Accessibility links

Security Specialists Seek to Make Internet Safer


Since the Internet emerged a decade ago as a free and accessible global communications network, there have been countless assaults by malicious computer viruses and numerous attempts by saboteurs to crash the system. The Internet has survived them all. But the future security of the Internet is uncertain.

Most of the hundreds of millions of regular Internet users have become so accustomed to e-mail, quick information and software sharing that they might take for granted the technical wonder of "the Net". But not Jonathan Zittrain. Zittrain is professor of Internet Governance and Regulation at Oxford University, and co-founder of the Berkman Center for Internet and Society at Harvard Law School. He says he is continually impressed by the open-endedness of the Internet.

"It is, to me, astounding," he says "to find ourselves with this collective instrumentality where one person or a handful of people, somewhere in the world, maybe for fun or maybe for money, maybe because they want fame, can write some interesting new software that does something new, make it available over the internet, and if it turns out to be popular, before they even know it, tens of millions or even hundreds of millions of people could be running the software in a matter of days."

The problem is that the code in which apparently desirable software is written can also contain malicious instructions. These types of code are called viruses. They might be designed, for example, to erase the memory on a personal computer's hard drive, and then to replicate themselves across the Internet and infect thousands or millions of other computers and servers.

Most viruses so far have ranged from the slightly annoying to the moderately destructive. But Zittrain says it seems only a matter of time before a determined group of programmers will create a virus capable of bringing down hospitals, businesses, governments and other vital institutions throughout the world, and even bring the Internet itself to a halt.

In his book The Future of the Internet and How to Stop It, Zittrain warns of a possible "cyber 9/11," referring to the September 11, 2001 terrorist attacks on the United States. Such an attack, he fears, might prompt governments to curb the accessibility and openness of today's Internet, a move that would undermine, the creativity - what he calls the "generativity" - of the network.

"That's why I believe we have to come up with a way to deal with the problem of bad code and bad actors, so as not to put the consumer in the uncomfortable position of having to choose between 'generative but unstable' or 'not generative but reliable.'"

As an alternative, Zittrain recommends that the operational architecture of personal and business computers be divided into "green zones" and "red zones."

Green zones would be specially-fortified operating systems and data storage environments that are very difficult to penetrate or change, which would therefore be more stable and secure. That's where a computer's spreadsheets, payroll and medical records and other sensitive data could be safely processed and stored.

"Red zones" would be the riskier computer environments, where Internet browsers and everyday computer programs would be stored. Zittrain says the green and red zones would be insulated from each other.

"And the idea would be that nothing that happens in red mode can corrupt what's in the green mode of the machine." He acknowledges that these are novel architectures "but they might offer some path forward."

But others, like David Isenberg, a professor at the Harvard Law School's Berkman Center for Internet and Society and the author of The Rise of the Stupid Network, worry that dividing computers into red and green zones could prevent new software being freely developed, shared and widely tested by the general online community.

"The problem is the people in the red zone are very different than the people in the green zone," he says. "The edgy 'internauts' who are out there exploring what might be illegal or dangerous might actually not provide a good market test for Mr. and Mrs. Generic Vanilla internet user."

One very controversial idea for preventing a "cyber 9/11" would be to establish licensing requirements for the computer industry. The people who want to write code and sell software would need to be licensed, just like doctors, lawyers and other professionals, by a federal or state regulatory agency. Private software companies such as Microsoft, Apple and Sun would make operating systems that only run pre-approved software.

But Isenberg believes the best strategy for preventing future virus attacks and Internet sabotage is not to tighten the screws but to encourage more diversity in the computer world. He points to the fact that computer viruses are designed to attack specific operating systems. More than 90 percent of the world's personal computers use the same, relatively vulnerable operating system, Microsoft's Windows.

"I have nothing against Microsoft," he explains, "but I would also like to see more Macintosh systems, more Linux systems and maybe two or three other kinds of operating systems as well. That's the strongest, surest defense against having one virus wiping out all the Internet terminals."

However the line between openness and security on the Internet is drawn, one thing is certain. As millions more people around the world discover the power and value of the Internet for commerce, entertainment and the exchange of knowledge, the specter of sabotage and the challenge of security will grow as well.

XS
SM
MD
LG