Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security Government Politics

UK Government Launches Virus Alert Service 166

Phil1 writes "The BBC is reporting that a rapid alerting service that tells home computer users about serious internet security problems is being launched by the UK government. Has this been attempted anywhere else in the world? Was it successful? And will they be plugging the Microsoft Anti-Spyware package (once it leaves beta)?"
This discussion has been archived. No new comments can be posted.

UK Government Launches Virus Alert Service

Comments Filter:
  • Anti-Virus package? (Score:5, Informative)

    by DaHat ( 247651 ) on Thursday February 24, 2005 @08:39AM (#11765560)
    You linked to the Anti-Spyware app... and mentioned the AV app... have they already released a beta of the AV? I know it's been purchased and in the process of rebranding... but come on!
    • Government money should promote actual computer security and increase public awareness. This announcement looks like it's just government funding for another MS media circus.

      Plus the advice summary is bullshit:

      Install anti-virus software
      That's corrective action. How about prevenaitive action like pointing out secure products and warning the public to avoid defective ones? An ounce of prevention is worth a pound of cure.

      Keep your anti-virus software up to date
      You can't patch fast enough. That i

      • In a perfect world, we'd run perfect software. We're not in a perfect world, and most of it uses MS software, so lets patch the holes with the tools we're given. If everyone on the road drives a ford, and fords have X mechanical problem, do you tell people how to fix the problem, or do you tell them to buy a toyota? I mean, be reasonable. maybe NEXT time they'll buy a toyota, but for now, they've GOT a ford.
        • I agree that there is an imperfect world, but your analogy is out a little. Parent is suggesting that solutions to these problems should include changes of software. Yes all can't swtich to Linux maybe, but advise about more secure e-mail clients such as thunderbird is good advise. Not too mention, than unlike their car, they can get their new software now at no cost. That's good news.

          The main reason/problem that it is an "MS World" is that people don't know there are other things and why they should
        • In a perfect world, we'd run perfect software. We're not in a perfect world, and most of it uses MS software, so lets patch the holes with the tools we're given. If everyone on the road drives a ford, and fords have X mechanical problem, do you tell people how to fix the problem, or do you tell them to buy a toyota? I mean, be reasonable. maybe NEXT time they'll buy a toyota, but for now, they've GOT a ford.

          Information about better options is a prequisite for making an informed decision NEXT time. Micro

        • I have an idea. Why don't we take something that's nontrivial for businesses to do and see if the *government* fares any better.

          Ha! Ha! Ha!

  • by GoMMiX ( 748510 ) on Thursday February 24, 2005 @08:40AM (#11765565)
    UK security alert service hacked, all your personal info are belong to us!

    *signs up*
  • by MrRTFM ( 740877 ) * on Thursday February 24, 2005 @08:40AM (#11765572) Journal
    Only problem with email or TXT alerts is that the sender is easily forged.

    Hi, this is your government alert - please download the latest patch from http://www.alerts.gov.uk [goatse.cx]

    The problem is that (apart from Slashdot users of course) that the hyperlinks are hidden, so any spammer can forge these messages to catch the unwary.

    That alone would bring this thing down - it would only take a few lords or half a dozen grandmas to see goatse (or worse - gator spyware) to cause a public lack of confidence in the entire government program.
  • by gowen ( 141411 ) <gwowen@gmail.com> on Thursday February 24, 2005 @08:40AM (#11765574) Homepage Journal
    When will we expect the first Trojan masquerading as an update from the "IT Safe" service. The over/under is about 6 hours after the service goes live.
    • From the article:

      However no software patches or programs will actually be dispensed through the site. The alerts will tell people how to go about getting hold of patches from security firms.

      That is not to say phishing-like attacks could not be used with false anti-virus domains etc though I guess...

    • When will we expect the first Trojan masquerading as an update from the "IT Safe" service?

      They've thought of that. When you sign up, you enter a 'safe word' which will they will put in the subject line of every email they send you.

      So a convincing spoof would require access to their database.
      • They've thought of that. When you sign up, you enter a 'safe word' which will they will put in the subject line of every email they send you.

        They don't put it in the subject of the Welcome email they send you...

      • So a convincing spoof would require access to their database.

