(Via Gareth Parker)
An IT expert writes (in Crikey’s subscriber email):
There is a good chance that Labor will give the Howard Government a hard time over its failure to make e-commerce safe through adequate regulation of ISPs. The Minister for Telecommunications Darryl Williams is the likely target.The trigger is the large numbers of “Mums and Dads” getting hacked or hit with virii then having Internet Banking accounts pilfered.
The cause is that ISPs will not implement effective protection measures on their networks and email servers that account for “Murphy’s Law” and acknowledge that the average user is clueless and will/can not protect themselves.
The Federal government knows about the root cause but will not regulate to protect the public. If Labor drop this ball (as the government have) then that is a story in itself.
Gareth comments:
What does the “IT expert” suggest? That the Federal government offer a Norton rebate?
I suppose a purist libertarian response would require an assertion that it’s up to each individual adult to decide whether and to what extent they protect themelves against hackers, viruses, spyware and the like. Some would assert that any regulation of this area is “nanny-state” interference (although many of them would be named Gates). But many if not most consumers have little or no idea of the risks or what protective measures they should take against them. Most adults over about 25 (and quite a few younger ones as well) are still technological luddites.
Moreover, surely we’re all entitled to expect that when we buy an Internet-enabled PC, it will be fit and reasonably safe to be used for that purpose. People who buy cars expect them to be safe too, and the past failures of many car manufacturers to voluntarily fit things like seat belts and airbags caused regulators quite properly to insist on them. Why should PCs be any different?
As most of us more ‘geeky’ bloggers know, it isn’t safe to use the Internet (especially with a broadband connection) without up-to-date anti-virus software, at least a software firewall, and (at least if you have a teenage child) up-to-date anti-spyware software. I reckon there’s a very strong case for the federal government to regulate to require that all new PCs must be sold with a firewall, anti-virus and anti-spyware software already installed and with 2 years of automatic updates. PC packaging should also be required to have the following warnings prominently displayed:
- Never open email attachments unless you’re absolutely certain they come from a trusted source (and if you’re not sure, ring the apparent sender to make sure the email really is from them;
- Never install third party software, plug-ins or other gadgets unless you’re sure they’re from a reputable source;
- If your PC is ever used by a child or teenager, then don’t under any circumstances use it for Internet banking, because you can almost guarantee that your child will completely ignore the above instructions whenever they feel like it (however many times you might yell at them for doing it).
Every Windows computer connected to the Internet should have at least some antivirus and firewall software.
Fortunately, you can download a free firewall at Zone Labs, and a free antivirus program at GRisoft.
Most new computers have anti-vires software pre installed or at least tell them to. Car manufacturers have oil and tell the new owner to service regularly but you’ll be surprised of the amount of people that return after two years of none service complaining the car has packed it in. I had up to ten people at one time who’s computers got regularly attack by virus and only installed anti-vires software when I refused to fix it for free. Funny thing though all the over 50’s that I helped installed anti-vires software first up.
“Some would assert that any regulation of this area is “nanny-state” interference.”
Count me in on that. Gawd what next? Well we know the answer to that already don’t we?
Funny Ken, I seem to have read something from you protesting against the move by Manly and Waverley Councils against smoking bans on beaches. You’re a bit of a filp-flopper on Nanny-statism, aren’t you?
We’re getting to the stage where we expect the gubmint to hold our hands in every aspect of life. After they’ve finished labelling junk food with warnings that if you eat McDonald’s exclusively for a month you won’t feel well, we’ll no doubt force salt producers to put labels on their stuff that too much salt can play havoc with blood pressure; force car manufacturers to place placards on front of cars warning that they present a hazard to pedestrians who jay-walk in peak-hour traffic on motorways; sugar manufacturers that sugar rots your teeth if you don’t floss; on toilets that not washing hands after using them can cause ill health; on tissues that their non-use on public transport can spread germs; on voting booths that believing the promises of politicians is a trust hazard; on sandbars at beaches that diving head-on into them even if they’re covered with three inches of water is no good for your spinal cord, etc, etc.
Perhaps the Govt has been talking to the banks, who appear to have given up on serious internet transaction security. Had a letter last week from Westpac downsizing our Company’s daily limit from $25000 to $1500 for security reasons. This wouldn’t pay the wages. After a phone call and explanation, they lifted it their maximum of $5000, without the purchase and use of their latest security gadget. Apparently this electronic gadget changes a security number every minute so you can enter the current code for a transaction. The drawback is a purchase price of $150 and $100 a year for the privilege. Back to cheques and the business Mastercard I suppose. The only trouble with the Mastercard, was I had to cancel it after 8 unauthorised transactions occurred in Canada and the US, out of the blue. They were duly reversed after a call to the bank and letter response to each, taking about three weeks per transaction. Somehow I think Oppositions should be wary of promising the impossible.
As for Luddites – Luddites don’t use computers at all. They don’t use ATMs. They go into the branch to cash a cheque for $10. They don’t even use phones since those number-punching fronts were introduced. Whatever happened to round dials where you put your finger in one number’s hole at a time and turned it round till it stopped? They don’t even read newspapers since they stopped putting the sport on the back page on Mondays, and Bluey and Curly disappeared from the comics. They still tear their rail return tickets in two to use the other half for the return journey. So don’t worry about them. They really know how things are done and can look after themselves quite well, thank you very much.
It’s prolly not a great idea to regulate the PC industry since it is quite a volatile industry, for example virii have gone through being ‘boot-sector’ means of transmission, to email based, and is slowly moving to towards being worm like.
Best wait until the industry settles down a bit.
“I reckon there’s a very strong case for the federal government to regulate to require that all new PCs must be sold with a firewall, anti-virus and anti-spyware software already installed and with 2 years of automatic updates.”
That would almost double the price of a new PC. Once again, the consumer would be the big loser.
I bought a new PC a month ago. It was $500. Athlon 2000 with 512mb of ram. Because I am a savvy user and had all the software I needed already, I didn’t need windows, anti-virus, etc already installed.
To install an antivirus, windows need to come preinstalled, which adds about $200 to the cost of a new PC for a start. Legislating that windows must come preinstalled on a system is basically legislating in favour of a microsoft monopoly.
Add to that the virus software, firewall and spyware blockers, and assuming that they come with licenses. You are looking at an extra $500 for the software and the time taken for the technician to install them all. Absolutely ridiculous and you’re damn right that is is nanny-statism at it’s worst.
What you are saying is equivalent to leigislating against the sale of Cars that are more than 5 years old, as they are not as reliable as new cars, and most users do not have the expertise to fix them.
Computer users can spend the extra money to buy from a big-brand company like DELL who do sell all their PCs complete with operating system, anti-virus, firewall et al. You are looking at $1500 for a Dell rather than $500 though.
And no virus checker on Earth is going to stop idiots from being scammed by emails purporting to be from banks asking them to put their username and password into a spoofed web page.
If you MUST regulate something, simply regulate that Microsoft Australia must repackage Windows XP to come with the blaster and sasser fixes already on the CD, because that is what is causing 95% of the virus problems at the moment. You must download those fixes within about 10 minutes of connecting to the internet for the first time or you’ll be wormed. Average users don’t know this, etc.
Doubling the price of a new PC because some people are too stupid to pay for service is not the answer.
I agree with Yobbo’s arguments about the undesirability of forcing bundled packages, especially that such a policy would entrench a software oligopoly.
On the other hand, we can’t pretend that the world is perfect and that everyone knows about the risks involved in using the internet. Certainly some form of warning should be mandatory, along the lines of cigarette packs. You can’t open the box without seeing a bid red square explaining what people need to do to protect themselves. You can’t buy an internet account without having the same warning repeated — in fact, ISPs should be encouraged to point people towards free virus software.
Should antivirus software be subsidised? Perhaps. Since viruses multiply exponentially as they infect new computers, each time an email is blocked it probably saves hundreds or thousands down the track. Would the cost to government be significant when weighed against the savings to business? I don’t know, but it’s worth asking.
And you’re right about Microsoft, too, Yobbo. When they release a patch, every new press of the CD should have the patch included. To leave it out is to distribute a product they know is defective. And again, the cost of their compliance would be far outweighed by the benefits to consumers whose safety would be immediately improved, and the flow-on effects that it would bring.
Just a thought; if Echelon is already scanning every email, can’t we get the CIA (or whoever) to scan for worms as well as suspect words? Come to think of it, they’d be in a great position to kill spam completely.
An interesting piece of trivia I discovered in my dealings with the bank over the unauthorised use of my Mastercard was this. If you look on the reverse side of your credit card(mine is on the signature strip)you should find printed the last 4 numbers of your embossed number, as well as another 3 numbers. Apparently when ordering goods over the phone, where the merchant does not get a signature, they can have a facility to request these extra 3 digits. (This would at least demonstrate that you have the card) It seems that merchants seldom do. I have never been asked to provide them, although I don’t often use it this way. Have others been asked for them?
As far as the unauthorised transactions went, I quickly picked them up online and they were all internet merchant purchases. This meant the purchaser must have had access to the card’s number, company name and expiry date, which any merchant, or their employees could obtain from my past purchases. Only once have I used it to purchase a book on the internet from Amazon. Since this was over 2 yrs prior to unauthorised use, I could safely rule out Amazon as the source. Most likely the card’s details have been divulged by a service station or employee, as this is the major use of the card. Perhaps a clever IT investigator could collate unauthorised use cards like mine, to track a common merchant/s to crack what must be an international crime information chain. Perhaps the banks are already engaged in this.
the CIA (or whoever)… [would] be in a great position to kill spam completely.
