Internet commentary
...stand secure amidst a falling world *
Keywords: Internet, Viruses, Security, Computer security, Sandia
I've often talked about security and viruses in this column and those of the sister-journals for which I also write, Circuit World and Soldering & SMT. It would seem that my paranoia is more justified than I ever thought. One of the leading companies in this field, Symantec, offer a free service whereby anyone can have their computer analysed for security. Interestingly, over one million users, presumably amongst the most security conscious, have availed themselves of this offer. They publish the statistics of the results of their analyses at the following URL:
http://security2.norton.com/ssc/sc_stats.asp ?langid=us&venid=sym&plfid=20& pkj=UJKNBMRSJRFSKLUKUMX (note that you must type this, in full, on a single line, without spaces, into the URL address space of your browser).
The statistics are revealing (and don't forget, the users of this service must be those with security concerns, so this is only the tip of the iceberg). At the time of writing, of the analyses, 28 percent of the users are at risk with network vulnerability concerns; 25 percent with NetBIOS availability; 7 percent are in trouble with active Trojan Horses (you know, those damned viruses that are spread automatically via e-mails); 35 percent have not scanned for viruses recently; 14 percent have outdated antivirus definitions and 64 percent have potential problems with browser privacy, perhaps allowing "hackers" to penetrate their systems, permitting them to either read or destroy data.
The browser privacy problem may not be as bad as it sounds, despite the 64 percent figure. Anyone using a dial-up networking (DUN) system is much less at risk than a person with a permanent connection. This is because the average DUN user does not have a specific IP address but is allocated a free one at each connection and he does not usually stay connected long enough to give a hacker enough time to do his worst. However, if you have a direct and permanent broad-band connection, such as ADSL, and you do not have a firewall between your computer and the outside world, you are very definitelyat risk, as is every other computer on your network. Believe me, you can bet your bottom dollar that you will be "visited" at least once per month, although you may not suffer any visible damage. Happily, you can usually obtain sufficient protection with a cheap $50 software firewall or even a freebie.
The antivirus problem is much more acute because everyone connected to the Internet is at risk unless he takes adequate precautions. Of course, if your e-mail client comes from the Microsoft stable, everyone in your address book is also at risk. There is absolutely no excuse for not having a good antivirus system that automatically updates itself every time that a new definition becomes known, without any intervention on your part (I see that mine updates itself two or three times per week, on average, at irregular intervals). This does not afford an unequivocal protection, because there is always the minimal chance that you may be infected before the definition is written. This is one reason why you should do a complete virus scan on a weekly basis – and this is not the only one, because you may be infected from many possible sources. This is the most important thing you must do regularly to any and every computer.
The NetBIOS is a system which permits the TCP/IP protocol to be used over a network. This means that if a hacker does penetrate to the computer which is used for your Internet work, he can also access all the other computers on your network, if it is shown to be at risk. This risk would be increased if the network itself is shown to be vulnerable (i.e., file sharing enabled).
So what should be done to increase security? The first thing is, of course,to protect your system against the ingress of worms, Trojan Horses and viruses and such-like beasties. This is both easy and low-cost, and I personally think it is inexcusable for any system today not to be protected with a system with automatic up-dating by the manufacturer and a full scan done automatically on a weekly basis. This will not protect you against hackers, nor will it protect you against those nasty little scripts which cause data from your computer to be sent to companies whose web site you have visited in the past (yes, this is possible). To obtain better protection, even if you do use dial-up networking,you must install some form of firewall – of course, most corporate networks go, or at least should go, through one, but only a small percentage of privately-owned computers do so. Personal firewalls can cost anything from zero to about one-hundred dollars. One such free one for private users can be found at http://www.zonelabs.com/and another at http://www.tinysoftware.com/(please note, I've not tried these, so please don't take this as a recommendation). These two companies offer more complex versions that have to be paid for, of course, along with the reputed Norton Personal Firewall 2002 at http://www.symantec.com/sabu/nis/npf/, which can be bought for USD 49.95 on- line (possibly cheaper at your local computer supermarket).
In summary, if you are not protected, then you should be. A good protection system is the computer equivalent of safe sex!
For this article, I'm going to comment only on a single site, but what a site! It is only partly devoted to microelectronics, but the rest is also loosely relevant, so I make no apologies. Actually, it is not a site, rather than a sub-site, devoted to microsystems, divided into four categories. Unfortunately, the graphics menu on what amounts to the Home Page is slow to download for those of us on a narrowband DUN system as it, alone, takes up nearly 100 kb of the 140 kb for the whole page, but the wait is worth it. Like all good Home Pages, it has correct meta keywords and descriptions, so it comes up beautifully on search engines. The menu offers four choices: Intelligent Micromachine Initiative; Microelectronics; Photonics and Sensors.
