As the current course section draws to a close, students often post their observations on what they’ve noticed since they’ve learned the basics of security.
I snipped a post from a current student to show you just what a non-security professional is saying about the current state of security.
What the student said is not at all surprising – at least not to me. But maybe seeing it from a 3rd party, you may start to rethink your approach to your own security.
Here’s what the student observed. Please note that the spelling of malware is incorrect in the post.
His observations and the comments of others during the discussion at the exercise class mirrors the general population of almost any home user in any geographic location.
Apple users still insist they don’t need anti-virus because they use an Apple product. Yet they not only willingly pay more for a supposedly more secure system, they are also willing to stand around and wait at the Apple store to get the unit repaired when it is infected.
I wonder how long it’s going to take Apple to realize how cost effective it would be to actually tell Apple users to use an anti-virus product on their machine and cut down the unnecessary visits to the Apple stores?
I really have to question using the word ‘genius’ in the term Apple Genius.
Users don’t take their global citizenship responsibilities seriously. One of the first things I teach my students in the introductory course is that as a user of the Internet, you are a citizen of that global community. And as such, you have a civic responsibility to protect that community by making sure you are not spreading malware to other users.
You wouldn’t knowingly go to a neighbor’s house knowing you could spread a deadly disease to them and the rest of your neighborhood would you? Then why do you think it’s okay to spread malware across the Internet because you aren’t using the necessary security protection?
Users still believe that file sharing programs are okay. I’ve talked repeatedly about this issue and I don’t really preach about it anymore because like this example, no one believes it’s true. Yet, the participants of the conversation thought they had received the malware from a file sharing program!
I wonder what made them think file sharing was the source and better yet, did they return to using the program after the system was fixed?
Using older operating systems and leaving them unpatched. I know I’ve mentioned patching systems before in newsletters, on my social media, and on this site. And you may have heard in the news how there’s a huge number of exploits (taking advantage of the weakness) on the day a patch is issued – usually Patch Tuesday.
When the patches are released, the vulnerability (weakness) is exposed to the public. The hackers or bad guys know that a lot of you are using older, unpatched operating systems! So guess what? Yes, you’re going to get attacked for that very same vulnerability that was just announced.
Did you ever notice how when a security flaw in PDF format or PowerPoint gets announced, your email is suddenly flooded with spam mail containing either a PDF or a PowerPoint file? Why do you think that might be? (Hint: Look at the two paragraphs above!)
So, if you’re reading this and you’re a security professional, I feel your pain! It doesn’t appear that we’ve made any advances in getting people to take control of their security.
If you’re a user of the Internet and you’re reading this, the next time a friend or relative tells you they aren’t concerned with security, tell them that they are bad Internet citizens.
In human society, we quarantine people who carry deadly, spreadable diseases. They’re not allowed to interact with others. So maybe we need to quarantine those devices that are not using basic security tools like Antivirus and a firewall?
Yes, there will always be the bad guys who will continue to try to hack, spread malware, and the like, but at least we’d know who we were dealing with. And with the average user finally protected, security professionals could focus on the more serious issues of stopping the hackers and the ever advancing new threats.
I can dream.