The security industry

Allikas: KakuWiki
Redaktsioon seisuga 25. juuli 2006, kell 22:46 kasutajalt Kakk (arutelu | kaastöö) (→‎Anti-malware applications)
Mine navigeerimisribaleMine otsikasti

As seen from the previous topic, computer security is increasingly a big business with a wide spectrum of different players. Today, let us look at the main areas of the industry.

Anti-malware applications

This is perhaps the most widespread and also the most venerable branch of computer security industry, even if computer viruses are a relatively new phenomenon (compared to the history of computing in general - first computers appeared at the end of 40s, viruses started to spread widely only in the Microsoft Age, starting from MS-DOS at the 2nd half of 80s). For quite many years, the stress was predominately on anti-virus software.

During this early period, the security industry branch formed. Anti-virus software, which initially was produced as freeware or shareware by individuals or small firms, gradually turned into full-weight proprietary products governed by larger companies or special divisions of top producers of various utility software (e.g. Norton/Symantec). The steady influx of new viruses ensured the continuity of profits, while the malware itself was often relatively simple and trackable by specific code (so-called signatures).

Nowadays, the malware trends are leaning heavily towards spyware, as the 'old-school' file viruses are all but extinct (about 10 of them are still reported to be alive). With the advent of the new century, the malware paradigm shifted from simple malice (vandalism or 'practical joke') to more direct, economic incentives. The malware of the new century strives to generate direct monetary benefit to the author, using a number of ways - adware, pop-ups, browser redirection to ad pages, rogue diallers (where dial-up is still used) etc. Pure theft using the 'intercepted' information has also gradually surfaced - mostly Internet banking frauds using keylogged codes or credit card frauds (computer crime will be discussed more thoroughly in a coming lecture).

This has forced the security industry to adapt as well. In addition to old-style signature-based detection routines, modern anti-malware applications are making use of more heuristic algorithms. The products are also more complex, including anti-phishing routines, firewalls etc. In general, today's anti-malware cannot just be limited to a pattern search - it should do its best to discover the overall weak spots and open doors on the system and advise the user how to solve the problem.

Main players in this field include:

Of freeware solutions, among the most common ones are:

What is also interesting to note - the free and open-source software world has up to quite recently been quite passive in this field (compared to many other kinds of software). This may partially be attributed to the fact that malware is mostly limited to Windows platforms and does not have significant impact on Unix-based systems. However, as more free/open-source software is built for Windows platform, free anti-malware projects like ClamAV have been established to improve safety. Still, the prime role is played by commercial vendors here.

Security application bundles

This category consists mostly of complex software packages which feature a firewall as a central point. This is a relatively fresh branch, rising into prominence at the beginning of this century.

Content filtering

Interestingly enough, this is a huge industry almost uniquely in the United States, being next to unknown in other Western countries (see the biggest censors at [1], though as lately, Australia seems to be moving to the same direction [2]). Although computer and Internet censorship is present in many places, private censorship industry as such exist only in the US - in other censoring countries - e.g. China - it is mostly done as a centralised, governmental activity. Of known examples from developed countries, Norway and Denmark have small-scale filtering used by Internet service providers against proven distributors of child pornography. Italy has banned making bets abroad over the net. [3]

However in the US, this kind of activity is usually promoted in public as a measure against the unwanted content of the Internet, keeping things like pornography, violence and extremism away from the computers of ordinary people. Thus, the filtering has found wide use in the US, being applied in most public places (the CIPA or Children's Internet Protection Act [4] made content filtering mandatory for all public libraries who apply for government grants). Regardless of many scandalous cases, the content filtering industry is blooming in the US, as seen from the following list of products (which apparently have got large enough market to share rather peacefully):

The main problems with content filtering

The main issue which is extensively debated upon is: which one is more important, ensuring decency or free speech? Both sides have got their arguments. But the free speech restriction is not the only problem:

  • All the abovementioned software packages are proprietary software - it seems that content filtering is in a kind of inherent contradiction with the hacker-minded free and open-source software, so there are almost no projects in this field. In the case when central unit of the software - the database - is closed and protected by intellectual property laws as a trade secret, the users have to trust the producer's decisions on filtering. Even if they find a way to modify the software behaviour, it will turn out to be illegal.

The problem is that testing has often revealed many cases of different agendas behind the filtering criteria. The product reports show many interesting results. As a good irony, the, a prime pro-filtering website of that time (now offline; the link points to the website image at the Internet Archive), was blocked (as Drugs/Alcohol) by SurfWatch, which was in fact their top recommendation as home filtering software.

  • Most of the natural languages are far too rich to be adequately filtered by the current state of technology. Examples even include filtering out the word "breast", not to mention various slang words (perhaps the best example can be seen here). One more real-life example follows.

In July 2001, the Beaver College in Philadelphia changed its name to Arcadia University. While the official explanation cited thorough changes which necessitated new name, many sources refer to the sexual meaning of the word in American slang and subsequent mass blocking of the college website by content filtering packages. [5]

As a final remark: in 2000, the Digital Freedom Network hosted a contest on the most extreme blunders of content filtering. The results are here (the main site has taken it down since, but copies exist elsewhere): the winner case had a high school website blocked due to the 'high' in its name...

Summing up

As seen from above, the computer and Internet security has grown to a large industry, especially in the US. While the effectiveness often varies, it will likely thrive further in the near future. As long as there are clueless users and unreliable systems (and their numbers growing), there is a need for security - and there is money to be made out of this.

For discussion

  • Bring some arguments for both sides: Parental control / content filtering vs freedom of speech and expression
  • When applying the content filtering, would it be preferrable to err towards the laxness (let through what should have been blocked) or tightness (block what should have gone through)?
  • Read the Australian comparison of Internet policies [2]. Which model would you prefer?