Skip to content

Internet Virus & Malware Re-think

March 28, 2010
Meanwhile, over  on Bastard Sheep, I read the portentous and disturbing  news, about the  growth of Internet virus and malware Evermore cleverly disguised and alluring traps are set such as  fake look alike websites and viruses or malware are triggered in an increasing number of ads.

2.6 MILLION instances of infected ads since late December.

You know,  this stinking damn, malicious behavior makes me madder than hell. After the fuming subsides, I wonder why we are not doing more about it, but rather, seemingly accepting that it is a product of a system which cant be changed,(at least not without sacrificing some anonymity and/or perhaps some aspect of free communication). We seem to dive straight for the defensive line and concede that we need to put ourselves to the trouble, of the cat and mouse game in which we are always the mouse.

I can never quite fathom, why it is presumed that it would be too hard to make the origin of any piece of information or executable code traceable to it’s source. I can’t see why sizable proportions of the web-page related malware cant be nipped in the bud before the browser even handles it.

The way I see it there needs to be fixed guaranteed  protection of privacy, autonomy and anonymity while allowing the developer to invoke the browser code. Firstly there needs to be some authority and policing and that can’t be left to individual national governments. The web is no mans land, even though the USA dominates its population. No taxes are collected to fund central governance and so nobody will tend to want to foot the bill. If this is rectified, then we have a scenario which is at least amenable to accountability.

Nobody wants to pay a levy but considering the volume money made on the Internet, the cost of some protocols and services to police malicious activities is trivial. Big profitable business enjoying (exploiting?) this very economical and lucrative medium should be happy to forgo a tiny fraction of their spoils and support the cause.

On the software side I would envisage that some stop-checks might be put into place, somewhat resembling Pretty Good Privacy (PGP). It may become necessary to deploy a universal licensing program for every live web-server on the Internet, whereby each installation generates a unique pair of PGP (public & private) keys. Web pages, would all originate from a licensed unique source. The personal information for the source is not revealed in public, because you can only have the public key. Even so, that is a unique identification and can be used to decrypt the details.

As much as I dislike punative measures for social control, I think it needs to be noted that these little assholes committing crimes no different than willful vandalism at best. Some are  incorporating invasion of privacy, fraud (phishing scams etc.), and if browser windows perpetually spawn intermittently with modal dialogue that requires a response which can only generate a new window, then this is no different than a car jacking. My computer has been hijacked and in the real world that is a serious criminal offense.

Well guess what? I am in the real world (some would disagree ;)) and so is my computer. If somebody’s malware is hijacking my computer, they deserve to be hauled out of their apartment in hand cuffs and thrown into the Porridge And Iron Bar Resort. For a few months to a year. Cracking security to get into private areas of a system should be the equivalent of break and enter in real home. Not to mention invasion of privacy. Assuming the effort to crack a system is not for a Sunday stroll through the victims file system, no doubt there will be other mischief afoot. Maybe fraud is on the agenda. Maybe plagiarism or petty theft.

Anyhow, besides systems for accountability and stern consequences, there also needs to be authority to exercise punitive measures for Internet crime, that endorses exceptions to the suspects privacy rights. Consider how graffiti on a fence might be used to espouse rights to free speech, but we wouldn’t think it a violation of free speech when we punish the offender and make them paint over, or clean off the graffiti now would we? Once the source of an attack has been identified, to the public key of the server, the online policing authority, need to have authorization to Decrypt the web-servers information such as log files to identify the origin of the author of the malware. That calls for another implementation of the PGP security that (usually) keeps the identity and personal information of the web surfer secret, but allows information to pass and be decrypted upon receipt.

One crucial factor in accountability, is to make sure ISP’s have strict Identification procedures for a publishing license. To get an Internet account and surf the net would be no different that it is, but to gain editing/developing authority, that is required by all web servers, you must have the ID security required by a bank. Publishing trivial websites with CMS, forums or blog software etc, is exempt of course, because mo code is required to do so, beyond that of the existing installed software.

If the ISP doesn’t supply the developer with a permanent IP, then available logs must be kept of every reassignment previous and new IPs, the time and public key of the client. Perhaps the ISP will have to have a PGP key pair also for the DNS server. However it presently works, I fail to see how a chain of ultimately traceable information can’t be implemented, efficiently, transparently and entirely without compromising the anonymity of the user.

Incidentally I intend to write up a separate post on this, but I am currently planing the setup, of a non profit organization and the purpose will be to raise funds for other secular NPOs. One of the ongoing fund-raising activities, will be to provide adverting services for charities and NPO’s as well as  Commercial for profit companies, who pass muster on a point scoring star chart (like on youtube videos) that rates the ad for ethical standards of the ad itself the company and its products and service. I’d like to think that virus & Trojan contaminated ads would not stand a chance on this system.

One Comment leave one →
  1. dma permalink
    April 2, 2010 12:18 pm

    you little liars do nothing but antagonize…

    and you try to eliminate all the dreams and hopes of humanity…

    but you LOST…


    Einstein puts the final nail in the coffin of atheism…



    atheists deny their own life element…



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: