However, nothing can be done until the malware actually occurs. With all the different viruses, worms and Trojans, how can security managers possibly predict what malware will occur next? In contrast, a behavioral rule defines legitimate activity in a system. Any activity not matching the profile will cause the security product to be triggered. As rules are not specific to a particular type of attack, they can block malicious behavior without having to recognize the precise attack used. Thus, there is additional protection against new attacks as they emerge. It is to effectively prevent any unauthorized applications, including malicious code and Trojans. or, it could protect a webserver by making it impossible for anyone to access the webserver to change the files and limiting the risk of a hack (Franklin, 2002).
However, the dilemma comes how many rules should the system have? The security manager must decide between an effective security procedure and a low number of false alarms. Applying too many rules will keep the company from meeting its basic business objectives and becomes very difficult to maintain. However, not using enough rules allows the application to proceed unchecked and potential malicious intrusion. In addition, because computer systems are continually changing, rule and signature changes are necessary for each server with every system change. This makes the rules-based solutions not only inaccurate, but also impractical to use across the enterprise on production systems. If one makes a system more secure, it makes a system harder to use, and vice versa.
There is no easy answer to the...
Because of this, efforts must be taken at different levels. The states should continue to pass laws against computer crime. Companies need to find the balance between too many and not enough rules. They also have to continually educate their people who have their hands on a great deal of valuable information. As long as there are individuals who are willing to take unethical or illegal steps for personal gain, processes have to be in place to prevent them.
References Cited
Bowyer, K.W. (2003). "Living responsibly in a computerized world." Ethics and Computing. New York: IEEE press.
Control Guard. http://www.controlguard.com/index.asp
Franklin, I. (November 26, 2002) "Entercept Security Technologies: Rules or signatures?
The best method of prevention." Toolbox. Retrieved from website September 16,
2006. http://security.ittoolbox.com/documents/peer-publishing/rules-or-best-method-of-prevention-3212.
National Conference of State Legislators (July 13, 2006). "2006 State Legislation
Relating to Internet Spyware or Adware." Website retrieved September 15, 2006.
Smith, R.E. (September 7, 2006) "Laptop Hall of Shame" Forbes.com. Website Retrieved September 16, 2006.
http://www.forbes.com/columnists/2006/09/06/laptops-hall-of-shame-cx_res_0907laptops.html.
Viruslist. "Malware" Website retrieved September 16, 2006. http://www.virusbtn.com.
Wikipedia. (September 16, 2006) "Malware." Website retrieved September 17, 2006.
http://en.wikipedia.org/wiki/Malware
