honoluluadvertiser.com

Sponsored by:

Comment, blog & share photos

Log in | Become a member
The Honolulu Advertiser
Posted on: Tuesday, September 25, 2001

Hawaii Tech
PC users still lax on safeguards

 •  Graphic: Vicious new virus

By Vicki Viotti
Advertiser Staff Writer

Hawai'i computer security experts are starting to wonder: When are we ever going to learn?

Despite many warnings, barn doors stay unlocked and another virus moves in.

Gannett News Service

The Code Red virus of late summer scared a lot of people into protecting their computer networks from break-ins, but not enough of them. That's why last week's Nimda virus, which takes advantage of many of the same holes, hit so hard.

And for whatever reason — whether connected somehow with the Sept. 11 terrorist attacks or simply part of the rising intensity of hacker assaults — some here have noticed a lot of cyberintrusions in the last few weeks.

"We read our logs yesterday," said Jeff Bloom, founder of Computer Training Academy/Network Resource Center, a Honolulu computer education and consulting firm. "We saw a heck of a lot of people trying to intrude."

Bloom has written several articles on computer security, including one posted at the academy Web site. In it, he outlines several classic failings that leave personal and, especially, business computer users at risk. Among the errors:

• Opening unsolicited e-mail attachments without verifying their source and checking their content first.

• Failing to install security patches, especially to frequently targeted programs such as the Microsoft Office suite.

• Installing screen savers or games without safety guarantees.

• Connecting a modem to a phone line while the same computer is connected to a network, subjecting all the computers on that network to an unsecured Internet pipeline.

The cost of security lapses can be immense. The annual Global Information Security Survey (performed by PricewaterhouseCoopers and completed by 4,500 professionals in 42 countries) estimates that the costs mounted through stolen proprietary data, decreased employee productivity, lost revenue and partnerships and a company's compromised reputation and integrity totalled $1.39 trillion worldwide in the last 12 months.

The same survey indicates that security breaches are worrying more ranking executives than before: 41 percent of CEOs, company presidents, and managing directors are now involved in setting computer security policy, up 10 percent from previous years.

It's progress, but many observers fear it's not enough. Although some dispute any surge in cyberthreats following the disaster, all agree that things probably will get worse before long. Bill Musson, vice president of the Information Systems Security Association, Hawai'i chapter, said he believes the physical destruction of Sept. 11 served as a distraction from the usual pace of cyberhavoc.

"I think we've seen a downward spike, but I think that will change," Musson said.

"The people who are writing these worms or viruses are getting more sophisticated in what they can do," he added. "This one attacked Web servers, something that was unexpected. It was created by someone who's been able to design something more effective because it goes through different vectors."

For example, Musson explained, the Nimda virus can be sent directly through the Net to servers — the big computers that, among other functions, run Web sites — as well as being propagated via e-mail or by people clicking on links at an infected Web site and inadvertently downloading the virus.

The Nimda virus hasn't been pinned on a specific source yet, but experts believe it's at least indicative of the potential threat of what can be called "cyberterrorism." Steve Gose, who is in charge of computer security at the Queen's Medical Center, said the trend is toward more destructive Net infections that can compromise critical social systems.

"It's just like people were able to take over the airplanes, (because) there was a false sense of security at the airports," Gose added. "It's very similar with people's computer systems. When they have Internet connections, they don't quite realize how vulnerable they are to the rest of the world."

The basic security prescription has been to use and update virus-screening software and to install a firewall (hardware or software that prevents easy access to your computer), especially if you have a speedy, always-on Internet connection, such as a cable modem or DSL line. However, even those with dialup connections may start to feel threatened, especially if they keep valuable information on their computers.

"I have a dialup connection at home, and I have a firewall," Gose said. "If I'm on for an hour, I can go to the log and see I had one to three port scans or 'pings,' " evidence that someone is electronically knocking on the computer's door.

Some people here question why PC systems are so easily compromised to begin with. Larry Geller, executive director of the Hawaii Coalition for Health, formerly worked on operating systems for GE Information Services and has watched the rise of Windows-based operating systems, which allow viruses and even legitimate programs to be installed in parts of the system that govern the operation of the whole computer. It's time for a new generation of operating systems that more carefully guards the machine's integrity, he said.

"We need to start this now," Geller added. "These viruses are going to get smarter and the worms are going to become more pervasive.

"If you parked your car in a big city and left your windows open with groceries in it, yes, someone would probably steal your groceries. But then you have the question, why do I have a car where I can't close the windows?' "

• • •