Bruce Schneier, Marcus Ranum debate home users and security


This article can also be found in the Premium Editorial Download "Information Security magazine: How to dig out rootkits."

Download it now to read this article plus other related content.

Home users: a public health problem?

Bruce Schneier

Point To the average home user, security is an intractable problem. Microsoft has made great strides improving the security of its operating system out of the box, but there is still a dizzying array of rules, options and choices users have to make. How should they configure their antivirus program? What sort of backup regime should they employ? What are the best settings for their wireless network? And so on.

How is it possible that we in the computer industry have foisted on people a product that is so difficult to use securely, it requires so many add-ons? It's even worse than that. We have sold the average computer user a bill of goods. In our race for an ever-increasing market, we have convinced every person that he needs a computer. We have provided application after application--IM, peer-to-peer file sharing, eBay, Facebook--to make computers useful and enjoyable to the home user. At the same time, we've made them so difficult to maintain that only a trained sysadmin can.

And we wonder why home users have such problems with their buggy systems, why they can't seem to do the simplest administrative tasks, and why their computers aren't secure. They're not secure because home users don't know how to secure them.

At work, I have an IT department I can call if I have a problem. They filter my Net connection so I don't see spam, and most attacks are blocked before they get to my

    Requires Free Membership to View

computer. They tell me which updates to install. And they're available to help me recover if something happens to my system. Home users have none of this support.

This problem isn't going to go away as computers get smarter and users get savvier. Next-generation computers will be vulnerable to different attacks, and next-generation attack tools will fool users in different ways.

This was first published in September 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: