Download - Future of the Internet â And how to stop it.
Download - Future of the Internet â And how to stop it.
Download - Future of the Internet â And how to stop it.
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Stabil<strong>it</strong>y on a Generative Net 171<br />
Google search result: “Warning: This s<strong>it</strong>e may harm your computer.” 40 Those<br />
who clicked on <strong>the</strong> link anyway would, instead <strong>of</strong> being taken <strong>to</strong> chuckroast<br />
.com, get an add<strong>it</strong>ional page from Google w<strong>it</strong>h a much larger warning and a<br />
suggestion <strong>to</strong> vis<strong>it</strong> S<strong>to</strong>pBadware or pick ano<strong>the</strong>r page instead <strong>of</strong> chuckroast’s.<br />
Chuckroast’s vis<strong>it</strong>s plummeted after <strong>the</strong> warning was given, and <strong>the</strong> s<strong>it</strong>e<br />
owner was understandably anxious <strong>to</strong> figure out what was wrong and <strong>how</strong> <strong>to</strong><br />
get rid <strong>of</strong> <strong>the</strong> warning. But cleaning <strong>the</strong> s<strong>it</strong>e requires leaving <strong>the</strong> realm <strong>of</strong> <strong>the</strong><br />
amateur Web designer and entering <strong>the</strong> zone <strong>of</strong> <strong>the</strong> specialist who knows <strong>how</strong><br />
<strong>to</strong> diagnose and clean a virus. Requests for review—which included pleas for<br />
help in understanding <strong>the</strong> problem <strong>to</strong> begin w<strong>it</strong>h—inundated S<strong>to</strong>pBadware<br />
researchers, who found <strong>the</strong>mselves overwhelmed in a matter <strong>of</strong> days by appeals<br />
from thousands <strong>of</strong> Web s<strong>it</strong>es listed. 41 Until S<strong>to</strong>pBadware could check each s<strong>it</strong>e<br />
and verify <strong>it</strong> had been cleaned <strong>of</strong> bad code, <strong>the</strong> warning page stayed up. Difficult<br />
questions were pressed by s<strong>it</strong>e owners and users: does Google owe notice <strong>to</strong><br />
webmasters before—or even after—<strong>it</strong> lists <strong>the</strong>ir s<strong>it</strong>es as being infected and<br />
warns Google users away from <strong>the</strong>m Such notice is not easy <strong>to</strong> effect, because<br />
<strong>the</strong>re is no centralized index <strong>of</strong> Web s<strong>it</strong>e owners, nor a standardized way <strong>to</strong><br />
reach <strong>the</strong>m. (Sometimes domain name records have a space for such data, 42 but<br />
<strong>the</strong> information domain name owners place <strong>the</strong>re is <strong>of</strong>ten false <strong>to</strong> throw <strong>of</strong>f<br />
spammers, and when true <strong>it</strong> <strong>of</strong>ten reaches <strong>the</strong> ISP hosting <strong>the</strong> Web s<strong>it</strong>e ra<strong>the</strong>r<br />
than <strong>the</strong> Web s<strong>it</strong>e owner. When <strong>the</strong> ISP is alerted, <strong>it</strong> ei<strong>the</strong>r ignores <strong>the</strong> request<br />
or immediately pulls <strong>the</strong> plug on <strong>the</strong> s<strong>it</strong>e—a remedy more drastic than simply<br />
warning Google users away from <strong>it</strong>.) Ideally, such notice would be given after a<br />
potentially labor-intensive search for <strong>the</strong> Web owner, and <strong>the</strong> s<strong>it</strong>e owner would<br />
be helped in figuring out <strong>how</strong> <strong>to</strong> find and remove <strong>the</strong> <strong>of</strong>fending code—and<br />
secure <strong>the</strong> s<strong>it</strong>e against future hacking. (Chuckroast eliminated <strong>the</strong> malicious<br />
code, and, not long afterward, Google removed <strong>the</strong> warning about <strong>the</strong> s<strong>it</strong>e.)<br />
Prior <strong>to</strong> <strong>the</strong> Google/S<strong>to</strong>pBadware project, no one <strong>to</strong>ok responsibil<strong>it</strong>y for this<br />
kind <strong>of</strong> secur<strong>it</strong>y. Ad hoc alerts <strong>to</strong> webmasters—those running <strong>the</strong> hacked<br />
s<strong>it</strong>es—and <strong>the</strong>ir ISPs garnered l<strong>it</strong>tle reaction. The s<strong>it</strong>es were working fine for<br />
<strong>the</strong>ir intended purposes even as <strong>the</strong>y were spreading viruses, and s<strong>it</strong>e cus<strong>to</strong>mers<br />
would likely not be able <strong>to</strong> trace infections back <strong>to</strong> (and <strong>the</strong>reby blame) <strong>the</strong><br />
merchant. As one Web s<strong>it</strong>e owner said after conceding that his s<strong>it</strong>e was unintentionally<br />
distributing malware, “Someone had hacked us and <strong>the</strong>n installed<br />
something that ran an ‘Active X’ something or ra<strong>the</strong>r [sic]. It would be caught<br />
w<strong>it</strong>h any standard secur<strong>it</strong>y s<strong>of</strong>tware like McAfee.” 43 In o<strong>the</strong>r words, <strong>the</strong> s<strong>it</strong>e<br />
owner figured that secur<strong>it</strong>y against malware was <strong>the</strong> primary responsibil<strong>it</strong>y <strong>of</strong><br />
his visi<strong>to</strong>rs—if <strong>the</strong>y were better defended, <strong>the</strong>y would not have <strong>to</strong> worry about