In Gilbert <
[email protected]> had this to say:
My reply is at the bottom of your sent message:
But when you consider that the World Wide Web has become a (virtual)
shopping centre, why shouldn't there be some onus on virtual
shop-owners to maintain adequate safety standards for their
customers, as there is in the 'real' world? Of course, shops are not
responsible for crimes committed on their premises, but they do have
a duty of care to customers to offer a safe and secure environment -
I'm thinking of fire protection in particular, fire alarms, fire
escapes, etc. I don't expect to have to wear fire-protective clothing
when I go to a (real) shopping centre, why should I on the web?
(Nevertheless, I do use AV and a firewall, but you get my point...)
Gilbert
I get your point and agree. Oh do I agree... I also think that there should
be some sort of licensing agreement between the PC user and their government
that makes them accountable for their own computers and that they need to
adhere to standards as well as pass various tests to be allowed to do
different things with their computer. Sadly, I'm not kidding... We're
required a license to hunt, to fish, to drive a car, to operate an ATV, to
marry, and many other things but we've the power to install all sorts of
malware on our system and propagate it across the globe freely which is
potentially harming other people's computers.
Okay... So I'm not really sure I agree with that but I'm hoping that you see
my point.
You mention the "World Wide Web." I agree. It's world wide and as such we
need to accept that there's currently no legislation in place (and no
treaties to enforce them) that would enforce this onus. I know that I
enforce it by not shopping at sites which don't offer 128 bit encryption and
don't have a certificate that matches the rest of their information and I
don't buy or recommend software that's malware. I think it's up to us to
force the issue by simply avoiding things of this nature. I'd never, for
instance, buy a product recommended in a SPAM email nor would I host with a
site who was also known to be affiliated with SPAMMERS. The shops do have
reasonable protection but the internet isn't just shops but rather a
collection of shops, museums, homes, lurkers, and all that. I truly like the
superhighway analogy of yore. We are citizens on that highway and it's our
responsibility to insure that our vehicle is safe to traverse the highway.
It's the hardware vendor's responsibility to provide you with hardware that
will last. It's the OS's authors responsibility to provide you with an OS
that's as secure as they can make it while still allowing reasonable use.
It's the OEM's job to put it all together in a package that fits your needs
and then support it. It's all about ALL of us accepting responsibility. If
people stopped buying products from SPAM they'd stop sending it. They
wouldn't send it if it wasn't profitable. If people stopped downloading
malware they'd stop writing it. If people stopped clicking OK on everything
they see they'd stop ad supported software. If people started to monitor
their internet traffic and scanned files before installing them (or even
Googled to get other people's opinions) they'd stop coding spyware because
it wouldn't get them anywhere... (Don't get me wrong. Two things. This won't
happen overnight. They'll find new ways.) In the end it boils down to
education before use, to being aware, and to thwart threats before your
infected. We... You... Me... The coders... The other end-users... We all
have a responsibility to the community and we have to do our part to stop
this. Using, as you said, a firewall and an AV product is a good start. I'd
toss a trojan and spyware specific application on top of them and use a
software firewall with a decent router just to be sure but hey, it's a start
and a heck of a lot better than some people do. Time and time again you read
"I stopped updating my AV because it was <insert anything here, cost too
much, taking too long, too much of a hassle>. You hear, "What's a firewall?"
You hear, "I installed a firewall but I gave suchandsuch.exe access because
it kept asking me." What I don't hear is, "I just installed a firewall and
now I want to configure it to meet my needs, how do I do that?" I'd love it
if I heard, "I just updated my AV software and want to know if it's actually
working, does anyone know where there's a test file?"
This is, of course, the newusers group... I'm unlikely to hear those in here
but I don't hear them in the other groups very often either. I'm usually a
very liberal person but there should be some sort of EFFECTIVE world wide
consortum to enforce standardization of safety regulations and minimum
security guidelines as well as policies for dealing with infractions. What
we have online now is nothing short of anarchy in most places or agressive
dictatorial oppression and neither is acceptable in my opinion.
It has been said by people wiser than I that anarchy leads to true freedom
so we'll have to see what happens.
Galen
