Future threat: A virus in the fridge?

Wednesday, June 14th 2000, 12:00 am
By: News On 6

Talk about an airborne virus.

Last week, computer security experts detected a new e-mail virus that tried to attack a wireless phone system in Spain by barraging users with text messages. Telefonica SA reported that it received no complaints from customers, at least in part because the infection apparently was caught early.

But the news was more significant for what it demonstrated to the public about the nature of viruses. It turns out they don't spread exclusively in the realm of personal computers.

"As mobile devices become more technically enabled, they also become more vulnerable," said Dr. Leon Kappelman, director of the Information Systems Research Center at the University of North Texas in Denton. Although cell phones generally aren't capable of receiving file attachments, including those with viruses, it's probably just a matter of time before they will, he said.

What's more, according to security experts, the virus threat could extend way beyond cell phones. The technology industry is intent on bringing us all manner of Internet-enabled devices, including kitchen appliances and automobile systems. Could mischievous kids in Manila wreak havoc on the intelligent refrigerators of the future? Could they mess with the next-generation navigation system in your car, or worse?

"Drop that cell phone, grab the freeze-dried veggies and head for your fallout shelter now," joked Dr. Kappelman, who as a leading authority on the year 2000 problem became known in the technology industry for making his share of dire predictions.

Seriously, though, security experts say there's no such thing as a connected computing device that is completely virus-proof, though they can be designed to be very resistant.

The good news is there's still time to reduce the vulnerabilities of Web-linked appliances, because most of the products aren't on the market yet. Most of the attention on Internet-enabled appliances – such as the refrigerator that tracks food use and orders replacement groceries online – has come from demonstrations of prototypes at trade shows.

Symantec Corp. of Cupertino, Calif., which makes software related to Internet security, has been working with companies that plan to make different kinds of Web appliances.

Not surprisingly, the main message from the security people is that closed networks are inherently safer than open ones, that there's always a tradeoff between security and flexibility.

A refrigerator that could run thousands of cooking-related programs that sort through different kinds of recipes might be more desirable to a customer, but it also could prove more vulnerable to viruses, said Carey Nachenberg, chief researcher at the Symantec Antivirus Research Center. If manufacturers keep a tight lid on the products, the likelihood of a security threat is lower, he said.

"One of the things we're hoping is that the devices will be managed by a service organization, like the manufacturer," Mr. Nachenberg said.

Symantec has been preparing for a post-PC world. Last week, the company said it developed prototype anti-virus technology for the Palm operating system, used in popular hand-held organizers. Though there are no known virus threats targeting hand-held devices, the company said, the Palm OS is susceptible because it runs a wide variety of programs.

Generally, everyone says it's important to draw from the experience with PCs and not repeat the same mistakes.

"I think we've learned our lesson at this point," said Jan Sundgren, an analyst specializing in security and encryption at Giga Information Group of Cambridge, Mass. "Security should be more of a priority than it was with PCs. More security should be built in."

Dr. Kappelman said the main solution is to pay more attention to the quality and simplicity of software as well as security. "Sadly, they are mostly afterthoughts in these faster and cheaper times we find ourselves in," he said. "Until customers demand more, they will continue to get the same old stuff."

Meanwhile, he added, the virus writers are only getting better at what they do.

For his part, Dr. Andrew Whinston, director of the Center for Research in Electronic Commerce at the University of Texas at Austin, said he is more concerned about the types of security problems that are already occurring.

He predicted that the kind of denial-of-service attacks that in February hit leading Web sites including Yahoo Inc., Buy.com Inc., eBay Inc., Amazon.com Inc. and CNN.com are likely to be repeated. "It will reappear and could ruin major electronic-commerce companies," he predicted.

Technology editor Alan Goldstein writes about the Internet and electronic commerce for The Dallas Morning News. His e-mail address is agoldstein@dallasnews.com.