Gates Fiddles as PCs Crash and Burn

Imagine for a moment that fires are raging all over the Los Angeles area. Fire-emergency officials broadcast that the only way they’re willing to combat the spreading flames is to hunt for teenagers with matches. No flying fire extinguishers, no firefighting forces, even though both the manpower and equipment are available and the Santa Ana winds are blowing. Citizens who don’t put fires out by hosing down their homes and lawns have only themselves to blame.

This is essentially the way computer viruses are fought today -- Internet citizens are responsible for putting out the fire by not opening e-mail attachments and by buying and updating anti-virus programs, such as Symantec Corp.’s Norton Antivirus, that detect and delete virus files before they have a chance to infiltrate computers.

And if we happen to mistake an attachment or fail to make an update? It’s our fault, which is a big problem, because in the arms race between hackers and anti-virus programs, the hackers have the upper hand.

In reality, scruffy 16-year-old hackers who want fame by way of infamy can infect your computer whenever they please because operating system vendors -- yes, primarily Microsoft -- don’t inoculate their software for infestations before they sell it to you. And, adding insult to injury, the ability to inoculate software before putting it on the market has been around for years.

One of the most trusted inoculation methods is called a “checksum,” which is a computer code that mathematically checks the integrity of software operating systems and applications and pinpoints problems that can then be solved before the software gets to you or me.

Back when the word “computer” meant a machine that took up a room in a big company, Texas-based Digital Equipment Corp. was one company that built effective virus protection into its operating systems, and it had to deal with formidable “hackers” like enemy governments and industrial spies. As luck would have it, DEC didn’t survive the PC boom, but it proved that checksums work.

In fact, checksums and other inoculations are plentiful. Tech security businesses such as Symantec and Network Associates can make these products available to operating system vendors. When they’re used, their success rate exceeds that of most birth control methods. The consensus of security studies over the last few years is that 85% of all computer hacks succeed only because the fixes, such as the trusted checksums, are simply not applied. If they were in place, it would be like seeing on the news that 85% of a fire is contained.

Last November, heavy hitters in the tech security world testified before Congress that devastating virus attacks were inevitable because of the holes that Microsoft and others, such as Sun Microsystems and Novell, were leaving in their operating systems for no good reason. The testimony is still available on the website of the House Committee on Energy and Commerce. Microsoft reportedly was invited to attend the hearing but declined.

Security experts say the cost of creating a virus-inoculated operating system is relatively minor. When pushed to give a dollar figure, one expert estimated that the cost of a checksum-vaccinated Windows application, if passed on to the consumer, would amount to an additional $5 per shrink-wrapped purchase. I say, sold!

So, why haven’t Microsoft or the others solved the problem? Let’s use Bill Gates as the ringleader example, because others will follow whatever he does and do nothing if he won’t. Gates hasn’t solved the problem because it means licensing someone else’s checksum. The emperor has proved over the years that he is not a fan of renting things; he wants to own them. So far, the tech security companies with the solutions aren’t for sale.

And so far, Microsoft has waited to do anything -- leaving consumers in the lurch. Last summer, Microsoft purchased the anti-virus assets of GeCAD Software, a Romanian company, but as yet Gates isn’t talking about what Microsoft will do. He fiddles while we burn.

In the meantime, there will be days when up to 20% of your e-mails may contain a virus. And that virus, quite possibly, could infect your computer whether or not you open any attachments.