UK Government Launches Virus Alert Service

Phil1 writes "The BBC is reporting that a rapid alerting service that tells home computer users about serious internet security problems is being launched by the UK government. Has this been attempted anywhere else in the world? Was it successful? And will they be plugging the Microsoft Anti-Spyware package (once it leaves beta)?"

Anti-Virus package?

[DaHat]

You linked to the Anti-Spyware app... and mentioned the AV app... have they already released a beta of the AV? I know it's been purchased and in the process of rebranding... but come on!

Next story about this will be...

[GoMMiX]

UK security alert service hacked, all your personal info are belong to us!

*signs up*

Re:Next story about this will be...

[ggvaidya]

You must be new here.

Obviously, the next story will be this story posted again by another editor. :)

Re:Next story about this will be...

[Spad]

You must be new here.

Obviously, the next story will be this story posted again by *the same* editor. :)

how does the average user validate the source?

[MrRTFM]

Only problem with email or TXT alerts is that the sender is easily forged.

Hi, this is your government alert - please download the latest patch from http://www.alerts.gov.uk

The problem is that (apart from Slashdot users of course) that the hyperlinks are hidden, so any spammer can forge these messages to catch the unwary.

That alone would bring this thing down - it would only take a few lords or half a dozen grandmas to see goatse (or worse - gator spyware) to cause a public lack of confidence in the entire government program.

Re:how does the average user validate the source?

[Folmer]

When you sign up for the ITsafe mail, you will have to provide a "ITsafe word" which will be in the subject of the email, and therefor its easy to see if its a forged mail..
read more here: http://www.itsafe.gov.uk/terms/itsafeword.html

Re:how does the average user validate the source?

[RupW]

any spammer can forge these messages to catch the unwary.

OK, this is FAQqed but it's a bit harsh to mod the guy down. This is a fair point, and the mechanisms on the site (pre-agreed token sent in plain, verify against non-SSL HTTP) aren't properly secure. Connecting to the site over SSL (https://www.itsafe.gov.uk/) doesn't work.

They should sign their messages (and use this as an opportunity to explain signing to non-techies?) and host bulletins over SSL.

Re:how does the average user validate the source?

[csrster]

and if you can't think of a good ITsafe word, just use your administrator password or PIN number

We all know what's next

[gowen]

When will we expect the first Trojan masquerading as an update from the "IT Safe" service. The over/under is about 6 hours after the service goes live.

Re:We all know what's next

[akadruid]

When will we expect the first Trojan masquerading as an update from the "IT Safe" service?

They've thought of that. When you sign up, you enter a 'safe word' which will they will put in the subject line of every email they send you.

So a convincing spoof would require access to their database.

doesn't make sense.

[jwcorder]

This does not make sense. Almost all anti-virus vendors offer this same alert. All you have to do is go to their website and signup. I know because I get 3-5 of them a day in my inbox. Why the government would want to waste taxpayer dollars on this is beyond me. Of course, I have no reason to talk because I don't live in the UK.

But when going on the US's past programs like this, any time you get the government involved, things tend to get out of hand.

I just don't understand the need especially when symantec will do this for free.

Re:doesn't make sense.

[beset]

We're used to wasting our POUNDS on failed IT ventures. If you've been following the recent upgrade of the NHS (national health service) ITC systems you'll know the government IT projects work something like: 1) Get overpaid consultancy firm to suggest "great idea" 2) Insert Tax Money 3) ??? 4) Insert More Tax Money 5) ??? 6) Abandon project at a massive loss. We're Brits remember, we'll just take it on the chin and have a game of tennis to vent....

Re:doesn't make sense.

Why the government would want to waste taxpayer dollars on this is beyond me. Of course, I have no reason to talk because I don't live in the UK.

That's OK, we didn't expect you to know that we use the Pound over here...

Re:doesn't make sense.

[gowen]

Almost all anti-virus vendors offer this same alert.

And in 19th century New York, there were any number of competitive Fire Companies you could call if you wanted a blaze extinguished. And yet somehow, it was decided that people with a commercial interest in selling you stuff were not the people you wanted to call for an emergency.

Governments are flawed, but AV companies have a vested interest in selling you things you don't want.

