The security industry

(Text status: almost complete)

As seen from the previous topic, computer security is increasingly a big business with a wide spectrum of different players. Today, let us look at the main areas of the industry.

Anti-malware applications
This is perhaps the most widespread and also the most venerable branch of computer security industry, even if computer viruses are a relatively new phenomenon (compared to the history of computing in general - first computers appeared at the end of 40s, viruses started to spread widely only in the Microsoft Age, starting from MS-DOS at the 2nd half of 80s). For quite many years, the stress was predominately on anti-virus software.

During this early period, the security industry branch formed. Anti-virus software, which initially was produced as freeware or shareware by individuals or small firms, gradually turned into full-weight proprietary products governed by larger companies or special divisions of top producers of various utility software (e.g. Norton/Symantec). The steady influx of new viruses ensured the continuity of profits, while the malware itself was often relatively simple and trackable by specific code (so-called signatures).

Nowadays, the malware trends are leaning heavily towards spyware, as the 'old-school' file viruses are all but extinct (about 10 of them are still reported to be alive). With the advent of the new century, the malware paradigm shifted from simple malice (vandalism or 'practical joke') to more direct, economic incentives. The malware of the new century strives to generate direct monetary benefit to the author, using a number of ways - adware, pop-ups, browser redirection to ad pages, rogue diallers (where dial-up is still used) etc. Pure theft using the 'intercepted' information has also gradually surfaced - mostly Internet banking frauds using keylogged codes or credit card frauds (computer crime will be discussed more thoroughly in a coming lecture).

This has forced the security industry to adapt as well. In addition to old-style signature-based detection routines, modern anti-malware applications are making use of more heuristic algorithms. The products are also more complex, including anti-phishing routines, firewalls etc. In general, today's anti-malware cannot just be limited to a pattern search - it should do its best to discover the overall weak spots and open doors on the system and advise the user how to solve the problem.

Main players in this field include:
 * Symantec with its Norton Antivirus
 * McAfee
 * Sophos
 * Panda
 * Kaspersky
 * F-Secure
 * Trend Micro

Of freeware (no-cost, but closed software) solutions, among the most common ones are:


 * avast! by ALWIL Software - anti-virus and anti-spyware
 * AVG Free by Grisoft
 * Spybot S&D by Safer Networking - the prime freeware anti-spyware tool
 * AdAware by LavaSoft - spyware/adware remover

What is also interesting to note - the free and open-source software world has up to quite recently been quite passive in this field (compared to many other kinds of software). This may partially be attributed to the fact that malware is mostly limited to Windows platforms and does not have significant impact on Unix-based systems. However, as more free/open-source software is built for Windows platform, free anti-malware projects like ClamAV have been established to improve safety. Still, the prime role is played by commercial vendors here.

(Personal) firewalls
This category consists mostly of complex software packages which feature a firewall as a central point. This is a relatively fresh branch of security industry, rising into prominence at the beginning of this century.

The history of firewall technology dates back to the end of the eighties, when the Morris worm laid the foundation of computer security as a separate discipline. First firewalls were mostly built to keep unauthorised people from getting into systems, while letting legitimate users out. The first commercial firewall was the SEAL by Digital Equipment Corporation (DEC). However, until the end of the century, firewalls remained part of quite specific server equipment which were only needed for the larger nodes of Internet, not everyone's personal computer. Linux as an initially server-oriented system got its first firewall in 1994 (Linux version 1.1), when Alan Cox brought over the ipfw firewall from the BSD Unix. Since then, most variants of Linux have had strong firewall applications included - and being free and open-source as well as high quality, it did not leave much room for commercial, proprietary development.

On the other hand, Microsoft products (MS-DOS and Windows) did not deem firewalls necessary until the beginning of the new century, as only Windows XP got the first rudimentary firewall (and later Service Pack 2 turned it on by default). This left ample room for third-party applications, which soon formed a separate segment besides anti-virus and content-filtering software. Moreover, as spyware emerged as the primary threat for ordinary users, personal firewalls appeared - instead of regulating traffic in a network node, these products were focused on protecting single machines. Many anti-virus vendors (Norton, McAfee, Kaspersky, Sophos) have also built their own firewall packages; of no-cost Windows software, ZoneAlarm is possibly the most used.

Security by subscription
While the subscription model (free or paid initial software plus regular paid updates) has been used by anti-virus companies (McAfee, F-Secure) for quite a long time, the current developments include 'security outsourcing' or essentially distant monitoring and security audit with problem-solving when needed. Probably the most known such initiative is Microsoft Live OneCare which currently is sold at USD 49.95 per year (for up to three computers).

While this is possibly a handy solution for casual users, the system has already been criticised for establishing unfair obstacles to competing software (the Java case). Another controversial issue is the possibility to monitor the client machine to discover illegal software and content - while license violations are not the way to go, neither is snooping at one's clients.

Content filtering
Interestingly enough, this is a huge industry almost uniquely in the United States, being next to unknown in other Western countries (see the biggest censors at, though as lately, Australia seems to be moving to the same direction ). Although computer and Internet censorship is present in many places, private censorship industry as such exist only in the US - in other censoring countries - e.g. China - it is mostly done as a centralised, governmental activity. Of known examples from developed countries, Norway and Denmark have small-scale filtering used by Internet service providers against proven distributors of child pornography. Italy has banned making bets abroad over the net. 

However in the US, this kind of activity is usually promoted in public as a measure against the unwanted content of the Internet, keeping things like pornography, violence and extremism away from the computers of ordinary people. Thus, the filtering has found wide use in the US, being applied in most public places (the CIPA or Children's Internet Protection Act made content filtering mandatory for all public libraries who apply for government grants). Regardless of many scandalous cases, the content filtering industry is blooming in the US, as seen from the following list of products (which apparently have got large enough market to share rather peacefully):


 * Bess (N2H2)
 * CyberSitter (Solid Oak Software)
 * CyberPatrol (SurfControl; top choice in the US)
 * Net Nanny (Net Nanny Software)
 * NetRated (PC DataPower)
 * Smartfilter (Secure Computing Corporation)
 * Surfwatch (SurfControl)
 * I-Gear (Symantec)
 * Websense (Websense)
 * X-Stop (f8e6 Technologies)

The main problems with content filtering
The main issue which is extensively debated upon is: which one is more important, ensuring decency or free speech? Both sides have got their arguments. But the free speech restriction is not the only problem:

The problem is that testing has often revealed many cases of different agendas behind the filtering criteria. The Censorware.net product reports show many interesting results. As a good irony, the FilteringFacts.org, a prime pro-filtering website of that time (now offline; the link points to the website image at the Internet Archive), was blocked (as Drugs/Alcohol) by SurfWatch, which was in fact their top recommendation as home filtering software.
 * All the abovementioned software packages are proprietary software - it seems that content filtering is in a kind of inherent contradiction with the hacker-minded free and open-source software, so there are almost no projects in this field. In the case when central unit of the software - the database -  is closed and protected by intellectual property laws as a trade secret, the users have to trust the producer's decisions on filtering. Even if they find a way to modify the software behaviour, it will turn out to be illegal.

In July 2001, the Beaver College in Philadelphia changed its name to Arcadia University. While the official explanation cited thorough changes which necessitated new name, many sources refer to the sexual meaning of the word in American slang and subsequent mass blocking of the college website by content filtering packages. 
 * Most of the natural languages are far too rich to be adequately filtered by the current state of technology. Examples even include filtering out the word "breast", not to mention various slang words (perhaps the best example can be seen here). One more real-life example follows.

As a final remark: in 2000, the Digital Freedom Network hosted a contest on the most extreme blunders of content filtering. The results are here (the main site has taken it down since, but copies exist elsewhere): the winner case had a high school website blocked due to the 'high' in its name...

Summing up
As seen from above, the computer and Internet security has grown to a large industry, especially in the US. While the effectiveness often varies, it will likely thrive further in the near future. As long as there are clueless users and unreliable systems (and their numbers growing), there is a need for security - and there is money to be made out of this.

For discussion

 * How does the malware situation of today differ from the one at the beginning of 90s?
 * Why did it take so long from Microsoft to include a firewall to their operating system?
 * How do you regard the 'security outsourcing' by subscription (e.g. MS Live OneCare)?
 * Bring some arguments for both sides: Parental control / content filtering vs freedom of speech and expression
 * When applying the content filtering, would it be preferrable to err towards the laxness (let through what should have been blocked) or tightness (block what should have gone through)?
 * Read the Australian comparison of Internet policies [5]. Which model would you prefer?

Links

 * AVOLIO, F.M. (2003) Firewalls: A Brief History. @ avolio.com
 * Personal Firewall Reviews @ firewallguide.com
 * EDELMAN, B. (2003) Sites Blocked by Internet Filtering Programs. Edelman Expert Report for Multnomah County Public Library et al., vs. United States of America, et al.
 * MINOW, M. (2004). Lawfully Surfing the Net: Disabling Public Library Internet Filters to Avoid More Lawsuits in the United States. First Monday, Volume 9, Number 4, April 2004
 * Blocking Software FAQ.