The United States Air Force may be able to defend the country against airborne attacks, but when it comes to perceived enemies lurking on the Internet, it would rather be safe than sorry.
While Netizens happily download all sorts of programs that allow data to be pushed and pulled onto and off their computers, the Air Force quietly has instructed personnel to hold off from installing these programs until officials can thoroughly check them out and make sure they are safe. It is another example of the hesitancy of some to adopt the much-touted technology.
Air Force officials are expected to finish their evaluations next month of whether to give the thumbs up or thumbs down for numerous programs, including push and pull products by PointCast, Microsoft, Netscape, and BackWeb, among others, said Air Force spokesman Major Ed Worley.
"Effective immediately, all commercially available auto push-pull data gathering applications...are to be disabled from all networks," states a memo originally sent to Air Force personnel in October. "Currently, these technologies introduce security risks and impact data throughput on our networks that cannot be tolerated."
Companies mentioned in the memo defended their security practices and added that they understood the Air Force's cautious approach.
In fact, PointCast executives already have discussed the matters with Air Force officials, said Max Mancini, PointCast's product line manger for corporate products.
The Air Force's greatest concern with that company's product was not security, but bandwidth: the Air Force wanted to make sure PointCast and the other applications don't take up too much server space.
Mancini said PointCast executives assured the Air Force that their product could be configured so it does not take up too much bandwidth. They also stressed that "PointCast is absolutely secure."
Like others, PointCast assures customers that all material "pushed" onto a user's computer goes through a completely secure process, including scanning for viruses and "Trojan Horses," code that lurks in other programs and causes damage.
With both Netscape and Microsoft browsers, the push elements the Air Force is banning do not have to be installed.
The Air Force specifically bans Netscape Netcaster 4.0, the push component of Netscape Communicator, and Microsoft Internet Explorer 4.0, which contains a push element, according to the memo.
But even if users download Explorer, for example, there is no need to actually install the push component, noted Dave Fester, group product manager for IE. Like other push products, IE is completely configurable and controllable through products such as the Internet Explorer Administration Kit, he said.
Fester said he understands the Air Force's reticence. "They've said, 'Until we understand what we can and can't control, let's not do it.'"
But, he added, "Once they understand what they can control and they can have a control, they'll have a better idea."
Computer security experts added a tone of caution, however.
"This is an unsolvable problem," said Peter Neumann, a well-known computer security expert. "No way can you insure that any software that you install is free of security problems, and the expectation is that everything you get is going to have some flaws with it.
"The simple idea of downloading arbitrary software from somewhere else is intrinsically risky," he added.