Leaky PC syndrome - who's to blame; what's to be done?

ISPs asked to do better

When a number of people found themselves with leaks in the walls of their houses, admitting water, in 2003, the problem was dignified with the name of “the leaky building syndrome” and we had a Parliamentary inquiry and an apparatus set up for dispute resolution.

The question of who and what was to blame for leaky buildings and how the Government and building industry might go about repairs, reforms and compensation occupied politicians and the media for months.

We’re now seeing a rising volume of complaint about what might be called the “leaky computer syndrome” — those machines, particularly consumer PCs, that have not had their operating systems and associated software patched to the latest standard, leaving them vulnerable to attack by worms and similar malware..

Such vulnerabilities, or “issues” as Microsoft likes to call them, are a danger not so much to the computer suffering them as to others connected to the internet. Infected machines are liable to become “zombies”, controlled by a remote malicious user and used to spread viruses, spam and other nasties that lead people to curse computers and the internet.

The State Services Commission’s e-government unit, conscious of the potential risk to the success of e-government if people hesitate to use the internet, has asked if internet service providers should take more responsibility for alerting their customers to the fact that their patches are not completely up-to-date.

InternetNZ has also alluded to the problem and to ISPs’ share of the responsibility in the working paper towards its Code of Practice for providers (Computerworld, February 7).

Xtra spokesman Nick Brown says the company considers it “a priority” to communicate to customers the principles of keeping their internet-connected computers secure. “We ran a campaign mid-last year emphasising three points; make sure you have an adequate firewall, scan for viruses regularly with an updated antivirus product and make sure your operating system patches are up-to-date.

"We have set up two dedicated emails for customers having security concerns to report network abuse and unauthorised systems access," he adds.

Because unexpectedly high traffic is one sign of a possible infection, Xtra offers automated usage warnings so customers can check their internet usage, he says.

However, "it is unrealistic to expect internet providers to individually monitor each customer's computer, detect if a customer’s computer has become infected or compromised in some way or force customers to implement client-side security measures," Brown says. "This type of activity would be invasive for the customer and logistically impractical for the provider."

TelstraClear's Michael White says the company has warned apparently infected users of its ISPs, ClearNet and Paradise, and even cut some off when they did not remedy the problem in a suitable time. However, the task can't currently be automated, he says.

"You might be legitimately using the same port that the worm uses, and the last thing we want to give you is a mailbox full of automatic 'cease and desist' requests when you haven't done anything wrong." Management of the problem "needs person-to-person contact" and ISPs do not have the staff levels to deal with every case, he says. Fortunately most offending users seem to read about the vulnerability and find the patch quickly and most problems are brief. "They fix it quicker than we could contact them."

The e-government unit report expresses confidence that “ISPs provide a level of support for customers whose machines are so damaged or affected by hostile programs that they are unusable.

“However,” it adds, “there are large numbers of home machines with broadband connections which have been compromised but which are not the subject of complaints by their owners and are presumably still usable.

“While ISPs are often aware of these compromised customer machines because of the traffic they generate, some take no action because of the cost and implications for their customer relationship. This is a serious issue, because of the risk of coordinated attacks using a network of such computers, and because of the potential breach of confidentiality in transactions made with government using a computer that has been compromised.”

E-government unit head Laurence Millar says, however, no further independent action will be taken on that part of its report. Rather the unit is consulting with InternetNZ and waiting to see what comes out of the code of practice first.

Other sources commenting on the e-government report feel inclined to blame the perennial whipping-boy, Microsoft — chairman Bill Gates and local Microsoft staff are quick to acknowledge past failings and stress the new emphasis on “trustworthy” computing, with Gates pointing in a recent television interview to the increasing number of users obediently downloading all their Windows fixes.

A third target is, naturally, the PC vendors, particularly the retail stores who, some local internet specialists say, are too apt to make a quick “box sale” of a machine that has been in the store for some weeks and is not patched to the latest standards, without necessarily making it clear to the user that this should be done.

A tyical reaction comes from staffer Eddie Hunt at the Big Byte store in Wellington, who says all its PCs are updated to Service Pack 2 level, "but we've got hundreds of PCs on the shelves and we can't keep them updated beyond that." Does the store have a policy of instructing users to log in immediately and regularly for their automatic updates? "Yes, and also to keep their virus checker updated," he says. "Well, I make a point of doing that anyway; I don't know about anyone else."

Join the newsletter!

Error: Please check your email address.

Tags leaky PC syndrome

More about BillMicrosoftParadiseState Services CommissionTelstraClearXtra

Show Comments

Market Place

[]