Walled gardens, open systems and people on the agenda at RSA

THE RSA EXPO security conference might not have been as exhaustively hellish as the Mobile World Congress in Barcelona, but it did see its share of interesting news.

Although some firms chose not to turn up, HBGary for a conspicuous example, others did and were vocal about their news and views on the security landscape.

Apple was applauded, well, nodded at, for turning something that could be seen as a disadvantage into a security benefit. According to Stephen Trilling, SVP of security technology and response at the insecurity firm Symantec, it is the Apple closed system that has kept its apps secure and its users happy.

"A lot of people would argue that what hurt Apple 30 years ago, being so closed to most software, is helping the company now," he said. "The Iphone is a very locked down system and now that's helping as applications are limited in what they can do on the platform."

However, other experts added that unless Apple starts to open up its doors to third parties it could find itself in a situation where it will be unable to sort out a security problem itself and unable to turn to others for support.

"I think we will see a mass outbreak in the coming years. If that happens Apple might open up to us", said Nikolay Grebennikov, CTO at Kaspersky Labs.

Bruce Schneier, security expert and chief security officer at BT, said the free market model is equally challenged and complained that it had done very little to drive investment in security, because of the perception that the effort is not worth it.

"There's a delta where a market economy won't get to. There is more security needed than the market will provide. If the risk is more than the value of your company, there's no incentive to fix the problem," he said.

Other commentators, including Michael Chertoff, former US Secretary of the Department of Homeland Security, agreed.

Businesses are one thing though, and according to others in attendance, individuals need the most protection as the most advanced malware attacks are aimed at them, and not at computer networks.

Experts in attendance said that the three most advanced attacks seen in 2010, Operation Aurora, Night Dragon and Ghostnet, were aimed squarely at people, not premises.

Uri Rivner, head of new technologies at RSA, explained, "Attackers traditionally attacked the network. They went for the infrastructure. Now malware writers don't bother with the network, they go after the employee... After they find a specific employee for entry, they can search the network for someone with the access privileges they need."

Rivner warned that some of the worst of these malware attacks, for example, Zeus, can strip banking details, and he suggested that hackers are storing up huge amounts of data with a view to exploiting it at some later time.

"WikiLeaks is nothing compared to ZeusiLeaks," he added. µ