Security distributors and vendors unperturbed by Internet filter trial

ISP-level filtering to have no impact on demand for security software offerings

Potential misconceptions over the Federal Government’s contentious Internet filtering scheme will not affect demand for filtering software, according to security vendors and distributors.

The Federal Government is moving ahead with trials of a clean feed Internet scheme, part of a $128 million Plan for Cyber Safety, that will impose national content filtering for all Internet connections and block Web pages detailed in a blacklist operated by the Australian Communications and Media Authority (ACMA).

Since its announcement, the trial has received a torrent of criticism regarding its viability and how it will be executed. The recent leaking of the reputed ACMA blacklist on Wikileaks revealed a handful of legitimate websites were wrongfully blocked, generating more scepticism.

Security distributor, SecureServ general manager, Vic Whiteley, expressed concern over the Government’s vague approach to the Internet filter but did not see any threat to security software demands.

“No customers have raised any concerns with our offerings,” he said. “But from a personal standpoint I can see how there would be confusion because no one seems to know anything about it.”

Symantec CTO, Mark Bregman, highlighted the ability to personalise filter policy settings as a major factor for continued opportunities for software vendors.

“I think if you take it down to different levels, I might want, as an individual user, to set the policy for me or my family,” he said. “So we do have technologies like our family safety products that allow families to set a bunch of parameters.

“As a user, I might want to be more or restrictive than that, I might want to have a different approach to other people. So there is going to be a layered approach and there will be a need to have both.”

AVG A/NZ marketing manager, Lloyd Borett, also disregarded the proposed content filter as competition to existing security products.

“The Net Nanny filtering software was made available by the previous Government for free and it was a complete disaster,” he said. “My personal opinion is the content filter will not work.

“Trying to filter the Internet is as effective as boiling the ocean with an electric kettle.”

Borett suggested the Federal Government’s blacklist approach was ineffective due to the fluid nature of the Internet.

“If you take Internet scams for instance, 200-300,000 websites are being created each day to host criminal Web exploits,” he said. “Eighty per cent of them are active for 10 days or less, so you can see how highly transient the Internet is, so a blacklist strategy simply doesn’t work.”

Whiteley shared Borett’s sentiment.

“There are millions and millions of websites and more sprout up on a daily basis,” he said. “Unless they block everything, it would be impossible to filter.”

Bregman, meanwhile, raised concerns about the potential for the ISP-level filtering scheme to be abused for political or corporate agendas.

“I don’t think anyone would object to blocking and filtering illegal content, but once that is in place, where do you draw the line?” he asked. “That is the concern. Are political or business interests going to change the filter subtly? Are ISPs going to make sure content from their competitors does not get through?

“That is the problem people worry about. So once you allow, or put in place the technological capability, how do you control the use of it?”

There are currently six ISPs involved in the Internet filter trial. Optus is still in talks with the Government regarding its participation and cannot confirm whether it will be offering the filter to customers on a voluntary basis.

For a more comprehensive timeline, check out our content filtering story slideshow.

Tags internet filtering schemesymantecsecureserv

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

1 Comment

Lloyd Borrett

1

Internet filering isn't a solution

As an Australian citizen I’m very interested in the Internet filtering debate. I have problems with a secret blacklist. As I understand it, the media, TV, films, books etc. that are on the Restricted Content (RC) list is public information. However, it seems the web sites/pages rated as RC and put on the RC blacklist are not revealed to the public, thus the decisions can’t be challenged and errors corrected. The secretive nature of the blacklist is something that greatly troubles me.

Of course, technically it’s pretty easy to work out what’s on such a blacklist. Thus it’s a fair bet that the list will be regularly published. So the truly interesting aspect will be to see how those that do this are treated under our laws. It will be also very interesting to see how the mistakes in the list that will inevitably be revealed, will be treated. This stuff will continue to haunt every government because those opposing the secret blacklist know how to raise public awareness.

Through my work as the Marketing Manager for AVG (AU/NZ), the Australian and New Zealand distributors of the highly regarded AVG Anti-Virus & Internet Security products, I have tremendous insights into the fight against those using the Internet for illegal activities.

I’m not going to detail all of the technical issues about how it’s virtually impossible to block content on the Internet. (Trying to filter the Internet is about as likely to succeed as trying to boil the ocean with an electric kettle.) Or go into speed issues, or most of the other technical issues that are typically raised. I can assure you that those who want to can bypass any Internet filter.

AVG Technologies (AVG-T) is ahead of the pack in fighting the war to protect Internet users from those trying to steal from them. The AVG-T researchers see how the cyber criminals are using the technology and resources available to them to fight the security protections security vendors put in place. So let me explain to you just what is currently going on, and why when these same techniques are adopted by those trying to publish RC content, no blacklist will ever work.

