BANGALORE, INDIA: End point security firm Symantec today came out with mid-year review of its own security threat predictions for 2010. According to the mid yearly report most of predictions it made for 2010 is on track.

Here is how:

Prediction 1: Antivirus is Not Enough

The prediction: With the rise of polymorphic threats and the explosion of unique malware variants in 2009, the industry is quickly realizing that traditional approaches to antivirus, both file signatures and heuristic/behavioral capabilities, are not enough to protect against today’s threats. We have reached an inflection point where new malicious programs are actually being created at a higher rate than good programs. As such, we have also reached a point where it no longer makes sense to focus solely on analyzing malware. Instead, approaches to security that look to ways to include all software files, such as reputation-based security, will become key in 2010.

Reasoning: Unfortunately, the bad guys have proven us correct here. Symantec created 2,895,802 new malicious code signatures last year alone. This was a 71 percent increase over 2008 and a number representing more than half of all malicious code signatures ever created by Symantec. Furthermore, Symantec identified more than 240 million distinct new malicious programs, a 100 percent increase over 2008. We are on track to continue this upward trend in 2010. In just the first half of the year, we have created 1.8 million new malicious code signatures and identified more than 124 million distinct new malicious program

Status: Prediction on Track

Also read: RIM to address India's security concerns

Prediction 2: Social Engineering as the Primary Attack Vector

The prediction: More and more, attackers are going directly after the end user and attempting to trick them into downloading malware or divulging sensitive information under the auspice that they are doing something perfectly innocent. Social engineering’s popularity is at least in part spurred by the fact that what operating system and Web browser rests on a user’s computer is largely irrelevant, as it is the actual user being targeted, not necessarily vulnerabilities on the machine. Social engineering is already one of the primary attack vectors being used today, and Symantec estimates that the number of attempted attacks using social engineering techniques is sure to increase in 2010.

Also read: Top storage trends

Reasoning: OK, so we didn’t exactly go out on a limb here. Social engineering is likely the world’s second oldest profession and its exploitation in the digital world was nothing unexpected.

However, we have seen its effectiveness improve even further thanks to Web 2.0. With so many computer users enraptured in a love affair with social networking, we have become accustomed to receiving emails announcing so-and-so would like to be our .friend. or is now .following. us. Attackers are taking advantage of this and are devising ever-more creative and convincing tricks to get users to download malware or divulge sensitive information.

Status: Prediction on track

Prediction 3-Rogue Security Software Vendors Escalate Their Efforts

The prediction: In 2010, expect to see the propagators of rogue security software scams take their efforts to the next level, even by hijacking users’ computers, rendering them useless and holding them for ransom. A less drastic next step, however, would be software that is not explicitly malicious, but dubious at best. For example, Symantec has already observed some rogue antivirus vendors selling rebranded copies of free third-party antivirus software as their own offerings.

In these cases, users are technically getting the antivirus software that they pay for, but the reality is that this same software can actually be downloaded for free elsewhere.

Reasoning: Rogue security software is still one of the biggest issues facing the security industry and consumers alike, but we have not yet seen peddlers of such nefarious applications go as far as making ransom requests to free locked down computers a regular practice. That does not mean, however, that we have not seen the bad guys expand their repertoire. For example, Symantec recently investigated a company, Online PC Doctors, which is cold calling computer users with a live telephone agent in an attempt to persuade them that their computer is .infected.

Status: Prediction mostly on track

4-Social Networking Third-Party Applications Will be the Target of Fraud

The prediction: With the popularity of social networking sites poised for another year of unprecedented growth, expect to see fraud being leveraged against site users to grow. In the same vein, expect owners of these sites to create more proactive measures to address these threats. As this occurs, and as these sites more readily provide third-party developer access to their APIs, attackers will likely turn to vulnerabilities in third-party applications for users’ social networking accounts, just as we have seen attackers leverage browser plug-ins more as Web browsers themslves become more secure.

Reasoning: This is difficult to track directly, but anecdotal feedback and analysis of URLs from Symantec Hosted Services’ Web Security Service both suggest that social networking sites are triggering more blocks in 2010 for malicious content than they did in 2009. On average in 2009, one in 451 Web Security Service blocks related to a social networking site. However, in 2010 this number rose to one in just 301.

Status: Prediction mostly on track

5-Windows 7 Will Come into the Cross-Hairs of Attackers

The prediction: Microsoft has already released the first security patches for the new operating system.As long as humans are programming computer code, flaws will be introduced, no matter how thorough pre-release testing is, and the more complex the code, the more likely that undiscovered vulnerabilities exist. Microsoft’s new operating system is no exception, and as Windows 7 hits the pavement and gains traction in 2010, attackers will undoubtedly find ways to exploit its users.

Reasoning: Thus far, we’ve been pleasantly surprised to have seen only one major attack leveraging a vulnerability in Windows 7, though it should be noted that this vulnerability was also present in all of Microsoft’s supported operating systems. The attack involved a piece of malware known as Stuxnet. It exploited a vulnerability in the way Windows handles shortcut links. Stuxnet was limited in distribution, but it was high-profile because it was the first known piece of malware specifically targeting SCADA systems.

Status: Prediction still possible