Slashdot Mirror

← Back to Stories (view on slashdot.org)

UK Government Launches Virus Alert Service

Posted by Zonk on from the had-this-been-an-actual-virus-pr0n-would-have-appeared dept.

Phil1 writes "The BBC is reporting that a rapid alerting service that tells home computer users about serious internet security problems is being launched by the UK government. Has this been attempted anywhere else in the world? Was it successful? And will they be plugging the Microsoft Anti-Spyware package (once it leaves beta)?"

166 comments

  1. Anti-Virus package? by DaHat · · Score: 5, Informative

    You linked to the Anti-Spyware app... and mentioned the AV app... have they already released a beta of the AV? I know it's been purchased and in the process of rebranding... but come on!

    --
    Help Brendan pay off his student loans
    1. Re:Anti-Virus package? by Anonymous Coward · · Score: 0

      Looks like anti-spyware mentioned and anti-spyware linked to me.

  2. Next story about this will be... by GoMMiX · · Score: 3, Funny

    UK security alert service hacked, all your personal info are belong to us!

    *signs up*

    1. Re:Next story about this will be... by martin · · Score: 1

      shouldn't take for V1.1 - no confirmation of subscription as yet so I can subscribe all of /. to it.. :-)

    2. Re:Next story about this will be... by ggvaidya · · Score: 5, Funny

      You must be new here.

      Obviously, the next story will be this story posted again by another editor. :)

    3. Re:Next story about this will be... by essreenim · · Score: 0, Offtopic
      mod parent up, hehe!

    4. Re:Next story about this will be... by arivanov · · Score: 1

      It may belong to "us" without it being hacked. After all this is what "we" strive for. No civil liberties, detention of anyone without court order and without the right to see the evidence against themselves. This all combined with wasting an enormous amount of public money on gimmicks.

      Sincerely, on behalf of Tony Bliar, Lavrentij Pavlocich Clark and many other named and nameless warriors against civil rights and freedoms.

      --
      Baker's Law: Misery no longer loves company. Nowadays it insists on it
      http://www.sigsegv.cx/
    5. Re:Next story about this will be... by Spad · · Score: 2, Informative

      You must be new here.

      Obviously, the next story will be this story posted again by *the same* editor. :)

    6. Re:Next story about this will be... by HansF · · Score: 1

      Before you call it funny, it happened in Belgium.
      The belgian postal service set up a mailinglist which they used to warn people on new worms spreading.
      Only staff members had the right to post, guess somebody messed up because the Lirva virus got spread by this list. (Translation of ZDnet article).

      --
      --> Insert Funny Sig Here
  3. how does the average user validate the source? by MrRTFM · · Score: 4, Insightful

    Only problem with email or TXT alerts is that the sender is easily forged.

    Hi, this is your government alert - please download the latest patch from http://www.alerts.gov.uk

    The problem is that (apart from Slashdot users of course) that the hyperlinks are hidden, so any spammer can forge these messages to catch the unwary.

    That alone would bring this thing down - it would only take a few lords or half a dozen grandmas to see goatse (or worse - gator spyware) to cause a public lack of confidence in the entire government program.

    --
    You can't expect to wield supreme executive power, just because some watery tart threw a sword at you
    1. Re:how does the average user validate the source? by Folmer · · Score: 4, Informative

      When you sign up for the ITsafe mail, you will have to provide a "ITsafe word" which will be in the subject of the email, and therefor its easy to see if its a forged mail..
      read more here: http://www.itsafe.gov.uk/terms/itsafeword.html

    2. Re:how does the average user validate the source? by Anonymous Coward · · Score: 1, Insightful

      When you sign up for the ITsafe mail, you will have to provide a "ITsafe word" which will be in the subject of the email, and therefor its easy to see if its a forged mail..

      Yes! Because it's not possible for a malicious attacker to sniff SMTP!

    3. Re:how does the average user validate the source? by FraggedSquid · · Score: 1

      "...to cause a public lack of confidence in the entire government program."
      I think it's safe to assume that confidence will be starting at a suitable low level.
      All you would have to do is to check if the word colour is spelt correctly on the linked site and we'll know if the link is to a place in good old Blightly or one of those foreign links that the tabloids warn us about.

      --
      You don't need a lab to make mud.
    4. Re:how does the average user validate the source? by Walkiry · · Score: 1

      > When you sign up for the ITsafe mail, you will have to provide a "ITsafe word" which will be in the subject of the email, and therefor its easy to see if its a forged mail..

      Which, of course, will start showing up all over the place as soon as the clueless start forwarding the E-mails to family and friends to tell them there's a new virus threat.

      --
      ---- Take the Space Quiz!
    5. Re:how does the average user validate the source? by Folmer · · Score: 1

      Yes! Because it's not possible for a malicious attacker to sniff SMTP!
      But then the attacker would need to send out individual emails, which yould bring the efford to a level that might put a lot of the spoofers off the idea..

    6. Re:how does the average user validate the source? by RupW · · Score: 2, Informative

      any spammer can forge these messages to catch the unwary.

      OK, this is FAQqed but it's a bit harsh to mod the guy down. This is a fair point, and the mechanisms on the site (pre-agreed token sent in plain, verify against non-SSL HTTP) aren't properly secure. Connecting to the site over SSL (https://www.itsafe.gov.uk/) doesn't work.

      They should sign their messages (and use this as an opportunity to explain signing to non-techies?) and host bulletins over SSL.

    7. Re:how does the average user validate the source? by Anonymous Coward · · Score: 1, Insightful

      But then the attacker would need to send out individual emails,

      But it's a valid way to attack an individual or single organisation? What if that's exactly what you want to do?

    8. Re:how does the average user validate the source? by TripMaster+Monkey · · Score: 1

      But then the attacker would need to send out individual emails, which yould bring the efford to a level that might put a lot of the spoofers off the idea.. That's what scripts are for.

      --
      ____

      ~ |rip/\/\aster /\/\onkey

    9. Re:how does the average user validate the source? by Daedala · · Score: 1

      Actually, I'm not sure their method isn't sufficient for what they are. If all they do is send occasional alerts that say "there's a patch, go fetch," then they don't actually need major security or encryption. They are not a bank; they do not have personal information on you. It's a freaking mailing list. The main question is whether they will put links in their emails, and how they handle customer education on phishing/spoofing. But even so, a personalized subject line seems to me to be sufficient, provided they don't start collecting information and make that clear to users.

      --
      What I say does not represent the views of my employers, my friends, my cats, or myself.
    10. Re:how does the average user validate the source? by csrster · · Score: 2, Funny

      and if you can't think of a good ITsafe word, just use your administrator password or PIN number

    11. Re:how does the average user validate the source? by CastrTroy · · Score: 1

      Wouldn't this be a very good place to use signed email? I can't believe that absolutely nobody uses signed email. Every email coming from a legitimate company/organization should be signed. It would make things a lot easier.

      --

      Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
    12. Re:how does the average user validate the source? by CoderBob · · Score: 1

      As I'm not "up" on all the benefits of signed mails, isn't there a way to "man-in-the-middle" signed mail here? I seem to recall seeing this mentioned a lot when people use signed mail as an end-all to secure communication.

    13. Re:how does the average user validate the source? by gilesjuk · · Score: 1

      I think such warnings are the responsibility of the ISP, it's in their interests to have their customers running virus free computers.

      As for how you validate the message? don't just email the message, have it on a website which you can visit to validate it's not a scam. Also provide links to well regarded security sites. Hackers aren't going to have time to hack and deface multiple websites.

    14. Re:how does the average user validate the source? by ThePilgrim · · Score: 1

      Unfortunatly the email they send out to say you've signed up does not use the safe word

      --
      Wouldn't it be nice if schools got all the money they wanted and the army had to hold jumble sales for guns
    15. Re:how does the average user validate the source? by DarkMantle · · Score: 1

      Then obviously it's not from them and therefore don't follow the links to confirm your email address as this will let the spammer know that your address is valid.

      --
      DarkMantle I been bored, so I started a blog.
    16. Re:how does the average user validate the source? by Turn-X+Alphonse · · Score: 1

      News flash - no one trusts the government as it is, I sure as hell don't trust the bastards with my security.

      I have to secure a friends PC in a few days, I won't sign them up to this bullshit (OMG NEW VIRUS WE'RE ALL DOOMED list). I'll put on spybot, ad aware, zone alarm and anti-viri and tell them to update it at least once a month. That way theres no panic attacks over bullshit which means I don't have to repeatedly walk down the road, update it and go "there your secure".

      The government in this country is such a fucking mess they can't even keep their systems secure, they can't keep the latest (patched) problem out. So who gives a fuck if they cry wolf, the wold is going after all of us but some of us know where the bricks are and don't just go "lookit a wolf".

      --
      I like muppets.
  4. We all know what's next by gowen · · Score: 4, Insightful

    When will we expect the first Trojan masquerading as an update from the "IT Safe" service. The over/under is about 6 hours after the service goes live.

    --
    Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
    1. Re:We all know what's next by Anonymous Coward · · Score: 0

      When you sign up you have to specify a safeword which is then inserted into the subject line of any messages they send thus enabling you to see whether its a genuine alert or not.

    2. Re:We all know what's next by cortana · · Score: 1

      Oh, because that's REALLY secure!

      They should be using PGP and/or S/MIME. People too thick to verify the emails could just poll an SSL secured web site.

    3. Re:We all know what's next by TwistedSquare · · Score: 1
      From the article:

      However no software patches or programs will actually be dispensed through the site. The alerts will tell people how to go about getting hold of patches from security firms.

      That is not to say phishing-like attacks could not be used with false anti-virus domains etc though I guess...

    4. Re:We all know what's next by akadruid · · Score: 2, Informative

      When will we expect the first Trojan masquerading as an update from the "IT Safe" service?

      They've thought of that. When you sign up, you enter a 'safe word' which will they will put in the subject line of every email they send you.

      So a convincing spoof would require access to their database.

      --
      "Those who cast the votes decide nothing; those who count the votes decide everything." (attrib. Joseph Stalin)
    5. Re:We all know what's next by biglig2 · · Score: 1

      They try to somewhat mitigate this by asking you for a secret word when you sign-up. They include this word in each alert's subject line, so if you get a mail from them not including the word (such as, for example, the mail thanking you for signing up ;-) then you know it's a fake.

      --
      ~~~~~ BigLig2? You mean there's another one of me?
    6. Re:We all know what's next by dorward · · Score: 1

      They've thought of that. When you sign up, you enter a 'safe word' which will they will put in the subject line of every email they send you.

      They don't put it in the subject of the Welcome email they send you...

    7. Re:We all know what's next by Politburo · · Score: 1

      So a convincing spoof would require access to their database.

      A convincing spoof to knowledgable users, yes. However, since the public at large is already fooled by VIRES ALRET!!1 emails, I don't see how this will really work.

  5. Re:ms package is anti-spyware, not anti-virus by KyleJacobson · · Score: 0, Troll

    It doesn't matter, all it does is search for IE, and if found, tells you that you have internet security problems...

    --
    I have worse karma than M$.
  6. doesn't make sense. by jwcorder · · Score: 4, Insightful
    This does not make sense. Almost all anti-virus vendors offer this same alert. All you have to do is go to their website and signup. I know because I get 3-5 of them a day in my inbox. Why the government would want to waste taxpayer dollars on this is beyond me. Of course, I have no reason to talk because I don't live in the UK.

    But when going on the US's past programs like this, any time you get the government involved, things tend to get out of hand.

    I just don't understand the need especially when symantec will do this for free.

    --
    http://jayceecorder.blogspot.com
    1. Re:doesn't make sense. by BasilBrush · · Score: 0

      UK taxpayers don't pay dollars.

    2. Re:doesn't make sense. by germ!nation · · Score: 1, Insightful

      you have to do is go to their website and signup. I know because I get 3-5 of them a day in my inbox

      remember that 75% of the people on the internet only vaguely know what a firewall or AV program does, let alone know to google their way to a companies website so they could sign up to be made aware of a virus alert when they know nothing about what a virus really is or what they would do about it.

      If this system adds even a little bit to the education and awareness of the problems faced when you have a PC connected to the net then i say it's worth it.

    3. Re:doesn't make sense. by beset · · Score: 3, Insightful

      We're used to wasting our POUNDS on failed IT ventures. If you've been following the recent upgrade of the NHS (national health service) ITC systems you'll know the government IT projects work something like: 1) Get overpaid consultancy firm to suggest "great idea" 2) Insert Tax Money 3) ??? 4) Insert More Tax Money 5) ??? 6) Abandon project at a massive loss. We're Brits remember, we'll just take it on the chin and have a game of tennis to vent....

      --
      1) Clever Sig 2) ????? 3) Profit!
    4. Re:doesn't make sense. by Anonymous Coward · · Score: 2, Funny

      Why the government would want to waste taxpayer dollars on this is beyond me. Of course, I have no reason to talk because I don't live in the UK.

      That's OK, we didn't expect you to know that we use the Pound over here...

    5. Re:doesn't make sense. by Anonymous Coward · · Score: 0

      boom boom..

    6. Re:doesn't make sense. by tod_miller · · Score: 1

      I read the comments so not to be redundant:

      s/dollars/shrapnel

      Otherwise I agree, why waste my taxes on a redundant service.

      Why not force BBC to have EDUCATIONAL programs on computer security for mr and mrs everyday.

      --
      #hostfile 0.0.0.0 primidi.com 0.0.0.0 www.primidi.com 0.0.0.0 radio.weblogs.com
    7. Re:doesn't make sense. by gowen · · Score: 5, Insightful
      Almost all anti-virus vendors offer this same alert.
      And in 19th century New York, there were any number of competitive Fire Companies you could call if you wanted a blaze extinguished. And yet somehow, it was decided that people with a commercial interest in selling you stuff were not the people you wanted to call for an emergency.

      Governments are flawed, but AV companies have a vested interest in selling you things you don't want.
      --
      Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
    8. Re:doesn't make sense. by Anonymous Coward · · Score: 0

      Nope and it is a very bad idea to convert what they do pay into dollars, its huge! Oh well, at least the Brits get to see their money spent on helpful web sites. Hahaha. Guys - ever consider dumping some tea into the Thames? It worked for us!

    9. Re:doesn't make sense. by uglyduckling · · Score: 1
      remember that 75% of the people on the internet only vaguely know what a firewall or AV program does

      Yeah - and this website won't help them learn. It's am absolute joke - it looks like some schoolkid's homework project. I'm a Brit and I'm ashamed. And annoyed at the waste of money.

    10. Re:doesn't make sense. by DataCannibal · · Score: 1

      No it's:

      Boom boom, Mr Derek

      --
      No but, yeah but, no but...
    11. Re:doesn't make sense. by 16K+Ram+Pack · · Score: 1, Flamebait
      I think the fire issue was more about simplicity. Fire services are one of the few things run by government that ever works.

      The problem with government is that they are often incompetent. That's why as a rule they are best kept out of things. From what I've seen anti-virus companies generally do an excellent job. The fact that there is a competitive market also helps this.

    12. Re:doesn't make sense. by Anonymous Coward · · Score: 0

      Best one was the CSA (Child Support Agency) who managed to spend almost a BILLION pounds on a database system to end up with it completely failing and being scrapped.

      I mean for fucks sake how retarded do you have to be to spend a billion pounds and not get any results. They could have just called up oracle and paid them half a mil for a working system.

      Like most govt projects, you can bet someone in the old boys club got rich from that one...

    13. Re:doesn't make sense. by jwcorder · · Score: 1

      Ignorance is no excuse. Just because you can operate a computer doesn't mean you should.

      --
      http://jayceecorder.blogspot.com
    14. Re:doesn't make sense. by meadowsp · · Score: 1

      Has it? You still seem to be run by a ker-azy king George.

    15. Re:doesn't make sense. by Anonymous Coward · · Score: 0
      The problem with government is that they are often incompetent
      Blame the electorate then. A democratic nation tends to get the government it deserves. If your system is set up so that only multi-millionaires can ever win the presidency (or senate, or Parliament, or whatever), you may wish to sit at home and curse the lack of choice, and the incompetence of the elected -- or you could push to level the playing field through campaign finance reform.

      If you opt for the former, you should forfeit the right to complain about the quality of your representatives.
    16. Re:doesn't make sense. by jwcorder · · Score: 1

      Pounds, dollars, or rupees, it's still a waste. Here, there, or everywhere.

      --
      http://jayceecorder.blogspot.com
    17. Re:doesn't make sense. by Anonymous Coward · · Score: 0
      Get overpaid consultancy firm to suggest "great idea"

      Most of those ideas come from their own political advisors, not consultancies. The implementation is all outsourced to major SI houses, otherwise they'd have the daily mail whining about creating lots of overpaid Civil Servants.

      The *big* failures have tended to be EDS & Accenture related - not sure you can tar all the SIs with the same brush.

    18. Re:doesn't make sense. by jwcorder · · Score: 1
      "Governments are flawed, but AV companies have a vested interest in selling you things you don't want."

      So does the government. Bush tries to sell me something I don't want everyday. The point I was making is this program sould be modded down -1 Redundant. There are great programs already in place that do this and don't involve funds that could be used to better educate your children or fund healthcare or even wasted on some pork belly project in some remote portion of the country.

      I would go as far to say that if you dug deep enough, you would find a free, non commerically vested company doing this out there. The open source of antivirus and spyware alerts if you will...keep the government out. They have a hard enough time governing.

      --
      http://jayceecorder.blogspot.com
    19. Re:doesn't make sense. by gowen · · Score: 1
      There are great programs already in place that do this and don't involve funds that could be used to better educate your children or fund healthcare
      The program will gather the latest security information, and send out a mass email to subscribers.

      Now lets assume
      i) that this program save *zero* money for the economy through better responses to worms/viruses etc,
      ii) A Computer Emergency Response System (by necessity) already exists within governments IT infrastructure...

      Now, how much, p.a., do you think this scheme is going to cost? Bear in mind, they do no research of there own, and are just a centralised clearing house for information. And how many children / patients could be taught / healed for the marginal cost of implementing this plan?

      Compared to the education / health budgets, this is going to cost a piffling, negligible amount of tax money, and by providing easy-to-get independent advice on securing home PCs, may actually *save* money with the benefits to the UKs IT infrastructure.
      --
      Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
    20. Re:doesn't make sense. by Znork · · Score: 1

      "From what I've seen anti-virus companies generally do an excellent job."

      They do? As far as I can tell, if fire departments did as 'excellent' a job as anti-virus companies, many buildings would be permanently on fire and it would be getting worse.

      They may be doing an excellent job at generating revenue tho...

    21. Re:doesn't make sense. by teh+kurisu · · Score: 1

      Sort of like the royal family. Didn't they work out sometime last year that that whole barrel of monkeys costs the individual taxpayer 60p per year? Compare to the cost of non-GPL beer. And it's fair to say that this service would cost less than the royals.

      I just hope nobody signs up my landline to this. I don't want that BT robot ringing me up to tell me of every virus that isn't going to affect my machine.

    22. Re:doesn't make sense. by 16K+Ram+Pack · · Score: 1
      In my experience, I've never had a virus get past a scanner. Not only that, but they get new defs out very quickly.

      Government IT projects here in the UK are not exactly what I'd call excellent. Millions spent on software that goes down the toilet.

      Government antivirus wouldn't work particularly well, cost millions more than anywhere else, due to over-regulation, bureaucracy and would function in ways that suit government political agenda, and not what people want to use it for.

    23. Re:doesn't make sense. by Anonymous Coward · · Score: 0

      maybe its my netlink maybe its thiers

      but i have trouble updating avg fairly often and it often goes without updates for fairly prolonged periods (yes updates are scheduled that doesn't help if it can't reach the update server).

    24. Re:doesn't make sense. by chrisbeatty · · Score: 0

      "Fire services are one of the few things run by government that ever works"

      I don't know, sure they may not be the most efficiently run entities, but most things run by the government "work".

      From my experience if you go to hospital with a broken leg you are seen ASAP. When you're a victim of crime & you call the police they come to your aid...etc

      There's plenty governments do right, I just hope this helps a few more people be a little more aware of InfoSec

    25. Re:doesn't make sense. by brunogirin · · Score: 1
      RTFA. It says that the people managing the site would comb through the dozens of alerts a days you can receive from multiple anti-virus vendors and only send alerts, in plain English, about the ones that can do real damage, ie, about 6 to 10 a year rather than 3 to 5 a day. It also says that it would include alerts about deficiencies in other products, such as mobile phones. This is valuable in a number of ways:
      • You usually need to be a techy to understand virus alerts from vendors. If it is in plain English, Joe User will be able to do something about it.
      • If Joe User gets alerts every day, he will not act on them, the important ones will get lost and he will eventually unsubscribe from the service. If he gets 6 to 10 a year, he will know it is important and will act on them.
      • An alert from an independant agency, rather than a software vendor, will be better perceived.
      • Having alerts about computer viruses, mobile phone deficiencies etc in one place means you don't have to subscribe to lots of alert services: one is enough.
    26. Re:doesn't make sense. by Tanami · · Score: 1
      ...but AV companies have a vested interest in selling you things you don't want.
      Unlike the British government: M4 Bus Lane
    27. Re:doesn't make sense. by Anonymous Coward · · Score: 0

      These are not "taxpayer's dollars" once taxes are paid, that money belongs to Her Majesty for use by her government, not the taxpayers.

      Hence the preamble to money bills:
      "
      Most Gracious Sovereign,

      WE, Your Majesty's most dutiful and loyal subjects, the Commons of the United Kingdom in Parliament assembled, towards making good the supply which we have cheerfully granted to Your Majesty in this Session of Parliament, have resolved to grant unto Your Majesty the sums hereinafter mentioned; and do therefore most humbly beseech Your Majesty that it may be enacted, and be it enacted by the Queen's Most Excellent Majesty, by and with the advice and consent of the Lords Spiritual and Temporal, and Commons, in this present Parliament assembled, and by the authority of the same, as follows:
      "

  7. Usually Microsoft is a bad thing...but by jessecurry · · Score: 3, Interesting

    I have to say that I am very happy with the antispyware package that they have released. It consistently finds more spyware on my girlfriend's PC than any other program I have tried.
    Products such as this, and released for free, start to wash away Microsoft's evil image

    --
    Those who know, do not speak. Those who speak, do not know. ~Lao Tzu
    1. Re:Usually Microsoft is a bad thing...but by CypherXero · · Score: 2

      That's because Microsoft didn't make it.

    2. Re:Usually Microsoft is a bad thing...but by geordie_loz · · Score: 3, Interesting

      actually products like this demonstrate Microsofts development process:

      1. Build Software
      2. Release too early with massive hype
      3. Product flaws exposed
      4. Some company build solution to those flaws
      5. Microsoft buy those companies
      6. Microsoft Software is stapled together with that solution.
      7. two solutions together have more flaws
      8. go to 4 and repeat process.

      There should probably be a:
      9. ???
      10. Profit
      In there too.

      That's pretty much where we're at now. This is all about fixing a problem they created in the first place, and it's more like treating the symptoms not the cause.

    3. Re:Usually Microsoft is a bad thing...but by Anonymous Coward · · Score: 0

      The thing is, I've never seen MS as a big evil company.
      Sure, they want marketshare - who doesnt?

      They released windows with its own exploitable bugs - JUST like every other software company out there.

      They made Windows easy to use, yes they used a security model of normal users=admin, not wise, but what do they do, tell each and every person using 3.1/95/98 that they should learn new skills just to do the same as they did before?

      They release tools to remove malicious software from a computer, something which once Linux takes off will be just as needed, and people complain.

      They try to listen to people, and produce products which have been consistently more user friendly than any of the linux distros. (Side note, this is changing now, in the last 12-18months I have seen massive improvements with Linux distros, I personally like Ubuntu)

      They try to bring everything together and give everyone everything, and IMHO do an admirable job.

      When was the last time YOU personally found a Windows bug - something that wasn't known about before? (I know I've found and submitted brand new bugs in Linux, however whenever I've spotted something in Windows, its already documented and ready for some kind of fix or workaround).
      I'm not a hacker trying to exploit the system, just in normal day to day use, your hard pressed to find actual bugs in MS software.
      as an example, in the Memo text area I'm typing in now - firefox on xp - If I click my mouse at the left hand edge, 1 pixel in - to select a line of text, the cursor moves offscreen to the bottom of the text instead of at the start of the line with your mouse. 100% bug, not security related, but enough to make somebody somewhere tear their hair out. I've never seen anything similar in MS software.

      They just can't win.

      I would love to post logged in, but I really would get blasted for it, I might admire MS, but I'm not fucking dumb.

    4. Re:Usually Microsoft is a bad thing...but by Anonymous Coward · · Score: 0

      Are you sure it actually finds more spyware? MS antispyware finding more stuff is likely due to the fact that it counts each individual component of a piece of spyware seperately. For example, if you are infested with GAIN (and only GAIN) and Spybot detects and removes three items (the registry key, the gain dll, and the GAIN data directory) but MS antispyware detects and removes 500 items (registry key, gain dll, and every single file in the GAIN directory) can you really say that MS antispyware is better because it found a higher number even though both products removed exactly the same amount of stuff? The right way to test MS antispyware is to determine how many unique spyware products (excluding cookies) that it found on her laptop, not how many items it claims to have detected. That means only counting GAIN and such once no matter how many different GAIN items are detected.

    5. Re:Usually Microsoft is a bad thing...but by Anonymous Coward · · Score: 0

      UNTIL THEY GOUGE YOU FOR IT.

      MS is known for the bait and switch, as a marketing company first, and technology second, indeed it is their bread and butter.

    6. Re:Usually Microsoft is a bad thing...but by isorox · · Score: 1

      Of course ti's good. IE was good when it exited beta (arround version 3), compared with Netscape which started to die at the same time. Once netscape went bust, development stopped.

      Same thing will happen once AdAware and Spybot vanish into obscurity.

    7. Re:Usually Microsoft is a bad thing...but by CaptainFork · · Score: 1

      process:9 Statement not executed

  8. Better suggestion! by bigtallmofo · · Score: 4, Funny

    They could come up with a color-coded "Virus Threat Advisory System". Just off the top of my head, they could use something like:

    Low = Green
    Guarded = Blue
    Elevated = Yellow
    High = Orange
    Severe = Red

    Who the hell knows what users should do at each of these levels, but at least they'd be using techniques that have been used in other successful alert systems.

    --
    I'm a big tall mofo.
    1. Re:Better suggestion! by Anonymous Coward · · Score: 0

      Nice idea but the article says they will only issue alerts for the high or severe threats anyway-

      "The government estimates it will issue security alerts about six to 10 times a year"
    2. Re:Better suggestion! by Cro+Magnon · · Score: 1

      As I understand it, here's how the color-coding works in the systems you're link mentioned:

      Green - that's the status when everyone is asleep.

      Blue - I'm not quite clear on this, but I think it has something to do with KMart.

      Yellow - the normal state.

      Orange - it bumps to orange when the DHS eats at Taco Bell

      Red - the highest alert. It means planes are crashing into building, bombs are dropping, and shopping malls are blowing up. The proper course of action here is to run around in a circle screaming.

      --
      Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
  9. Who will it be ? by CmdrGravy · · Score: 0, Redundant

    Who will be the first person to spoof these alerts then I wonder ?

    1. Re:Who will it be ? by cmdrwhitewolf · · Score: 1

      Oh, do you mean like -

      Defcon 1
      Defcon 2
      Defcon 3
      Defcon 4
      And the president is simply sitting there wondering what the hell just happened?

      --
      [Now, I'm off to lift my le... Um, visit... at another place.]
  10. The Dutch are doing this for 2 years already by Anonymous Coward · · Score: 4, Informative

    The Dutch Government CSIRT is doing this for two years already. So you can chill out to a cool Legowelt CD and get warned when there's a new threat.

    1. Re:The Dutch are doing this for 2 years already by Adhemar · · Score: 1

      The Belgian Institute for Postal services and Telecommunications also has this service for quite some time (since December 2000). You can subscribe to a mailing list, or receive the urgent virus warnings on your cell phone by SMS.

      It still works. The latest warning is for W32/Mydoom.bb@MM, rather similar to the earlier and better known WORM_MYDOOM.M, and dates from last week: Thursday, February 17, 2005, 09:45 CET. It has medium urgency.

      It's not too bad a service, but not perfect either. I don't believe lost of people subscribed; I think it's mostly sysadmins.

    2. Re:The Dutch are doing this for 2 years already by Woefdram · · Score: 2, Informative

      At www.waarschuwingsdienst.nl you can find all sorts of threats and they also offer free (we're Dutch after all) notifications via SMS.

      --

      Woefdram, l'apprenti sorcier

    3. Re:The Dutch are doing this for 2 years already by vkt-tje · · Score: 1

      Hmm, I didn't even know about the SMS part...

      Keeping the proverbial workingspeed of government employed workers in mind, the "rapid" part of the service has to be thoroghly scrutinized :-)

      --

      120 chars is not enough!
  11. Unprecedented by Albio · · Score: 2, Interesting

    Alerts will not be issued unless users can do something to protect themselves against the threat. This might include downloading an update from an anti-virus vendor or updating software to close loopholes and fix vulnerabilities. This could also include something as simple as "don't go to X domain because it hijacks your ICQ"...

    1. Re:Unprecedented by KyleJacobson · · Score: 1

      They will alert you if theres something that can be done, but if there is a problem with no fix you won't find out about it? I would rather know of the problem even if there is no fix so you can at least try to avoid it...

      --
      I have worse karma than M$.
    2. Re:Unprecedented by Anonymous Coward · · Score: 0

      You could use a software firewall like Zonealarm to close the ports if it is a Windows service or switch to another browser, email client, or whatever. It sucks that Windows services don't have any kind of bind_interfaces_only configuration so DCOM/RPC/etc can be forced to only listen on localhost but that was apparently removed from XP (Windows 2000 let you do that but XP doesn't).

  12. Useless... by scenestar · · Score: 0

    The term "home users" bothers me.
    Just what The UK needs anotrher higly ineffeciant government agency


    If they gave poroper advise on spyware removal and forced microsoft to produce decent software fine, but not a new service that provides obvious info that can be found elsewhere.

    --
    perpetually dwelling in the -1 pits
    1. Re:Useless... by TheRaven64 · · Score: 1

      Actually, I think more inefficient government agencies are exactly what we need. Ideally, underfunded inefficient government agencies. It's when you start getting efficient government agencies you need to worry.

      --
      I am TheRaven on Soylent News
    2. Re:Useless... by Vombatus · · Score: 1

      Judging by your typos, it would appear that you don't have any friends to make sure that you do not post drunk.

      --
      This sig is intentionally blank
  13. Also avaible for Non-UK'ers by Folmer · · Score: 3, Informative

    On the site: http://www.itsafe.gov.uk/ theres no check to see if you are an UK citizen.. Also theres no mention of it being for UK'ers only on the site or in the press release...
    Although i migth just use the service from DK-cert or some anti virus company..

    1. Re:Also avaible for Non-UK'ers by Anonymous Coward · · Score: 0

      Oh dear! Did you see the site? It looks like an MP needed to find work for his/her 14 year old. Even funnier is the Ministerial Launch Picture!!!! LOL

  14. Socialized Computer Health Care by lbmouse · · Score: 2, Informative

    One hopes the government is better at computer viruses than their attempts on humans.

  15. Spain is running this kind of service by Anonymous Coward · · Score: 3, Informative

    for the las 3 years. At Alerta Antivirus

  16. The day of the week will tell you by Spackler · · Score: 3, Funny

    If the day of the week has a Y in it, Microsoft had a security problem today.

    I just saved the government (pinky to corner of mouth) 1 Billllion dollars!

  17. Belgium has this: BIPT by wimbor · · Score: 5, Informative

    Since a few years the Belgian regulatory body for postal services and telecommunication (BIPT), has a special unit that tracks and warns for (possible) virus attacks.

    Sometimes you get a warning of the BIPT in the radio news or during the traffic information announcements.

    http://www.bipt.be/bipt_E.htm

    I do not know how they work or how they are structured, and if it helps at all, but the UK is not the first country to do this...

    1. Re:Belgium has this: BIPT by Anonymous Coward · · Score: 1, Interesting

      Indeed the BIPT does this, but almost nobody takes them serious (I know I don't) because they have been known to both miss major worms/viruses, or at least be very slow (like blaster for instance) and to report hoaxes as real viruses.

    2. Re:Belgium has this: BIPT by wimbor · · Score: 1

      I noticed that too... but who would have expected otherwise... :-)

    3. Re:Belgium has this: BIPT by Anonymous Coward · · Score: 0

      The final drop was when they sent out a virus to their subscribers.

  18. Tax spent to plug holes? by CdXiminez · · Score: 3, Insightful

    Now that the UK is going to spend tax payer's money to prevent problems caused by poor design by private companies, are they going to put extra tax on the purchase of vulnerable products and licenses (mostly Windows)?

    I wouldn't want my tax money being spend on plugging the holes in software I don't use.

    1. Re:Tax spent to plug holes? by Anonymous Coward · · Score: 0

      Now that the UK is going to spend tax payer's money to prevent problems caused by poor design by private companies,

      Chances are they already run this kind of service internally to secure government networks. So it'll cost very little to share.

    2. Re:Tax spent to plug holes? by bampot · · Score: 1

      True, and I agree to a certain extent, but lets face facts - there are a huge number of small/medium size businesses running MS Windows with little or no in-house IT-skills who would be seriously affected by virus outbreaks. The government knows large outbreaks hurt the economy, and are taking steps to reduce the effect.

      You might argue that businesses would have learned their lessons after Code Red, Blaster, etc, but it just isn't a priority. A sad state of affairs really.

    3. Re:Tax spent to plug holes? by XavierItzmann · · Score: 1

      Let's pay taxes to save us from our own personal mistakes!

      Yeah. That's the ticket. The ticket for The Road to Serfdom ---read Alexander Hayek.

      --
      The next pasture is always greener
    4. Re:Tax spent to plug holes? by 16K+Ram+Pack · · Score: 1
      Well, that's the free market for you. Take a gamble on not having the insurance you need, and if the gamble doesn't pay off you are up the shitter. Someone else will pick up the customers who walk away when you have crappy records and can't deal with them properly.

      A lot of businesses don't think it through. Spend about £30 a year for NAV or lose thousands of pounds of data (or lose days recovering your situation).

      Oh, and don't spend less than £1 a week on a blank DVD and run a backup while you are having a coffee break on Friday.

      If a business is using something without expertise, they are being stupid. If you can't use something, either get skilled or hire someone to do it for you. It might cost you cash, but it will free you up to do the things you should be doing instead of undoing a mess.

    5. Re:Tax spent to plug holes? by CrossChris · · Score: 0

      Your tax is already being spent with Microsoft.

      The current British "Government" hasn't implemented ANY successful IT project, partly because of their insistence on use of M$ products and partly because of the inept "consultants" they hire.

      Tony Blair was "bought" by Bill Gates a couple of years ago - who's paid for Blair's £3.5m new house? It's one of the most blatant examples of corruption in our current "Government".

  19. Has this been attempted anywhere else? by PHAEDRU5 · · Score: 3, Insightful

    The topic asks if this has been attempted anywhere else.

    Well, there is the Computer Emergency Response Team at Carnegie Mellon University, and I like their approach.

    I mean, one way they respond to threats is to contact anti-virus manufacturers. From there, it's a short step patches available via subscription.

    You get the deep pockets of government to maintain the watch, and the rapid response of industry when a threat's been isolated. I like that division of labor.

    --
    668: Neighbour of the Beast
    1. Re:Has this been attempted anywhere else? by Anonymous Coward · · Score: 0

      CERT-alikes are usually for limited full disclosure and early fixes for important, trustworthy organisations. This is a public scheme.

      Remember the government already have to maintain this sort of watch internally for their own networks. It's also good politically and economically to keep all UK-based networks secure.

  20. Has this been attempted anywhere else in the world by antxxxx · · Score: 2, Informative
    If you read the full article it says at the end that
    The National Alerting Service for the Netherlands (aka De Waarschuwingsdienst) and the US National Cyber Alerting Service also tell citizens of serious security threats.
  21. Honestly, the best anti-virus measure... by dj42 · · Score: 2, Interesting

    Is to not be so stupid. People are always falling for these basic traps, like clicking "YES" to browser-based software installs, opening attachments like "Imamoron-funnystuff.exe" from their friends. It's like some people just completely lack a filter that allows you to prevent 99% of viruses just by not running or clicking things they don't need to.

    I think it's largely in part to the Windows interface which plays down the "significance" of running and having running programs and software while on a network (the Internet, mostly).

    I haven't had a single virus on my home machine since 1996, and I think I self-infected when I was trying to figure out how it worked.

    And I NEVER use a real time virus scanner. I check my Windows computer when it behaves strangely, I see new processes, event viewer notices, etc. The fact is, even if you keep your virus-scanner (real time) up to date, all you're doing is *potentially* reducing the "reaction" time to the frequency of updates released by your particular vendor. Whereas with my method, I'm up to date on virus news, as well as the usual effects of them, and find solutions on an as-needed basis should I EVER become infected by one.

    So. Yeah.

    --
    We are one consciousness experiencing itself subjectively. Back to you with the weather, Bob!
    1. Re:Honestly, the best anti-virus measure... by Anonymous Coward · · Score: 2, Informative

      Usual plug for free AVG. There's no excuse not to have a virus checker, no matter how clued you think you are.

    2. Re:Honestly, the best anti-virus measure... by Anonymous Coward · · Score: 0

      Sure there is. The fact it wastes resources and pisses off. Only the uneducated get viruses.

