Hal - Deliberately Basic

Is it really possible to secure your computer?

According to the FBI, computer crime cost US business 67.2 billion dollars in 2005. A CNN report indicates this was a record bad year for security. Well, dang, I’d say it was indeed a bad year. In 2007, the situation continues to escalate. Will business ever be secure with your personal data? I don’t see any way that is possible. Insecurity is a fact of life, and that same dark peril spills over to your computer as well.

Individual users spend billions each year to secure personal computers. Security is not a mom and pop business, but a leviathan industry built on the misunderstanding and incompetence of home users. The very people who should be reading about security have no interest or understanding of the most basic aspects of it. Speaking as one who worked in IT for many years, I long ago came to the conclusion that apathy is the cause of nearly all computer related problems, including security.

A report from the Sans Institute indicates that user apathy is the number three reason for computer insecurity. My experience tells me to move that to number one. Conversely, I believe there is a reason for this indifferent attitude from users. Security is so difficult to understand, only security experts have an interest, and users should not have to be engineers to implement it.

Every time Microsoft releases a new version of Windows, one of the first claims made is, the issue of security has finally been solved. This version is much more secure than the last. That may be true, but I’m starting to wonder if these claims are made with an ulterior motive. Even before a particular version is released to the public, every aspect of it has been cracked by the cyber underworld.  This is no different than pad locking a door and daring someone to break the lock. From a historical point of observation, forget about security with any OS, but more especially Windows. It ain’t gonna happen.

Users today have come to expect that malware is simply a part of the experience of having a computer. I know people who take their computer to a shop every six months to a year to have it cleaned of malware. For these folks, this is as normal as taking the car in for an oil change. It doesn’t have to be this way.

Thousands of articles and information about security are available on the Internet that show and tell how to secure your computer. That is not relevant to the problem. User education is likewise irrelevant. You can lead a horse to water, but… you know the story.

What the computer industry needs is an idiot proof system. For people who are not tech oriented, who will never care to learn, and who cause the rest of us problems, force-feed them a simple system that controls their habits. Make it impossible to do all those annoying things that create havoc and cost billions. In other words, allow only executable code to run that is pre-installed on the computer. Any downloaded applications would not run unless approved by a certified technician. No script would run from a web site unless pre-approved.

Will this ever happen? Of course not. How would an industry as big as security continue to make all those billions?

Related posts:

1. Who Owns The Bible?I can say with certainty that I am not now, nor will I ever be...
2. The Ten Most Onerous Things In Computer BooksHal Brown on·er·ous (onÆÃr Ãs, ŽÆnÃr-), adj. 1. burdensome, oppressive, or troublesome; causing hardship: onerous...
3. Are You a Thief?Rationalization And The Art of Theft Question, do you shoplift? Cynic that I am, I...
4. Can a Computer Write Better Than You?I read in The New York Times today (April 14, 2008) that a San Diego...
5. The Ultimate Giveaway One of the BLOGS I read consistently is Zen Habits. Leo Babauta, the owner/blogger...