Gallery

Trials were bad Phorm

Posted on 16 Jun 2009 at 00:00

Davey Winder takes a look at Phorm, porn, pirates and the implications of America's Big Red Button...

Oh, and talking of commercial software piracy, here's a little thought about security-related consequences you might like to ponder for a few moments. If you're downloading an illegal, cracked copy of some application then I'd imagine you're not going to let it contact corporate home base to fetch updates and patches or check if it's a genuine licensed copy. But getting no security patches leaves you further exposed to attack, ever-increasingly dragged down the dodgy downloads security spiral. Some vendors such as Microsoft have adopted a better safe than sorry approach to critical security updates under such circumstances, as Chief Security Advisor EMEA Roger Halbheer notes on his TechNet blog: "Some time ago, we decided to deliver critical security updates via Automatic Update, to non-genuine versions of our products. This is not to protect the thieves but to protect the ecosystem. I often get push-back that this is not true, so let me clarify. If you go to the download center or Microsoft Update you will not be able to access these sites with pirated copies but switching on Automatic Update will allow you to get the critical Security Updates."

Obviously, the best advice I can give here is not to install file-sharing clients in order to download pirated material, but I appreciate that some of you (parents of teenagers, for example) might find this difficult to enforce. In this case, I'd recommend a decent security suite that updates automatically and includes string firewalling.

Push this, kill the internet

Sounds a little unlikely, the notion of a Big Red Button that could turn off the whole internet, but don't start laughing too loudly at my way too late attempt at an 1 April joke, because it seems that such a thing is being seriously considered over the pond in America. Ironically, the "Cybersecurity Act of 2009", which would give President Obama the power to effectively turn off all internet connectivity during a cybersecurity emergency, was actually drafted on 1 April. Take a look at the US Senate Committee on Commerce, Science and Transportation website (www.pcpro.co.uk/links/178online), and you'll find a press release detailing how Senator John D. (Jay) Rockefeller IV who chairs the committee insists that: "the increasingly connected nature of our lives only amplifies our vulnerability to cyber-attacks and we must act now", and how co-author of the bill Senator Olympia Snowe argues that "this legislation will ensure we have many of the tools to target, isolate and effectively combat cyber-attacks in America". And one of those tools would be the Big Red Button, albeit a virtual one of course.

The bill seeks that in the event of a cybersecurity emergency being declared in the US, the President should be able to order the "limitation or shutdown of internet traffic", specifically to and from "any compromised Federal government or United States critical infrastructure information system or network." You can't get much clearer than that - these people think they can isolate America from the internet at the drop of a hat, because you can be sure that the internet would be designated a "critical infrastructure information system". If anyone would like to try to explain exactly how an entire nation could be disconnected from the internet, completely and pretty well instantly, perhaps they'd let us know in the PC Pro forums online. Oh, and while you're at it, maybe you should drop Senators Rockefeller and Snowe a quick diagram and crib notes as well.

Download a year of Davey Winder's Online Security columns by heading to our Free Downloads site