Go To Main Page

Last week I attended the ITnT conference in Vienna, the biggest annual IT event in Austria. One hall was dedicated to security and the majority of security companies exhibiting there were offering some sort of desktop anti-virus.   Austrians are not the only privileged ones to have such a wide desktop security offering.  I have seen this repeatedly at every tradeshow over the last 20 years – the biggest booths always belong to the anti-virus companies and they also get the biggest crowds.

It looks like nothing has changed in the computer security paradigm; anti-virus was running on our desktops 20 years ago when it was MS-DOS, then Windows 95, then Windows 98, Windows NT, Windows 2000, Windows XP and now Windows Vista.  Of course the anti-virus solutions have changed over the years and have adapted to new threats and new environments, but they are still slowing down our computers, causing compatibility problems with other software, and still downloading updates.  And guess what – we are still paying good money for them every year.

Has the virus threat disappeared from the world? No. Are we more protected now than before? No.  As a matter of fact, the virus threat has increased significantly over the last few years and evolved into much more sophisticated malicious code (malware) that is now being developed and distributed by professional gangs that make a lot of money out of it.

Would you buy a car that cannot be locked safely and for which, in order to prevent criminals from stealing it, you need to subscribe to a “lock update” plan and drive to the nearest service station every single day to change your lock to a new one? 

I think that there is something wrong with this picture!  We should have good security features built into our PCs, the operating system and, most importantly, the Internet connection. 

While PC manufacturers (including CPU vendors) already provide many security features, the operating system folks do not always use them for the sake of “backwards compatibility”.  The new Windows Vista came with many promises that vanished even before we had a chance to do the upgrade.  Afterwards, how many of us disabled those irritating security warnings that asked us to decide on something that we have absolutely no clue about?  There is a rather simple solution to the majority of malware problems – don’t use your PC when logged in with administrative privileges (which allows malware to install itself and run without limitations).  However, the default for Windows Vista user login is still administrator, again for “backwards compatibility”. 

I think that it is about time to abandon the old concepts and move to the next level.  For the 90% of us who mainly run Office, Internet Explorer and a few other popular applications, we do not need administrative account privileges for the day-to-day work.  Let’s make the default login a limited “user” account without the ability to freely install and run new programs.  Only the small number of users who still need to run legacy applications can take the risk and use administrative accounts.

Today, 99% of malware comes from the Internet.  Our Internet Service Providers are doing a good job delivering high bandwidth to us, but a very poor job securing it. As we do not need to purify the water we drink from the kitchen tap (at least not in civilised countries), why should we suffer from an unclean Internet connection?  We must demand a “clean Internet pipe” from our ISPs, especially since technologies are available today to do it.

Stumble It!