        A convincing spoof to knowledgable users, yes. However, since the public at large is already fooled by VIRES ALRET!!1 emails, I don't see how this will really work.
    • They try to somewhat mitigate this by asking you for a secret word when you sign-up. They include this word in each alert's subject line, so if you get a mail from them not including the word (such as, for example, the mail thanking you for signing up ;-) then you know it's a fake.
  • by jwcorder ( 776512 ) on Thursday February 24, 2005 @08:41AM (#11765584)
    This does not make sense. Almost all anti-virus vendors offer this same alert. All you have to do is go to their website and signup. I know because I get 3-5 of them a day in my inbox. Why the government would want to waste taxpayer dollars on this is beyond me. Of course, I have no reason to talk because I don't live in the UK.

    But when going on the US's past programs like this, any time you get the government involved, things tend to get out of hand.

    I just don't understand the need especially when symantec will do this for free.

    • UK taxpayers don't pay dollars.
    • you have to do is go to their website and signup. I know because I get 3-5 of them a day in my inbox

      remember that 75% of the people on the internet only vaguely know what a firewall or AV program does, let alone know to google their way to a companies website so they could sign up to be made aware of a virus alert when they know nothing about what a virus really is or what they would do about it.

      If this system adds even a little bit to the education and awareness of the problems faced when you have a

      • remember that 75% of the people on the internet only vaguely know what a firewall or AV program does

        Yeah - and this website won't help them learn. It's am absolute joke - it looks like some schoolkid's homework project. I'm a Brit and I'm ashamed. And annoyed at the waste of money.

    • by beset ( 745752 )
      We're used to wasting our POUNDS on failed IT ventures. If you've been following the recent upgrade of the NHS (national health service) ITC systems you'll know the government IT projects work something like: 1) Get overpaid consultancy firm to suggest "great idea" 2) Insert Tax Money 3) ??? 4) Insert More Tax Money 5) ??? 6) Abandon project at a massive loss. We're Brits remember, we'll just take it on the chin and have a game of tennis to vent....
    • by Anonymous Coward
      Why the government would want to waste taxpayer dollars on this is beyond me. Of course, I have no reason to talk because I don't live in the UK.

      That's OK, we didn't expect you to know that we use the Pound over here...
    • I read the comments so not to be redundant:

      s/dollars/shrapnel

      Otherwise I agree, why waste my taxes on a redundant service.

      Why not force BBC to have EDUCATIONAL programs on computer security for mr and mrs everyday.
    • by gowen ( 141411 ) <gwowen@gmail.com> on Thursday February 24, 2005 @09:10AM (#11765836) Homepage Journal
      Almost all anti-virus vendors offer this same alert.
      And in 19th century New York, there were any number of competitive Fire Companies you could call if you wanted a blaze extinguished. And yet somehow, it was decided that people with a commercial interest in selling you stuff were not the people you wanted to call for an emergency.

      Governments are flawed, but AV companies have a vested interest in selling you things you don't want.
  • by jessecurry ( 820286 ) <jesse@jessecurry.net> on Thursday February 24, 2005 @08:44AM (#11765611) Homepage Journal
    I have to say that I am very happy with the antispyware package that they have released. It consistently finds more spyware on my girlfriend's PC than any other program I have tried.
    Products such as this, and released for free, start to wash away Microsoft's evil image
    • That's because Microsoft didn't make it.
    • by Anonymous Coward
      Yes, the giant engine works well...clearly MS wins of they get /.'ers thinking it's an MS product. "Let's buy something for a few million with a fraction of a percent of our billions, rebrand it as ours, give it away to the people who only have spyware because our software permits these drive-by installs...and hell, we should be able to write off the whole purchase PLUS get people thinking we're nice guys!"
    • by geordie_loz ( 624942 ) on Thursday February 24, 2005 @09:00AM (#11765763) Homepage
      actually products like this demonstrate Microsofts development process:

      1. Build Software
      2. Release too early with massive hype
      3. Product flaws exposed
      4. Some company build solution to those flaws
      5. Microsoft buy those companies
      6. Microsoft Software is stapled together with that solution.
      7. two solutions together have more flaws
      8. go to 4 and repeat process.

      There should probably be a:
      9. ???
      10. Profit
      In there too.

      That's pretty much where we're at now. This is all about fixing a problem they created in the first place, and it's more like treating the symptoms not the cause.
    • Of course ti's good. IE was good when it exited beta (arround version 3), compared with Netscape which started to die at the same time. Once netscape went bust, development stopped.

