Is Twitter Still Safe?

That's a good question to ask. Fortunately, with a little "common sense" the answer is still yes. But, as I've warned so many times, the world isn't as safe as it appears, so you have to be careful, maybe even a little paranoid.

So, why do I warn so often that I'm beginning to feel like the boy who cried wolf?

The answer is I work on making your computer more secure. I do that for Intel. They also gave me the right to twitter about things I work on--not to give away secrets, but to relay things that I have learned in my job. That doesn't mean I speak for Intel. These are my own insights and opinions. So, while my job at Intel is not to give advice on internet safety, I don't feel I would be doing my job if I didn't pass on things I learned along the way that could help you stay safe. Thus, I pass along these personal tips, one fellow human being to another.

If you've read previous blog postings by me, you will see how I've talked about related topics before, email spam, general twitter safety, etc.

This time, I'm going to address the current variation of that same problem: Direct Message (DM) attacks.

Twitter has gotten popular and important enough to merit its own attacks. It is not clear how serious these attacks are, but we know for certain that the attacks are acting like a worm or virus, spreading from one hacked account to others. The way this attack appears to spread is through DMs sent from the hacked accounts. The DM goes out to the followers and invites them to play a game (test your IQ) or visit a site where the followers information is supposedly saved. I've gotten both of those messages from tweeps who I was following and were hacked.

Next, when you visit the site, the site needs your twitter information, either by you logging in, or by you telling twitter to allow the application access to your account. Either way, the application then gets accessed to your account, and you've been "pwned". The application now can mascarade as you and use your follower list to spread farther.

Now, if this is all the hack is, it is basically a proof-of-concept test. Someone needed to prove that they could use twitter to spread a virus. And, so far, that may be the case. On the malware scale, this is quite benign. It takes some work to clean up, but it hasn't done any real damage, except perhaps to the hacked people's reputation.

However, experience has shown that these initial "prank" hacks get quickly replaced by more serious attacks that our out to steal something from you, something that likely has more tangible value-often to steal information that can used for identity theft or other forms of fraud.

Therefore, we need to take these pranks seriously and use them to alert us to the imminent danger that is coming when someone figures how out to use this method of spreading a virus to send a more dangerous cargo.

So, what is a person to do?

1. The first step is to stop following links in DMs. If someone sends you a link in a DM, treat it like it was spam email.
   
   
2. Moreover, do your firends a favor and don't use DMs to send your friends links either. If we make it a practice, to never send a link as a DM, then any DM we get with a link, is clearly a phish or a hack. In fact, I like to think of a DM as the twitter equivalent of a whisper. So, the only time I DM is when I want something to be private, something I would whisper. However, sharing information is not something I do in private (unless it's private or secret info), so DM'ing a link is odd to me, since a big part of twitter is sharing with the world.
   
   
3. Change your password now, before you are hacked. Make it something safe and make it something different from all your other passwords. Write it down if you have to. Better yet, use a "password manager" to remember your passwords for you, so you can have lots of safe passwords, all different.
   
   
4. Go through the list of applications you have given access to your twitter info to and revoke the permissions for any you don't use or that seem suspicious. That list can be found in your twitter settings/connections.
   
   
5. If you have been hacked, do steps 3 and 4 at least twice in a short period of time. This will hopefully, keep the malware from noticing that you have changed the information and restealing it. There is a small window of "vulnerability" if the software has both your password and is authorized to act on your behalf that the malware can fix up the one you change by using the other access right. However, it is unlikely that this version of the virus is sophisticated enough to do that.
   
   
6. In addition, if you suspect you may have been hacked, run your computer's virus/spyware scanner(s). Right now, it doesn't look like this particular attack is loading other malware onto systems, but it is only a matter of time before someone modifies it to download other malware onto your computer at the same time it is spreading itself.
   
   
7. Be prepared for the attack to change. Right now the attack is spreading via DMs. The attack could have just as easily spread via @ messages or RTs or even plain tweets. That means we all have to be careful about which tweeple we follow links from.
   
