Will 2005 Bring a Safer Internet?

By Larry Seltzer  |  Posted 2004-12-24 Print this article Print

Opinion: I want to be optimistic, but the security situation—including spam, bugs, browser holes and spyware—is bound to get worse before it gets better.

Sometimes writing about security is just too easy. Making predictions about next year is like this in some ways. Lets pick some of the low-hanging fruit early. Even though most spam-tracking companies show that spam already comprises 75 percent or more of all e-mail, that proportion will go up in 2005. We are approaching the situation in which, I have always assumed, users will begin to withdraw from e-mail because it is so unpleasant.

It seems to me that the consensus number at the end of last year was at or just above 50 percent, so Ill assume it will go up another 50 percent of legit percentage, up to 87.5 percent. Of course, with an overall number like that, there will be many days where 95 percent or more of all e-mail is spam. No matter how good filters are, more and more is going to get through.

Will authentication, the last great hope to save e-mail, make a difference? We can hope that by the end of 2005 it will have taken deep roots, but will we be in a position where domains can really begin blocking and rejecting mail that isnt authenticated? Thats the ultimate goal, and I think it will take longer.

Perhaps this is some more low-hanging fruit. You might have noticed that December has so far been a gangbusters month for vulnerability reports. Microsoft is well-represented, not just on its own controversial December patch day, but with a separate report about the Windows Firewall and an independent report about Internet Explorer.

But its not just Microsoft. Weve also had reports this month of vulnerabilities in products from Cisco and Veritas, along with the Samba file-sharing system. There were separate reports about the PHP Web programming system and Mozilla-based Web browsers. And lets not forget the 16 serious holes Apple reported early this month.

December must have been the most bug-ridden month of 2004, but researchers tell me that inventories of unpublished vulnerabilities are running high. I think that months like December will become more the norm than the exception in 2005. Well need some new metric to quantify this, but I think the average number of vulnerabilities reported per month in 2005 will increase substantially over 2004.

Next page: Firefox flaws and the future of phishing.

Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel