Tilted Forum Project Discussion Community - View Single Post

Dragonlich · 12-03-2004, 12:30 PM

I'd say he's right. There should be some sort of effort to crack down on insecure computers, which are directly responsible for a lot of problems right now (DDOS attacks, spam, viruses, etc). They might be abused by someone, including terrorists, to further a political goal. I think it's rather irresponsible to go online with a system that's insecure, because you're not only risking your own system, but are potentially harming other people's computers too.

Now, if your OS is insecure and you can't do anything about it, that's one thing; but if there are patches to make it more secure, and you simply refuse to install them, you are being irresponsible. There are in fact many unpatched systems out there, systems that could have been secure, if only the end user cared. And no, I don't think ignorance is an excuse; if you don't know how to use a computer, you shouldn't be using it!

If we're talking about more critical systems (companies, utilities, etc), it's even worse: the owners have an obligation to protect their data and their computer systems. At the very least it's an obligation to their stockholders. I'd say governments can and should demand that such systems are properly protected, in the interest of national security. There are many laws and rules that govern what you can and can't do in the physical world (environmental demands, safety demands, etc), so why would computer security be something different? I think it's rather stupid if a company spends millions to physically protect their buildings, but won't spend a fraction of that money protecting their computer system! (Especially stupid, given the fact that a lot of secret corporate data is on those computers!)

My answers to your questions:

1) I think the government can talk to companies such as Microsoft, and ask them to improve the security. They can also go to ISPs, and ask them to take a more pro-active role in this area. After that, they can create laws that force companies to implement a bare minimal amount of computer security.

2) They wouldn't look like a totalitarian regime. It's time people started realizing that owning a computer also gives you some responsibilities. I'd say it'd be perfectly reasonable to cut internet access to computers that aren't well protected, on the basis that these computers can and will be abused. It's kind of like the government making rules about car travel, such as maximum speeds, minimum safety guidelines; if you don't follow the rules, they'll give you a ticket. Do you consider that a sign of a totalitarian regime too?

3) That's a rather biased statement, isn't it? MS' operating systems may not be perfect, but they're hardly the "least secure" OSes. But yes, they'll need to (further) improve their security, as they're doing right now. On the other hand, it's still the end user that has to update his system, and if this user fails to do that, you can hardly blame Microsoft. Which brings us right back to my initial statement: the end user is at least partly responsible.

12-03-2004, 12:30 PM	#2 (permalink)
Dragonlich 42, baby! Location: The Netherlands	I'd say he's right. There should be some sort of effort to crack down on insecure computers, which are directly responsible for a lot of problems right now (DDOS attacks, spam, viruses, etc). They might be abused by someone, including terrorists, to further a political goal. I think it's rather irresponsible to go online with a system that's insecure, because you're not only risking your own system, but are potentially harming other people's computers too. Now, if your OS is insecure and you can't do anything about it, that's one thing; but if there are patches to make it more secure, and you simply refuse to install them, you are being irresponsible. There are in fact many unpatched systems out there, systems that could have been secure, if only the end user cared. And no, I don't think ignorance is an excuse; if you don't know how to use a computer, you shouldn't be using it! If we're talking about more critical systems (companies, utilities, etc), it's even worse: the owners have an obligation to protect their data and their computer systems. At the very least it's an obligation to their stockholders. I'd say governments can and should demand that such systems are properly protected, in the interest of national security. There are many laws and rules that govern what you can and can't do in the physical world (environmental demands, safety demands, etc), so why would computer security be something different? I think it's rather stupid if a company spends millions to physically protect their buildings, but won't spend a fraction of that money protecting their computer system! (Especially stupid, given the fact that a lot of secret corporate data is on those computers!) My answers to your questions: 1) I think the government can talk to companies such as Microsoft, and ask them to improve the security. They can also go to ISPs, and ask them to take a more pro-active role in this area. After that, they can create laws that force companies to implement a bare minimal amount of computer security. 2) They wouldn't look like a totalitarian regime. It's time people started realizing that owning a computer also gives you some responsibilities. I'd say it'd be perfectly reasonable to cut internet access to computers that aren't well protected, on the basis that these computers can and will be abused. It's kind of like the government making rules about car travel, such as maximum speeds, minimum safety guidelines; if you don't follow the rules, they'll give you a ticket. Do you consider that a sign of a totalitarian regime too? 3) That's a rather biased statement, isn't it? MS' operating systems may not be perfect, but they're hardly the "least secure" OSes. But yes, they'll need to (further) improve their security, as they're doing right now. On the other hand, it's still the end user that has to update his system, and if this user fails to do that, you can hardly blame Microsoft. Which brings us right back to my initial statement: the end user is at least partly responsible.