Want more advice for locking down your network? Stay on top of the latest security issues and industry trends by automatically signing up for our free Internet Security Focus newsletter, delivered each Monday!
If you’re a regular reader of this newsletter, you know
that I’m a strong advocate for educating users and dispelling the rampant
ignorance about Internet security. What I don’t emphasize as much is how
difficult it can be to convince ordinary computer users to accept the
necessity of regular software updates, regardless of whether the software
is commercial or open source.
So, as much as I criticize Microsoft and other
commercial software vendors for their failure to adequately secure their
software, I can equally criticize the software users who expect computers
to operate perfectly under all conditions all the time.
Users often wrongly assume that their computers
are working just because they haven’t encountered any blatant problems.
And these assumptions are what cause simple programming errors to magnify
into global problems.
Without a doubt, software can and should be
more secure, and it’s real work to keep software updated and safe. But
everyone needs to do his or her part. If they did, we wouldn’t have a worm
and virus problem at all.
Generally speaking, if people can’t see a flaw
or problem with something, they assume that everything is fine. So with
computers and software, users frequently won’t apply patches and
updates–or take any interest in their own security to find out if they
need to update or patch something–unless the machine has ceased to
I probably spend more time educating people
about the need to update their computer systems than anything else. But
companies wouldn’t release updates unless they had a good reason; an
update is essentially a public confession to an error.
While I don’t expect all users to be computer
experts, I do expect that they take the initiative to learn enough to
click Windows Update. Yet the number of computer users who think their PCs
will work perfectly forever continues to surprise me.
Computers are simply machines, and all machines
require maintenance. Most people don’t even know when their computer
system has been the victim of a hack or virus attack until it stops
working entirely. I sometimes wonder when a worm or virus will render
millions of Windows computers useless by wiping the hard drive clean.
Microsoft users are certainly the primary
victims of this way of thinking. And that’s not just because Windows is
present on about 90 percent of the computers in the world. In addition, it
wasn’t until recently that Microsoft decided to stress the issue of
security to average users.
However, I must stress that Microsoft users are
not alone when it comes to not updating software. Apple Computer users are
often indignant when I inform them that OS X requires updating, and that
it’s not as perfect as they thought.
And many corporations often have a hard time
grasping that their high-end, redundant UNIX clusters also need security
updates and maintenance. I frequently encounter systems that haven’t seen
maintenance or updates since installation. And that includes open source
operating systems such as Linux and FreeBSD, as well as open source
This is one area in the software industry that
knows no prejudice. All software, regardless of the vendor, requires
regular maintenance and updating. If this happened, there would be little
way for worms and viruses to spread and become global problems.