Skip to content

Korean Zombie PC Prevention Bill

One can hope that legislative stupidity is not contagious, but would be terminally naive to do so. So although the Korean proposals for a bill that makes security software on computers mandatory and grants the authorities the power to check for the existence of mandated security software on computers seems rather far-fetched, it is probably closer than we think. So it is worth to point out the rubbishness and sheer danger of this idea in addition to the fine points made by Amelia Andersdotter. The only good part of the Korean Zombie PC Prevention Bill is that it would make a fine punk band name, but other than that it is beyond useless.Of course the existence of so-called zombie personal computers is becoming more than a nuisance. And obviously the parallels with transmittable diseases that warrant mandatory vaccination or at the very least quarantaining its victims are strong. But like all metaphors, the metaphor of a transmittable disease that should be eradicated the same way polio has been eradicated in the developed world will come back to bite one in the less than shiny behind.

First take a look at the origins of Zombie personal computers, which are personal computers¬† that unbeknown to their operators taken over by external actors. They usually partake in the dissemination of unsolicitied e-mail (spam), hosting of illegitimate content (child pornography, fraudulent webistes etc.) and the very blunt tool of distributed-denial-of-service attacks. Zombies are made possible by the fact that mainstream operating systems and applications such as earlier incarnations of Microsoft Windows were not exactly designed with resilience towards attacks in mind. There still are only limited commercial incentives for software developers to take security serious since they usually exonerate themselves from any liability through End User Licens Agreements (EULAs). Furthermore, us users tend to be incredibly gullible (or have been conditioned by poorly thought through user interfaces to behave incredibly gullible ) and tend to click on any ‘yes’ button that may pop up.¬† On top of that there is a thorough monoculture, which like any biologist can tell you, breeds plagues. Even moreso in South-Korea where the government has mandated a unique monoculture in desktop computing: because any form secure transaction has to use a standard that is only implemented through proprietary ActiveX controls, it is impossible to use any online government service or online e-commerce service originating from South Korea with any other computing technology than Microsoft’s Internet Explorer family of browsers.

So some Korean members of parliament have chosen the blindingly obvious solution to this very problem: mandate government security software (obviously only available for Microsoft Windows operating systems), so the uniquely Korean monoculture of 99.9% market share for Microsoft Internet Explorer on Microsoft Windows¬† is perpetuated. Unless the same software becomes available for Apple’s OS X and Safari , all flavours of Linux and the BSD family of operating systems and their various versions of Mozilla Firefox and Google Chrome (I am not going the enumerate the very long tail of even more obscure operating systems and browsers available).

Even worse, the proposal also creates the power for the Korean authorities to check your computer for its proper availability of government mandated security software. Just like you can be required to have a doctor to give you a clean bill of health for certain highly contagious diseases if you don’t want to be put into quarantaine. Makes sense, doesn’t it? Except it doesn’t, because checking for symptoms of a contagion doesn’t involve in rummaging through all your personal documents and is usually done by someone who has taken a professional oath to protect you, and not the government. It basically turns around the presumption of innocence that is part of any rule of law. Your computer may become a target for a serach (and seizure) just because it is a computer. The cherry on the cake is of course that we also should expect governmental bodies to take enough care that backdoors installed for this very purpose will not be abused by those very nefarious people, the Zombie-operators, it aims to fight. To quote Top Gear: what could possibly go wrong?

One Trackback/Pingback

  1. […] I reported two days ago, and is not noted also by Walter van Holst, a recent South Korean DDoS attack may in fact be a malicious attempt at sneaking through an […]