The eye is a great deceiver

Computer viruses are showing us just how close we are to one another on the Net. Someone lets one of them loose in the Philippines, Israel or California and, if it’s well-designed, in just a few hours it spreads over half the planet. In so doing it not only fulfils its personal –or corporative– objectives, but also unleashes a spate of public lessons on the Internet, security, criminality, international law, the FBI, consulting companies and everything else related to the networked world. And as if this were not enough, it’s all on a global scale bringing with it all the paraphernalia of worldwide TV coverage in its wake. Thanks to viruses we learn lots, and badly, about the Information Society, but as a certain football coach said, “the important thing is that they talk about you, even if it’s well”.

So, what do we mean by a well-designed virus? Superior programming, sophisticated means of distribution, complex encryption and concealment systems? Perhaps, but basically the virus only has to be designed to take advantage of average efficiency and security levels in use on the Net. It is here that it finds enough holes through which to make its biggest impact. These “average” levels are pretty low at the moment and coming down all the time. If population growth figures go up as predicted over the next few years and numbers of internauts reach the 500 or 600 million mark, then we are really in for a lot of fun. The US can ask for all the cyberpolice it likes, summits to standardise international law (the eternal dream of that supranational state…), hot pursuit of virus disseminators and other such evil growths, but until the basic problem is dealt with, viruses are destined to be the belles of the ball over the next few years.

So what are these basic problems? It’s a simple question of good Net practice. The Internet demands that we apply the same criteria to it as we do to public health: lots of education and good preventative medicine. In other words, exactly the opposite of what is happening at all levels, from the individual to the corporate, at the moment. If we analyse the way we use the Net at present, it’s almost as if we are doing everything in our power to make the virus inventors’ task easier, whether they work independently or for some War Ministry or other. The truth is they have never had it so easy and everything points to an even more brilliant future.

For a start, we are all part of the historical search for standardisation to save us from those eternal, oh-so-irritating differences. Companies impose just one e-mail programme or browser “to make things easier for the technical department”. And this is the open doorway through which viruses get in. It doesn’t matter whether the victim is Microsoft’s Outlook or any other Gates programme. The same would happen if we went for other “standards”. If we think of cyberspace as an artificially designed environment, what we are doing, in short, is drastically reducing its biodiversity. And we leave the field wide open for viruses: an infection in one place immediately becomes an epidemic of phenomenal proportions in the rest. If there were a high number of diverse habitats, different programmes, they would form “natural barriers” to defend the organism. Or, at least virus disseminators would have to work harder and better because security would also be better than it is now.

This is not enough though. The other factor is that of population growth. The Internet, according to the most optimistic predictions, is growing by 90% a year. That means a lot of new people and an increase in the density of information systems. From telephone operators offers for free access to the Net to the overnight incorporation of masses of company workers into the Internet, tens of thousands of new users start navigating the “digital oceans” everyday, and nobody really has stopped to tell them how the boat works and what they will find on their travels.

This lack of training is obvious when it comes to e-mail. More and more messages are sent accompanied by perfectly useless attached files which could just as easily be sent in the body of the message. In addition, of course, the vast majority of these files are put together by the most important word processor on the market. A dangerous cocktail: poor practices and very little diversity. The light-hearted manner with which these (executable or not) files are opened, shows a lack of awareness unparalleled in situations outside the Net. Without knowing where they come from, nor what they contain, and relying on an anti-virus that is possibly older than Koch’s bacteria, people double-click away on the files in question just “to see what happens”. What happens is what happens when a stranger says “I love you” – sometimes they have AIDS and sometimes not.

Companies save loads of money by not training their employees properly. Just a few tips and they’re off. But the fact that even kids can use the Internet like a toy, does not mean that the Net is any less complex. One thing is navigating from page to page to while away the time and quite another is using the tools of the Internet to move vast quantities of information at great speed without much chance for a breather. In these conditions, when not even a quick nap is possible, the threshold of security reaches a very low point indeed and virus makers of all kinds can take advantage of the fact that our guard is down to experiment.

Even looking at it optimistically, things are bound to get worse. Not only because it is so much easier to sow the seeds of panic and propose repressive solutions in the hands of cyberpolice “à la Bruce Willis”, to the delight of Hollywood scriptwriters, but we are also opening the door to juicy new territory for virus manufacturers: cell phones connected to the Internet. With present security criteria in force, any virus worth its salt will be able to spread itself throughout the mobile telephone networks, record our conversations, send them to unreliable people, extract money from our electronic purse, make calls that we are unaware of…. In short, all sorts of fun, whose design and conception already has enough people out there interested and on the lookout for their bit of glory. This might be the ego of some programmer, someone in need of an adrenalin rush, people whose parents smacked them too hard as kids and haven’t got over it yet, Luddites with a cause who want to make themselves felt, corporations who would like to experiment in the field of industrial espionage or armies tired of looking around for a good war.

Whether they operate together or alone, in short-term or strategic alliances, the only remedy is good technology and better practice. We already know that this will not be enough. But, since nobody’s perfect, a world full of cyberpolice, and potential Information Society criminal profiles, where owning a computer might be compared to possessing a kilo of illegal drugs, is not the solution. Will they really believe us when we say it’s for personal consumption only?

Translation: Bridget King