Truth About Computer Security Hysteria
Your firm has enough clock watchers already
Tuesday, 21 December 1999
"LEARNING FROM THE on-line battlefield, our researchers drew the inspiration for cracking
this complex problem before the arrival of 2000," crowed
mi2g flunky D.K. Matai. His hirelings wrote a program dubbed
Clock Fortress™ to keep an eye on a PC's realtime clock.
Why guard a computer clock? Obviously, the fate of the worldwide financial community must ride on it. Read
mi2g's press release for details.
I personally don't need Clock Fortress™. First, my PCs don't get attacked
-- especially not the way mi2g fears. Second, I don't want to consume processor speed just to check a realtime
clock "nearly 20 times a second" to see if something happened
after the fact. (I seek out evil code before it attacks me, thank you very
Finally, I rely on a freeware product called
Dimension 4 when I want genuine realtime clock
accuracy. Each of my computers (except for one laptop) launches it via the "StartUp" group as part of
the Windows boot sequence. Dimension 4 retrieves the absolute current time of day from various atomic clocks
on the Internet.
If I should ever need continuous clock accuracy, I'd simply add Dimension 4 to the Windows Task Scheduler.
Paranoid mi2g clients could synchronize the realtime clock every minute if they wished. (And for a lot less than
what mi2g charges, I'll bet!)
Hang on for a second (pun intended) while I check the accuracy of my laptop ... Dimension 4 corrected a
32.53s deviation on 11/24/99; this morning it corrected an 85.84s deviation. Wow, do you think an evil hacker
tried to corrupt my stock trades?
I question whether an accurate realtime clock makes a difference to the clear majority of PCs in the worldwide
financial community. Those institutions journalize transactions based on a master clock, not based on the
arbitrary date-time stamp of every subordinate computer which generates a journal entry.
As for a clock-related threat to software licenses... it can only affect those who use time-limited software. (I
don't. Do you?) And, of course, those computers would need to get attacked. I'd consider it ironic if, say, an
antivirus or firewall license terminated early because the software failed to detect a clock-manipulating
PCs didn't come with realtime clocks in the 1980s. Accountants booted up every morning to
Hmmm. My reliance on Dimension 4 for accurate timekeeping could itself trigger a
Clock Fortress™ alarm condition. Every time. After the fact. Setting
company computers at bootup to match a master network clock could also trigger an alarm condition. Every time.
After the fact.
I hope Clock Fortress™ at least knows well enough to recognize when Win9x
switches to/from Daylight Savings...
I said it before and I'll say it again. Only mi2g can protect you from an
unconfirmed virus which sets your clock two weeks ahead.