Is computer security a goner?

Every week seems to bring the internet’s apocalypse a step closer. Denial of server attacks crush popular commercial sites. Pro-Osama bin Laden hackers try to assault Western web servers. Most recently, it was a computer virus.

The ‘Goner’ email virus arrives in an email message with the subject heading ‘Hi!’. The text reads: ‘How are you? When I saw this screen saver, I immediately thought about you. I am in a harry [sic], I promise you will love it!’

But recipients don’t love it. The Goner virus – actually called a ‘worm’ – searches for and deletes anti-virus and firewall protections – with users of Microsoft (MS) Outlook and the internet chat application ICQ finding that Goner then sends itself to anybody in their address book, spreading trouble worldwide in a matter of minutes.

If you don’t use MS programs, you are reasonably safe. Why? Not to slam tech-giant Microsoft – for better or worse, I’m a regular user – but most email worms and viruses single out Bill Gates’ applications. Their sheer size and complexity inevitably create dozens of security holes, and internet mischief-makers, who tend to demonise Gates, are only too happy to take advantage of his company’s pitfalls.

Similarly, the internet’s complexity renders it a system with an infinite number of security holes. President George W Bush’s special adviser on ‘cyber-security’, Richard Clarke, regularly sounds alarm bells about an impending ‘digital Pearl Harbor’. Nowadays, most viruses don’t require a talented hacker to produce them – there are many places on the net where an aspiring ‘script-kiddie’ (a derogatory term used by hackers to distinguish themselves from the untalented masses) can find programs to write and disperse the virus of his or her choice, all with a few key strokes.

But even if we heed Clarke’s warnings, what can we do? Rob Rosenberger, who dispels virus myths on Vmyths.com, put forward a sarcastic solution in response to the Code Red virus that hit the net in summer 2001: ‘Let’s just shut down the internet for safety reasons. Call it a failed experiment.’ (1)

Let’s face reality – no system can ever be truly secure. No matter how hard techno-geeks work to immunise our networks from harm, there will always be others who can find a way to break through. That doesn’t mean we should just give up and not try to protect our electronic selves. There is no sense making it easier for any malingering hacker to crash your computer.

But the evolution of technology and know-how in computer security is an ongoing race. We should do a better job of keeping our anti-virus and firewall protections running and up to date – and we need a more vigilant approach to our own responsibilities.

The Goner virus, like most, had to be activated by the recipient. The attached file, ‘goner.src’, had to be clicked on to launch the virus. People who received the previous week’s email baddie, ‘BadTrans’, had no such luck, as it was capable of launching itself without the user moving a muscle. But viruses like that are rare. While it is advisable to bulk up your anti-virus and firewall protections, the simplest and most effective safeguard available cannot be purchased, downloaded or installed, but it will save you a lot of online headaches. It’s called common sense.

Try it the next time you feel the urge to point and click.

Howard Fienberg is senior research analyst with the non-profit non-partisan think-tank the Statistical Assessment Service (STATS), in Washington, DC.

(1) See Vmyths.com