Thanks, but no thanks. I can live with them scanning my emails for suspected terrorist conspiracies, but I certainly don’t want them regularly censoring what reaches my inbox.
If you look on the reverse side of your credit card(mine is on the signature strip)you should find printed the last 4 numbers of your embossed number, as well as another 3 numbers. Apparently when ordering goods over the phone, where the merchant does not get a signature, they can have a facility to request these extra 3 digits. (This would at least demonstrate that you have the card) It seems that merchants seldom do. I have never been asked to provide them, although I don’t often use it this way. Have others been asked for them?
If you pay your telstra bill over the phone you’ll be asked for them.
I think we are all agreed we do want it regulated – just not at the customer end. It is as if people were sending snail mail with toxins. The solution is not to put a sticker on the letter box saying; “buy an expensive pair of glove and a gas mask before you touch your mail”.
It is to go after the crook with the poisonous vial. I am waiting for the day..
Geez, spend a few bucks and install a decent set of firewalls and anti spam software.
Problem solved.
Although, I suppose the government should pay. or get the rich bastards to pay for all the “little people” who are getting hacked and spammed.
I love spending other people’s money.
Well, computers have gotten a lot cheaper over the last couple of years. Far more than the $200 for the Norton suite or something isn’t exhorbitant, but you don’t even have to spend money to be sufficiently protected. (See the first couple of comments by EP and Gary.)
It’s one thing for a customer to expect a vendor to install all the basics required to make the system secure, another to have the government insist on this, especially since any such legislation would have little chance of keeping up with circumstances.
Also, discontinuing use of Microsoft Internet Explorer and Outlook in deference to other free but more secure browsers and mail clients (which aren’t so willing to allow rogue programs to infect your computer) would be a plus as well. I could rant about the general insecurity of XP, except it’s entirely possible to make it secure, no thanks to Microsoft.
(The other option is to just ditch the Microsoft platform and use a Linux distribution, or buy a Mac.)
I assume that car alarms and security systems aren’t actually mandated by the government?
… you would think so, wouldn’t you, except in goold old WA, where, incrediby, it is compulsory to have a car fitted with an immobilser.
No, it’s quite credible, Gareth, and it had a bigger effect on car theft than any bullshit law-and-order posturing.
Speak to the immobiliser installers and the RAC roadside assist guys, Rob, who say that the whole thing’s a scam that any self-respecting car theif can get around in 5 minutes.
Whoop-de-doo. That doesn’t mean the scheme has been unsuccessful.
In 2002 the National Motor Vehicle Theft Reduction Council commissioned a report on improving the installation of immobilisers (Word document). The report conceded that the WA scheme was hampered by serious problems (not least of which was a high rate of badly installed immobilisers), but concluded that the net effect was a significant reduction in car theft:Theft of passenger vehicles and light commercial vehicles reduced by 17 per cent per annum during the scheme. This comprised a reduction of 19 per cent in opportunistic theft and an increase of 2 per cent in professional theft. It is estimated that 45 per cent of the theft reduction was due to the compulsory scheme, after making allowance for Original Equipment Manufacture (OEM) immobilisers, the voluntary scheme and the effect of an increased rate of immobilisation on the number of stolen vehicles. WA data suggests that the rate of theft reduction increases with higher levels of immobilisation, although it is not possible to define a precise relationship.
Other factors are likely to affect motor vehicle theft, perhaps most importantly, police campaigns aimed at potential thieves. There was insufficient information to assess any effect. There appeared to be no increase in other motor vehicle offences, eg attempted theft, theft with aggressive behaviour. There was little change in the makes/models stolen during the scheme, and the main ones stolen were early models which would not have an OEM immobiliser installed, ie the effect of scheme was that non-immobilised vehicles were more likely to be stolen. As these vehicles are older there was a significant reduction in the value of stolen vehicles. However, having an immobiliser fitted does not prevent vehicles from being stolen, but the risk is half that for non-immobilised vehicles.[…]There was also no discernible effect on other types of crime which may have substituted for motor vehicle theft, eg property crime, other theft. There were increases in the number of road service callouts to deal with faulty alarms, but the numbers were small in relation to total callouts. The price of immobilisers decreased significantly, and the range of units available increased. Manufacturers suggested that high sales had enabled product innovation and therefore entry to overseas markets.
Evaluation Results
The cost-benefit analysis of the WA compulsory engine immobilisation scheme was undertaken over a 10 year period with costs and benefits discounted at 5 per cent pa. Benefits exceeded costs, resulting in a net present value of $13 million and a benefit-cost ratio of 1.3. The estimated theft reduction benefits are conservative, and it was not possible to quantify product innovation benefits.But hey — if you want to ignore actual research and make policy on the basis of the discussion you had with the RAC bloke last time you left your lights on, go right ahead.
“People who buy cars expect them to be safe too”.
Yeah, but it’s your own fault if you can’t drive.