As April draws to a close, most people have probably already forgotten about the April Fools event that did not happen, this year: the massive internet disturbance, much warned about and ballyhooed in the press, caused by the computer worm called Conficker.
A computer worm is, put simply, a form of malicious software that insinuates its way onto people’s computers, and then uses those computers to infect yet more computers.
Whether or not they carry any destructive “payload” at the time, their mere presence on a host of internet-connected computers is a source of power to the people who control them, and a source of concern to their potential victims.
The Conficker worm has been particularly successful at propagating itself.
Recent estimates place the number of infected computers at as many as 10 million machines, though to date it has not done very much overt damage.
That does not mean it is not dangerous; it means only that the danger it represents is not understood by today’s non-technological press or non-technological public.
Neither of them have yet cottoned to the epochal change that has come over the internet over the past decade, or to the different nature and scope of the dangers of that new epoch.
The 1990s were the Wild West days of the internet.
The young-gun hackers in those days operated either alone or in small groups, pulling off spectacular money heists or just shooting up the joint with worms or viruses.
The internet of the new millennium is more like the Roaring Twenties.
Now, organized crime gangs fight for territory, and run extortion and other crime rackets from the machines they control.
They operate by taking over inadequately protected computers on the internet, and turning them into “zombie computers” secretly connected to their criminal network (a botnet), after which can be used to do the gang’s bidding when the need arises.
That this epochal change has come about is partly due to changed historical circumstances—the “wiring” of semi-criminal states like China and Russia; the burgeoning of internet connectivity in Second and Third World countries—but a goodly portion of the blame for it belongs to the Microsoft Corporation’s incompetence and irresponsibility.
Though a Mac version of a botnet has recently been discussed in the press, the fact is that all existing botnets feed on vulnerabilities in Microsoft’s Windows operating system.
In part, this is just a matter of Microsoft being a victim of its own success.
According to a December, 2008 survey, 88.14 per cent of computers connected to the internet are running a Windows operating system of some sort (mostly XP, it is to be expected), compared to 9.77 per cent using Mac’s OS X, and 0.90 per cent using some form of Linux.
If you are going to exploit security holes in an operating system, it makes sense to go after the one that makes up almost 90 per cent of the market.
It also helps that Windows has historically been, and by current evidence still remains, so very vulnerable to such hack attacks.
To make matters worse, though, Microsoft has further compounded the problem with its licensing rules on the use of Windows XP and Vista.
If you want to run either of those systems legitimately and safely, you have to register your copy of the operating system on line with Microsoft.
If you don’t do that, your computer may continue to run more or less OK, but you are not going to be able to download any updates to your operating system—and updates, these days, are almost invariably security-related.
It is that restriction, in fact, that has allowed the crime gangs to spread their botnets so far and wide, particularly in emerging economies like Brazil, China and Russia.
Each of these countries features a rapidly growing economy, with an exploding information technology market, and very weak enforcement of things like software copyrights.
It is common practice for individuals and businesses to run their computers on unregistered (and therefore unprotected) versions of Windows.
Given that these very same countries are also hotbeds of internet crime activity and botnet creation, Microsoft’s licensing practices have had the effect of turning them into enormous seed beds for zombie computer networks.
It is a problem that is going to persist until Microsoft finally accepts that its basic Windows operating system should be free, and that security updates should be freely provided to all computers using it.
The commodity-based model the company stubbornly adheres to now is both bad for its own long-term business case, and bad for computer users all over the world.
It would be quite easy for Microsoft to shift to a more service-based business model—charging for non-security related functionality updates, for instance, or providing enhanced support or functionality for paid subscribers—that would discourage software piracy, bring in revenue, and stomp out the breeding grounds for computer worms and botnets.
Until Microsoft becomes both more security-conscious and socially responsible, all of us are going to be victims of its never-ending April Fool’s joke of an operating system.
Rick Steele is a technology
junkie who lives in Whitehorse.