Wednesday, May 5, 2010

Top 10 dangerous technologies

10. Videoconferencing
Iain Thomson: Back in the day I did some writing for a videoconferencing firm and was appalled that the managers couldn't see what a disruptive technology this was. They saw it as just a phone call with pictures, but it's more than that.

Videoconferencing, or to use the modern jargon 'telepresence', can be very dangerous for a variety of reasons. Primarily it gives the illusion of meeting face to face, but you miss out on so much ancillary detail.

As politicians show us every day, you can look good on a screen and still be several flying buttresses short of a cathedral. Sure, the person on the screen looks professional but for all you know they are naked from the waist down, with a bottle of Scotch just out of sight and a dead hooker in the bedroom.

Secondly, business will suffer if we're all communicating by screen. Sure, the accounts department hates business trips but the fact of the matter is they get things done. All the telepresence in the world can't beat two people sitting in a room and chewing the fat about everything and nothing before signing a deal. Would Steve Jobs and Woz Steve Wozniak have got together and forged Apple via telepresence? I doubt it.

Shaun Nichols: I'm sure Woz is a big fan of anything that lets a person attend an important meeting without having to take off his knee or elbow pads between Segway adventures, but that's beside the point.

When Iain first suggested this one I laughed a bit, but it really is a legitimate concern for the false sense of presence it creates. Just as a boss loses touch with an employee if they simply show up to the morning meeting then retreat to a corner office, so do we lose touch when relying too heavily on teleconferencing.

Simply because you can see the person on the screen does not mean you are connecting with them face to face. While it is a step up from the standard conference call, telepresence is not a substitute for meeting up in person.

Plus there's the danger that you suddenly have to stand up and everyone at the home office realises you wear humorously patterned Bermuda shorts to work.

9. Robotic weapons
Shaun Nichols: Seeing as how computers can have trouble doing things like opening a spreadsheet or playing back a movie, it's a bit unnerving to think that people are also trying to make them operate guns.

Robotics are already in use for things like defusing bombs or unmanned surveillance, but countries such as South Korea are now working on armed machines for things such as guard duty.

Maybe it's because I've seen one too many Terminator movies, but I'm less than comfortable with the idea that a simple programming error could result in a hail of gunfire. Sort of gives a new meaning to the phrase 'blue screen of death'.

Iain Thomson: I too am waiting eagerly for the next Terminator instalment, but there's a serious point to this nomination: computers are lousy at ethical decisions.

I'd advise readers to check out the ABC Warriors in the excellent comic 2000AD for a fun version of why robots make poor soldiers. The leader, Hammerstein, puzzles over the logic of warfare – how it's fine to raise animals and then kill them for food but not children, and his musings on the difference between enemy combatants and refugees that has relevence to the current wars in the Sudan, Iraq and Central Asia.

Like it or not robots are going to play an increasing role in modern warfare. Already pilots in the US control drones remotely over the skies of Afghanistan and Iraq, drop bombs on targets and then go home to play Little League with their kids. It saves the lives of pilots, but I fear the next logical step: taking humans out of the loop all together.

Although other species such as ants and chimps conduct warfare, humans have made it one of their métiers. To go to war and kill our fellow humans is bad enough. To hand that over to machines strikes me as a profound lack of responsibility and a very dangerous step in evolution.

8. Plug-ins
Iain Thomson: Take a standard showroom car and it'll do the job on the roads. Now add chipping hardware to the engine, a nitrous oxide feeder system, an overdrive unit and some skinny tires and you've an organ donation waiting to happen. It's very similar to the plug-in market.

The willingness of people to add plug-ins from developers they have no knowledge of shocks and saddens me. Sure, there are some great bits of code out there that can make browsing a better experience, but there are also plenty of extras on offer that are a security nightmare and have undergone about as much in-depth testing as a Simon Cowell reject.

Security vendors wail and gnash their teeth at the willingness of people to add bits of code to their applications with nary a thought for what they are doing to their systems. If I was a malware writer I'd forget the operating system and concentrate on a flashy little plug-in that just happens to steal all your data as well.

Shaun Nichols: Not only is there a danger from the plug-ins themselves, but there are new risks opened by the applications they can link to.

Microsoft or Mozilla may have already patched a dangerous hole in the browser, but what about the third-party applications that are used to open other file types? This can allow an attacker to place malicious files on a web page, but still target a third party component such as a music player or document viewer. Suddenly, a flaw in Acrobat or Excel becomes a threat to Internet Explorer or Safari.

Malware writers have long used this idea to perform attacks. The ActiveX system used by Internet Explorer to link up with third-party applications is a popular target for exploits. Certainly users should make sure that they keep their browser and operating system updated, as well as the third-party applications used to automatically run downloaded software.

Developers also need to be on top of checking for and patching any possible security vulnerability. These days, nearly every program can be remotely targeted for attack through the browser.

7. Peer-to-peer (P2P) technology
Shaun Nichols: Imagine a system where people send each other boxes of food at random. Each person will receive some food from an unknown source which they will then eat and share among their family.

If you had no idea who was making that food or what they put in it, you'd be more than a bit reluctant to eat it, wouldn't you?

This is a lot like the risk posed by P2P networking. Just as taking candy from strangers is dangerous, so can downloading and opening software packages from strangers. File-sharing services are some of the best places to pick up malware infections. Even Mac users have been hit by malware from P2P networks.

Not only is P2P good for spreading malware, it's good for managing those infections. Botnets such as Storm and Conficker use peer-to-peer techniques to manage their hordes of infected systems.

Iain Thomson: P2P is a genuinely useful technology, despite what the record companies would like you to think. It enables the efficient transport of large files and makes a lot of business models work.

But from a security standpoint it's highly dangerous. After all, you're downloading what you hope is the right file from someone you don't know. Given the fact that I check with the sender before opening every email attachment, the idea of downloading via P2P gives me the willies, and sends security buffs wild.

P2P could be safe if we had a decent system of reputation online. People's online habits could be correlated into a system whereby users could tell if they were trustworthy, something that would not only make P2P much safer but help overall online commerce. Until then I'll stick to legitimate downloads, thanks.

 

6. Email
Iain Thomson: Don't get me wrong, email is a great invention that bypasses all the dead trees, postage stamps and bored postal workers walking down the path nonsense, and provides instant communication. But there are plenty of dangers to it too.

Anyone who has used email has experienced the 'oh no' moment when they realise they have sent the missive to someone who shouldn't have got it. And once you click send there's nothing you can do about it.

A case in point. An acquaintance composed a long email about the failings of my girlfriend's ex and sent it to a friend, so he thought. In fact, he'd sent it to the subject of his ire. In a panic he called the subject and asked him to delete it without reading it. Did he? Of course not, like any normal human being he read it and things have been uncomfortable between them ever since.

But email has another failing: it lacks expression. What in conversation would come across as witty irony can be highly insulting in text. Emoticons (horrible phrase I know) barely help. Sticking 'LOL' at the end of a bitchy email doesn't soften the blow, it makes it worse.

Shaun Nichols: It seems like every day we hear about some unlucky office worker or marketing representative who made a mistake with email and left a lot of people very, very angry.

Email has given many new ways for people to embarrass themselves. Sure, with snail mail there's still the chance that you print the wrong address on your wedding invitations, or something along those lines, but the chances of committing a serious blunder with a large number of letters is far, far less than that of email.

Security experts also warn of possible privacy and data breaches from email addresses. A careless user may attach the wrong file and disclose financial figures, or an incorrect autofill could result in sensitive information being sent to a family member or, even worse, a colleague at a competing business.

Then, of course, there's the legal headache that arises when some careless person inevitably forwards a crude or offensive email that angers or offends someone else. Many companies have horror stories of having to pay out big settlements just because one idiot thought it would be funny to forward a joke to everyone in the office.

5. Nanotechnology
Shaun Nichols: There's a ton of misinformation and outright fiction regarding nanotechnology in popular culture, but that doesn't mean there isn't the possibility for nefarious uses.

If you can build complex structures on such a tiny scale, you raise the possibility for danger. Now it may not be in the form of invisible nano-viruses controlled by supercomputers. But even the miniaturisation of computers made possible by nanotech could lead to new concerns over things like privacy.

Nanotechnology is a very important scientific development with almost limitless possibilities to improve life. But, as has been the theme for this list, things that improve life can also add new dangers to it.

Iain Thomson: With every great advance comes pitfalls. When the first atomic bomb was being developed a small group of those in the project were worried that the reaction might ignite the atmosphere and, while the science said this was unlikely, it wasn't decided until the first test.

Nanotechnology is a hugely important technology. It promises to give us the ability to manipulate individual atoms, making possible a host of new materials, medicines and computing technologies. Without it humanity would be limiting itself too greatly, but that doesn't mean all risks should be taken without thought.

But my fear for this technology isn't the present day - it's 50 or 100 years down the line. Once nanotech becomes commonplace, who knows what some nutjob is going to cook up in their basement?

 

4. Surveillance equipment
Iain Thomson: Before moving to San Francisco I lived in London, the city with the most CCTV cameras on the planet. Standing outside the office I could see eight cameras, all of which were capable of videoing me and one of which had a directional microphone.

George Orwell had it wrong: we don't have Big Brother in the house. Instead it's out on the street and your home is your only castle, for the moment at least. Surveillance technology is useless for stopping crime, despite what we're told, although it can be of use at catching people after the act. But am I the only one who is worried about this development?

In days gone by we had the best surveillance technology in the world: the neighbours. For 11 years I lived in one of the roughest areas of London and had no fear of burglars because I knew that the grandmother living across the street sat at her front window all day and could spot a "wrong 'un" at 50 paces. Sadly we now put our trust in technology, not our friends.

We should also consider who is watching these cameras. Sitting on your backside all day as a professional voyeur is hardly a skilled job and the police seldom do it. It's left down to poorly paid contractors who have every reason to abuse the system. Frankly I don't trust these people further than I can throw them, and it's about time we worked on bringing collective responsibility back to society rather than entrusting it to technology.

Shaun Nichols: Perhaps it's because I've never lived outside the US, but large-scale surveillance really gives me the creeps. For surveillance systems to work, people have to constantly trust whoever is on the other end of the camera, and few people trust the government to that extent. Who knows the person watching that footage and what they are doing with it?

Don't get me wrong, camera systems can be very good for collecting evidence of things such as drug dealing hotspots, but they're not particularly useful for most crimes. In a city of several million people, what chance do the police have of catching the guy who mugged me when they look at the video hours later?

I think everyone would be safer and happier if most of the money spent on installing and maintaining these surveillance systems was instead used to put a few more cops on the beat.

3. Digital Rights Management (DRM)
Shaun Nichols: Many of the dangers we suggested on this list thus far have been hypothetical. But with DRM software we've already seen the dangers and some of the problems they can cause.

Let me start by saying that publishers do a have a right to stop the theft of their products through piracy and unauthorised redistribution. The problem is that the companies have gone way too far with the idea, and seemingly come to the belief that purchasing digital content constitutes waving one's right to privacy.

When DRM software starts doing things such as archiving my system information and sending it to an external server, I get upset, and I believe rightfully so.

The best example of this was the Sony rootkit case. The company became so paranoid about users sharing songs that it went as far as to load the disks with software that covertly and illegally installed programs on customers' systems.

Fortunately, this is beginning to go away. After years of insisting that DRM was absolutely necessary, publishers are finally starting to listen to their customers and cut back on, or completely eliminate, many DRM components.

Iain Thomson: Back when Shaun was still dealing with toilet training, DRM showed its ugly side: the Brain virus. This attempt to stop the piracy of a medical software package turned into a virus that knackered computers across the world. Sadly, big media hasn't learned that lesson.

Shaun rightly highlights the Sony rootkit case. What was so disturbing about that incident wasn't the software itself, but the apparent arrogance of Sony in presuming that its rights to protect intellectual property were more important than the safety of our computers. This lesson hasn't been learned, if the current ACTA treaty is anything to go by.

What makes it worse is that DRM is largely useless. Media companies can hire a handful of people to design code that will protect their copyright. But there's an army of people out there who will devote hours, days, even years to defeating it just on principle. Sooner or later this arms race will be lost by DRM, but I fear a lot of computers are going to be messed up in the meantime.

