Yes, I inherited the PC-security beat by failing at ‘last one out of the office’, but malware writers do get the girls. And we cover the interesting events. (By ‘interesting’ I mean buttock-clenchingly frightening, of course.)
Recently a tiny software firm called Microsoft spent a few hours showing me how vulnerable I am to online attack. Sobering stuff, but more scary was the ‘solution’ - or, rather, the plethora of solutions - on offer. Microsoft was keen to point out that security needn’t be expensive, and tech-savvy users can find the tools required without spending a bean.
But people who know about PCs do tend to attempt to secure theirs. Trouble is, what’s the best way of doing so? The Get Safe Online campaign says all PC users should run antispyware, antivirus and a firewall. But in the latter part of 2007 I met tens of security vendors pushing their latest wares. They all had different approaches - and some are more succesful than others.
‘Signature-based checking is no defence against zero-day attacks,’ say the behavioural analysists. ‘Consider the false positives,’ respond the traditionalists - ‘and anyway, our database is better than yours.’
Even if you’re paid to know about this stuff, it’s confusing. And if your experience of ‘security’ is one of being upsold during your biannual PC-shopping trip, you’ll probably plump for whatever the 16-year-old shop assistant/pop-idol auditionee behind the counter recommends. You’ll pay over the odds for features you may not need, and you mightn’t realise that when the licence expires your ‘security suite’ is worse than useless.
Web security is too important to leave to wage-slave’s bonus schemes. So perhaps its time we had a government-sponsored system of accreditation for security software, complete with symbols that make it clear which tools we all need. But then, getting the government further involved in IT may be something less than a bright idea.