The future of the web rests with millions of people outside the IT industry being persuaded to take an interest security, privacy, and freedom. That's according to Mozilla Foundation executive director Mark Surman, who believes the web has reached a "seat-belt moment," where we know there are problems that need to be solved, but …
LOL... dumping IE6?
So funny, there are so many businesses out there that were sold on IE6 by MS and now are totally locked until they can upgrade their web apps because they used IE6 only crap in the site.... and how many at this moment in time are willing to put upgrading of their site in the corporate budget?
"On security and privacy maybe we need to get people to install IE 6 but you may have a totally different idea"
FFS! Did I really read that? Excuse me while I consult the omens. (shakes chicken over stones). Nope, IE6 is far too secure, modern and problem free to do anyone any good.
Key features of seatbelts...
1. All cars come with them pre-installed
2. They take no more than 2 seconds to use
3. There are hefty penalties if you don't use them
Seat-belt moment indeed
The seatbelt moment was more a case of people and governments seeing people walking away from accidents that should have, but didn't, kill them because of seatbelts; and legislation being requested and enacted on safety grounds.
There isn't really a direct parallel with the web except when key real-world infrastructure like hospitals and power get affected. People tend to care when they feel their lives or their pockets are at risk if Something isn't done. At present there's too small a risk to either.
For the most part (RoTM notwithstanding), home computers don't cause a huge threat to life, so unless there's a big threat to pockets it is going to be really hard to get users to care.
The legal attacks on filesharers may not have resulted in great reductions in sharing, but they did alter behaviour (if only to move towards more secure p2p networks). If a similar bundle of sticks could be found to alter behaviour with regards botnets etc, then people might start caring and changing their behaviour.
Seat Belts Don't Help
Seat belts don't help if car seats can break loose with the occupant strapped to it , the roof caves in or the vehicle bursts into flames. You can't just add seat belts to a deathtrap and make it safe. The problem isn't the user. The fundamental structures of the web are the problem. It's meant to be a method of displaying unsecured static documents for collaboration by scientists. It is horribly unfit for most of the uses made of it today. If we wish secure networks, then we need protocols and structures far more like the departed CCITT rules than any of the IP based networks. The people trying to figure out how to secure the Web are beat before they start, and they haven't a clue as to why. But you may as well try to fireproof a paper house.
Stick already exists.
Ready to stand corrected, but doesn't the Computer Misuse Act already include a clause about "the operator of a network or system must take all reasonable precautions to ensure security blah blah blah etc" ?
In other words, if you get zombified or malwared because you're using out of date tools, you're partially liable for any damage caused. How 'bout a big notice with words to this effect at every Currys/PCworld till in the country?
I know, totally impractical to police or enforce, but it would get the message out.
title says it all.
"...to understand what's a stake..."
I understand what's a stake: it's a sharp stick you put in the ground to tie down tents. Some people use it to kill vampires.
When I read fatuous crap like that.
I feel the urge to drive around, unbelted, in a Range Rover Overfinch 530i while smoking.
But I'm not allowed to or can't afford to. Which is sort of the point, nobody's really going to give a toss without legislation somewhere along the line. I wear a seatbelt 'cos I'm fairly likely to be fined for not doing so*, not by choice. I don't drive a car with a 5 litre V8 engine 'cos it costs too much, not 'cos I give a shit about global warming. Fortunately I live somewhere where fags are still fairly cheap.....
*Or have some beeping noise and/or flashing light get on my tits.
Ignoring IT is AI Perfect Whether Front for an Alien Takeover of Vital and Virulent Viral Systems
"Mozilla: Web's future rests with millions outside IT" ...
I disagree fundamentally with that proposition and would share that IT's Future rest in the hearts and minds/brains of a very select Few into IT and the Virtual Creation of Futures via the Manipulation of Media Programming. The millions/billions outside of the Control Bubble will then be immaculately shepherded into their more natural, albeit Artificially Created Comfort Zones for further Sublime Programming and Edutainment ...... 21st Century Networked Learning Areas/SurReal NeuReal Time Zones.
And you may like to consider that it is a Present Project already Running Deep and Stealthy in IT ..... and although Alien to many, well enough known to be the Novel Reality Transparently Shared with millions/billions in BioLogs and Blogs ..... the New Real Control Paradigm resting with millions/billions.
Time for the ISP to get involved
Since virtually all malware is internet-sourced in some way, most "internet security" packages are actually internet filters. There is no technical reasons preventing:
1) The ISP implenting malware detection in all inbound IP streams, and
2) Using simple heuristic detection methods to spot infected PCs.
Microsoft and Google could do something useful
As Google and Microsoft are major web-site destinations (for their search facilities, if nothing else), they do get a large number of users accessing them regularly.
They could do something useful, with that, and correlate IP addresses against spam mails they've seen (both operate popular mail-receiving services), "door-knocking", and the like, and help root-out bot-net infested, compromised machines. (ISPs should be doing this too, but we've seen that most of them are as much use as a chocolate teapot.)
I realise it wouldn't catch all systems in all territories, but it'd be a bloody good start.
And bloody ActiveX too
I've got friends who are semi net-savy, at least to the extent of inviting me round to check Windows was configured properly and locked down, firewalls and AV installed, before they plugged an ethernet cable into the PC.
