SCOTT EDMONDS Sun Feb 5, 1:28 PM ET WINNIPEG (CP) - Cost of new computer and new software: $1,000. Cost of getting high-speed Internet service into your home: $49.95 a month. Time it takes for a botmaster to infect your unprotected computer, take control and use it to infect others: one minute from first connection to the Internet. Chances of anyone finding a surefire cure for this threat tomorrow: not great.
"We've basically built doors now for 4,000 years and still have burglaries," says Johannes Ullrich of the SANS Institute, a leading U.S.-based research and education organization focused on computer security issues.
Twenty years ago in January, an unwanted house guest barged into the world of personal computers, and the interloper has yet to pick up his dirty toothbrush and make a graceful exit.
The Brain virus, first detected in January 1986, gave to the expanding PC world what had already been introduced to the Apple computer world - the computer virus.
Apple computers had been hit a few years earlier by something called Elk Cloner, written by a ninth-grade student from Pittsburgh, Penn.
In the days before the Internet, viruses were spread by infected diskettes which were used to boot computers and store programs.
Brain was relatively innocuous. Its developers - two brothers in Lahore, Pakistan - even copyrighted it. Those who dug into the code could find the pair's names, address and phone number. Cloner displayed this message the 50th time a disk was used to boot a computer: "Elk Cloner: The program with a personality. It will get on all your disks It will infiltrate your chips Yes it's Cloner! It will stick to you like glue It will modify ram too Send in the Cloner!"
Computer viruses, worms, adware, spyware and other hazardous software have come a long way from those comparatively harmless beginnings. They have also spawned a huge industry designed to protect us from the ever-evolving threats to our computers.
Where is it all going? Nowhere good, say the experts, who are looking for innovative ways to stop the spread of "malware" (short for malicious software). The standard solution has been to install anti-virus software and put your computer behind a firewall to protect it from attack.
But virus makers are getting smarter, and the purveyors of spyware and adware can get tracking cookies into your computer without much difficulty, making it necessary to use exterminator programs such as Spybot and Ad-Aware to eliminate the pests.
"Particularly over the last year, anti-virus (programs) have lost a lot of their effectiveness," says Ullrich. "They are basically no longer capable of keeping up with the proliferation of new viruses."
Some of the current malware includes slick programs designed to steal identity through keystroke loggers. Profit, not profile in the hacker world, is now the motive. The result is viruses that tend to stay out of the news. Also, it gets even harder for anti-virus definition files to keep up.
For example, "packers" such as Stoner Compress and Diet allow malware-makers to change the binary signature of their virus and fool traditional anti-virus software. "A new version can be pushed out every four hours," says Ullrich. "You can never catch up."
There are new anti-malware approaches out there, such as something called Norman's Sandbox, which doesn't use a list of known viruses but instead creates a virtual world, or sandbox, and then basically watches how a file plays with others. If it doesn't behave the way it should, bingo, it's probably a virus.
There are also non-technological attacks on malware. One of the latest comes from a group of tech and legal experts who recently launched a site called StopBadware.org. They hope it will promote a grassroots-based approach that will make life hard on companies that make pests of themselves. It's sort of a part-research, part-Crimestoppers program. "Our thinking is a better way is to set up a neighbourhood watch and to work together to make it that much more difficult to make money from those kinds of software," says John Palfrey of Harvard's law school.
"It's very tricky to pass legislation to force these people out of business . . . It's not clear that ordinary conventional legal methods are going to be able to solve this problem."
But he says people need to be able to know they can download with confidence. He says the goal is to encourage companies to do the right thing and not employ shady methods, such as contracting out their spamming to other firms and pretending ignorance when unwarranted incursions are documented.
The downside to all the problems being created for computer users is that some are starting to pull the plug on the Net entirely. "You pay for the computer, you pay for the software, you pay for Internet access and in the end you end up paying more for people to clean up your computer," says Ullrich. "There's a lot of user frustration."
Return To Virus and Spyware Information CentralUpdated on ... December 10, 2006