Today, the cyber criminals use poisoned web pages to distribute the malware files that they want to run on your PC and use to steal your information. For the last three years this has been the fastest growth area of Internet crime, and today it’s the largest attack area by an order of magnitude.

The bad guys send out an e-mail enticing you to click on a link to a bad web page. Or they hack the web pages of legitimate web sites (like that of the dentist in Queensland). Or they pay to advertise on web sites, or post links to bad pages on Web 2.0 and social web sites. You click through to the bad web page and the malware loads and runs on your system. Unless you’re protected by AVG. :-)

Many of the other security vendors decided that they would build blacklists to protect people from these poisoned web pages. Sound familiar? But the blacklists don’t work. For a start, most blacklists only work at the web site level, not the web page level. So if there is one bad page on a hacked web site, the whole web site gets blocked. So if there is one bad page on Facebook, all of Facebook is blocked. (With a mistake in their blacklist Google blocked the whole of the Internet for some hours not long ago.)

But you just can’t keep a blacklist up-to-date, even if like Google you have the world’s most powerful resources to scan the web for problem pages. Besides, the criminals know the weaknesses of blacklists and have changed their tactics.

Today the AVG researchers see 200,000 to 300,000 new web sites created per day to host malicious web pages with malware payloads. Yes, that was right – PER DAY. Even worse, 60% of these web sites are only active for 1 day. 80% are gone after 10 days. So these threats are highly transient. No blacklist can ever keep up.

Consider this. The Queensland dentist web site was hacked by the bad guys some two years ago. It was probably cleaned up weeks later. But it was still on the RC blacklist. So on a list of just 2,000 web sites/pages, this mistake was present for two years and would probably still be present for years to come had not the content of the RC list been revealed and the error highlighted. It’s only when such a blacklist isn’t secret that such problems can be identified and addressed on behalf of those falsely impacted.

False positives like this will happen all of the time. The bad guys hack hundreds of thousands of legitimate web pages and then turn the exploit on and off at will. Most get cleaned up quickly by the web site owners. Then the web site owners begin the fight to get off the various public blacklists.

An example. In February 2008 an AVG (AU/NZ) staff member noticed that the St Kilda Football Club web site was being blocked by Google. It was discovered that all 10 of the AFL club web sites hosted by Telstra BigPond were being blocked by Google’s blacklist. I contacted the AVG-T Chief Research Officer and he ran checking tools over these web sites. No exploit was found to be active, at that time. We never found out if this was a false positive on Google’s part, or if those 10 AFL club web sites had been hacked and then cleaned up. We notified the AFL clubs. Of course, with the might and power of Telstra, the AFL, and 10 AFL clubs, the Google blacklist was fixed in a few days.

Another example. A web developer on the Mornington Peninsula used a certain legitimate technique on a number of web sites he created for local businesses. But as it’s a technique commonly used by the bad guys, Google incorrectly blacklisted these web sites. The web developer quickly fixed the problem. 18 months later he was still fighting to get Google to fix their blacklist. At least one of businesses folded as a result of the loss of income. It’s going to be interesting to see how BetFair and the Queensland dentist handle the revelation that they were on the RC blacklist.

If governments adopt the technologies to put blacklists in place, the RC content publishers will simply adopt the same transient techniques currently being used by other cyber criminals to make blacklist useless. No government body will be able to put in place the operational procedures and logistics to use a blacklist effectively in the resulting highly transient environment. And if the list isn’t public, others won’t be able to point out the problems. Those falsely impacted won’t be able to do anything to get the list fixed.

Stephen Conroy says the federal government is looking into using advances in technology to see if they can make improvements. But this study is fundamentally flawed. It fails to account for how the bad guys will react and begin to use existing available technologies to circumvent a national blacklist.

If I thought Internet filtering could make a difference, I’d fully support it, provided proper checks and balances were in place. Even though I have liberal views on privacy, censorship and freedom of speech, I’d support any technology that would be effective in combating the publishing of RC content, with proper checks and balances in place.

The current debate has shown how the existing anti-RC solution is flawed. It has shown how we don’t have the proper checks and balances in place. Plus it’s shown that those in places of power making these decisions on our behalf continue to head in the wrong direction, doomed to repeat the same poor outcomes.

Why would any government want to take on the ongoing political grief of trying to justify having a secret blacklist? It can never possibly be effective, let alone be the silver bullet some proponents would like us to believe it would be.

The answer to the problems caused by RC content isn’t a blacklist at all, let alone a secret one. It’s increased law enforcement resources. Smarter ways to trap the bad guys. Use their online traceable activities against them.

But most importantly of all, it’s all about better education of the people of Australia. What the problems are and what they can do to protect themselves and their family members. We teach children how to cross the road safely. We teach them how to be safe in the water. We need to teach parents and children about how to be safe on the Internet.

Best Regards, Lloyd Borrett

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?