|You are in: Talking Point|
Thursday, 2 August, 2001, 10:32 GMT 11:32 UK
Can the hackers be stopped?
The US Government has warned computer users worldwide to protect themselves against a malicious program known as the Code Red worm.
Representatives of the White House, FBI, the Computer Emergency Response Team (Cert), Microsoft and others have posted warnings to highlight the dangers of the worm.
The worm, which first surfaced in mid-July, has been mainly dormant since then, although it has already infected hundreds of thousands of systems.
Experts believe it is set to spread again on Tuesday night, just as the calendar enters August at 0000 GMT.
Can the hackers be stopped? Is any organisation safe from hackers?
This debate is now closed. Read a selection of your comments below.
Martin Leach, UK
Windows is like a piece of Swiss cheese (it's full of holes). Hackers just show them where the holes are, and then they plug them.
Some of the comments here claim that hackers/virus writers etc. are a serious and pervasive threat. I think the posters of these messages are probably not genuine but in fact represent vested interests (and there are a few of those around). Normal members of the public just don't think like that because they have seen hardly any signs of any such threat apart from empty media bluster. Anthony from Ramsgate says long-term imprisonment is a fit punishment for hackers. I don't think most people would agree that hackers should be treated more harshly than perpetrators of physical violence. There is an awful lot of nonsense spouted about this subject and the plain reason for this is that government and big media organisations are scared to death of a free internet and the empowerment it grants ordinary individuals like you and me.
Some companies do have known security issues on their internet facing computers, is it not these companies that should be punished as opposed to a bored teenager "hacker" who exploits it? Surely they fall foul of the data protection act by not adequately protecting "our" details that always seem to be revealed to the casual passer by!
Steve Foley, USA
It's interesting the FBI, BBC News, etc were portraying the CodeRed worm as such a problem, and have made users completely paranoid about the whole subject. Anyone within the IT industry knows that end users machines are not especially at risk unless they run a specific web server package and operating system. The media seem to have overlooked this fact in favour of a quick story. These attacks will always happen so long as people keep using the Internet; all organisations can do is to keep their web servers updated with the latest patches, and end-users should make sure they have their anti-virus software kept up to date at least once each week; and maybe the media should know what they are talking about before they make such a mountain out of a molehill.
Firstly, everyone (including the media) is mixing their terms. A "Hacker" is just a person who writes computer programs. Possibly a virus. but probably not. A "Cracker" is a person who gains access to computer system illegally. Code Red is only a problem for those people who are naive enough to use Microsoft's software. Switch to something secure like Debain - GNU/Linux or FreeBSD and leave your troubles behind you...
Nicholas Britton, Wales
I think most people are confusing so-called 'hackers' with coders. The term 'hacker' normally represents someone who breaks into computer systems for fun etc. Coders/crackers or whatever are the real people behind this. They're just showing how badly windows application and o/s are programmed.
Why isn't all anti-virus software free?
Wouldn't it be in the interests of everybody if it were?
Hyping the hacker attacks is eventually going to lead to complacency. Code Red has received more press coverage than any other virus this year, yet it only affects a tiny number of computers when compared to the number of machines on the net. When Code Red panic has abated and the internet is still standing, people will be less inclined to listen when the next distributed denial of service virus attacks consumer desktop operating systems. That's the real doomsday scenario for the net. The media can cry wolf over Code Red, Melissa and SirCam but none of these viruses will be as devastating as what is to come.
People must remember that computers, software and technology are made by humans and are subject to fault. If you are a smart administrator, you would be up-to-date with your patches, have monitoring software, and use necessary precautions to guard your data. There will never be a 'meltdown' of the internet, as the TCP/IP protocol suite was developed for load problems such as the one predicted. Just sit back, relax, and install the patches if need be. You'll be fine.
The Code Red worm, whether it only attacks servers or not, should be a warning to every computer user. If your computer is connected to the Internet you should have a firewall for security. It's no good sitting in a darkened corner blaming government for your own incompetence. If their are wolves in the vicinity you build a fence to keep them out. That's not the government's job - it is yours.
No computer system can ever be 100% safe. Moreover, hacking is the most effective anti-capitalist demonstration method available. As long as large corporations have internet presence, hackers are bound to continue to sabotage their systems. These companies will need to become increasingly vigilant, and possibly radically rethink the systems that they use to host their internet services.
A, United Kingdom
It's going be kind of funny in a couple of days time when absolutely nothing has happened. Strangely enough all the people who are getting themselves in a sweat about code red are the same people that nearly had coronaries over Y2K. Oh, and Microsoft should have a look at Linux, it's only had 2 viruses, one made system changes, the next one fixed them.
I wasn't surprised to see a lot of anti-Microsoft rhetoric posted, after all it is the fashionable thing to do. Microsoft brought simple computing to the masses. The reason hackers have exploited Window's "weaknesses" is because of the impact it will cause. If there was such an incentive to crack other OSs (Linux, Unix etc...) then they would be cracked too. Microsoft, as usual, is the victim of its own success.
It makes me mad that people are happy to just point the finger at Microsoft. Probably the main reason that Microsoft software is the biggest target for hackers is that it is so widely distributed. So, John Collins, are you saying that if you closed all your doors and windows, you'd never be burgled? Not the case is it - no matter how you try and stop people getting in, someone will always find a way. Chances are - if you promote your house as being the most secure in the world, you'll get more people trying to break in. Microsoft are "the big boys" and so attract the most attackers.
You've got to have some respect for the people who first discover these vulnerabilities and exploit them, their skills might be better put to use but it's talent none the less. The main problem is these exploits are then widely published on the internet with 10 steps on how to bring a server down which any idiot can follow, even worse off the shelf applications which these talent less script kiddies can use to great effect without the slightest understanding of how it works.
So, the evil hackers have caused companies that base their infrastructure on Microsoft products to go to the wall. Hey, I think I just felt the world get lighter. This is natural selection in action, ladies and gentlemen.
The fact is that the US govt is so paranoid about not being able to spy on it's own e-trafic, that it will not sanction the encryption standards necessary to market successful encryption and keep at bay the majority of hackers. The rest of the world will have to wait until a nuclear power plant goes up or something. Thanks again, US.
The reason hackers commit their crimes, and will go on to commit their crimes is due to popular underground culture. Just as a graffiti artist creates a piece of illegal art for others to enjoy, a hacker does the same thing but on a different canvas. Hacking is an art form and I respect those who can do it.
Look at all recent virus outbreaks and you will see a pattern emerge - all involve Microsoft's products. Microsoft have some great products, but their saturation of the marketplace puts them in a position of responsibility that they need to take more seriously. Microsoft need to stop rushing half-baked versions of new products to the market and then relying on patches to fix them up afterwards. Hackers have never had it so good.
The internet was not designed to be secure. It was not designed to connect millions of computers all over the world. It's about time that the internet itself is rewritten to cater for the new reality. A new infrastructure is needed to address the issues currently bugging the internet. No more emails from domains that don't even exist, or without a valid reply address. No DOS attacks. No IP spoofing. Until then, nobody can stop these problems.
"The sky is falling!" syndrome strikes again. It saddens me to see the BBC getting caught up in the hysteria surrounding the Code Red worm. Talk of the "meltdown" of the 'net is at best misguided and at worst outright wrong. I have no doubt that more traffic is being generated by panicked emails regarding this "threat" than by the worm itself. If this worm causes anything more than small-scale outages I shall eat my (Red) hat.
In response to Matt Law's comment - there is no proof this virus came from China, more likely it originates from a malicious individual (or government) elsewhere wishing to portray China as a malevolent nation for their own agenda. Reds under the bed again?
Sascha Goldsmith, USA
When we speak about hackers and viruses, usually we are talking about those computer users who do such acts for malicious pleasure. Like graffiti artists of previous decades, most hackers "attack" web sites and servers for the thrill of breaking through security. And just as with graffiti artists, this problem cannot be completely eradicated, but only controlled with proper security measures - measures which are lacking in nearly every computer system. Yes, strict enforcement of computer crime laws will help, but hacking will continue to be a major threat until security on the internet improves.
Hacking is nothing but cowardly vandalism. Cowardly in the sense that it causes destruction to worldwide networks but no-one knows who you are.
Bilal Patel, London, UK
Hackers can't be stopped. Hackers invented computers - they were the inquisitive people who wanted to know how computers worked in the early days. They were the ones who built our computer world. They will ALWAYS find a way around the latest 'security' features of any new software. As companies and big corporations rely 100% on computers they need to be aware and invest far, far more money if they want to stand any chance of stopping hacker attacks.
If people insist on using insecure software (such as IIS) written by Microsoft, then people who create worms like Code Red will continue to easily exploit their portfolio of security holes.
Easily done, just remove China from the internet!
I get the impression that their government isn't doing all it could to stop them, so, give them an incentive! Block their access to US and EU networks.
Most 'Viruses' and 'Worms' that I have seen, including 'Code Red' exploit security holes in Microsoft Products. Those who run reliable software products are rarely - if ever - affected. This is probably due to anti-Microsoft sentiment in the hacker community, but is still due - in part - to Microsoft incompetence.
