To be sure, companies like Symantec are already offering sophisticated anti-malware products. Microsoft, too, regularly provides operating system updates meant partly to fight malware. And myriad small companies offer services; a recent entrant, SiteAdvisor, is launching a product that offers web site ratings based on its automated web-crawling technology.
The key question all consumers should ponder, Zittrain says, is: Who gets control over decisions to either banish a piece of code, or allow it through? “The definitions of what is bad and what is not are not agreed upon; software is constantly changing,” he notes. So giving one company control over the decision to block may not be the right decision for all people.
Zittrain argues that today’s anti-malware efforts may prove to be highly effective solutions. Yet they also reflect a toehold of corporate control over individuals’ computer activities that could metastasize into something more invasive, or one day serve as a vehicle for court-ordered software purges. Consumers should worry, too, that a worsening of Internet security – especially a successful cyber-attack – could precipitate heavy-handed government regulation akin to the USA Patriot Act that followed the September 11 attacks.
Zittrain describes the project as an effort to head off this dystopia, and preserve consumer willingness to operate open PCs. He calls the project a “collaborative effort to define the axes along which software can be evaluated, to develop and distill those evaluations in ways that consumers can understand, and in which they can participate, and to ultimately create an environment where heavy-handed regulation isn’t called upon to deal with these ills in ways that cause a lot of collateral damage.”
Sun, Google, and Lenovo did not immediately respond to interview requests. In a written statement, Cerf sounded a dire tone: “I believe the potential growth of the Internet will be limited if we allow invasive badware and spyware to continue to fester without strong action. All consumers must be in control of their experiences when they browse the Internet and the mass proliferation of badware threatens this control. We cannot allow that to continue. In order to stem the unimpeded growth of badware, we must develop a better understanding of the avenues by which this abusive behavior is conducted in order to inhibit its effects – and I believe that this initiative will help with that.” He added: “The providers of Internet services and software simply must get this problem under control.”
Cerf and Google left unanswered such questions as whether their www.stopbadware.org involvement might presage a Google bid to enter the PC market with, say, a machine that wards off “evil.” Cerf was cagey about the connection to Google’s corporate moves, offering only the usual high-level Google mission statement that the company would “continue on its path to organize all kinds of network-based information and learn how to index it so that it can be found again. We hope to make what is found more relevant to what the users are looking for at any particular moment.”
What’s clear is that the malware problem is far more than merely annoying. To many leading figures in Internet research, these problems could erode consumer confidence to the degree that Internet growth is stalled (see “The Internet Is Broken”). Earlier this year, MIT’s David D. Clark, an Internet elder statesman and onetime chief protocol architect, characterized the problem this way in a conversation with Technology Review: “We might just be at the point where the utility of the Internet stalls – and perhaps turns downward.” In recent months, Clark himself has been trying to cobble together a government-funded research effort to design new Internet architectures more in tune with the modern era, incorporating security features and other improvements.
Home page image courtesy of William Thomas Cain/Getty Images.