The Internet: Opportunity AND Risk

Not a place, or even a tangible thing. At its roots the Internet is nothing but a large number of agreements between participants. One type of agreement deals with the carrying and exchanging of traffic, or the connectivity links between different nodes and networks. The other deals with how the traffic is represented, known as the protocols, which lets everyone understand the traffic being exchanged. Nobody owns the Internet, but many own pieces of the hardware that it runs on, the links and servers. Most of the protocols are openly defined and are in the public domain, so anyone can use them to talk ‘net talk. The Internet is dynamic, with nodes (individual machines included), links and entire sub-nets appearing and disappearing over time. Developed by networking researchers sponsored by the military, the ‘net is able to automaticly take advantage of new connections and route around broken links. Atomic bomb blasts were the concern at the time; fortunately the same ability works well for back-hoe damage.

Now completely run by commercial enterprises, the Internet spans the globe and connects hundred of millions of individuals with e-mail and web access. According to the latest netcraft.com survey, there are over 15 million web servers online. These hold billions of pages of information, messages and sales pitches, expose archival and real-time databases, provide access to legitimate and pirated music, banking, stock trading; the list goes on forever.

More specialized services can provide device and data sharing between any two or more computers connected to the Internet, these being across the room or across the country. Suddenly it’s possible to have knowledge workers spread around the world, all working together. And the marketing demographic! Hundreds of millions of people, most affluent enough to own their own computer. Yet the connectivity and publishing costs on the ‘net are surprisingly low, and dropping quickly while capacity increases during the current phase of build out.

With possibilities and opportunities like this, it’s no wonder so many people, agencies and businesses are coming online as quickly as they are. It is unfortunate, however, that many are attaching themselves to the Internet without realizing it can also be hostile, or that their machines may be improperly configured for such an environment. A line from a CBC show from about ten years ago will never leave me: “Everyone talks about what technology will do. No-one talks about what it will undo.”

Connect a machine directly to the Internet, and that machine becomes a peer, and can be reached by any other peer, no matter where it is. This is, of course, the great thing about the Internet — normally. But what if the remote peer isn’t a friend (or co-worker, or a customer), but is instead someone (or some autonomous agent of someone) who wishes to do harm; properly referred to as a cracker, commonly known as a hacker. Well, if your machine is poorly configured, the cracker just exploits the open services, and gains access to your machine.

Poorly configured machines are more common than might be thought, but as many desktop environments are expecting a nice, safe LAN, it’s not really that surprising. In addition to a proper security posture on the machines themselves, network routing and filtering provided by your network connection provider can help reduce this exposure, as can an on-site Network Address Translation router and/or Firewall box. There are often many reasons why someone doesn’t want to be a full peer on the Internet. And those machines which are, should be carefully configured.

As frequent e-mail spread virus reports attest, even reducing one’s exposure to simply receiving e-mail still doesn’t fully protect you, on some platforms. I think it’s worth noting that current virus protection software only protects you after someone else (or possibly millions of others) have already been infected. The virus protection software company needs to receive a copy, then they develop a signature of the virus which you then have an opportunity to download. Then you’re protected.

For the most part, staying safe on the Internet is the same as staying safe in the real world: common sense. Don’t automatically trust people or companies you don’t know. Don’t leave your doors and windows (ports and services) unlocked, or give out copies of your key (password). If you can afford a moat (firewall), get one. Other precautions are uniquely ‘net oriented, like don’t ever launch something someone e-mails you, or to say anything in e-mail you’re not prepaired to have the world read.

If you have a web-site open to the public, be prepared for the fact some small percentage of the public aren’t nice. Add to this the fact some people on the ‘net are located in completely different legal jurisdictions, and the prudence of securing your assets become clear. For example, it can often make much more sense to have the company’s public web-site off-site at a commercial hosting service, and rely on them to worry about the increased security needs. If crackers do decide to go after your web-site, why give them the opportunity to crack your LAN too?

Not intended to discourage people from coming online; the Internet is truly a great new place of opportunity for both individuals and businesses. Properly managed, the ‘net can be an amazing tool. But improperly managed, well, we just don’t have the room….

Published in the Victoria Business Examiner.

LOVE-LETTER-FOR-YOU.TXT.vbs

So it has happened again. A short bit of malicious computer code has managed to replicate itself across an estimated 10 million Windows based computers around the globe. Damages are expected to exceed 10 billion dollars in lost time, data and productivity. Last time it was the Melissa virus, this time it is the “Love Bug” worm. So named for the e-mail headline “ILOVEYOU” used by the worm to spread itself to others, the e-mail contains an attachment called “LOVE-LETTER-FOR-YOU.TXT.vbs”, which is the worm itself. Anyone running Windows who launched this application was in for an unwelcome surprise, as they helped the worm replicate itself further.

The infection process is destructive, but not nearly as bad as it might have been: if any version of MS Outlook as in use, everyone in the address book is e-mailed a copy of the worm. Then several classes of files on all attached hard-drives, local or remote, are overwritten with a copy of the worm. A few other methods of replication are used, and finally Internet Explorer is configured to download an executable the next time it’s launched, or if it’s already been downloaded, the executable is set to run at the next reboot.

One might question why it is that Windows seems to be the most common target for these types of attacks, with 10 to 15 new viruses, worms and trojans seen a day for the platform. The one reason is surely that it’s smart to target the largest host base, but it’s also an unfortunate truth that Windows is a very easy host to infect. With many different macro and scripting languages available directly from the operating system and from within applications, it becomes trivial for anyone to be destructive if they choose.

While the Love Bug needed a human to directly launch it before it could do its damage, Melissa and many others are hidden in macros contained in Word or Excel documents. How many times have you just clicked “OK” to the warning about macros without looking to see what they actually did, or have you turned that warning off entirely? To make things even more convient, but less secure, Outlook can be configured to auto-launch Word or Excel when viewing an e-mail containing such documents.

As an analogy, think of a large society with most people living in straw huts, storing gasoline in open containers. They pass laws making it illegal to send packages of matches with messages asking the recipient to “strike as directed”, but there’s no way to trace shipments. Now, in your honest opinion, who’s most at fault: the people living amounst the accelerant, or the people who keep shipping matches, lighters and barbecue starters? Or, more directly, who’s likely to be the most harmed?

Perhaps an extreme view, but one worth considering the next time someone sends you something to run, view or edit on your computer, even someone you know. Turn off Script Hosting, ActiveX controls and document macros. Maybe even use a test computer disconnected from the Internet, or an emulated environment inside a virtual machine. After all, those living in straw huts should be careful of things which might catch fire.

Published in the Victoria Business Examiner.