Broadband: Are You Exposed?

The LoveBug, Trojan Horses, and Other Mischief

There's a fine line between software makers being responsibile for the unsecure nature of their software and creating transparency by design (and vulnerability without intention). For example, the "Love Letter" worm is a malicious program written in Microsoft Visual Basic. Visual Basic, a scripting language, runs on Microsoft Windows, and also on Microsoft Internet Explorer (MSIE) (by default, Windows and MSIE come with scripting enabled). People generally don't change software defaults, so the Love Letter worm (virus) runs on most MSIE systems. Microsoft--a leader in adding new features--has been, and will continue to be, plagued by their own vulnerabilities.[13] (Also see Appendix II for more on this.)

To be fair, all systems on the Internet can be compromised. CERT/CC, a major reporting center for Internet security problems, documents Trojan horses as an "apparently useful program containing hidden functions that can exploit the privileges of the user [running the program], with a resulting security threat. A Trojan horse does things that the program user did not intend."[14]

Any system can be affected by Trojan horses. Given that: 1) the Internet is open, 2) software was created to share and execute files, and 3) operating systems (which are already vulnerable) evolve, therefore introduce new vulnerabilities, we have a computing environment characterized by continuous and evolving risk. It makes sense, then, to put products and monitoring processes in place to help you be aware of and active about managing your risk.

The Big Question is Not "What Do I Have to Hide?" It's "Who's in Control?"

Having a computer connected to the net is a potential resource for outsiders. Without your knowledge or consent, your computer can be used as:

...and more. When a malicious person gets access to your home computer, you loose control of it. You may not know. You may never know until something goes wrong and the police come knocking on your door.

Even if you install anti-virus software or a firewall (special security hardware and/or software that sits between your computer and the Internet), it's not safe to assume you'll never need to worry about security again.

Noted security expert Bruce Schneier points out:

"Security is a process, not a product. Products provide some protection, but the only way to effectively do business in an insecure world is to put processes in place that recognize the inherent insecurity in the products. The trick is to reduce our risk of exposure regardless of the products or patches."[15]

Toward this end, NetAction has developed a guideline called The Five "A"s of Security.

Home or Next: The Five "A"s of Security