Security

Peter Cochrane's Blog: No locks?

We must be forced to use security

Written in a hotel near Morpeth, Northumberland, polished on the A1 heading south and dispatched to silicon.com from a free wi-fi hotspot in Cambridge

When I purchased my first new car in the 1960s just about everything was an optional extra. Today it seems ludicrous but in those days a heater and radio were not standard, and neither were fog and reversing lights or floor mats. You had to pay extra for absolutely everything!

Only two generations before mine, cars were shipped without locks or keys. They were fundamentally insecure right off the production line. But hey, so few were produced it didn't really matter as everyone knew who owned what, and people just didn't steal cars at that time.

Today cars tend to come with almost everything as standard and it would be unthinkable for anyone to produce products without locks and a security system. Criminal activity has made it all a mandatory requirement - security is a must.

This story has been repeated over and over throughout history. Everything from houses to hotels, offices and luggage has evolved to include locks and security systems as standard. So how come our PCs have escaped?

Here we are in the middle of the biggest crime wave our planet has ever seen and PCs are still being shipped without any form of protection. Buy a PC, take it home, connect it to the internet via broadband and it is infected before you can draw your next breath!

Why oh why is security not embedded in every machine that is shipped? It would cost nothing to add a firewall and virus protection to all new machines, and then send them to the stores pre-configured with 'shields up' so that the unsuspecting customer has some degree of protection.

Come to think of it, this should also apply to mobile phones, PDAs, VoIP handsets, cameras and every other device that can connect to the internet. And then there are those specific applications which are prone to attack from without and within that need special attention. Right now the many VoIP apps seem particularly vulnerable and should also be shipped with a layer of updateable protection.

Security and virus protection are things you should have to disable rather than having to install and enable. That is, in a sane world wilfully proactive action would be necessary for any PC to be put at risk of infection and/or penetration. Unfortunately the reverse is true and if you are unaware of the risks, you are an immediate target.

Some of you will be able to remember cars without seat belts. It had to become a legal requirement before the motor industry would fit them on every vehicle, and then it took the passing of another law to force people to wear them.

It looks to me that we are most likely going to need a similarly draconian approach to PC and other hardware shipments if we are to stem the rising tide of computer crime. Industry will have to be forced and so will users. It just isn't going to happen by some voluntary route.

About

Peter Cochrane is an engineer, scientist, entrepreneur, futurist and consultant. He is the former CTO and head of research at BT, with a career in telecoms and IT spanning more than 40 years.