WARNING! You Are Now Connected To The Internet!

imageAny organization which provides services that expose the end user to risks – physical risks, financial risks, health risks………. expects that the user will assume the reasonable risks associated with the consumption of the service.

You can be sure, if you go on an African safari you will be required to assume the risk of being eaten by a Lion – ouch! If you venture on a mountain climbing vacation – you will have to assume all the risks associated with this type of activity – including the risk of personal injury, and even death.

image

In both of these extreme examples, you will be required to demonstrate that you are aware of the risks, and accept and fully assume those risks, and hazards, associated with the activity.

In order to protect its interests, the service provider will demand that you sign a liability waiver designed to mitigate its responsibility in all but the most egregious of circumstances.

This is a two-fold practical warning solution .

It ensures that the consumer has considered the risks, and found those risks tolerable.

It offers protection to the service provider in the event, the consumer behaves outside common sense boundaries.

Why then, I wonder – given the constantly deteriorating state of Internet security, and the privacy, financial, and assorted other risks that a typical users is expected to assume (users who are largely unaware of the assumed risks) – Internet service providers have not considered the appropriateness of providing a “WARNING! You Are Now Connected To The Internet!” notice to consumers on Browser launch. No waiver of liability required – just a constructive warning.

Such a notice, might offer practical advice such as the following – but certainly not necessarily limited to these innocuous tidbits.

Users should be aware that the Internet is not a secure medium and that third parties may be able to obtain information regarding users’ activities.

The validity or accuracy of information found on the Internet should be considered with caution.

Some resources and destinations may contain material that you might find offensive, or inappropriate.

Software downloaded from the Internet may contain malware.

I have no doubt that Internet service providers could make a persuasive argument as to why they don’t have an obligation to educate consumers on the very real risks associated with the use of their service. But, in my view, there are fundamental considerations over and above a – “they don’t have an obligation” mindset.

Just one consideration –

Lack of consumer security awareness has led to the creation of a cyber crime industry – and, there’s little doubt that it is an industry – which is responsible for the theft of $388 billion globally (Norton Cybercrime Report 2011), in the past year, alone.

Additional information from the Norton Cybercrime Report:

Every day of the past year, over 1 million online adults in 24 countries experienced cybercrime.    This can also be broken down to 50,000  victims per hour, 820  victims per minute, or 14 victims every second.  In just the last 12 months 44% of people have been a victim of cybercrime while only 15% have been a victim of physical crime in the same period.

Norton emphasizes the point (made here many, many times), that cyber crime can be largely prevented if – good security practices (which includes patched operating systems and applications), are followed.

All well and good – provided, consumers are regularly reminded of the Internet risks they face. It’s my view, that Internet service providers can do much more to raise an awareness of these risks.

It may be a pipedream when I think that ISPs should consider their moral obligation in this matter – still, I can’t help but think out loud.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

15 Comments

Filed under Opinion, Point of View

15 responses to “WARNING! You Are Now Connected To The Internet!

  1. Dave B.

    Something definetly needs to be done Bill. How safe you remain online is pretty much determined by ones knowledge and common sense nowadays. We’ve beat into people the need for current, up to date security/AV software, and I’m seeing more often than not, computers coming into my shop with current AV software installed, yet they end up infected anyway. The problem is that current AV software is woefully inadequate for the tasks assigned to it due to the current method of using signature updates, it just can’t keep up with the continual release of updated malware. It’s often a day or more that popular AV apps have no ability to detect some of the nasty stuff one might run accross. People have to learn they can’t just click on anything that comes along without something bad happening eventually, and I find many infections are the result of just that, not thinking before you click.

    • Hi Dave,

      Your point – “How safe you remain online is pretty much determined by ones knowledge and common sense” is the crux of the matter.

      A warning, which could include current threat vectors, might prove worthwhile in partially closing the common sense gap. We could hope for a user response along the lines of – “Huh, I didn’t know that” And then, in the best circumstance, having the user take the time to fill in the blanks.

      Too much to expect? Maybe – but, as you point out – “Something definitely needs to be done”. As a partial solution, this should be considered.

      As an IT professional, your views are always valued here.

      Best,

      Bill

  2. Mal

    Hey Bill,
    Thoughtful article. I wouldn’t be holding my breath either, waiting for ISP’s to warn users of the REAL risks of being connected to the internet, one of the main reasons there is no money to be made doing so. They are after all a business. And I guess warning people of potential risks might deter potential customers from signing up. The “it’s not my problem” mindset is clear here.
    Good article.
    Cheers
    Mal

    • Hey Mal,

      Agreed – I think you and I would go broke betting the farm on the likelihood of ISPs seeing this issue outside the “profit margin” zone. That sucks – but, it’s not unexpected.

      We live in extremely litigious times so, I can see the day (maybe sooner than many think), where ISPs will be held accountable. It’s no accident, that a typical EULA spells out, in no uncertain terms, that the developer will not take responsibility for ANYTHING – short of a nuclear explosion in your basement. But, at least, it’s spelled out.

      Always good to get your educated views.

      Best,

      Bill

  3. Hey Bill

    It amazes me how many people don’t even realize all the points you make in this article. I know people who not only do not realize all the tracking that goes on but willingly offer up their personal information including phone numbers and addresses and yet it seems nothing ever happens from it.

    All you can do is keep telling people

    Great article Bill

    TeX

    • Hey TeX,

      It’s frustratingly clear that protection alone (as Dave) pointed out, is not a stand alone solution. Knowledge, current knowledge, is a major part of any well thought out security solution. Your point – “many people don’t even realize all the points you make”, is just one indication of how far we have to go in this regard. It could be helpful if ISPs bellied up to this issue, and provided help to those that are less well educated in online risk assessment than they need to be.

      Best,

      Bill

  4. ken lunkins

    hi bill
    you would think that all the horror stories one hears, should be enough. No…not enough. i think people have the attitude, “not me” or it can’t happen to me. because i don’t go to porn sites or play games online. i have had people tell me that protection cost to much. and this was after i told them about your column. and
    even emailed them copies. again you would think
    they would pay heed….Naw… just keep on doing the same thing, and then call me on the phone and ask why i haven’t contacted them. why would i when you just told me your were have virus trouble and haven’t loaded any protection. maybe a warning every time you sign on or move from site to site would help.

    • Hey Kenneth,

      I share your frustration – many of my friends hold the same views as your friends – “not me, or it can’t happen to me because i don’t go to porn sites or play games online”.

      All we can do, both you and I is, keep reminding them that it CAN happen to them – that it WILL happen to them, unless they develop the proper knowledge that’s required to adequately protect themselves while online.

      I do think that a sort of “unsafe road ahead” warning, when first connected to the Internet, would have value.

      Best,

      Bill

  5. Aaron

    No easy solution to this problem. Off the top of my head I would suggest harsher jail sentences for people who write viruses. But since they’re hardly ever caught, why bother. For all of the millions of viruses floating around, when do you ever hear of the virus author paying any kind of fines? Never. It’s pretty much a lost cause as far as I can tell. For the anti-virus companies It’s like going after a fly with a bazooka.

    My strategy is to fly under the radar. Security through obscurity. I’m sure some people think it’s a bad idea, that it isn’t really safe at all. But I don’t care. So far it’s worked for me. Everybody has to do what works for them. Trial and error.

    I’m on dial up and I still use Windows Me (screw the Windows ME naysayers). I do online shopping on Ebay and haven’t had any problems with identity theft, nor any problems with my credit card statements. Haven’t had any browser hijackings, or blue screens of death for that matter. It’s pretty stable if you know how to baby it.

    For security I use ClamWin, F-Prot for DOS, Rhbvs for DOS, McAfee Stinger, and Multi Virus Cleaner tool (all of them being on-demand scanners only). Plus I have Tiny Personal Firewall installed.

    As far as browsers, I have K-Meleon 1.5.4 and SeaMonkey 1.1.19 with javascript disabled. Some webpages don’t work 100% correct, but they sure load a hell of a lot faster on dialup that way. I also use Opera 10.63 for shopping online. All three of those browsers are the final versions to work under Windows 9x by the way.

    Either my computer is more secure than Microsoft and the security fear-mongers (Symantec) suggest, or else the hackers take pity on me and don’t rip off my credit cards. Because they would’ve had plenty of opportunities in the last four years, seeing as how I’m using such a “Bad” operating system. Maybe they I assume I’m just some helpless old grandma still using dialup and Windows ME. Who knows.

    Personally, I would take those statistics with a grain of salt. I’ve always suspected that most virues were written either by (A) the government (B) Anti-Virus comanies themselves (C) disgruntled former software engineers to get revenge (D) the mafia.

    And maybe, if you want to be really paranoid, ABCD are all one in the same entity. Just with different corporate logos.

    • Hi Aaron,

      No doubt about – if we search for complexity in this issue, we’ll find it. Or, more properly, we will be convinced by those with an interest that this is a complex problem. The truth is, in my experience – it’s not a complex issue.