Usually Microsoft is a bad thing...but

[jessecurry]

I have to say that I am very happy with the antispyware package that they have released. It consistently finds more spyware on my girlfriend's PC than any other program I have tried.
Products such as this, and released for free, start to wash away Microsoft's evil image

Re:Usually Microsoft is a bad thing...but

[CypherXero]

That's because Microsoft didn't make it.

Re:Usually Microsoft is a bad thing...but

[geordie_loz]

actually products like this demonstrate Microsofts development process:

1. Build Software
2. Release too early with massive hype
3. Product flaws exposed
4. Some company build solution to those flaws
5. Microsoft buy those companies
6. Microsoft Software is stapled together with that solution.
7. two solutions together have more flaws
8. go to 4 and repeat process.

There should probably be a:
9. ???
10. Profit
In there too.

That's pretty much where we're at now. This is all about fixing a problem they created in the first place, and it's more like treating the symptoms not the cause.

Better suggestion!

[bigtallmofo]

They could come up with a color-coded "Virus Threat Advisory System". Just off the top of my head, they could use something like:

Low = Green
Guarded = Blue
Elevated = Yellow
High = Orange
Severe = Red

Who the hell knows what users should do at each of these levels, but at least they'd be using techniques that have been used in other successful alert systems.

The Dutch are doing this for 2 years already

The Dutch Government CSIRT is doing this for two years already. So you can chill out to a cool Legowelt CD and get warned when there's a new threat.

Re:The Dutch are doing this for 2 years already

[Woefdram]

At www.waarschuwingsdienst.nl you can find all sorts of threats and they also offer free (we're Dutch after all) notifications via SMS.

Unprecedented

[Albio]

Alerts will not be issued unless users can do something to protect themselves against the threat. This might include downloading an update from an anti-virus vendor or updating software to close loopholes and fix vulnerabilities. This could also include something as simple as "don't go to X domain because it hijacks your ICQ"...

Also avaible for Non-UK'ers

[Folmer]

On the site: http://www.itsafe.gov.uk/ theres no check to see if you are an UK citizen.. Also theres no mention of it being for UK'ers only on the site or in the press release...
Although i migth just use the service from DK-cert or some anti virus company..

Socialized Computer Health Care

[lbmouse]

One hopes the government is better at computer viruses than their attempts on humans.

Spain is running this kind of service

for the las 3 years. At Alerta Antivirus

The day of the week will tell you

[Spackler]

If the day of the week has a Y in it, Microsoft had a security problem today.

I just saved the government (pinky to corner of mouth) 1 Billllion dollars!

Belgium has this: BIPT

[wimbor]

Since a few years the Belgian regulatory body for postal services and telecommunication (BIPT), has a special unit that tracks and warns for (possible) virus attacks.

Sometimes you get a warning of the BIPT in the radio news or during the traffic information announcements.

http://www.bipt.be/bipt_E.htm

I do not know how they work or how they are structured, and if it helps at all, but the UK is not the first country to do this...

Tax spent to plug holes?

[CdXiminez]

Now that the UK is going to spend tax payer's money to prevent problems caused by poor design by private companies, are they going to put extra tax on the purchase of vulnerable products and licenses (mostly Windows)?

I wouldn't want my tax money being spend on plugging the holes in software I don't use.

Has this been attempted anywhere else?

[PHAEDRU5]

The topic asks if this has been attempted anywhere else.

Well, there is the Computer Emergency Response Team at Carnegie Mellon University, and I like their approach.

I mean, one way they respond to threats is to contact anti-virus manufacturers. From there, it's a short step patches available via subscription.

You get the deep pockets of government to maintain the watch, and the rapid response of industry when a threat's been isolated. I like that division of labor.

Has this been attempted anywhere else in the world

[antxxxx]

If you read the full article it says at the end that

The National Alerting Service for the Netherlands (aka De Waarschuwingsdienst) and the US National Cyber Alerting Service also tell citizens of serious security threats.

Honestly, the best anti-virus measure...

[dj42]

Is to not be so stupid. People are always falling for these basic traps, like clicking "YES" to browser-based software installs, opening attachments like "Imamoron-funnystuff.exe" from their friends. It's like some people just completely lack a filter that allows you to prevent 99% of viruses just by not running or clicking things they don't need to.

