logical.order.of.chaos

The Internet is not safe!  It’s true there are a lot of benefits to be gained from using a computer.  Many of those benefits today are found online, on the Internet.  The problem is, there are also many bad things you can get on a computer.  Most of those bad things are found on the Internet.  Networking a computer to anything external is inherently dangerous.  You are opening up your door to unknowns.

In the beginning we had only a few computers linked together at Universities and Government research labs.  The Internet was a place where you pretty much knew who everyone was.  It was a simpler time, when you could actually find out who someone was by their IP or email address.  That all changed when Tim Berners-Lee invented what is arguably the Internet’s “Killer App,”  The World Wide Web.  Almost overnight, it seemed, people were pouring onto the Internet in droves.  Everyone had to have a website.  Communications had to be made faster to home and businesses, a dial-up modem just wasn’t going to be fast enough for this new breed of techies.  The tipping point had been tipped, and there was no turning back.  Ecommerce grew, and is still growing, by leaps and bounds.  People were now using the Internet to make purchases they would normally make with a catalog and an 800 number.  Over the years more and more people are buying things they might otherwise have gone to a store to purchase.

In the early days new technologies were cropping up at just about every turn.  You almost couldn’t go a month without someone announcing a new way to use the Internet.  This was great, we were inventing new ways to communicate, new ways to live!  But there was a lurking problem.  Not many people were thinking about security.  For whatever reason it didn’t really occur to anyone that someone might want steal the information we were gathering.  I guess they didn’t watch any movies in the 80s.  Those scenarios weren’t very probable when those movies were out, but now they are commonplace.  Hacking is mainstream, viruses and worms are running amok on the Internet.  Only recently have we really begun to take a look at what we have invented, and decide it’s time to lock it down. 

There are a lot of insecurities on the Internet.  Many of them come simply from users not understanding the technology.   Many users don’t notice they have been infected until their computer simply becomes unbearable.  They then complain that the computer itself is the problem.  In fact many times it’s the way they are using it.

We had a rough first decade.  We had viruses, worms and spyware (oh my).  Worm wars heated up to the point there were new variants found daily, sometimes many in the same day.  Technically a ‘computer worm’ is a piece of code that self propagates.  In other words, it finds ways to get itself into and installed on your computer, without you doing anything explicit to invoke it.  Viruses are usually take some action from the user to invoke them.  For instance, these come in the form of a Trojan horse, which the user might think is a funny animation, or game.  In some cases certain vulnerabilities would allow simply opening up your email to let a virus into your computer.  Spyware is a different beast.  In many ways it is even more insidious than the first two.  At least the first two you know are from the bad guys.  Spyware many times is installed by people you think you can trust.  Many of them will argue up and down with you, that you consented to the install, and that there is nothing wrong with what they are doing.  In fact there really is something inherently wrong about what they are doing.  Spyware companies put programs onto your machine to figure out what kinds of things you do.  They watch your traffic to see where you hang out online, and report back all of this information to be sold to the highest bidder.  Many times probably with personally identifying information.

The present and future bring many new problems, and worries.  The virus writers aren’t ’script kiddies’ anymore.  They aren’t just out to have fun and see what they can do.  Writing exploits is a full time job, it’s a money making business.  The worm and virus writers now control large networks of ‘bots,’ what are called ‘botnets.’  These bots are essentially computers that are running unaware that they have been exploited, and are now running bad programs.  The user will probably not even notice now, because they tend to use these computers for small amounts of data at a time.  They have learned not to over use one computer because it would be too detectable, and they would either lose that computer, or the address would be blocked.  What they do now is send out short groupings of spam (or whatever the application) that is less detectable.  This allows them the ability to get a lot more spam through than would be possible if they used one computer.  The computer would most certainly be blocked, and they would lose their ability to make money.  That’s right, they are making money now.  Selling control of a botnet is a lucrative business, and like anything that has value, someone is willing to sell it. 

Why did all of this happen?  Is this simply the growing pains of a new media?  I don’t think so.  I think in a gold rush mentality companies were putting out software and technologies to feed the mass hysteria.  The biggest issue is that we all forgot one thing.  The Internet is a utility.  It’s a separate thing that we connect to our computers.  What we did was essentially open our car doors in the middle of a war zone.  We let the bad guys in by allowing them.  Not to pick on Microsoft, but they are the biggest culprit.  They essentially opened the entire operating system up to be attacked by integrating Internet Explorer directly into the operating system.  I think what they should do is realize that ‘this Internet thing’ is a separate device.  We should connect to this device in a manner that is secure, and isolated from our internal system’s workings.  I thought of, what I think is, a really good analogy for this.  In your home you have appliances that hook up to the sewer system.  For instance your dishwasher and washing machine both hook up to the sewer system to dump the waste.  They also connect to the water pipes your city provides.  What they don’t do is connect the sewer back into the water system and vice versa.  They both have specific places where they attach that keep them separate and safe.  You wouldn’t want the sewer system washing your clothes and dishes.  And you similarly don’t want bad things coming back into your computer over the internet.  You wouldn’t open your doors wide open in your home and invite thieves in for a visit.  Let’s keep one thing in mind.  The Internet is NOT safe.

Filed under: Computing, General, Security