   
8. Figure out who you trust and what you trust them on. For example, if you are reading this, you probably trust me for security related tweets and maybe another topic or two, Intel, programming, science, MBTI, Enneagram, or twitter itself. However, if you were to get a tweet from me on a hot-stock pick, you should probably realize that I don't have that kind of information, and wouldn't share it in a tweet even if I did.
   
   
9. Next, if you are sharing links, check them before you send them. Make certain the link you are sharing actually points to the item you want to share. And, if you are going to share links, make sure your virus software is running, so that you will know when you get hit by a drive-by infection from a bad link before you RT that link out to others. And, if you are visiting a link from someone you aren't certain you trust (a new friend, you have just started following for instance), use one of the tools that help you expand short links before you follow them, so that you can check that it looks like a reasonable address before actually visiting the site.
   
   
10. Remember that these are only guidelines to stay a little safer. For now, they should suffice, but some of us still will get hacked. Eventually, unless we find a way to convince all the criminals to stop spreading malware, we will probably have to be more careful, so watch for follow up advice.

I hope this advice helps you stay safe and unhacked. If you think of something I didn't say, add a comment. If we work on educating each other, we can hopefully make common sense actually something we share in common.

Be Paranoid

I'm not naturally a paranoid person. In fact, I'm very gullible. Just ask those who've played practical jokes on me. I like trusting people. Generally, I find myself rewarded for doing so.

However, when it comes to email, I'm not. Unfortunately, there is good reason for that. Using email is about the least safe thing you can do. And after reading the great blog post Five messages to never trust in your e-mail box, I realized that one should be even more cautious than sjvn suggested.

That doesn't mean you can't send emails to friends and colleagues or read those that they send you. In most cases, those will be safe. However, even sometimes reading those is risky, and I will expand on that in a bit.

The problem is that email has no security. You have no idea whether the person sending you an email is who they say they are or not. This includes email that looks like it is coming from your friends and co-workers. The problem is that there are people who take advantage of that and are getting quite sophisticated at abusing the system to steal things from you via email.

Now, this stealing can be relatively benign, as in spam, where the sender is simply sending you an unwanted advertisement that you can ignore and the only thing stolen is the effort it takes to wade through the mounds of spam you receive everyday. Moreover, the email services do weed out some of the spam, so that you can one-click dispose of much of it.

And perhaps, you actually like reading certain kinds of advertisements--I actually watch certain ads on TV from time to time because they are worth watching. However, with email I advise you not to. The reason again, is that the sender and/or message can be forged. On TV, (or radio) someone has to pay good money to get the message on the air, so it isn't cost effective to attempt to do a forgery.

However, email forgery is essentially zero-cost. A criminal can use computers infected with certain viruses (called bots) to send out as much email as desired with no cost, except for the small risk of getting caught. That means it is worthwhile to try and con people by impersonating someone they would normally read. That means if you read an advertisement in email, even if it looks like someone you would normally deal with, it may be fake.

Let's use an example to make it more clear. Once I took an Alaskan cruise and allowed the cruise line to add me to their email mailing list. Now, I regularly receive messages that report to be about low cost cruises that they are offering. I'm sure most of those offers are real. However, if just 1 is a fake and includes a link to a site that seems to be the cruise line's site and I follow that link thinking I'm about to get a good deal, I could be clicking on a link that loads a virus onto my computer which then captures my credit card information, as it passes the information on to the real site and registers me for the real cruise deal. Since, I get to go on the cruise, I'm none the wiser that someone has stolen my credit card information, until sometime later when charges I've never authorized start appearing. And, yes the criminals who are doing these misdeeds are getting that good.

So, if the situation is that bad what does one do.

1) Never click on any link (or call any "commercial" phone number) in any email message. If for some reason, you want to respond to the email message, contact the relevant party by another means.

For example, I once received what appeared to be a phishing message suggesting one of my accounts had been hacked. I did not click on the web address in the message nor call the number listed. Instead, I f0und the company phone number from a separate reliable source (e.g. by calling information at the telephone company) and got in touch with the company's fraud department that way. It turns out, the original link and phone numbers were both fraudulent and had I not been cautious, I would certainly have been scammed.

