Monday, August 07, 2006

The day the software died - my worm and the end of the second golden age of the PC

Within a day of downloading two sharware webcam products [1] for testing with my new LifeCam I found my XP box running hot and minimally responsive. Bad feeling time.

Since Norton Antivirus, which does a full disk scan of my system every night, hadn't alarmed I tried the very latest version Microsoft's free utility for worm detection. It found nothing on the standard scan, but a deep scan and clean reported "partial removal" of W32/Mytob-W or some novel variant thereof. A follow-up NAV scan found nothing, but I will repeat with updated viral definitions and then migrate to Microsoft's new security product. This is my 3rd infection in about 17 years; one was with Win98, one with Mac OS 9 (yes!), and then this.

I will now, with less vanity than it appears, declare the end of the 2nd era of personal computing -- The Day the Music (Software) Died. It's dead. Put a fork in it.

The first Golden Age, from 1982 to 1998 was a time of amazingly creative software built on minimal resources. The first Golden Age died with the Microsoft monopoly.

The second Golden Age began with Gopher in the early 1990s and probably ended around 1999. The networked power of the second era, combined with the monoculture of the Microsoft monopoly, carried the seeds of its own destruction. When uber-geeks like me [3] are afflicted by worms and massive quantities of spam, the end is in the rear view mirror.

What will the third era look like? I think there are two paths, and we'll take both of them. One is the 'trusted computing' path of locked down software and a complex chain of control, combined with a move to software leasing and web services. Microsoft will lead this path.

The second is the trusted community path together with strong reputation management and coupled with open source and public file formats.

These paths are the Authoritarian state and the Citizen state. Sparta and Athens [3]. We've walked these roads before.

In the meantime what new measures will I take?
  1. I'll abandon Norton and switch to Microsoft's security package. I think that if one is going to run XP there's really no alternative to Microsoft for antivirus and security protection. They have the incentive, the resources, and the expertise to provide the best possible service. [4]

  2. I'll accelerate the migration of my last remaining XP machine to an OS X replacement [5].

  3. I'll install a hardware router/firewall with traffic analysis, automated shutdown and alerting to support early detection and termination of problems.

  4. I'll no longer download software from the websites of owner/authors. Instead I'll download from versiontracker and other community sites where risk is broadly shared and feedback identifies problems.
Other measures to be added here ...

[1] No, I'm not doing icky stuff, it's for the most boring and dull work you can imagine. It's a good thing I tested this at home however. I downloaded the products, one of which I'd registerd for an earlier failed project, from the author's sites. I thought that and Norton Antivirus was a reasonable combination, but I was probably wrong. I didn't bother to prove the sites were the source however, so I won't name them. The evidence is circumstantial.

It's even a bit hard to say that this really is a new event. I've gotten worms and spam from "myself" for years, but when I've investigated I found spammers were forging my address. So I wouldn't necessarily spot a worm infection ...

[2] Sure there are more XP security measures one could take. Internal and external firewall and traffic analysis, better antiviral solutions, etc. My XP machine already strains under the weight of its current security infrastructure.

[3] Ok, it's a cliche and a gross simplification. Athens was hardly pure.

[4] I know Microsoft has been performing lately like a corporation on Crack. I didn't say they'd do well.

[5] OS X is more secure than XP because it allows users to work successfully in non-admin accounts. It's also more secure because the OS X community is far more interactive and reputation based than the XP community, the difference between a village and a city. Lastly, and most obviously, OS X machines are very expensive to acquire and have limited use in business; kids and crooks will target XP first. Of these distinctions only the first is likely to persist, and if Apple doesn't publish its own security solution soon OS X will be in deep trouble.

No comments: