web analytics

Rob O’Neill’s front page story on today’s Computerworld draws on research by US-based Objectwatch saying the total cost of IT failure in New Zealand is $5.4 billion a year. The story is not online at the time of writing.

Objectwatch’s CTO, Roger Sessions calculated the cost globally, for the US and for New Zealand saying the number includes the indirect costs as well as direct costs.

The number seems large for two reasons:

  • First. For a country with around 4.3 million people Sessions’ waste amounts to around $1280 per person or roughly three percent of GDP*. In plain English that means IT failure wastes one out of every 20 dollars earned in New Zealand.
  • Second. According to IDC numbers in a press release issued in August New Zealand’s total IT market was worth $5,911 million in 2008 and is growing at 3.6 percent. So Sessions’ statement could be interpreted as saying the money spent on IT is wasted.

On this basis we’d be better offer dumping computers and switching back to trusty old adding machines.

Willie Sutton understood.

When asked why he robbed banks, Sutton said it is because “that’s where the money is”.

If Sutton were alive today, he’d be online. That’s where you’ll find today’s bank robbers.

Sutton’s heirs reached the same conclusion. Criminals cottoned-on to online early in the piece. They’ve been active almost as long as computers have used telephone lines to swap data.

The early computing underground grew out of phone phreaking – a murky, highly technical game where the aim was to use the world’s telephone lines without paying tolls.

Computer crime started in the 1960s

The first widely reported cases of computer crime Came in the 1960s. During the early days, electronic misdemeanours were usually inside jobs.

An explosion in online communications over the past 15 to 20 years has seen the problem grow in size and scale. Insiders remain a large part of computer crime, but these days the emphasis is more on external activity.

United States Department of Justice statistics show that reported online crime cases increased 43 percent between 1977 and 1999. The statistics also note that online crime is notoriously under reported. This means nobody knows for certain, but anecdotal evidence says that many companies are paying blackmailers and sweeping theft under the carpet in the hope that other online criminals don’t notice their vulnerabilities.

Some hope.

Online crime is everywhere

The tentacles of online crime reach everywhere. A 1998 report by Pricewaterhousecoopers (pwc) found 73 percent of US companies experienced a security breach in the previous year. Incidentally, matching this figure against reported online crime confirms companies only report a fraction of incidents.

The numbers have stayed at roughly the same level for the past decade. A survey conducted earlier this year Forrester Consulting on behalf of Veracode found two-thirds of UK companies reported a security breach in the past year. More recently Beverly Head at iTWire in Australia reported; “Small and medium Australian enterprises are particularly vulnerable to computer security breaches, with the average SME breach costing $37,661”.

Insiders give way to outsiders

The ten-year old pwc report found that authorized employees were responsible for 58 percent of the reported breaches in 1998.

In a later report by the same company, pwc technology risk specialist Mark Lobel noted in 1999 hackers accounted for only 14 percent of reported security breaches. By early 2000 hackers accounted for 50 percent of all online break-ins.

There’s a clear shift away from online crimes committed by disgruntled employees – other surveys have found a correlation between corporate restructuring and internal compromises of computer security – to crimes committed by outsiders.

In part this move away from insider jobs reflects better security rules, tighter control and more all round professionalism on the part of corporate IT departments. Like any effective local policing operation, the main upshot is that the criminals have moved elsewhere.

Yet companies are still in denial about the external threat. Last month SC Magazine reported Businesses skeptical about external hacking. Iain Thomson writes:

A global survey of IT managers from IDC and sponsored by Dimension Data has shown that the majority think that having the company hacked from the outside is highly unlikely.

Changing nature of bank robbers

The nature of internal security breaches is also changing. In the past employees would either vandalise their employer’s systems as an act of revenge or use them to steal money.

For example, in May 2000 network administrator Tim Lloyd was found guilty of sabotaging the company network he spent years of his life building. The cost to his employer, Omega Engineering, was more than US$12 million. Lloyd plotted the destruction as his standing in the company diminished. Then, three weeks after his sacking, the system ground to a halt after a software time bomb deleted almost all the company’s programs and data.

These days, external problems are more likely and are criminal money-raising exercises, not retribution.

Called to the dark side

There’s another force coming into play. The kids who were hackers back in the glory days of 1980s were mainly idealistic. They hacked for fun, the approval of their peers or just to show off their skills. Today these people are middle-aged They have mortgages, schools fees and other bills to pay. Many are successful. A minority are not. The temptation to go over to the dark side is strong.

