UK Government Launches Virus Alert Service

Phil1 writes "The BBC is reporting that a rapid alerting service that tells home computer users about serious internet security problems is being launched by the UK government. Has this been attempted anywhere else in the world? Was it successful? And will they be plugging the Microsoft Anti-Spyware package (once it leaves beta)?"

Anti-Virus package?

[DaHat]

You linked to the Anti-Spyware app... and mentioned the AV app... have they already released a beta of the AV? I know it's been purchased and in the process of rebranding... but come on!

Next story about this will be...

[GoMMiX]

UK security alert service hacked, all your personal info are belong to us!

*signs up*

Re:Next story about this will be...

[ggvaidya]

You must be new here.

Obviously, the next story will be this story posted again by another editor. :)

how does the average user validate the source?

[MrRTFM]

Only problem with email or TXT alerts is that the sender is easily forged.

Hi, this is your government alert - please download the latest patch from http://www.alerts.gov.uk

The problem is that (apart from Slashdot users of course) that the hyperlinks are hidden, so any spammer can forge these messages to catch the unwary.

That alone would bring this thing down - it would only take a few lords or half a dozen grandmas to see goatse (or worse - gator spyware) to cause a public lack of confidence in the entire government program.

Re:how does the average user validate the source?

[Folmer]

When you sign up for the ITsafe mail, you will have to provide a "ITsafe word" which will be in the subject of the email, and therefor its easy to see if its a forged mail..
read more here: http://www.itsafe.gov.uk/terms/itsafeword.html

We all know what's next

[gowen]

When will we expect the first Trojan masquerading as an update from the "IT Safe" service. The over/under is about 6 hours after the service goes live.

doesn't make sense.

[jwcorder]

This does not make sense. Almost all anti-virus vendors offer this same alert. All you have to do is go to their website and signup. I know because I get 3-5 of them a day in my inbox. Why the government would want to waste taxpayer dollars on this is beyond me. Of course, I have no reason to talk because I don't live in the UK.

But when going on the US's past programs like this, any time you get the government involved, things tend to get out of hand.

I just don't understand the need especially when symantec will do this for free.

Re:doesn't make sense.

[beset]

We're used to wasting our POUNDS on failed IT ventures. If you've been following the recent upgrade of the NHS (national health service) ITC systems you'll know the government IT projects work something like: 1) Get overpaid consultancy firm to suggest "great idea" 2) Insert Tax Money 3) ??? 4) Insert More Tax Money 5) ??? 6) Abandon project at a massive loss. We're Brits remember, we'll just take it on the chin and have a game of tennis to vent....

Re:doesn't make sense.

[gowen]

Almost all anti-virus vendors offer this same alert.

And in 19th century New York, there were any number of competitive Fire Companies you could call if you wanted a blaze extinguished. And yet somehow, it was decided that people with a commercial interest in selling you stuff were not the people you wanted to call for an emergency.

Governments are flawed, but AV companies have a vested interest in selling you things you don't want.

Usually Microsoft is a bad thing...but

[jessecurry]

I have to say that I am very happy with the antispyware package that they have released. It consistently finds more spyware on my girlfriend's PC than any other program I have tried.
Products such as this, and released for free, start to wash away Microsoft's evil image

Re:Usually Microsoft is a bad thing...but

[geordie_loz]

actually products like this demonstrate Microsofts development process:

1. Build Software
2. Release too early with massive hype
3. Product flaws exposed
4. Some company build solution to those flaws
5. Microsoft buy those companies
6. Microsoft Software is stapled together with that solution.
7. two solutions together have more flaws
8. go to 4 and repeat process.

There should probably be a:
9. ???
10. Profit
In there too.

That's pretty much where we're at now. This is all about fixing a problem they created in the first place, and it's more like treating the symptoms not the cause.

Better suggestion!

[bigtallmofo]

They could come up with a color-coded "Virus Threat Advisory System". Just off the top of my head, they could use something like:

Low = Green
Guarded = Blue
Elevated = Yellow
High = Orange
Severe = Red

Who the hell knows what users should do at each of these levels, but at least they'd be using techniques that have been used in other successful alert systems.

The Dutch are doing this for 2 years already

The Dutch Government CSIRT is doing this for two years already. So you can chill out to a cool Legowelt CD and get warned when there's a new threat.

Also avaible for Non-UK'ers

[Folmer]

On the site: http://www.itsafe.gov.uk/ theres no check to see if you are an UK citizen.. Also theres no mention of it being for UK'ers only on the site or in the press release...
Although i migth just use the service from DK-cert or some anti virus company..

Spain is running this kind of service

for the las 3 years. At Alerta Antivirus

The day of the week will tell you

[Spackler]

If the day of the week has a Y in it, Microsoft had a security problem today.

I just saved the government (pinky to corner of mouth) 1 Billllion dollars!

Belgium has this: BIPT

[wimbor]

Since a few years the Belgian regulatory body for postal services and telecommunication (BIPT), has a special unit that tracks and warns for (possible) virus attacks.

Sometimes you get a warning of the BIPT in the radio news or during the traffic information announcements.

http://www.bipt.be/bipt_E.htm

I do not know how they work or how they are structured, and if it helps at all, but the UK is not the first country to do this...

Tax spent to plug holes?

[CdXiminez]

Now that the UK is going to spend tax payer's money to prevent problems caused by poor design by private companies, are they going to put extra tax on the purchase of vulnerable products and licenses (mostly Windows)?

I wouldn't want my tax money being spend on plugging the holes in software I don't use.

Has this been attempted anywhere else?

[PHAEDRU5]

The topic asks if this has been attempted anywhere else.

Well, there is the Computer Emergency Response Team at Carnegie Mellon University, and I like their approach.

I mean, one way they respond to threats is to contact anti-virus manufacturers. From there, it's a short step patches available via subscription.

You get the deep pockets of government to maintain the watch, and the rapid response of industry when a threat's been isolated. I like that division of labor.

Election coming up?

[badfish99]

There's no useful information on the site, but the front page features a press release and several big pictures of a government minister.

There's an election coming up, so it looks to me like another useless publicity stunt. I'm sure the web site will be left to wither once it's been reported in all the newspapers that the government is keeping us safe from "cyber-terrorism".

We already have that in the U.S.

[Scratch-O-Matic]

Why, just last night I got a bunch of helpful popup windows alerting me that "we have detected that your computer may be infected with spyware or a virus." There was also a button that I could click to download software that would fix it. Sounds like we're way ahead of the game, so chew on that for a while, U.K.!

MS Anti Virus?

[Barny]

Heard they are considering not releaseing it.

If they charge money for it, their makeing the industry rely on their buggy software, and then instead of fixing the software sell you "protection", sound familiar?

If they give it away, will be seen as anti competitive with all the very big business anti virus software manufacturers out there.