Thursday, 16 October 2008
Personal computer security
Surveys show that there is a great misunderstanding and general ignorance about security on personal computers. For instance, many people asked think their systems at home are protected by a firewall when the firewall is actually not enabled, or that because they have installed some virus protection software that they have done everything they need to do. The general awareness of the public about how to be as safe as possible when using a computer online is actually very poor. And on top of all of this, messages produced by software that runs on many personal computers which ask users to make a choice actually give totally inadequate information for people to make this choice rationally. For example, the Windows XP system may announce to the user that updates are available for your computer... do you want to install them Y/N? Many people have no notion of whether it is wise to say yes or no! And there are many more technical messages that get issued which describe something that has been detected as happening and ask for the user to confirm some action, though most users would not understand the consequences of such confirmation.
In the future, there will be many more ways that malware will attack personal computers and other devices. These devices will be even more essential to people and carry even more personal information, and so people need to be better educated about what they can reasonably do to reduce the risk of bad things happening. It is never going to be possible to make everything totally safe, but it is a question of better understanding risk. I believe computer system manufacturers also have a responsibility to help users manage the risk better rather than giving them choices which are not explained and cannot be understood or acted on with reasonable confidence by ordinary users.