Do We Need to “Fix” the Internet?

Each time that you connect to the Internet you are unfortunately, wandering through a raucous neighborhood which has a reputation for being jam-packed with predators.

These predators are intent on stealing your money and personal information, installing damaging programs on your computer, or misleading you with an online scam.

Cyber-crooks are relentless in their pursuit of your money, and it’s all about the money. In the worst case scenario, your identity and your financial security can be severely compromised.

Recently, Symantec reported that 51% of all the viruses, Trojans and other forms of malware it has ever seen were logged during 2009, and Symantec has been in the security business since before the Internet was launched.

Each day, when I boot up my home machine, Immunet Protect, advises me that it is protecting me against 12 Million threats. Today for example (May 16, 2010, the number is 12,866,263. That number is truly mind blowing.

Note: Later in the day, following a re-boot, I noticed that the protection level had risen to 12,876,095 – 10,000 additional threats had been identified.

Various Internet security companies report having to deal with up to as many as 40,000 new versions of malware daily. Here’s the math; one new malware program every four seconds!

Anti malware developer Comodo, looks at these numbers in a way that we can more easily relate to, in its instructive video – Did you Know? Dangers on the Web.

“Did you know that the amount of new malware discovered daily approximates the number of words a person speaks daily?

Or, the amount of money lost by US Consumers due to malware over the past 2 years would have paid the tuition of over one million US College Students?”

Seen in this way, cybercrime takes on a whole new dimension.

Since additional sophisticated threats are constantly being developed, or are currently being deployed, some observers are of the opinion that the Internet is essentially broken.

If you think this is an exaggeration, check this out and then you decide.

Tainted search engine results: Internet security gurus have known for some time that we cannot rely on Internet search engine output to be untainted, and free of potential harmful exposure to malware.

Cyber-crooks continue to be unrelenting in their chase to infect web search results, seeding malicious websites among the top results returned by these engines.

When a potential victim visits one of these sites, the chances of downloading malicious code onto the computer by exploiting existing vulnerabilities, is extremely high.

Infected legitimate websites: According to security solution provider  Kaspersky, the rate of infected legitimate web sites, in 2006, was one in every 20,000. In 2009, one in every 150 legitimate was infected by malware, according to Kaspersky.

Drive-by downloads: Drive-by downloads are not new; they’ve been lurking around for years it seems, but they’ve become much more common and craftier recently.

If you’re unfamiliar with the term, drive-by download, they are essentially programs that automatically download and install on your computer without your knowledge.

This action can occur while visiting an infected web site, opening an infected HTML email, or by clicking on a deceptive popup window. Often, more than one program is downloaded; for example, file sharing with tracking spyware is very common. It’s important to remember that this can take place without warning, or your approval.

Rogue software: A rogue security application (scareware), is an application usually found on free download and adult websites, or it can be installed from rogue security software websites, using Trojans or, manipulating Internet browser security holes.

After the installation of rogue security software the program launches fake or false malware detection warnings. Rogue security applications, and there seems to be an epidemic of them on the Internet currently, are developed to mislead uninformed computer users’ into downloading and paying for the “full” version of this bogus software, based on the false malware positives generated by the application.

Even if the full program fee is paid, rogue software continues to run as a background process incessantly reporting those fake or false malware detection warnings. Over time, this type of software will essentially destroy the victim’s computer operating system, making the machine unusable.

Email scams: Email scams work because the Cyber-crooks responsible use social engineering as the hook; in other words they exploit our curiosity. The fact is, we are all pretty curious creatures and let’s face it, who doesn’t like surprise emails? I think it’s safe to say, we all love to receive good news emails.

It seems that more and more these days, I get phishing emails in my inboxes all designed to trick me into revealing financial information that can be used to steal my money.

If you’re unfamiliar with phishing, it is defined as the act of tricking unsuspecting Internet users into revealing sensitive or private information. In a phishing attack, the attacker creates a set of circumstances where the potential victims are convinced that they are dealing with an authorized party. It relies for its success on the principle that asking a large number of people for this information, will always deceive at least some of those people.

