BBC.co.uk

The internet is doomed

  • Tim Weber
  • 25 Jan 07, 12:09 PM

Folks, the internet is doomed, will you all please form an orderly queue for the exit…

I have just got out of a session on the future of the internet, with an incredibly strong panel: the “father” of the internet, Vint Cerf, who co-developed TCP/IP, that’s the internet protocol; Michael Dell (guess what business he is in); Hamadoun Toure, the secretary general of the International Telecommunication Union; New York Times technology writer John Markoff; and Jon Zittrain, professor for internet governance at Oxford University.

Ok, I tricked you. We are not quite doomed yet. But these guys are deeply worried about security on the internet. We are not talking about tiddly-winks like a stolen credit card number here or a dodgy online retailer there.

Malicious hackers and criminals are controlling more and more computers in this world, bringing them together to form botnets, which allow them to attack websites and commit online fraud on a massive scale.

This is not new, I hear you shout. Yes, it’s a known threat. But the numbers I heard today are staggering.

According to Vint Cerf, of the 600 million computers that are connected to the internet, up to 150 million are part of botnets, and in most cases the owners of these computers have not the slightest idea what their little beige friend in the study is up to.

Update: here's now my full story on the BBC News website.

Comments   Post your comment

I hope this isn't another exhibition of the usual tactic to scare the public into submission.

With net neutraility still somehow being endangered, and recent patent laws this rhetoric comes as no surprise.

no details, no facts, just an element of fear.

Sir, you should be ashamed of yourself.

You have added nothing to the debate, no information, no facts, no suggestions for the future.

No - you merely try to terrify the populous with your botnets. You sound like an english or american politician on television.

shame on you.

  • 2.
  • At 01:13 PM on 25 Jan 2007,
  • boofus wrote:

Ah yes, a little more fear mongering about the evils of the internet. Obviously it must be Kontrolled for our own good, we can't allow the uncensored spead of information.

Well, ... I would recommend stop using Microsoft Windows and move on to more solid/open operating systems such as GNU/Linux. They certainly do not contain any dodgy backdoors - or at least you have a real possiblity to verify that on your own (if you know how to read source code and compile your own software).

  • 4.
  • At 01:38 PM on 25 Jan 2007,
  • John wrote:

The problem isn't the internet. It's the major design blunder in the most popular
operating system that allows it to be so easily taken over by malicious programs. If everyone used Unix-based systems (like Mac OSX or GNU/Linux) there wouldn't be any botnets.

That's a big 'if' Christoph - the whole reason that Windows is still popular is because its a package that, for many, saves a lot of time and extra-reading/learning. Be realistic.

And as for this article lacking facts - George - right at the end of the article you'll find that figure there about the 150 million computers - this is at least a claim that, coming from Vint Cerf, stands a good chance of actually being factual. Do you have any "facts" of your own to counter his claim?

The fact is that, increasingly, a lot of commerce is moving to the web and we should err on the cautious side as this happens. No, this blog posting may not add to the debate but it's an update, that is, a piece of news, and it is bringing the debate to the attention of more people who have the right to know about it. That, after all, is what the Internet should be about.

  • 6.
  • At 01:48 PM on 25 Jan 2007,
  • Kaye wrote:

The internet should remain open and democractic as it currently is.
For every problem there is a solution.
Most of the things I own I purchased on the internet, clothing, food, books, furniture, CD's - really everything.
I am using the internet right now.
It is the companies responsbility to keep its site safe from hackers and a responsible company can.
The trick is to know they're out there and to keep a close watch.

  • 7.
  • At 01:52 PM on 25 Jan 2007,
  • Mark Longden wrote:

This is poor journalism, and the sort of scaremongering we'd expect from Fox News in the USA, not the BBC.

Why not try telling us exactly what these things are? How we can fight against them, if they are the massive scary thing you claim?

I've been an internet professional since 1997. The warnings about these new and more powerful uses of large botnets made up of compromised workstations are for real. Criminals use the botnets for things such as sending gigantic floods of useless traffic to web sites to shut them down in an effort to bribe the web site operator, to pass stolen credit card or other stolen data around without being traceable, and more. Not to mention the massive spam email flood that botnets generate these days - the spammers are running a business out of it, and paying the owners of the botnets for their help in delivering the spam, or something along those lines. I do hope a real-world solution can be found for these botnets.

  • 9.
  • At 02:01 PM on 25 Jan 2007,
  • jaime mcneill wrote:

Burgdorfer..how many of todays internet users can read source code and compile their own software??
There tends to be an element of truth in most 'scares'. The problem these days is the Peter cried wolf mentality.
The good thing is that people are finally waking up to the reality that everything they read or hear is not always the truth...even on dare I say it the BBC website :-)

  • 10.
  • At 02:02 PM on 25 Jan 2007,
  • Corporate Bufoon wrote:

Botnets you say?
What with carbon criminals, obesity out of control, mad mullahs, flu filled birds it is hardly worth getting out of bed in the morning.

  • 11.
  • At 02:02 PM on 25 Jan 2007,
  • Foxendown wrote:

I help people with home PC problems and again and again I come across people with little or no idea about security even though they are at large on the internet on a daily basis with a Windows PC. Being practical here you need:-

1) a good suite of security applications (e.g. Norton Internet Security, which includes a firewall as well as virus protection).

2) at least one good anti spyware program (e.g. Spybot S&D which is free).

3) protection against spam (e.g. Firetrust Mailwasher, which is effective and again free in its basic version). Provided you update, you will be well protected-not invulnerable-but at least not wide open to attack.

  • 12.
  • At 02:05 PM on 25 Jan 2007,
  • Tom King wrote:

Father of the Internet was Sir Tim Berners-Lee

  • 13.
  • At 02:07 PM on 25 Jan 2007,
  • R Bradley wrote:

Yes, this is nothing more than unmitigated fear mongering. No, GNU/Linux will not save us.

The only reason zombie clients are designed to run on MS Windows is it's the most popular OS out there. If GNU/Linux, or any other OS became market leader, you would see most zombie clients written for that.

The solution is to educate the user - instead of seeing "click here to download your free [insert random junk here]" and thinking "oooh - free!" people with half a brain think "hmmm, free huh? Sounds dodgy" and stay the hell away.

Yes there are vulnerabilities in MS produts that allow worms a way in to your PC, just like every other OS out there, but most of the time it's stupid user interaction that leads to your PC joining the ranks of a bot-net.

  • 14.
  • At 02:16 PM on 25 Jan 2007,
  • Keith N wrote:

That's good news, Tim - so now that you and the top brass of the WEF have discovered the problem so soon, you can get down to fixing it, rather than let it drift on for another couple of years when it may, or may not, become a larger, more realistic problem.

  • 15.
  • At 02:21 PM on 25 Jan 2007,
  • Richard wrote:

Everything has an economic saddle point, the internet included. When the cost to banks and businesses reaches a critical point, they will withdraw from the net and fragment to private networks. The international aspects will disappear as nations / states impost national firewalls, and server are locked to specified routings that will make the net more brittle. You can not have cars and roads without traffic regulations and police. Unfortunately internet traffic laws have no real police, no red light cameras and no real penalties commensurate with the damaged caused by offenders. Enjoy it while it lasts, Big Brother is coming to take your car keys.

This article is nothing more than ‘Sensationalism’; all too often so called news reporters are trying to turn non event stories into a big thing. In my opinion this is weak journalism.

The answer to the long existing Bot problem is quite simply 'Education' as our children grow up they will become more computer savvy than the rest of us, believe me.

  • 17.
  • At 02:31 PM on 25 Jan 2007,
  • Stephen Quigg wrote:

Please do not place the names "Vince Cerf" and "Michael Dell" together.

Vince was a pioneer from another age.

Michael is part of the "problem" - if Dell shipped their home PCs with appropriate security on them then he'd help stop the spread of these Botnets.

The Botnet problem is already becoming under control as the hijacked PCs are refreshed with more modern software and people start using Broadband, which generally includes some protection in the Modem used to connect to the Internet.

Every one of boxes in all of those Botnets is running Windows. That never seems to get mentioned in these articles.

The practical solution is to adopt another operating system; I personally am getting pretty tired of people saying that they have to inflict this upon us because they cannot learn anything new.

  • 19.
  • At 02:41 PM on 25 Jan 2007,
  • William D. Jackson wrote:

It's not fear-mongering in the slightest.

As a former IS Director I was quite familar with all of the typical protocols to include one on-site firewall, and a second service bureau firewall (on-site - managed elsewhere).

I had automatic updates on software that was installed on a enterprise server, automatically updated, and dispensed to 1-50 users, as I slept.

My point is twofold. The first fold is this - no antivirus provider can protect against a virus, bot, or trojan until it is "found" in the wild (as they say). There is no fix for a virus that is yet to be written.

The second fold of my point is that I am no longer employed in that position. With all of the expertise I garnered, I now need only apply to a single system. Yet, I recently had to rebuild my laptop because somebody got into my registry.

