|
See also:
OECD wants global push to stop the scourge of
spam
When it released its anti-spam toolkit last week
the OECD listed as one of its recommendations
the inclusion of lessons on spam and Internet
security in school computing courses and in
courses offered to 'senior citizens'. Perhaps
such instruction should be widened, and made
mandatory.
And with good reason: an unprotected PC
connected to the Internet is a danger not only
to its owner but to the global Internet
community. About 18 months ago computer security
company, Symantec estimated that, on any day,
anywhere between 30,000 and 70,000 computers -
mostly owned by ignorant consumers who fail to
keep their antivirus software up to date - are
under the control of gangs of organised cyber
criminals and used to launch spam campaigns,
phishing scams or denial-of-service attacks.
Another study of consumer PCs conducted by the
National Cyber Security Alliance in the US and
by AOL, found that 19 percent of the PCs scanned
for the study had some sort of virus, while a
troubling 80 percent had some sort of spyware or
adware installed. This survey found that 85
percent of users had some sort of antivirus
software, but only 33 per cent of users had
updated it in the past week.
Attempts to counter such large scale abuse of
vulnerable, net-connected PCs and to catch the
crims responsible are confounded by the
technology. According to the study, "a
PC...might be used as a fake website for only 10
minutes, before another ... usually in a
different country, pops up and takes over,
making it hard for police to track down the
source of the attack."
According to Symantec, A PC fresh-connected to
the Internet will experience some form of attack
within 16 minutes. One PC in the National Cyber
Security Alliance/AOL study was infected with
over 200 viruses.
You can't blame the users entirely. Some PC
retailers knowingly sell systems with outdated
virus software and, more importantly, Windows
operating systems without the latest security
patches.
Something clearly has to be done. And there seem
to three possible avenues: making the technology
foolproof, imposing regulation on the supply
side and/or on the user. Clearly none of these
would solve the problem entirely, but could
certainly greatly reduce the number of PCs
available for illicit use by those with
nefarious aims.
Many regimes have already legislated to ban
spam. It seems not unreasonable to envisage this
legislation being extended to require computer
owners to take 'reasonable precautions' against
infection and illicit use of their machines to
distribute spam.
If so the threat of prosecution should the
source of illicit activity be traced to their
machine might be sufficient incentive to ensure
a reasonable level of compliance.
But most civilised countries impose restrictions
on individuals that aim to limit their ability
to cause harm to their fellow citizens: you
can't buy a gun without a licence, nor can you
drive a car.
Spam isn't life-threatening (not yet anyway) but
it's certainly damaging. So why shouldn't users
be required to display a level of competency in
securing their PCs before they're allowed to
connect to the Internet? |
