resource center
  See your link here
|
IDG News Service - Bruce Schneier is an expert on cryptography and a well-known author and commentator on information security issues in general. Schneier also is chief technology officer at BT Counterpane, a managed security services vendor that is part of BT PLC; the company was founded by Schneier as Counterpane Internet Security Inc. in 1999 and then acquired by BT in October 2006. At the Infosecurity Europe 2008 conference in London this week, Schneier spoke with the IDG News Service about the psychology of data security and the effectiveness of security software. Excerpts follow:
Are antivirus vendors just making money by giving people a feeling of security instead of real security? Antivirus products actually work; they have for years. A lot of the software on this show floor is just snake oil, but antivirus does work. You should have an antivirus program; you should have it updated regularly. It doesn't make you secure, but it gets that bottom layer of the trivial stuff. It's not sufficient, but it's certainly necessary.
People are tricked into downloading malicious software through social engineering. Have people become so conditioned — mainly by watching television — that they believe whatever appears on their PC monitors? Yes, but it's not television. People believe what they see on the Net not because of television but because of the trappings of reality. So when you got to BT.com, you see the BT logo, the BT font, the PR material, and you think, "Yeah, it's BT" — like when you go to your bank, you see the logo and the tellers.
On the Web, it could be a fake BT.com site and you don't notice, because it's trivially easy to copy. So people do believe what they see on the Internet — not because of television, but because the Internet has the trappings of the real world. All of those social cues you get to know to trust something — it looks professional, nothing's misspelled — you see those things and you believe it's real.
Do you think people will ever become more suspicious of the Internet? Younger people will pick it up. But certainly you can always fool people unless there is some external validation of [Web sites]. Unless you can do that, there's no guarantee that [users] are not going to be fooled.
What do you think the biggest online threat is right now? Crime.
So how do you fix it? It's expensive to investigate, and it's cross-jurisdictional. It might not be fixable. A lot of [the solution] is going to be making the things that criminals are going after harder to get. You're not going to stop the criminals [from trying]. But in the United States, it's really easy to get a credit card in someone else's name. The credit card companies like it that way. So a lot of it is looking at how the criminals are attacking things and making it harder [for] them. The brokerage companies want it to be easy for you to log on and make trades. Make it harder, and the businesses don't like that.
They're afraid that it will drive away customers. Of course. If I strip-search you before you go into the bank, you might change branches. In the U.S., the government doesn't have the [guts] to require stuff like [stronger authentication]. You've got to make the banks responsible for losses. The brokerage company has to [reimburse] me if I didn't make a [fraudulent] trade — period, end of sentence. That's how you fix it. Because then, my brokerage is going to start buying security; otherwise, they won't.The basic rule of security: you make the entity in the best position to mitigate the risk responsible for the risk. Make them responsible — they'll figure it out. That's how capitalism works.
IDG.net
Eradicate Spam & Gain 100% Asurance of Clean Mailboxes
Get this paper now!
Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...
Optimizing Data protection Operations in VMware Environments
This Taneja Group Solution Profile identifies the data protection optimizations available in the VMware vSphere environment.
Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.
How to Defend Against New Botnets
Get this paper now!
Extending Client Refresh - 11 Steps to Maximize Savings
Register Now!
Maximizing Site Visitor Trust Using Extended Validation SSL
Provide site visitors visual cues that indicate your site is legitimate with Extended Validation (EV) SSL available from VeriSign.
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Fraud Alert: Phishing - The Latest Tactics and Potential Business Impact
Read this white paper to learn how phishing attacks work, and how to avoid them.
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Sign up to receive updates on the latest Security resources
CIO
Computerworld
CSO
DEMO
GamePro
Games.net
IDC
IDG
IDG Connect
IDG Knowledge Hub
IDG TechNetwork
IDG Ventures
IDG.net
InfoWorld
ITwhitepapers
ITworld
JavaWorld
LinuxWorld
Macworld
Network World
PC World
The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All
rights reserved. Reproduction in whole or in part in any form or medium
without express written permission ofComputerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc. |
