A Non Techie’s View Of Computer Security – Is He Right?

typical-user-2.jpgI’m often critical, on this Blog, of the typical computer user’s laissez-faire attitude toward computer security on the Internet.

I’ve never been shy in making the point that  it seems to me, no one wants to take responsibly for the abysmal state of Internet safety and security. Not governments; not software developers; and least of all Internet users’.

But, there’s a problem with this type of straight line thinking. Like many who have a high level of knowledge in various aspects of technology, including computer security, I occasionally forget that issues surrounding technology are rarely as simple as they sometimes appear to be.

Several years ago, shortly after I wrote an article  “Facebook – A Scam/Spam/Phishing Factory?”, Wendell Dryden, a fellow Blogger from Saint John, New Brunswick, Canada, commented on the Facebook article.

See what you think.

My perception is that most people still see the computer as a kind of entertainment device, with an attached cell-phone like feature. Computers are for playing, chatting, watching short clips, listening to tunes….

If people don’t take internet security (or pc maintenance) seriously, it’s because they don’t think of the computer as a serious device.

Some of this is related to our cultural laziness around safety and prevention. People are routinely reckless with automobiles, decline to clean out the lint catch, and mishandle loaded guns.

But, mostly, I think computers are thought of like television or boom boxes… fun while they work.

My frustration is with government, health and educational institutions that push people to use the internet as though it were as secure and straight forward as a hard-line telephone.

I also think an extra burden of responsibility should be placed on any company or organization that promotes, and then facilitates, monetary transactions.

In short, an outfit like Facebook has no business asking – or even allowing a place for – things like street addresses, date of birth or credit card numbers on its hyper-connective site. If people choose to post those things on their wall… well, that’s a different matter. But otherwise, there ought to be a legal responsibility to not ask for certain kinds of private information.

Idealistic, or what!

I tend to think that Wendell has a good grasp of some of the real issues surrounding the lack of concern for computer security that a typical user exhibits.

What’s your view?

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

13 Comments

Filed under cybercrime, Interconnectivity, Point of View, Windows Tips and Tools

13 responses to “A Non Techie’s View Of Computer Security – Is He Right?

  1. Mal

    Hi Bill,

    I think Wendell is spot on. Although we, as individual users have a responsibility to educate ourselves and run appropriate security software, the business/corporate world do too. And most of them are failing in that responsibility. For instance, well known websites of big companies with links to Adobe reader is pathetic, knowing what we know about Adobe and its flaws. Here in Australia our Social Security offices virtually compel people to use online services for everyday enquiries/transactions. Do they think everyone is tech savvy and security conscious? They just have a few weasel words on their site about the need to download security software, with links to AVG or something like that. We all know that one security product isn’t enough on todays internet, but they don’t mention this.

    That’s just a few example that make me bloody mad.

    I will shutup now lol.

    Cheers

    • Hi Mal,

      LOL Don’t shut up. You’re a terrific ambassador for doing things the right way.

      You bring up a great point – I know a ton of sites for which the visitor HAS to have Adobe installed (usually a Bank, or government office; as you describe. I can’t see this changing until we have a class action lawsuit for damages caused by infection due to the sloppy security practices of these entities.

      Best,

      Bill

  2. Mister Reiner

    The question that comes to my mind is, are people able to learn complex concepts related to computer security – or are they just simpletons destined to be taken advantage of by cyber criminals and trouble makers? I’m starting to think that the latter is true. What do you think the average computer literacy score is to do basic things? Then factor in the literacy score for more complex tasks. Is any expectation of the general public being able to properly secure their computers misplaced? I beleive so. But I don’t think comparing a computer to a entertainment device is an accurate analogy. Nothing to be secured in the real world comes close to the knowledge required to properly secure a computer. As far as most people are concerned, computer security will contine to be rocket science.

    • Mr. Reiner,

      I think Wendell’s point in comparing a computer to an entertainment device was well made, when you consider the balance of his proposition* – “*If people dont take Internet security (or PC maintenance) seriously, its because they dont think of the computer as a serious device.” There’s a certain logic there.

      However, I do have to agree with your observation that “Nothing to be secured in the real world comes close to the knowledge required to properly secure a computer.” And, taking into account the number of average users who have no idea that a right click context menu exists in most applications – as one example of the lack of computer literacy, I have no doubt that your observation “As far as most people are concerned, computer security will continue to be rocket science”, is correct. The continued success of cyber criminals is evidence of that.

      The only viable solution, as you have noted in your article Is it possible to engineer a computer that is 100% secure? * (http://misterreiner.wordpress.com/2010/08/30/is-it-possible/),*is to do just that.* *

      I hope all is well with you.

      Bill

      * *

  3. Pingback: Computer Security

  4. Pingback: Tweets that mention A Non Techie’s View Of Computer Security – Is He Right? « Bill Mullins' Weblog – Tech Thoughts -- Topsy.com

  5. TeXaCo

    Hey Bill,

    Wendell Brings some valid observations about people who don’t take the computer seriously and think of it as an entertainment device. But I think that is the problem in a nutshell, It is up to the user for any piece of equipment to know it’s capabilities, limitations and safety precautions.

