Crime online easy to sidestep

I don’t get it. I keep reading that cybercrime is out of hand, even that national security is being compromised. Now I see, at Wired (.com) that the security chief for Internet2, Joe St Sauver, believes “that the only recourse is to build government-funded free clinics for infected computers around the United States.”

The idea is that you would take your computer to the clinic, whose technicians would be trained to overlook such things as pirated software and music. They would only remove dangerous software, see? A Department of Computerland Security, sort of.

This is nuts. People aren’t going to unhook their computers and carry them to clinics.

Why is cybercrime — phishing, botnetting, viruses, malware — supposed to be such a problem? It could be greatly reduced if software companies, notably Microsoft, wanted to reduce it.

Consider phishing. This is the scam in which you might receive a phony e-mail saying that PayPal or Sun Trust for some reason needs you to enter your user name and password. Then your money goes away.

An alert won’t do it. The problem is that there are always unwary users. But there are ways not to receive the phony e-mail. I use Yahoo Mail Plus, which lets you make up as many e-mail addresses as you choose. I have an address specifically for PayPal, that only PayPal and Yahoo have. Mail that comes to that address is real. Any other mail purporting to be from PayPal goes automatically into my trash folder.

Setting this up requires minor sophistication. Similar schemes could be made automatic if mail software were designed to do it.

E-mail viruses? As I suppose most people know now, these are little programs that come as attachments to e-mail. They have certain easily recognizable file extensions, such as .exe and .ini and .bat. How many people actually need to receive executable attachments? In seven years I haven’t needed one. Why doesn’t the software industry make computers default to delete, automatically, all executable attachments? Viruses come sometimes in .zip files, which are a way of compressing files for sending over the Internet.

With today’s high bandwidth, who needs them? Autodelete them. End of e-mail viruses.

“Botnets” are groups of computers controlled remotely by bad guys to do such things as send huge amounts of spam, unbeknownst to the user. Software fire walls, such as Zone Alarm (zonelabs.com) can limit the number of e-mails sent per unit of time. The computer becomes useless for spamming. Build this into mail software.

People who need to send 10,000 e-mails could turn it off.

Now, malware. This largely means things like Trojan horses and key loggers and such that live in your computer and send your private data to bad guys. You get them typically by going to dangerous sites, such as porn or gambling, that install them on your computer without your knowledge. To do this they use JavaScript or Active X.

Malware is easily avoided by the knowledgeable user.

Use XP Pro with a limited account so bad stuff can’t write itself to your computer, and a browser like Netscape that lets you easily set the default to block Active X and JavaScript. Making this automatic for the unwary would be hard since some sites, such a Yahoo and banking sites, require JavaScript. Still, if the default were no JavaScript, the user would have to allow exceptions, site by site. Only the extremely stupid would make exceptions for dangerous sites.

I don’t claim that the foregoing would end cybercrime, but it would sure cut down on it.

Comments
blog comments powered by Disqus