added. The Distributed Component Object Model (DCOM) infrastructure has additional access control restrictions. On CPUs that support execution protection technology, data pages are marked as non-executable. A new version of Outlook Express can block images and other external content in HTML email, warn about applications trying to send email and control the saving and opening of attachments. Internet Explorer now manages add-ons and detects crashes due to add-ons, controls whether or not binary behaviors are allowed to run and so forth.
The Microsoft Windows Malicious Software Removal Tool checks computers running Windows XP, Windows 2000, and Windows Server 2003 for infections by specific, prevalent malicious software-including Blaster, Sasser, and Mydoom-and helps remove any infection found. When the detection and removal process is complete, the tool displays a report describing the outcome, including which, if any, malicious software was detected and removed.
Microsoft releases an updated version of this tool on the second Tuesday of each month. New versions are available through this Web page, Windows Update, and the Microsoft Download Center.
In December Microsoft acquired Giant Company Software, a small firm with technology that can scan a person's PC for spyware and remove it. In January MS launched Windows AntiSpyware (Beta), a security technology that helps protect Windows users from spyware and other potentially unwanted software. Participants in the SpyNet, a voluntary worldwide community of Windows AntiSpyware users, play a key role in determining which suspicious programs are classified as spyware.
Mircosoft has just announced a paid subscription-based computer fix-it service called OneCare, aimed at automatically patching security holes, blocking viruses and spyware, and generally automating the chores of maintaining a computer's health. The package will also include the Microsoft's spyware-fighting tools and a firewall that blocks unauthorized outbound traffic, such as spyware data, as well as the inbound traffic blocked by XP. The OneCare package also will offer automatic computer care tools such as disk defragging and file repair, and scheduled data backup features. The service will be launched in beta form to Microsoft employees in a week, and will be released to consumers in late summer or fall.
There is a multibillion dollar industry that provides anti-virus tools, intrusion protection, network security and so forth. Several of the leading vendors are described below.
Symantec was founded in 1982 and had its IPO on June 23, 1989. Symantec offers products for: Integrated security, Security management, Firewall/VPN, Intrusion detection, policy compliance management, virus protection/content filtering, and Enterprise administration and services in the areas of consulting, managed security, education and early warning. Over the years there have been many acquisitions including Peter Norton Computing, Inc (1990), IBM's antivirus business and immune system technology (1998 $20M), Intel's antivirus business and systems management technology (1998 $15.6M), Quarterdeck Corporation (1998 $83M) and ON Technology Acquisition (2004). As of March 31, 2004, Symantec employed approximately 5,300 people worldwide. The firm has a market cap of over $13B.