Now then, there's the rub... I saw an article where a hacker said, "If I can't get into your registry, I can't execute my program".

Now I run a router, and a software firewall. TCP/UDP access in or out is blocked for 5 primary ports that they use to hack your system. And of course you should have a rule that deny's everything not specifically opened.

I track who tries to access my system through the log - and discover their location through DNS lookup. Lastly, I block their access in the router.

What they are not telling you because it fuels capitalism is that there are more statistics being collected by little bots of their own, that leave your system exposed, as well. I check my router log and deny access to all but one statistics collector. And once I find out who they are, I no longer utilize the service they sponsor.

System security is far more sophisticated that the average user will ever know. And what you all are telling us is disengenuous on the surface.... Most of the programs mentioned don't even catch all of the cookies, let alone the viruses. Ah, but capitalism says the cookies are ok?

I have about 4 such programs (2 paid, 2 unpaid) and an active firewall, and router, and scan the logs on both regularly. Finally my system is healthy again - for now.

I feel that just as much emphasis should be placed on the many methods of gathering information such as behavior patterns, as well as the criminal activity. Both are being done without your permission. And someday, one shall feul the other.

  • 20.
  • At 02:51 PM on 25 Jan 2007,
  • Karen M. wrote:

To Mark Longden, Corporate Bufoon, et al...

I just wish for once non-technical people would take an article about botnets & zombie machines seriously.

Do you put a lock on the front door of your house? Do you take any measures at all to keep out pests and vermin? Of course you do. Most people make at least some modest effort to keep a clean and secure home. Yet the computer, a valuable and powerful piece of equipment, is usually ignored, and thanks to the average person's carelessness we now have the scourge of botnets.

For the average person, the only clue he's got that his computer might be infected is that "it's running kinda slow these days". If you're not paying attention, it really can be that transparent to you.

The issue here is that PC ownership and internet access are exploding at such a phenomal rate that most users are ignorant of security and safety, and that this will only enable the botnets to grow. There can be no disputing over the fact that botnets exist, because they have existed (on a small scale) for many years. There is not just a loophole in operating systems, but in education if users. A little knowledge is always a dangerous thing and can be easily exploited.

  • 22.
  • At 02:58 PM on 25 Jan 2007,
  • Andy Haveland-Robinson wrote:

How many of you would be happy knowing that while you are sleeping in your home, unknown people rifling though all your drawers, cupboards, files and possessions looking for valuables and using your home as a base for sending illegal materials, dealing in drugs, fraud, extortion and hacking?

The dangers of botnets, keyloggers, trojans and viruses just cannot be stressed enough, and something must be done to stop this rape of privacy.

I run a small ISP, I block spam and viruses as far as possible from reaching my users and daily reject thousands of compromised machines trying to send spam - this is just one highly visible symptom of one sector of criminality that I see as a system administrator. I can track and block, but I can't let the owner of a compromised machine know that their machine is infected. If I could, then they would be bombarded with even more spam!

I could send thousands of mails to their ISPs and hope that they will inform the user that occupied that IP address at the time, but they don't seem to be interested in taking any action because it is too labour intensive and budgets are tight with all the competition out there.

However, most users are clueless and have no idea what to do or where to go to secure their machines.

We could play them at their own game, write beneficial viruses that exploit the criminals' backdoors and disinfect and move on, but even this silent vigilantism is also an invasion of privacy and a nono.

The malware can be so sophisticated, blending in with the OS and using military grade encryption. Turf wars are being fought for control of the machines between the rival gangs and all the time malware evolves ever more sophistication, even disinfecting victims of rival malware. There are many biological parallels evolving here.

What hope for the hapless user? A reformat and reinstall is drastic, and the machine would only be infected again a few minutes after connecting to the net, or downloading bogus antispyware or free emoticons/screensavers and other shiny candyware.

Users must be educated about safe surfing and the risks they face. In fact, I would go further and recommend that people should take an awareness exam before even being allowed on the net.

Linux is great, but still too technical for the average user, and would also become more vulnerable in proportion to its popularity and incompetence of its user.

Macs are also cool, but still not a significant target for the criminals. Hence, Mac users are still enjoying a false sense of security.

Windows is pervasive and ubiquitous and for many people the only thing they know how to drive. It is mature but users will always be the flaw, unless they can be educated, and who can or will do that? They have to be made aware of the risks.

A computer is only as secure as the software allowed to run on it, with or without users' knowledge.

