Monday, January 30, 2006
Now I am 20
What a milestone! 20 years since the first virus, spread by floppy disc and known as “Brain”, appeared. Was that really the first? I was lucky enough to be at a school that took the potential of computers seriously, equipping a lab with, I think, a dozen or so BBC micros sometime in 1984 or maybe 1985. Whilst I spent the bulk of my time getting very, very good at Acorn’s conversion of Defender (known as Planetoid), other, far more able, folks, such as Dennis, spent their time hacking the system. The first virus that I came across was a replicating worm, able to transfer itself from machine to machine via the network that linked them all. It fried the screen, forcing a reboot – but as soon as you rebooted, the worm was back. The only way to rid the network of this scourge was to shut down all of the machines at once – the BBC micro, lacking a hard drive and with a ROM based operating system fortunately didn’t allow viruses to stay resident after the power was cut off. I guess this would have been 1985 or maybe it was 1986 and the sudden innovation was triggered by stories about the brain virus – but in the absence of the ‘net then or any other easy way to get information about such a virus, I wonder if Dennis was indeed working on a separate branch of genetic evolution of the virus or whether he got the idea from Brain? I'm pretty sure that Dennis' nickname was "Brain" so maybe it was he that released it into the wild? Now people say that if you connect a machine to the ‘net with no contraception for as little as 15 minutes, there’s a 50% chance of it being infected by a virus. I’m not sure if that means that each 15 minute unit of time gives you another 50% chance, or whether the longer you leave it connected, the more the odds tend to certainty. Certainly I don’t particularly want to try – but it’s always bothered me when you boot a new PC for the first time and, since XP at least, it’s said “shall I connect to the Internet to register this software?” What’s it doing then and have I got the right protection? If I connect unprotected and get away with it for an hour do the odds increase of getting away with it for longer, for ever even? The false sense of security, so to speak, that getting away with it once brings works just as badly in the IT world as it does in the real world. Luck just doesn't come into it. Anti-virus vendors who, it must be said, feed into a market that is worth around £2 billion this year (and heading to £3.5 billion by 2009) advise that corporate clients should ensure that they update their AV software every 5 minutes (against every 3 months a decade ago). That means that you can't possibly stay ahead if you're doing it yourself. Failing to keep up to date can cause entire organisations to shut down. A big government department that I worked at in late 1999/2000 lost 3 days of email access when Melissa, one of the first really big viruses, infected every PC in the business. In 2002, government, through the joint sponsorship of my own team (who provided the money) and the OGC (who carried out the evaluation) signed a deal with Messagelabs to protect every mailbox connected to the GSI, government’s own Intranet – something like 100,000 accounts I think. Since then, as far as I’m aware, no government department using the service has had any downtime as a result of viral infection. Oddly, there was much resistance to the idea in the beginning – to the point where my team funded the first 18 months of service, before everyone was convinced enough to provide funding. A recent article said that Mac users tend to be far more blasé about leaving their machines open, believing that there are no viruses that will attack them. With increasing market share likely for Apple, that may be a touch thoughtless. It only takes one attempt to be successful for you to lose your hard drive, have rude email sent to every one in your address box or to be infected by something that redirects every web address you enter to a fraudulent site. How would you even know you’d been infected? The government is doing at least some of its part and has launched programmes such as “IT Safe” – very much the geek’s guide to staying secure online – and, more recently, another idea “get safe online” - an initiative that comes with the catchy action plan of "protect your PC, protect yourself, protect your business" - could be true for so many things, let alone IT security. But there remains more to be done. ISPs still allow you on to their network without knowing your operating system patch level or whether you have AV software or not and PCs and Macs still ship without AV software built in to the deal (although many, I see, come with 90 day evaluation versions of software and a discount voucher for getting the full service). Given the multiple harsh effects of viruses – they drive network traffic up (wasting bandwidth, slowing down connections and using up storage) as well as causing pain for the PCs, I find it surprising that the ISPs aren’t taking more direct action, closing down the opportunity for the virus to spread at the entry point to the Internet. Maybe there’s no commercial opportunity there? Perhaps it will take only one big name to make that leap, I suspect, offering its customers a safer surfing experience and then the others will follow. One safe harbour in a storm can’t protect all the ships. Certainly taking individual action against such attacks doesn't help much - but if you wait for everyone else to do it, we'll get nowhere. Switching off your appliances when you're not using them might make you feel like you're doing your bit against global warming, but it makes not the slightest bit of difference in the scheme of things. But you'll feel better, and that's got to beat feeling worse.
Posted by Alan at Monday, January 30, 2006