Welcome to another funfilled editon of The Weekly Geek. 

To begin, I am fully aware that Windows XP Service Pack 1 was released in September of 2002. I also do feel that Dell, Compaq and other computer vendors should make a better effort to patch a computer before selling it to the public. Anti-viruses programs that are from the previous year and have no updates might be better than nothing, but using them is not a reason for the computer building community to claim no responsibility for security. I do believe that Microsoft should be selling their operating system with all of the patches possible, such as through February of this year. I use this date because they have a disk with the patches available. I also believe that Antivirus vendors should throw their teaser software away when it is six month old and only provide current disks with current up to date files to the public and computer vendors. With all of this in mind, this paper is not to bash that industry. There are enough people doing that already, instead I am about to place myself in the hot seat and firmly state, people of the world it is way past time for you to take your computer technology and security seriously of face government intervention.

When you buy a car you make sure that it has all of the safety equipment to protect yourself and other drivers. You purchase liability insurance just in case something happens. You learn to drive before you get on the freeway where all of the other drivers are, taking a defensive driving class is a requirement to get a drivers license and wise people continue their training all through their driving experience. The same should be true of computer users.

When a driver chooses to drive drunk, he or she is liable, not Ford. When a car that has not received proper maintenance on its brakes, slams into the rear end of another, Nissan is not held liable. I believe that individuals can no longer claim ignorance when it comes to internet and computer security, but must make a choice to become informed about their responsibility, which is no less critical than replacing brakes on a vehicle or stopping at a stop sign. The users whose computers spread infections can prevent them and their owners should be liable for damages they caused. Unfortunately, many people currently want to blame the computer hardware and software manufacturers for the current epidemic of viruses, worms, trojans, spyware, malware and spam. In all reality these problems are caused by and are the responsibility of the end users.

To give an idea of the financial cost caused by the various infections on the internet, I searched and found the following information. The Sobig worm caused about $5.6 billion in damages worldwide while the Klez worm caused $13.9 billion, the Love Bug $8.6 billion, Yaha caused $6.3 billion in damages and MSBlast only $525 million (Becker). Of course the Sobig and MSBlast were only two weeks old when the article was published in August of 2003. These numbers alone are staggering, however they are minimal when compared to the total number of virus infections. The Netsky virus has been detected in over 70 million computers, Objectdata, another virus, was found in more than 11.5 million and the Sober virus in just over 10 million computers. These are just three of the thousands of viruses out there (Greenspan).

Individual users claim ignorance as to why their computers are slow or they blame Microsoft for frequent computer crashes and freezes when in fact those problems are easily caused by an infection of various sorts inside the computer. Individuals don’t hire experts to check out their systems due to the perceived cost involved, in spite of the fact that they are costing themselves and businesses billions of dollars. People want to point their finger at someone else for their problems. Remember when you point one finger at someone else, three fingers are pointing back at you. Passing blame in automobile accidents has been common since the first two vehicles decided to Tango. In the case of computer systems, the end users blame the software or hardware manufacturers instead of themselves. The issue is not whether Daddy Warbucks (in our case Bill Gates of Microsoft) is to blame for creating a successful business, or whether the people who wrote the code and left “holes” are responsible citizens, but rather the end users use and care of the product, whether it be Microsoft Windows, Internet Explorer or Novell’s SUSE Linux.

Over three decades ago many people did not carry liability insurance on their personal automobiles. Some businesses took this responsibility seriously. This was a business decision due to law suits and the livelihoods of employees and owners. Individuals, however consistently came up with excuses, such as cost, as why not to purchase liability insurance. That is until they were in an accident, no matter how small, and the party at fault had no insurance or money to pay for vehicle repairs, medical costs and expenses. When enough people were tired of the problems associated with the irresponsibility of others, they persuaded the government to intervene. Once the State and Federal governments became involved, by requiring proof of financial liability, new issues did temporarily arise. An increase in law suits, high dollar claims and other such nonsense increased, during this same timeframe many individuals screamed that there was a conspiracy between the Government and Insurance companies to increase each others wealth exponentially, even though they had earlier been fussing about “others” not being responsible. Fast forward to 2004 and you will find that the blatant abuse of lawsuits in such cases is minimal. The people as a whole, no longer scream conspiracy or have had their senses dulled to a point that the monthly or annual insurance bill is just another fact of life.

