By Nathan Spande
Dark Reading (New York, USA)
One of the biggest challenges living someplace like Cambodia (which I do) is finding all of the cool tech toys that my geek genes tell me I need. Finding software is similarly difficult, at least when it comes to legal copies of software. I can go down the block to my local market and find almost any software program, music CD, or DVD my little heart could desire, for somewhere around $2 per disc. Finding a legitimate copy of, say, Microsoft Office, is much more of a challenge.
So how does this impact the security scene here? Well, for one thing, those pirated copies at the local markets almost certainly contain what they advertise (whether it be Office, Oracle, or Myst). Many of them also almost certainly contain a little bit more (insert name of your favorite virus/trojan/spambot here). Uh oh.
Now, Cambodia is small, remote, and extremely unconnected. Very few people here can afford a PC, let alone the monthly Internet access. I pay over $100 each month for my 128-kbit/s ADSL link. In a country where $60 a month is a good salary, there are clearly few people even thinking about home network access, let alone spending hundreds of dollars on software, or even $4 on pirated software.
However, this "a little bit more" situation is what's happening in the rest of the developing world, including countries like, say, China, which are much more populous and connected. Think about half a billion people using pirated software, with perhaps 64k connections for each. Add in a few thousand Internet cafes. Even if only 1 percent of the pirated software is infected with some sort of malware (and my hunch is that this is an underestimate), this is clearly a non-trivial problem.
Suddenly all that spam that has been making it through my two layers of filters is not so surprising. All of a sudden we have a large portion of the developing world essentially acting as open relays for spammers. We also have half the world available for a very, very big DDOS attack. This is not good.
So, how do we deal with this problem? That's far less clear to me. There are several problems that need to be addressed to solve it entirely, but it seems relatively intractible on the consumer end. Before you can get consumers to use licensed software, it has to be affordable.
As soon as it is affordable for the local populations, it is going to be purchased locally and resold internationally at deep discounts (already done in the electronics/photo equipment world, where "gray market" equipment is available with no warranty but otherwise in new condition). That makes it unlikely that large (or small) software companies will go for it. The other option would be to solve in a robust way the problem of malware in the operating system. Clearly that's not going to happen any time soon. A third option would be to encourage the use of free (as in beer) equivalent programs.
I'm writing this article using OpenOffice Writer, which is great for me, but I just don't see it taking the world by storm right now. For one thing, knowing OpenOffice doesn't give one much of a leg up in the job market, where knowing Microsoft Office certainly does, and computer skills are one of the few things that show promise at getting people out of poverty around here.
The other thing is a distribution problem. OpenOffice at the local market costs the same as Microsoft Office. If I download OpenOffice it actually costs me more money, since here I pay up to $0.10 per MByte for traffic over my DSL link.
So what's the world to do? I don't see a practical way to eliminate pirated software in the developing world right now. The incentives just aren't there for the local populations. Perhaps if we can develop good filtering, or at least monitoring, at the ISP level we'll be able to reduce the volume of such traffic.
Until then, I guess the best we security professionals can do is keep patching holes on the machines we control and be happy that our own PCs are free of the evil beasties. It seems that escaping being a target is just not likely to happen any time soon.
— Nathan Spande has implemented security in medical systems during the dotcom boom and bust, and suffered through federal government security implementations. Special to Dark Reading
So how does this impact the security scene here? Well, for one thing, those pirated copies at the local markets almost certainly contain what they advertise (whether it be Office, Oracle, or Myst). Many of them also almost certainly contain a little bit more (insert name of your favorite virus/trojan/spambot here). Uh oh.
Now, Cambodia is small, remote, and extremely unconnected. Very few people here can afford a PC, let alone the monthly Internet access. I pay over $100 each month for my 128-kbit/s ADSL link. In a country where $60 a month is a good salary, there are clearly few people even thinking about home network access, let alone spending hundreds of dollars on software, or even $4 on pirated software.
However, this "a little bit more" situation is what's happening in the rest of the developing world, including countries like, say, China, which are much more populous and connected. Think about half a billion people using pirated software, with perhaps 64k connections for each. Add in a few thousand Internet cafes. Even if only 1 percent of the pirated software is infected with some sort of malware (and my hunch is that this is an underestimate), this is clearly a non-trivial problem.
Suddenly all that spam that has been making it through my two layers of filters is not so surprising. All of a sudden we have a large portion of the developing world essentially acting as open relays for spammers. We also have half the world available for a very, very big DDOS attack. This is not good.
So, how do we deal with this problem? That's far less clear to me. There are several problems that need to be addressed to solve it entirely, but it seems relatively intractible on the consumer end. Before you can get consumers to use licensed software, it has to be affordable.
As soon as it is affordable for the local populations, it is going to be purchased locally and resold internationally at deep discounts (already done in the electronics/photo equipment world, where "gray market" equipment is available with no warranty but otherwise in new condition). That makes it unlikely that large (or small) software companies will go for it. The other option would be to solve in a robust way the problem of malware in the operating system. Clearly that's not going to happen any time soon. A third option would be to encourage the use of free (as in beer) equivalent programs.
I'm writing this article using OpenOffice Writer, which is great for me, but I just don't see it taking the world by storm right now. For one thing, knowing OpenOffice doesn't give one much of a leg up in the job market, where knowing Microsoft Office certainly does, and computer skills are one of the few things that show promise at getting people out of poverty around here.
The other thing is a distribution problem. OpenOffice at the local market costs the same as Microsoft Office. If I download OpenOffice it actually costs me more money, since here I pay up to $0.10 per MByte for traffic over my DSL link.
So what's the world to do? I don't see a practical way to eliminate pirated software in the developing world right now. The incentives just aren't there for the local populations. Perhaps if we can develop good filtering, or at least monitoring, at the ISP level we'll be able to reduce the volume of such traffic.
Until then, I guess the best we security professionals can do is keep patching holes on the machines we control and be happy that our own PCs are free of the evil beasties. It seems that escaping being a target is just not likely to happen any time soon.
— Nathan Spande has implemented security in medical systems during the dotcom boom and bust, and suffered through federal government security implementations. Special to Dark Reading
8 comments:
Stop whining, you fool. What's fair
is fair. You pirated our noodle and
dumpling ..., and we pirated your
your stupid Mac and Windows
Software ..., okay?
Why does KI-Media team still puts up with this arrogant, babaric, uncivilized Khmer pretender that keeps on insulting everybody like a mad dog???
Isn't it time for this Khmer pretender to go???
How many IP addresses does this mad dog have???
Mad dog has more IP than your
assholes KI Media team can count,
stupid. So stop trying to suppress
free speech, will ya?
KHMENG WAT KHNONG SROK
FREE SPEECH ...YES BUT NOT FREE INSULTS!PLEASE PRETEND TO ASK YOURSELF WHO YOU ARE ... AND GOD WILL GIVE YOU THE ANSWER!
KHMENG WAT KHNONG SROK
I know what you mean, KHMENG WAT
KHNONG SROK, but that type of free
speech will never be allowed in
srok Khmer, only in the Evil's land
(KI Media) if you know what I mean.
Also note that we are fighting the
devil (Ethiopian's tics and fleas)
on their own Evil's land (KI
Media), not srok Khmer. Get it?
Anon@8:01AM,
I told you before, your French stinks, your English stinks. I am now telling you again, your French stinks, your English stinks. So quit posting your comments. It stinks.
Okay, okay, now we all know you
know how to copy and paste texts,
alright? You need not to spam
everything, okay, Psycho?
And where are the immoral
Ethiopian's tics and fleas are all
gone? Come out of your rat's holes,
you stupid double-crossers?
Post a Comment