Much in the last few months has diverted my thoughts to the inherent lack of education in our computer-using population on the risks inherent in powering up their PC of a morning. The viruses, the spam, the popups, the trojan horses, the ads for viagra (and worse), the files to download that carry out who knows what attaks in the future. I met John Thompson, CEO of Symantec, last week. His job is to frighten people, and he does an amazing job. He quotes stats like, “Blaster infected 90% of its targets in the first 15 minutes”, notes that recent phishing exploits have been replicated from over 8,000 hosts (versus a few dozen or hundred in the previous generation), or that pretty soon he expects a “Day Zero” attack – a piece of code that exploits an unknown vulnerability, bringing us all to our system knees. Simon Moores has been on this page for a while, and reinforced his position with this piece recently. Others are doubtless there too, but what to do?
Well, my vote is that it’s time to take us back to our childhood. To the time when a basic part of our education was the “Green Cross Code” (populated by Dave Prowse, he of Darth Vader (in)fame). People in the office reminded me this week as I waffled on about the idea that I might have to talk about the “Tufty Club” to ensure that some people tuned in to what I was on about. The Green Cross Code is still alive and well in the UK, via the hedgehogs website. Tracking down the Tufty Club is hard, and it’s easier to find stuff like this than to find any real reference.
A Green Cross Code for the Internet age, adopted by equipment vendors, ISPs, government, the broadcasters, key magazines, newspapers and backed by online and offline press would help educate people on what to do. It would bring forward the day when broadband users get firewalls with their equipment, the day when ISPs kill spam on both inbound and outbound services, the day when service providers nail viruses before they have a chance to replicate. It might also bring forward the day when rogue equipment is quarantined, before it has a chance to infect the rest of the world – after all, we treated SARS that way – what’s the difference between that and a Day Zero virus that will plague the Internet?