To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://comment.silicon.com/0,39024711,11024116,00.htm

Strangling the virus; the big number change, and big banker gains.
Robin Bloor and his team this week look at DERA's work to squash virus attacks, the consequences of mobile phone number changes and how the investment banks gained from their dot-com ventures.

By Bloor Research

Published: Monday 30 April 2001

In an attempt to minimise the problems caused by global email viruses, DERA - the UK Defence Evaluation and Research Agency - has come up with a simple but effective approach to combating these attacks. It has developed new anti-virus software that stops the spread of the virus rather than avoiding infection in the first place.

The initiative came about as a response within the MoD to attacks from Melissa, the Love Bug and the Anna Kournikova viruses over the last year.

Estimates for the costs of downtime and the clean up following virus attacks have been put in the billions of dollars. However, the real thinking behind this must be the potential for adversaries who attempt to bring military systems to their knees during times of conflict. DERA's approach is perhaps the most simple imaginable - to request confirmation from a user before sending email messages. This has the very obvious effect of showing up viruses that are propagated by sending themselves to every entry in an address book.

It sounds very simple, but this capability is just a part of the security offering about to be released. The software package is known as ::Mail and is a part of a broader security solution called SyBard::SuiteTM.

The ::Mail software comes in three forms. The Lightweight version simply intercepts outgoing messages and asks the user to confirm the transmission. Then there is the Professional version that adopts a 'trusted-path' approach. This ensures that only emails that come through a valid channel are actually transmitted. In practice this requires a user to key in the message or to submit it via a mouse control.

This version will also check the contents of messages to avoid sensitive or inappropriate information being passed on. Finally, there is a highly secure version that cross-checks outbound emails at the firewall against submissions from trusted channels. This stops spoof emails getting through the checks because it must be matched against a message that has been sent from the named source.

This is a rather obvious but very important development in the war against unwanted viruses. It adds a belt to the braces that already exist so that organisations that find it difficult to keep up with traditional anti-virus protection can, at least, take steps to ensure that email viruses do not get beyond the initial infection. There's money to be made from this if DERA has the good sense to market its ideas. Let's hope that, somehow, this UK-developed concept gets out of government circles and onto the market quickly so that everybody will benefit from it.

In the mists of time when mobile communications were young, cell phones were issued with numbers beginning with a variety of digits basically dependent on the telephone company used. These numbers started with a wide variety of digits including 03xx, 04xx, 05xx, 08xx and 09xx and now all of these must be converted to an 07xxx format. For some time now the numbers of all new mobile telephones issued have begun with the digits "07".

This is part of a long running plan that Oftel has had in place to allow anybody to be able to work out the type of call that they make from the first few digits. For example, "00xxxxxxxxx" indicates an international call, "08xxxxxxx" specifies a call to free phone or special rate services and "09xxxxxxx" means that a call to a premium rate number (TV show, Sex, Chat) is being made. The "07" prefix specifies that a call to a mobile phone, pager or "personal" number is being made.

This is all very logical but there has been very little effective action on the part of either Oftel or the telephone companies to publicise that after Saturday 28 April 2001, only the new 07 format will be accepted. Anyone attempting to dial a mobile with an old number will be met with a recorded message telling them of the error.

Should you attempt to SMS anybody using one of the non "07" numbers the situation is even worse as no failure message will be sent to the originator. The message will just disappear into the ether, not unlike an Oftel promise.

The mobile phone industry is sufficiently mature now for there to be many hundreds of millions of numbers stored on both mobiles themselves and in other equipment, including Internet news services (that publish updates to mobiles via SMS such as share updates), alarm systems and switchboards. All of these stored numbers need to be updated before the weekend.

Full details on the number changes can be found at www.numberchange.org or by calling 0808 2242000. At least one vendor, mobile phone company Carphone Warehouse, is offering a service where they will automatically update every number on your SIM card. They will even store the numbers as backup should you so desire. This is a good example of a retailer offering a valuable service.

We can only hope that this will be the last major change in numbers for some time, but the authorities are providing no guarantees. Telephone usage continues to escalate daily and the demand for numbers is growing steadily.

How long will it be before the next big number change comes along? These changes take time, a lot of time, and cost money. A long period of number stability will be very welcome, but it is unlikely to happen. In any event it is the duty of the authorities to give these events a much higher profile than the current situation has received. Come on Oftel and phone companies next time you must do better than this.

Recently published research from Thomson Financial shows in total 127 doomed dot-com companies were floated on the US market between 1998 and 2000, earning nearly $620m (£420m) in fees for the investment banks that fronted the IPOs.

On this side of the Atlantic, the Times last week claimed London's biggest banks earned £1bn raising money for companies that similarly left investors out of pocket, this time to the tune of £11bn. An anonymous executive quoted in an article in the Times said: "It was all about people getting over-excited and jumping on a bandwagon. I don't feel sorry for the investors, they should have done their research."

Unfortunately the research such investors acted upon was usually provided by the investment banks fronting the stock. It's easy to get wise after the event. It has to be said, however, that lost money is lost money and has the same consequences for the investor whether the scam was officially sanctioned or not. Those fleeced from hard won savings are unlikely to be comforted by the mechanics of how it was dealt out underneath the desk.