Sometimes it helps to take the long view of security When I started writing this column nearly two years ago, the first thing I did was to warn that the problems of worms, viruses, and other malware were going to get a lot worse very soon. I was almost right. Worms and spyware (which I didn’t mention at the time) are orders of magnitude worse then they were in the first days of 2003. The virus problem seems to pale in comparison. A new problem, phishing, has appeared. And of course, spam has reached the point where it’s the majority of all e-mail.In those days, it was clear that worms would be come a real threat, and they have. In fact, the threat became so bad that Microsoft had to respond with a major new upgrade to Windows much sooner than the company had originally planned. Companies everywhere, in the meantime, must spend their IT dollars just keeping these problems at bay. Worse, there’s no clear end in sight.But at least there are hopeful signs. Major ISPs now automatically scan for worms and viruses sent to their customers. Anti-virus programs scan for them as well. Likewise, major ISPs are short-circuiting spam before it ever gets delivered. Companies are doing the same thing, sparing employees from the productivity-sapping need to unclog their mailboxes. While it’s unlikely that such steps alone will eliminate spam or worms, it at least gives users of such services some breathing room. Even better, if enough providers and enterprises attack the problem, it may make spamming, at least, less profitable. Worms, unfortunately, don’t seem to be related to a profit motive.Phishing is the next big threat to the enterprise, both because it can be effective at compromising security, and because it removes e-mail as an effective means of contacting customers about business. Unfortunately, there don’t seem to be a lot of automated anti-phishing tools available right now, which means that all you can do is train your employees how to spot a phishing attempt and what to do about it.What’s frustrating is that in nearly two years, so little has changed. Although viruses seem to be going away, I suspect it’s only because the virus writers would rather write worms. Meanwhile, phishing schemes and spyware add new threats we didn’t think much about until recently. Unfortunately, even if you do everything right, you can’t always stay ahead. But that doesn’t mean you should abandon hope. If you play close attention to the basics, you can stay on top of the flood of bad stuff. Yes, it means that you must spend too much time with patch management, you must keep a constant eye on vulnerabilities, and you must work without end to keep your users trained. But you should be doing that anyway, right?As you may have gathered from the nature of this column, this is my last column for InfoWorld. P.J. Connolly will get this space back starting next week, and he will share his unique and always interesting thoughts with you. I’m already looking forward to his first column, in which, he tells me, he disagrees with something I said.Before I go, I must say thanks. First, I want to thank my editor, Stephanie Sanborn, who put up with me for all this time. For Stephanie, the ultimate praise: I’m a better writer because of her efforts. Second, I want to thank you, my readers. While I’ve been writing to you, I’ve had praise and brickbats, interesting comments and silly ones. But you never let me forget that in the end, I’m writing for you. Good-bye, and thanks for reading. Perhaps our paths will cross again some day. SecurityMalware