Monday, March 30, 2009

Spate of spies and viruses

I'm not going to list these "things", but I will say that I'm seeing way too much discussion and attention to them these days. I see different reasons for this, one is that I've no doubt there really are evil hackers out there. The other is that our greatest fear, the greatest enemy of the freedom and potential of the Internet is the people who have seized power in Washington, Wall Street and our information supply. They will not give up that power, and the sooner we understand the depth of this problem, the better. The sad truth is that the more powerful the Internet becomes as an agent of real democracy, the harder they will plot and work to stop (read: control) it.

In the meanwhile, these evil programs exist, so what do we do about them?

First, we identify where the responsibility actually lies. First and foremost is with the creator of the Operating System: Microsoft for people using Windows. Since most people are using Windows, I'll skip Linux et al because they are relatively minor players.

Why Microsoft 1st? Because the operating system is the core software of our machines, and only Microsoft has access to the code that comprises this core, and therefore the knowledge to protect it, it's file system and our computers.

No, the operating system cannot stop you from creating/changing/deleting files on your computer, or from sending and receiving data over the Internet, nor can it stop a malicious program you've installing from doing these things. What it can do is protect itself from unauthorized change. This is the first and most significant step: an operating system that cannot be altered without Microsoft's and your concurrence.

There are different ways to achieve this. One is the concept of "virtual machines", which could - if Microsoft wants to - be a built-in feature of Windows. When you boot your computer, it boots to VM, which in turn loads and runs a virtual copy of Windows. Since Windows is now being run from memory (RAM and ther paging system), any changes to it disappear when the copy of Windows is shutdown. This is one way. Another would be for Microsoft to write software, as part of Windows, that has information needed to inspect the components of Windows to make sure they are unchanged since receipt from Microsoft. I personally prefer VM.

This covers the Operating System. What about the Internet? First of all, your Operating System should never allow the Internet access to your hard drive without your specific permission on a file by file basis (turn this off at your peril).

What about programs you install - which, once installed and launched can do anything they please? You don't install programs willy-nilly. You only install programs from trusted sources.

Lastly, consider this: computers are very cheap these days. Hundreds, not thousands of dollars. This means you can buy an extra, cheap computer for Internet use, and keep your other computers off the Internet until useful and effective protections are implemented. Yes, your email system, for example, would be on the 'exposed' machine, but assuming you never click email attachments, you can backup your email (e.g. Outlook PST) from this machine to another without risk.

Look, I'm not a "security" expert or person, but I have spent a lifetime working with computer software. What I do know are 2 things: (1) technology created this problem and technology can solve it, and (2) powerful people don't want the Internet becoming a stronger force for our democratic purposes. The hysterical article I pointed to at the beginning was run by the NY Times - you do remember it was the NY Times who helped lead the charge to the invasion of Iraq, right?


Bill

No comments: