Contact Us
Mental Health
Financial advice
Youth Matters
Techno Corner

Arun Marballi

What would you say is the most critical piece of software for using the Internet? If your answer was the Web browser, you would be correct.

However, how many of you keep your Web browser patched and updated with the latest security updates put out by the corresponding software vendor? It appears from a couple of surveys - one conducted by E-Week and the other conducted jointly by ETH Zurich, Google and IBM - that about 1 in 10 among us are not keeping up with the updates.

Actually, the numbers are somewhat higher for people that use Firefox, Safari and Opera browsers as compared to those that use the Microsoft Internet Explorer browser. It is important to note that the Internet Explorer is by far the more widely used browser and Microsoft is currently preparing for the release of its new IE 8 browser, which reportedly ups the ante on anti-malware protection.

The new bells and whistles include features designed to combat drive-by downloads and embedded malicious scripts within e-mail and Web pages. It also will have filtering for cross-site scripting that will prevent a script within a link from executing. Additionally, IE 8 will feature highlighted domain names within the Internet Web address (so, for instance, you can visually see that you are actually on and not on another site).

Every month, Microsoft puts out security updates for all its suites of supported software. Along with these updates, it also downloads and runs a Malicious Software Removal Tool on your computers during the update process. This tool is designed to detect and remove viruses and other undesirable programs from Windows computers.

During the June update process, Microsoft hit a home run with its Malicious Software Removal Tool when it killed game password-stealing software from 2 million computers in the first week after it was updated to detect and neutralize these programs. Password stealers such as a program called Taterf that was neutralized are the most common type of malicious software on the Internet.

This is because there is a big financial reward in selling virtual currencies used in online games for real-world cash. These password-stealer programs are typically installed by exploiting flaws in multimedia programs such as Adobe Flash Player or Apple's QuickTime Player.

Speaking of password-stealing software, Kaspersky, a software vendor specializing in Internet Security software, has come out with a novel way for counteracting key-logging malware - use a virtual keyboard. This is an on-screen keyboard that Kaspersky's Internet Security Suite 2009 offers to its users for entering username and password details for Web sites such as online banks or virtual world games.

This Internet Security Suite also offers a software analysis tool that will review third-party software installed on your computer and verify if you have the latest updates patched. Secunia, another software vendor, actually offers a free download of a similar tool called the Software Inspector at that examines all software installed to determine if you are running any un-patched software on your computer.

Sometime ago, I had reported that Symantec, the software vendor famous for its Anti-Virus Software Suite, had recorded more than 700,000 unique threats during 2007, a 468 percent increase compared to 2006. Now, researchers at F-Secure, another Internet Security Software vendor, have indicated that through the end of June this year, the number of threats they had detected had already exceeded 900,000.

This is truly indicative of a situation that is rapidly spiraling out of control. Not only is the incidence of threats increasing rapidly, F-Secure states that the cyber-crime industry has demonstrated growing sophistication to the point where these operations are no longer fly-by-night type of operations but instead bear a strong semblance to underground corporate enterprises.

So, even as the complexity of these infrastructures enables increasingly complex malware, they are seeding the Internet with root-kits that significantly lower the entry barrier for nascent malware writers.

With a backdrop such as this, is it any surprise that the insurance industry is looking towards jumping into the fray by offering policies for "hacker damage"? Indeed, that is exactly what Toronto-based Executive Risk Insurance Services is looking to do - selling a new category of insurance to corporate clients for protecting them from the fallout when sensitive data is lost or stolen.

Although the insurance industry is targeting corporate customers, if the numbers are right, this line of business could be extended to non-corporate customers, perhaps as a rider to a homeowner's policy. If this was to come to pass, would you consider signing-up for such coverage?

Arun Marballi has worked in the Information Technology arena for more than 20 years with extensive experience in software development, process design and network/workstation management. For comments, questions, tips or suggestions, e-mail


Contact Information
The Editor:
Send mail to with questions or comments about this web site. Copyright 2004 Khaas Baat.

Anything that appears in Khaas Baat cannot be reproduced, whether wholly or in part, without permission. Opinions expressed by Khaas Baat contributors are their own and do not reflect the publisher's opinion.

Khaas Baat reserves the right to edit and/or reject any advertising. Khaas Baat is not responsible for errors in advertising or for the validity of any claims made by its advertisers. Khaas Baat is published by Khaas Baat Communications.