The section on Intelligent Micromachine Initiative is simply stupefying. I'll quote verbatim the introduction:
"Imagine a machine so small that it is imperceptible to the human eye. Imagine working machines with gears no bigger than a grain of pollen. Imagine these machines being batch fabricated tens of thousands at a time, at a cost of only a few pennies each. Imagine a realm where the world of design is turned upside down, and the seemingly impossible suddenly becomes easya place where gravity and inertia are no longer important, but the effects of atomic forces and surface science dominate. Welcome to the microdomain, a world now occupied by an explosive new technology known as MEMS (MicroElectroMechanical Systems) or, more simply, micromachines. Sandia National Laboratories, motivated by a guiding vision for MEMS, has become a recognized leader in this emerging field."
Now we all know these micromachines exist, but do we know what they can do? I certainly was not aware that they were more than a scientific curiosity and that they have practical applications, such as three-dimensional inertia sensors used for the deployment of air bags in cars. The page has a full menu on the left,topped by an invitation to view a demonstration, streamed live from a video camera attached to a microscope. This is a fantastic Internet application but it may appear jerky if you have a slow Internet connection. If this happens, just try again during a calm time on the 'Net. However, there are also tens of other recorded video clips downloadable from the "Movie Gallery", divided into a dozen categories, including steam engines, mechanical locks and so on. Of course,these take a wee while to download, but they are worth it. There is also a similar "Image Gallery" of stills, from which Fig. 1 is taken. It shows a spider mite, barely visible to the naked eye, sitting on the code wheel of a microminiature combination lock. This perhaps gives a better idea of scale than the 100 çm line, underneath it. The question that must be asked is how these mechanical devices are made, and this is how I can justify the inclusion of this paragraph here. It is done in exactly the same way as some ICs are made:in fact, the mechanical device can be fabricated onto the same chip as the integrated circuit itself, making the electromechanical interface invisible. This will give a great clue why such devices can be made at a very low cost. Full details are given in the section "Technical Information", describing two methods developed at Sandia and a link to a third, more complex and versatile,method of German origin but which Sandia is able to manufacture. The site is worth the visit if only to be able to say, "Whew!" at what has been achieved.
Figure 1 View of a Sandia micromechanical device with a spider mite sitting on top
The Microelectronics section is perhaps less spectacular, but is nevertheless of interest. The speciality is the development of ICs with 1/2 çm technology, with a low susceptibility to strong ionising radiation. The obvious application is for space electronics. The techniques used are briefly described in the "Technical Information" page. However, there is a much more useful and informative link to Sandia's Electronics Quality/ Reliability Center (EQRC). This is a valuable place to go to if you are in need of any information on failure analysis or reliability, although its main aim is, of course, to sell the lab's expertise in one way or another.
Photonics is a subject of which I was woefully ignorant. Reading the"Technical Information" pages, I was able to glean a lot of information. I admit that it is very doubtful whether I'll ever be able to put it to use, but that's another story! Notwithstanding, it is academically very interesting
and I spent a good half-hour reading it. As optoelectronic devices depend essentially on Groups IIIB and VB of the periodic table and these include such elements as gallium and arsenic, it is natural that there be an offshoot of the technology to GaAs high frequency devices. Let me hazard a guess: the computer you have on your desk may have a CPU speed of 2 GHz or more, but the chip still depends on the Group IVB silicon. Maybe, in 10 years time, your software will be so bloated that only a 20 or 50 GHz processor will be able to cope with it. My guess is that silicon will no longer be able to cope and that some parts of your computer will inevitably contain both ultra-high speed GaAs devices and optoelectronics. Pity I won't be able to type ten or twenty times faster, as well!
The pages on sensors are somewhat more sparse, although the "Image Gallery"does display a number of different types, operating on a wide range of principles. An intriguing one is entitled, "Chem Lab on a Chip", but I think I may be permitted to imagine that this may be slightly exaggerated! The fabrication of these involves a number of techniques, many of which are closely related to microelectronics (or actually are!). One thing that always worries me a little with chemical semiconductor sensors is that the surface of the chip is,by definition, unprotected. This possibly could lead to problems if impurities are present in the fluid being monitored. Apart from false readings, which are possible, under the circumstances, with any kind of sensor, I feel there could always be a risk that the surface may be damaged, upsetting the performance of the system. Or maybe it is just I who am paranoid?
In any case, this sub-site is well worth the visit, even if you have no immediate specific interest. At the least, it may give inspiration towards resolving a number of problems, if only by the wide novelty of the applications that Sandia have handled. If you are unable to see a solution yourself, try asking them!
* Should the whole frame of nature round him break,
In ruin and confusion hurled,He, unconcerned, would hear the mighty crack,And stand secure amidst a falling world.Horace Odes bk. 3, no. 3, l. 1, loosely translated by Joseph Addison, c. 1700