The sites being hit at the moment are those who have failed to apply a patch that has been available for days. To put it simply, it is their own fault if they get hit.
Organisations which take security seriously simply do not run IIS (the program affected by the worm in question). This piece of software has been the subject of countless security scares since it's inception. It's probably time for the site admins to consider moving to an alternative server platform, or get used to being called out in the middle of the night to mop up...
The Code Red worm only affects web servers running Microsoft's IIS. Most of the world's web servers run Apache, which is not affected.
There are two root causes for the current Code Red problem: yet more insecure code from Microsoft, and system administrators who fail to keep their servers up to date with security patches.
So be alert, and choose your server software based on its safety record.
Until a further paradigm of software development is instigated I believe hacking is inevitable. It is a well-documented fact that no substantial computer system can be perfect. This is not through the fault of the development team, but due to the immense complexity of the task at hand and we have been in this "software crisis" for decades. Therefore if the systems are impossible to protect absolutely then I believe the best way to combat hacking is through tackling the motivations behind the hackers. Many want to demonstrate their abilities to earn kudos over peer competition, or to prove to themselves that they have one over the establishment. Media glamorisation of hacker culture does not help this situation, as it provides an anti-establishment image that many technically minded disillusioned youths find attractive.
It totally depends on who the hackers are. It is probable that the hackers could be Chinese nationalists, or Middle Eastern terrorists, who do not like the West. In such a case, the only response may be retaliatory hacking.
For once the blame does not lie with Microsoft. While the bug that the worm exploits is indeed a problem with Microsoft server software, they released a patch fixing the vulnerability more than a month before Code Red surfaced. The blame lies with the people whose job it is to look after Internet servers but have little understanding of basic network security practices. The machines they run are generally unpatched and therefore
easy targets. While these untrained system administrators are clearly at fault, the responsibility lies with the people who pay them to do a job that they aren't doing properly. Unfortunately companies are often willing to employ relatively untrained and inexperienced people to run their networks and servers, partly because of the software vendors' insistence that their products are extremely easy to use. So perhaps the blame does lie with Microsoft after all.
Computer viruses and other malignant items of code will never be stopped because to make a computer system so secure would render it far from user friendly. So much so in fact that it would slow down the work place in which it had been implemented to increase efficiency and this has been actually attributed to Microsoft's own security expert in a recent interview here.
Microsoft software is just like leaving all your doors
and windows open and then wondering why you
get burgled all the time.
In short, no and no.
It just has to be accepted that virtual distance (or the lack of it) makes it very easy to create havoc in almost no time at all - if you know what to do. The hackers just plain outnumber the defenders (if as in some cases they aren't actually the same people) and it's just a fact that any system that someone can legitimately access can also be illegitimately accessed. Them's just the facts.
Luckily, however, most hackers seem to want to do little more than clown around - sometimes this e-vandalism is even funny.
It's unlikely that hacking and security vulnerabilities will ever go away as it's probably the nature of the business. The recent spate of web server and email viri/worms are firmly routed in Microsoft's incompetence and the placement of revenues before quality. There are other choices out there. It's time to stop letting Microsoft pass the buck and deflect the blame... the only way to get them to fix things is by effecting their bottom line and taking our custom elsewhere. According to Netcraft, Microsoft's IIS web server only accounts for a small part of the market, yet it causes the most problems!
Why don't Microsoft send a worm out to each vulnerable site that updates them with the security fix!!
Nope, they can never be stopped, simply due to the fact, that we are all addicted to internet. More viruses/ worms will be written in the future, and they will get more sophisticated as time goes on. All the Anti-Virus people will only release patches once they are detected. Imagine the scenario, that computer virus start functioning like human ones, and get activated under certain circumstances. How will Mr Norton will deal with that. Basically Microsoft employers are not super humans, hence they will make mistakes, and that will cost us the user. Way out is stop using computer, now that's out of the question, so what you do, you learned to live with it !!!
Hackers... get a life. Do something, make friends, go down the pub, etc. I'm sure your capable of it
I think its hard to stop the Hackers, but the only way to cut down on them is to give them a punishment to fit the crime, by taking away their freedom and locking them up for a long time as an example.
30 Jul 01 | Sci/Tech
Internet's 'very real' virus threat
11 Feb 00 | UK
A - Z: Hack attack
27 Oct 00 | Sci/Tech
Hacking: A history
The BBC is not responsible for the content of external internet sites
Other Talking Points:
Links to more Talking Point stories
|^^ Back to top
News Front Page | World | UK | UK Politics | Business | Sci/Tech | Health | Education | Entertainment | Talking Point | In Depth | AudioVideo
To BBC Sport>> | To BBC Weather>>
© MMIII | News Sources | Privacy