Sadly, there's no magic bullet for computer security. Users themselves must take responsibility to ensure their computer systems are protected. But sadder still, too few do just that -- take the time to download the latest security updates or install firewall and other security software (not that the manufacturers of these products make them particularly easy to install...).
After the "Slammer" worm slammed computer systems worldwide in January 2003 -- an outbreak made possible by the fact that many server operators failed to download and install the latest patches -- I wrote that the attack "reminds us that human error and oversight remain a significant threat to the global computer network." That's the situation today -- either take responsibility for protecting your computer (or your company's network of computers) or face the consequences of data theft or worse.
Wired for Security (washingtonpost.com, Jan 20, 2005)
Video Game Dream Team (washingtonpost.com, Jan 18, 2005)
A Failing Upgrade for the FBI (washingtonpost.com, Jan 14, 2005)
New Year's Hacks (washingtonpost.com, Jan 13, 2005)
Apple Goes Budget Friendly (washingtonpost.com, Jan 12, 2005)
More Past Issues
This is a message I have emphasized in a number of my columns over the past several years, though I realize it is easier advice to give than to follow. Even large organizations with plenty of IT gurus on staff fall prey to the dark side of our super-connected world. Early this month, hackers gave George Mason University a security wake-up call when they tapped a campus computer system and swiped Social Security numbers and other personal data from some 30,000 employees and students.
While a number of my Filter columns in 2002 dealt with cyber-security issues, most focused not on the consumer, but on the government's efforts (or lack thereof) to better secure the country's IT infrastructure. A column from Nov. 27, 2002, mentioned the high hopes of some Washington lawmakers, noting that "one piece of the newly signed Homeland Security Act will create a national guard of technology workers who would be called upon to keep critical communications and electronic systems running during and after terrorist attacks or other national emergencies. That national technology guard idea was originally introduced by Oregon Sen. Ron Wyden (D) after the Sept. 11 attacks."
I haven't seen any signs of that "technology guard," have you?
And it's sometimes hard to believe Uncle Sam will ever do an adequate job on cyber-security when he can't seem to keep a cyber-security chief in office. Last October, Amit Yoran became the third Homeland Security cyber chief to resign in less than two years. After Yoran's departure, Paul Kurtz, executive director of the Cyber Security Industry Alliance, told The Washington Post that "Cyber-security has fallen down on that totem pole."
That's an understatement. It's not enough to just print up a bunch of copies of its cyber-security strategy. The Bush administration needs to make cyber-security more of a priority and enlist the private sector's support. And it seems that Corporate America is finally willing to cooperate with the government on IT security.
Much of my writing on cyber-security has dealt with Microsoft, the company whose software powers more than 90 percent of the world's PCs. In the past few years, the company has said it is making it a top priority to overhaul the security of its products as it seeks to gain more trust from users.
Microsoft's Scott Charney, now head of the company's trustworthy computing effort, joined me online for a Web chat about computer security in Sept. 2002. When asked about security flaws with Microsoft products, Charney wrote: "Microsoft is committed to securing its products by design and by default, which means products will increasingly be shipped in a locked-down, secure state. And Microsoft is absolutely committed to quickly patching vulnerabilities when found. The difficulty is, software tends to be very complex, and today it's virtually impossible to release bug-free software. But we are also working on long-term research, along with others, on how to build more secure software and keep it secure."
The company has certainly taken steps to speed the rollout of security fixes for its software, but the fact that hackers keep finding vulnerabilities in Windows certainly shows Microsoft has more work to do. The rise of open-source operating systems like Linux, and the steady competition from the Apple Macintosh line of computers (fueled by iPod-mania, no less), will only put more pressure on Microsoft to secure its products.
Microsoft earlier this month unveiled free tools that let users scan their systems for e-mail viruses and spyware. Good work. Even more free security tools need to come to light soon, since the more ubiquitous they become, the more likely it is that consumers will actually use them.
True cyber-security can only come when everyone -- consumers, technology companies and the government -- make it a priority. PCs were designed to make our lives easier, not the other way around, but we'll only benefit from technology if we understand how to keep it running smoothly in the first place.
See my other review pieces on blogs and Google, which ran at the end of the most recent Filters.
Filter launched in Aug. 2002. The column is ending its run on Jan. 21. Send feedback, praise and darts alike to cindyDOTwebbATwashingtonpost.com. (Spammers still love to blast my e-mail address.)