Last year, Chris Hogg and I did a piece on security for the big online social sites. We got some help from Symantec Canada and now the company has come up with some very handy tools and a paper on self-defense on the Web.
Symantec have come up with an interesting series of features which are good public awareness stuff, and a PDF which is a well written, thorough, text on self defence for internet users. The risk assessment tool is nice and basic, easy to use, good for waking people up to their problems.
As you can see, the site is awash with Norton materials, but fair enough, after all, it is their business. More to the point, in terms of the trillion ton gorilla in the bathtub called internet security, it contains some material which should bother anyone claiming to be alive. This is a quote from Symantec’s press release to Digital Journal:
But every three seconds, an identity is stolen online — that’s nearly 10,512,000 identities each year. Cyber crime is real crime; and it is more profitable, provides more anonymity, and can be more difficult to prosecute than offline crimes.
Symantec have included a lot of material about how the black market works, how your ID is sold, how much it’s worth, and other good reasons for entering a cyber monastery. This stuff should be released to schools, it’d at least provide a relevant information base. The bit about file sharing alone would be enough to turn anyone off using pirated software.
I did the test, came up with a Medium result, and was surprised to learn my ID would be worth four figures. Always some antiquarian somewhere, I guess. My parents would be horrified.
I don’t want to go through chapter and verse of the Symantec site, because like online security, you should go and explore it, see what’s going on for yourself. Really have a good hunt around, form some opinions. In particular, check out “Life cycle of a cybercrime”, and have a look at some good copywriting at work. This is how to present this stuff, so it’s understandable by everyone. Symantec deserve some praise for this presentation, because it really is what people need to know.
Now the big picture:
In our original article, we discovered that the last thing anyone wants to talk about to the media is internet security. You can be spammed unto the fourth generation by 22 year old bimbos and God alone knows what sort of malware in the spam, and everyone’s pretty cool with that. Who wants to be able to find anything in their inbox, anyway? It’d louse up the ambiance, if people knew what they were looking at.
The crime angle, on the other hand, is apparently a no-go zone for commentary of any kind. Our original ideas, like organized crime getting involved, didn’t even get a mention from anyone but Symantec. IC3, the FBI/government Internet Complaints Center, is still trying, but where’s the corporate backup? Is everyone so lost in the minutiae that they won’t have a look at the big picture?
The economics of cybercrime are staggering. The current state of play, globally, is that it’s a four horse race. In the lead are the cybercriminals, as usual, followed by internet security agencies, followed by the public, with corporate costs bringing up the rear. Spam/malware, administration, lost revenue, and additional costs are dragging billions out of the global economy, weekly. It’s like a built in recession. On the current rate of growth, which has been exponential since 2007, this will be one of the biggest cost factors in global economics within ten years.
Those costs are also dragging down budgets, imposing additional costs on a yearly basis, and putting every single business on Earth at risk. The time alone, just the few minutes spent doing what needs doing for security on your computer, costs money all the way up and down the line. It’s probably adding a lot to global emissions, just running the extra electricity.
It’s also a definite turnoff to global internet trade. We’ve got the best commercial and communications network in history, and at least a third of the population is still scared to use it, 15 years after the first problems emerged. The problems, instead of getting better, are getting worse, at a massive rate.
Anyone see a problem with that? Symantec have pointed out the stats, the processes, and the risks. They did it on one website, with a few words and graphics. So far we haven’t seen a damn thing from anyone else on public awareness, let alone the major sites, and certainly precious few "How to save your cyber tail" info.
Nor are we seeing any ideas coming out of the White Hat brigade and the apparently endless legions of ultra cool people who claim internet omniscience.
Here's a few thoughts for Clown School:
Doesn’t the “read” function rate a mention and a few lines of “lookout” setup exe code? Doesn’t the mathematical symbol “is not equal to” have a use? Can botnets handle reverse denial of service attacks, like a simple inversion of senders? How about reverse zombies, or direct rerouting to IC3 or someone like that? If someone tries to install a keylogger on your computer, why can’t you send them an obscene Mandelbrot when they try to use it? Aren’t people who are supposed to be experts also supposed to have ideas?
We need more ideas, not more excuses, if we’re ever going to have a safe internet. Hacking and cracking only works because of weaknesses and poor response times, both in terms of platforms and commercial anti virus software. (Some of these worms have been around for years, and I’ve actually seen name brand anti virus software that doesn’t recognize them. Fortunately for me, my other software recognized a keylogger.)
If software companies went on the offensive, and turned servers into minefields for malware, the net would be a much safer place. Symantec has taken a good first step.
Now, anyone else like to do something useful?
This opinion article was written by an independent writer. The opinions and views expressed herein are those of the author and are not necessarily intended to reflect those of DigitalJournal.com