The Art of War
Have we learned anything from the lessons of the past?
Wednesday, July 06, 2005
BY : Brian Ashe
The other night my wife and I sat down to watch the adaptation of the battle for Troy from Homer's epic The Illiad. The story is legendary (as they point out frequently in the film) around the world. I'm sure that at one time you have had the chance to hear this tale. Of course the most notable part was the use of "The Trojan Horse".
Just as a reminder, the Greeks sent off a thousand ships to conquer the city of Troy after the Trojan Prince Paris had taken Helen from the Spartan King Menelaus. All of the Greek kings were avowed to avenge any insult to Helen, so they assembled this huge fleet to do the job. Troy was a marvelous city with tremendous and basically impassable walls surrounding it. The Greek forces fought for ten years to penetrate and sack Troy to no avail. Finally, they devised the trick of building a giant wooden horse that would be left hollow so that soldiers could hide inside of it. It was then left on the beaches near Troy and the fleet went off to hide nearby. A Greek soldier stayed behind and informed the Trojans that it was an offering to the gods by the Greeks and they had built it so large to prevent the Trojans from bringing it into their city. Determined to outwit the Greeks, the Trojans had torn down part of their walls and brought the great horse into Troy followed by wild celebration of their victory. That night, the Greek soldiers came out of the horse, opened the gates and signaled the rest of the Greek forces to return. This resulted in the absolute destruction of Troy.
The question now is not why I'm relating a 3000 year old story to you, or what it has to do with modern day computer security. The question is, "Have we learned anything from this ancient tale?""
Unfortunately, for many of us, the answer is no.
The reason I want you to think about the venerable old tale is because it has everything to do with the single largest problem facing computer users today. The technique used to penetrate the majority of computers and to spread viruses is called Social Engineering. It is based on the fact that human beings are prone to considerably poor judgment when faced with specific stimuli. This tale is perhaps the oldest example of Social Engineering at work. Yet, here we are all these years later and we still have not conquered this flaw in our design.
It does not matter how great your defenses are if you invite your enemy into your city. It doesn't matter how great your firewall, anti-virus or anti-spyware are if you bypass them to get something you think is a wonderful wooden horse installed on your computer. You are your number one best defense against the threats of identity theft, computer intrusion, spam, etc. You need to stay alert and beware of those who come bearing gifts.
You need to stop and think about what it is you are about to do every time something presents itself to you. Just because something was OK to do once, does not mean it will always be that way. Don't open the joke you got from Bob in your inbox; the screensaver is really not that great for adware it installs without your knowledge; the mp3s of the as yet unreleased new pop sensation are not worth the viruses or key-loggers they may contain. You need to be more cynical of the "Free" things you can obtain from various sources on the Internet.
You should also leave that big horse out there on the beach.
|
