The following is a syndication of a recent article I wrote for Voices of Africa. It is moderately technical, but give it a shot anyway and see if you learn something.
First off, let me apologize if you have already
read an article about Botnets in Kenya, and their potential growth do
to the new fibre optic data cables that are landing and coming live
(however so slowly). I want to put a spin on it, though not a large
one. As this website’s mission is to empower the people of Kenya, and
Africa, to be heard on the internet, a direct result of this is
teaching people basic internet skills. Teaching internet skills means
empowering people with internet connections, which are set to become
inexpensive and abundant in Kenya if all of the political and corporate
wrangling over the data cables eventually dies down.
As we all know, empowering people through the internet is not only
an avenue to be heard, but also to be spoken to, and dropping the
metaphor, consume data as well as produce. It is this data consumption
that I am very concerned about in a Kenya more innudated by internet
than for which we may be ready. A recent announcement by Microsoft to
not allow their Security Essentials software to be installed on pirated
copies of Windows has prompted this blog post. How does this all lead
to Kenya being a haven for botnets and why do we even need to care?
Most all computers in Kenya are running pirated copies of Windows.
Do I have the statistics to prove that? No. Will I find them for you?
No. If you want to argue about it, I will gladly direct you to the
nearest wall to which you can talk, for it will be a far more patient
listener than I. This means that many computers in Kenya will not be
able to receive the Security Essentials Software when it goes online.
Why do I care? Because I was hoping this would be at least a step
forward in solving the Kenyan computer malware (viruses, spyware,
adware) epidemic. It would integrate much nicer into pre-existing
Windows installations than other programs such as AVG, and would
combine many more protections into one product than the hodge-podge
soup solution of Ad-Aware, Spybot and [Insert favorite free
Anti-Virus]. ArsTechnica (a tech news site I hold in high regard) has
even given Security Essentials a thumbs up approval. As an instructor,
I can barely stress to people the importance of protecting their
computers short of making analogies to sexually transmitted diseases
and protection against them, which if you ask some of my colleagues, is
also not an easy argument to make here!
Where does that leave Kenya on the brink of this supposed Internet
Renaissance? In trouble! At first, viruses in Kenya were simply
nuisance USB Flash Disk viruses which would only potentially do
something other than replicate. The introduction of new viruses into
the computer bloodstream was limited to single vectors of attack:
cybers, and even then, most cybers would result simply in quarantine,
as many people did not have means of transporting information out of
them. Of course, USB Flash Disks introduced the exit vector from
quarantine, but for reasons I have not speculated upon, infection from
serious viruses remained minimal beyond annoyance level.
Soon it will not just be cybers acting as virus incubators however.
More and more individuals will be purchasing computers as low-cost
solutions proliferate the market (netbooks, good-quality used machines,
etc.). When low cost hardware, unprotected software, lack of education
and cheap internet align, the result is botnets. It will be Europe and
America all over again. We have seen the problem: blackmarket
organized crime able to purchase privately owned but unprotected zombie
computers in the thousands and use them as a platform to launch
attacks. They have been used to take down high profile sites such as
Twitter, Facebook and even some portions of Google, that supposedly
impenetrable fortress. In this situation most of all, we need to stop
emulating the West and be better than the West! We can see the
problem. We have the educated security professionals who should be
warning proper institutions of this threat. We can protect Kenya.
What is to stop Kenya from becoming a breeding ground not only of
zombie computer hardware, but also a for black-hat, malacious, computer
programmers hoping to make a quick buck? We all know the phrase
“homefield [or turf] advantage”. Who would know the layout of ICT
infrastructure in Kenya better than Kenyans? We have the best
infrastructure of any East African Nation, we have the most capital of
any East African Nation, and as a result, we have the most to lose. I
do not want to see Kenya become the next Botnet Marketplace. I do not
want to see Kenyan IP addresses as the originating source of the next
major web attack. I want to empower Kenyans to use the Internet to
speak their minds, and tell their stories, and I know that the story of
Kenya is not that of vicious programmers and malcontents happy to do
damage using their newfound power, but we cannot let the rest of the
world think that. It would go against the best interests and
international image of Kenya to be perceived as the new source of
Practice protection when using the internet. Solutions include
learning (and subsequently teaching), how to use a mix of free
anti-malware solutions to protect a computer. This is not easy, and
most users will just shrug and ignore you. Many of these solutions are
not as user-friendly as they should be, considering the gravity of the
situation. Possibly stress moving off of the Windows platform
completely. This removes the barrier to maintaining the most up to
date software and thus the most protected software. Think open source
solutions, such as a GNU/Linux based solution. Take a class in proper
internet safety. When browsing the web, at least make sure your Web
Browser is the most recent version. I won’t even tell you which one to
use (though I prefer Mozilla Firefox), because in this day and age, all
major browser vendors acknowledge the need for the browser to be the
first level of security and have thus taken steps to make protecting
yourself easy (if not mindless).
The internet is not a safe place for those caught unaware, so always
be prepared, be vigilant. If we all work our hardest to stay informed
of the latest threats and use proper security techniques, we can
protect the image of Kenya as it emerges into the globally connected
world. Empower people to use their voices, but also teach them how to
be a good internet citizen. These two tasks must go hand in hand if we
are to walk safely and peacefully into the future together.