Year in review: Web of deception

Everyone sought gold in security in 2004.

The average Internet attacker evolved from an online troublemaker to a calculating vandal, intent on profiting from compromising legions of PCs. Security companies merged to better compete, and Microsoft derailed its Longhorn plans to push out a massive security update for its popular Windows desktop operating system.

Meanwhile, industry and the government formed working groups to decide how to improve the security of the Internet and software without ringing up a large bill for companies and consumers.

The year also highlighted that the largest flaw in PC security remains the uneducated user. Phishing attacks, for example, jumped by 25 percent per month. A phishing scam typically uses mass e-mails to lure unwitting victims to fake Web sites, where they're asked to input information such as credit card numbers. While analysts debated the actual financial costs of the attacks to consumers, well-known businesses suffered from increased support costs and lost consumer confidence.

An attack that has become much more common uses links to attract people to malicious Web sites, which then attempt to compromise the victim's computer through one of the several flaws found in browser software this year. One attack used a compromised advertising service to send malicious banner ads to commercial Web sites, which caused some visitors to those sites (among them, news site The Register) to become infected.

The government and industry pondered how to solve the Internet's security problems, forming the National Cyber Security Partnership to brainstorm strategies. Groups called for a national alert system, better software quality, education for consumers, and more enterprise security initiatives. For the most part, however, the government has made little progress.

However, the Bush administration did boost funding for homeland security in 2004 to a whopping $85 billion, analysts said. Money well spent? Not necessarily, CNET News.com found out while researching our Digital Agenda series on Homeland Security. Many government watchers fear that a great deal of the money is wasted on untested technologies--a problem that is hidden by blanket classifications that shield the spending. Moreover, Internet security has gotten short shrift in the U.S. Department of Homeland Security, a situation that some believe led to the third resignation in two years from the position of top cybersecurity official in the U.S. government.

While critics warned about the lax security in electronic voting systems, the machines performed acceptably in the November presidential election. While a host of glitches surfaced, none called into question the election results. Still, post-election analysis has underscored the need for meaningful auditing of the vote, either by paper audit trail or by other means.

--Robert Lemos