Arun Marballi

Free enterprise encourages innovation � sometimes the wrong type of innovation. This is more evident in the world of cyber-technology than perhaps in any other arena. Almost on a daily basis people find ways to leverage technology in unethical ways for financial gain, for creating disruption or just for the fun of it.

Examples of this criminal use of technology abound. Last month, an Oregon man was fined $84,000 for scamming users with bogus pop-up security warnings on their computers that led them to a Web site that touted a phony anti-spyware program � Spyware Cleaner. Users were offered a free computer scan, which always indicated the presence of spyware and then lured the user into purchasing the dubious Spyware Cleaner product. Another instance that has come to light involved the security software vendor SoftwareOnline.Com Inc. This company was accused of several unethical practices, including free computer scans that bombarded users with pop-up ads that did not clearly identify security risks.

Then, how about the popular technology � Voice over IP (VoIP) that so conveniently allows us to save money by routing phone calls over the internet? This same money-saving technology is now being used by some creative geniuses as an alternative phishing scheme for acquiring personal and financial information over the phone. Users receive an e-mail, purportedly from a bank that directs the recipients to call a phone number for verifying their account information. The phone number connects the callers to a VoIP account using a Voice Response System that mimics a bank�s phone system and dupes the caller into giving up confidential account access information.

We are familiar with the search engines that bring the power of the Internet within our reach. The unfortunate fact is that users of these search engines land on malicious Web sites about 285 million times per month by clicking on search results from the five major search engines, according to McAfee Inc.�s SiteAdvisor unit. Of the major search engines, MSN had the lowest incidence of malicious links at 3.9 percent while Ask.com had the most at 6.1 percent. The bottom line here is to note that the search engines cannot be expected to protect us from dangerous links � we need to use good judgment and discretion while using the search results.

Another source of danger arises from genuine technology vendors using what are called �stealth techniques� for effecting copyright protection. One such instance that recently came to light was the copyright protection software that installed onto a User�s computer from certain Sony BMG Music CDs when they were played on a Windows PC. The reason that this type of software is called stealth software is because it embeds itself at a low level in the Operating System and hence cloaks itself from detection. To make matters worse, these elements of software create what is in-effect a back-door path to allow other malicious software to install on our computers thereby evading all the protective shields that we may have put up. In the case of Sony BMG, prior to installing the software, the user was presented an on-screen prompt to accept a license. Typically, there should be no install associated with the mere playback of a music CD on a computer and the license prompt should have been an immediate red flag. However, we implicitly trust vendors such as Sony BMG and click the �Accept� button.

In the meantime, major software vendors such as Microsoft continue to diligently put out updates to their software on a regular basis; and of late even Apple Computers, hitherto considered a relatively risk-free environment, has joined this distinguished group. Rohit Dhamankar, editor of @RISK, a newsletter published by the SANS Institute (a non-profit organization for computer and network security), says, �The number of vulnerabilities in the Mac OS has certainly increased in the last six-month period.� Apple�s Safari Web Browser has recently been the subject of numerous vulnerabilities. Users of this software should heed advice and get their computers updated at the earliest.

In a not-so-shocking announcement, Microsoft has stated that it is ending support (including security updates) for its older operating systems, including Windows 98, Windows 98 SE and Windows Millennium (ME) on July 11, 2006. So if anyone is still using computers with these operating systems this may be a good time to consider retiring these computers or at least upgrading them � seriously!

Arun Marballi has worked in the Information Technology arena for more than 20 years with extensive experience in software development, process design and network/workstation management. For comments, questions, tips or suggestions, e-mail [email protected].

Home