Should We Blame Security Victims?

from the where-to-place-the-blame... dept

There is always something of a back and forth on who to blame whenever a big virus goes around. Is it the fault of a company like Microsoft for not creating their software in a way to better protect against such things? Is it the fault of anti-virus software vendors who are always a step behind the latest virus? Or, is it the fault of the end-user who is convinced to click a strange attachment despite thousands upon thousands of warnings not to? Walt Mossberg recently wrote a column calling for techies to stop blaming the victims. Instead, he blames Microsoft and calls on them to create a one-stop shop for protecting end-users from any and all security problems. Now, Tim Mullen has struck back and pointed out that people should stop being victims if they want to use computers and the internet. He points out, first of all, that Mossberg's vision of the perfect security protection system is impossible. Furthermore, he explains that no one is expecting end users to become system administrators, but to just do a few basic things to secure their computers from the most obvious of malicious attacks by installing basic anti-virus and firewall software (though, these days, you also need anti-spam software, anti-spyware software and anti-phishing software to really be complete). Mullen's point, however, is that we expect a basic level of competence to drive a car without hurting themselves, or to cook meat without giving themselves food poisoning. Thus, is it really that much to ask users to secure their own computers? The answer, of course, probably lies somewhere in the middle. Software companies and, increasingly, internet service providers, are going to be expected to do more to stop malicious attacks in their tracks - but end users should be expected to handle basic protection of their own machines. Besides, if we really must blame someone for all these malicious attacks, shouldn't it be those who are actually creating them?
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    thecaptain, 28 Apr 2004 @ 5:53am

    No Subject Given

    I agree a lot with the second article.

    Yes, the attackers SHOULD be blamed, let us never forget the crooks and the anti-social losers on the net who like to steal or destroy or just simply ruin the experience for as many people as possible.

    That said though, let us not forget personal responsibility either...which so many want to do (oh please Microsoft, protect us from the bad hackers).

    Yes, technically, Microsoft has a LOT of holes...whether they can do anything about that is for another discussion, and whether they are at fault is also for another discussion.

    However, its not brain surgery to learn how to use your computer properly, how not to give away your personal info to every pop up window that appears and how NOT to believe every damn email you receive in your email (especially those stupid "forward this to everyone you possibly can!" idiocies). Its not brain surgery to learn about spyware and viruses and to keep your scanner up to date. Its not even brain surgery to install a firewall like zonealarm if you MUST use windows. If my SO's grandparents and my parents can do it, so can anyone.

    These things won't keep you 100% safe, its not foolproof, just like a safe driver can have an accident, so can you still run into trouble...but the risk to your PC and others is very much reduced.

    To those who say they can't be bothered, or that its too hard and that it should be easier and that its not their job to learn how to do this...perhaps I can suggest the following:

    Pull out your computer's plug, put it back in the box and get a refund...you don't have enough brain cells to be on the net. You are a walking target that not only is a risk to yourself, but also a hindrance to my connection because your machine is flooding the bandwith with your spyware and your infections. I have no pity for you whatsoever.

    link to this | view in thread ]

  2. identicon
    AMetamorphosis, 28 Apr 2004 @ 7:08am

    Yes I did ...


    Wow ...

    That was so good I need a cigarette ...

    BRB ...

    link to this | view in thread ]

  3. identicon
    Tony Lawrence, 28 Apr 2004 @ 8:36am

    Re: No Subject Given

    Well, I don't disagree, but the fact is that stupid people use computers.

    I like ease of use too, but sometimes I miss the old days where it was relatively difficult to get your system connected to the Internet - where you needed some intelligence just to get that far!

    People don't choose not to be smart. Microsoft made easy to use systems; people who need easy to use systems because they aren't particularly bright are going to use them. It's not fair to expect much from them beyond that.


    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 28 Apr 2004 @ 9:01am

    Re: No Subject Given

    I miss the old days where it was relatively difficult to get your system connected to the Internet - where you needed some intelligence just to get that far!

    But with the simple to use Internet, you can come here and read Dorpus's missives here on techdirt.

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 28 Apr 2004 @ 9:17am

    People don't realise they're running this stuff

    I was grep'ing through my web logs the other night for CodeRed attacks, and found 7 different source IP's (jees, people still haven't fixed CodeRed?!)

    A quick nmap of them found that they all had all ports open.

    I even wget'ed a couple of them and got a "coming soon" web page back, so they were running IIS without realising too (so I guess they were 2K/XP boxes).

    I think a lot of blame has to be put with MS's default settings, also ISP's should be providing a router/firewall with all broadband accounts - no Windows box should be directly connected to the internet.

    link to this | view in thread ]

  6. identicon
    Ed Halley, 28 Apr 2004 @ 9:25am

    No Subject Given

    There are two separate issues, and I'll use an analogy to describe them.

    First, the city IS responsible when it knows that a certain dark alley is the site of muggings every evening. The city should enhance its security to patrol and prosecute.

    Second, the lady who is mugged in that dark alley is not at legal fault even if it's clear that she could have taken more precautions. "She was asking for it, walking alone and wearing those clothes like that" is an antique barbarism.

    However, the city's "enhanced security" rightly can and should include a campaign to educate potential victims before they become actual victims. Awareness, purpose, and defensive training each mitigate some of the risk of being out in public.

    link to this | view in thread ]

  7. identicon
    thecaptain, 28 Apr 2004 @ 10:19am

    Re: People don't realise they're running this stuf

    My ISP refuses to do anything about them (not even so much as NOTIFY the users). I get nailed by CodeRed several hundred times an hour.

    Since I *do* communicate with other users on that network, banning/blocking at the IP level (which means a list-length in the 5-6 digits) is not practical (since they use dynamic IPs...once I got assigned an IP I had banned previously..fun fun fun).

    Just blocking/dropping/denying the requests keeps me safe but doesn't reduce the traffic on the modem.

    I'm at the point where I just want to knock 'em off the net myself...leave a little popup telling them to "Hey moron! Clean up your machine!"...that sort of thing.

    I haven't done that yet...that being illegal really...but boy do I ever want to.

    link to this | view in thread ]

  8. identicon
    Zora Smith, 18 Aug 2004 @ 1:13am

    -

    Armor2net Personal Firewall has an easy-to-use interface and is very intuitive. Unlike most of its competitors, Armor2net is truly ¡°intelligent¡± firewall software that allows many of its functions to be automatically processed. The application is perfectly suited for home and office and for new users.
    For more information, please visit: http://www.armor2net.com

    link to this | view in thread ]

  9. identicon
    Armor2net, 21 Oct 2004 @ 12:37am

    Re: No Subject Given

    Armor2net Personal Firewall software provides a complete spectrum of Internet security and Internet privacy for computers. The program protects the computer from hackers, data thieves, and other Internet-based dangers.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.