Is the Internet Safe? The Past (and Future) of Internet Security
When the internet first started, nobody asked, “Is the internet safe?” Trust was just assumed. But today, how can you know what to trust on the internet? Steve Gibson has participated in the PC industry since it began, and he has some thoughts.
See Online Security: Just Hope for the Best with Steve Gibson for a complete transcript of the Easy Prey podcast episode.
Steve Gibson started working with computers in 1970 and never stopped. He invented a replacement for the username and password login system known as SQRL, and is best-known for SpinRite, a mass storage data recovery and maintenance utility. He has authored InfoWorld’s TECH(talk) column for eight years, and produces TWiT Network’s weekly Security Now podcast, which has been running for seventeen years.
Solving Problems in the Early Years of the Internet
When the internet happened, it took Microsoft by surprise. They weren’t anticipating needing to add internet functionality to their devices, and so they rushed to add it to their products so they wouldn’t fall behind their competitors. But when that functionality first got added, there was no firewall protecting the C: drive, the main drive of the computer. Everyone’s C: drive was on the public internet.
When Steve first spotted that issue, he wasn’t sure he was understanding correctly. So he did a scan of his IP region, and discovered that he was correct. He could look into the main drives of strangers’ computers. Obviously, this was a big internet security problem. Steve realized he could create a website for people to go to and find out if their drives were exposed. That website eventually became ShieldsUp, which has been used over 105 million times.
The Internet Was Not Made for Consumers
Steve thinks the internet was not designed for the public. When it started, nobody was expecting grandparents and businesses and banks to get online. It was a system designed for techies seeing what they could make the technology do, and techies have a different mindset than the average consumer. It’s a bizarre system, constantly changing, and not intuitive to use or understand. Most people don’t understand how or why the internet works, and just know enough about it to do their jobs and look at their kids’ pictures on Facebook.
We have a system where we’ve struck terror in the hearts of users, saying, “Here’s a computer, but don’t touch it.”Steve Gibson
The internet is, in fact, consumer hostile. We’ve created an amazing system where we can send email from anywhere to anywhere else almost instantly. People are getting emails, and we’re telling them not to click on links. They might look at it and say, “But it’s from Mom, and it has links. Why can’t I click on those?” But is it really from Mom, or is it from someone in Russia pretending to be Mom? Or you might think you’re on PayPal’s website, but it could be a scammer just pretending to be PayPal. The average user has a hard time spotting the difference. There’s a big comprehension gap between the creators of internet technologies and the users of it, and at some point you have to be a little bit of a techie to avoid the dangers. Most people just hope for the best.
Is the Internet Safe if You Take Precautions?
If you want the internet to actually work securely, you have to jump through a lot of hoops. When Steve tries to get a document from his bank, the process is painful. They send him an email, then he has to click the link to go to a website, log into that website, click something to get sent another link to access the document, open the email and click the other link, open the document in a PDF viewer, and then print, sign, and scan it. It may be secure, but it’s very inconvenient.
Two-factor authentication is a way to make your information more secure, but it’s often inconvenient. Secure passwords are good for security, but the requirements make them hard to remember. Some requirements, like using a special character, are also consumer hostile. Steve has two-factor authentication on all of his accounts, but he hasn’t tried to get his wife to do the same. He has just created failsafes for her in case something goes wrong.
Is the internet safe if you take precautions? It’s definitely safer, but it’s also a lot more inconvenient to use.
Is the Internet Safe by Design?
When the internet first started, nobody was asking, “Is the internet safe?” You knew everybody who was on there. Even if your data was exposed, it wasn’t strangers accessing it. And it didn’t matter anyway – there was nothing of value on the internet. It was basically a big party phone line for social things. There was no reason to impersonate anyone, and it didn’t matter if you did. You wouldn’t be able to get at anything important.
Then business moved onto the internet and banks started getting on the internet. All of the sudden, the internet wasn’t just for fun and communication – it was the way the world was working.
The internet was never designed with any security.Steve Gibson
Nobody needed internet security when the internet first started, so it wasn’t built in. Ten years ago, there were viruses, but they were there because you could do them. Kids were screwing around to see how bad an infection could be. But they didn’t really do anything. Now we have malware and ransomware and other kinds of malicious viruses, and it’s really become a problem.
Now that there are profitable things on the internet, malicious actors will leverage security weaknesses to get at them. And they’re getting cleverer. We keep having to raise the bar of security measures and proving identities, and malicious actors keep finding new ways to exploit internet security weaknesses.
Is the internet safe by design? It wasn’t designed to even have anything worth keeping safe.
Will the Internet Ever be Safe?
It can be disheartening to start asking “Is the internet safe?” and find out it was never designed to be safe in the first place. Any amateur coder can create a software and release it online, and even if they mean well they could accidentally leave a large security vulnerability. No two sites have the same password requirements because there are no universal password requirements.
Any rational person would have to conclude that [the internet] is still the Wild West.Steve Gibson
But the internet is still incredibly valuable. You can get connected with a person who can help you, learn how to fix stuff from a YouTube video, look up answers on search engines, and buy products that you wouldn’t otherwise have access to. Even though it can seem like the only way to be safe on the internet is to give it up entirely, Steve thinks the answer to “Is the internet safe?” may someday be “Yes!”
The United States government has been getting more forceful about federal agencies acting. The FTC sued Equifax for not patching the problem that caused the Equifax breach, even though they knew about it for a long time. They also recently said that if companies are irresponsible in patching the Log4j vulnerability (a security issue in a logging utility many businesses use) and consumers are harmed because if it, they can be sued. And the European Union has ramped up their action with consumer protection agencies and GDPR.
Steve isn’t a fan of arbitrary regulations, but if the computer industry can’t self-regulate, it may be necessary for the government to do it. Regardless, Steve sees these legal actions as signs that internet security is getting better.
- Easy Prey Podcast
- General Topics
- Home Computing
- IP Addresses
- Online Privacy
- Online Safety
Most of us view the internet as a useful and benign tool. But in many ways, it’s…[Read More]
Here's an important piece of advice: You need to learn what Find My and iCloud.com can do...[Read More]