The Code Red virus alert that headlined the TV news at the start of this month was the latest warning to users that the war against bad code and hackers is never-ending.
As soon as users have got to grips with one problem, news filters through of another virus spreading round the globe. And, with black-hat crackers sharing know-how and hacking tales on numerous Web sites and chat rooms, it makes sense for the good guys to pool their resources.
"This is the idea behind ITsecurity.com - a Web site that features an active FAQ area for users to ask security-orientated questions to a community of more than 100 security experts recruited from leading consultancies and vendors from around the world," says Kevin Townsend, editor of the site.
"Hackers have their own forums to discuss things. Techies have theirs, such as the excellent Bugtraq, Coderpunks and others. ITsecurity.com provides a forum where both techies and more particularly managers can get advice from the good guy.
"There are more good guys than bad guys on the IT security scene in terms of intellectual capacity," he adds. "A common perception is that to be a good security consultant you have to have been a cracker at some point. That is ridiculous and also annoying as it somehow romanticises hacking."
But do these experts agree when faced with a specific security question? "Hell, no," laughs Townsend. "They're worse than economists. But we usually get several slightly different responses to each problem - and a consensus solution can usually be found by considering them all."
Townsend has noticed a change in the type of questions being asked now compared with a year ago. He says, "Recently the questions have got a lot more serious and technical. This would suggest that either people have become a lot more familiar with IT security technology or that the more technical users are now in search of best practice and good advice from their peers."
He sees forums such as his as providing essential information for the person responsible for IT security in a small- or medium-sized enterprises (SMEs). "Large companies employ a full-time person who is responsible for the security of IT systems," explains Townsend.
"These people will spend all day working on security issues, monitoring news sites and lists. In an SME, no one has the time for this. It is only when there is a specific problem that they look at IT security - this is when they need advice."
But it is the home user and self-employed business person working from home that Townsend thinks is most responsible for spreading viruses. "The users who run their own Web site and subscribe to always-on broadband are less likely to be aware of the latest security risks out there.
"The reason that the alert about Code Red reached so many people was because it appeared in the national media and on Ceefax. Had it remained within the realms of the technical media, fewer people would have taken precautions."
Townsend says Code Red's prominence is due to the fact that the Government activated the media. "There is a growing awareness that the Internet is vulnerable and that a major attack could have serious repercussions economically," he says.
This was first published in August 2001