Data
security remained under heavy fire in 2005
by
Alan Zisman (c) 2005 First published in
Business
in Vancouver December 20-26, 2005; issue 843
High Tech Office
column
Two steps forward, one step back: the battle for data security
continued in 2005. As I write, for instance, the end-of-the-year
resurgent Sober virus continues, accounting for 43 per cent of current
virus traffic, according to antivirus firm
Sophos.
Still, that's down from a peak earlier this year when Sober accounted
for one in every 13 e-mail messages. In the summer, the Zotob worm
primarily attacked business networks, part of a trend that
Information Week
called a shift "from adolescent, attention-seeking nuisances to
professionally executed, targeted probes for financial gain." Recently
a U.S. Treasury representative suggested that in 2004 the take from
cybercrime exceeded that of narcotics. Nevertheless, most business and
home users have seen a reduction in the number of both virus-bearing
and spam messages making it into their e-mail inboxes. While some spam
lords have been successfully taken to court, end-users are less likely
to see dangerous or unwanted e-mail because of increasingly effective
filtering by both Internet service providers and network administrators.
On the cutting edge of attacks: Instant Messaging, which is almost
universally used by teens and is increasingly being used within
business networks.
Increasingly, virus attacks aim at creating networks of "zombie
computers," operating without their owners' knowledge as part of
underground networks for hire, for distributing spam or in other cases
attacking legitimate websites or networks. Equally disturbing:
attackers are adding new targets. Increased use of automated patching
has made
Microsoft's Windows
operating system and Outlook and Internet Explorer software less
vulnerable. Instead, a wider range of applications and even widely used
Cisco network
routers are being targeted.
Large numbers of home and business users continue to inadvertently
install spyware/adware software onto their Windows systems, typically
by downloading free software. Often buried within long and complex
end-user license agreements will be a note that the software includes
programs to monitor users' online behaviour, pop-up ads and more,
letting the software distributors claim user consent.
End-user licence agreements also played a role in November's
Sony BMG's
digital rights management publicity nightmare. In this case, the
company had sold an estimated two million music CDs that included a
copy protection technology that installed difficult-to-remove software
onto users' PCs to limit users' ability to copy songs from the CDs.
Again, users were required to OK a licence giving Sony the right to
install this software.
Stewart Baker
of the U.S.
Department of Homeland
Security
warned Sony: "It's your intellectual property [but] it's not your
computer." The result for Sony BMG: multiple lawsuits, falling sales
and the need to replace the 20 million CDs. The moral: getting a user
to click OK may not make everything OK.