It is my belief that the individual should be responsible for their direct effect and affect of the spread of destructive and nuisance information (spam) and malicious programs (worm’s and viruses) over the internet. It is not my belief that government involvement is good for society in many ways, however the liability of individuals for causing harm to others can lead to intervention on the federal level if those who cause the harm will not take responsibility. I have heard many times over the years, “your rights end where my nose begins” and in this case my nose is my computer and the networks I work so diligently at protecting. Your right to own a computer and surf the internet should not cause me, those I represent, or our property physical or financial harm. If it is caused then there should be repercussions.

As with auto insurance, today’s businesses have and must maintain a certain amount of “liability insurance” in their Information Technology departments, especially when it comes to computers. How the liability protection is carried out depends upon the individual security experts employed by the business. Tasks include installing, updating, maintaining and supporting security hardware and software including but not limited to anti-virus programs, firewalls (both hardware and software), anti-malware, anti-spyware programs, honey pots and the knowledge of hacker techniques. Businesses know that if their computer systems crash or lose data to a virus, worm or hacker infiltration then budgets, jobs and even the entire business could be lost.

Computer hacks and infestations by viruses and worms are a fact, like with an automobile accident. A computer becoming infected it is not a matter of if it will happen but when it will, how many times it will, and how much damage is done each time. In July of 2003, Cnet conducted a survey which concluded that almost thirty-two percent of internet users had been affected by a hacker or virus in the previous two years (Viruses). Different types of worms and viruses spread at different rates but the professional consensus is unanimous, they spread fast. CNetnews.com reported that the MSBlast worm infected 120,000 computers in just twenty-four hours and that “A big part of the problem was that inattentive home users, and overbooked IT staffs, hadn’t been able to put a patch in place even though Microsoft had made it available in July” (Worm). By April of 2004, over eight million people were infected by the MSBlast worm (Lemos). The same article reported that an unprotected computer, one that does not have an up to date anti-virus program, firewall and the known security holes patched, will receive a network packet from MSBlast on another machine and become infected within one second of connecting to the Internet.

The bad things that can, and do, happen include worms, viruses, trojans, spyware, malware, spam and hacking. All but the last can be directly influenced (and maybe even the last) by the individual taking personal responsibility. Reckless driving leads to unnecessary accidents and lost lives, leaving the doors and windows of your home unlocked or open will lead to it being broken into, it is not a matter of if but when, and the same applies to personal computing. Just because and individual has been in a car wreck does not mean that person does not want to or need to travel from place to place. The same applies to computer and internet usage. One worm or virus does not mean that a person will stop using the internet. Just as driving a wrecked vehicle greatly increases the chance of causing another wreck, using a computer that has been infected will infect other computers and cause others to experience internet slow downs, lost time and data, because of someone else’s recklessness.

Since 2000, I have not worked on one single individual user’s computer that was not infected in multiple ways. Jaques reported that 80% of spam (unsolicited commercial e-mail) comes from home computers infected with spam relaying trojans. I have worked in nine different businesses on almost three hundred different computers, out of all those systems there was one virus infection, two worm infections (some but not all computers at the site were infected) and one hacker infection. This just shows how much more diligent businesses are with protecting their computer system and networks.

Convincing a sixteen year old boy not to search for “boobies” in Google, stopping the business executive from opening every e-mail with the subject line “Improtant” (Yes, even the misspelled ones) and keeping the church receptionist from responding to the “Please remove me” section of the Viagra e-mails she keeps getting, is a chore. I also know that not every automobile inspection sticker is real and even though every vehicle owner is supposed to provide a copy of their insurance papers before they can renew their driver’s license or automobile plates, some individuals know how to skip around the law or just drive with expired plates, insurance, license and inspection as well as bald tires, low transmission fluid and without sleep for forty-eight hours and I am just as sure they have a good excuse for doing so. That does not justify the intelligent masses claiming no responsibility.

