Here is a summary of the attack described in detail in our previous post.
You have been attracted by the promise of fast, cheap, reliable Internet-based storage offered by the Amazon S3 system. You have backed up all your iTunes music using aTunes, and you are using JungleDisk to store large amounts of data on a “disk drive” which is not really on your computer but on Amazon’s servers. You don’t have to think consciously about backup any more, and you are seriously considering moving absolutely everything onto Amazon S3 so that you can forget about backing things up altogether.
Being prudent, you are also using Norton Internet Security to protect your computer.
One day you visit a web page – or perhaps you look at a message in one of the discussion forums that you monitor regularly. Unknown to you, the page or message contains a sinister file disguised as an image.
You do not see – or you do not notice – the discreet notification that Norton Internet Security displays for a few seconds, to tell you that a threat has been detected and blocked.
Suddenly all your data have disappeared.
Your backed-up music has disappeared.
Your valuable files stored on JungleDisk have disappeared: in fact, the whole “JungleDisk” disk drive has ceased to exist.
Being curious, you ask your computer to check its connection to the Amazon S3 server at s3.amazonaws.com. It reports that connection to that server is impossible: the server has vanished from the known universe and all your data have gone with it.
What has happened
In fact nothing has actually disappeared from Amazon’s servers. You are the victim of the computer equivalent of an auto-immune disease. In its eagerness to protect you from attack, Norton Internet Security has decided to “protect” you from your own data.
You have hit a fundamental design flaw of Norton’s anti-worm defences. This does not affect just Amazon S3 but potentially all online storage services.
If you are not technically sophisticated enough to disable the relevant features of Norton, you are stuck. You’re also stuck if your system administrator won’t let you alter your Norton security settings. Or if you’re frightened to make any change that might reduce your level of protection.
But online storage – cheap, fast, reliable, and automatically backed up – is too valuable a facility to sacrifice.
It will be interesting to see what happens next.