The reason that people lock their doors and their cars is that they have a good idea of what happens if they don't. People understand what burglary is: it's someone going into your house and taking your stuff. They understand what auto theft is: it's someone going into your car and driving off with it.

However, people do not have a good enough idea of what a computer virus or break-in is to know or plan sensible steps to avert it. How do you explain to a user what a virus is, when that user doesn't really know what a computer program is? Many ordinary users are not clear on the concept that computer programs are something that human beings write. Using words like "open ports" or "executable code" is not going to help. (Isn't an executable code a law about capital punishment?)

The -only- way that ordinary users (or ordinary CEOs) will make better decisions about computer security is if they have a better grasp of how computers and software themselves work. Anyone who's interested in a more secure Internet should be backing basic computer education -- not just "how to use a Web browser" education, but "how does a computer run software?"

If you don't know what a door is, you can't learn how to lock one. If you don't know what a program is, you can't learn not to click on them when they come in email.


[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/231/25647#25647