So, exactly how should the individual computer user take financial responsibility for their protection and the protection of others? Just as there are numerous choices of automobile insurance policies as well as home, personal and umbrella insurance policies that some people wisely choose, the exact computer security setup will vary by computer and individual user. Some variances are the operating system and its version (Windows 98 or Red Hat Linux 8.1), the internet browsing software used (Internet Explorer and Mozilla) the e-mail program used (Outlook Express and Eudora), the productivity software used (word processors, spreadsheets and accounting programs) as well as the internet connection type (dial-up or broadband) and hardware inside the computer case must all be taken into consideration. The most fundamental thing is training. Whether it is from a training seminar given by professionals to a subscription to a computer magazine, the knowledge against attacks, just like defensive driving, is the beginning foundation to all responsibility.

There are several common sense ideas to protect your computer and decrease the congestion and spread of the internet ugliness. Monthly the user should run critical updates for their operating system of choice. They should install and update, daily, an anti-virus program that is less than two years old. Installing a hardware firewall (also known as a router) and updating it quarterly along with installing a software firewall and updating it monthly will go a long way to prevent hackers and trojan programs from gaining control of a computer. Other choices include configure the e-mail client (Outlook, Eudora, Pegasus) and the internet browser (Internet Explorer, Opera, Netscape) for security. Installing a pop-up ad blocking program and a spam filter will help prevent impulse clicking. By installing and updating a current anti-trojan program you can prevent the latest back-door hacking techniques. Constantly running a cookie watching/filtering program along with a current anti-spyware/anti-malware tool or two such as Spybot’s Search and Destroy and Spyware Guard will assist in keeping spyware off a computer system. Finally, installing secure wireless protocols, on the home network, properly or hiring someone to do so will keep perverts from using your internet to access sites that should not even be in existence.

With all of the security tips above there are still many things, just like with driving, that you should not do. The first and most important is don’t pirate software, music or anything (it’s stealing no matter what your excuse is) also don’t let your kids or grandkids steal/pirate. Better yet, don’t use any file sharing internet networks. Remember not to open strange or unexpected e-mails. E-mails with subjects like “My Naked Wife”, “Anna Kournikova” or “Where have you been?” are all viruses looking for a place to infect. Never respond to a pop-up ad, not even the “warnings”, they are fake. Never respond to an unsolicited e-mail (spam) not even to be removed. Don’t browse adult or questionable sites, hidden downloads are commonplace in those types of places. Now that you know the what and why’s of computing responsibility, buckle up and take your computer and Internet responsibility seriously before you are sued or forced to purchase some form of security coverage, in the mean time, let the whining begin.

Works Cited

Bekker, Scott. “Sobig Damage Estimated at $5.59 Billion.” ENTNews. 26 August 2003. 9 June 2004 <http://entmag.com/news/article.asp?EditorialsID=5931>.

Greenspan, Robyn. “The Deadly Duo: Spam and Viruses.” Internetnews. May 2004. 07 June 2004 <http://www.internetnews.com/stats/article.php/3364421>.

Jaques, Robert. “Zombie PCs generate 80 per cent of spam.” Vnue. 03 June 2004. 07 June 2004 <http://www.vnunet.com/news/1155583>.

Lemos, Robert. “MSBlast infects eight million PCs.” ZDNet UK. 05 April 2004. 9 June 2004 <http://news.zdnet.co.uk/internet/security/0,39020375,39150721,00.htm>.

“Viruses, hackers hit a third of Net users.” CnetNews.com. 12 August 2003. 9 June 2004 <http://www.news.com.com/2102-1002_3-5062759.html>.

“Worm exploits a widespread Windows vulnerability.” CnetNews.com. 15 August 2003. 9 June 2004 <http://news.com.com/MSBlast+echoes+across+the+Net/2009-1002_3-5063226.html>.