Tuesday, February 15, 2005

Viruses gone wild

The CNET article I've linked to discusses the possibility of viruses infecting home appliances, cars, etc. as they gain more sophisticated computing capabilities and internet connectivity. Personally, I'm not really sure what the advantage would be of having a net-connected refrigerator or toaster, but then again I didn't think that anyone would want to buy books online --- and give up the enjoyment of browsing through the books at a bookstore. My take-home lessons:
  • Until Microsoft gets its act together, avoid running Windows on appliances like media centers or cell phones. It's not just that Windows is the most common OS in the ecosystem (and thus most attractive to virus writers); its distribution philosophy (and, I would say, underlying architectural principles) facilitate infection.
  • Think before you connect any computerized device to the internet. Tivos dialing in directly are secure. Though Tivos run Linux, the distribution seems pretty well secured; I'd make sure I had a home firewall before connecting it via the internet, anyway.
  • Use a hardware firewall. Even if you will only be connecting one computer to a cable modem sitting right next to it, get a name-brand firewall box (should be less than $50) and connect it between your computer and the broadband hardware. Use the free ShieldsUp! service at Gibson Research to test your firewall. It's my understanding that a new Windows machine is likely to be infected with malware before it is able to finish downloading the latest OS patches from Microsoft, if connected to an unsecured network.
  • In a ideal world, wifi access points would be sold with randomized network IDs and WEP passwords, printed on a slip of paper in each box, and with encryption on. Unfortunately, they're universally shipped wide open --- like selling door locks that all have the same keys. Either secure your wifi (and test it) or don't buy it.
  • Secure your computer as though the other layers of security don't exist. Turn off services that aren't needed. I run both Mac OS X and Linux at home; OS X has pretty much everything nonessential turned off by default (and a software firewall turned on), but Linux usually has a bunch of daemons running and services enabled that I don't need.
  • If you think of a good argument for getting a network-enabled toaster (other than stupid toaster tricks), please let me know.

No comments:

Post a Comment