Thursday, July 16, 2009

Skeptical Computing

I recently returned from a trip to Vegas for a conference on sciencey-geeky stuff. Part of the conference was on applying principals of skepticism to computer security. Skepticism is generally defined as an attitude of doubt in general or toward a particular idea or premise – in this case, computer security.

We computer users simply don’t have enough doubt. We accept things at face value rather than questioning a proposition. We click “Yes!” when we are asked if we want to install some miraculous software that will “clean your registry” without even knowing what a registry is. We say, “Yeah, gimmie!” when some stranger offers us magic pills that will result in weight loss or larger body parts. We steal copyrighted music and software assuming that there will be no repressions. We allow this stuff to happen because we don’t ask questions. We are too trusting. We assume no one is out to get us even in the face of contrary evidence.

I am certain that if I could only convey some skepticism to both my readers, perhaps I could save them some time, money and frustration. One of the tools of applied skepticism is exploring myths and realities. So with no further adieu, lets decimate a few widely held beliefs about computer security, shall we?

Myth: A firewall helps protect me from viruses. Reality: The importance of a firewall is vastly over rated. Your Internet service provider acts as a firewall. Your modem/router also acts as a firewall. Windows XP has a rudimentary firewall built into it. That’s at least 3 firewalls for every computer. Despite all that, bad stuff just waltzes right through them and infects your computer. Firewalls are effective for specific kinds of attacks from outsiders but are so far down the list of things to worry about that I simply don’t worry about them.

Myth: Good antivirus/antispyware software is all I need to protect me from viruses and spyware. Reality: I wish I had a dollar for every customer that has updated antivirus software but still manages to get infected with a virus. In fact, I generally have at least $75.00 for each one! The truth is that even the best antivirus software doesn’t address the problem of our penchant to do dumb things such as steal copyrighted movies and software, open email attachments from strangers, visit porn sites and fall prey to internet scams.
In fact, antivirus software companies are fighting a losing battle with the virus writers out there. Virus definition databases (the thing you “update” when you update your AV software) is growing exponentially. Not only are the “signature” databases becoming increasingly ineffective, but their exponential growth is not sustainable. I don’t know what the future holds for antivirus companies but one thing is for certain: If they don’t somehow begin seriously addressing the fallibility of the “lose nuts behind the keyboard” (meaning you and me) the good guys will lose this war.

Myth: These are the only two myths that exist. Reality: I’ve come up with so many more myths and realities that I’m going to have to burden you with a part 2 of this story. So stay tuned to this channel two weeks from now where we will demolish a few other cherished beliefs concerning your computer. Until then, think critically. Be skeptical.

No comments: