15.1 The Future of Computing

Team-Fly

	Malicious Mobile Code: Virus Protection for Windows By Roger A. Grimes Slots : 1
	Table of Contents
	Chapter 15.  The Future

We were content to play with one-dimensional, crude graphic blocks with early computer games. In Atari's Pong, we spent hours continuously knocking a square ball against a wall. Today, we have multiplayer, role-playing games with thousands of colors, hundreds of skill levels, and we form human teams across the Internet. The computer-generated opponent is deemed too predictable and artificial. Now we play against each other. The games have storehouses of weapons, dozens of landscape changes, water, sky, minute variations of skin hue, and real-time strategy chatting. Personal computers are just starting to get out of the Pong stage and head to the Nintendo phase. Two fundamental changes will occur in personal computing:

• Media convergence

• Distributed computing

15.1.1 Media Convergence

All forms of content and media will converge so that a single device will deliver many media types. The idea that we watch live broadcasts and movies on a television, listen to music on a stereo, pick our email up on a computer, and call people on telephones is pretty humorous . After all, no matter what the content is, behind the scenes we are just moving digital data from point A to point B. The Internet, of course, will play a big part in the convergence of data.

When we regale our grandkids with stories of how we used to have all these separate devices to accomplish these similar tasks , they will laugh . It will be like the smile that we get when we hear our parents talking about watching black-and-white television with rabbit-eared antennas to pick up four channels. Or like trying to understand how our grandparents could have possibly found it fascinating to spread out on the living room floor and listen to fireside radio chats.

Media convergence is already starting to happen. Real-time video feeds are becoming standard on Internet news media channels. They are even better than live television broadcasts because you can play it again at your leisure. Music is routinely downloaded in MP3 formats. Instant Messaging and Internet telephone programs have threatened the telephone industry enough that Congress was asked to federally regulate the programs and impose identical taxes (the government declined). Voiceover IP (VOIP) is one of the best things to hit telephony since T1 lines. Instead of using the VCR, people are using DVDs or downloading the movie to their computer. The Internet has had several prime-time soap operas that are only available on the Net. Stephen King released one of his latest novels only on the Internet. National surveys already show American consumers spending as much time in front of a computer as they do their television.

In the future, we will be able to watch a movie, surf the Web, download music, and take a telephone call all from the same convenient box. The only question is what device will converge all these media types? The television is a natural choice. Most homes have more than one, and several vendors are already delivering Internet content through them (i.e. set-top boxes like Microsoft's WebTV ). Other vendors, like Ucentric (http://www.ucentric.com) are building products for HANs ( home area networks ). Ucentric's products hook file servers, firewalls, television, stereos, handheld computers, personal computers, wireless devices, network appliances, and home appliances to a single user interface.

With proprietary interfaces, limited operating systems, and a closed-box design, you would think that set-top devices and home networks would be immune to malicious mobile code. You would be wrong. WebTV was hit with its first email worm last year. Most of the experts studying the future of personal computing believe the television will always be the centralized communication device in our houses , but we don't spend all our time at home. That's where distributed computing fits in.

15.1.2 Distributed Computing

Computing will become distributed and pervasive. Computers will be everywhere and in everything. The idea of a toaster containing an IP address isn't too far fetched anymore. Computers will be were we are. So will our programs and data. In the future, we will not have to go to "our" computers and "our" network to get access to "our" data. It will follow us and be available everywhere. You will be able to pick up your word processing documents or contact list on your PDA, in your car, at the airport, or even on someone else's computer.

Microsoft and many other powerful companies already understand the certainty of this paradigm shift. Microsoft.Net is Bill Gates' bet-the-company strategy built around distributed computing. You pay Microsoft a fee to use a predefined set of application features. Then wherever you log on to Microsoft.Net, your applications and data are there. Both are stored on distributed network computers. When you log on to a participating device (it will probably not always be a computer as we know it today), the logon process locates your program and files.

Personal computers will probably be around for a long time as its form factor is conducive to human interaction. PDAs and handhelds are too small to write large messages or hold a large amount of information.

And not only Microsoft has seen the vision of distributed computing. Application service providers (ASPs) are giving their product away in the fight to be among the lucky few standing (or bought out) when the jostling is over. ASPs, like Microsoft.NET, deliver their programs and data over the Web. Besides making complex pieces of software available to the masses at relatively cheap prices, devices promote the ability for software users to access their information anywhere they have a Web browser. Thus, the business executive can check out real-time statistics while attending his industry seminar in Palm Beach or from home.

Other signs of the distributed computing model are web-based email systems and storage space. Web-based email systems, like Hotmail, allow you to pick up your email no matter where you are. Several vendors, including i-Drive (http://www.idrive.com), offer remote storage space on the Web for individual users. Those services encourage users to store their information on the Web to their personal file storage areas. That way you can get to your files from work, home, or elsewhere. Even on corporate networks, storage space is no longer directly placed inside a file server. Hard drives can be connected as their own separate network nodes (i.e., SANS), or several hard drives located in different file servers can be logically organized to look like one hard drive (i.e. Distributed File System). These are just a few of the signs that distributed and pervasive computing is upon us.

15.1.3 Other Key Technology Changes

Several other technologies are creeping into our everyday lives and will eventually impact us in a big way.

15.1.3.1 P2P computing

Like disco, peer-to-peer (P2P) computing has come, gone, and come again. Peer-to-peer computing consists of a loosely connected network of computers with no central file server. Every computer on a peer-to-peer network can be both a client and a host. Early on in PC networking, peer-to-peer networking was big for small networks. Lantastic was the most popular DOS peer-to-peer network. Windows for Workgroups, with its integrated file and print sharing features, allowed small groups of computers able to talk one another. As Novell and Windows NT became popular in the 1990s, peer-to-peer networking lost significant market share. It was seen as a lesser network topology for serious computing.

Napster , the MP3 utility that threatened the multibillion dollar music industry, heralds the return of peer-to-peer computing over the Internet. When a client computer connects to a Napster server, the server collects the names of all the MP3 files on the client computer. Then when anyone of the millions of Napster users request a particular song, the Napster server will direct the requestor to a participant's PC with the particular MP3 audio file. Then the requestor begins to download the song from the client PC -- a peer-to-peer connection. Napster made the peer-to-peer model viable again. Within months, peer-to-peer applications popped up all over the Internet.

The peer-to-peer connection does increase the risk of malicious attack. First, and most importantly, every peer-to-peer connection has a new open port to the Internet. Rogue hackers know the port numbers and know how to exploit the openings to gain unauthorized access. Secondly, the inherent nature of peer-to-peer networks means that many more computers are now directly connecting to more PCs. In a client/server environment, the file server is an additional barrier between two client PCs. Like instant messaging, peer-to-peer networking is taking on growing importance in home and corporate networks, and unless controlled and monitored , it will lead to more malicious code attacks.

On February 26, 2001. W32.Gspot.Worm became the first peer-to-peer MMC program. It spreads using the Gnutella file-sharing network, in which end-user workstations run a Gnutella client and offer up files that can be shared with other users. Users send out queries to find and download software files of all types. The Gspot worm is an executable that when opened on a Gnutella-enabled computer opens TCP/IP port 99. It then responds to any Gnutella query reaching the host machine. It renames itself to match the query, and then sends itself as an 8KB executable file. For example, suppose a query reaches it from someone looking for a "Sinatra" song. The worm would rename itself sinatra.exe and wait to be downloaded. The unlucky requestor then downloads and runs the worm, thereby causing the same results. Gspot was built as a proof-of-concept worm and contains no payload damage routine. If P2P clients become widespread, peer-to-peer MMC programs have the potential to become the next email worms and macro viruses.

15.1.3.2 Microsoft's domination weakens

It doesn't take a rocket scientist to see that the once invincible Microsoft is starting to get real competition. First, the United States antitrust case set them back. No longer can Microsoft use its operating system dominance to destroy application vendors. Second, the Linux market is gathering strength and converts every day. The legitimacy of open systems is becoming more accepted in the corporate world. Even proprietary stalwarts, like IBM, are installing Linux on their systems. Lastly, the public is beginning to lose patience with Microsoft's ineffective attempts at securing their products. Even Microsoft's strongest operating systems, Windows NT and Windows 2000, come with too little default security. To implement reliable security, a user must become a Microsoft security expert, spend every day plying the trade, and downloading patches.

Microsoft's deployment of Windows Scripting Host or scriptable ActiveX objects in all Windows operating systems without any security is indicative of their stance on security. Macro viruses would not be what they are today if not for Microsoft's relaxed stance. Email exploits would not be able to travel around the world in hours if not for Microsoft. With Microsoft, security is an afterthought, if it is thought of at all. The writing is on the wall, and Microsoft's dominance is starting to fade. With that said, like IBM, I expect Microsoft to play a significant role in shaping our personal computing experience for years and years to come.

15.1.3.3 Small computers

It is the rare business meeting that does not include an executive taking notes on her PalmPilot or PDA device. And in the near future, it will be rare to see a child at school without his handheld computer taking class notes. Handheld (and wearable) devices of every imagination will be everywhere, and so too will be malicious programs. More than a dozen MMC programs exist for PDAs already, enough so that many antivirus vendors have already released PDA-scanning software. Cell phones and PDAs are beginning to merge. Japan's largest Internet-enabled cell phone network, i-mode , has already been attacked by MMC. Smart pagers , embedded devices, and wearable computers aren't far from being exploited. All computer chip devices are becoming Internet-enabled and programmable, and contain electronic address books, and the ability to send short messages or emails -- everything a virus or worm needs to spread.

Almost all the security development around these devices is concerned with encrypting wireless communications against eavesdropping. There is little consideration given to preventing worms and viruses. Device manufacturers are concerned with getting their latest technology out in the marketplace quickly. Security slows down development and raises costs. Most manufacturers will not give MMC any thought until after the first few attacks. By then, much of the underlying protocols will be in place, and it will be difficult to easily stop malicious code attacks.

15.1.3.4 Appliance computing

As has been promised for decades, computers are starting to be installed everywhere. Central processing units can be found in cars , microwaves , refrigerators, climate control systems, and just about any other home appliance.

15.1.3.5 Government monitoring

If you didn't already know it, the government is capable of monitoring every email you send. In recently publicized cases, it was revealed that the FBI's Carnivore data scanning system is installed at many major ISPs. It purportedly can scan millions of email messages every second, looking for particular email addresses or text keywords. And the FBI isn't even the best government agency at information monitoring. That's the National Security Agency 's (NSA) job. While it monitors messaging of all types between the United States and foreign countries , and has the world's most sophisticated computers, you will not hear the NSA's surveillance technology being publicized. Most security experts believe the NSA to have the capability of capturing all electronic information sent in this country, including cell phones, faxes, email, and the Internet.