      Same thing will happen once AdAware and Spybot vanish into obscurity.
  • by bigtallmofo ( 695287 ) on Thursday February 24, 2005 @08:45AM (#11765618)
    They could come up with a color-coded "Virus Threat Advisory System". Just off the top of my head, they could use something like:

    Low = Green
    Guarded = Blue
    Elevated = Yellow
    High = Orange
    Severe = Red

    Who the hell knows what users should do at each of these levels, but at least they'd be using techniques that have been used in other successful alert systems [whitehouse.gov].

    • As I understand it, here's how the color-coding works in the systems you're link mentioned:

      Green - that's the status when everyone is asleep.

      Blue - I'm not quite clear on this, but I think it has something to do with KMart.

      Yellow - the normal state.

      Orange - it bumps to orange when the DHS eats at Taco Bell

      Red - the highest alert. It means planes are crashing into building, bombs are dropping, and shopping malls are blowing up. The proper course of action here is to run around in a circle screaming.
  • Who will it be ? (Score:1, Redundant)

    by CmdrGravy ( 645153 )
    Who will be the first person to spoof these alerts then I wonder ?

  • by Anonymous Coward on Thursday February 24, 2005 @08:46AM (#11765631)
    The Dutch Government CSIRT [security.nl] is doing this for two years [overheid.nl] already. So you can chill out to a cool Legowelt CD [phear.nl] and get warned when there's a new threat.
  • Unprecedented (Score:2, Interesting)

    by Albio ( 854216 )
    Alerts will not be issued unless users can do something to protect themselves against the threat. This might include downloading an update from an anti-virus vendor or updating software to close loopholes and fix vulnerabilities. This could also include something as simple as "don't go to X domain because it hijacks your ICQ"...
    • They will alert you if theres something that can be done, but if there is a problem with no fix you won't find out about it? I would rather know of the problem even if there is no fix so you can at least try to avoid it...
  • by Folmer ( 827037 ) * on Thursday February 24, 2005 @08:47AM (#11765639)
    On the site: http://www.itsafe.gov.uk/ [itsafe.gov.uk] theres no check to see if you are an UK citizen.. Also theres no mention of it being for UK'ers only on the site or in the press release...
    Although i migth just use the service from DK-cert or some anti virus company..
    • It's Crown Copyright, meaning material "may be reproduced free of charge in any format or medium provided it is reproduced accurately and not used in a misleading context[...]the source of the material must be identified and the copyright status acknowledged.". Which basically means, anyone is entitled to view information.
  • One hopes the government is better at computer viruses than their attempts on humans.
  • by Anonymous Coward on Thursday February 24, 2005 @08:47AM (#11765649)
    for the las 3 years. At Alerta Antivirus [alertaantivirus.es]
  • by Spackler ( 223562 ) on Thursday February 24, 2005 @08:48AM (#11765653) Journal
    If the day of the week has a Y in it, Microsoft had a security problem today.

    I just saved the government (pinky to corner of mouth) 1 Billllion dollars!

  • by wimbor ( 302967 ) on Thursday February 24, 2005 @08:50AM (#11765670)
    Since a few years the Belgian regulatory body for postal services and telecommunication (BIPT), has a special unit that tracks and warns for (possible) virus attacks.

    Sometimes you get a warning of the BIPT in the radio news or during the traffic information announcements.

    http://www.bipt.be/bipt_E.htm

    I do not know how they work or how they are structured, and if it helps at all, but the UK is not the first country to do this...
    • by Anonymous Coward
      Indeed the BIPT does this, but almost nobody takes them serious (I know I don't) because they have been known to both miss major worms/viruses, or at least be very slow (like blaster for instance) and to report hoaxes as real viruses.
  • by CdXiminez ( 807199 ) on Thursday February 24, 2005 @08:50AM (#11765673)
    Now that the UK is going to spend tax payer's money to prevent problems caused by poor design by private companies, are they going to put extra tax on the purchase of vulnerable products and licenses (mostly Windows)?

    I wouldn't want my tax money being spend on plugging the holes in software I don't use.
    • True, and I agree to a certain extent, but lets face facts - there are a huge number of small/medium size businesses running MS Windows with little or no in-house IT-skills who would be seriously affected by virus outbreaks. The government knows large outbreaks hurt the economy, and are taking steps to reduce the effect.

      You might argue that businesses would have learned their lessons after Code Red, Blaster, etc, but it just isn't a priority. A sad state of affairs really.
  • The topic asks if this has been attempted anywhere else.

    Well, there is the Computer Emergency Response Team at Carnegie Mellon University, and I like their approach.

    I mean, one way they respond to threats is to contact anti-virus manufacturers. From there, it's a short step patches available via subscription.

    You get the deep pockets of government to maintain the watch, and the rapid response of industry when a threat's been isolated. I like that division of labor.
  • If you read the full article it says at the end that
    The National Alerting Service for the Netherlands (aka De Waarschuwingsdienst) and the US National Cyber Alerting Service also tell citizens of serious security threats.
  • by dj42 ( 765300 ) * on Thursday February 24, 2005 @08:52AM (#11765688) Journal
    Is to not be so stupid. People are always falling for these basic traps, like clicking "YES" to browser-based software installs, opening attachments like "Imamoron-funnystuff.exe" from their friends. It's like some people just completely lack a filter that allows you to prevent 99% of viruses just by not running or clicking things they don't need to.

    I think it's largely in part to the Windows interface which plays down the "significance" of running and having running programs and software while on a network (the Internet, mostly).

    I haven't had a single virus on my home machine since 1996, and I think I self-infected when I was trying to figure out how it worked.

    And I NEVER use a real time virus scanner. I check my Windows computer when it behaves strangely, I see new processes, event viewer notices, etc. The fact is, even if you keep your virus-scanner (real time) up to date, all you're doing is *potentially* reducing the "reaction" time to the frequency of updates released by your particular vendor. Whereas with my method, I'm up to date on virus news, as well as the usual effects of them, and find solutions on an as-needed basis should I EVER become infected by one.

    So. Yeah.
    • by Anonymous Coward
      Usual plug for free AVG [grisoft.com]. There's no excuse not to have a virus checker, no matter how clued you think you are.
    • Ditto here. I have not used an AV program in at least 6 years, not 1 virus. Have Broadband use a hardware router and I also run ZoneAlarm Pro. I use Opera as my browser and have done so since 2000. I also have used Eudora or Opera's M2 for my email.

      My wife has had a few (2-3) in this same time period but she is not as careful as me and uses IE exclusively.

      IMO 99% of viruses and spyware can be avoided by user behavior and NOT using IE and Outlook.

      NOTE: I use Trend Micro's Housecall to check my PC for

  • Hey, why not (Score:3, Insightful)

    by Badgerman ( 19207 ) on Thursday February 24, 2005 @08:52AM (#11765690)
    Snarky comments and Microsoft jokes aside (not that I don't like either), this makes perfect sense, at least on an abstract level.

    Weather alerts, pollution alerts, traffic alerts, tornado warnings - all those are ways to reduce damage, save lives, and make life run smoother in the face of of problems. In the internet age, viruses and such fall into a similar category, so this makes perfect sense to me.

    Also, this just increases people's awareness of inernet issues. A few years of watching virus alerts fly all over the place may make people more careful, more picky - and more demanding on certain software vendors.

    Now where I WILL bet a bit cynical is if this is A) done right and B) can be done right elsewhere. I'm sure it can be done right, but the "if" is anoter question.

    Still, hey, go for it UK Government.

    • Weather alerts, pollution alerts, traffic alerts, tornado warnings - all those are ways to reduce damage, save lives, and make life run smoother in the face of of problems. In the internet age, viruses and such fall into a similar category, so this makes perfect sense to me.

      Natural disasters aren't a result of shoddy product design. There's nothing you can do to prevent tornados and nothing you can do to stop them, so you have warning systems in place.

      If there's a hairdryer that needs a recall despite
      • You won't find me arguing, but the alert system also has the advantage of informing people.

        And after the twentieth alert on IE from an "official" source people may start thinking outside of the Redmond Box.
  • So. Do you think that this might just spawn a remarkable number of virus or spyware alerts from individuals looking for a good time? If people can successfully phish, just think of the fun that they will have scaring people about threats real or imagined.

    While a good idea in principle, the reality could end up downright ridiculous- just how many of those e-mail alerts are going to cross the ocean?
  • "The government expects to issue between six and 10 alerts a year"

    Are they on Planet Earth? Between 6-10 alerts per year? I think they meant to say 6-10 alerts per week.
  • by badfish99 ( 826052 ) on Thursday February 24, 2005 @09:00AM (#11765764)
    There's no useful information on the site, but the front page features a press release and several big pictures of a government minister.

    There's an election coming up, so it looks to me like another useless publicity stunt. I'm sure the web site will be left to wither once it's been reported in all the newspapers that the government is keeping us safe from "cyber-terrorism".

  • by Scratch-O-Matic ( 245992 ) on Thursday February 24, 2005 @09:07AM (#11765808)
    Why, just last night I got a bunch of helpful popup windows alerting me that "we have detected that your computer may be infected with spyware or a virus." There was also a button that I could click to download software that would fix it. Sounds like we're way ahead of the game, so chew on that for a while, U.K.!
  • MS Anti Virus? (Score:3, Insightful)

    by Barny ( 103770 ) on Thursday February 24, 2005 @09:08AM (#11765812) Journal
    Heard they are considering not releaseing it.

    If they charge money for it, their makeing the industry rely on their buggy software, and then instead of fixing the software sell you "protection", sound familiar?

    If they give it away, will be seen as anti competitive with all the very big business anti virus software manufacturers out there.
  • The site I'm referring to: http://www.bipt.be/ [www.bipt.be] They generate virus alerts by mail. I have a subscription. I only get three our four times a year a mail, warning some old virus. Better depend upon automatic updates of antivirus packages. Prefferably use antivirus packages of different vendors.
  • If that site is the best my government can come up with, I may have to slap each and every Labour MP with a large trout. I may just do that anyway.

    Anyhow, their HOWTO on running Windows XP's automatic updates tells people to use the "custom" option. You know, the one labelled "(Advanced)" i.e. not the one their target audience want. How in the hell are the sort of people who would use that site know what patches to apply and what ones not to? It's like that site was knocked up in an afternoon by a drun
    • Yeah, and you can bet it was done by a 3rd party "expert" contractor.

      And didn't cost much*

      *this is not true.

    • You're telling me! Shoddy web code for a start!

      One of my pet hates (as a freelance web developer, diehard on web standards and doing things properly) is people who pretend to use XHTML, but don't actually fucking USE XHTML!

      This site is written oldskool style, with a table based layout done in XHTML - completely missing the point of using XHTML to do semantic layout and CSS for visual arrangement. OK, they've used CSS, but it's to style their already laid-out-in-a-table content.

      Furthermore, the site

  • worms, adware, spyware, malware, adn a frenzy of activity. Talk about these things effecting "computers". Bullshit.

    I am dead serious whaen I say that from now on I am going to call all of the above by one name:

    dontuserfuckingwindowsyoufoolware
  • by evilandi ( 2800 ) <andrew@aoakley.com> on Thursday February 24, 2005 @09:24AM (#11765932) Homepage
    The UK scheme appears to be based around emailing users about security problems.

    Because obviously, if you receive an email giving you security advice, its guaranteed to be up-to-date, accurate, authoratative and with excellent step-by-step instructions on how to +++ATH0 NO CARRIER


  • "The government estimates it will issue security alerts about six to 10 times a year"

    "Those signing up will only be told about the most serious security threats that have the potential to affect millions of people."

    This sounds like a particularly ineffectual and pointless exercise. This level of virus information could be picked up from doing nothing more than watching BBC news or reading their site during the year. Further, it makes you wonder if the whole project will be run by a single guy who's j
  • Now the scammers there's a official institute to send their fake alerts.
  • by mwood ( 25379 ) on Thursday February 24, 2005 @09:42AM (#11766073)
    You mean, like US-CERT?
  • How funny, my wife just gave me a cool postcard yesterday and on the back it said something about an anti-virus warning service provided by the Dutch government.

    Anyway, the website [waarschuwingsdienst.nl] looks pretty good, but it's been around since 2003 and i think it didn't really catch on. They offer email alerts, sms alerts etc.
  • When someone asks the government just what they are doing to prevent terrorism on the 6 O'clock news sometime, it's something else to pad out the answer.

    Completely useless and ineffective, but that's not really the point.

  • But (Score:3, Funny)

    by Nine Tenths of The W ( 829559 ) on Thursday February 24, 2005 @09:52AM (#11766168)
    Does it respond within 45 minutes?
  • Although nobody knows about it, Canada has a website that posts alerts [ocipep.gc.ca] for computer security issues. You can go there and look for yourself. I'm sure many other countries have services like this. Whether or not anybody knows about it, or uses the service is another story.
  • Windowsland:
    Today: Partly viral, chance of spyware in the evening. Run Windows Update and reboot.
    Tomorrow: Unpatched viral storm expected! Leave your Internet disconnected. Run Windows Update and... ah, nevermind

    Macland:
    Today: Not a virus in the sky. Security update and a chance of reboot. Nothing urgent however. Jobs doppler is picking up some activity on the west coast
    Tomorrow: Sunny interface, clear connections, low ping. Rumor flurries in the evening

Garbage In -- Gospel Out.

Working...