security

Security in a virtual world like Second Life is a major concern. There always seems to be someone around who wants to amuse themselves by making others unhappy ("griefers"), and businesses need to know what do to when that happens. According to Dharma Austin of LSD Security Inc., an in-world security company that has worked with dozens of sim owners, most well-populated sims in Second Life are completely vulnerable to attack. I asked her what people really need to know when it comes to security.

1. Don't rely on Linden Lab to do everything. - There is a time to file abuse reports, of course, but for the most part you will be able to handle situations on your own much faster. Waiting on the customer service of a company that has tens of thousands of people using its system at any given time isn't the best idea in an emergency. Prepare to do things on your own.

2. Train the staff. - Often staff members on a sim don't have any idea how to deal with estate tools. They need to be walked through the buttons, made aware of how to turn on/off scripting and building, how to ban people, and even the media controls. An uninformed staff might as well not be there at all, and could potentially make things worse.

3. Get over your fear. - An avatar getting shot by guns in Second Life doesn't kill them and explosions won't maim them. Much of what happens in griefing attacks involves intimidation, and everyone needs to realize that they can't actually be hurt. This is a surprisingly common mistake, and staffers have been victimized a number of times by being "held at gunpoint".

4. Know the three types of griefers. - Type 1: Newbies who just don't know what they're doing and rez 10 sailboats by accident. Give them a landmark to a sandbox. Type 2: Amateur griefers with guns trying to assault people. Kick and ban them immediately. Type 3: Professional griefers there to do a bombing, sim crashings, or mass spam. They're still not dangerous, but make sure to mute them in addition to kicking and banning them.

5. Particle spamming requires immediate and definitive action. - One quirk of Second Life allows "particles", intangible floating graphics, to potentially fill the air. Train your staff to immediately turn scripting off in the estate tools until the problem particle generator is found and removed.

6. Beware of "alts". - People who come to a sim with the intention of causing trouble generally don't do so using the avatar they use every day. A well-dressed unverified avatar that's only a few days old is a dead giveaway of an experienced Second Life resident using a new account to hide their identity. Don't pre-emptively ban them, but be ready for trouble.

7. Security is not a popularity contest. - Banning people will always upset someone, but if you're careful it will only be the griefer themselves. "The price I have had to pay is a bad reputation for banning people," said Dharma, "but our sims are safe and our residents love it here."

One thing you might have noticed about this list is that none of it involves a fix-all gadget that you install on a sim. This is about staffing your area, and making sure that they know what to do. If you're too busy to handle this yourself there are a number of consulting companies like LSD Security Inc. out there who can run the training sessions for you and offer advice custom-tailored to your needs. No matter what you do, remember that the key here is prevention - prepare now, not after your sim is filled with spam.

In light of the demise of Bud.TV, Anheuser-Busch's millstone video portal, what can besieged Linden Lab learn as they prepare to institute similarly restrictive security measures on an already taxed infrastructure? Despite tens of millions of US$ spent on original content creation, nobody loves Anheiser-Busch's televisual albatros, and they have said that it would "probably fade a bit" in the coming year. The reason?

Visitors balked when asked to provide personal information such as their names, e-mail addresses and ZIP codes. Visits to the site plunged about 40 percent in the month after the launch. Meanwhile, alcohol-control advocates criticized the company for not tightening controls even further.

"We thought we had a fantastic idea," said Busch. "We put a Fort Knox entry system on the website to ensure that there would be nobody underage that could get into the website."

As a result, he said, "I can't even figure out how to get into the website."

The security system in question was being maintained by Integrity. They recently leveraged their "successful" implementation over at Bud.TV to convince Linden Lab to adopt their verification system for Second Life in the coming months.

It should be noted that this system turned away potential users of Bud.TV even before the discovery that Integrity is partnered with Aristotle. Aristotle, a data-mining company that helps people influence elections, claims to be an entirely separate entity despite the fact that they handle all contract negotiations on behalf of Integrity.

Will Bud.TV's failure due to overly constrictive security measures influence Linden Lab's decision to go down the same road? Massive public outcry against the proposed system hasn't made a difference, but this example of the system failing upon implementation just might.

(via STLtoday)