Spam and Botnets – Who’s Responsible?

A fairly recent survey on Internet security released by the National Cyber Security Alliance (NCSA), determined – “U.S. consumers don’t understand botnets; networks of compromised computers that have become one of the major methods for attacking computer systems”.

Pointedly, Ron Teixeira, executive director of the NCSA, said in a statement. “Consumers’ unsecured computers play a major role in helping cyber criminals conduct cyber crimes not only on the victim’s computer, but also against others connected to the Internet.” Teixeira went on to say that it is “alarming” people don’t know how to keep their computers secure.

The information gathered in this survey is not new to experienced computer users’, or to those of us involved in Internet and system security. It seems to me, that this is simply repackaged information that we have had access to, in some cases, for years. In fact, the statements in this survey can be applied to worldwide Internet users’ and are not restricted to just users’ in the U.S.

I think that one would have to have been on an extended vacation from both computers and cyber space, not to have an understanding that the Internet is now the playground of cyber criminals and has been for a considerable time.

Consider this – last month (June, 09), over 90% of email was spam, and of this total more than 83% was sent our way by botnets. (Data from MessageLabs‘ June report).

So the question is, why is the average, or typical computer user, so lacking in knowledge when it comes to Internet security precautions; some might say even negligently so?

Problem solving this issue does not require one to be a profound thinker to arrive at a number of hard and undeniable conclusions.

A reader of this Blog, commenting on a previous article, summed up this issue particularly well when he stated, “most people still see the computer as a kind of entertainment device… Computers are for playing, chatting, and watching short clips; listening to tunes…. people don’t take Internet security seriously because they don’t think of the computer as a serious device”.

He went on to write – “Some of this is related to our cultural laziness around safety and prevention. People are routinely reckless with automobiles, decline to clean out the (dryer) lint catch, and mishandle loaded guns. My frustration is with government, health and educational institutions that push people to use the internet as though it were as secure and straight forward as a hard-line telephone”. A factual and precise comment, I think.

And so we arrive at the root of this problem: No one wants to take responsibly for the abysmal state of Internet safety and security. Not governments; not software developers; and least of all, Internet users’.

We are long past the point where we need to stop just talking about this issue. We need to stop being part of the fear campaign and the feeling of helplessness that accompanies it, and develop appropriate solutions.

Many computer experts agree that it is primarily flawed computer software and not just inadequate user knowledge that is the biggest contributor to the proliferation of unsecured computer systems and cyber-crime, on the Internet.

It seems to me then, what is needed as a good first step, are machines that are designed with simple, but internally sophisticated operating systems, secure and easy to use for the majority of users; where little or no user interaction is required to maintain the security of the system. Microsoft’s soon to be released Windows 7 operating system, developed with security in mind, appears to be a step in that direction.

More to the point however, a massive change in Internet users’ attitudes and perceptions needs to take place. Users’ have to come to the realization that we all have a shared responsibility to offer mutual protection to each other, by ensuring our individual machines are not part of the problem, but instead, are part of the solution.

One particular software developer has focused on the concept of “people driven security”, an idea based on the concept of the shared responsibility we each have, to offer mutual Internet protection to each other. Web of Trust has developed an Internet Browser addon which takes security this one step further. The solicited opinions of users/members, on a web site’s safety, are incorporated into the overall site safety rating.

There are other solutions of course; some draconian, some less so, but unless we as computer users take responsibility for our own online safety, you can be sure that governments will eventually introduce measures that will be considered draconian.

We now live in the age of the “interconnectedness of all things”, in which we are beginning to see the development and availability of large numbers of Internet connected devices. There is no doubt that this will lend new strength to computer-aided crime and perhaps even terrorists; and here we are, back to the concept of draconian government imposed Internet security measures.

Unless we develop a rational approach to the underlying security issues surrounding the Internet, and amongst other solutions, insist software companies’ stop rushing out new products with little regard for security, hackers will continue to flourish and successful attacks on computers over the internet will continue to proliferate.

There are steps you can take to decrease the likelihood you will be the victim of a successful attack on your computer. If you reduce your exposure to successful attacks on your machine, then downstream you are helping to protect my machine and those of others.

The following is a brief guide to the basic security issues you should be aware of on the Internet, followed by a guide to some of the steps you can take to secure your computer for Internet usage.

Security risks on the Internet you need to be aware of.

Trojan horse programs

Back door and remote administration programs

Denial of service

Being an intermediary for another attack

Unprotected Windows shares

Mobile code (Java, JavaScript, and ActiveX)

Cross-site scripting

Email spoofing

Email-borne viruses

Hidden file extensions

Chat clients

Packet sniffing

Security Checklist: Actions you can take to protect your computer system.

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer.

Install a personal firewall on the computer.

Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet.

Ensure the anti-virus software scans all e-mail attachments.

If you enjoyed this article, why not subscribe to this blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

5 Comments

Filed under bots, Browser add-ons, Don't Get Scammed, Don't Get Hacked, Email, email scams, Interconnectivity, Internet Safety, Online Safety, Personal Perspective, Windows 7, Windows Tips and Tools

5 responses to “Spam and Botnets – Who’s Responsible?

  1. Pingback: » Spam and Botnets – Who's Responsible? « Bill Mullins' Weblog … » Free Software

  2. Mr. Mullins, you can not see me, but I am giving this article a “standing O”. Bravo.

  3. Pingback: How to REALLY delete – or recover – a file « Tech – for Everyone

  4. Pingback: Geek Squeaks of the Week (#19) « What’s On My PC