SAFE HEX INTERNATIONAL - THE COMPUTERS GREENPEACE Our organisation "Safe Hex International", SHI, is a grass roots movement which started in 1990 with Amiga computers. Today we are an organisation with around 600 members who are all more or less involved in our work. We now have 31 virus centres around the world which have free phone help lines, and where anyone can get the latest Public Domain virus killers on disk. These disks have been translated into the relevant languages with all imaginable instructions. Even inexperienced users can immediately under- stand what to do. The price of these disks is around $5 US, including disk and postage, i.e. a price anyone can afford. These disks are updated 12 times a year, and contain programs which are generally better than the best commercial virus killers! Our organisation or our "movement", I should say, does not have the formal structure one normally associates which clubs, associations and the like. We are a non-profit making organisation with has a very particular aim, we try to make active efforts which, in many ways, resemble those of Greenpeace. The resemblance to Greenpeace is not just coincidental. Greenpeace works in the biological environment. The only difference with us, is that we work in the data environment. DATA POLLUTION I am often asked the question " What should I do if I want to be 100 % secure? Which virus killers should I use, and what should I do?" Unfortunately I have to disappoint people because the answer is: "If you want to be 100 % secure, then don't buy a computer"! The situation is that one can never be 100% secure, especially today with all the computer viruses which flourish around the world. This insecurity is actually much worse than the actual damage one suffers if one's computer is attacked by a virus. Socrates, the great classical Greek philosopher, asked his enemies to be compassionate for he said: "Kill me, or let me live, but make up your minds up soon, I can't live with this insecurity." The hemlock which he was forced to drink put an end to his insecurity, as we know. Socrates touched a point here which we can all recognize in this day and age, what about our modern data installations: Insecurity and impotence. I reckon that having to live with the continual threat from hacking or an attack by computer viruses is far worse than the actual damage which is being done. Unfortunately we have to live with this insecurity. One cannot go back in time. IS THERE A REAL THREAT TO OUR DATA ENVIRONMENT? Our work at SHI concentrates on computer viruses. We work against hacking and other forms of destruction or misuse of data. But, in our opinion, the greatest danger to our data environment is the explosive increase in new computer viruses. The number of new computer viruses is currently increas- ing four-fold every year. If we just look a few years ahead, the number of viruses around will reach monstrous proportions. As far as PC viruses are concerned, we have around 3000 viruses today, this will increase to more than 25,000 in 1996 if development continues at the same rate. What is even worse is that the virus types are getting so advanced that many experts today anticipate that we maybe will have to give up, or find such involved procedures for finding viruses that the efficiency of our machines will be severely curtailed. One possible solution to the majority of the problems is to maybe alter the hardware so that a program does not get the chance to lie resident in the computer's memory. It is of course, just as apparent as with our biological environment that one cannot alter the actual conditions from one day to the next. But here and now we can maybe alter the conditions for the generations to come through information, legislation and the like, so that the damage is limited. DATA SECURITY IS EXPENSIVE BUT NECESSARY. Outsiders often find it hard to understand our problems over data security. What actually does it mean if the data environment is polluted by hackers and viruses? Maybe it can be explained when I state that, even now, these problems cost an awful lot of money. Of course it can't be counted in dollars and cents, or pounds and pence, but a qualified guess is that it costs data installation users between US$ 10 billion and US$ 20 billion annually. That sounds like an astronomical sum to many ears, but corresponds to a cost of between US$ 100 and US$ 200 for each individual user, when assessed against the more than 120 billion computers which are sold today. Some people will maintain that users who only have their computers as a hobby do not have expenses of this size. But.... honestly, your leisure time is worth money too, isn't it? I would reckon my leisure time to be worth the same as my work time. But, besides the time itself which is used for virus control and back-up of programs, most users have to obtain special software for virus control and back-up, in all a sum of maybe US$ 50 to US$ 500 annually. Paradoxically, the actual damage caused by virus and hacking costs much less than the preventive measures. Personally, I think that the damage costs users less than US$ 1 billion annually, but this is of course just a calculated guess based on my experience from referrals from a large numbers of users. WHAT CAN ONE DO? We at Safe Hex International are so stubborn that we will no longer accept a "polluted" data environment. The beginning of our organisation was when we began to collect computer viruses. We sent them to various clever programmers around the world who then made virus killers. Since then, our project has torn ahead so fast that we can hardly keep up with the progress. Here are just a few of the new develop- ments: We write articles for those magazines which do not publish enough informa- tion on data security. For example, several American magazines are two years out of date on this matter. We provide background material for the magazines so that their articles are more up to date. We have made contact with radio and TV, eg, our first programme on our work on data security and it was transmitted by Danish local radio, and the national TV channel, TV2. We have established a "Virus Test Centre" where all viruses are tested on all the virus killers and reports of these tests are published. We have the world's largest collection of Amiga viruses. These viruses are sent to us by our members. We have an "ideas bank" where programmers in our group can get information and ideas for smart new virus test methods. We are in the process of constructing a standard program which can recognize all Amiga viruses when it is used as a sub-program by other programs. We are in the process of making a special virus program, which can automatically control viruses on "Bulletin Boards". These boards are probably the source of 80% of the virus spread we have today. It is therefore very important that something is done here. We are contacting software suppliers to get them to use "safety disks". That is, disks which are 100% secure against virus infection because they cannot be written on. Before long all the Danish libraries which lend out software will have these disks. More and more of our large software suppliers eg "Word Perfect" and IBM have also goneover to the use of these "Safety Disks". 3 DATA SECURITY PRIZES IN 1992 Our work at Safe Hex International has been recognized by the public. In early 1992 "SHI" was presented with awards 3 times for our worldwide virus work: The first award was presented on February 29th by the Danish computer trade organization (i. e. the PC organizations). The prize was given at the Danish "Dataforening's", (Data-society's) annual safety conference at the SAS HotelScandinavian. The second award was presented on March 21st at the annual Amiga Expo in Copenhagen, Denmark. The third award was presented on May 1st by AmiCon in Stockholm, Sweden, and was given for our worldwide virus work too and we are of course very, pleased that our work has been recognized and appreciated. NEW ASSIGNMENTS New devilishly thought out computer viruses will always be a threat, regardless of whatever ingenious combatting plans one can design to prevent data loss. One cannot stop this development, whether through legislation or by utilising virus killers or the like. SHI has set up a "Reward Fund", currently at US$ 4500. This money will be paid as a reward to people who tell us the name and address of the person/people who have made these viruses. We hope in this way to do without a number of viruses, now that it is suddenly dangerous for the virus makers to boast to their friends. We have already had the first notification! Legislation in the data area has been very neglected and is totally happenstance in many countries. SHI therefore applied to the European Parliament in Autumn 1991 to get a motion passed on the harmonization and tightening up of our laws on data security. Several countries in the EC have today no legislation at all in this area. On 12th January 1992, our bill was dealt with in the European Parliament, with support from several members, including the Danish EMP's Christian Rovsing and Freddy Blak. A committee will now be set up where SHI can be influential and, finally, a law can be expected to be passed during the next 12 months. We think that it is reasonable that we get unified rules in the EC. As known, computer viruses do not recognise national borders. We are considering reporting the Danish telephone company, KTAS, to the police for having tapped a telephone line for a long period without a legal warrant, involving a case against one of Denmark's largest bulletin boards. We consider it an aggravating circumstance that KTAS' barrister has said to the court: "We have been doing this for 30 years without a warrant". Recently a large German magazine publishing company was reported to the German police. They organised a competition amongst their readers for someone who could make the "best" computer virus. We believe it is criminal to encourage people to do things which are against the law. An aggravating circumstance is that the magazine in question had even printed a short description as to how to make viruses. We are shocked about, and of course condemn, this sort of behaviour. We are very dependent upon people supporting our work. I hope particularly that the media will support us because you don't get far, these days, without public relations. We started up as an Amiga organisation but I hope that we can begin this year to set up the first PC virus centre. We have already obtained the hardware for it. YOURS SINCERELY ERIK LØVENDAHL SØRENSEN SAFE HEX INTERNATIONAL