Wednesday, January 25, 2006
PRIVACY: Berkman Center, Google, Sun backing anti-"malware" effort with millions
ORIGINAL URL:
http://www.technologyreview.com/InfoTech/wtr_16184,300,p1.html
POSTED: Wednesday, January 25, 2006
Google, Sun Backing New Anti-Malware Effort
Harvard, Oxford researchers aim to create Internet defensive strategies geared to consumers.
By David Talbot
MIT Technology Review
Major figures at Sun and Google -- including Vinton Cerf, one of the inventors of the Internet and now Google's Chief Internet Evangelist -- are backing a new academic anti-malware initiative that aims to spotlight spyware purveyors and ultimately give besieged computer owners simple technologies to guide their Web surfing and downloading decisions.
The new effort launches today in the form of a website, www.stopbadware.org, created by Harvard Law School's Berkman Center for Internet and Society and Oxford University. The site's initial function is to serve as a collection point for empirical information -- from consumers and technical experts alike -- about nasty code that infects computers and aims to steal data, send spam, and churn out obnoxious pop-up advertisements. The researchers behind the effort plan to use this data to understand the scourge, spotlight offending malware purveyors, and generate consumer-friendly defensive strategies.
Malware (or the anglicized "badware") is a catchall term for little pieces of code that can ride like parasites inside pieces of software, games, and other objects downloaded from web sites. In some cases, the malware slips in when the user merely visits certain sites. Infected machines often slow down dramatically and begin generating error messages. According a recent Pew Internet & American Life Project, the computers of roughly 59 million Americans suffer from these digital infections. And home computer users spent roughly $3.5 billion in 2003 and 2004 to fix the problems, according to a recent Consumer Reports investigation.
"There are lots of efforts at fighting spyware or badware," says John Palfrey, the Berkman Center's executive director. However, he adds, until now "there has been no consumer-focused, disinterested, nonprofit effort that will give consumers guidance in terms of what they want, or don't want to download on their computers. We can bring expert guidance." The research team will comprise researchers at academic institutions, including Harvard, MIT, and Oxford.
While the research will be done by academic figures, Palfrey says, it is supported by grants from Google, Sun, and Lenovo, the Chinese company that bought IBM's PC business. He said the grants are in the "multi-year, multi-million dollar" range. Consumers Union, the publisher of Consumer Reports magazine, is helping design the program and assisting with strategies for notifying and educating consumers.
Google's Cerf will offer technical input when it's sought by the researchers, Palfrey says; as will his two counterparts at Sun, Greg Papadapolous, chief technical officer, and Carl Cargill, director of standards, and Lenovo's George He, chief technology officer. The team hopes to publish academic research, inform consumers, and highlight offending companies. Its long-range goal is to give consumers a simple collaborative technology for gauging the likely hazards of a web site they are considering visiting, or a file they're considering downloading.
Berkman cofounder Jonathan Zittrain, now also the chair in Internet governance at Oxford, who helped hatch the idea for www.stopbadware.org, says this technology might take the form of a kind of PC "dashboard" that indicates the level of novelty or danger associated with a piece of code. This "dashboard" would draw upon the anonymized, aggregated mouse clicks and experiences of thousands or even millions of PC users.
To be sure, companies like Symantec are already offering sophisticated anti-malware products. Microsoft, too, regularly provides operating system updates meant partly to fight malware. And myriad small companies offer services; a recent entrant, SiteAdvisor, is launching a product that offers web site ratings based on its automated web-crawling technology. The key question all consumers should ponder, Zittrain says, is: Who gets control over decisions to either banish a piece of code, or allow it through? "The definitions of what is bad and what is not are not agreed upon; software is constantly changing," he notes. So giving one company control over the decision to block may not be the right decision for all people.
Zittrain argues that today's anti-malware efforts may prove to be highly effective solutions. Yet they also reflect a toehold of corporate control over individuals' computer activities that could metastasize into something more invasive, or one day serve as a vehicle for court-ordered software purges. Consumers should worry, too, that a worsening of Internet security -- especially a successful cyber-attack -- could precipitate heavy-handed government regulation akin to the USA Patriot Act that followed the September 11 attacks. He describes the project as an effort to head off this dystopia, and preserve consumer willingness to operate open PCs. He calls the project a "collaborative effort to define the axes along which software can be evaluated, to develop and distill those evaluations in ways that consumers can understand, and in which they can participate, and to ultimately create an environment where heavy-handed regulation isn't called upon to deal with these ills in wa!
ys that cause a lot of collateral damage."
Sun, Google, Lenovo, and Cerf did not immediately respond to interview requests. But in a written statement, Cerf sounded a dire tone: "I believe the potential growth of the Internet will be limited if we allow invasive badware and spyware to continue to fester without strong action. All consumers must be in control of their experiences when they browse the Internet and the mass proliferation of badware threatens this control. We cannot allow that to continue. In order to stem the unimpeded growth of badware, we must develop a better understanding of the avenues by which this abusive behavior is conducted in order to inhibit its effects -- and I believe that this initiative will help with that." He added: "The providers of Internet services and software simply must get this problem under control." Yet, in not immediately responding to questions, Cerf and Google left unanswered such questions as whether their www.stopbadware.org involvement might presage a Google bid to enter!
the PC market with, say, a machine that wards off "evil."
What's clear is that the malware problem is far more than merely annoying. To many leading figures in Internet research, these problems could erode consumer confidence to the degree that Internet growth is stalled (see "The Internet is Broken"). Earlier this year, MIT's David D. Clark, an Internet elder statesman and onetime chief protocol architect, characterized the problem this way in a conversation with Technology Review: "We might just be at the point where the utility of the Internet stalls -- and perhaps turns downward." In recent months, Clark himself has been trying to cobble together a government-funded research effort to design new Internet architectures more in tune with the modern era, incorporating security features and other improvements.
----------------------------------------------------------------
This article above is copyrighted material, the use of which may not have specifically authorized by the copyright owner. The material is made available in an effort to advance understanding of political, economic, democracy, First Amendment, technology, journalism, community and justice issues, etc. We believe this constitutes a 'fair use' as provided by Section 107 of U.S. Copyright Law. In accordance with Title 17 U.S.C. Chapter 1, Section 107, the material above is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. If you wish to use copyrighted material from this blog for purposes beyond fair use, you must obtain permission from the copyright owner.