If we consider the internet as an organism, then it is seriously unwell and deficient in repair mechanisms which at present users must, and ISPs should play a part.

The end justifies the means - if it requires panicking users into doing something about it then so be it.

The Internet has become one of the biggest achievements of mankind, and we all have a moral responsibility to defend it.

Andy.

  • 23.
  • At 03:00 PM on 25 Jan 2007,
  • Kevin Hall wrote:

You know it's the same old cliche; as soon as someone mentions computer security problems there'll always be someone evangelising some flavour of Unix/Linux and saying if they just did what they did all these problems would just go away.

Firstly and most importantly you're blaming the victim for the crime. There clearly isn't enough benig done to counter the criminal gangs using botnets; minor changes by ISPs could stop most of them overnight.

Secondly the criminals using botnets are going after the largest number of potential victims, they really don't care what operating system they're using. Botnets only work in large numbers so minority operating systems like Linux are no good.

Third, advice like "if you know how to read source code and compile your own software" is without doubt almost supreme in its uselessness. For most consumers this is the same as expecting them to assemble their own cars and build their own homes.

Fourth, as a mail administrator of a large university (66,000 accounts) Vint Cerf is quite right about the scale of Internet criminality; we are swamped with Spam on a daily basis and at the current rate of growth email will be almost useless in about five years unless the spammers can be stopped - personally I think it's a war that's already lost. Anyone who thinks Vint Cerf is scaremongering clearly doesn't work in the industry and has no idea as the extent of the problem.

"That's a big 'if' Christoph - the whole reason that Windows is still popular is because its a package that, for many, saves a lot of time and extra-reading/learning. Be realistic."

Now Guy, you and I both know the reason for that. People are lazy, because they were brought up with Windows they do not want to learn or accept anything else. Whilst it is too late to change what our generations grew up with there is time to save future generations by switching schools to more secure Operating Systems.

Being used to something is not an exscuse to avoid learning about something new, especially if people are going to complain about botnets and the like.

Anyone who feels the need to complain should switch to a more secure operating system so that they are less likely to contribute to the problem. My mahor problem with botnets is purely the bandwidth that they waste!

I am aware that there is no way that everyone can read source code.

But people/institutions who can could do it and "certify" source code packages as un-malicious (e.g. via md5 checksums - http://en.wikipedia.org/wiki/MD5). Then it's a matter of trusting this institution/person which could for example base on a peer-review like system. For example: person X has high credibility and X sais this code with this md5 hash is clean. Trusted distributed networks, basically. As opposed to a trusted center-point which is Microsoft.

"Botnets" and "dodgy backdoors"? Sounds like an exert from an Austin Powers' movie.

Seriously though, virtual crime is on the increase and is only going to become more popular not less. It makes sense after all - why get your fingers dirty robbing a bank when it can all be done automatically and electronically over the world wide web?

The solution is for internet users to educate themeselves about the potential risks and, as has been suggested above, get themselves kitted out with decent security products. Surfing the internet should not be seen as merely a passive pastime - you need to keep yourself safe and keep yourself informed. Cutting corners will only leave you and others at risk. This is not scaremongering - this is commonsense.

  • 27.
  • At 03:11 PM on 25 Jan 2007,
  • oliver wrote:

Laura, the authority of your written tone. I think i love you

  • 28.
  • At 03:11 PM on 25 Jan 2007,
  • A M Khan wrote:

Have'nt we heard this before ? It is all going to crash, dooms day is comming. I am surprised how BBC subscribes to these stories without adding a caveat. This is true for BBCs reporting on Global Warming - as if it is all proven in concrete. Remember Petrol price hike ? BBC said it was all China and India's fault - nothing to do with the cartel of oil companies.

These reports do not scare me. It provides publicity for some! No publicity is bad.

  • 29.
  • At 03:15 PM on 25 Jan 2007,
  • Mark Grady wrote:

Be careful when huge statistics like these are thrown into any debate. there are an ESTIMATED 600 million computers that connect to the Internet, but not all necessarily at the same time.

More to the point, the ESTIMATE of 150 million computers being co-opted into bot nets is based on a sample. Nowhere have I seen a statement about the size or geographical distribution of the sample group - it could be one or a few countries that are highly exposed to the bot problem have skewed the results for the whole Internet.

Vint Cerf is a pioneer of computing but he is also a Vice President and Chief Internet Evangelist for Google Inc. If he's talking about security threats in ominous tones then I'm wondering what Google's next product will be - maybe some kind of anti-bot technology?

  • 30.
  • At 03:47 PM on 25 Jan 2007,
  • Bob wrote:

One key global security step would surely be to break the virtual monopolies held by Microsoft. That way we wouldn't be collective prey to the vulnerabilities of the fatally flawed Windows platform. Mario Monti (ex-EU Commissioner) had a try, but more concerted efforts are required: might scary predictions like this just possibly encourage some authorities to make a move before we all get burnt?

  • 31.
  • At 03:57 PM on 25 Jan 2007,
  • Roy Paterson wrote:

Am I missing something?

Ignoring many of the earlier comments which generally demonstrate a lack of understanding about how the internet was conceived and what threats it was, and was not, originally designed to handle, it seems to me that, no matter how clever the botnet coders are at infiltrating computers to make them surreptitiously send emails, I suggest that there are actually two things that they absolutely cannot mess with:

(a) a user's knowledge of how many emails he or she has personally sent out on any given day, and

(b) their internet service provider's knowledge of how many emails have emanated from that machine.

Given that a part of the botnet problem is getting anyone to upgrade their software to be more secure, and that therefore a technical solution cannot easily be driven from the user end, wouldn't it be relatively easy to encourage/legislate the ISP's to report to each user (very low development cost) the number of emails sent per day?

Clearly, if I knew that I had not sent any emails on a Sunday (or while away on holiday), but my ISP told me that I randomly sent 50 throughout the day and night, I could be quite certain that my machine was a part of a botnet, without running any diagnostics or having to know anything technical about how to locate rogue code.

This concept could quite easily be further adapted to include the idea that I tell my ISP what kind of email despatch pattern I typically do, and "Please tell me if you're seeing anything unusual", this being only a variation on banking transaction fraud controls.

Thoughts, anyone?

Dear Sir,

That chap has to be a Professor of something and not the Professor for something.

As for the rest of the item about predictions of the end of the internet: don't think so. After all, who in, say, 1990 or any other date before the internet really took off with the rest of us, would have predicted that it would start?

Duncan

  • 33.
  • At 04:43 PM on 25 Jan 2007,
  • Danny Parker wrote:

The internet today is very much a part of society and in society today nothing is perfect.

The internet will never be 100% safe from people out to make a few penny's and pounds from it, illegally or not.

People need to get over that fact and get on with their lives instead of winging and moaning about what if,how,when and why. That's 75% of the reason why society isn't perfect.

If we spent less time moaning and feeling sorry for ourselves and do something about the problem/situation in hand everyone would be a lot happier.

  • 34.
  • At 05:28 PM on 25 Jan 2007,
  • James Hughes wrote:

Reading through both the articles on the BBC and the comments here it amazes me the lack of technical knowledge showed by so many.

Linux systems are far more powerful than windows and the win dominance is by shear marketing, age and lack of business ethics.

Those foolish enough to think linux would fail the same way if it was the main OS don't understand the diffrent way the systems work and how nix (including macos) are far better suited to a networked enviroment with the security required.

Linux is easy to use for anyone (try ubuntu) and those that claim its harder to learn than windows are simply those that learnt windows FIRST! Try sitting down two completly new people to computing infront of a windows and linux system and watch the results.

Kindly think before speaking and I advice the BBC do actauly do research on their articles.

  • 35.
  • At 06:30 PM on 25 Jan 2007,
  • Ian Halstead wrote:

Interesting to see Michael Dell mentioned. As one of the ones complicit in the notion of computer as domestic consumer device - and sold with as much care and gravity as a toaster - he should be taking a good hard look at his role in this. I bet he rues the cords that bind him to Microsoft. Now if all Dells came preloaded with Ubuntu - there's a thought.

Paradoxically, Apple, who have done far more than Dell ever could in consumerising the 'PC' and making it a relatively friendly device, realised the importance of security early on and built their current OS on a Unix framework. You'll find more than one Mac laptop being carted around in US government security circles because of this.

  • 36.
  • At 06:54 PM on 25 Jan 2007,
  • Brian Richman wrote:

There are two simple fixes to this problem:

#1. DON'T USE MICROSOFT WINDOWS

and

#2. USE A FIREWALL

All Windows operating systems are shipped from the factory open to the world. Almost anyone can recruit an "out-of-the-box" Windows PC into a botnet and most people don't bother to put in a firewall - which is even more important with a broadband connection.

I should add a third fix....

GET EDUCATED.

Once you know what to look for and what to (and not to) do on the Internet, you are much more safe than before... AND you won't be panicked by headlines like those used for THIS item...

