Great, but would you dare to venture out of your driveway to share the road with today’s moronic drivers if they had that sort of horsepower at their disposal? Some recent events suggest that the power and connectivity of the average personal computer (PC) are beginning to exceed the owner’s ability to manage it.
In mid July, The New York Times told its readers that more than a thousand unsuspecting broadband users had their computers hijacked by hackers, who were using them to peddle porn. The victims’ machines were secretly loaded with software that made them send explicit Web pages advertising pornographic sites with offers to sign visitors up as customers.
And the worst-case scenario was realized when Julian Green, a resident of Torquay, in western England, had his life turned upside down by criminal charges of child porn possession when his home PC was seized by a Trojan horse that apparently gathered the stuff without his knowledge. Whether Green was deliberately targeted, or a random bystander, the Aug. 11 New York Times story does not speculate.
Blasted
And then there’s Blaster. Exploiting a vulnerability in Microsoft’s implementation of Remote Procedure Call, the worm tunneled its way into thousands of machines, many of them owned by home users with broadband connections. The widespread problems occurred in spite of repeated warnings from Microsoft and the computer security community that an exploitation was imminent. The message got through to most corporate and business administrators. But home users, who are about as likely to install a software patch as they are to adjust their SUV’s fuel injectors, fared less well. Blaster’s successful incursions into the corporate world were doubtless facilitated by infected home users connecting to their company’s networks through the firewall.
As an experiment, one group of security researchers placed an unprotected PC on the Internet. Like a squirrel trying to cross an Interstate, it was flattened by Blaster in less than 27 seconds.
In short, the information superhighway, like our Interstate system, has become a utility essential to our interconnected society. And like our highways, it is a place fraught with danger, not easily navigated by novices.
The Internet, however, has no equivalent to a well-developed infrastructure of service stations, AAA-dispatched tow trucks or dealership notification systems that serve motorists. And perhaps that is what is needed.
Suppose AOL, which has signed up millions of subscribers by marketing itself as the provider of choice for the technological tyro, was to take the next step and provide security support to its neophyte customers. A graduated suite of services could include automatic virus updates, firewall management, and even patch management. Obviously, the user would have to agree to sacrifice a measure of privacy, since the desktop would need to run a management client that would give the Internet Service Provider (ISP) considerable access to the customer’s machine. In exchange, ISP Service Level Agreements could promise added months of free service to customers whose computers were crippled by malicious software that the provider failed to catch.
Such a shift would, however, profoundly change the way we think about computers, and might even stifle the innovation that has characterized the computer industry for years. We long ago made that transition in the automotive world. We understand the idea that fiddling with the odometer or the catalytic converter is against the law, and that unauthorized tinkering is likely to void the warranty. We dutifully take our cars in for scheduled maintenance, leaving the anfractuosities associated with keeping our cars running to the experts.
It would be unfortunate if our computers were dumbed down to e-mail and word processing appliances whose contents could be scanned at will by some central overseer. But it would not be the first time that people had traded a measure of privacy and independence for enhanced security.
David K. Black, [email protected], is manager, security technologies, at Accenture Global Architecture and Core Technologies.
