Home > Computer Security > When it comes to computer security, people are being brainwashed

When it comes to computer security, people are being brainwashed

As difficult as this may be to accept, people are being brainwashed into believing that it’s acceptable for computers to be insecure. While this might seem like an absurd idea, let me present four real world scenarios to help you understand why it’s true.

Would it be acceptable for you to go into a restaurant and be served undercooked chicken 8 out of 10 times? Of course not, because you know that if you ate it, you could get sick and even die. You expect the chicken to be properly cooked each and every time it’s served to you, right?

Would it be okay if your toilet stopped flushing after 100 flushes and the tank needed to be rebuilt? What if every toilet had this problem? Wouldn’t you think that someone would stop and ask, “Why are we putting up with this? Can’t someone develop a toilet that doesn’t have to be rebuilt after the 100th flush?”

How would you feel if you call 911 for a medical emergency, the operator tells you an ambulance is on its way, but the ambulance never shows up? Would this be acceptable? What if this happens to other people as well? How many times could an ambulance not show up before someone does something about the situation?

What if your spouse develops a habit of staying out all night without calling home. And let’s say this doesn’t just happen sometimes, but all the time – even for days at a time. Would you put up with this?

All of these real world scenarios are about expectations and what is and isn’t acceptable. Expectations for each of these scenarios are high and if the performance, service or behavior isn’t acceptable, we expect someone to do something about the situation, right? And we don’t expect people to just apply “band-aid” fixes to deal with a problem. We expect them to address the root cause of a problem to make the problem go away.

So why is it, when it comes to the inadequacies of computer security, people accept all of the bad things that are happening to everyone? Why are we allowing hackers to control our lives? Is it because we believe that computing cannot be made 100% secure? Is it because we expect hackers to be able to break into networks and computers? Is it because we can’t stop crime from happening in the physical world, so we don’t expect someone to be able to stop crime in the cyberworld?

I believe that people accept all of the problems we’re having with hackers, because the computer industry has brainwashed everyone into believing that:

  1. It’s impossible to engineer a computer that is 100% secure.
  2. Hackers are the root cause of our security problems.
  3. The only way to secure a computer, is to use third party security and monitoring products.

If you believe that any of these statements are true, you’ve been brainwashed!

Deprogram your mind

Have you been brainwashed? Want to know if we’re ever going to be able to make computing secure using today’s technology? Read my book!

  1. June 23, 2010 at 7:32 pm

    I never really thought about computer security this way before. Personally, I liken this to Chicago politics–I don’t like what’s happening, but the machine is so big, I wouldn’t even know where to begin.

    • June 24, 2010 at 3:15 am

      That’s a very good analogy. The biggest challenge that I see, is raising everyone’s awareness, so that they too can see things in a different light. The more people spread the word about this, the better the chances are that it will get the attention of someone who is in a position to do something about the situation. What we need, is an individual who can create a vision and path that the computer industry will follow.

      • July 11, 2010 at 11:02 pm

        Is it safe to assume that they would want to find solutions? They have a gravy train or cash cow they want to protect. If they do nothing, they still make money.

        One player with a secure product could force them to change the game.

    • June 25, 2010 at 3:48 pm

      I want to thank you for inspiring me to post an open letter to top industry leaders about computer security. Your comment got me thinking about “where to begin” and all of a sudden the letter idea struck me like lightning. I have no idea if any of them will ever see my letter, but there is certainly no harm in trying! Here is the short link: http://wp.me/pTkQI-lg

  2. ITauditSecurity
    July 18, 2010 at 7:42 pm

    Great post. It’s not often I see something and say, shucks, I wish I’d written that. Kudos!

  3. July 19, 2010 at 1:23 pm

    Well, this is actually an insightful post that catches what really goes on. We whine that business people just accept insecurity, but – guess what? – a lot of security people accept insecurity too.

    The only thing missing from your posts is – WHAT is the alternative? Without this bit, the becomes a rant – a creative rant, but a rant nonetheless. And IMHO our industry has enough of it. Yes, many business operate ‘0wned’. OK. WHAT is the alternative?

    So, OS/apps/etc are often – always? – built with holes. We use 3prd party proeucts to secure and monitor – and these products have holes as well.

  1. June 23, 2010 at 3:12 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: