Should We Blame Security Victims?
from the where-to-place-the-blame... dept
There is always something of a back and forth on who to blame whenever a big virus goes around. Is it the fault of a company like Microsoft for not creating their software in a way to better protect against such things? Is it the fault of anti-virus software vendors who are always a step behind the latest virus? Or, is it the fault of the end-user who is convinced to click a strange attachment despite thousands upon thousands of warnings not to? Walt Mossberg recently wrote a column calling for techies to stop blaming the victims. Instead, he blames Microsoft and calls on them to create a one-stop shop for protecting end-users from any and all security problems. Now, Tim Mullen has struck back and pointed out that people should stop being victims if they want to use computers and the internet. He points out, first of all, that Mossberg’s vision of the perfect security protection system is impossible. Furthermore, he explains that no one is expecting end users to become system administrators, but to just do a few basic things to secure their computers from the most obvious of malicious attacks by installing basic anti-virus and firewall software (though, these days, you also need anti-spam software, anti-spyware software and anti-phishing software to really be complete). Mullen’s point, however, is that we expect a basic level of competence to drive a car without hurting themselves, or to cook meat without giving themselves food poisoning. Thus, is it really that much to ask users to secure their own computers? The answer, of course, probably lies somewhere in the middle. Software companies and, increasingly, internet service providers, are going to be expected to do more to stop malicious attacks in their tracks – but end users should be expected to handle basic protection of their own machines. Besides, if we really must blame someone for all these malicious attacks, shouldn’t it be those who are actually creating them?
Comments on “Should We Blame Security Victims?”
No Subject Given
I agree a lot with the second article.
Yes, the attackers SHOULD be blamed, let us never forget the crooks and the anti-social losers on the net who like to steal or destroy or just simply ruin the experience for as many people as possible.
That said though, let us not forget personal responsibility either…which so many want to do (oh please Microsoft, protect us from the bad hackers).
Yes, technically, Microsoft has a LOT of holes…whether they can do anything about that is for another discussion, and whether they are at fault is also for another discussion.
However, its not brain surgery to learn how to use your computer properly, how not to give away your personal info to every pop up window that appears and how NOT to believe every damn email you receive in your email (especially those stupid “forward this to everyone you possibly can!” idiocies). Its not brain surgery to learn about spyware and viruses and to keep your scanner up to date. Its not even brain surgery to install a firewall like zonealarm if you MUST use windows. If my SO’s grandparents and my parents can do it, so can anyone.
These things won’t keep you 100% safe, its not foolproof, just like a safe driver can have an accident, so can you still run into trouble…but the risk to your PC and others is very much reduced.
To those who say they can’t be bothered, or that its too hard and that it should be easier and that its not their job to learn how to do this…perhaps I can suggest the following:
Pull out your computer’s plug, put it back in the box and get a refund…you don’t have enough brain cells to be on the net. You are a walking target that not only is a risk to yourself, but also a hindrance to my connection because your machine is flooding the bandwith with your spyware and your infections. I have no pity for you whatsoever.
Re: Yes I did ...
Wow …
That was so good I need a cigarette …
BRB …
Re: No Subject Given
Well, I don’t disagree, but the fact is that stupid people use computers.
I like ease of use too, but sometimes I miss the old days where it was relatively difficult to get your system connected to the Internet – where you needed some intelligence just to get that far!
People don’t choose not to be smart. Microsoft made easy to use systems; people who need easy to use systems because they aren’t particularly bright are going to use them. It’s not fair to expect much from them beyond that.
Re: Re: No Subject Given
I miss the old days where it was relatively difficult to get your system connected to the Internet – where you needed some intelligence just to get that far!
But with the simple to use Internet, you can come here and read Dorpus’s missives here on techdirt.
Re: No Subject Given
Armor2net Personal Firewall software provides a complete spectrum of Internet security and Internet privacy for computers. The program protects the computer from hackers, data thieves, and other Internet-based dangers.
People don't realise they're running this stuff
I was grep’ing through my web logs the other night for CodeRed attacks, and found 7 different source IP’s (jees, people still haven’t fixed CodeRed?!)
A quick nmap of them found that they all had all ports open.
I even wget’ed a couple of them and got a “coming soon” web page back, so they were running IIS without realising too (so I guess they were 2K/XP boxes).
I think a lot of blame has to be put with MS’s default settings, also ISP’s should be providing a router/firewall with all broadband accounts – no Windows box should be directly connected to the internet.
Re: People don't realise they're running this stuf
My ISP refuses to do anything about them (not even so much as NOTIFY the users). I get nailed by CodeRed several hundred times an hour.
Since I *do* communicate with other users on that network, banning/blocking at the IP level (which means a list-length in the 5-6 digits) is not practical (since they use dynamic IPs…once I got assigned an IP I had banned previously..fun fun fun).
Just blocking/dropping/denying the requests keeps me safe but doesn’t reduce the traffic on the modem.
I’m at the point where I just want to knock ’em off the net myself…leave a little popup telling them to “Hey moron! Clean up your machine!”…that sort of thing.
I haven’t done that yet…that being illegal really…but boy do I ever want to.
No Subject Given
There are two separate issues, and I’ll use an analogy to describe them.
First, the city IS responsible when it knows that a certain dark alley is the site of muggings every evening. The city should enhance its security to patrol and prosecute.
Second, the lady who is mugged in that dark alley is not at legal fault even if it’s clear that she could have taken more precautions. “She was asking for it, walking alone and wearing those clothes like that” is an antique barbarism.
However, the city’s “enhanced security” rightly can and should include a campaign to educate potential victims before they become actual victims. Awareness, purpose, and defensive training each mitigate some of the risk of being out in public.
-
Armor2net Personal Firewall has an easy-to-use interface and is very intuitive. Unlike most of its competitors, Armor2net is truly ??intelligent?? firewall software that allows many of its functions to be automatically processed. The application is perfectly suited for home and office and for new users.
For more information, please visit: http://www.armor2net.com