EDMONTON — A new Internet worm that preys on a flaw in the Windows operating system infected thousands of computers across Canada Monday, causing users to panic and call in the experts.

The virus, which has been spreading around the world since Friday, resulted in a frenzy of calls to computer consultants from panicked PC users. Many were planning to work into the night to help weed out the bevy of glitches.

“Unless you have some sort of protection, like some firewall software, it can just worm its way into your computer,” said Kelly Shubert, director of technical services at CompuSmart in Edmonton.

“It doesn’t take very long if you’re unexposed on the Internet to get it. If you are literally vulnerable out on the ‘Net, you probably have it already,” he said.

The virus, dubbed the Sasser Worm, does not require users to click on an e-mail attachment to activate, meaning it spreads more quickly than other viruses. Once Sasser infects a computer, it automatically scans the Internet for other computers with the flaw and sends a copy of itself there.

While the damage the virus causes is low — it causes computers to continually crash and slows down without permanently damaging files — it spreads “wildly,” Schubert said, adding its cost will be measured in “down time.

“You will see whole offices send people home,” he said. “It’s a matter of really not a huge threat to the machines. Once we know about the virus it’s just a matter of removing it. It’s the cost of down time, which is the number one cost of [information technology].”

At Edmonton city hall about 50 employees were trying to get the city’s 250 central servers and 4,300 desktop PCs back in action.

“It’s a big pain in the neck,” said Stephen Gordon, the city’s director of IT operations. “We’re trying to stay calm but there’s a lot of people working very hard to fix this.”

City employees continued to work, but a lot of business was slowed down without e-mail and other computer applications.

The virus struck several large companies in Germany, Britain and the United States that are clients of Network Associates Inc., said Vincent Gullotto, a vice-president at the company’s anti-virus research lab. He would not name the companies. But a large television network in Europe was also hit, two security sources said, speaking on condition of anonymity and refusing to elaborate.

Finland‘s third largest bank, Sampo, closed 120 of its offices for a few hours as a precaution Monday while technicians updated anti-virus programs.

Although Microsoft Corp. announced three weeks ago the flaw that Sasser exploits — it’s a windows function called Local Security Authority Subsystem Service — many computer owners had yet to apply the software fix the company had released.

Microsoft recommended that owners of Windows 2000 and XP computers install software patches, available at http://windowsupdate.microsoft.com. Sasser does not affect older versions of Windows, and security experts said they do not anticipate the outbreak to be as widespread as last summer’s Blaster outbreak, which affected millions of computers.

© The Vancouver Sun 2004

A new Internet virus is spreading rapidly around the world may already have infected millions of computers.

Filename: W32.Sasser.worm

Target systems: Windows 2000, Windows Server 2003 and Windows XP

Means of access: Unlike a computer virus, the Sasser worm does not infect computers through e-mails or attachments, but spreads automatically, and can attack any computer connected to an Internet service provider.

Effects: It typically shuts down the computer then automatically re-boots it and repeats this process several times, but is not thought to cause lasting damage.

© The Vancouver Province 2004

The Man Who Saved the Internet is a little embarrassed.

“I don’t think I saved the Internet, I think I’m a small guy standing on the shoulders of giants that came before me,” says Paul Watson, a polite and unassuming young man.

He doesn’t particularly stand out in the crowd at CanSecWest/core04, but most of the 200 or so delegates to the Vancouver computer security conference Thursday morning were aware of his headline status.

Some of them were even less convinced than he is of his saviour creds, but that’s the nature of security experts, and these guys — they’re nearly all guys — are definitely experts.

Conference organizer Dragos Ruiu, a Vancouver-based computer security consultant, estimates at least 30 per cent of them have PhDs, a useful qualification if you want to understand much of what goes on in the presentations here.

“There are a lot of spooks, a lot of military guys, government, Fortune 50 large companies — basically anybody that’s large enough to have a dedicated security team,” he explains.

It’s the fifth year for the event he started. Last year, it expanded to add a fall gathering in Tokyo, which he says will now become part of the regular calendar.

