Is The Internet Doomed?

Bobby Johnson wrote an interesting article on how criminals are attacking some of the fundamental building blocks of the Internet – and unfortunately, this is true, we have seen a variety of cases where attacks have gone after things like DNS servers (big and small) and we have seen denial of service operations almost take whole countries off the net. So the Internet can be used as a serious ‘weapon’ against individuals, companies and countries.

Reputation plays a big part of this, if you cannot guarantee who is on the other end of the wire, then there is a risk. In the all important case of a transaction, the consumer doesn’t know if the company is bona fide and similarly the company doesn’t know if the consumer is. If either isn’t who they say they are then the problems arise. You can take this further with the spread of botnets, spam and malware in general – if people were in control of their computers then many of the problems would be eased – I wouldn’t like to say they will go away, because we have seen how cyber-criminals have changed their tactics over and over to adapt to the ever-changing Internet and the way people use it.

Educating people on Internet security is tough, we still see people click on attachments or dodgy links and the associated virus outbreaks and identity theft. People switch off auto-updates for the OS and applications – which would reduce their risk of exposure because its either inconvenient or they don’t see the point of it. Many changes to the OS and to applications have been done to make it easier for people to use computers – but this same ease of use also makes it easier for criminals as well.

We need to rethink some of the fundamental decisions and design elements for today’s world. Getting security right for all involved is going to be essential to move forwards, we do need to remove all security risk decisions from the consumer in order to improve security. One example to prevent malware from being installed would be to block any / all installs  (and this includes browser plug-ins) unless the application install package has been OK’d by a whitelisting service. If the functionality was built into the OS and the whitelisting service was ‘free’ then it would be possible to prevent malware from being installed. Hey, that would be a start. It seems we (as an industry) need the step change in thinking… and now seems like a good time to do it before the Internet becomes a no-go area, which, frankly, is not a good option.

March 13, 2009 | Filed Under cyber-crime, security | Leave a Comment 

A New Internet?

In an articlein the New York Times this weekend John Markoff asks if we need a new Internet to solve some of the issues that seem to be plaguing the one we have at present.

This request or discussion has been going on for a while and seems to crop up every time there is a large virus outbreak (Downadup / Conficker in this case) or a large Denial of Service (DoS) event. So… can it be done? Could we create a better Internet? Of course the answer is yes – but the real question is would we want to? Would we be able to transition from one to the other and would the issues in today’s Internet be unable to rear their ugly heads in the new one? That’s a more difficult question – and one in which the answers are probably no and no.

If we were to switch off the current Internet, global *everything* would grind to a halt while the transition to a new improved, more ’secure’ one happened – no more Internet banking or shopping, no more booking tickets, or transferring money, no more research for homework… it’s not looking good is it? Of course most would not be able to transition and if it used the same infrastructure, then at the end of the day DDoS would still be an issue. Even if we all had identity cards to allow us access to the new Internet (hopefully making it easier to track down cyber-criminals etc) we would still have problems – as soon as the cards had been cloned or a legitimate system had been hacked and taken over, then many of the problems that are around today will also be on the new version. Does this mean we shouldn’t consider a new Internet? No, of course not – but we need to make it an evolutionary approach to what we have and accept that it will never be perfect. Improving security on the Internet, in applications and in the way data is handled is critically important, we need effective reputation based services and vastly improved ID systems and management. As new systems are developed by ‘the good guys’ so ‘the bad guys’ will find a way to break them – the Internet is a war zone and the battles continuously rage. Moving the war to a new location won’t make the battles stop.

February 16, 2009 | Filed Under Reputation, security | Leave a Comment