 | |
| |
TechnologyDaily Mobile
Can Consumers Trust the Internet?
by Sarah Lai Stirland
Some people might view Suzy Turner's crusade against malicious software code as esoteric.
Turner has made a name for herself online by giving Internet surfers information and updates on secretly installed computer "spyware" that can hijack operating systems and Web browsers. She runs Spywarewarrior.org and authors an associated Web log, work that she began after she was forced to clean spyware off her own computer in 2002.
But Turner is one of a growing number of people concerned about the Internet as a trustworthy medium. The spyware experience, she recalled at a Thursday conference, "left me with a really bad feeling of anger, and frustration, a feeling of having been violated."
Computer-security experts, law enforcers and pollsters all note that she and others worry that a proliferation of malicious programming, over-aggressive advertising techniques, and online crooks will wrest their ability to control their online experiences.
"You see in these surveys that the American public don't have confidence in the Internet to shop and bank and do their activities online," said Dan Caprio, the deputy assistant secretary for technology policy and the chief privacy officer at the Commerce Department. "We need to work to promote that confidence."
Toward More Secure Online Behavior
In a national survey of Internet users released last October, Consumer Reports magazine found that nine out of 10 users older than 18 had changed their online behavior due to fears of identity theft. A third of those who reported changing their habits said they had reduced their usage of the Internet, and a quarter had stopped buying things online. Overall, the survey said 77 percent of Internet users have made purchases online.
The issue of consumer confidence online concerns policy experts both because of how the Internet can make people's lives more efficient and because of its role in increasing productivity and driving the economy.
In the future semantic Web of machine-readable documents, for example, Microsoft chief privacy strategist Peter Cullen said routine transactions such as scheduling dentist appointments could be automated. "In a connected world," he said, "machines can do that for you -- [but] it requires you to have confidence and trust to require that that transaction is safe, which is a different level of trust than perhaps exists today."
Both government officials and technology company executives note that new laws alone could not restore consumer trust in e-commerce. They also recommend a combination of education initiatives, law enforcement and technological solutions.
Michael Allred, the chief information security officer for Utah, said during a panel discussion last week that computer users need to be trained to understand that untrustworthy programs often come bundled with free offers on the Internet. During the discussion, he recalled that he expended a significant amount of effort recently to convince a staff member of the state government that she did not have an inherent right to download a "free" screensaver.
"She was pretty irate because we were preventing her from downloading a 'Finding Nemo' screensaver," he recalled. "I ... tried to explain to her that she would be putting spyware on her machine, and she said: 'I don't care; all I want is Finding Nemo.'"
Other anecdotal evidence buttresses Allred's point. In a simulation designed to show how consumers might inadvertently download software to allow advertising on their computers, researchers at the anti-spyware company Webroot Software clicked on an advertisement for "free emoticons" like smiley faces sometimes used in e-mails and instant messages. The researchers subsequently found 13 pieces of advertising software installed on computers, and they degraded the computer's performance.
The Dangers Of Downloading
To counter consumer attitudes about obtaining freebies on the Internet, and other potentially destructive computer-security behaviors, the FTC has launched an online campaign called "On Guard Online."
Technology companies also are working with public-interest groups to better define the issues and reach an industry-wide understanding of what constitutes deceptive practices when deploying software. Their work revolves around a working group called the Anti-Spyware Coalition.
Meanwhile, Internet service providers and software companies such as Microsoft are offering their customers tools that warn about suspicious-looking Web sites, and that block spyware and unsolicited commercial e-mail.
Microsoft's Cullen said the enactment of a law with privacy principles also would bolster consumers' trust of the online world. Such principles would provide consumers with more control over, and information about, how companies use their personal information, he said.
The Justice Department currently does not possess any hard statistics about cyber crimes, but a glance at Justice's cyber-crime Web site shows that the department frequently announces new investigations and prosecutions. Microsoft alone has cooperated with law enforcers to pursue online frauds in about 200 instances worldwide, Cullen said.
Research by firms such as Webroot shows that authors of malicious code are becoming increasingly sophisticated. They use techniques that plant code onto computers that can be extremely difficult to detect and remove. Law enforcers say the code might merely seem to be annoyances to computer owners but increasingly are being deployed by criminal coders to commit large-scale crimes.
"What we keep seeing is that these hackers are creating these armies of zombies, and they're actually pilfering them from each other to commit crimes and generate money," said James Aquilina, an assistant U.S. attorney in Los Angeles.
The Battle Against 'Botnets'
Aquilina spent last year pursuing Jeanson Ancheta of Downey, Calif. Ancheta pled guilty in late January to a new online scam that violated a computer fraud and abuse law.
He is one of an emerging class of criminal computer programmers who create automated "bots" that carry instructions to operate several computers remotely. Such networks are known as "botnets," and operators like Ancheta are called "bot herders." "The bot herder can with one command tell thousands of computers to do something, and that opens up a whole world of possibilities," Aquilina said.
The 20-year-old Ancheta sold access to his botnets. Some of his customers used them to launch attacks on Asian technology companies. Ancheta also made money by becoming an affiliate of online advertising companies, modifying the software he was given and then illegally downloading it onto the more than 400,000 computers he controlled through his botnet.
It can be hard to determine whether computers have been co-opted for a botnet, Aquilina said. "From your home-user standpoint, you can tell because, basically, your computer runs very slowly," he said. "Basically, once you turn on your computer, the infection actually changes the system registry such that you don't even have to have your browser open. It's calling out to the Internet, and you don't even know it."
Aquilina said the best prevention is to regularly update security fixes and to make sure Internet security settings are properly configured.
NEW FEATURE
-Advertisement-
-Advertisement-
-Advertisement-
