Forwarded From: William Knowles <erehwon@kizmiaz.dis.org>
http://www.feer.com/Restricted/99may_20/tech.html
(Feer.com) [5.20.99] How personal are personal computers? At the rate
Asian companies and individuals are exposing their computers to on-line
infection and intrusion, they may as well drop the "P" from PC. The
information highways are proving very public, but many Asians are
travelling naked and defenceless.
Computer viruses are the region's biggest problem. Two major virus attacks
in March and April crippled hundreds of thousands of Asia's computers.
Then in late April, the Singapore government was caught snooping into PCs
without seeking permission from their owners. The incidents have
highlighted the need to protect PCs from viruses and unwanted
intruders--protection that's sorely lacking in the region.
While multinational companies now keep a constant vigil on the security of
their computer networks, many other companies and individuals have left
themselves vulnerable. To protect against viruses, they need to install
and diligently update antivirus software, which costs an average of $50
per program for personal use. Large companies have for many years
installed virtual "firewalls" that combine antivirus, antihacking and
other protective software, but antihacking and personal-data security
programs are only just becoming commercially available to individual PC
users.
The latest virus hit more than 650,000 computers in Asia. Named Chernobyl,
it remained dormant until April 26, the 13th anniversary of the Chernobyl
nuclear-plant disaster in Ukraine. On that day, the virus disabled
computers, destroyed programs and erased large amounts of stored
information. Xinhua news agency reported that 360,000 PCs were affected in
China. The virus's Taiwanese creator, 24-year-old Chen Ing-hau, said he
had wanted to cause mayhem on the mainland. Chen was arrested but released
without charge due to a lack of plaintiffs in Taiwan, where no infections
were reported.
"Chernobyl's been known about and treatable for over a year and still
people were caught out," says Daniel Schneersohn, Hong Kong-based
regional director for Symantec, an American maker of antivirus software.
He says many customers had such software installed, but had simply not
activated it. Half of the damaged PCs in China, for instance, had
protective software that was not turned on. Although most corporate PCs
shipped to South Korea since 1997 contain antivirus software, Chernobyl
infected an estimated 250,000 PCs in that country. Many companies allow
their employees to turn off antivirus software, which can slow down the
computer while it monitors infections. Many users had failed to keep
installed software up-to-date. "It's not enough to buy antivirus software
and install it or even activate it," says Schneersohn. "You've got to
update the software--the antivirus companies update the virus threat lists
every week."
Eric Sheridan, director of Asia business development for U.S.
computer-systems company Corporate Software & Technology, says most of his
customers, almost all multinationals, escaped Chernobyl unscathed. "Our
customers all have ongoing contracts for security and virus protection, or
they have good in-house teams at work," he explains.
Most at risk are individual PC users and companies with less sophisticated
information-technology departments, Sheridan says, especially as they make
increasing use of the Internet. "Once you have a few offices up and
on-line you have to take outside threats like viruses and hacking
seriously."
Schneersohn agrees that while multinational firms are taking these threats
seriously, the rest of the Asia-Pacific isn't. "Even some big listed
companies in Hong Kong don't use antivirus protection," he says.
Smaller businesses in particular have turned to pirated antivirus programs
during the economic crisis to keep costs down. But they lose the
advantages of software support and advice, says Schneersohn. "It's
software use at its lowest level and that's why the highest level of
infections are in small businesses and homes" where pirated programs are
most prevalent.
Still, even pirated-software users could have protected themselves by
downloading updates of antivirus programs from the manufacturer's Web
site. For now, most software companies don't bother to trace pirates who
download updates, says Schneersohn--although Symantec's next generation of
antivirus software will update only registered users.
Just as the dust settled from the Chernobyl attack, Internet users in
Singapore were faced with a more organized affront to their computer
privacy. SingNet, an Internet service provider, acknowledged that it asked
the Home Affairs Ministry's IT security unit to scan its customers' PCs
for viruses without their consent. SingNet is owned by Singapore Telecom,
which is in turn 80%-owned by the government. SingNet's actions only came
to light because a student, who had downloaded antihacker software from
the Internet onto her PC, traced the scan back to the ministry.
SingNet's home page on the Web apologizes for the intrusion--"We should
have informed you first," it says--and invites visitors to voluntarily
submit to the virus search instead. The company says the scanning did not
"enter" any PCs nor unveil any personal data. Also, SingNet claims it
found 900 PCs infected with "trojan horse" viruses that allow hackers to
enter computers via the Internet and take almost complete control.
The SingNet action and the discovery of the "trojan horse" viruses
highlight the ease with which PCs can be snooped on while on-line. "If
breaking in is so easy, some less scrupulous companies may well start
thinking that it might be worth throwing a few bucks at some kid to look
into their competitors' files," says Schneersohn.
For personal and small-business users, encryption is one option for
protecting confidential data from hackers. But use of encryption is either
illegal or legally untested in many Asian countries. A second option is to
remove confidential data to a separate disk drive and access it only when
the user is off-line.
To protect stored data while the user is on-line, demand will probably
grow among personal and small-business PC owners for simpler versions of
the "firewalls" that large companies use to protect their computer
networks from intrusion.
Schneersohn says antivirus software makers are already looking into the
market. "Many people want to block access to personal files to all third
parties--you could call it a personal firewall. They simply want to regain
control of what's happening on their computers."
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Hacker News Network [www.hackernews.com]
Received on Mon May 17 19:37:28 1999