security by obscurity

on April 22, 2005

In an older, but very good article, Bruce Schneier comments on a slightly new breed of worm. Rather than focusing on infecting the common denominator (vulnerable MS Windows or other very popular software), the Witty worm infected a very small set of specific software: BlackICE and RealSecure:

Twelve thousand machines was the entire vulnerable and exposed population, and Witty infected them all — worldwide — in 45 minutes. It’s the first worm that quickly corrupted a small population. Previous worms targeting small populations such as Scalper and Slapper were glacially slow.

Even nastier is that this virus was destructive, deleting random chunks of data. This has interesting ramifications for the idea of security by obscurity. Many users of alternative operating systems like Mac OS X or Linux enjoy a large measure of security, owed largely due to the fact that they are not widely used. Virus/worm-writers don’t focus their attention on infecting these hosts. But worms like this indicate a shift in strategy — that perhaps relying on something obscure or unpopular for security is not as effective.

Some users even tout their security advantages with a rather grandiose utopian delusion of permanency. It won’t last forever. Mac OS X and GNU/Linux continue to gain market share on the desktop, but the true mark of their success, unfortunately, will likely come in the form of the first widespread malicious software.