The conundrum of too many security warnings
As I have said before, I wonder if the constant drumbeat of news and warnings about security problems might be counterproductive. Humans tend to tune out things that get repeated over and over. On the one hand, I feel that I owe it to the readers to warn about the severe security problems on the Internet. However, I am also afraid that constantly harping on a subject brings people to the point where they don’t want to hear about it again. So, here’s the conundrum- how much information on security is helpful and when does the subject become boring and unheeded?
There are actually several categories of security warnings. One category involves software that needs patching. I see a clear rationale for posting about this area as often as necessary. There is a specific response to be taken and average PC users are often unaware of the problem and need to be informed. Information is clearly important and helpful here.
Another category is infected Web sites. The proper response is more complicated in one sense and at the same time simpler. More complicated, because scripting is typically involved and average PC users are not comfortable with that subject. Other arcane subjects like DEP may also be involved. Simpler, because there are well-defined methods for controlling scripting. I have written about controlling scripting in Internet Explorer several times. I have also mentioned the Firefox browser and the NoScript extension many times. Systems that are kept up to date with security patches for all software and have scripting turned off for unknown sites are not perfect but are about as safe as one can reasonably hope for in a home system. (I’m assuming everyone has a firewall and some anti-malware software also.) So the question here is how many times should these basic precautions be pointed out? How many times should I post that Web sites have been infected once more with some exploit?
How often to post about Internet scams is even less clear to me. Cybercrime is certainly dangerous and growing but how much does it help to keep saying so? Defense here is often plain old common sense.
Help me out. How much should this blog devote to security problems? Which security problems? I hope you will give your opinion by making a comment. It will be appreciated and will help make the blog more useful for all. I am going to leave this post on top of the page for a while in hopes of catching a few more readers’ comments.
Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.
Comments
> Help me out. How much should this blog
> devote to security problems?
It’s a difficult question to answer. Certainly, the public should be aware of it, but the problem (as I see it anyway) is the lack of technical expertise by the overwhelming majority of PC users. Most of them are completely unaware that web security is a “problem.”
As a consequence, warnings from people like you are barely heard. Typical users have never seen or bothered to read an article regarding security. I suppose it’s best to continue to issue warnings in the hope that the audience eventually grows.
I think it is not a question of how much security news to put on the blog but it is a question of the quality of the articles you write, I won’t be bothered to read security news as long as the articles go beyond the reporting of the incidents.
Microsoft confirmed that IE7 has a buffer overrun vulnerability that allows remote code execution. full stop!!!
what the …?
We’ve been hearing about this kind of things, sicne the … well, since the birth of Windows or Microsoft! and it doesn’t mean much, at least to me, but if an article explains how the buffer overrun was discovered, what is a buffer overrun in the first place, how my machine could be taken control of by the attacker if he exploits the buffer over run, and these questions that elite programmers take for granted!
Maybe what I want is very much to ask, but that’s my opinion and that’s what I’d like to read!
In anyway, the blog is great, and keep up the good work.
Sorry, the comment form is closed at this time.
For my part, I am glad to get the posts regarding computer security both on and off the Web. As for the warnings falling on deaf ears–it’s hard for someone like me to understand how anyone could be totally unconcerned about privacy, identity theft, etc. in such an environment that we live in today. Perhaps I am paranoid; but I feel perhaps the best awakening for some of us could be a recounting of actual results from carelessness or even ignorance of the basic safety precautions of computing. So keep up the good work–after all, the second line in the “PC Informant” header says it all! And there are always new users signing up for the feeds….