I connected their PC unprotected once just to show the dangers and it got pwned within ten minutes of just sitting there.
You'd think they'd know better but they bought Windows Vista laptops then bizarrely and illogically threw all caution to the wind with the excitement of 'portable computing power'. Plugged in and away they went, browsing pr0n sites and other places that are notoriously dangerous, clicking on email attachments with the anticipation of seeing someone or other naked. Seems computing from a sofa is somehow thought safer than from a desktop.
It was frightening to see what holes they had left wide open when I ultimately had to fix the mess and found out what they'd done. Rather ironically, considering the risk they put themselves at, they won't use wireless lest someone should snatch their credit card PIN over the air. Ho hum.
If people of this calibre can fail so badly, it doesn't surprise me the zombie masters are having a field day.
Who fits seat belts?
It seems that manufacturers of cars fit seat belts so are we arguing that Microsoft and all have secure OS'es tostart with?
Personaly I thing whe analogy is bad because people are genrally not looking for ways to brake seat belts but they are constantly changing the way they attack PC's on the internet.
People just don't care.
I talk online to people from all over the world about computers and the non-geeks regularly say things like "I had to reinstall windows because I had a virus that had been bugging me for weeks." -- never mind that they may have used their credit card in the mean time. Some even wait until their PCs are almost falling over under the weight of malware, adware and browser "helpers" before they do anything about it .
I think unless the BBC news starts running stories like the Click botnet report on manstream news people will continue to think that IT Security doesn't apply to them.
the public just don't care
After talking to a number of non-ITers about security and safety I've come to realise that as long as it seems to work, they don't care about anything else, and aren't willing to learn. Even if they suspect their machine is being used for spamming, they won't get it checked out (I've offered for free) because it doesn't much affect them.
Nothing will shift them. Change has to come from the outside, by imposition of common-sense standards (as per Jeff & Boris the Cockroach) and legal sanction. Not that the gov't will have the guts to do that. Nowt will change until the problem gets big enough and explodes. A bit like the financial crap that's ongoing. Same cause too - apathy.
Re: Specialist Knowledge
You beat me to it... yeah WTF?!?! Surely that should be upgrade to IE8??? *looks confused as hell*
Hit them where it hurts?
I've come to the conclusion that internet users who aren't IT enthusiasts or professionals are driven primarily by two incentives:
1. Getting things done as quickly and with as little excess mental effort as possible, and
2. Getting things done cheaply or, better still, free.
Of course these are the incentive combinations that result in people plugging their new broadband modem straight into a USB port before heading to www.dodgypr0nsite.com with an unpatched OS and an unsecure browser, or installing a badly configured Limewire to quickly get their fix of MP3s "because that's what everyone else I know uses."
Yes, they'll get their "free" music and copious GB of whacking material and think they're being so clever, but it's the likes of you and I -- the sort of people who read these pages -- who end up picking up the pieces when our friends computers start groaning under the weight of months' worth of malware.
Tackling the problem of user insecurity boils down to manipulating these two incentives.
The first one -- convenience -- is a really difficult nut to crack. I'm sure we've all had similar experiences trying to explain to our friends and colleagues why it's important to keep the OS up to date, to secure our browsers, to backup our data, to modify our online behaviour to limit the risks. The problem with this strategy is that the upside carries with it a cost, the cost in time and effort to learn, introduce and maintain these policies. You or I would see this as worthwhile, but most non-IT folk don't. And the flip-side -- the inevitable box-o'-malware that results from not doing it -- isn't nearly so much of a disincentive to these same users because we are the ones who sort their systems out when they go tits up. All they lose is a day or two's access while their geek friend disinfects their system, then off they go again.
The second incentive -- monetary cost -- is arguably easier to manipulate but because it effectively involves telling our friends and family to go fuck themselves it's unlikely to have much take-up. Because we, as friendly neighbourhood 'computer whizzes', are part of the problem here. When it all goes wrong we fix it, and more often than not for free. OK, so your friend might cough up for a couple of pints the next time you're down at the local. Or a member of your family might get you a gift as a thank you for sorting things out. But these aren't perceived as a cost per se; it may even be that they're seen as a sort of sweetener, a means of assuaging guilt while keeping you ready for the next time their computer throws a wobbler. In most cases any payment certainly won't be as great as that charged by The Tech Guys, and arguably the standard of work will be better since you're more likely to take care over not erasing your friends' data or settings.
So here's the solution. The next time someone comes to you with a PC problem take a quick look and, if the problem is obviously self-inflicted, tell your friend to take a hike and point them in the direction of the nearest PC World or local repair shop. When they return £100 out of pocket, with a fully working PC but without a shred of the data that was once on it, explain that this is how the real world works and that you'll help train them in all the methods that will prevent it happening again. It's cruel, but perhaps with five years of work erased and a gaping hole in their wallet, they'll be more likely to listen the advice they ignored for so long.
And bloody HTML emails as well
Did anyone notice that the onewebday.org site has been cracked/hacked and apparently defaced by an illiterate pro-Iranian who calls themselves "NobodyCoder" ?
What was that message about security/safety on teh interwebs?