    3. Re:Honestly, the best anti-virus measure... by Kong99 · · Score: 1
      Ditto here. I have not used an AV program in at least 6 years, not 1 virus. Have Broadband use a hardware router and I also run ZoneAlarm Pro. I use Opera as my browser and have done so since 2000. I also have used Eudora or Opera's M2 for my email.

      My wife has had a few (2-3) in this same time period but she is not as careful as me and uses IE exclusively.

      IMO 99% of viruses and spyware can be avoided by user behavior and NOT using IE and Outlook.

      NOTE: I use Trend Micro's Housecall to check my PC for viruses, it's a free online scan.

    4. Re:Honestly, the best anti-virus measure... by 16K+Ram+Pack · · Score: 1
      I completely agree about vigilence. People just go and install anything. Then again, hardly any businesses educate people in any way about computers. They just assume people know things.

      I even get people in IT sending me exes via messenger, which I refuse followed by a long argument about the source of the program (normally off a mate somewhere). Basically, a humourous animation should be in a sandboxed format, not a fricking exe.

      I would advise an anti-virus, though. If nothing else, if you've skipped a patch, they can sometimes act as extra insurance with you.

      That said, I've never had a virus cause damage, either.

  22. Hey, why not by Badgerman · · Score: 2, Insightful

    Snarky comments and Microsoft jokes aside (not that I don't like either), this makes perfect sense, at least on an abstract level.

    Weather alerts, pollution alerts, traffic alerts, tornado warnings - all those are ways to reduce damage, save lives, and make life run smoother in the face of of problems. In the internet age, viruses and such fall into a similar category, so this makes perfect sense to me.

    Also, this just increases people's awareness of inernet issues. A few years of watching virus alerts fly all over the place may make people more careful, more picky - and more demanding on certain software vendors.

    Now where I WILL bet a bit cynical is if this is A) done right and B) can be done right elsewhere. I'm sure it can be done right, but the "if" is anoter question.

    Still, hey, go for it UK Government.

    --
    "The Sage treasures Unity and measures all things by it" - Lao Tzu
    1. Re:Hey, why not by Anonymous Coward · · Score: 0

      Weather alerts, pollution alerts, traffic alerts, tornado warnings - all those are ways to reduce damage, save lives, and make life run smoother in the face of of problems.

      And so many alerts that people'll grow insensitive to them. It's like crying wolf all the time. Sure, the tornado warnings make sense, but those can actually wreck stuff. As long as the magic smoke is still in the CPU, nothing will phase a clueless user.

    2. Re:Hey, why not by Badgerman · · Score: 1

      Sure, the tornado warnings make sense, but those can actually wreck stuff

      Having seen the works of viruses and trojans first hand, trust me - they wreck stuff.

      You have a point though - I think people are already insensitive to alerts. I just don't think that's a reason to not use an alert system for important things.

      We can't help the truly, deliberarelty dumb. But there's enough people out there with a clue, who pay attendion, and a good system may get them to pay attention.

      After dealing with so much viral/spyware crap over the years, I'll take my chances that this could somewhat improve things.

      --
      "The Sage treasures Unity and measures all things by it" - Lao Tzu
  23. Here in The Netherlands... by Anonymous Coward · · Score: 0

    we have such a service. They'll send SMS text messages to cell phones, free of charge. http://www.waarschuwingsdienst.nl/

    If it is succesful, I don't know. I just like the SMS messages ;)

  24. Virus Hoaxes Anyone? by tdhillman · · Score: 1

    So. Do you think that this might just spawn a remarkable number of virus or spyware alerts from individuals looking for a good time? If people can successfully phish, just think of the fun that they will have scaring people about threats real or imagined.

    While a good idea in principle, the reality could end up downright ridiculous- just how many of those e-mail alerts are going to cross the ocean?

    --
    befuddled (noun) 1. Unable to create a pithy sig
  25. No. next story: My new virus - tsunami.rar by essreenim · · Score: 1
    hehe

  26. Since it's not Microsoft's Product.... by Anonymous Coward · · Score: 1, Insightful

    Yes, the giant engine works well...clearly MS wins of they get /.'ers thinking it's an MS product. "Let's buy something for a few million with a fraction of a percent of our billions, rebrand it as ours, give it away to the people who only have spyware because our software permits these drive-by installs...and hell, we should be able to write off the whole purchase PLUS get people thinking we're nice guys!"

  27. safe word: ITsafe or Virus by dj42 · · Score: 2, Insightful

    I wonder what the frequency of choosing the words "ITsafe" or "virus" or "warning" or "alert" would be by people signing up? 50%+?

    --
    We are one consciousness experiencing itself subjectively. Back to you with the weather, Bob!
  28. Huh? by CypherXero · · Score: 1

    "The government expects to issue between six and 10 alerts a year"

    Are they on Planet Earth? Between 6-10 alerts per year? I think they meant to say 6-10 alerts per week.

  29. Election coming up? by badfish99 · · Score: 4, Insightful
    There's no useful information on the site, but the front page features a press release and several big pictures of a government minister.

    There's an election coming up, so it looks to me like another useless publicity stunt. I'm sure the web site will be left to wither once it's been reported in all the newspapers that the government is keeping us safe from "cyber-terrorism".

  30. It has been done by Anonymous Coward · · Score: 0

    in Spain. http://alerta-antivirus.red.es/portada/.
    Papers in spain quote that site all the time.

    1. Re:It has been done by Anonymous Coward · · Score: 0

      in Spain

      Yes, and in the Netherlands, and the US. RTFA. And, if you RTF comments, in Belgium too.

  31. We already have that in the U.S. by Scratch-O-Matic · · Score: 3, Funny

    Why, just last night I got a bunch of helpful popup windows alerting me that "we have detected that your computer may be infected with spyware or a virus." There was also a button that I could click to download software that would fix it. Sounds like we're way ahead of the game, so chew on that for a while, U.K.!

    --


    Evil is the money of root.
  32. MS Anti Virus? by Barny · · Score: 3, Insightful

    Heard they are considering not releaseing it.

    If they charge money for it, their makeing the industry rely on their buggy software, and then instead of fixing the software sell you "protection", sound familiar?

    If they give it away, will be seen as anti competitive with all the very big business anti virus software manufacturers out there.

    --
    ...
    /me sighs
  33. No, it wasn't (isn't) succesful by gedeco · · Score: 1

    The site I'm referring to: http://www.bipt.be/ They generate virus alerts by mail. I have a subscription. I only get three our four times a year a mail, warning some old virus. Better depend upon automatic updates of antivirus packages. Prefferably use antivirus packages of different vendors.

  34. It's shit by Darren+Winsper · · Score: 1

    If that site is the best my government can come up with, I may have to slap each and every Labour MP with a large trout. I may just do that anyway.

    Anyhow, their HOWTO on running Windows XP's automatic updates tells people to use the "custom" option. You know, the one labelled "(Advanced)" i.e. not the one their target audience want. How in the hell are the sort of people who would use that site know what patches to apply and what ones not to? It's like that site was knocked up in an afternoon by a drunken muppet.

    1. Re:It's shit by 16K+Ram+Pack · · Score: 1
      Yeah, and you can bet it was done by a 3rd party "expert" contractor.

      And didn't cost much*

      *this is not true.

  35. I'm tired of this crap by Ih8sG8s · · Score: 0, Troll

    worms, adware, spyware, malware, adn a frenzy of activity. Talk about these things effecting "computers". Bullshit.

    I am dead serious whaen I say that from now on I am going to call all of the above by one name:

    dontuserfuckingwindowsyoufoolware

  36. Don't encourage users to trust email by evilandi · · Score: 2, Funny

    The UK scheme appears to be based around emailing users about security problems.

