August 10, 2007 Comment?

Software firms must pay for online crime

That’s not my opinion, of course. I would never argue such a daft thing. Or say this:

You can’t just rely on individuals to take responsibility for their own security. They will always be outfoxed by the bad guys.

This is the genius emerging from the UK House of Lords today, in the words of Lord Broers. Just like when your car is stolen you claim compensation from the manufacturer (don’t you?), the Lords Science and Technology Committee believes that victims of online fraud committed by criminals who exploit security holes should be compensated by the makers of the affected software.

Not only is it ludicrous to absolve computer users from responsibility for their own security, but clearly, the Lords Science and Technology Committee knows precious little about science and technology. Security flaws are inevitable in any software. There’s no such thing as bug-free software. There are, however, many good counter-measures computer users can employ to ensure that those flaws aren’t easily exploitable.

They can make sure they don’t use an all-powerful administrator account when using a computer, for example, but create a user account with limited access rights for day-to-day computer use. On Linux systems, this is the default way of doing things. If an intruder wants to do anything useful once they’ve gained access to a system, they’d need to figure out the more difficult task of raising their privilege level on the system. Users can run firewall, intrusion prevention and anti-virus software. They can learn not to run software they receive in e-mail, and set their browsers not to download and run arbitrary scripts, documents with macros, or executable files. And they can regularly patch their software, so that vendors have an opportunity to fix any problems as they’re discovered.

Because vendors have no control over the circumstances under which operating systems and application software are used, how can they be held responsible for security breaches? This is madness. It’s yet another step on the road to a nanny state in which people are absolved from all responsibility for their own behaviour. The proposal is impractical and technically inept. The most likely result, ironically, will be to encourage online fraud, because users will indeed get even more lax about security than they already are. It’s sheer idiocy. But then, the titled nobility aren’t exactly famed for being in touch with the real world?

Like it? Please spike it: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • muti
  • Slashdot
  • Technorati
  • Digg
  • Reddit
  • del.icio.us
  • blogmarks
  • Fark
  • NewsVine
  • StumbleUpon
  • TailRank
  • SphereIt
Similar spikes:

You may Leave a comment or Subscribe to Comments RSS or Trackback this entry.

Leave a comment

Please be polite and on topic. Your e-mail is needed to help verify you are not a spam-bot, and rarely if I need to contact you privately. It will never be published, abused or disclosed to anyone.

Please be aware that first-time commenters, as determined by your name and e-mail, are moderated. This unconscionable attack on your freedom of speech is regrettable, but since it helps combat the spam flood, it is non-negotiable. Please do not submit your comment twice. It will appear as soon as I see it in the moderation queue.

Not recently spiked

Spiked when?

August 2007
S M T W T F S
« Jul   Sep »
 1234
567891011
12131415161718
19202122232425
262728293031  

Get spiked

Get Ubuntu Get Firefox