  • 37.
  • At 07:01 PM on 25 Jan 2007,
  • Bank Techie wrote:

I regularly encounter internet banking customers who are using Windows 98 and Internet Explorer 5.0, obviously never updated, and have no anti-virus, anti-spyware or firewall. Naturally, they respond to phishing emails, open email attachments and click on embedded hyperlinks as a matter of course. For some reason they act all surprised and are hurt and aggrieved when somebody then removes money from their account.

The point is that the knowledge of so many users is abysmal. We can advise them on security measures, but, like advice on safe sex, it is plain that this advice is often wasted, for too many clearly have no intention of doing anything about it.

In spite of its failings, Windows is successful because it is relatively easy to use; Linux is not the answer for most users, for it is not yet as user-friendly and requires a greater depth of knowledge to implement.

Whatever your level of knowledge and smug confidence that it will never happen to you, www.getsafeonline.org and www.banksafeonline.org.uk
are well worth studying.

  • 38.
  • At 07:10 PM on 25 Jan 2007,
  • Dan, Edmonton, Canada wrote:

If you simply disconnnected the network cable from the back of your PC whenever you're not using it, the amount of malicious network activity slowing-down the Internet would plummet. Simple, easy, and it works every time. It's not the whole solution, but it'd go a long way to solving it.

It just an educational thing.
It's important for people to be aware of such statistics to increase awareness of of the importance of internet security on the part of the user. Suitable quality freeware firewall, anti virus and anti spyware software are widely availiable so it's not an issue of cost. Like everything else it's still up to the part of the user in installing and maintaining these are upto date. To understand the safe way of using the internet.
I'm a Mac, Windows and Linux user so I am not biased.

  • 40.
  • At 09:53 PM on 25 Jan 2007,
  • Daniel Brown wrote:

Roy Paterson is right, the answer is simple.

most users only _download_ a lot, and upload very little. if isps monitor their users, it will be pretty obvious which users' computers are sending dodgy email/etc out. and then you cut them off till they sort it out. no human posts 10,000 emails a day..

tough love, but then so is life...

Why would criminals want to bring down the internet? Why would they cut off their money spinner? What they want is for the internet to succeed even more, and for more people to use easily compromised Windows PCs!

More worrisome still: up to 100 million other computers are connected to bloggers.

I think the time has come for more radical action against botnets. Perhaps the malware could be analysed and a killer app written and released on the Web that would infect and destroy bots and then commit suicide, so removing itself from the system.

  • 44.
  • At 04:48 AM on 26 Jan 2007,
  • Nolan Dalla wrote:

Some of the other posters here have commented that the Internet is currently "free" and "open." It is not. Certainly not so inside the United States which likes to brand itself as the land of the free.

Gambling on the Internet is under vicious attack. Internet gambling is being criminalized and federal authorities are trampling on the rights of law abiding people through intimidation, arrest, and prosecution. In a policy that is typical of what would expect in China, the US has defied the World Trade Organization (so much for meing "free trade" when something displeases the religious right), Congress passed laws that restrict WHAT I DO and HOW I CHOSE TO SPEND my money on the Internet. If you are not frightened, you should be.

Big Brother isn't just coming. He is here. Yet those who are supposedly advocates on online freedom and civil libertarians have done NOTHING to stand up and support the rights of individuals to make decisions for themselves regarding their private Internet activity.

First the come after then gamblers and then....... your next.

-- ND

  • 45.
  • At 06:35 AM on 26 Jan 2007,
  • methere wrote:

Almost ALL of those "bot" computers are Microsoft operating systems. The blame lies squarely with them.

  • 46.
  • At 07:41 AM on 26 Jan 2007,
  • dobberdoss wrote:

What a load of hogwash, 150 million computers you say?, sounds like another "made off the top of my head" stat to me.

Go scare people who don't see through yours & other's motive about "policing" the democratic internet. Hackers are cool, scammers only succeed in fooling the stupid people on this planet who deserve everything they get.

  • 47.
  • At 01:20 PM on 26 Jan 2007,
  • Rich wrote:

150 million sounds low to me. I run an independent "geek squad" style consultancy, and have encountered very, very few computers WITHOUT some compromised services. The vast majority of consumers have no idea how to protect themselves, or believe they are covered because their four year old computer came with Norton preinstalled but long since expired, and hacked beyond repair.