    Because obviously, if you receive an email giving you security advice, its guaranteed to be up-to-date, accurate, authoratative and with excellent step-by-step instructions on how to +++ATH0 NO CARRIER

    --
    Andrew Oakley - www.aoakley.com
  37. *** TERROR ALERT *** by Anonymous Coward · · Score: 0

    The terror threat level is currently: YELLOW.

    Be on guard for potential terrorists and alert authorities about anyone who:
    -owns firearms.
    -posesses drugs or drug paraphenalia.
    -supports the Constitution.
    -doesn't pay a proper amount of taxes.
    -downloads MP3s.
    -talks negatively of the government.

    Thank you for your cooperation. Together we can win this War on Terror!

  38. Thanks for the feedback by PHAEDRU5 · · Score: 1

    Well, different strokes for different folks, I guess.

    I mean, I want the government out of as much of my life as possible. So, I wouldn't want the my (US) government sending me notifications about my AV software. The UK is a different country, they do things differently there, if this scheme works for the citizens of the UK, well, good for them. Mind you, I'm sure others will point out problems with this scheme.

    --
    668: Neighbour of the Beast
  39. Headline grabbing hot air. by jchap · · Score: 2, Insightful



    "The government estimates it will issue security alerts about six to 10 times a year"

    "Those signing up will only be told about the most serious security threats that have the potential to affect millions of people."

    This sounds like a particularly ineffectual and pointless exercise. This level of virus information could be picked up from doing nothing more than watching BBC news or reading their site during the year. Further, it makes you wonder if the whole project will be run by a single guy who's job description has just been extended to include 'watch BBC news programs then forward email warnings to UK PC owning in-duh-viduals'.

    However, it is also an extremely cheap way of getting +ve headlines (even Reg refers to it as an 'initiative'). I guess each government department has been told to come up with crap like this because we're in the run up to a general election.

  40. Virus alert or *Microsoft* virus alert? by SgtChaireBourne · · Score: 2, Informative
    Government money should promote actual computer security and increase public awareness. This announcement looks like it's just government funding for another MS media circus.

    Plus the advice summary is bullshit:

    Install anti-virus software
    That's corrective action. How about prevenaitive action like pointing out secure products and warning the public to avoid defective ones? An ounce of prevention is worth a pound of cure.

    Keep your anti-virus software up to date
    You can't patch fast enough. That includes so called anti-virus software. Someone has to get hit first. AV companies have to then react and update the AV software profile. Then users have to add the updated profile, over a modem that can take time. MS-Slammer reached saturation in 8.5 minutes.

    Install a personal firewall
    Web pages and e-mail go right through that fire wall, they're supposed to, so do outgoing connections usually. Unfortunately most MS malware comes in via MSIE (the web) or MS-Outlook (mail), so how exactly is a firewall going to help? How about swapping out vulnerable applications and services instead?

    Use Windows updates to patch security holes
    There are other systems besides MS-Windows. Currently these do not even get viruses or worms. Some of these (e.g. Ubuntu) are easy to install and work on existing x86 hardware. Macintoshes are low maintenance and work out of the box. Unless you're a heavy gamer, you don't need MS-Windows.

    Do not open e-mail messages that look suspicious
    A virus is only harmless data, unless your system is designed to run it on sight. How about choosing an e-mail client that's not designed to spread viruses. Thunderbird, Mozilla, and Eudora are excellent choices.

    Do not click on e-mail attachments you were not expecting
    Use one of the above mail clients and/or switch to an operating system not designed to spread viruses.

    --
    Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
    1. Re:Virus alert or *Microsoft* virus alert? by Atlantis-Rising · · Score: 2, Informative

      In a perfect world, we'd run perfect software. We're not in a perfect world, and most of it uses MS software, so lets patch the holes with the tools we're given. If everyone on the road drives a ford, and fords have X mechanical problem, do you tell people how to fix the problem, or do you tell them to buy a toyota? I mean, be reasonable. maybe NEXT time they'll buy a toyota, but for now, they've GOT a ford.

      --
      "It is possible to commit no errors and still lose. That is not a weakness. That is life." -Peak Performance
    2. Re:Virus alert or *Microsoft* virus alert? by geordie_loz · · Score: 2, Interesting

      I agree that there is an imperfect world, but your analogy is out a little. Parent is suggesting that solutions to these problems should include changes of software. Yes all can't swtich to Linux maybe, but advise about more secure e-mail clients such as thunderbird is good advise. Not too mention, than unlike their car, they can get their new software now at no cost. That's good news.

      The main reason/problem that it is an "MS World" is that people don't know there are other things and why they should use them, after all they only really hear Microsoft's viewpoint - which is, "We're Great, Use us - It's good". Another point of view they're not even aware of would be fantastic in an independant place which less savvy users are visiting. To be like Balmer, security is about Education, Education, Education.

    3. Re:Virus alert or *Microsoft* virus alert? by severoon · · Score: 1

      I have an idea. Why don't we take something that's nontrivial for businesses to do and see if the *government* fares any better.

      Ha! Ha! Ha!

      --
      but have you considered the following argument: shut up.
  41. Another way of sending SCAM by michelcultivo · · Score: 1

    Now the scammers there's a official institute to send their fake alerts.

    --
    http://www.michel.eti.br
  42. Has this been attempted anywhere else in the world by mwood · · Score: 2, Insightful

    You mean, like US-CERT?

  43. Warning service in the Netherlands by Dr.Opveter · · Score: 1

    How funny, my wife just gave me a cool postcard yesterday and on the back it said something about an anti-virus warning service provided by the Dutch government.

    Anyway, the website looks pretty good, but it's been around since 2003 and i think it didn't really catch on. They offer email alerts, sms alerts etc.

    --
    Sample this!
  44. It's an answer to a question. by 16K+Ram+Pack · · Score: 2, Insightful
    When someone asks the government just what they are doing to prevent terrorism on the 6 O'clock news sometime, it's something else to pad out the answer.

    Completely useless and ineffective, but that's not really the point.

  45. Bad mod warning. Not a troll but true. by Anonymous Coward · · Score: 0

    come come mr mod, that's not very fair to label it as troll. It's a POV on the subject. Obviously you don't know anything about Mr Blair. That's ok though there are all subjects we don't know about..

  46. But by Nine+Tenths+of+The+W · · Score: 2, Funny

    Does it respond within 45 minutes?

    --
    Slashdot: News for Nerds, Stuff that matters only to them
  47. Canada has this. by CastrTroy · · Score: 1

    Although nobody knows about it, Canada has a website that posts alerts for computer security issues. You can go there and look for yourself. I'm sure many other countries have services like this. Whether or not anybody knows about it, or uses the service is another story.

    --

    Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
  48. It's like a daily weather report by 5n3ak3rp1mp · · Score: 1

    Windowsland:
    Today: Partly viral, chance of spyware in the evening. Run Windows Update and reboot.
    Tomorrow: Unpatched viral storm expected! Leave your Internet disconnected. Run Windows Update and... ah, nevermind

    Macland:
    Today: Not a virus in the sky. Security update and a chance of reboot. Nothing urgent however. Jobs doppler is picking up some activity on the west coast
    Tomorrow: Sunny interface, clear connections, low ping. Rumor flurries in the evening

  49. whoa... i'd love to comment on this but... by testednegative · · Score: 1

    did anyone click on that link on the comment which leads to goat.cx and found yourself staring at this:
    Suspended Domain
    The domain www.goatse.cx has been suspended by the registry.

    This is generally due to lapsed registration or violation of policies.
    To renew your registration please visit your registrar.