I had a similar experience when I received a message that suggested an account I had had been granted a special offer, but it wasn't one I regularly dealt with. Again, I got a separate number to the company and contacted them that way. The company was able to identify the special promotion that was being offered and make it available to me. The company was not able to identify the phone number that was in the offer though. So, who knows who I would have reached if I had called it.

2) Know that your bank or other company is never going to contact you about legal matters through email, unless you are already in an ongoing email dialog with them.

The closest you will get to that is "privacy notices" stating general policies or alerts you have specifically requested. However, if something happens to y0our account, email is unlikely to be the banks first choice for contacting you. It tends not to protect their legal rights, so it isn't in their best interest to do so.

If you have alerts set up, say for a credit card balance, again remember to check the information using a separate method of contacting the company. Don't click on the link in the alert. With a credit card, you can login to the web site (the one that you know because you've used it before and written down the web address) or call the number on the back of your credit card to check your balance.

3) Even if the messge appears to be from a friend, don't click on the link unless this si someone who regularly sends you such links.

Another way that is becoming increasingly popular is called spear fishing. In this case, the miscreant finds a way to get someones email address book and forges emails from the person to the addresses in the book. Those messages can look more liegitimate than ones from a bank. Such messages could contain viruses (or links to viruses). So, unless you and your friend regularly exchange information via links, assume that the link in the email is not actually from your friend but an imposter. This is particularly. true if the link appears to be to some "good deal" web site that you just must see to believe.

3) Don't reply to emails or forward chain-mails.

While some of them may be legitimate, that doesn't mean they can't be intercepted for misuse. A chain-mail can have hundreds of real email addresses on it, email addresses of people who typically will forward chain mails. Once, one of those gets into the hands of a criminal, the criminal has a whole list of easy marks to target, marks who will further spread the message to other unsuspecting people.

Unfortunately, this also includes many charity requests. Sadly, you don't know if the person sending the request really does have a child with cancer or not. Any money you send might actually be going to a criminal. Even if the message appears to be from a friend, criminals still could be diverting the money into fradulaent accounts.

Again, if you really want to do something, find a way to contact the person through another reliable channel and then mail the person the money. If you really want to give to a charity, validate that your money is really going to the charity--all charities have real addresses where you can send them a check in a letter. Almost all of them have phone numbers listed with the phone company and will happily take money that way too.

Finally, these hints apply to unsolicited phone calls, to people going door-to-door, to people communicating by twitter or facebook, to any place where you don't know the person. You can still generally buy cookies and candy safely from the kids coming to your door, but beyond that everyone you don't know is suspect. And therein lies the real lesson, the internet may have made the world a smaller place and made it easier for people with bad intent to try to scam us, but the basic techniques have been known by con-men for ages, and they will keep reworking them and making them more sophisticated to try and steal from us.

However, a little paranoia can stop you from being an easy victim. It has saved me and I would normally be an easy mark. And if you aren't an easy victim, perhaps you won't be a victim at all.

Disclaimer, I work as a security researcher at Intel, but my job has nothing to do with this advice. I don't work in fraud prevention or in securing Intel's email or web sites. All information in this posting is based solely upon my experiences and opinions.

The Weakest Link

The latest twitter security vulnerability emphasizes one of the hardest parts of making things safe: the weakest link. It's more than just one of those many game show ideas. It is an important "common sense" concept, where we know as the old adage says that a chain is only as strong as its weakest link.

In our case, the software we use is now highly interconnected. We don't build systems from the ground up. We rely on software built by others to make it work. There are operating systems, compilers, databases, browsers, networking stacks, libraries, etc. and those are just the major categories. More importantly, the lines between these categories have blurred.

Twitter is a great example of this. At some level twitter is an application hosted on some set of servers in the cloud. This is why it was subject to the Denial of Service (DOS) attack that affected it recently. Like many network applications, it can be (and often is) accessed via html using a browser. Thus, twitter is subject to all the flaws present in your browser and any pages it serves up can trigger those flaws. Like many html applications, the rich interactive interface cannot be served up by html alone, so browser extensions like Javascript are used to program features not present in raw html. That introduces a whole new layer of flaws that can be exploited. Moreover, that rich content, often uses other extensions like Flash players that we have to download onto our computers, which is a very rich vein of flaws to exploit.

