Want more advice for locking down your network? Stay on top of the latest security issues and industry trends by automatically signing up for our free Internet Security Focus newsletter, delivered each Monday!If you're a regular reader of this newsletter, you know that I'm a strong advocate for educating users and dispelling the rampant ignorance about Internet security. What I don't emphasize as much is how difficult it can be to convince ordinary computer users to accept the necessity of regular software updates, regardless of whether the software is commercial or open source.
So, as much as I criticize Microsoft and other commercial software vendors for their failure to adequately secure their software, I can equally criticize the software users who expect computers to operate perfectly under all conditions all the time.
Users often wrongly assume that their computers are working just because they haven't encountered any blatant problems. And these assumptions are what cause simple programming errors to magnify into global problems.
Without a doubt, software can and should be more secure, and it's real work to keep software updated and safe. But everyone needs to do his or her part. If they did, we wouldn't have a worm and virus problem at all.
Generally speaking, if people can't see a flaw or problem with something, they assume that everything is fine. So with computers and software, users frequently won't apply patches and updates—or take any interest in their own security to find out if they need to update or patch something—unless the machine has ceased to operate normally.
I probably spend more time educating people about the need to update their computer systems than anything else. But companies wouldn't release updates unless they had a good reason; an update is essentially a public confession to an error.
While I don't expect all users to be computer experts, I do expect that they take the initiative to learn enough to click Windows Update. Yet the number of computer users who think their PCs will work perfectly forever continues to surprise me.
Computers are simply machines, and all machines require maintenance. Most people don't even know when their computer system has been the victim of a hack or virus attack until it stops working entirely. I sometimes wonder when a worm or virus will render millions of Windows computers useless by wiping the hard drive clean.
Microsoft users are certainly the primary victims of this way of thinking. And that's not just because Windows is present on about 90 percent of the computers in the world. In addition, it wasn't until recently that Microsoft decided to stress the issue of security to average users.
However, I must stress that Microsoft users are not alone when it comes to not updating software. Apple Computer users are often indignant when I inform them that OS X requires updating, and that it's not as perfect as they thought.
And many corporations often have a hard time grasping that their high-end, redundant UNIX clusters also need security updates and maintenance. I frequently encounter systems that haven't seen maintenance or updates since installation. And that includes open source operating systems such as Linux and FreeBSD, as well as open source applications.
This is one area in the software industry that knows no prejudice. All software, regardless of the vendor, requires regular maintenance and updating. If this happened, there would be little way for worms and viruses to spread and become global problems.