Don't Overreact

Last week, Yetzer-Ra, a hacker source and Windows NT administrator, telephoned me. He was bent out of shape because his Internet service provider (ISP), Seattle-based Speakeasy Network, e-mailed its 25,000 members to inform them of an impending scan of Port 7597 for QAZ Trojan horse activity. Customers who didn't eradicate any Trojan horses within 48 hours would be subject to suspension of service until "you assure us that you have cleaned your machine," the memo said.

QAZ is the latest hidden executable program that propagates through Microsoft Corp.'s network file sharing.

It's not just ISPs that are taking hard-nosed stances against security threats. Businesses are also dropping what are, in some cases, valuable productivity tools because of security concerns. But reactive policies like these are a bad idea. Even though Speakeasy's memo included help links, Yetzer says the provider's technically illiterate members would still struggle to repair their own machines.

If such policies spread to other ISPs, the result could be the exclusion of everyone except the technically literate, leaving online retailers out in an empty marketplace.

"You could almost view it as a kind of dress code," says Todd Kaufmann, a principal security architect at eBuilt Inc., a Web development company in Irvine, Calif. "They're saying, ‘We won't give you access to our network unless you show a certain amount of hygiene.'"And what happens when companies cancel collaborative programs like instant messaging and file sharing?

Charles Biggs, vice president of systems engineering at NetGuard Inc., a firewall vendor in Wakefield, Mass., says he's seen clients disconnect instant messaging and file sharing at the expense of productivity.

"They just turn (instant messaging) off, even if they need it," Biggs says. "I wouldn't. My field-support guys couldn't work without it."

Mitchell Hryckowian, an infrastructure manager at Interliant Inc., an application service provider in Purchase, N.Y., argues that dropping insecure applications and exerting customer security controls are inevitable reactions to an insecure Internet.

But there's a more reasonable solution. Before doing anything reactive, take the time to analyze your business needs. If the service in question is integral to the company's productivity, then keep it. Just minimize your risk by staying up-to-date on versions and patches, says Yetzer. Also, watch for new vulnerabilities by checking Bugtraq mailing lists and Web sites, keep your security software up-to-date and password-encrypt file sharing and instant messaging.

ISPs should also proceed with caution. If a provider decides to take a hard line, then it better have a strong technical team to back up its customers, as Speakeasy did.

Speakeasy started with an education campaign about two months ago, informing members of the QAZ virus and describing the Trojan horse in plain, easy-to-understand language, explains Riley Bruington Hassell, a member of the company's security team. The final e-mail linked to directions for turning off and encoding file sharing, and it included a number for telephone support.

Aside from Yetzer, Speakeasy experienced no customer fallout, according to Bruington Hassell.

Deborah Radcliff is a Computerworld feature writer. Contact her at deborah_radcliff@computerworld.com.

Join the newsletter!

Error: Please check your email address.

More about EBuiltInterliantMicrosoftNetGuardSpeakeasyWakefield

Show Comments

Market Place