    People get hurt everyday by everything from guns, lawnmowers, cars and anything else you can imagine because of not caring enough about the dangers that come along with whatever product they may be using and this includes computers.

    I don’t believe it is up to the government to make sure you understand the dangers of the internet.
    Although It would be nice if the financial institutions were more diligent in being secure but that is not something anybody should count on.
    Again, the ultimate responsibility has to end up with the user.

    If I ride a bicycle down the street recklessly and get hit by a car, I sure can’t be mad at the driver who hit me. I need to own up to the responsibility that it was my recklessness that caused the accident in the first place.

    Same with a computer. It may sound a little harsh to some people but that’s the way I feel about it.

    As always, great article

    Tex

    • Hey TeX,

      One of the downsides to living in a “nanny” state is, we have come to expect the government to step in when a threat to consumer safety is recognized, and to pass appropriate laws to enhance our safety. Despite that, as you point out, “People get hurt everyday by everything from guns, lawnmowers, cars ……”. As you further point out, the lack of acceptance of responsibility is often the culprit.

      Expecting the government to ensure a users safety on the Internet is simply a non-starter – the problem is so entrenched in the base technology that laws cannot have impact. Taking personal responsibly (as you point out), at this point, is the only solution – and only a partial one, at that.

      Best,

      Bill

  6. Hi Bill,
    I have a friend who, before he became sick in the early 2000’s worked for Intel helping design the inner workings of their processors. He has large models framed on his wall with every chip they made between the 386 and the early Pentium 4’s provided by Intel to the design teams.
    But computer security… forget about it. He can program like nobody’s business but he still runs XP with IE6!!!
    He makes me crazy. He thinks I’m an alarmist. He has Norton Internet Security and thinks that’s fine.
    So people who don’t get security are not stupid, they may be naive at computer security but be perfectly brilliant in professions way over my my head. Our job is to keep on fighting the good fight, and try to get people to at least surf safe, keep Windows updated and running some sort of security software. My friend has manged to stay unhacked for now, he updates Windows and he would never surf porn or click on attachments in an email, sometimes that’s all it takes.
    Mark
    Mark

    • Hi Mark,

      I can see how that might make you crazy.

      I can understand how users might not want to accept the fact that the Internet is a swamp, populated by those whose intent is to cause others harm. There is a certain ingrained goodness in most people, that can often interfere with accepting the reality of current conditions on the Internet. You and I see this played out frequently.

      Your friends view that you’re an alarmist, is just one more manifestation of this refusal to accept the reality that each time he interacts with the Internet, he is potentially on the road to becoming a victim of cyber criminals. While he may feel confident that by not surfing porn, or by exercising caution with email, he’ll remain relatively secure, you and I know that’s not enough.

      You’re right in stating – “Our job is to keep on fighting the good fight.” Although, I must admit, it’s not getting any easier.

      Best,

      Bill

  7. John Bent

    Hi Bill

    Speaking as a non-technical member of the general public I can say for certain that computer security need not be rocket science. There is no shortage of sites offering information and help, all that is required is a desire to learn on the part of the user. That desire comes about through education, which appears to be sadly lacking. Blogs like yours do a great job of giving information in a non-technical way and pointing people towards security solutions that are often free of charge. However people need to be motivated to seek out this information and I believe that is where the education is lacking. A small example – I don’t recall ever seeing an advert on national TV in the UK for an internet security product, with the possible exception of Trend Micro, which was aimed at business users. Most people easily adopt ever-changing technology platforms and so are eminently capable of understanding the need for security and how to improve it. There will always be some who can’t be bothered or just don’t want to know. Don’t you just love human nature!

    Keep up the good work.

    Kind regards

    John

    • Hi John,

      Part of it, I think, is the tech savvy generation myth. Supposedly, those who began using computers in their formative years are computer literate, and technically competent. As a result, (supposedly), when they surf the Internet, they can identify and handle the dangers and pitfalls.

      Unfortunately, the reality is somewhat different. Theres a major lack of knowledge and skill relating to computers/connected devices, and security, in the tech savvy generation. Unfortunately, I find that not only does the tech savvy generation not know what they dont know they dont want to hear about it because developing knowledge is hard work which requires time and effort.

      I stopped keeping track of the number of times I’ve heard this from a teenager, as I’m rescuing their malware corrupted machine at the behest of a parent – “Nah, I don’t need to know all that stuff. I know what I’m doing.” Which of course always led to the question – “Then please explain to me what I’m doing here? Why did your father/mother find it necessary to ask me to grant this favor?”

      The cause of all this: The “tech savvy generation” believing the myth”. The lack of willingness to do the “hard” work. The lack of the required critical thinking skills need to both identify a problem, and develop a solution.

      I am not a fan of the education system in place in North America. We have managed, during the last 20 plus years, to turn out large numbers of uneducated, socially irresponsible, non performers.

      Best,

      Bill

  8. John Bent

    Hi Bill,

    Not that it’s any consolation to you but your comments about education apply equally in the UK. Remains to be seen whether our new coalition government will help create an environment in which teachers are free to teach. Social responsibility, though, has to start in the home. The net has a big part to play in this. People must realise that it is not cool to post anything and everything online and that actions have consequences. A recent sad example is that of the student who committed suicide following compromising footage appearing on a social networking site.

    Kind regards

    John