Windows used to be simpler than Linux, but Linux has made enormous strides in user-friendliness lately. I'm building a big Puppy Linux userbase by simply demonstrating how unbelievably quick and easy it is to boot and run, including all the apps 99% of computer users ever actually use. And the more browser-based apps become, the less platform-dependent we all become. Ubuntu and others have put live CD distros out there that work brilliantly.

And Al Gore championed the internet.

  • 48.
  • At 02:06 PM on 26 Jan 2007,
  • David wrote:

The problem, as I see it, is twofold, and it's nothing to do with internet technology or choice of operating system. It's down to people.

Firstly, there are the users of the net, 99% of whom have very little technical knowledge about how their computer works, or how it magically gets all that information from the internet.

Secondly there are the criminals - the spammers, scammers and others - who are using botnets and other means to make a quick buck.

Solutions to problems on the net, not only botnets, can be partly technical, but in general these are only "first aid", applying a bandage to stop the bleeding and not dealing with the root cause.

Proposals like "everyone should use Linux" are at best naive - it's nowhere near user-friendly enough for the average user to get to grips with, and never will be without major development. As pointed out above, Unix environments would be targeted as soon as they became popular, and despite numerous claims of "invulnerability", there already _are_ Unix and Mac viruses around.

No, the solutions will have to be social and political, since the root causes are human nature.

Dealing with users will be a long, uphill struggle. Education is obviously needed, but as we've seen from years of anti-smoking, drink driving and safe sex campaigns, the impact of even the best thought out education programmes is usually minimal.

ISP's can play a role, as can hardware and software manufacturers and vendors, but it will take many years before even a majority of the world's netizens take even basic measures to safeguard their computers.

Dealing with those responsible for the bots should be a more achievable goal. Since most of the uses of botnets are for criminal purposes, then it should be down to a matter of law enforcement and prosecution.

However, due to the worldwide nature of the net, it really needs major international cooperation, and possibly a dedicated agency, to gather evidence and track down those responsible. Achieving that level of cooperation, and the funding to run it, is unlikely to happen overnight.

Also, with overstretched resources and budgets, most law enforcement agencies around the world probably see cyber-crime as a low priority unless very large sums of money are involved. It's only going to be when government networks start going down, or large areas of countries lose net access that higher-level political forces will start to act on the problem.

So, overall it looks like the problem will get a lot worse before any real effort will be made to deal with it. Let’s hope that people like Vint Cerf can get the message through to a few people "in high places" and initiate some action before we all start suffering from net blackouts.

  • 49.
  • At 02:17 PM on 26 Jan 2007,
  • Bill Cannon wrote:

Nobody ever talks about the threat that televisions are to the broadcast networks, do they? Nobody ever talks about the threat that telephones are to the telephone networks, do they?

What is it that actually endangers the Internet, then? Is it the way the Internet is built? Is it the way that it is used?

Is this not really the Internet that is the problem, but rather, the devices we attach to the Internet? Should we have developed Internet terminals that were built in such a way that they offer no threat to the Internet itself, then attached these to the Internet instead of PC's?

Think of all the grief that people would have been spared if the PC manufacturers had built graphical browsing terminals that provided people with the opportunity to talk, to type, to touch the display and to draw on the display, a non-proprietary layer of terminal software that could serve up to users remote displays from distant applications running on any operating system, on any processor architecture.

Think of a layer of software designed for remote access to applications, a layer which provided local translations, which supported local keyboard conventions, which allowed people to benefit from software without requiring them to buy and maintain PC's. Oh, what could have been! Is it too late?

  • 50.
  • At 02:55 PM on 26 Jan 2007,
  • MJK wrote:

You won't see a botnet on GNU/Linux machines. The simple reason is that windows is very homogeneous; they're all alike.

Diversity in the linux market keeps such things at bay. The architecture of the decades that has gone into developing linux and unix (think 30 - 40 years) was done from a dispasionate and non-financial driven perspective. IE, no one was trying to pump up earnings for a quarter by rushing it along.

The solution could be greatly enhanced: stop using microsoft products.

The problem with security comes down to a simple fact: quality and security are externalities right now.

I work as a software engineer and I know personally how software is made and where it comes from in a commercial setting. Quality is not job #1. It never is. It never will be at this rate. Management is always loading us down with more work to maximize profits and quality doesn't fit into that picture. Management usually doesn't know anything about engineering or much of anything actually relating to technology in general. They garnet little respect from engineers.

Some might propose a certification process. Software engineers -- the ones who actually make the software know the truth: they are useless. Such certifications are usually put together by committee and managers. You can't just wave your hand over some software and declare it to be "secure". Security, after all, is a process.

