Different judicial, educational and technical methods are used to protect computers from malicious programs and computer fraud.
All of the countries that can be considered as having joined the digital revolution have passed laws that forbid the writing and distribution of viruses and other types of malicious program. Very often cybercriminals are not directly charged with ‘digital crime’, but with offences that specifically relate to the cybercriminal’s misuse of digital technology, for example, fraud, blackmail, or unauthorized access to confidential data, etc. This is normal legal practice. In 2004-2006, several hundred people worldwide were arrested for crimes committed using digital technology. However such crime is very difficult to investigate as it is committed by highly qualified professionals. In addition, the majority of attacks go unnoticed by the authorities because they are not very significant. In other words, legal retribution will only ever reduce the level of computer crime, it will never eradicate it.
The second method for protecting users from malware is through education. Informing them of the necessity to adhere to strict rules of behavior whilst engaged in activities on the Internet. There are three main rules which both home and corporate users must follow:
The risk of infection can also be reduced through what are termed ‘organizational measures’. This usually involves giving each user, whether on a home or corporate network, individual rights regarding what they can see and do whilst using the computer. For example:
Unfortunately, where a user’s intentions are honorable, such restrictions can sometimes negatively impact the company’s business processes. In this situation both sides must seek a balance and in each case this balance may be different.
The story of the clones of the LoveLetter worm serves to illustrate how fraudulent attacks can be successfully defeated. Immediately after the initial worm epidemic struck, almost every antivirus company issued guidelines for the user on how to protect themselves from this type of worm. In this case, that involved not opening any attachments with a VBS extension as this was how the worm was distributed. As a result of the industry’s timely advice, none of the worm’s numerous clones were able to wreak the same sort of havoc as that caused by the original LoveLetter worm.
However, sometimes information about the potential for a new virus to do damage is grossly over-exaggerated. Quite often, simple worms hidden inside emails purporting to be about the latest hot topic, for example, a football championship or natural disaster, are presented as the next big thing by some antivirus companies. Subsequently, if there is nothing else around to consume the media’s interest, they may well seize upon the story and blow it out of all proportion too. What happened at the end of 1999 is an illustration of such an event. Unknown hackers announced that they intended to launch one hundred thousand new viruses on New Year’s Eve. Antivirus companies and industry experts had differing opinions on the situation, with some of them helping to feed the rumor mill, whilst others tried to reassure users that rumors of the impending digital catastrophe were baseless. The latter group were eventually proven to be correct.
In short, the three rules of “computer hygiene” are: