What’s wrong with Internet and computers today?!

Last week I saw a piece over on wired news by Kevin Mitnick. This former hacker now turned security expert gives his Top 10 list of steps you should take to protect your information and your computing resources from the bad boys and girls of cyberspace.

• Back up everything! You are not invulnerable. Catastrophic data loss can happen to you -- one worm or Trojan is all it takes.
• Choose passwords that are reasonably hard to guess -- don't just append a few numbers to a no-brainer. Always change default passwords.
• Use an antivirus product like AVG or Norton, and set it to update daily.
• Update your OS religiously and be vigilant in applying all security patches released by the software manufacturer.
• Avoid hacker-bait apps like Internet Explorer and disable automatic scripting on your e-mail client.
• Use encryption software like PGP (pretty good privacy) when sending sensitive e-mail. You can also use it to protect your entire hard drive.
• Install a spyware detection app -- or even several. Programs that can be set to run frequently, like SpyCop, are ideal.
• Use a personal firewall. Configure it to prevent other computers, networks and sites from connecting to you, and specify which programs are allowed to connect to the net automatically.
• Disable any system services you're not using, especially apps that could give others remote access to your computer (like Remote Desktop, RealVNC and NetBIOS).
• Secure your wireless networks. At home, enable WPA (Wi-Fi protected access) with a password of at least 20 characters. Configure your laptop to connect in Infrastructure mode only, and don't add networks unless they use WPA.

Technically Kevin is right, socially this is wrong. What this list highlights is that the combined Internet and PC industry has delivered a product that when compared to cars one must not only have a drivers license but also to be a mechanic able to maintain one’s own car and driveway. Yet we feel anyone should be able to own a PC and get onto the net.

This list being published on wired news most users will simply go on their merry way in blissful ignorance, even those whom it does reach may not be able to do this or have the energy to expend to actually perform these tasks. The way I see it the real audience is the tech-savvy crowd that can do something about it.

For the tech-crowd the main issue should be twofold (1) how did we get into this muddle and (2) how to get out of it? I will not go into a detailed discussion on each of the points, although that would make for an interesting day of discussion. I will stick to the main points:

1. PCs are very good at running programs, any program. This has led to its success (“oh just download this prog and you wil have … for free”) but also is a serious security risk
2. PC programs have practically ultimate power on the PC so any program may wipe all the user’s data. (note that unix and by inference MacOS X and Linux also allow programs run by the user to wipe all the user’s data, their security only prevents it from killing the system too)
3. PCs have way too many settings. An ordinary PC user scratches only the surface of what the PC can do. But in order to make everything work out of the box, all kinds of convenient services the user may never need are enabled by default. Each of these may provide a security threat.
4. Same with WiFi, that too is set-up out of the box for convenience not for security.
5. Internet protocols were created for a “friendly” network used by serious people, today the Internet is anything but that…

Now, as an engineer, users never cease to amaze me with the level crappyness of technology they are willing to put up with. On the other hand I do feel the engineers have let the users down in this area.

Engineers: accept your responsibility it’s time to put things right!

European Commission and access regulation

The European Commission has called for a review of the new communications framework. Well it seems like they have some weird idea of how open markets will create consumer choice for access infrastructure.

In prose I expect they understand better than the direct way I usually communicate ;-) I tried to press upon them that infrastructure is inherently a natural monopoly and should be regarded as such. Failure to do so will destroy a lot of capital and hamper further innovation simply because it creates unrest in the market and uncertainty for service providers who are supposed to bring innovations to the consumers.

From the response:

”The cornerstone of the regulatory framework, competition between infrastructures is not economically viable or sustainable in physical access networks. This policy hampers investments, creates uncertainty because a destructive price war is foreseen by all players. It drives them to seek regulatory intervention to secure de-facto monopolies. This prediction is based on economic analysis and observing previous infrastructure investment cycles.”

As anyone who has studied the economics of infrastructure in general and access infrastructure in specific knows that the investment for access is so great that the market pressure is immense to fully utilise that infrastructure.

From the response:

“Study of investment in infrastructure from the railways in the USA to recent Internet access investment consistently shows that investment in infrastructure in general and especially access infrastructure leads to an all-out war for dominance, a war driven by the necessity to raise utilisation to 100%. Parties that lose in this war are either removed from the field entirely or find their assets bought out of a bankruptcy sale at a fraction of their worth, destroying investments and fuelling another round of price wars. History shows that such price wars lead to much uncertainty for consumers, loss of investments and no innovation.”

Now why would the nice people in Brussels come to any other conclusion? Well that is because they look at the current telecoms market and see a co-existence if telcos and cablecos. Forgetting that this only came to be because until recently each had their own market for their own product. Now they are fully on each other’s turf they are busy kicking the other out.

From the response:

“The current status is an artefact, created by liberalization of the two networks which started with a de-facto monopoly on exclusive services (telephony, TV). Competition on broadband as we have seen had not possible without the platform created by these de-facto exclusive monopolies. This artefact cannot be used as a basis for a policy for the future. Policy should be based on insights in the economic forces at play in such a market and knowledge gained from earlier infrastructure investment cycles.”

Now let’s hope they listen.
You can find the full response on the EemValley website