I've been seeing a lot of discussion recently on attack
as pro-active defence - especially related to botnets. The proponents make a good case that they are
making everyone safer. The opponents say
that any unauthorised access - even to disable malware - is wrong and must not
happen. In both cases they have the
implicit assumption that the people who own the computers that have been turned
into bots are also victims. I think it's
time we addressed the elephant in the room.
We should adjust our thinking and stop thinking of them as victims and
start thinking of them as part of the problem.
The only reason they have been turned into bots in the
first place is that they haven't enabled even the most basic protections on
their computer. They are running with
scissors. They are stabbing people with
the scissors.
We can no longer accept this. Basic protections won't stop a determined
attacker, but turning on automatic patching and running a free antivirus
solution will stop most of them being owned most of the time.
It's time the software and operating system vendors made
it impossible to turn off these sort of basic protections. And it's time for society as the real victim
of cybercrime demanded it.
Phil Kernick Chief Technology Officer
@philkernick www.cqr.com
Phil Kernick Chief Technology Officer
@philkernick www.cqr.com