  • 51.
  • At 05:57 PM on 26 Jan 2007,
  • Tom Betz wrote:

Anyone whose job involves managing computer systems that are connected to the Internet knows that Weber is on the money. The clearest indication in my case is in my mail server logs, where more than 80% of the attempts to deliver e-mail here are from compromised Windows PCs or from mail servers providing SMTP service to compromised Windows PCs, where the bots "pwning" them are more sophisticated.

These PCs sending junk e-mail are in the control of international crime syndicates. It doesn't take a leap of insight to recognize that if criminals can set up vast networks of compromised PCs, so can military belonging to nations, large and small.

I think we've all got a problem if we can't protect ourselves online.

  • 53.
  • At 08:41 PM on 26 Jan 2007,
  • Billy Whitcomb wrote:

If you are genuinely concerned, read the fine article in wired magazine of 2 months ago. The situation is actually worse that it is made out to be by this panel. Like any excellent, well-adapted pathogen the botnets are fueled by an intelligence that that will never distroy the hosts because then the pathogen would die also.

Sorry, John in comment No. 4.

Neither Macs nor Unix are **inherently** more secure than Windoze. If they were 80-plus percent of the computer population, they'd be getting hacked hard, too.

  • 55.
  • At 09:59 PM on 26 Jan 2007,
  • Dave wrote:

Oh dear.

Yet another complex problem with such a simple answer. Now all we have to do is agree on which answer it is. The clue is: The answer has to reflect our predjudices.

Blaming Microsoft is rather like blaming the buses and the tubes for the bombers. Somehow the authorities weren't doing their part by letting bombers use their system! Never mind the fact that we have to trust people who use public transport - that's why it's public.

More bad news - no operating system can protect you from viruses. Unless, of course, so few people use it that it's not worth attacking. So that rules out anything but Windows.

There's no need to change your operating system. You can protect a Windows system with some excellent free software: try both www.grisoft.com for their AVG software and www.lavasoft.com for Ad-aware. Yet if you have these programs, and don't go to sites mentioned in anonymous e-mail or click on anything that let's you get "free" MP3s or nude pictures of starlets, you'll find that you don't have any malware. It's been over two years since my programs caught anything.

Oh, and all that stuff about Dell - for the last two years all the Dells I've seen have come with trial anti-virus software. I'm sure that Dell aren't the only company that does this.

I don't know how Vint Cerf gets his numbers - there are almost a billion PCs in use (Gartner) though clearly not all those are connected to the internet, yet Microsoft, through their automatic scanning of people's systems, get a figure of around one in three hundred machines with any kind of virus.

  • 56.
  • At 12:34 AM on 27 Jan 2007,
  • Lou-Connecticut wrote:

I have been using Mac for 30 years and work at an Apple retail store. No. . . there are no holes in Mac OSX. But
there ARE over 47,000 flaws in Windows. 1/3 CRITICAL!
If you use windows, then get a damn Firewall. . . easy.
And on ANY machine, Mac, Linux, Windows, beware of what you open, junk email, JPEGS.

  • 57.
  • At 12:48 AM on 27 Jan 2007,
  • Mike wrote:

Father of the Internet was Sir Tim Berners-Lee>

Sorry Tom, this is not corect. Sir Tim is rightfully considered the father of the World Wide Web, NOT the Internet.

Vint Cerf, but really more John Postel could be considered fathers on the Internet.

I am truly amazed at the number of self-righteous comments here by a lot of VERY uneducated people. Security is a major problem on the Internet, and FAR too few people take it seriously, as evidenced by the silly comments here.

  • 58.
  • At 01:48 AM on 28 Jan 2007,
  • Tachyon wrote:

The real culprit should be punished.
Microsoft. Their blatant disregard for security and their prioritizing of profits over quality has led directly to this problem.
They and no one else are ultimately responsible.
I know that's a bold statement, but I stand by it.
It's a fact that over 90% of all Internet transmitted infections use Internet Explorer/Outlook as their entry point.
These aren't botnet's, they are Windows PC nets. They're not Mac's, they're not Linux boxes, they're not UNIX boxes, they are Windows boxes. If all Windows machines were removed from the net tomorrow, all the botnets would disappear too. Fact.

In effect, Microsoft has caused trillions of dollars in damages worldwide. From I Love you, to slammer to botnets. It's time someone held them accountable.

Post a comment

Please note Name and E-mail are required.

Comments are moderated, and will not appear on this weblog until the author has approved them.

Required
Required (not displayed)
 
    

The BBC is not responsible for the content of external internet sites