End of the internet - again?

Filed Under: Malware, SophosLabs, Spam

Every day while I am driving to work I listen to the excellent Today programme on BBC Radio 4. Long time ago when I moved to England I was surprised that a station with almost no musical content was so popular and almost dismissed it for that reason. In Croatia, all radio stations have at least some music in their repertoir. I remember that at one point I did not like the music broadcasted by Radio 1 so I switched to Radio 4, heard Melvin Bragg's "In our time", and never switched back. If it was not for Today programme I would have to spend much longer reading the news sites to keep up to date with what is happening in the world, but I would miss the unique angle of Today.

And while the news on Today programme are usually impartial, I am sometimes surprised with the amount of one sided views or even self-promotion in certain parts of the program. Some news items almost make me angry. Like today, during the part of the program discussing the future of the internet, although there was no real discussion. There was only one person in the program talking about a single point of view and nobody to give some counterarguments. So I will try, though in a slightly less academic way.

According to Jonathan Zittrain, professor of internet governance at the Oxford Internet Institute the internet is heading to its destruction due to the amount malware and spam clogging the network. The destruction of internet? Hmm, it seems to me like I have heard this one before. When was it? Oh, was it before the start of the 21 century, just before the year 2000 bug was about to strike and bring down thousands of critical systems which would cause the living as we know it to grind to halt? Admittedly, some anti-virus companies were happy to contribute to the confusion. One of them predicted that 200000 new viruses will be released on the New Year's Eve of year 2000 to make the disaster even worse. But nothing happened. Was it after the September 11 attacks high traffic brought some news sites down? No, the internet survived. Was it after the underwater cables in Middle East were cut in Februrary 2008 when wide internet disruption was reported? No, the majority of internet was still online. The infrastructure is build to be resilient to disruption. But, I am sure that proffesor Zittrain knows this well.

What about the malware side? If we look at the biggest malware incidents, starting with the Morris worm in 1988 or Nimda, Codered, Lovebug, Slammer and Blaster worms that infected large number of systems we can recall that the internet still worked and the defenses were quickly put in place. Internet security is a highly responsive and flexible, it consists of many institutions, ISPs working with users, as well as with security and operating system vendors. Though it grew organically, this cooperation is the main reason that we have not seen any major malware outbreaks in the last few years. The malware writers have resorted to different techniques, using sustained campaigns, such as Storm and Pushdo, but the security community replied with proactive detection and increased web security. Malware writers have also started using methods usually seen in hacking attacks, such as XSS and SQL injection and we will see them using increasingly complex methods in the future. This means that we are making their job more difficult, not easier. It is a never ending arms race. The number of discovered vulnerabilities in the operating systems is in decline and the systems are getting more secure. There are still many infected computers but that proportion is getting smaller as new and more secure systems join the network.

What about human problem, the problem of user education? I am hoping that the user problem will gradually disappear. The generations growing up at the moment and the generations to come will be much more adept in dealing with computers than we are. There are many times I see some three year old using the computer and admire the natural confidence and skills in a similar way my parents admired me for being able to use a state of the art electronic device, which at the time was TV remote control. New things will come and the old, including us, will go away. The computers will become more like cars, they will simply work, with regular servicing intervals. Internet is still very young and it is being developed so saying that it is heading for demise may be a bit premature, unless we are talking about the demise in the same way we are talking about the demise of human civilization or life on Earth.

But let us just assume that professor Zittrain is right and that internet is quickly moving on its path to destruction. What is the way to prevent this? Professor Zittrain, at least that was the impression I got in Today programme, finds one possible solution in the closed operating system model, where every written application is approved and thereby controlled by the big corporations such as Apple, Nokia, or Microsoft. We have already seen this type of behaviour with iPhone, Symbian based phones and Blackberry devices and it works quite well. But it does not mean it cannot be circumvented. A useful tool in the hands of one user can become a lethal weapon if used by a malicious virus writer. On the other hand, as with creating games for games consoles, this approach is cost prohibitive for small developers.

The interesting fact is that Jonathen Zittrain's book "The Future Of The Internet And How To Stop It" is free for download as a PDF and released under a Creative Commons
Attribution-Noncommercial-Share Alike 3.0 License. The fact that the book is freely accessible on the web also shows the freedom internet brought to authors, musicians and other creative artists and we must not loose that freedom. The author rightfully points out that the lock down of the personal computers, if we decide to adopt the closed OS model, will prevent millions of small companies and open source developers from influencing the direction of technology development the way they do it now. The freedom which we have now is surely more important than the relatively small (though not negligible) risk of infection. Do not forget to use the security software. It does the job well, though not perfect.

Eventually, this news item fulfilled its purpose. I am looking forward to read the book carefully and I hope that the claim about the destruction of the internet was taken out of context. Although the number of malware is still on the increase and more than 90% of email consists of spam, we have come a long way in protecting the users, through processes, education and products. Unfortunately, there are no revolutionary ways to remove all bad things on the internet as malware remains social, not technological problem. As long as there are bad people around we will have the malicious intent, and most probably, malicious code, though I argue that the internet infrastructure will be ready to sustain it, as it was in the past, and it is now.

You might like

About the author

Vanja is a Principal Virus Researcher in SophosLabs. He has been working for Sophos since 1998. His major interests include automated analysis systems, honeypots and malware for mobile devices. Vanja is always ready for a good discussion on various security topics.