It was Winston Churchill who said, “Now this is not the end. It is not even the beginning of the end. But it is, perhaps, the end of the beginning”, But then Churchill was fortunate enough to live at a time when bombs fell, not your broadband connection, and smoking cigars was good for you.
Sadly, if the past few weeks are any measure of what is yet to come in 2004 we have also witnessed the end of the beginning and not the beginning of the end. There was MyDoom, followed by Microsoft shooting itself in both feet at the same time – no mean trick – on "Patch Wednesday", with the worst and most critical update yet.
This was so secret that the chief security officer of one bank found out about the problem in the newspaper on the way to work and it only came to my attention when the BBC telephoned me over breakfast asking how bad it was. “How bad is what?” I asked, sounding less intelligent than usual.
Other people feel hard done by this month as well. Alan Mather, chief executive of e-delivery at the Office of the E-envoy, writes in his web journal:
“I'm in the middle of advising my uncle, who recently got broadband, how to protect his PC better. Broadband should, perhaps, come with a health warning for the IT uneducated, along with a set of tools (a first aid kit?) to repair damage caused already and a set of inoculations to prevent further damage. I would have thought that BT or any other provider would have insisted that appropriate technical contraception is in place before allowing a connection to their proxies - after all, if people using their services get infected, the load at their end is increased and therefore their costs are higher. So it should be in every provider’s interest to provide firewall and AV software for everyone, with the AV running at the server end eliminating viruses on the way through."
Alan’s right about this, as he is about most things and, if ISPs aren’t going to offer such a facility voluntarily, then it’s reached the point when government might have to step in with a little arm twisting.
My own ISP, Nildram, offers a good DSL service with free spam filtering, but anti-virus and a firewall on the server side are optional extra costs. Nildram, which has a large "technically minded" subscriber base, believes its customers prefer the flexibility of choosing where to place their security, on the server or use their own firewall and anti-virus solutions on the PC side.
The trouble is, as Mather points out, is that his uncle and my father-in-law aren’t as security savvy as you and I and, as a consequence, need to be advised. Government has known about the dangers that would accompany rapid broadband growth for more than two years, and perhaps we have now reached the point when server-side AV and even firewall security at the ISP should be a default à la Trustworthy Computing and not an option.
If your uncle or father-in-law wants to install his own security, a little knowledge being a dangerous thing, then he can simply switch off the service through his web browser, alongside anti-spam, which has now become common, but it should no longer be a chargeable extra, like a virtual condom machine, at your ISP.
Perhaps our government should consider what the cost of business interruption to the economy will be if we continue to stagger along between virus and worm attacks in the way we have done up until now. It’s time for the prime minister to come to the rescue of Broadband Britain and, at the very least, take up smoking Churchill cigars.
What do you think?
Should the government have a blitz on broadband security? Tell us in an e-mail >> ComputerWeekly.com reserves the right to edit and publish answers on the website. Please state if your answer is not for publication.
Setting the world to rights with the collected thoughts and opinions of leading industry analyst Dr Simon Moores of Zentelligence.
Acting globally, Zentelligence (Research) advises governments, suppliers, business and the media on the evolution, application and delivery of leading-edge technologies and specialises in the areas of eGovernment and information security.
For further information on Zentelligence and its research, presentation and analyst services visit www.zentelligence.com
This was first published in February 2004