Bruce Schneier, Marcus Ranum debate home users and security


This article can also be found in the Premium Editorial Download "Information Security magazine: How to dig out rootkits."

Download it now to read this article plus other related content.

This isn't simply an academic problem; it's a public health problem. In the hyperconnected world of the Internet, everyone's security depends in part on everyone else's. As long as there are insecure computers out there, hackers will use them to eavesdrop on network traffic, send spam and attack other computers. We are more secure if those home computers attached to the Internet via DSL or cable modems are protected against attack. The only question is, what's the best way to get there?

I wonder about those who say "educate the users." Have they tried? It's unrealistic to expect home users to be responsible for their security. They don't have the expertise, and aren't going to learn. And it's not just user actions we need to watch; computers are insecure out of the box.

The only way to solve this problem is to force the ISPs to become IT departments. There's no reason they can't provide home users with the same level of support my IT department provides me, or a "clean pipe" service to the home. Yes, it will cost more, and require changes in the law to make this mandatory. But what's the alternative?

In 1991, Walter S. Mossberg debuted his Personal Technology column in The Wall Street Journal with the words, "Personal computers are just too hard to use, and it isn't your fault." Sixteen years later, it's doubly true when it comes to computer security.

If we want home users to be secure, we need to design computers and networks that are secure out of the

    Requires Free Membership to View

box, without any work by the end users. There isn't any other way.

This was first published in September 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: