Data security remained under heavy fire in 2005

by  Alan Zisman (c) 2005 First published in Business in Vancouver December 20-26, 2005; issue 843

High Tech Office column


Two steps forward, one step back: the battle for data security continued in 2005. As I write, for instance, the end-of-the-year resurgent Sober virus continues, accounting for 43 per cent of current virus traffic, according to antivirus firm Sophos.

Still, that's down from a peak earlier this year when Sober accounted for one in every 13 e-mail messages. In the summer, the Zotob worm primarily attacked business networks, part of a trend that Information Week called a shift "from adolescent, attention-seeking nuisances to professionally executed, targeted probes for financial gain." Recently a U.S. Treasury representative suggested that in 2004 the take from cybercrime exceeded that of narcotics. Nevertheless, most business and home users have seen a reduction in the number of both virus-bearing and spam messages making it into their e-mail inboxes. While some spam lords have been successfully taken to court, end-users are less likely to see dangerous or unwanted e-mail because of increasingly effective filtering by both Internet service providers and network administrators.

On the cutting edge of attacks: Instant Messaging, which is almost universally used by teens and is increasingly being used within business networks.

Increasingly, virus attacks aim at creating networks of "zombie computers," operating without their owners' knowledge as part of underground networks for hire, for distributing spam or in other cases attacking legitimate websites or networks. Equally disturbing: attackers are adding new targets. Increased use of automated patching has made Microsoft's Windows operating system and Outlook and Internet Explorer software less vulnerable. Instead, a wider range of applications and even widely used Cisco network routers are being targeted.

Large numbers of home and business users continue to inadvertently install spyware/adware software onto their Windows systems, typically by downloading free software. Often buried within long and complex end-user license agreements will be a note that the software includes programs to monitor users' online behaviour, pop-up ads and more, letting the software distributors claim user consent.

End-user licence agreements also played a role in November's Sony BMG's digital rights management publicity nightmare. In this case, the company had sold an estimated two million music CDs that included a copy protection technology that installed difficult-to-remove software onto users' PCs to limit users' ability to copy songs from the CDs. Again, users were required to OK a licence giving Sony the right to install this software. Stewart Baker of the U.S. Department of Homeland Security warned Sony: "It's your intellectual property [but] it's not your computer." The result for Sony BMG: multiple lawsuits, falling sales and the need to replace the 20 million CDs. The moral: getting a user to click OK may not make everything OK.