Wednesday, July 28, 2004

This Whole Virus Thing

It just seems as though it is getting too dangerous to turn on your computer. There are viruses everywhere.

My friends are somewhat typical, husband, wife, boy, girl and dog. They also have a lizard and some kind of furry rodent, but I don’t hold that against them. The husband is computer-phobic and never touches the darned thing, and the wife does most of the computing. The son gets on the computer occasionally, and the daughter rarely touches the thing.

They had been having repeated problems with viruses, and despite having a valid subscription to Norton Antivirus, their Windows 98 box was constantly going down with viruses, worms and the like.

So a few weeks ago, I took their computer away for a week, rescued what files I could, and wiped the hard drive, then upgraded them to Windows 2000, which I currently view as the best OS that Microsoft has developed in a long, long time.

I brought back their system on a Sunday afternoon, showed the wife how to get to her dial up connection, where the browser was located, and helped her long into the network and get to the bank’s account.

She assured me that all she used the computer for was electronic banking and for playing Bejeweled on MSN. I cautioned her about opening e-mail messages with attachments, and went on my merry way.

By Saturday, she called and complained the computer was very, very slow, that she couldn’t get anything done, and would I please either fix it or help them get a new system.

Now, this wasn’t a bad box, a 400 Mhz Pentium Gateway with enough memory and a reasonable hard drive, so I didn’t think it was hardware. I went to their house and picked up the system.

I only found 11 fresh viruses on the system, despite Norton’s (which one of the viruses disabled, along with the virus definition automatic updates). I ended up spending the better part of the weekend rooting out the viruses, getting Norton to work correctly, and cleaning out the spyware. All of this after a single week of use.

Then, later in the week, Google, Yahoo and a handful of other search engines are nearly shut down by an inadvertent denial-of-service attack caused by a variation of an earlier virus.

This stuff has simply got to stop, and it can’t always fall on the shoulders of the individual user -- who is often the least technically savvy component of the e-mail delivery system.

The first major step is that web mail providers, such as Hotmail and Yahoo and Eudoramail and the others, need to implement very strict virus screening protocols for both incoming and outgoing e-mail. I’d accept this even if it meant a delay of several hours in receiving my mail. Every e-mail attachment should be scanned. Every single one.

Next, something needs to happen along the backbone. Some sort of virustraps need to be set up where a very high percentage of message traffic automatically gets scanned for viruses.

Next, the institutional attitude towards viruses and virus writers needs to change. These folks are slimeball criminals, and needs to be regarded as such. They are not Digital Robin Hoods, nor should they be admired for their programming skills, and they definitely should not be allowed to plea bargain to their crimes and then walk away with nice, fat consulting contracts as “security advisers.” Banks don’t hire bank robbers to advise them on security and computer companies should not hire computer criminals to advise them on security.

Phillip Hallam-Baker, the principal scientist for VeriSign, recently suggested (in a ZDNet articl) that “reverse firewalls [be] embedded in every cable modem and wireless access point for home users.” The reverse firewall would not shut off outgoing message traffic and e-mail, but it would throttle it down to a great degree. The purpose would be to greatly reduce the value of hijacking home machines and using them as “zombie” machies used to distribute huge amounts of fraudulent network traffic. This is exactly what happened to my friend’s machine that had the 11 viruses. One I took it home and put it on my cable modem, it pushed a quarter of a million packets over the network before I could figure out what it was doing.

I like the idea proposed by Mr. Baker because it is a positive step towards taking the profit out of some of these attacks.

I’d also like to see the ISPs start watching the outgoing traffic from their customers. Not restricting it, but watching it -- and then contacting users who have very high volumes of outgoing traffic to determine if it is legitimate, or a potential problem.

I’d love to get an e-mail from my provider telling me that my outgoing traffic had tripled over the last two weeks, asking if there were a problem.

Similarly, I think that ISPs should contractually limit the amount of outgoing e-mail a customer can send. Give everyone 25, or 30 , or 40 outgoing e-mails a day. If they need more, then let them subscribe to additional daily blocks of some number at a very reasonable price (100 additional daily e-mails for $1.00, or free for the day with a simple call to customer service). In doing this, the ISP will actually be protecting the consumer. If Joe or Sally’s machine gets hijacked, the number of e-mails that can be sent out will be severely limited, and toe problem might be identified sooner. Yet, the person running a business out of their home can get the outgoing mail capacity they need without breaking the bank.

The reason that I don’t want the ISP restricting overall traffic is because at some point, some Hahvahd-trained counter of beans will figure out that if they cut everyone’s outgoing traffic by 5%, then profits will go up by 2%, or some such nonsense. Then there will be an engineering project to determine exactly how much they can cut traffic and increase profits before uses start complaining and leaving, thus cutting profits. The phone companies, in my opinion, are experts at this and I believe they are constantly “screwing” with DSL bandwidth in an effort to make/protect their profits. But that is a different rant for a different issue.

No comments: