With all due respect I both agree and disagree.

Yes, DiD is a good thing and could have prevented a "witty" infection. Yes, using multiple types of defenses at the different layers stops more attacks.

However, here in the real world we are dealing with a user base that is barely aware of the importance of password confidentiality or the dangers of opening unexpected attachments. Even those users that are more security aware are looking at cost and effort issues relating to security.

Your comment about the increasing affordability of residential high-speed Internet access drives the point home. DiD cannot be employed in enough areas to protect the Internet. Even those (end users) that are aware of and want to employ DiD are restricted by the cost and effort involved. We would be lucky if half the users employed one piece of A.V. and P.F.W. software. If they could learn to patch/update regularly that would be even better.

We need to concentrate on awareness. The end user has to be made aware of the dangers to themselves and the Internet community that arise from their actions or lack of actions. The corporate communities need to make it cheaper and easier for the end users to obtain a base level of security. And finally the security companies (if not all software developers) need to be accountable for security deficiencies within their products. By accountability I do not mean fines (although that is a possibility for repeat offenders) but rather the timely delivery of free security updates.

My humble opinion.

Corrections and alternate views requested.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/232/25818#25818