      For example, I ran a Win XP test machine, connected to the Net 24/7 for 1 + years without once running an active malware scan and, wrote an article on this experience – An Anti-malware Test – Common Sense Wins in March 2010. Just a few salient points from that article –

      “During the test period, the installed anti-malware applications were patched and updated, as was the operating system. However, I did not run a single anti-malware scan of any description, since not doing so, was part of the objective of the test. The overall purpose of the test was to determine if common sense plays a role in protecting a computer user against viruses, adware, spyware, hackers, spam, phishing, and other Internet frauds.

      After 373 days (the end of the test period), I then ran multiple scans using the onboard security applications. The end result – not a single incidence of infection, malware, or an unwanted application.

      It’s clear, at least to me, that by using common sense and updating both applications and the operating system, not visiting the class of web sites known to be unsafe, not clicking haphazardly and opening the types of files that are clearly dangerous, and being aware of the hidden dangers on the Internet, the dividends were measurable.”

      As for “security through obscurity”, you know this is effective, I know it is effective. In fact, I think we’ve agreed on this previously. Those who disagree are those, I suspect, who have no experience with anything beyond the security vendors push for compliance with their strategies – i.e., be afraid and then buy our products. You have more than a little company in your suspicions on the ABCD of malware development.

      Thank you for your thoughtful comment.

      Bill

  6. John Bent

    Hi Bill,

    I don’t think that the profit motive washes as other companies who issue warnings are also in business. I believe it is a question of incentive. What motivates an organisation to issue a warning? In one word fear. Fear either of their regulating body or of litigation. Either way, they don’t want to be seen as the bad guys, so they cover their backs.

    Unfortunately the ISPs seem immune to regulation. How else would they still be advertising “up to” speeds that bear no resemblance to actual speeds achieved, withe the possible exception of cable? As far as litigation is concerned, again the ISPs seem immune with the law as it stands at present. Governments need to adopt a much more robust attitude to ISPs in order to get them to take more responsibility. Will that happen in your lifetime, or mine? Well I for one ain’t holding my breath. So, for the foreseeable future, I guess it’s everyone for him or her self, helped by those such as you who care about these things.

    Is this a council of despair? Damn right!

    Kind regards
    John

    • Hi John,

      Well, I’m way out on a limb with my perspective on this one. So, I’ll blithely skip by the profit question. 🙂 As for the balance of your comment, let me say – YES!!!

      At some point, and you may be right – it won’t happen when you and I are still around – ISPs will face govt sanctions unless/until they recognize their responsibility to take all appropriate steps to safeguard those who buy their product.

      Best,

      Bill

  7. Pingback: Theme Your Windows 7 Desktop to Make It Look Like Windows 8 « What's On My PC

  8. Aaron

    Thanks Bill for sharing your results concerning your 373 day test using Windows XP and common-sense browsing. I reached that conclusion as well.

    Similarly, after checking my Sister’s computer running Vista — often compared to Windows Me and recieving almost as much ridicule — she didn’t have a single detectable piece of malware either. Probably because she doesn’t visit porn or file sharing websites, and I don’t think she downloads anything either. Basically it’s her Facebook, Email, and purse & shoes shopping machine. The windows vista firewall is adequate along with sensible browsing.

    Not sure if you’re aware, but there was a recent article on Huffington Post about Verizon keeping track of your online searches to help them better choose which advertisements to use on you.

    It states, “But it’s Verizon that stores your website browsing history for the longest. They keep it for a full 90 days, as opposed to 60 days for Sprint. T-Mobile and Virgin Mobile don’t save web browsing history at all.”

    Nothing is private and they share this information with 3rd parties. I’m no expert at all, but this looks as though using a private search engine (Starpage.com, for instace), a proxy server?, or any measure to hide your identy won’t make a difference when your computer must first pass through your ISP.

    I just wish most people wouldn’t believe the hype and fear-mongering and continue to mindlessly upgrade to brand new computers, hardware, browsers, and everything else just because they’re told to. But that’s just my opinion. In conclusion, I hope Windows XP users end up doing what I’m doing and continue to use their operating system for as long as they can. Only because I want to slow down change and preserve what little is left of privacy and control of my desktop. And since the future looks like Cloud-Computing, I’m not looking forward to it.

    Oh yeah, another reason I never moved to XP is due to the product activation that requires you ask Microsoft permission every time you install. With Windows Me and 2000 Professional I can install on as many computers I want. Which is a huge plus.

    Oh well, take it easy everyone. This is a great blog for condensed Tech news and good variety of topics. Thanks.