The potential weaknesses don't stop there. Because web pages get traversed by "spiders" like Google looking for content, they have to be sophisticated to help defeat those who "game" the system doing "Search engine optimization" (SEO) and attempt to get all our searches directed to their pages. Those pages can be legitimate or they can be malware (i.e. that get us to download fake versions of a flash player, which is really a virus) or pornography or a scam. Twitter turns out to be particularly sensitive to attacks by malicious web pages because it allows "applications" to enter web pages into the system, and it then runs those pages on your computer.

That vulnerability turns out to be the new weakest link. It means just by running twitter on the web you can be "sent" to a web page that you have never clicked on--a malware writers dream.

The bright spot in this particular cloud is that reading your tweets with an application like tweetdeck, you don't have quite as rich an experience and it doesn't send you to the web page. Therein lies the protection.

Eye candy such as animated web pages do make for a very compelling internet experience and have let companies like Google offer web-based applications that are slowly breaking the control of the desktop away from Microsoft. However, this rich experience has come with a very high price. The bazaar we inhabit on the web has not only a wide variety of goods at very cheap prices but also pick-pockets, con-men, drug lords, and all the other undesirables.

A less "rich" experience would make us safer. Certainly, I love playing Sudoku on my computer, but I fear getting addicted to a twitter version of some immersive reality game, where behind my back many different hidden transactions are occurring and downloading and uploading all sorts of things I don't know about and can't control.

For that reason, for a long time, I kept my email off of servers like Hotmail and Google and read it through a text only service (on an unpopular architecture) where to read a mime message, I had to manually copy the file to a different location, and run a special program, which then put the text somewhere I could read it using a different program. If that sounds inconvenient, it was, but in all that inconvenience was safety, because breaking any one of the links did not break the whole chain. Unfortunately, like everyone else, I slowly succumbed to the siren call of the rich and simple internet experience. My work email is in Microsoft Outlook and personal email is on Google. Those services are more protected than they were, but I am still vulnerable like everyone else to any flaws in them.

Therein lies the crux of the problem to me. to fully participate in this world, especially to take advantage of what's new and exciting, one has to expose oneself to a whole variety of software built on long chains of leaks, each of which can be broken, and over which one has little or no control. Even though most messages I send and receive are text, I can't go back to a simple text only world. The interconnections and dependencies have grown so strong that even to send plain text I need to participate in a much more complex ecosystem of interacting applications doing things for me automagically, often without my knowledge or asking my consent.

In that way, it is surprising that we don't suffer more infections and breakdowns. However, I attribute that to the fact that most people are actually honest and honorable and as a result we can keep some reigns on the attacks we are subjected to. That inherent honesty is an aspect of human nature that helps blunt all the bad aspects and why in most cases we can depend on there to always be security researchers like David Naylor who find the flaws in our software and don't exploit them, but instead attempt to get them fixed by posting blogs with advice. before someone does exploit them and this is not just an icon.

Latest Twitter Vulnerability

While Blogging about the twitter attacks another round has happened. This one is more serious for twitter users, because it makes you vulnerable if you simply use the twitter web interface and not some tool like tweetdeck. You don't have to click anything, just view an infected message in your stream while viewing from the web.

Once the infected message is sent to you and you see it from the twitter web interface, the attacker can exploit the flaw. If your browser allows running Javascript, which you probably let it do, since so many web sites need such extensions to deliver the "rich" experience we have all come to expect, the browser can run a malicious Javascript program on your computer. Anything that twitter can do, the attacked can do by exploiting this flaw. In fact, you don't even necessarily have to allow your browser to run code to be at risk as any flaw exploitable via html links can cause the issue.

Because the twitter flaw allows code to be run, the attack can use it to create a worm, where the attacker puts up one infected message and gets one user to read it via the web, takes over that user to copy the infected message to that users account where it spreads to other users.

The malware criminal can also make the attack more subtle so that they steal information from your computer silently without you realizing you've been attacked.

Fortunately, the original discoverer of the flaw, David Naylor, instead of doing something evil posted this blog with advice and just used it to pop up this image to make the warning clear:



The good news is that the folks at Twitter have been made aware of the issue and are presumably working on a fix (and not just the patch they originally tried to bandage over the problem) and that the folks at Mashable are also aware of the issue to keep the media spotlight focused on the problem until it is addressed.

One can expect that it will take time before a complete fix is in place given how twitter first attempted to solve it, by simply disallowing spaces in the problem field. This is the opposite of the draconian but trivial fix that more conservative companies might have tried, such as disabling the feature entirely or limiting the feature to a known white-list of values, both of which would have been significantly more secure, but would have essentially crippled that aspect of twitter.

The approach that twitter has taken thus far suggests that they will attempt to do the minimum necessary to correct the problem. That is a difficult line to draw. However, each step they make in that direction will give us additional protection by making it harder to exploit.

That is the nature of most security measures, they aren't absolute protection, they just make exploiting the weaknesses sufficiently difficult that it isn't worth doing. When that point is reached, we are "safe enough".

While we are waiting for it to become safe enough, we pedestrians have to be very careful.

• Avoid using the twitter web interface until you know this issue is fixed.

• If you are more cautious, you may wish to unfollow people whose motives you doubt or whom you may fear are infected--although there are no known infections that exploit this flaw yet.

For now, this is just a vulnerability and not an actual attack. However, it is a simple enough vulnerability to exploit, that unless fixed quickly, it will become an attack.

Twitter Comes of Age (Part 1)

Upfront disclaimer: I am a security researcher for Intel and my work is likely to result in products that Intel will want to sell (not necessarily to you, but to solve your problems). However, this particular blog entry does not address the technical problems as much as it addresses the underlying social issues that drive the problems and contains only minimal concrete suggestions to solutions. I will try to later supplement this with some concrete technological steps one can take, but first I had to address this overwhelming issue that isn’t something a new configuration file parameter could make disappear.

Recently Twitter, Facebook, and several other social media sites came under a Denial of Service (DOS) attack. Since that time, twitter has been the victim of a koobface virus attack and implicated as part of the control structure for a bot net. Prior to that there was a mild uproar on twitter about it removing many followers from people, having suspected those followers as "spam" sites. Just prior to that there was a twittergate where many of twitter's internal confidential documents were leaked.

Is this the end of the world for twitter? Not exactly. These are facts of life in the always-on-world-wide-internet-connected-got-to-have-it-now age. In fact, for twitter, they are probably a good sign, a coming of age, a sign that it is worthy of being noticed and has made it onto the malware writers’ radar.

There are also other ways to look at what has happened. We could look at what twitter tells other site managers about what attacks they might expect as they launch internet services and those services become popular. In the future, I hope to explore that topic.

We can also look at what it means to us the general populace as users of twitter, facebook, friendfeed, and other social media sites. That’s what I’ll explore in the next section of this blog article by giving it a historical perspective.

Artwork: The picture of the dead twitter bird is by almisakti from the photobucket.com collection.

The world is not as safe and friendly as it might seem. (Part 2)

The internet and the social media sites have become a place where you should never share photos of your kids, your travel plans, your address. If you think about social media and what they are trying to do, connect us, those are very typical of the things one would want to share. They are also the same things that sexual predators, identity thieves, and burglars want to know about us. That contradiction is one of the roots of the problem. As the police officer is quoted as saying, “What you say can and will be used against you. ”

The internet was once a very congenial place, one that seemed very safe, like the place immortalized in the Music Man, where the biggest danger was the chance that someone might introduce a pool hall. As John Levine points out, the internet was born of such places: the Arpanet where everyone was a student or a researcher and the worst we did was play Adventure or talk to Eliza, the business LAN where we were mainly worried if we could get our TPS reports done, or the community bulletin board where we could share free software and our latest clever hacks to make something work. All of those were small communities where any miscreants could easily be spotted and exiled.

However, the internet grew because it was easy to leverage those small groups and join them together. As an entrepreneur I recall when joining Usenet required buying just a Telebit modem, or when AOL users became a mass influx onto the internet, or Starbucks first gave away wifi access with coffee. Those events precipitated a tragedy of the commons--an analogy to how the Pilgrims overused their shared pastures (known as commons) and ruined them in the process. We found ways to over utilize the shared internet resource until it has become almost useless for everyone, like the other day when someone was unsuccessfully attempting to use the wifi at the gym to broadcast his daughter’s ballet lesson over Skype and made it impossible for the rest of us to even get our email, because the bandwidth wasn’t there.

Still, the internet is a major part of enabling the global economy and making the world a smaller place. It helped drive the cost of distributing software to zero, which drove the price of software itself to zero. Not the cost of writing the software, that is still expensive, but the amount one could sell the resulting software for. That is not something we could or would actually want to reverse, at least not as consumers. It is really nice that I can get updates of my software from major vendors automatically and with no extra cost. This globally connected, hard-to-charge-above-cost world is here to stay.

There was an interesting side-effect of that revolution though. Just as one could download a new version of flash to display ever more complicated animated web pages, one could also (accidentally) download malware such as viruses, Trojans, and phishing software. Every silver lining came with a corresponding cloud.

The malware evolved with the network. The first malware spread on floppy disks when that was how hobbyists shared software. As email and the web became dominant, we got email messages that tried to get us to sites that were fake copies of our favorite banks. Now, we get tweets that suggest some sites where we need to download some new viewer software, which is actually a virus that install bots on our PC’s which then watch twitter pages to know what nefarious deeds their masters want them to commit.

What does that mean to us end-users? (That's in the next section.)

One must be ever vigilant and suspicious (part 3)

I have two twitter accounts that I follow that recently gave me reason to be suspicious. They may be hazardous and they may be benign. Only by treating them carefully can I be safe.

The most recent instance was a one-time message from a user I know and trust, but which contained information about a virus. At first, I wasn’t sure whether to pass on the link in the warning message or not. What if the link was a pointer to the virus itself? The person sending the warning was not a person I knew to be sophisticated about such things. They could have made a mistake or the account could have been hijacked. Eventually, I found a safe way to check the link out, and it was a message that showed how the virus was being spread and not the virus itself. Thus, I was happy to send the link along. However, the realization made it clear to me that caution needs to be on ones’ mind always.

The other one of them is a tweeter who sends me good security information which I’ve checked out and then retweeted. Unfortunately with the good info I’ve also gotten a stream of tweets suggesting how I can get more followers and make easy money on the web—spam that I don’t want. My interpretation is that this is a real person, who just happens to be caught up in the make-money-easily trap, but who is worthwhile because they do send me good info in the process. I remove all the unwanted tweets from this user’s stream before sending the information on. In that way, I am performing a filtering service, my readers get the good content and only I have to wade through the muck to find it. If the ratio to useful info to spam gets worse, I will probably have to unfollow that user or at least find a way to filter out the spam from his tweets.

In the long run, this trend could be problematic. If too many accounts get hijacked, or too many people get caught up in MLM (multi-level marketing aka Ponzi) schemes, the ability to use twitter to spread good word-of-mouth information will be compromised beyond usefulness—it too will suffer the tragedy of the commons.

Some of the hardest hit people will be the “motivational” tweeters and those who hope to make contacts to sell things. I rarely read the tweets that such people post in any event, because they don’t generally provide much value to me—and I’m certain there are others who do likewise. Still, I occasionally do. Imagine how difficult it will be for them to get their message out, if everyone suspects that they can’t even read a tweet from an unknown person as it may infect them.

In fact, the scariest aspect of twitter coming of age is that there are people developing software to try and mine the various tweets and links to come up with ways of combining the information into useful trends. That may help Intel, Wal-Mart, Starbucks, Coca-Cola, et. al. find ways of knowing what they should try to sell to you, but it will also eventually get used by the various criminal organizations to better target their marks too. Sadly, it will probably help the criminals find easy targets before it helps normal companies find ways to sell us things we will enjoy better.

To me this is the ultimate tragedy of the commons, the fact that there will always be criminals and some of them will be one step ahead of us and in the process they will take all the nice things we invent to make our lives better and abuse them to make some of our lives worse. I fervently hope these problems won’t affect you.

