When you talk to any computer security people the first person they blame for security issues is Microsoft. People saying Microsoft makes their products with too many security holes. If only Windows was more secure then there would be no viruses or worms or people hacking computers. BUT that is of course wrong. There was computers being hacked into way before Windows and the OS being hacked then? Unix. So if Linux's user access rights were the panacea why were Unix systems being hacked?
Yes Windows is attacked more then any other OS but, it's not Microsoft's fault.
So the next thing people blame, the users. If they only had their systems patched fully and the latest version of the OS available, the latest antivirus software or if they didn't download that codec with the Trojan horse in it. Well then how do you explain all of the computer experts that get hacked, Google, Intel, Microsoft, MIT... Is it their fault? Is Google at fault for being attacked, they are to big a target, they should do what, disconnect from the internet to reduce the risk?
NO! Again users only want to be able to use their computers. They want email, on-line banking and to be able to buy shoes on-line and for it to just work. They don't want bigger better faster, they want good enough and like their TV and toaster, it just has to work.
One other source the pundits point their finger at, security researchers. Blame the guy who found the hole and told the companies what to fix, but then when the companies are too slow (or a 0 day attack is launched) some people blame the researchers because they found the hole. They are trying to be part of the solution, they are not the problem!
Nope, OK who else to the pundits blame, the government? business, ISPs, and who do we never hear the pundits going after? (and why)
How about the criminals that make the attacks? The Mal-ware writers, the script kiddies, scam artists... How come I never hear anyone blaming them? No idea but you never hear it.
OK they may say Chinese hackers or Russian hackers or what ever but no-one goes after them?
When was the last time anyone really blamed the criminals? OK there are a couple of times one or two have been arrested but normally they are petty thieves or collage kids out to have some fun and show off their skills. Did the kid who guessed Palin's password really count as a hacker at all? Come one he guessed her password.
We need to go after the serious crackers and malware writers. And if we can't get to them we need to indict them anyway and convict them in-absentia and if they are backed by governments indict them as well.
For those convicted if we can reach them we need to grab from them everything they have. IF we can't we have to find a way to make what they do not profitable and make their lives miserable. For individual crackers/malz; license/authorize privateers/bounty hunters to do what they can by any means necessary to make the attacks stop.
For larger organized or government sponsored attacks, and if the foreign gov gets convicted and won't stop, declare them rogue and seize all assets/debts.
We have to do something. Patching the heck out of systems isn't working and blaming the wrong people isn't working. We can only win this if we make it not profitable fro them. In the case of individuals (and not the joyriders, just the true criminals) ruin their lives, jail or free season on them. For government sponsored attacks, make the foreign gov pay.
No comments:
Post a Comment