A personal example of how this works is as follows. According to a recent email (similar in form and content to 20+ I receive each month), my online banking privileges with Bank of America had been blocked due to security concerns. This looked like an official email and the enclosed link made it simple to get this problem solved with just a mouse click. What could be easier than that?

Clicking on the link would have redirected me to a spoof page, comparable to the original site, and I would then have begun the process whereby the scammers would have stripped me of all the confidential information I was willing to provide.

My financial and personal details, had I entered them, would then have been harvested by the cyber-crooks behind this fraudulent scheme who would then have used this information to commit identity and financial theft.

These types of attacks against financial institutions, and consumers, are occurring with such frequency that the IC³ (Internet Crime Complaint Center), has called the situation “alarming”, so you need to be extremely vigilant.

This is by no means an exhaustive list of the dangers we are exposed to on the Internet. There are many more technical reasons why the Internet is becoming progressively more dangerous which are outside the scope of this article.

So what do you think? Is the Internet broken – do we need to fix it, and if so, how can we do that?

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

20 Comments

Filed under Comodo, cybercrime, Don't Get Scammed, Don't Get Hacked, Internet Safety, internet scams, Internet Security Alerts, Malware Advisories, Online Safety, Phishing, Rogue Software, spam, Symantec, trojans, Viruses, Windows Tips and Tools, worms

20 responses to “Do We Need to “Fix” the Internet?

  1. Hey Bill,

    You got me hooked. I just installed immunet protect on my computer. It is a dangerous world out there but as you have stated before. The operator is the best defense against this bad stuff

    Tex

    • Bill Mullins

      Hi Tex,

      Immunet Protect is a very worthwhile application, and the final release (due at the end of this month), will be a major improvement. Can’t wait to have a look at it.

      Best,

      Bill

  2. Pingback: Tweets that mention Do We Need to “Fix” the Internet? « Bill Mullins' Weblog – Tech Thoughts -- Topsy.com

  3. Liam O' Moulain

    I like the way the Comodo has put malware numbers. Easy to understand, and that makes it more relevant.

    Thanks for this.

    • Bill Mullins

      Hi Liam,

      I agree. Seeing those numbers, in that context, has a powerful impact.

      Thanks for coming by.

      Bill

  4. Ranjan

    Fix…? Nah! Rebuild.
    Internet has broken way beyond to be able to fix.
    Actually, if i’m right, the first prototype of internet was made by US Army, known as ARPANET with the aim to facilitate long-distance communication… It wasn’t build with keeping the idea of security in mind..
    That’s why, i personally feel that internet needs to be rebuild with the idea of security in mind.

    • Bill Mullins

      Hey Ranjan,

      I totally agree with every point you’ve made.

      ARPANET, as you say, was the forebringer of the Internet, and as you point out, was definitely *not built* with security in mind.

      Like you, I think the Internet needs to be rebuilt from the ground up, with security being the overriding consideration. No more renovations, or small fixes – we need a total rebuild. And we need it sooner, rather than later.

      As always, a thoughtful comment.

      Best,

      Bill

  5. greg

    Great article thanks Bill

  6. Do we need to fix this mess, hell yes, but will we?
    At some point the governments of the responsible countries of the world could make a law that says, if you have a website, its your responsibility to make sure it isn’t delivering malware or you are guilty of such and such law.
    But enforcing a law would be difficult, it seems to me hosting companies need to be held accountable the cost may end up being higher priced domains and hosting deals and possibly less free content.
    While the “wild-west” environment of the web seemed appealing for some people, the fact is there is a real cost “of free”, especially if you had your ID stolen.
    Mark

    • Bill Mullins

      Hey Mark,

      “Do we need to fix this mess, hell yes, but will we?” The short answer is no.

      I like your suggestion, “it seems to me hosting companies need to be held accountable”. Despite the fact this could carry a cost for consumers, as you point out – the benefit to consumers could be substantial. Contrast that cost with the “real cost of free”, as you put it, and I don’t think there’s any contest. It seems like one simple step, out of the many that need to be taken to reshape the Internet, but it ain’t never going to happen.