In February 2000, Mark Rasch of Global Integrity Corporation appeared before an US senate appropriations subcommittee and told politicians that today’s employees are more likely to steal sensitive customer or market information before they head off and form and float their own dot.com company.

Underlining his point, Rasch said that theft of proprietary information and intellectual property increased by 15 percent since 1998. He also testified that unauthorized access by insiders has increased 28 percent and system penetration by external parties increased 32 percent from 1998. Both statistics support other data showing the threat is moving outside of companies.

ERP is risky

In his report for pwc, Lobel writes that trade-secret theft and information loss is three times higher in businesses employing electronic supply chains, ERP or e-commerce and that revenue loss is seven times more likely to hit e-commerce sites than non-e-commerce sites.

He writes;

About 60% of those who sell products or services on the Web report at least one or more security breaches a year, 22% experience information loss and 12% suffer data and trade-secret theft. More than half of those with non-transaction sites report one or more incidents. And the number of hits from outsiders is on the rise.

Reports from organizations as diverse as the Australian Federal Police, the Computer Security Institute, the FBI and the United Nations all confirm the rising menace of cyber crime. At the same time as online crime increases in value and number of attacks, it is also increasing in its scope.

Today the range of activities is wider and wilder than ever. For example the early part of the decade saw the rise of denial of service (DOS) attacks. These are events where e-commerce sites are effectively rendered unable to do transactions because a large amount of dummy traffic jams incoming data lines. A spate of DOS attacks in late 1999 and early 2000 took high-profile sites like Yahoo!, eBay and Amazon.com offline.

International crime

Another disturbing trend is the cross border nature of computer attacks. Five years ago almost all computer crime was local – that is criminals and their victims were in the same country. Today crimes are remote. The most visible hot spots are Eastern Europe and the ex-Soviet Union.

And then there’s China. Some experts suspect, with some justification the country’s government is either sponsoring or turning a blind eye to organised computer crime. And China isn’t the only suspect.

Authorities everywhere have finally caught up with the technology. They now recognise the potential to commit crimes using computers and other information technology tools is one of the greatest law enforcement problems of our times.

They could have reached that conclusion quicker if they remembered Willie Sutton – because online is where today’s money is found. And it’s where you find bank robbers.

It’s hard to tell if AVG Anti-VIrus Free 9.0 offers decent PC security. That’s because the application is so annoying, it imposes such an overhead that it had to be deleted before testing finished.

At times free is too high a price.

AVG Anti-Virus Free 9.0 is still only two weeks old. It arrived about the same time as Windows 7 and is compatible with Microsoft’s new operation system.

The program is available at AVG’s free web site – but I don’t recommend it.

It is only a small download at 869Kb. It takes seconds with broadband. The first file is a downloader which fetches and installs the rest of the software.

The process is easy enough. Yet the second screen you see is only the start of what becomes an annoying and shrill sales pitch designed to control your choices and trick you in to paying money. It appears AVG has learnt from the scam artists the software promises to protect you from.

Flakiness abounds

Your first choice is to select either free basic protection or a 30-day trial of the company’s comprehensive protection.

The implication is responsible people will choose the second option. Which means in 30 days AVG will ask you for money. Don’t worry – you’ll get plenty more opportunities to pay AVG if you choose not to do so at this point.

I thought I was downloading the free software – that’s what I clicked on at the AVG web site – so that’s what I proceeded with.

During the download AVG asks you to remove existing anti-virus software. This makes sense, anti-virus applications can conflict with each other and anyway, as each program imposes an overhead, the performance drop can multiply.

Annoyingly AVG doesn’t remove the other software. It halts and opens the Windows uninstaller so you can manually remove it. Even more annoyingly, the AVG installer closes itself at this point. You need to hunt around in your download folder to find it and start all over again – by now many megabytes have been wiped off your download cap.

Click, click, bloody click

There’s a lot of clicking throughout this process – some of it unnecessary. Then it asks if you wish to install the AVG Security Toolbar.

The software has also helpfully pre-selected the option to change your default search engine to Yahoo. This is spam – of a sort. In both cases I choose No.

It is tricky – if you click off the first box, the Yahoo box stays ticked but grayed out. This can only be designed to trick you into selecting the search engine choice.

At this point the installer had to close Firefox. Not wanting to be sent all the way back to the start like that horrible long snake at the end of a game of Snakes and Ladders, I clicked to close Firefox held my breath. Phew. The install resumes.

We are now 40 minutes into the process. Even at minimum wage rate this free anti-virus program has cost me the price of lunch and a clutch of grey hairs.

Finally

Suddenly the process is over. A box appears telling me the install has finished. But wait, what is this?

More stuff to click.

Do I agree to give anonymous information? Oh alright then. And now would I like to receive spam? (Sorry news and alerts). Please enter your email address. Are you kidding? No.

While AVG starts its first scan. I reload Firefox. In the meantime I notice the program has installed an icon on my Windows desktop. Did I ask for this? No I damn well did not. AVG asks tons of questions during the install – but doesn’t allow me to choose whether the icon despoils my desktop. At this point I’m starting to get angry.

Not responding

Meanwhile Firefox is failing to load. What’s going on here? There was a string of open tabs – none of them are visible. Windows tells me Firefox is “not responding”.

Eventually – more than an hour after the first download, Firefox opens. And what’s this? AVG has installed AVG Safe Search. Is this the toolbar I choose not to install? The name is different, so let’s assume it isn’t the same thing. I wasn’t warned or asked about it, but hey, let’s go with the flow for a moment.  So, Firefox opens at the home page – my tags are all lost.

AVG is now scanning my computer looking for viruses. I open up the scanner’s display and see what looks like a banner ad for the paid for software at the bottom of the screen.  Fair enough, the software was free and these people have to eat. I can accept advertising as the price to pay for free anti-virus.

It has to go

Before long my computer started crashing, randomly. And things went s l o w   l i ke  w a d i n g t h r o u g h m o l a s s e s. There could be only one explanation for this. I removed AVG, reinstalled Microsoft Security Essentials and performance returned to normal.

Of course, you mileage may vary. AVG Anti-Virus may rock your boat. But for me it has proved so disastrous I couldn’t even test its efficiency as an anti-virus tool. I give it zero stars out of five.

I’m impressed with Windows 7. After running the beta for months it is everything Windows should be.

Sure there are niggles – but that would be true of any alternative.

I was so impressed I decided to buy the operating system. Imagine my surprise when I discovered Dick Smith lists the Windows 7 Ultimate and Professional upgrades at $499 each.

The price is ridiculous. The same Dick Smith has notebook computers with Windows installed starting at $899. That’s notebook not netbook.

OK. I understand the $899 notebook might not ship with Windows 7 Professional. That’s not the point.

For just $400 more than the cost of a software upgrade I can have a new computer. The cheapest netbook on sale in New Zealand is $425 – just $25 more than the upgrade to Windows Professional.

At Digital Shop I can buy a desktop for just $487.64 with Windows 7 Professional installed.

That’s right. In effect I can pay just $87.64 for a new computer.

So here are my choices:

  1. Buy a new PC with Windows 7 Professional. Throw my existing, perfectly serviceable machine into a landfill. Have a better computer experience but stop sleeping at night because I’m destroying the planet.

  2. Revert to Vista or XP. This costs nothing – but will give me a more annoying computer experience than at present.

  3. Look once again at Linux.

What would you do?

Australian Reseller News, Computer Reseller News, New Zealand Reseller News and The Channel serve readers at the sharp end of the information technology industry.

While many of the stories they cover are similar to those in other technology publications, their specialist audience means  journalists have a filter. They look at the trade side of the computer business.

Mostly this means asking “what does this mean for the channel” and sticking the answer at the top of the story.

People who sell or distribute technology read these titles, they are ahead of market trends. That’s because companies need to speak to resellers and distributors before speaking to the public.

When channel publications work well, there’s a flinty realism to their approach. They deal with the nuts and bolts of the business and not airy-fairy possibilities.

New Zealand’s The Channel is mainly advertorial – that is companies pay the publisher for stories written about their offerings. And all three other titles run sign-posted advertising supplements – they also pad local coverage with overseas news stories of variable worth.

Otherwise the publications are news-oriented.

You need to show the publishers of these titles you are a bone-fide computer industry person to get a subscription to the print publications, but all four run free access web sites.

Australian Reseller News

Computer Reseller News (Australia)

New Zealand Reseller News

The Channel (New Zealand)