To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/security/0,39024655,39126666,00.htm

Opinion: A bad case of worms
Is online security a hopeless cause?

By Simon Moores

Published: Tuesday 21 December 2004

With phishing scams, viruses, worms and hacker attacks on the rise, Simon Moores looks at what can be done to make the internet a safe place to communicate and do business.

I'm annoyed. Over the past weeks, I've been receiving a constant flow W32-Sober virus attacks, ostensibly from the server of an international hotel chain based in Germany.

After several tries, I managed to reach to the head of IT at the hotel and speak to him about the virus attack problems I am having. They are aware of the issue and believe someone has hijacked their domain to spread viruses. It's a huge problem for them and they don't know what to do about it other than respond to angry customers.

Along with angry customers, the damage to brand and reputation remains a concern.

This month, I chaired the first e-Crime Solutions seminar in London. It's a spin-off series from the annual e-Crime Congress and is supported by the National Hi-Tech Crime Unit. If I'm honest, the content gave us very few reasons to be cheerful about 2005. As the police work overtime to identify and convict the people responsible for a growing barrage of internet fraud, extortion and vandalism, for every one suspect arrested, here or abroad, another two appear to be ready and willing to step in and take their place.

To illustrate this growing enthusiasm for online fraud, the Anti-Phishing Working Group reported there were 6,597 new, unique phishing email messages in October 2004, compared to 2,158 such messages in August. According to Gartner, the financial services industry is now feeling the pain. In the year to April 2004 phishing scams cost banks and credit card companies £5.4bn and I would expect this might double by the time the next set of figures are released.

Of increasing concern to businesses are signs of a growing loss of confidence in the internet as a safe transactional medium. Tens of thousands of people may be using the web, as I do, quite safely and happily. But at Christmas thousands more rush out to stores to buy what has become just another home entertainment commodity - the personal computer - and many of them have every reason to worry over plugging in a broadband connection.

A recent series of tests showed that a broadband PC with Windows XP SP1 was compromised in less than four minutes with an average of 341 attacks per hour. Put Windows XP SP2 with a ZoneAlarm firewall on a system and this drops to an average of two break-in attempts per hour, so best upgrade as quickly as possible.

From personal experience, home PC users appear to fall into two categories: those like my father-in-law, who is so worried by the possibility of fraud that he's not going to risk connecting his brand new Hewlett-Packard system to the internet; and those, like my immediate friends, teachers and other professional people, whose machines are so riddled with malware (frequently caused by their teenage children) they have no real idea of what they can do, other than take them to a local dealer who has a healthy business cleaning up the damage.

In February, we will see the launch of Project Endurance, an initiative that brings the UK government, banks, business and industry together in an attempt to educate and inform the consumer on the dangers of life on the broadband superhighway and how best to avoid being infected by a virus or having one's computer turned-into a zombie. Endurance should be welcomed but the very scale of the problem now means that it's two years too late.

Two years ago, I warned government that as many as five per cent of the UK's broadband-connected PCs might be compromised and today I believe the true figure may be well in excess of 10 per cent.

How do you convince millions of people to run the latest antivirus checker on their computers and put a firewall between their computer and the internet?

I don't know but over the past weeks, I've been begging an old friend to check her PC because I'm being battered by regular virus attacks which I suspect are coming from her machine. Last night she responded: "I'm really busy at the moment; no wonder my PC is not working properly. I'm getting all kinds of strange messages and cannot open WWW pages. Next year I'll take care of all!"

If I can't name one friend working outside IT who has a properly working and secure PC, then 2005 may well become the year that many people decide the risks of an online existence are now greater than the benefits. What do you think?