    NOW THATS NEWS..... can you picture a world without goats.cx ? :(

  50. It was ever thus. by igorthefiend · · Score: 1

    In the coming weeks we will surely see one of the parties issue an initiative against [insert tabloid internet evil du jour here] on the internet, with absolutely no technical information other than "we'll do it"... it happened last general election with children being groomed in chatrooms.

  51. wha? by Larmal · · Score: 1

    One would think that the government, rather than having to implement a program to make up for the deficiencies of a private product would start regulating that class of products. I havent' RTFA'd, but I can only imagine that the target for this program would be Windows based systems. If MS made cars and there were all these breakdowns, accidents, deaths, crashes, etc. wouldn't the government tell them to stop producing and such low quality, shoddy products? Wouldn't there be some type of regulation, like automobile safety standards?

    Just a thought...

  52. Cool... by Anonymous Coward · · Score: 0

    ...But does it work on Linux?

  53. Re:better some than none as in USA by zagatka · · Score: 0

    in USA there is NO health care at ALL; you are pretty much on your own, so some even flawed is MUCH better than none.

  54. W3C Standards Compliancy by SerialCookie · · Score: 0, Offtopic

    Although the site claims to be XHTML 1.0 Compliant, when you parse the URL through the W3C validator, it says otherwise, with 7 markup errors. I have emailed them about this matter and currently awaiting a reply.

  55. Legitimizes the Unethical by bill_mcgonigle · · Score: 1

    Weather alerts, pollution alerts, traffic alerts, tornado warnings - all those are ways to reduce damage, save lives, and make life run smoother in the face of of problems. In the internet age, viruses and such fall into a similar category, so this makes perfect sense to me.

    Natural disasters aren't a result of shoddy product design. There's nothing you can do to prevent tornados and nothing you can do to stop them, so you have warning systems in place.

    If there's a hairdryer that needs a recall despite UL underwriting, that's because humans are imperfect creatures and despite best efforts problems slip through. That there are truck-sized holes in IE is due to rapid time to market and ignoring industry best practices. If it happened once or twice, sure, no sweat, we'll give them a by. If it happens thousands of times over decades, it's a pattern, or as they call it in MBA school, a business method.

    This is the government helping to prop up unethical business practices, not helping out on an honest mistake.

    --
    My God, it's Full of Source!
    OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    1. Re:Legitimizes the Unethical by Badgerman · · Score: 1

      You won't find me arguing, but the alert system also has the advantage of informing people.

      And after the twentieth alert on IE from an "official" source people may start thinking outside of the Redmond Box.

      --
      "The Sage treasures Unity and measures all things by it" - Lao Tzu
  56. Re:better some than none as in USA by Anonymous Coward · · Score: 0

    No health care is better than bad health care. Here in Cananda we cross the border to the states and pay cash when we need something done. It's better than waiting two-three months to get your tonsils out.

  57. The Department of Homeland Security is... by shinnyo · · Score: 1

    The Department of Homeland Security is already doing this in the US, except they send all the alerts to ISP's instead of users. Each week I get several e-mails alerting me of IP addresses on our cable networks that have been spreading viruses or worms. It's helpful to keep viruses off of my networks, but it gets to be a pain after a while. For what it's worth, I think the UK e-mailing individual users about it won't do much to stop the problem. Chances are, if the user knows enough to remove the virus after they read the e-mail, they probably already knew enough to keep the virus off in the first place. Your casual home user that doesn't know much about computers is just going to delete the e-mail without thinking twice about it.

  58. No, it's supershit!! by mu-sly · · Score: 1

    You're telling me! Shoddy web code for a start!

    One of my pet hates (as a freelance web developer, diehard on web standards and doing things properly) is people who pretend to use XHTML, but don't actually fucking USE XHTML!

    This site is written oldskool style, with a table based layout done in XHTML - completely missing the point of using XHTML to do semantic layout and CSS for visual arrangement. OK, they've used CSS, but it's to style their already laid-out-in-a-table content.

    Furthermore, the site does not validate - not even close! Yet again, half the point of using XHTML is to make well-formed documents. What's the fucking point when developers don't even check their pages validate?

    We've got nesting errors, invalid characters, use of attributes that don't exist in XHTML, and two closing html tags? You might have thought whoever wrote this site might have validated their code before putting it live, but the author of this page appears not to even have given it a cursory glance.

    Who knows how much this site cost? I'll bet it was a considerable sum of tax money, and it hasn't even been built properly. Fucking USELESS!

    When are we going to see a government site built properly, using web standards correctly? It's hardly rocket science, but these idiots in charge of our national computer security can't even use a fucking HTML validator, so is it any wonder the public are screwed?

    --
    Organic free-range music... yum!
  59. Me too by vaceituno · · Score: 1

    I have a page on home computer security too!
    http://www.seguridaddelainformacion.com/seg_ 0e.htm

    I am the king of Alcorcon! I was there first! credit me! :)

  60. Prevention controls epidemics by SgtChaireBourne · · Score: 2, Interesting
    In a perfect world, we'd run perfect software. We're not in a perfect world, and most of it uses MS software, so lets patch the holes with the tools we're given. If everyone on the road drives a ford, and fords have X mechanical problem, do you tell people how to fix the problem, or do you tell them to buy a toyota? I mean, be reasonable. maybe NEXT time they'll buy a toyota, but for now, they've GOT a ford.
    Information about better options is a prequisite for making an informed decision NEXT time. Microsoft may be a problem here and now for most of the desktop users, but like with other epidemics the key to control is prevention. Sure there is a need for corrective action to help those still on MS systems on purpose or by accident. It is the responsible thing to mention better products so that informed decisions can be made as the public gets the chance.

    Options like Mozilla, Firefox, Opera, Thunderbird, Eudora, and OpenOffice.org, to name a few for starters, should at least get a mention. They work here and now, even on MS-Windows. Aren't we talking about technology where we can choose the best tool for the job or is it a religion where we all face Redmond and bleat "yaaaay Bill!" ?

    By neglecting to mention better options, even those options usable by MS systems, the site does two disservices. First, it turns an otherwise good idea into a state sponsored marketing campaign for a single vendor. Second, it keeps people in the dark, preventing them from improving their existing systems or to making more informed choices in the future.

    Along the same lines, further proactive effort is needed to prevent defective systems from becoming a problem in your cars, television sets, taxes, public records or health care. All ofthis makes a good illustration of why commodity services and protocols are good for the market by preventing lock in.

    --
    Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
  61. It's not for UK only...Crown Copyright and all by lxt · · Score: 1

    It's Crown Copyright, meaning material "may be reproduced free of charge in any format or medium provided it is reproduced accurately and not used in a misleading context[...]the source of the material must be identified and the copyright status acknowledged.". Which basically means, anyone is entitled to view information.

  62. Obviously... by response3 · · Score: 1

    They will probably advocate the use of ANY antivirus. But I would bet that if MS bundles their AV into the system (and you know they will), then that should be recommened because of the "ease of use" factor for most users. Given that, I would not rely strictly upon the MS offering for my AV protection.

  63. US Government's doing this too by Anonymous Coward · · Score: 0

    The http://www.us-cert.gov/cas/signup.html#a "National Cyber Alert System Mailing List" looks like it does the same thing. Run by the US-CERT (Computer Emergency Readiness Team)

  64. Ho hum... by Anonymous Coward · · Score: 0

    When it comes to computers the UK government are utterly clueless. They'll buy whatever shit Microsoft tells EDS to sell 'em them and we'll all suffer for it.

    Retards the lot of 'em.

  65. PC World are Already doing it by seymansey · · Score: 1

    PC World store in the UK are already doing this - their instore radio service is *appears* to be sponsored by Symantec, and through the day these virus 'alerts' get honked out. OMG NEW VIRUS! BUY SYMANTEC AV!