Most computer users have been lulled into a false sense of computer and Internet security, due largely to over-blown marketing hype from the computer industry. They think that if they’ve got the latest security “suite” installed, or are using the latest “Wow” operating system then they are immune to the Internets’ many dangers. All too often I find it necessary to shock my clients back to reality by saying, “Do you know why your computers have so many problems? Because, your security stinks.”
Although the principles apply to most any corporate or enterprise environment, the information in this series of articles is aimed at home and small office users of Microsoft’s Windows 2000 and XP. If you’re still using Windows ME or 98, then it’s time to grow up. I also will not address Windows Vista because, in my opinion, until Microsoft releases Service Pack 1 for Vista, it’s not really ready for prime time.
Over the years I’ve identified seven key areas that must be addressed before you can have computer security that doesn’t stink. They are: education, behavior, software, updates, settings, networks and scans. You can have all of the automatic anti-everything software in the world installed, but if you ignore one of these seven areas you’re asking for trouble. Total security is an impossibility. Still, if you’ll give due diligence to the basics, you’ll usually be in pretty good shape and at least your security won’t stink. Key Area Number One is education.
When it comes to the basics of computer usage and security, the general public is woefully ignorant. Few realize that a computer is a dangerous tool, capable of inflicting great harm, not only on the user but also on those around him. As an amateur woodworker recently posted to Gibbsblog, “… if computers were like table saws, we’d have a country full of people named ‘Lefty’.” Yep, there’s ole’ Lefty. Forgot to pay attention to table saw safety and chopped his hand clean off.
Many factors contribute to this sorry situation, the two greatest being user apathy and manufacturer greed, with manufacturers bearing the greater burden. Manufacturers, in their rush to make a buck, shove dangerous products out the door and onto supermarket shelves without providing any real education to their customers. Burying vital security information inside of hard-to-understand PDF-encoded help files on a CD is a cheap cop-out. Think about it — most users don’t even know what to do with a CD if it won’t autostart under Windows XP. I’d really like to see an operating system or wireless router that won’t even boot until the user views a tutorial and passes a quiz.
User apathy is a condition that I lay at the feet of manufacturers, the media and movies, although users still bear some responsibility. Users are apathetic because, most of the time, they don’t feel any pain as a result of their ignorant behavior. Most computer crises are the result of cumulative problems, rather than one single event. This allows users to shuffle along their way, merrily opening email attachments, clicking on malicious links and downloading screensavers before reaching full system meltdown. They behave this way because manufacturers, the entertainment industry have conned them into believing that computers are magic. Most users think that their computer should at least be as smart as Star Trek’s Commander Data. Sorry, Charlie, computers aren’t even as smart as insects.
Next week: Internet security education and user behavior.