Note: This is a 3 part Article and a long read. You can download the entire Audio Version Here

Ok, Quick Recap.

We are in some big, big trouble.

I wish I could say Technology is going to save us, but its not. It’s going to boil down to personal responsibility when you or your users access the Internet.

As a professional security technician I can tell you we have enough on our hands dealing with the holes in windows the exploits, viruses and the spam that we need your help with the biggest liability in this scenario.

THE USERS

We need to make sure your users of the Internet use it wisely. Adhere to your companies Internet Usage Policy.

But I can trust my users to behave cant I?. NO, now your just being naïve.

I frequent public Internet forums and regularly see users asking how they can bypass their own internal content filters that would allow them to “do what they want” on the Internet.

Giving your staff unrestricted access to the Internet is like giving them a really big hammer, eventually something is going to get damaged.

So if we can’t rely on Windows and you can’t trust your users will the next version of Windows be any better.

Well yes and no. Microsoft is awake now and knows that maybe we are not all going to play nicely together.

As a user of Windows Vista you will be operating in a limited account basis, this means when the system wants to do anything potentially “high level” the system will ask you for example “Hey do you really want to e-mail everyone in your contacts are you sure?”

As Vista is currently 16 months away it’s difficult to tell how good this is all going to work in practice.

Going against Vista is:

1) Its going to be the most targeted high profile Operating System in History from its first day of release.

2) To retain backward compatibility a lot of Vista’s internals are the same as Windows going all the way back to Windows95.

Oh Come on DiPonio, there must be a happy ending to this story.

Sorry folks it’s not going to happen remember Users+Windows+Internet=Trouble.

Based on what I know today, it’s going to be a very long time before things get better.

Personal Responsibility is your only hope.

Thanks for reading.

Note: This is a 3 part Article and a long read. You can download the entire Audio Version Here

Lets go back to the winter of 2000.

The Dot Com Crash was like waking up from a bad dream. For a good 3 or 4 years there was a real air of anything was possible.

So how does this help us explain the current Internet Security Mess we find ourselves in? Let’s look at the facts.

The use of the Internet was pioneered outside of Microsoft.

Microsoft Initially was playing catch up.

Microsoft figured out how to beat Netscape then took over.

Microsoft was busy winning.

Y2k Diverted everyone’s attention and the increase in tech spending delivered unwarranted confidence in the tech sector.

The Internet boom blinded everyone; and the focus was on the next big “Thing”.

What no one was doing in this period from July 1995 to winter 2000 was thinking about the security implications of what they were doing.

By connecting the world together the assumption was “all people are good and can be trusted”, hey after all its new economy no one benefits from these virus things right.

A significant problem for Microsoft and its 55,000 employees is one of credibility. I imagine a typical Microsoft employee to be well educated, went to a good school and will work well with others.

This is pretty much the opposite from some 16 year old kid in Slovakia with no future and nothing to lose.

We have a world that’s connected together running inherently insecure software (Windows, pick a version, any Version will do).

Windows XP has been shipping since December 2001 and every hacker in the world know how it works, what its flaws are and the fact its used almost everywhere.

In the Third and final part of this article will continue to explain How things got this Bad. But don’t expect a happy ending.

Note: This is a 3 part Article and a long read. You can download the entire Audio Version Here

I have a formula for that would appear to suggest I will be gainfully employed for a very long time to come working in the area of Internet Security.

The short version of the formula goes like this:

Users+Windows+Internet=Trouble

Before I explain it any further it’s a good idea to figure out in terms of security were you are.

Lets look back at recent history, November 1993 to be specific and the worlds first ever Internet Browser was released Mosaic 1.0 .

It would take until approximately July 1995 for Microsoft to Release Internet Explorer 1.0 (just one month before the release of Windows95).

The Internet at this point was only really used in colleges and university or within the research and development/science community.

By this time Netscape had been born and was the market leading Internet Browser (which was free).

Microsoft feeling threatened and confused by the sudden arrival of the new kids on the block, decided to look at this Internet thing more closely and early in 1996 it suddenly clicked; The Internet was going to change everything.

Their fear was software running in these new Internet Browsers could potentially steal some of their business. As I write this article in 2005 its worth nothing I am using an Internet Browsers to create this article, so their initial fear was correct.

So let’s go back to 1996 and the Sleeping Giant is awake and has a sore head. First on their “to do” list was to ensure Netscape got squashed. As Netscape’s browser was free anyway, winning the battle on cost wasn’t going to work.

The eventual strategy was to ship Internet Explorer 3.0 for free and include it pre- installed with any new computer shipping from 1996 to today basically.

They also integrated Internet Explorer into Windows as a core component. They would spend some time in court about it later, but that’s another story.

Eventually the success of Windows meant that millions of Computers shipped with Internet Explorer already in the box, the user would have to go out of their way to seek a replacement. It just never happened.

Eventually Netscape’s market share dwindled and Internet Explorer became the market leading browser not because it was better or did more things, it was purely a numbers game.

Its 1997 now and Microsoft diverted by this “Browser Thing”, scratches its head would appear to be without any new ideas so starts to Develop what will become Windows98.

During this period the continued success of Windows and Internet continue to grow. Companies see real benefits to this new thing called e-mail.

The success of windows and the internet catches everyone off guard, but everyone gets excited.

This is prior to the Dot Com crash that was to follow. Suddenly everything on the Internet was golden. Everyone got caught up in it.

Ordinary people with good ideas became millionaires overnight; the tech sector grows and grows. Everyone is happy.

Year 2000 (y2k) Scares many companies into buying new computers to be Year2000 proof.

Based on this the tech sector seems bullet proof everyone is happy, I mean what could possible go wrong.

Y2k came and went, nothing much happened. But in march 2000…….

The Dot-Com Crash

When: March 11th, 2000 to October 9th, 2002
Where: Silicon Valley (for the most part)
Percentage Lost from Peak to Bottom: The Nasdaq Composite lost 78% of its value.

It’s now the morning after, and it’s bad, very, very bad.

In the second part of this article I will continue to explain how things got this bad….