<i>Simon Hendery</i>: Never-ending battle against cyber-crooks

In case you've ever wondered about the "http://" that appears in front of web addresses on your browser, it's an acronym for hypertext transfer protocol - the technical rulebook used to serve up web content on to your screen.

Given websites are an increasingly popular mechanism used by hackers to break into our PCs, Larry Bridwell reckons, perhaps half seriously, we should change that to "gfbp://" - generic firewall bypass protocol.

In the world of computer security, firewalls are the hardware and software devices to keep nasties out of our systems. There's an endless game of one-upmanship going on between the security companies which use firewalls to try to keep attackers out and the criminals who work to bust through them.

Bridwell, a roaming global ambassador for one such security company, AVG, was in Auckland last week spreading the word on safe surfing, including passing on the message that today "far and away" the biggest problem in computer security is exploitative websites that contain the hacking equivalent of landmines which remain invisible to the naked eye of the typical visitor.

Ten years ago cyber troublemakers got their kicks from simply defacing homepages of websites, Bridwell says.

Today they use such vulnerable sites to plant invisible traps which could eventually spread viruses or siphon off personal information.

Security software vendor spokespeople such as Bridwell clearly have more than simply an altruistic interest in reminding us of the ever-present threat of online identity fraud and credit card detail theft. Their business is selling solutions to thwart the crims and several - including AVG, Symantec and ESET - have been active in the marketplace over the past few weeks as they promote improved releases of their software.

But that's not to detract from the message that computer users need to be conscious of security issues.

As Bridwell reminds us, the cyber criminal fraternity is big, international and well funded. It's generally accepted it is better resourced than the cluster of security companies it fights against.

Just like the security companies, their modus operandi involves scanning the web for vulnerabilities.

"They [the cyber criminals] don't pay taxes ... they have great profit-sharing plans with their employees," says Bridwell.

Scott Robertson, Australia and New Zealand regional director for business-focused IT security company WatchGuard, says even https - the secure version of the web page protocol - is not immune to hackers.

In fact, because it is often used to protect important web traffic, it is of greater interest to criminals.

"Https has always been a secure protocol because it's encrypted. But its very nature - the fact it's encrypted - means it's attractive for hackers to try to access your networks using https," Robertson says.

And he warns that businesses who let their security guard down as the recession bites could be in trouble.

"Criminals do not care if your IT budget is being cut this year," he says.

"They have one goal in mind, which is to get at your data, customer information, or to gain access to your computers, servers and network resources."

Again, it is a message that plays to WatchGuard's business strategy - selling customers security solutions - but that doesn't make it any less true.