It is, as one participant terms it, geek central. Not a tie in the place, a wide array of interesting T-shirts and hairstyles, and some spectacularly high-line wireless laptop computers in bomb-proof cases. A glimpse of a screen over a shoulder is a reminder that we’re a long, long way from Windows 98.

“This is a conference that isn’t sales-oriented, it’s about real research, what’s really going on out there, and it’s a really important place for people to sit down and come up with the ideas that can protect the Internet or critical infrastructures,” says Eric Byres, who is with the Group for Advanced Information Technology at BCIT. “This is probably one of the pre-eminent conferences in the world, this is the one to go to.”

Byres and his group have also been out saving the Internet in their own way, concentrating on security that ensures that power utilities can continue to deliver their services without fear of interruption.

Of Watson, he says: “He’s pointed out a flaw; a lot of people have pointed out flaws.” While he’s not taking anything away from him — “he certainly pointed out something that needed to be addressed and he got the ball rolling” — he notes that the Internet is “still the Wild West” when it comes to security.

He values conferences like this because he gets to meet many of the players in the small global community of computer-security experts, and establish some relationships.

“The tricky part is it’s hard to tell whose side some people are on,” he says. “There are some people that I don’t know if they’re on the black-hat side or the white-hat side or somewhere in between.”

That was part of the problem Watson had when he wrote his paper about a flaw in the transmission control protocol affecting one of the major brands of routers which move traffic around on the Internet.

As he puts it, if you were to discover a flaw that made it easy to cause airliners to crash, you’d want to give the airlines a chance to fix it before you made your knowledge even slightly public.

In his case, he couldn’t get any interest from the U.S. Computer Emergency Response Team, and had to deal instead with the National Infrastructure Security Coordination Centre in the U.K. to get a hearing.

All the time he was working on it, he had to be careful who he talked to: “Some people I’ve known for a year or two I told nothing to, other people I may have known for 10 years, I talked very openly with because I knew they understood the impact,” he says.

Face time at conferences builds that kind of trust, something which will be increasingly important as the Internet continues its spectacular rate of growth.

“There are always new attacks and new defences,” notes Ruiu. “We’ve skimmed the easy stuff off in the last three or four years. Now we’re getting to the really hard problems, the ones that are going to take us a while to eliminate.”

As for Watson, he’s speaking at one seminar during the three-day event, and sitting in the audience at the others.

© The Vancouver Sun 2004

WASHINGTON — A researcher has uncovered a serious flaw in the underlying technology for nearly all Internet traffic, a discovery that led to an urgent and secretive international effort to prevent global disruptions of Web surfing, e-mails and instant messages.

Paul Watson is slated to speak at a technology conference that begins today in Vancouver.

The British government announced the vulnerability in core Internet technology Tuesday. Left unaddressed, experts said, it could allow hackers to knock computers offline and broadly disrupt vital traffic-directing devices, called routers, that coordinate the flow of data among distant groups of computers.

“Exploitation of this vulnerability could have affected the glue that holds the Internet together,” said Roger Cumming, director for Britain‘s National Infrastructure Security Co-ordination Centre.

The U.S. Homeland Security Department issued its own cyberalert hours later that attacks “could affect a large segment of the Internet community.”

It said normal Internet operations probably would resume after such attacks stopped. Experts said there were no reports of attacks using this technique.

The flaw affecting the Internet’s “transmission control protocol,” or TCP, was discovered late last year by a computer researcher in Milwaukee. Watson, who will address CanSecWest/core04 conference at 3:30 p.m. Thursday, said he identified a method to reliably trick personal computers and routers into shutting down electronic conversations by resetting the machines remotely.

The public announcement coincides with a presentation Watson expects to make Thursday at an Internet security conference in Vancouver, where Watson said he would disclose full details of his research.

Watson predicted hackers would understand how to begin launching attacks “within five minutes of walking out of that meeting.”

Experts previously said such attacks could take between four years and 142 years to succeed because they require guessing a rotating number from roughly four billion possible combinations. Watson said he can guess the proper number with as few as four attempts, which can be accomplished within seconds.

The risk was similar to Internet users “running naked through the jungle, which didn’t matter until somebody released some tigers,” said Paul Vixie of the Internet Systems Consortium Inc.

“It’s a significant risk,” Vixie said.

“The larger Internet providers are jumping on this big time. It’s really important this just gets fixed before the bad guys start exploiting it for fun and recognition.”

Routers continually exchange important updates about the most efficient traffic routes between large networks. Continued successful attacks against routers can cause them to go into a standby mode, known as “dampening,” that can persist for hours.

Cisco Systems Inc., which acknowledged its popular routers are among those vulnerable, distributed software repairs and tips to otherwise protect large corporate customers. There were few steps for home users to take; Microsoft Corp. said it did not believe Windows users were too vulnerable and made no immediate plans to update its software.

Using Watson’s technique to attack a computer running Windows “would not be something that would be easy to do,” said Steve Lipner, Microsoft’s director for security engineering strategy.

Already in recent weeks, some U.S. government agencies and companies operating the most important digital pipelines have fortified their own vulnerable systems because of early warnings communicated by some security organizations. The White House has expressed concerns especially about risks to crucial Internet routers because attacks against them could profoundly disrupt online traffic.

“Any flaw to a fundamental protocol would raise significant concern and require significant attention by the folks who run the major infrastructures of the Internet,” said Amit Yoran, the U.S. government’s cybersecurity chief. The flaw has dominated discussions since last week among experts in security circles.

U.K. National Infrastructure Security Coordination Centre: www.niscc.gov.uk

Homeland Security cyberdivision: www.us-cert.gov

© The Vancouver Sun 2004

Treo 600 is PalmOne’s idea of the right phone/PDA tradeoff. CREDIT: CanWest News Service

Makers of so-called “smart phones” that combine a cellular phone and a Personal Digital Assistant (PDA) have always attempted to tread a fine line between voice and data usability.

To varying degrees, most failed, getting the size or functionality skewed to favour one over the other.

You know the drill. It’s too much like a phone to support real data handling — the screen is too small or the keyboard is designed for mice to use.

Or it’s the other way around, with a nice, big screen but so wide that it feels like you’re talking into a brick when making a phone call.

Along these lines, PalmOne, the separate hardware maker that was created when Palm Inc. bought Handspring Inc. last year, is getting a lot of buzz over its first product since the merger — the Treo 600.

Palm’s reputation for an easy-to-use interface has made it the PDA market leader. PalmOne (Canada) general manager Michael Moskowitz said that was a key consideration in the design of the Treo 600.

“We’ve been trying to get a very easy user interface to balance voice and data,” he said in an interview. “They are very complicated things to get right.

“No one has really done it well. If you get smaller than this, you give up your keyboard or your screen. There’s always a tradeoff, but we think we’ve hit the right tradeoff.”

The Treo 600 features a wireless phone with a built-in QWERTY keyboard and touch-sensitive colour screen. Besides being a fully functioned PDA, with an organizer, messaging,

e-mail, and web-browsing capabilities, the Treo 600 also has plenty of value-added features.

It can play audio and video loaded on its Secure Digital memory card and it even has a built-in digital camera capable of taking and e-mailing low-resolution (0.3-megapixel) colour snapshots.

Although the QWERTY keyboard is small and might be a problem for those ham-handed of us, we found its domed-shaped keys provide enough tactile feel to make a difference. Each key also lights up when it is pressed, which is handy in dark or low-light conditions.

This Swiss-army-knife-like device also features a built-in speakerphone. But don’t think Palm’s concept is to just throw everything in but the kitchen sink. It’s all about function and usability, says Moskowitz.

“The user interface is really what drives this business,” he said. “Hardware will take you a certain point, the cool factor, the beauty, but that will only see you the first 2,000 units in this country. That’s the early adopter, but the second part is do people really like to use it?”

The target market for the Treo 600 is mobile professionals, not consumers, who wouldn’t be likely to invest $599.99 in a device that still requires a two-year voice and data service agreement. It’s available on the Rogers Wireless network.

© The Vancouver Province 2004

Nasty new viruses that can make computer users’ financial and personal information available to hackers and are activated simply by looking at e-mail are working their way around the world, Internet security experts said Thursday.

The new and more dangerous variations of the Bagle virus — first discovered in January — have been unleashed with a new twist: users no longer have to open an accompanying attachment to get the virus.

Anti-virus experts say five new variants of the Bagle can defeat and disable security programs and anti-virus programs, rendering the machine vulnerable to cyberspace piracy.

“This is a pretty serious new twist, in that most people have learned not to open e-mails that have attachments they aren’t expecting,” said Chris Belthoff, a senior security analyst with Sophos, an anti-virus and anti-spam company with offices in Vancouver.

“That information is now useless in light of this new method being propagated by Bagle. Now, even looking at the message in a preview window is enough to kick it off.”

Belthoff said the virus makes the computer available to hackers who can turn it into a platform from which to launch other attacks. It also allows hackers to install programs, such as keystroke-monitoring software that can harvest sensitive information.

“It can put all that into a file that someone can come back and take at their leisure,” he said. “They can look and see a 16-digit number followed by what looks like an expiry date and conclude they have credit card information. It is pretty serious what this virus will allow people to do.”

The new variants of the Bagle virus, known as Bagle-P, Q, R,- and T, exploit known flaws in Microsoft’s Internet Explorer, Outlook and Media Player programs to run a small hypertext language message that downloads the virus directly into the target computer.

Although Microsoft issued a patch last October to fix the flaw, it may still not be enough to prevent new variants of the Bagle virus from infecting users’ computers, according to a Korean anti-virus company.

Eric Kwon, chief executive officer of Global Hauri, which identified three of the variants shortly after they were released, said his staff discovered the virus is still triggered if users try to save the message on computers that have already been patched with the Microsoft fix.

“We found that even a patched computer is still vulnerable if someone tries to save the message,” Kwon said. “This means people are going to have to change the way they send messages to one another.”

Anti-virus companies around the world began reporting the new variants overnight as users began to open messages that did not contain attachments. Computers in Korea and Australia were first hit early Thursday, with thousands of machines being infected as people went to work. Computer users in Britain later began to experience problems.

Kwon, whose company has an office in San Jose, California, said the e-mail containing the viruses uses authentic subject lines to fool people into opening the message.

“In today’s cyber post office, it is increasingly more difficult to tell friend from foe. One now must go the extra step of identifying and never opening e-mails with the titles of known Bagle virus subject lines (see sidebar) even though there is no attachment visible,” he said.

Global Hauri’s staff also found taunts written by the viruses’ author warning people to “not even try” to build a defence. Belthoff said Sophos identified Bagle-S and T as variants of Bagle-R.

Belthoff said he can’t verify Global Hauri’s claim that the virus is still activated in patched computers.

He said the solution is to make sure computers have the latest Microsoft patches and also use anti-virus programs with up-to-date virus definitions.

Microsoft’s patch can be found at http://www.microsoft.com/technet/security/bulletin/ms04-004.mspx

– – –

BAGLE VIRUS HAS NEW VARIANTS

The new variants of the Bagle virus discovered Thursday are transmitted through an e-mail message without an attachment. The variants are known as Bagle-P, Bagle-Q,, Bagle-R, Bagle-S and Bagle-T.

One anti-virus company, Sophos Inc., has found that Bagle-R avoids sending itself to addresses that include the following words: @hotmail, @msn, @microsoft, rating@, f-secur, anyone@, bugs@, contract@, feste, gold-certs@, help@, info@, nobody@, noone@, kasp, admin, icrosoft, support, ntivi, unix, linux, listserv, certific, sopho, @foo, @iana, free-av, @messagelab, winzip, google, winrar, samples, abuse, panda, cafee, spam, @avp., noreply, local, root@, postmaster@

Here are some of the randomly-chosen subject lines the virus selects when mailing itself to other computers:

– E-mail account security warning.

– Notify about using the e-mail account.

– Warning about your e-mail account.

– Important notify about your e-mail account.

– Email account utilization warning.

– E-mail technical support warning.

– Email report. -Important notify.

– Account notify. -E-mail warning.

– Re: Msg reply. -Re: Hello.

– Re: Yahoo! -Re: Thank you!

– Re: Thanks :). -Re: Document.

– RE: Text message.

– Incoming message.

– Encrypted document.

The viruses exploit a known flaw in Microsoft’s Internet Explorer and Outlook programs.

Microsoft’s patch can be found at: http://www.microsoft.com

Source: Sophos Inc., Global Hauri Inc., Microsoft Inc.

© The Vancouver Sun 2004

Imagine a group of teenagers at the mall a couple of years from now. One of them sees something for sale, snaps a picture with his camera cellphone and e-mails it to a few friends.

Then, moments later, he hits a button on his phone and begins a group “push-to-talk” session with those friends to discuss the prospective purchase.

It’s this kind of instant messaging for voice that wireless guru Andrew Seybold sees as the Next Big Thing in the cellular-communications world.

“It will transform the voice cellphone area,” said Seybold, a California-based analyst and industry newsletter publisher.

“By mid-2005, everybody is going to have push-to-talk. There are lots of things coming, such as buddy lists, so you can see who’s on. The after-school crowd, instead of going home to sit at the computer to do Instant Messaging, will be using push-to-talk.”

The push-to-talk technology — which provides users with a walkie-talkie-like connection from anywhere within a network — has been available in Canada from Telus Mobility’s Mike brand for several years.

But it is not cheap — cost includes a monthly fee and a per-minute charge for push-to-talk connections. Typical customers are in sales, construction and the oil-and-gas industries.

But Seybold predicted that pricing will come down as markets widen.

Bell Mobility has already announced it will be launching a push-to-talk service sometime this year. It is already offered by four U.S. networks and in Europe.

“We are going to have cross-network push-to-talk, which is going to be pretty cool,” said Seybold.

Seybold’s other predictions:

– As new wireless spectrum goes up for auction in the U.S., we will see, for the first time, companies such as AOL, Microsoft and Intel as bidders.

– There will be a big shift in wireless device vendors, away from the traditional makers such as Nokia, with new players from Disney, MTV and even Yahoo!.

© The Vancouver Province 2004

Robert Belanger, manager of an Island Ink-Jet kiosk in Ottawa, poses with a selection of cartridge refill kits. CREDIT: Pat McGrath, The Ottawa Citizen

If there is a blot on the reputation of ink-jet printers, it is the relatively high cost of replacement ink cartridges and the millions of empty cartridges that end up in landfills each year.

A B.C. company has a solution it claims saves customers up to 60 per cent on the cost of a new cartridge and stems the flow, at least temporarily, into landfill sites.

Island Ink-Jet Systems has opened a refilling kiosk in Ottawa where customers can drop off empty cartridges and have them replenished in less than in an hour.

These days, it’s easy to find a basic ink-jet printer for under $100. But replacement cartridges can set you back well over a third the cost of the printer itself.

Island Ink-Jet Systems can refill cartridges for no more than $19.19, said Alex Schulz, the company’s area developer for Ontario. On average, the cost of refilling works out to one-third the price of a cartridge, he said.

The system works on 95 per cent of cartridge models and allows cartridges to be refilled three to five times, he added. Customers can get a refund if they are unsatisfied with the results. The company also sells a refill kit that can save up to 90 per cent on printing costs.

Island Ink-Jet claims it kept over a million cartridges from going straight to landfills last year. According to Lyra Research, 780 million toner and ink-jet cartridges went that route worldwide last year, while a recycling industry magazine estimates the annual figure for North America is 300 million cartridges.

Printer giant Hewlett Packard, for its part, has taken steps to ease the environmental burden of its ink-jet cartridges. Customers can send the cartridges back to the company, which grinds down the cartridges and separates the metals and plastics for reuse.

“HP is the only [original equipment manufacturer] that offers an ink-jet recycling program,” said Anthony Faga, ink-jet category manager.

He said recent research has shown that refilled cartridges are far less reliable than new ones. “Our cartridges are manufactured with single use in mind, and from a reliability perspective we stand behind our product,” he said.

The issue of refilling or remanufacturing cartridges has roused the ire of some of the big printer makers.

In the United States, Lexmark International has been embroiled in a legal battle with re-manufacturer Static Control Components over a computer chip that matches Lexmark toner cartridges with its printers. Static Control claims the chip unfairly closes it out of the market, while Lexmark contends its technology is protected under copyright laws.

Gilles Brassard, communication chair at the Imaging Technology Council of Canada, said printer giants have adopted a model similar to that used by Gillette, which basically gives away its manual razors and makes money off disposable blades.

“For them [re-manufacturers] are an annoyance. At first they thought we would disappear as an industry, which didn’t happen,” said Brassard, who also operates a re-manufacturing business.

Hewlett Packard and Lexmark are being probed by the European Union competition commissioner for allegedly charging artificially high prices on ink cartridges. An official at Canada‘s Competition Bureau said the agency is aware of that investigation but does not publicly confirm or deny the subjects it is examining.

Including the Ottawa kiosk, Island Ink-Jet Systems has 32 locations in Ontario and 142 in North America.

© The Vancouver Sun 2004

E-mail spam is burying Canadians under a relentless and rising digital deluge — and we largely have ourselves to blame, says an Ipsos-Reid study released today.

On average, Canadian Internet users get 197 e-mails a week, up 60 per cent from last year, and of those e-mails a whopping 134, or 67 per cent, were spam.

That’s more than double the amount of spam reported in the last quarter of 2002 and more than four times the amount from the last quarter of 2001, according to information contained in the report “Email Marketing 2004: Being Heard Above the Noise,” to be presented in Vancouver today at a meeting of the B.C. Direct Marketing Association.

And yet Canadians continue to open spam, thus encouraging those who send it to blast out even more.

More than a third of the 2,000 Net users surveyed by telephone and online in late December 2003 and early January 2004 said they had opened spam in the past week — with the average number of spam e-mails opened in a typical week being seven. That’s up, said the survey — co-sponsored by Vancouver‘s Forge Marketing — from five the year before.

The most popular reason given for opening spam was “curiosity” (60 per cent) followed by “thought it was a legitimate e-mail” (40 per cent) and “wanting to know about the product or service” (37 per cent).

Despite the findings that 59 per cent of us say we don’t want spam under any circumstance, a substantial number of Canadians differ.

“Nineteen per cent say it’s no big deal, I can delete them if I want,” said Ipsos-Reid senior vice-president Steve Mossop. “And we also have 22 per cent saying, hey, you know what, it depends on who sends it.”

One bright note for spam haters is that fewer online Canadians visited an advertiser’s Web site as the result of spam (22 per cent versus 38 per cent in 2002). However spammers are still able to get their message across, said the report.

So amazing were the numbers — especially on the amount of e-mail flowing into our in-boxes — that Ipsos-Reid went back and took a second look at the data and then eliminated respondents who had remarkably high amounts of e-mail.

“Even so, the numbers are pretty astounding,” said Mossop, who added that all the previous surveys he’s seen have shown the level of spam at about 50 per cent.

“The most we’ve ever seen are in the 50 to 60 per cent range and our numbers are even higher than that,” said Mossop.

It’s no wonder then, that only 54 per cent of us now say our efficiency is increased by the use of e-mail, down from 85 per cent. As well, forty-eight per cent of Net users now say they wish people would pick up the phone rather than send e-mail.

Mossop said the principal message he takes away from the survey is that for all the complaining we do about spam, we have to point the finger at ourselves.

“We are opening unsolicited e-mail at an alarming rate. Forty-eight per cent of us are opening at least one e-mail per week and the average is seven. That’s outstanding. What direct marketer can claim the same numbers?”

Last time the survey was released Mossop said he thought people would sit up, take notice and change their behaviour by not opening e-mails or using spam filters.

“What’s apparent is that this is not the case,” said Mossop. “The threshold has not yet been reached and I’m not sure when that is and I’m reluctant to predict when it might be, but it’s clearly not yet.”

Strangely enough, even the users of spam filters aren’t immune to the lure of unsolicited e-mail. Thirty-six per cent of them open as many as four pieces of spam a week and they give the same reasons — curiosity, mistake and wanting to know more — for doing so.

And only 62 per cent of spam filter users say they don’t want unsolicited e-mail under any circumstance.

As well, spam filters can be a bother with 35 per cent of users sometimes having legitimate e-mail blocked by the filters.

The good news for permission-based e-mail marketers — those who ask us to opt-in for things like newsletters — is that this end of the business remains successful.

Seventy-seven per cent of Canadian Net users have registered with a Web site to get e-mail.

The average number of sites we’ve registered with has risen from seven in 2002 to eight in 2003.

Sixty per cent of those who did register said they went on to enter an advertiser’s contest. Fifty-three per cent visited an advertiser’s web page.

Interests have risen in the areas of hobbies, lifestyle and culture as well as computers and technology. Interest in news and information has dropped slightly.

The overall results of the survey are considered accurate, plus or minus 3.1 per cent, 95 per cent of the time.

© The Vancouver Sun 2004

Burnaby AlphaShield senior vice-president Nizam Dean (left) and CEO Vikash Sami market a device that attaches to your cable or DSL modem and prevents external attacks. CREDIT: Glenn Baglo, Vancouver Sun

Imagine that you had 65,536 doors to your house and that all of them were unlocked.

Do you think that, just possibly, someone might try to get inside to either steal your cheque book and credit cards or do a little creative vandalism, like destroying all your financial records?

Or that they might even take up residence so they can do digital home invasions on your neighbours and their 65,536 open entrances?

Well, 65,536 is how many doors — or ports, to use the proper term — your computer has when it’s connected to the Internet.

Worse yet, all of these ports, although most evildoers only use a few of them, are available to anyone who knows what’s called your IP address, the one given you by your Internet service provider.

And getting that IP address is a snap because your computer, once on the Net, just blathers away constantly letting everyone know you’re online and open for invasion.

This is, of course, why we’re always being told to set up a firewall — a protective shield that permits us to venture out on the Net through our ports, but stops people (call them hackers with a bad attitude if you like) coming at us the other way through various means, including viruses and worms.

But, as anyone who has configured a software firewall or installed a router with a built-in firewall knows, you’re never quite sure if you’re doing the right thing while attempting to protect your computer and your personal information.

And that’s where AlphaShield Inc. — a small privately held tech company with 12 employees at its Burnaby headquarters — saw an opportunity.

“We found out that 98 per cent of consumers and people who use high-speed Internet don’t have the technical knowledge or know-how to set up a firewall,” said AlphaShield CEO Vikash Sami. “If you are a non-technical person and you set up a firewall, it’s almost as good as not having one.”

AlphaShield’s (www.

alphashield.com) solution is a small, inexpensive ($149), easily installed box (a hardware firewall) that goes between your cable or ADSL modem and before your computer or your router, if you have a home network.

Once connected — as easy as snapping ethernet cable into place — the operating-system-independent device, which requires no software and no set-up from your computer, blocks access to every one of your 65,536 ports.

Even so, it allows you to venture out on to the Internet to visit Web sites, do online banking and the like.

(If you need to run something that needs direct Net access, like a voice over IP phone, you can do it through an auxiliary port on the device. Also, if you need to get a direct line to your ISP during a trouble call, you can simply switch the connection to your computer to the auxiliary port.)

“When we were designing AlphaShield we said, well, let’s keep the non-technical people in mind,” said Sami. “Let’s achieve a set-up simplicity where this device can be hooked up in less than one minute.”

One of the major features of AlphaShield, said Sami, is that it allows you to disconnect totally from the Internet either automatically after 15 minutes of non-use or by clicking the grey button on the top of the box. Punch the blue button and you’re back surfing.

AlphaShield’s IPStealth technology, said Sami, makes users invisible to others on the Net.

“We were able to flip the logic of a conventional firewall,” said Sami. “With a conventional firewall you choose what’s allowed in and what isn’t allowed in. With this one absolutely nothing is allowed in to your computer unless you request it.”

The AlphaShield has 50 per cent of its sales in Europe and is sold in Canada by London Drugs and Future Shop. It’s now being introduced into Radio Shack stores in the United States.

“It took us a year to get into Radio Shack, it’s almost impossible to get into Radio Shack USA,” said Sami. “We started with 10 stores as a test and we’ve just been rolled out to 1,000 stores.”

AlphaShield is designing a new product that would combine a router with the firewall technology.

© The Vancouver Sun 2004