Interview With Ed Skoudis 2006

ES: That's not entirely true. While the base engine of Nessus will be closed source, it will still be free. Of course, the latest and greatest functionality will be folded into the commercial solution from Tenable for paying customers, but we'll still have a vital (and free) Nessus world for quite some time, I believe. How this world will evolve is going to be interesting. Will developers use the closed-source Nessus engine for continued development of plug-ins, or will they use a fork of the last open source Nessus engine for their future refinements? The jury is still out, but I'll bet that one of the open source forks of the engine will become dominant, while other shards of Nessus continue to percolate for years.

As for my thoughts on whether Tenable should have done this or not, that's their call, not mine. In a free market, they have the rights to their intellectual property, and if they want to take all their marbles off the table, that's their prerogative. I do understand their frustration with the lack of contributions to the open-source engine over the years, as well as their desire to make some money for all the hard work they've done. But, at the same time, it did cause damage to the Nessus legacy, and makes it harder for us all to get quality, low-cost tools. I'd have rather seen them not go closed source in the end, but respect their freedom in doing so.

Open source security tools are viable in the enterprise. The Snort IDS, Swatch log analysis tool, Nmap port scanner, and uncountable others (to say nothing of the Linux kernel!) are used by all manner of enterprises, and will continue to be. Open source is here to stay, and enterprises have gotten increasingly used to relying on such software even in their security operations. I'm quite happy about that.

TB: In the past couple of years, there has apparently been an increasing trend from 'script-kiddie' malware to professionally developed threats developed in conjunction with organized crime. What impact do you think this has had on malware?

ES: This is the single biggest trend fueling the explosive growth in malicious code- the profit motive. You can ask anyone in law enforcement and they'll tell you: When bad guys figure out a safe, reliable, and repeatable method for making money from a given crime, we'll see a lot more of that crime. And that's what we've got with malicious code associated with spam, over-aggressive web advertising, phishing, money laundering, and identity theft. The bad guys can get rich indeed from these activities, and, if they operate overseas, the chance of going to jail is almost nil. It's really kind of sad.

But all that cash being funneled into malicious code by organized crime is forcing innovation by the bad guys, making them stealthier, more pervasive, and more targeted all at the same time.

TB: What can home Internet users do to protect themselves from such threats?

ES: Keep your system patched. No, really. Remember, I said earlier that although many organizations have done well with the patching problem, consumers haven't gotten their issues resolved yet. If you aren't a computer genius or don't have time to follow patches, use the auto-update feature of your operating system. And, when your operating system tells you that it has critical patches to install and needs to reboot to apply them, don't just think, "I'll surf a few more websites and then reboot." You could be asking for trouble if those sites are hosting evil content that can exploit your box. So, patch, and treat an unpatched system as a grave threat.

Next, get personal firewall, anti-virus, and anti-spyware software installed on your machine. There are several good tools out there, but note that you need one of each. Your personal firewall is not going to be very robust against the various kinds of viruses or spyware, so make sure you are firing on all three cylinders here.