Everyone sought gold in security in 2004.
The average Internet attacker evolved from an online troublemaker to a calculating vandal, intent on profiting from compromising legions of PCs. Security companies merged to
better compete, and Microsoft
derailed its Longhorn plans to push
out a massive security update for its popular Windows desktop operating system.
Meanwhile, industry and the government formed working groups to decide
how to improve the security of the Internet and software without
ringing up a large bill for companies and consumers.
The year also highlighted that the largest flaw in PC security remains
the uneducated user. Phishing attacks, for example, jumped by 25 percent per month. A phishing scam typically uses mass e-mails to lure unwitting victims to fake Web sites, where they're asked to input information such as credit card numbers. While analysts debated the actual financial costs of the
attacks to consumers, well-known businesses suffered from increased
support costs and lost consumer confidence.
An attack that has become much more common uses links to attract people to malicious Web sites, which then attempt to compromise the victim's computer through one of the several flaws found in browser software this year. One attack used a compromised advertising service to send malicious banner ads to commercial Web sites, which caused some visitors to those
sites (among them, news site The Register) to become infected.
The government and industry pondered how to solve the Internet's
security problems, forming the National Cyber Security Partnership to
brainstorm strategies. Groups called for
a national alert system, better software quality, education for consumers, and more enterprise
security initiatives. For the most part, however, the government
has made little progress.
However, the Bush administration did boost funding for homeland security in 2004 to a whopping $85
billion, analysts said. Money well spent? Not necessarily, CNET
News.com found out while researching our Digital Agenda series on Homeland Security.
Many government watchers fear that a great deal of the money is wasted
on untested technologies--a problem that is hidden by blanket
classifications that shield the spending. Moreover, Internet security
has gotten short shrift in the U.S. Department of Homeland Security, a
situation that some believe led to the
third resignation in two years from the position of top cybersecurity official in the U.S. government.
While critics warned about the lax security in electronic voting systems, the machines
performed acceptably in the November presidential election. While a host
of glitches surfaced, none called into question the election results. Still, post-election analysis has underscored the need for meaningful auditing of
the vote, either by paper audit trail or by other means.