Page One

Campus Computing News

Renew PRAS Accounts for the Summer

Need Statistics for Your Website?

Save a Tree. . . E-mail Your Homework!

Virus Protection Means Never Having to Say You're Sorry

HTML Formatting in GroupWise 5.5

GroupWise Document Management: Checking Documents In and Out

RSS Matters

The Network Connection

List of the Month

WWW@UNT.EDU

Short Courses

IRC News

Staff Activities

Subscribe to Benchmarks Online
    

By Mark Wilcox, Campus Web Administrator

Security on the Internet

The past few weeks have been busy ones in the Internet security arena. We've seen more press and more people have been affected than ever before, including here at UNT.

While the monetary damages may be open for debate, in reality, most of us know someone who's been affected by things like the ILOVEYOU virus, credit card fraud or similar vile things.*

The first response to this shouldn't be "make more laws". For the most part, the laws we have are workable for the crimes that are committed. In reality what is needed is to make computer software companies more liable for the security risks they enable and we, the consumer need to punish those companies that don't by not doing business with them.

Second, we should use more common sense when using computers and computer security products. If you have a lock on a door, do you start telling everyone you don't need police or if you have a sprinkler system do you tell people that you don't need a fire department? Of course not, but this is exactly what we do when we put all of our faith in computer security products.

After all, locks on doors only provide us with is a deterrent, meaning we're telling a 'home hacker' (AKA burglar) to go look for some place easier to steal from. Locks and sprinkler systems offer us more time to respond in case of a break in or a fire.

However, most computer security companies try to lull us into believing all we need is their products and nothing else. They say their products will protect us against any computer evil without needing any type of response. This is just plain stupid. Of course we need a response, any system is vulnerable to an attack. What we need are ways to make a planned response and for these systems to buy us more time to respond when something does happen. In other words we need to have the same expectations of security products as we do of our other security systems like door locks and alarm systems. While this won't necessarily solve all of our ills, it will be a step in the right direction.

Until next time.

Mark


The humorist James Lileks gives his take of the situation in a column that appeared in a variety of places including The Cincinnati Post (http://www.cincypost.com/opinion/lileks051500.html) -- Ed.:

Someday we'll love hackers
Column by James Lileks
. . .
The news media love these virus stories. They have a familiar shape
now. First, the discovery, fraught with warnings - this could be as big
as Melissa! Of course, no one has any real sense of how ''big'' Melissa
was. Badness is now defined as how long a story occupies the
top-of-the-hour news. Badness now means nothing more than: ''You'll
be hearing about this long after you're sick of it.''

Next, tales from the victims. ''We can't send or read any e-mail! It's
horrible! The boss sent an officewide message about the Stapler
Procurement Committee, and no one can read it!'' Oh, the humanity.

Then, the What it Means portion. By ''Nightline'' time, the experts and
sociologists assemble to drone and intone on the usual issues - Our
Increasing Vulnerability, the Irony of Our Vulnerable
Interconnectedness, the Price of Interconnected Vulnerability etc.

The next day brings the big whopper: the price tag. ILOVEYOU virus
costs $10 billion! Really? And how do they arrive at this sum? Any
company large enough to rely on e-mail to make its daily bread has on
staff a platoon of canny geeks ready to extirpate the offenders and
inoculate the system. The problem gets fixed by the guys who are paid
to fix problems. Perhaps the techies paid attention to ILOVEYOU
instead of other things, and that's where they get the ''$10 billion in
lost productivity'' figure. If so, you could probably say the same thing
about the Sports Illustrated swimsuit issue.
. . .

Other articles in this issue also address the topic of viruses and computer security: