User education is very important but realisations need to be made that malware threats will evolve.
Juraj Malcho, head of the virus lab at ESET in Bratislava, claimed that keeping up to date with modern malware is very difficult as it takes time to work out what to do with specific malware, and that it is a problem that is growing.
Malcho said: “Everybody is talking about user education which is a must but in half a year that will be very different, it will work for a few months or years but people need to evolve themselves as the environment is changing.”
He went on to claim that despite the need for updates on education, it is a 'must' as people choose to use different systems and someone may respond to a phishing attack when caught unawares.
Malcho said: “For business users, education should be compulsory because if you are not educating employees you are risking the company. In a company you have an IT department so you might have to put restrictions on PCs and make sure systems are up to date, but you cannot rely on it if it is a home PC. Geeks know and will educate themselves, all those who need it don't really care.”
Another problem that Malcho detected was that of rogue anti-spyware. A company needs to both detect and white list threats, as well as dealing with customers who accidentally download the anti-spyware thinking it is legitimate software. “This is a problem every day for both analysts and the legal department," said Malcho.
He also warned of mass emails, as anyone collecting email addresses will find it easy to collect legitimate and working addresses, and in a large group there could be a compromised machine involved.