I think it's largely in part to the Windows interface which plays down the "significance" of running and having running programs and software while on a network (the Internet, mostly).

I haven't had a single virus on my home machine since 1996, and I think I self-infected when I was trying to figure out how it worked.

And I NEVER use a real time virus scanner. I check my Windows computer when it behaves strangely, I see new processes, event viewer notices, etc. The fact is, even if you keep your virus-scanner (real time) up to date, all you're doing is *potentially* reducing the "reaction" time to the frequency of updates released by your particular vendor. Whereas with my method, I'm up to date on virus news, as well as the usual effects of them, and find solutions on an as-needed basis should I EVER become infected by one.

So. Yeah.

Re:Honestly, the best anti-virus measure...

Usual plug for free AVG. There's no excuse not to have a virus checker, no matter how clued you think you are.

Hey, why not

[Badgerman]

Snarky comments and Microsoft jokes aside (not that I don't like either), this makes perfect sense, at least on an abstract level.

Weather alerts, pollution alerts, traffic alerts, tornado warnings - all those are ways to reduce damage, save lives, and make life run smoother in the face of of problems. In the internet age, viruses and such fall into a similar category, so this makes perfect sense to me.

Also, this just increases people's awareness of inernet issues. A few years of watching virus alerts fly all over the place may make people more careful, more picky - and more demanding on certain software vendors.

Now where I WILL bet a bit cynical is if this is A) done right and B) can be done right elsewhere. I'm sure it can be done right, but the "if" is anoter question.

Still, hey, go for it UK Government.

safe word: ITsafe or Virus

[dj42]

I wonder what the frequency of choosing the words "ITsafe" or "virus" or "warning" or "alert" would be by people signing up? 50%+?

Election coming up?

[badfish99]

There's no useful information on the site, but the front page features a press release and several big pictures of a government minister.

There's an election coming up, so it looks to me like another useless publicity stunt. I'm sure the web site will be left to wither once it's been reported in all the newspapers that the government is keeping us safe from "cyber-terrorism".

We already have that in the U.S.

[Scratch-O-Matic]

Why, just last night I got a bunch of helpful popup windows alerting me that "we have detected that your computer may be infected with spyware or a virus." There was also a button that I could click to download software that would fix it. Sounds like we're way ahead of the game, so chew on that for a while, U.K.!

MS Anti Virus?

[Barny]

Heard they are considering not releaseing it.

If they charge money for it, their makeing the industry rely on their buggy software, and then instead of fixing the software sell you "protection", sound familiar?

If they give it away, will be seen as anti competitive with all the very big business anti virus software manufacturers out there.

Don't encourage users to trust email

[evilandi]

The UK scheme appears to be based around emailing users about security problems.

Because obviously, if you receive an email giving you security advice, its guaranteed to be up-to-date, accurate, authoratative and with excellent step-by-step instructions on how to +++ATH0 NO CARRIER

Headline grabbing hot air.

[jchap]

"The government estimates it will issue security alerts about six to 10 times a year"

"Those signing up will only be told about the most serious security threats that have the potential to affect millions of people."

This sounds like a particularly ineffectual and pointless exercise. This level of virus information could be picked up from doing nothing more than watching BBC news or reading their site during the year. Further, it makes you wonder if the whole project will be run by a single guy who's job description has just been extended to include 'watch BBC news programs then forward email warnings to UK PC owning in-duh-viduals'.

However, it is also an extremely cheap way of getting +ve headlines (even Reg refers to it as an 'initiative'). I guess each government department has been told to come up with crap like this because we're in the run up to a general election.

Virus alert or *Microsoft* virus alert?

[SgtChaireBourne]

Government money should promote actual computer security and increase public awareness. This announcement looks like it's just government funding for another MS media circus.

Plus the advice summary is bullshit:

Install anti-virus software
That's corrective action. How about prevenaitive action like pointing out secure products and warning the public to avoid defective ones? An ounce of prevention is worth a pound of cure.