2. Windows
Iain Thomson: When Shaun and I were coming up with ideas for the weekly Top 10, the topic of dangerous technologies came up and it hit a spark. I sat there thinking 'Windows', and the fact this isn't number one is down to his winning a spirited argument and having logic on his side.

On one level Windows spawned the computer's acceptance by business. Having one standard to work to let developers build applications that everyone could use and made computing a safe choice for the IT buyer.


But, as we've seen from agriculture, monocultures are useful in the short term but can be incredibly damaging at the end of the day. Having Windows on 95 per cent of computers a few years ago meant that malware writers had a big, fat bullseye to aim at, and ultimately helped spawn the online fraud industry that is making everyone's lives a misery.

It's not that Windows is bad code, although it has been and still has serious weaknesses. It's that having one standard to rule them all is very bad security practice. Apple makes much of the fact that it doesn't get viruses, but that's got more to do with it being a smaller target. Personally, I'm sticking with Linux until it gets to be such a big target that we get malware problems there, then BeOS gets a turn if it's still up to date thanks to volunteers.

It is possible to make Windows secure, but it takes a hell of a lot of work and most IT managers have enough problems on their hands to make locking down corporate networks next to impossible.

Shaun Nichols: Windows in and of itself is a huge security liability and, while some of it is Microsoft's fault, not all of it is.

First and foremost, the company got serious about security way too late in the game. The Secure Development Lifecycle seems to have had a very positive effect on securing Windows, but it only came after the floodgates had been opened for several years and tens of millions of users were left at risk.

As Windows XP transitions into Windows 7, the new security practices should become even more apparent, but with malware now becoming such a lucrative industry the attacks will also become more sophisticated.

There are also factors beyond Microsoft's control that make Windows dangerous. The sheer number of unpatched and poorly maintained computers in the world is more than enough to keep the world's botnet herders knee deep in victims for years.

Sometimes users are too lazy to install monthly updates, other times they are using pirated copies of the software that can't be updated. Regardless, the amount of 'low-hanging fruit' out there is what keeps much of the malware industry thriving.

This does not mean that Mac and Linux users should ignore security. Just because you're not the prime target for infection doesn't mean that people still aren't targeting your system.

1. Viruses
Shaun Nichols: Many of our technologies on this list have very legitimate and highly useful purposes. I can't, however, think of too many legitimate uses for computer code that can automatically install and replicate itself on a system without any user knowledge or interaction.

Initially developed as a bit of a curiosity or joke, computer viruses (and worms) have become a primary threat to IT worldwide and their eradication has spawned a multi-billion dollar industry.

Up until the internet boom, viruses were primarily just a threat to the surrounding software; the worst that could happen was that a destructive virus could wipe out your system. This meant the possible loss of huge amounts of data, but the only worry was destruction.

Over the past decade or so, however, malicious programs have gone from destructive to larcenous. Losing your system can be pretty bad, but it's nothing compared to having your bank account wiped clean or your credit card stolen.

Iain Thomson: I kind of miss the old days, when viruses were done for bragging rights on message boards. Now organised crime has got in the game and things have become much worse.

Viruses have the potential to screw up the computing model in two key ways. Firstly, as Shaun has mentioned, they can destroy vast amounts of data. This has become worse through the interconnected nature of computers.

But viruses also damage confidence. E-commerce is going to become an ever increasing part of the global economic system, but fear of infection or theft is stifling that. Already people are being turned off online banking and shopping because of the fear of getting their credit rating junked by a phisher. This is going to get worse before it gets better.

Law enforcement used to love the old-style virus writers. They weren't profit-motivated, and once caught coughed up everything for fear of going to jail. Now we face distributed teams of highly motivated criminals who bring to computer crime the same level of criminal nastiness you see in armed robbery, mugging and murder.

The battle against viruses will never end, barring a major advance in technology or users getting much smarter. To quote Winston Churchill: "This is not the end. It is not even the beginning of the end. But it is, perhaps, the end of the beginning."

 


No comments:

Post a Comment

 
Locations of visitors to this page