      Instead of seeking out ways that can make the Internet a safer place for all of us, industry and government constantly remind us of the obstacles. There’s no such thing as “can do” thinking. There’s no surprise there though, huh?

      Best,

      Bill

  7. Mal

    Hey Bill,

    Very good article today. Unfortunately, I had a few issues with Immunet and my firewall, which I found were not compatable. No system freezes or anything, just Immunet wasn’t connecting. So I either wait for the fix or change firewalls. I really do want Immunet running on my machine.

    But anyway, there are other good programs protecting me too. So I feel relatively safe, but never totally safe.

    Cheers

    • Bill Mullins

      Thanks Mal.

      Bummer on the Immunet thing. I just updated that article since I noticed on a re-boot, that an additional 10,000 new malware (approximately), have been identified and protected against by Immunet.

      The final version is scheduled for release toward the end of this month (a big improvement), and hopefully, any compatibility issues will have been hammered out. I’ll let you know, when I know.

      Best,

      Bill

  8. Great article Bill. I agree that a rebuild of the Internet is in order and that it’s going to be hard and a long time coming. So in the meantime we must travel on it like we would any other hazardous environment…think jungle, battlefield, mine field; being aware of the dangers and being as prepared for them as possible. A small step in the direction of striking back at the bad guys is that some governments, with the assistance of our FBI are killing botnets and the command and control servers that direct them. Personally, I’m blocking ISPs that harbor malware and I’m up to over 400 sites. It’s kinda drastic, but these ISPs need to take some responsibility and do some policing of themselves. Okay…stepping down from my soapbox now.

    • Bill Mullins

      Hi Paul,

      Yes, minefield strikes a chord, as does jungle and battle field.

      You’re quite right, we’re finally beginning to see combined action groups of government, law enforcement, and security solution providers. One comes to mind in which Panda Security, the FBI, and Spanish law enforcement groups, recently killed a Botnet command and control center. Unbelievable, those who were arrested, just in this past week, applied to Panda Security for a job!

      I’m impressed that you have taken personal action and are blocking “rogue” ISP. That’s some good work. BTW, stay on the soapbox.

      Good to hear from you.

      Bill

  9. Pingback: Do We Need to “Fix” the Internet? « Bill Mullins' Weblog – Tech … Search

  10. It’s really kind of sad in a way that so many people spend so much time into creating something nefarious. It would seem like all the energy that goes into creating malicious code could easily be redirected into something beneficial and would probably much more profitable.. but I guess the whole ‘anti virus, malware, spyware’ is an industry in and of itself.

    • Bill Mullins

      Hey satechheads,

      I suspect, that like most of the property crime that we are forced to deal with, easy profits in cybercrime override every other consideration. The anti virus industry – don’t get me started on that; that’s a whole *other *kettle of fish. lol,

      Bill

  11. Bill,

    This is one of your best… You have touched all the bases (grand slam). Most computer users that I know are very naive when it comes to computer security. It is the attitude; it will not happen to me!

    Rick

    • Bill Mullins

      Thank you Rick, I appreciate that comment coming from you.

      As an attitude “it will not happen to me”, is simple ludicrous. I once had a friend say that to me, some years back, and I simply asked him – OK, tell me what it is that *will not happen* to you. In 10 minutes of stumbling, he couldn’t even cover the highlights of the threats he faced on the Internet.

      As I’ve said many times – anyone who believes “what you don’t know can’t hurt you”, is an idiot.

      It’s serendipitous we’re talking about this today, given that the following is my opening for tomorrow’s principal article.

      “What you don’t know can’t hurt you, right? There are many people who actually believe this statement, and that’s fair enough. For those who do believe this old truism, I have news for you.

      What you don’t know when it comes to your computer system’s security, and more to the point, Internet security, can hurt you big time. But what really frustrates me is, what you don’t know can hurt me!”

      Coincidence, or what?

      Bill

      * *