I could completely fall on my face with this attempt and make a fool of myself - but my aim is to make some specific predictions of what will occur in 2009 which I will revisit next year.. so here goes:

1. More 0-day attacks

This year, overall for me personally 0-day’s have not overall ever really caught on inside the large organisation I work for (that is our specific countermeasures have worked). That said 0-days for which there is no patch available at time of real exploit do appear to be increasing greatly… and I can see this continuing - Only today there has been a 0-day exploit for IE for example.

2. First Mac Viruses and Spyware will start to appear

This may well be a contentious one - I know the underlying security of OS X due to it being BSD based is better than the Microsoft world. I’m also not talking about the viruses/spyware to date, which mainly relies on browser flaws. I’m talking botnets/spam engines. However the numbers as Steve Jobs puts it speak for themselves. With Apple seemingly having a 21% US market share if the linked article is to be believed, I cannot seriously see hackers and the Spyware writers will ignore this amount of “sitting” duck targets. After all, how many Mac users do you know that run AV?

3. AV vendors will continue to move away from the “signature” mentality.

With the amount of viruses being released on a daily basis, and the amount of signatures therefore that result, AV vendors will start concentrating more on behaviour analysis than the traditional signature analysis, and combine the approaches. Some AV companies are already going down this path I admit,so this is quite an easy prediction - but I think all will start to adopt sandboxing and similar techniques in order to prevent 0-day attack.