AusCERT: Entrusting end-users with security an outdated '70s idea, says author

Desktops exposed as users ignore security

Ivan Krstic, co-author of the bestselling The Official Ubuntu Book, delivered a scathing keynote at AusCERT 2007 today claiming the tech industry has failed to address securing IT and that far too much still rests in the hands of un-informed end-users.

Delivering the opening address at Australia's premier IT security conference, Krstic said immediate action is required.

"We can fix it now or face another 10 years of empty vendor promises and lousy security products," he said.

"We need to work less on sexy problems and focus on the hard ones that need to be solved."

Today's problems cannot be fixed, according to Krstic, with a 1970s security model.

"Everything you know about desktop security is wrong. Desktop security is about the user not protocols and algorithms," he said, adding that 75 percent of machines are infected with malware.

"Today, there are more than 100,000 known viruses, not to mention spam and phishing and that is because we rely on users to make choices about things they don't understand."

To reinforce his point, Krstic showed how a user interprets a pop-up dialogue box that appears on their screen.

To a user it simply says: "Blah blah, technical terms, I don't understand, blah blah."

Then it will ask the user to press 'yes', 'allow' or 'permit'.

"Of course they will click on 'yes', 'allow' or 'permit' because it rewards them by letting them get back to work. We are training users to ignore security and rewarding them for it," Krstic explained.

"By leaving decisions to uninformed users it means IT security is an unbelievable mess and disaster. How did we get here?"

Krstic said the assumption that every program runs with the permission of the user is a 35 year-old concept.

He said 35 years is equivalent to centuries in IT, adding that "we wouldn't go to war with sticks and stones."

"We run untrusted code every time we open a Web page. It is bizarre," he added.

Krstic went on to criticize the methods used to address these problems.

"Maintaining blacklists is one of the dumbest ideas in computer security; what's the point in keeping an up-to-date list of all the bad things, simply cataloguing badness. That's a losing battle we cannot win," he said.

More than 1100 delegates are in attendance at AusCERT 2007 which is being held on the Gold Coast from May 21-25.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Sandra Rossi

Computerworld
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?