Should We Blame Security Victims?
from the where-to-place-the-blame... dept
There is always something of a back and forth on who to blame whenever a big virus goes around. Is it the fault of a company like Microsoft for not creating their software in a way to better protect against such things? Is it the fault of anti-virus software vendors who are always a step behind the latest virus? Or, is it the fault of the end-user who is convinced to click a strange attachment despite thousands upon thousands of warnings not to? Walt Mossberg recently wrote a column calling for techies to stop blaming the victims. Instead, he blames Microsoft and calls on them to create a one-stop shop for protecting end-users from any and all security problems. Now, Tim Mullen has struck back and pointed out that people should stop being victims if they want to use computers and the internet. He points out, first of all, that Mossberg's vision of the perfect security protection system is impossible. Furthermore, he explains that no one is expecting end users to become system administrators, but to just do a few basic things to secure their computers from the most obvious of malicious attacks by installing basic anti-virus and firewall software (though, these days, you also need anti-spam software, anti-spyware software and anti-phishing software to really be complete). Mullen's point, however, is that we expect a basic level of competence to drive a car without hurting themselves, or to cook meat without giving themselves food poisoning. Thus, is it really that much to ask users to secure their own computers? The answer, of course, probably lies somewhere in the middle. Software companies and, increasingly, internet service providers, are going to be expected to do more to stop malicious attacks in their tracks - but end users should be expected to handle basic protection of their own machines. Besides, if we really must blame someone for all these malicious attacks, shouldn't it be those who are actually creating them?
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
No Subject Given
Yes, the attackers SHOULD be blamed, let us never forget the crooks and the anti-social losers on the net who like to steal or destroy or just simply ruin the experience for as many people as possible.
That said though, let us not forget personal responsibility either...which so many want to do (oh please Microsoft, protect us from the bad hackers).
Yes, technically, Microsoft has a LOT of holes...whether they can do anything about that is for another discussion, and whether they are at fault is also for another discussion.
However, its not brain surgery to learn how to use your computer properly, how not to give away your personal info to every pop up window that appears and how NOT to believe every damn email you receive in your email (especially those stupid "forward this to everyone you possibly can!" idiocies). Its not brain surgery to learn about spyware and viruses and to keep your scanner up to date. Its not even brain surgery to install a firewall like zonealarm if you MUST use windows. If my SO's grandparents and my parents can do it, so can anyone.
These things won't keep you 100% safe, its not foolproof, just like a safe driver can have an accident, so can you still run into trouble...but the risk to your PC and others is very much reduced.
To those who say they can't be bothered, or that its too hard and that it should be easier and that its not their job to learn how to do this...perhaps I can suggest the following:
Pull out your computer's plug, put it back in the box and get a refund...you don't have enough brain cells to be on the net. You are a walking target that not only is a risk to yourself, but also a hindrance to my connection because your machine is flooding the bandwith with your spyware and your infections. I have no pity for you whatsoever.
[ link to this | view in chronology ]
Yes I did ...
Wow ...
That was so good I need a cigarette ...
BRB ...
[ link to this | view in chronology ]
Re: No Subject Given
I like ease of use too, but sometimes I miss the old days where it was relatively difficult to get your system connected to the Internet - where you needed some intelligence just to get that far!
People don't choose not to be smart. Microsoft made easy to use systems; people who need easy to use systems because they aren't particularly bright are going to use them. It's not fair to expect much from them beyond that.
[ link to this | view in chronology ]
Re: No Subject Given
But with the simple to use Internet, you can come here and read Dorpus's missives here on techdirt.
[ link to this | view in chronology ]
Re: No Subject Given
[ link to this | view in chronology ]
People don't realise they're running this stuff
A quick nmap of them found that they all had all ports open.
I even wget'ed a couple of them and got a "coming soon" web page back, so they were running IIS without realising too (so I guess they were 2K/XP boxes).
I think a lot of blame has to be put with MS's default settings, also ISP's should be providing a router/firewall with all broadband accounts - no Windows box should be directly connected to the internet.
[ link to this | view in chronology ]
Re: People don't realise they're running this stuf
Since I *do* communicate with other users on that network, banning/blocking at the IP level (which means a list-length in the 5-6 digits) is not practical (since they use dynamic IPs...once I got assigned an IP I had banned previously..fun fun fun).
Just blocking/dropping/denying the requests keeps me safe but doesn't reduce the traffic on the modem.
I'm at the point where I just want to knock 'em off the net myself...leave a little popup telling them to "Hey moron! Clean up your machine!"...that sort of thing.
I haven't done that yet...that being illegal really...but boy do I ever want to.
[ link to this | view in chronology ]
No Subject Given
First, the city IS responsible when it knows that a certain dark alley is the site of muggings every evening. The city should enhance its security to patrol and prosecute.
Second, the lady who is mugged in that dark alley is not at legal fault even if it's clear that she could have taken more precautions. "She was asking for it, walking alone and wearing those clothes like that" is an antique barbarism.
However, the city's "enhanced security" rightly can and should include a campaign to educate potential victims before they become actual victims. Awareness, purpose, and defensive training each mitigate some of the risk of being out in public.
[ link to this | view in chronology ]
-
For more information, please visit: http://www.armor2net.com
[ link to this | view in chronology ]