Vmyths.com



Hoaxes, myths,
urban legends

Columnists

Newsletter
signup


Addictive
Update
Model

False
Authority
Syndrome


About us

Computer
security
humor

Truth about computer security hysteria
Truth About Computer Security Hysteria

British ISPs lead the way in email-centric virus security

Rob Rosenberger, Vmyths co-founder
Thursday, 17 February 2000 HER MAJESTY'S ISPs continue to lead the way in email-centric virus security. PIPEX announced a deal with Symantec to give personal/SOHO customers a copy of Norton AntiVirus 2000 at no extra charge. Additionally, PIPEX will offer NAV2K updates via local servers. "The agreement forms part of Symantec's global strategy to integrate its anti-virus and URL filtering technology into the Internet infrastructure." A business-centric ISP known as Hiway trumpeted a deal with Content Technologies. They'll offer "a fully hosted service to protect customers from the breadth and depth of e-mail-borne threats including malicious content, Spam, viruses and virus hoaxes, encrypted files, executables, video and image files, obscene material and confidentiality breaches."
Why must X-thousand PIPEX customers protect themselves from Y-million AOL customers? AOL should end this one-way security relationship. Pronto.
British ISPs seem to recognize email's status as the Internet's "killer app." I know some U.S. ISPs recognize it too — yet disproportionately few do anything about it right now. ("Skate at your own risk," as we Americans like to say.) PIPEX & Hiway made an important move by adding a layer of security to email. Take AOL, for example. Our current "global" virus problem will change drastically if/when they take on email attachment security. Why must X-thousand PIPEX customers protect themselves from Y-million AOL customers? AOL should end this one-way security relationship. Pronto. (Sadly, I can't even lead AOL to water. I unabashedly like them, but their computer security team won't talk to me for some reason.)
I WANT TO take a moment to applaud PIPEX for setting up local NAV2K servers. Why? Simple: antivirus firms' bandwidth cannot support the occasional worldwide virus hysteria. PIPEX's decision means panicky customers will update quickly even if Symantec gets swamped. According to the FBI's own logic, reporters launched numerous "distributed denial-of-service (DDoS) attacks" over the years against major antivirus companies. You want to talk about gazillions of dollars in lost revenue? Let me rewrite a recent Wall Street Journal story for effect:
Imagine that a malicious prankstergullible newswire reporter arranged for 10,00025 million people around the world to start dialing your phone number, over and over again. That, in effect, is what the Web sites of Yahoo! Inc., eBay Inc., E*Trade Group Inc.Network Associates, Symantec, Trend Micro, F-Secure, Sophos and other big Web sites were up against this week when they fell victim to what is rapidly becoming the most worrisome security problem on the Internet: the "denial of servicevirus hysteria," or D.O.S.V.H., attack. As its name implies, this attack doesn't aim to damage computer files, as often happens with viruses, or steal important information, such as credit-card numbers. Instead, it aims to simply keep an Internetantivirus site from operating. But while computer experts have long known how to defend their systems from the likes of viruseshysterical computer users, they say there is so far no sure-fire way to defend against D.O.S.V.H. attacks until they are already under way. These attacks all take advantage of the inherently open and trusting nature of the Internet's basic designinternational press, in which all Web messagespress releases are presumed to be valid ones from legitimate sitesmedia outlets. In effect, the attackersreporters have figured a way to turn one of the Net's most distinctive and enticing qualitiesindustries against itself. The ultimate long-term solution, security experts say, requires new Internet software and hardware standards that deprive the D.O.S.V.H. attackers of the tools now available to them.
See my recent tirade for more thoughts on this subject. Mark my words: local servers will someday rescue Symantec from PIPEX's own customers.