Why Broadband Is A Security Feature

 
 
By Larry Seltzer  |  Posted 2003-03-24
 
 
 

If youre a broadband user and you get a firewall, youll immediately notice that there are people probing your computers. Users on the really big broadband networks like Comcast are regularly scanned by hackers looking for low-hanging fruit, such as systems infected with NetBus or BackOrifice—and maybe even those of you violating your terms of service by running Web servers or news servers.

Since youve got an always-on connection and an IP address that is, if not static, at least relatively quiescent, youre more of a target than the dialup user who has a dynamic address for relatively brief periods of time. All this has given some people the impression that broadband users have more security problems.

But there are better reasons to feel that broadband helps you to protect yourself against security problems than that it exposes you to them. Two points: As a desktop user, the most important thing you can do to protect yourself against common attacks is to keep your software up to date; and the most important threats to you are viruses.

A session at Microsofts Windows Update or Office Update can involve the download of tens of megabytes, especially if you let yourself get behind. Thats the kind of load that can discourage a dialup user from bothering. But its not that bad for most broadband connections. And if you dont apply these updates, you are leaving yourself vulnerable.

I dont want to downplay the importance of firewalls to home users or tell you that you shouldnt run one, but they simply pale in comparison to antivirus protection in terms of importance. And as a market theres something less interesting about it, since one of the best firewalls—ZoneAlarm—around has a free version. ZoneAlarm is not alone in throwing many non-firewall functions (like cookie- and popup-blocking) in with the product in order to broaden their appeal.

There have been famous attacks that have caused broad damage and would have been blocked by good firewall practice, but almost all were aimed at servers. In the meantime, the world is filled with dangerous viruses that a user can get by doing nothing wrong at all.

But just as Microsoft has patched most vulnerabilities long before they are exploited, dangerous viruses always appear in the virus definitions of major vendors long before they reach large numbers of users. The only trick is to keep updating the program and virus definitions. I shake my head in disbelief every time I hear this, but most users dont. The answer to overcoming the inertia and laziness involved is to make running and updating antivirus software and the operating system as brain-dead-easy and unobtrusive as possible.

Microsoft and the antivirus vendors have done a pretty good job over the years of making updates easy. Current versions of Windows not only will download updates automatically; they will (optionally) install them on a schedule. Developers of antivirus software have done this with their definitions for some time, although they are less aggressive with program updates, since many of the applications require a reboot of the system. I know from personal experience that the large size of these updates have dissuaded many people, especially those without dedicated phone lines for their computers.

Were going to have to make it as easy as possible for users to stay up to date. The best way to do that is with broadband, which will eliminate any claim that its a burden to update.

Security Supersite Editor Larry Seltzer has worked in and written about the computer industry since 1983.

Rocket Fuel