The good news is that for most of us, these threats will remain just possibilities or minor annoyances. The adequate protections for most of us will not be severe and will become part of "common sense", just as they are in real-life. Most of us will never have our identities stolen. Not even me whose lost his wallet on several occasions and always had it returned with the money untouched. Similarly, even though I had one UNIX system I owned hacked, there was no harm that came from it other than having to rebuild the system from scratch and start running the appropriate protections. The anti-virus software that the Intel IT folks keep installed on my laptop appears to be adequate for most surfing that I do, and although it occasionally detects a virus, it always manages to delete the containing file.

You will still be more likely to be shot by your spouse (or yourself) if you keep a gun in the house than you will be the target of an internet attack that destroys your life. Your biggest risks will still be the drive you take to commute to work or slipping in the shower. Yes, if you use twitter to hook-up with someone interesting, word of that will probably get back to your spouse and their lawyer and used in your divorce, but that’s the risk of hooking up and not of the internet. The person who the twitter DOS attack was directed at was not an ordinary person, but an activist trying to bring about change where there are powerful forces already at work. If you are the next Gandhi, that may be an issue for you. If you are not, you will probably never be interesting enough to be singled out, sorry.

The risky things in life have not changed because of the internet. The internet has just made the world a smaller and more open place. It is much harder to hide your foibles. Hopefully, it may also make it harder for criminals to hide their tracks too. And, that may be the ultimate victory.

A Virus Proof OS-- Possible?

First, disclosure, I work for Intel on computer security--as such I have biases. Moreover, I haven't seen the specs of the system, and this is purely guess-work on my part.

My apologies for the unclear writing of this post. At first, I started by agreeing with Bruce Schneier, but as I thought through the argument, I realized that my position was reversed and Google's claim is not idiotic, but quite sensible from the right perspective.

The only way to make a system totally immune to viruses is to make it non-extensible.

As long as you can execute programs of your own, you can catch a virus, a program someone else has written masquerading as one you have written. Protections at the low level are not sufficient to stop viruses. In particular, many viruses are spread via social engineering, you ask the OS to load the virus onto your system (oh, you were expecting pictures of Anna Kournikova, maybe you got those too). Now, sandboxing and similar techniques can limit the effect of unintended downloads, but unless the system prevents you from saving the file, or prevents you from running programs you have saved, it will be possible to infect the system.

However, if they make a totally closed system, where the only program which can list or change the files on your computer is an app that comes from Google (or perhaps they don't keep the files on your computer at all--that's very Google-like), then they can make a system which is virus proof, at least under a fairly strict definition. It's no longer extensible, but it is virus-proof. It doesn't get rid of all malware, social engineering will always work at some level, (If you go to a site and type in your credit card information, you can still leak that information), but it gets rid of a lot of it.

Still, if you think of the computer as a tool for communication like a phone, that's not necessarily a bad solution. How many years did we have phones before we had viruses? All of them ... up until we started making our phones extensible like computers. Maybe going the other direction isn't so bad. How many people really want to "program" their computers?

Moreover, such a non-programmable appliance-like computer makes a lot of sense in the net-book market. All the intelligence is out on the web anyway. Your computer is really just a display device, especially if Google is hosting your files. They want a better service, they upgrade their web-site. Your computer [almost] never needs reprogrammed.

The only thing you can't do with that model is fix the software if it's broken, you have to wait for Google to do that. Of course, the last time I could fix the actual spreadsheet program (not the spreadsheet itself, but the program running it i.e. excel or 123 or visicalc) was never--maybe I could have if I used star-office of open office, but realistically never.

But, technically a virus-proof (not malware proof, but virus-proof) OS is possible, it just isn't a programmable computer any more. If you want to deny that's a real computer, fine. Most consumers won't care as long as they can send messages and photos and videos and do their taxes etc., especially if it just works.

Note, this doesn't require Google to invent any new mythical powers. Ordinary programmers can do the job, they just can't let you program it. The only hard thing Google has to do, is make certain that the software on their site doesn't let you introduce any new code into it. As long as you can't any programs to their inventory, you can't add any viruses.