Keep your PC clean - or we'll shut you down

UK and US users reject Oz supernanny model

  • alert
  • submit to reddit

Top 5 reasons to deploy VMware with Tegile

Analysis When it comes to protecting our personal and financial data online, the Australian solution – of cutting off users who fail to maintain their PC security - may have a lot of appeal.

But in the week when UK consumers are asked to turn their minds to questions of online safety, the real focus may need to be not so much on technological fixes, as on the underlying legal framework – and the lack of trust that most people have for financial institutions.

First up is that Australian solution. From December, ISPs will be encouraged to alert customers when their computers are taken over by hackers. So far, so good. The sting in the tail, however, is a parallel proposal that means ISPs may – or may even be encouraged to – limit access to the net if users fail to take prompt action.

The advantages of such a scheme are obvious: early and strict intervention would go a long way to disrupting botnets, which in turn are a major source for DDOS attacks elsewhere on the net. Since the Australian government has, itself, been the target of such attacks in the last year – most notably in protest over its internet filtering plans – it is clear that many would consider this scheme to be worth pursuing.

Other governments are also expressing an interest in this approach. Yahoo reports that Obama administration officials have been meeting with industry leaders and experts to address the issue of increasing online safety and securing the internet while balancing off individual privacy and civil liberties.

White House cyber-coordinator Howard Schmidt told the Associated Press that the US is looking at a number of voluntary ways to help the public and small businesses better protect themselves online. He told AP: "Without security you have no privacy. And many of us that (sic) care deeply about our privacy look to make sure our systems are secure".

Nonetheless, the Australian model is likely to run into fierce opposition from US critics, who continue to prefer a vision of the internet much closer to the Wild West than the tame shopping mall environment favoured by much US business.

A slightly different take on this issue is likely to emerge in the UK. Consumers want protection. However, in a report (pdf) released in support of the sixth National Identity Fraud Prevention Week, which started yesterday, the somewhat depressing finding for business is that less than 10 per cent of British citizens completely trust how companies handle their sensitive data.

There is also a deep-seated suspicion that "solutions" in this area are more about protecting the backs (and bottom lines) of corporate finance, than looking after consumer interests.

Consumers may have a point. One of the earliest instances of browser hijacking occurred in the years before broadband became widespread. A virus would download on to a user’s machine, log them off – and instantly re-log them to the internet through a premium rate call service.

Although a BT spokesman told us yesterday that BT eventually refunded some customers, the line at the time was one of strong resistance: customers were responsible for what happened on their home equipment – and therefore failure to block such an attack meant they were liable for any additional charges. This led to the ludicrous situation where BT was threatening to take court action against OAPs in the UK for failing to hand over money that was destined to fill the coffers of organised crime elsewhere in the world.

Similar issues arose with unauthorised cash machine withdrawals. According to the Banking Code of Practice, customers are indemnified against unauthorised use of their cards – providing they have not been negligent (by, for instance, writing down their PIN). In theory, it was up to banks to prove negligence: many simply took the view that a breach of their cash machine security was prima facie evidence of negligence – because their security was unbreakable! – and in some instances even prosecuted the victims for fraud.

Have matters improved? The BBC reports today that an increasing number of banks and retailers are obliging or requesting their customers to sign up for online security systems Verified by Visa or Mastercard SecureCode with customers on the grounds these will offer extra protection against fraud.

However, online security experts at Cambridge University criticise these systems on the ground that they encourage individuals to key confidential information into pages that they cannot be sure are genuine - and customers could end up liable for the loss.

Once again, there is evidence of individuals who have been defrauded by this route finding that banks are as likely to treat them as suspects as potential victims.

In the end, cutting off internet users and blaming victims for their plight may be a useful stick with which to beat the population into vigilance. But if ISPs and financial institutions rely only on the stick, they may find themselves running into increasing resistance from consumers who feel that responsibility should be shared – and not downloaded on to them. ®

Internet Security Threat Report 2014

More from The Register

next story
'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
More alleged private, nude celeb pics appear online
Home Depot ignored staff warnings of security fail laundry list
'Just use cash', former security staffer warns friends
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Freenode IRC users told to change passwords after securo-breach
Miscreants probably got in, you guys know the drill by now
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
prev story


Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.