Keep your anti-virus software up to date
You can't patch fast enough. That includes so called anti-virus software. Someone has to get hit first. AV companies have to then react and update the AV software profile. Then users have to add the updated profile, over a modem that can take time. MS-Slammer reached saturation in 8.5 minutes.

Install a personal firewall
Web pages and e-mail go right through that fire wall, they're supposed to, so do outgoing connections usually. Unfortunately most MS malware comes in via MSIE (the web) or MS-Outlook (mail), so how exactly is a firewall going to help? How about swapping out vulnerable applications and services instead?

Use Windows updates to patch security holes
There are other systems besides MS-Windows. Currently these do not even get viruses or worms. Some of these (e.g. Ubuntu) are easy to install and work on existing x86 hardware. Macintoshes are low maintenance and work out of the box. Unless you're a heavy gamer, you don't need MS-Windows.

Do not open e-mail messages that look suspicious
A virus is only harmless data, unless your system is designed to run it on sight. How about choosing an e-mail client that's not designed to spread viruses. Thunderbird, Mozilla, and Eudora are excellent choices.

Do not click on e-mail attachments you were not expecting
Use one of the above mail clients and/or switch to an operating system not designed to spread viruses.

Re:Virus alert or *Microsoft* virus alert?

[Atlantis-Rising]

In a perfect world, we'd run perfect software. We're not in a perfect world, and most of it uses MS software, so lets patch the holes with the tools we're given. If everyone on the road drives a ford, and fords have X mechanical problem, do you tell people how to fix the problem, or do you tell them to buy a toyota? I mean, be reasonable. maybe NEXT time they'll buy a toyota, but for now, they've GOT a ford.

Re:Virus alert or *Microsoft* virus alert?

[geordie_loz]

I agree that there is an imperfect world, but your analogy is out a little. Parent is suggesting that solutions to these problems should include changes of software. Yes all can't swtich to Linux maybe, but advise about more secure e-mail clients such as thunderbird is good advise. Not too mention, than unlike their car, they can get their new software now at no cost. That's good news.

The main reason/problem that it is an "MS World" is that people don't know there are other things and why they should use them, after all they only really hear Microsoft's viewpoint - which is, "We're Great, Use us - It's good". Another point of view they're not even aware of would be fantastic in an independant place which less savvy users are visiting. To be like Balmer, security is about Education, Education, Education.

Has this been attempted anywhere else in the world

[mwood]

You mean, like US-CERT?

It's an answer to a question.

[16K+Ram+Pack]

When someone asks the government just what they are doing to prevent terrorism on the 6 O'clock news sometime, it's something else to pad out the answer.

Completely useless and ineffective, but that's not really the point.

But

[Nine+Tenths+of+The+W]

Does it respond within 45 minutes?

Prevention controls epidemics

[SgtChaireBourne]

In a perfect world, we'd run perfect software. We're not in a perfect world, and most of it uses MS software, so lets patch the holes with the tools we're given. If everyone on the road drives a ford, and fords have X mechanical problem, do you tell people how to fix the problem, or do you tell them to buy a toyota? I mean, be reasonable. maybe NEXT time they'll buy a toyota, but for now, they've GOT a ford.

Information about better options is a prequisite for making an informed decision NEXT time. Microsoft may be a problem here and now for most of the desktop users, but like with other epidemics the key to control is prevention. Sure there is a need for corrective action to help those still on MS systems on purpose or by accident. It is the responsible thing to mention better products so that informed decisions can be made as the public gets the chance.

Options like Mozilla, Firefox, Opera, Thunderbird, Eudora, and OpenOffice.org, to name a few for starters, should at least get a mention. They work here and now, even on MS-Windows. Aren't we talking about technology where we can choose the best tool for the job or is it a religion where we all face Redmond and bleat "yaaaay Bill!" ?

By neglecting to mention better options, even those options usable by MS systems, the site does two disservices. First, it turns an otherwise good idea into a state sponsored marketing campaign for a single vendor. Second, it keeps people in the dark, preventing them from improving their existing systems or to making more informed choices in the future.

Along the same lines, further proactive effort is needed to prevent defective systems from becoming a problem in your cars, television sets, taxes, public records or health care. All ofthis makes a good illustration of why commodity services and protocols are good for the market by preventing lock in.