tech TALK

Trick Or Treat?

With Halloween rapidly approaching, it's a good idea to remember some sound parental advice: don't take candy from strangers.

Whether you've let this advice affect your trick or treating patterns in the past depends largely on your home community. It's difficult to say whether the Internet--a network designed to easily share and disseminate information--is more like your friendly small town in Vermont or like inner city Detroit.

The problem in this case is not candy, but malicious programs--usually disguised as friendly applications--designed to wreak havoc on your computer and your data.

Traditionally, these programs--known as Trojan Horses--were harmless if simply copied onto your machine. They only became dangerous when you actually ran the program. If you were careful about where you got your software, then you were most likely (but not always) safe from Trojan Horses.

But now, new technology has changed the situation and made Trojan Horses much more dangerous.

The World Wide Web was designed to access information transparently anywhere in the world and display the information appropriately. These days, people rarely check where information is coming from while surfing the Web; they simply point and click away indiscriminately.

Properly displaying the information has presented somewhat of a problem as well. Most Web browsers are preconfigured to open the appropriate application according to the data it is being sent. For example, if you click on a file containing animation, the Web browser will download the file and then attempt to run the animation using a program on your computer.

Because of this convenient feature, people no longer examine the data before running it.

The recent Microsoft Word "virus" exploited this feature. Someone wrote a destructive program using the Microsoft Word macro language which simply looked like a harmless Microsoft Word data file. If you selected the file from your Web browser, Microsoft Word would load the file and run the program, making your life miserable for the next few days.

And more powerful technology has promised to increase the effectiveness of Trojan Horses even more. The Java language--written by Sun Microsystems--allows you to write applications which will automatically be run when accessed over the Web.

Why invent such a technology? One glance at what you can do with Java, and most people are immediately convinced that it's a good thing. And it is. Java allows you to extend the capability of your Web browser, enabling you to incorporate useful real-time applications into your browser or play nifty animations and sounds.

But running a strange program from possibly untrusted sources is inherently an unsafe thing to do.

To prevent any unwelcome invasions, Java's design emphasizes security. For instance, you cannot write an application in Java which will delete your hard drive or e-mail the contents of your hard drive to another person. Additionally, Java browsers come preconfigured to reject Java applications from untrusted computers.

But Trojan Horses do not have to erase your hard drive to be destructive. I could, for instance, write a Java program which, when accessed, sent 100 anonymous e-mail messages to a person I detested. There are other creative possibilities as well.

The cost of powerful and convenient new features is security. For most (including myself), the utility of the World Wide Web and Java is worth the tradeoff in security.

But, just as one should be careful when trick or treating in a rapidly growing metropolis, one should remember the potential dangers of surfing the Web and accessing information over the Internet. Be safe, and have fun.

Eugene E. Kim '96 is former president of the Harvard Computer Society. He may be reached online at "ekim@fas.harvard.edu."