Tuesday, August 02, 2005
If you see Bill, tell him
Two weekends ago it was barely noon on Saturday and I was already on my ninth glass of champagne. Thanks to my friend Ronan I was in the exalted company of a dozen sommelier tasting the full range of Gosset champagnes, from the current NV all the way to vintage 1985, via 1996, 1993 and 1990 with some rose mixed in as well. This Saturday, I was buried in a heap of spyware going through a PC belonging to a relative. There were 114 separate bits of vermin and, for good measure, a persistent backdoor trojan. This despite three separate anti-spyware tools and Norton anti-virus being installed. Or, at least, apparently installed. I spent a good 6 hours cleaning all of that stuff off, hunting through the system for other bits of junk, getting all of the necessary auto-updates installed and, most importantly, getting rid of the anti-spyware software. It hadn't done much good of course - the infections were running riot. There were even XXX diallers in the dial-up zone and lord knows what else. I replaced all of the paid for (and free trial) anti-spyware software with Microsoft's own beta release. It cleaned everything up in the first pass and promises to innoculate it for good. If you see Bill, tell him he did ok - that's what I needed: a simple, free tool that took care of the problem and that I could trust. Much of the anti-spyware stuff out there is as pushy as realplayer about getting you to sign up for one thing or another. I don't need any of that. There are those who blame Microsoft and even Bill personally for the spyware that's out there. Every time I hear that I'm reminded of Willy Sutton's response to the question "Why do you rob banks?" - which was, of course, "Because that's where the money is." Likewise, people write spyware for Windows PCs because that's where the users are and they'll keep looking for ways to exploit every opportunity. In 2003 there were 593 million PCs in the world. Sounds like that's where the money is to me. Macs, whilst growing, seem still to be around 2-3% of that number. although it's unclear how many are on the 'net (figures I look at from government show that the percentage of people visiting government sites and using Macs rarely breaks 1% but that might not be representative). The natural question to ask then is, if there were 500 million Macs out there, would there be just as much spyware attacking those, or are they somehow better protected or even immune? That's hard to say but I doubt they're better protected - since upgrading to Mac OS 10.4, I've had 2 major updates (to 10.4.2 now) and one set of security patches. I'm not, though, aware of any spyware that hits the browser; there might be something in saying that Macs are better protected there - but maybe it's all down the law of large numbers still? My main frustration though is that the ISPs aren't, I think, being responsible enough in protecting either their own consumer customers or those of other ISPs through ensuring that PCs connecting to the network are safe and secure. If I'm paying £10, £20 or £30 or whatever to an ISP for the privilege of a network connection and some email, I'd like them to take care of my security configuration too. At the very least, I'd expect them to do three things: 1) Ensure that when I connect for the first time each day, I'm up to date with all necessary patches and have the right products installed - from a recommended list that they maintain. I'd go as far as letting the ISP insist that I could have access only to walled garden sites until I'd installed the right software. This would be appropriate contraception. Until I prove I'm safe, I'm not allowed out of the house. It may be that this will increase the cost of the subscription - but if all ISPs provided the software, then the cost would be the same (or close to it) across all providers, neutralising any market inefficiency. Indeed, the bigger ISPs could negotiate cheaper prices from software suppliers and improve their deals, as is the case with all other markets. 2) Provide basic virus protection using heuristic scanners that check both for known viruses and possible viruses so that new messages that arrive whilst I'm connected cannot infect me and ruin things for everyone else. This should not need to be client side. If viruses are checked on the way in and the way out by the ISP (who, after all, sees all POP3 email) and are checked in the same way by e.g. Hotmail and gmail (as they are), then email viruses would be a near-dead business overnight. 3) Block known dodgy numbers - porn diallers, spam diallers, whatever, from being dialled from my PC. That might deny the ISP from collecting revenue (mainly though it will reduce BT's revenue - but BT aren't, I suspect, keen to get revenue from such sources and probably pay a fortune to investigate bills that are challenged - indeed, I'm sure I heard BT had a product that checked for these things, but I can't find it off their main site). My relatives have seen many things in their lives and lived through enormous change in the world, technically, politically and socially. They are not, however, equipped to deal with the kind of change that brings spam, viruses and spyware to their PC. They want to surf the web, chat to friends overseas, exchange pictures, write books and stay up to date. That social retards, crooks and spammers can make that a terrible experience should no longer be tolerated ... and the process for that can start with the ISPs and extend from there. I know I've harped on about a Green Cross Code for the internet before but after this weekend's experience, I only see a greater case for it.
Posted by Alan at Tuesday, August 02, 2005