Almost at the same time, two different articles came to my attention. Microsoft has released released a report that tracks the trends of whether home computer users are applying good practice security measures.
There is a disturbing trend in the above graphic which shows a steep decline in the number of users that are are using the basic security capabilities of their computers and networks or keeping their applications software up-to-date. If this is the case, what are the odds that they are keeping the more hidden elements current (e.g., device drivers, BIOS, etc.)?
Although this is disturbing, the presumption here is that the updates provided by a vendor actually improve the stability and security of an operating system or application. However, as described in this report, Microsoft Update Quality Issues, this may not be true. These updates are related not just to functionality improvements but also security improvements. Pushed automatically to millions of machines at a time, these patches can cause virtually immediate new zero-day vulnerabilities that hackers are staged ready to exploit based on the known vendor path schedule.
So, we really have two problems and in each there really is no party other than the user that suffers. If a user does not care to take best-practice measures to secure their systems, then an attack is more likely to be successful in either disabling computers or stealing information. As discussed in Creating Cyber Risks, could enable a hacker to steal your money as well as enter your home. Problem 1: User is responsible.
The second is that even if we do take care and score a perfect Microsoft Computing Safety Index (MCSI) score, the actual vendor provided updates can cause vulnerabilities. Problem 2: Vendor takes no responsibility or liability - User is responsible.
So, if we don't care, will the vendors care to put our their best effort for Cyber-related issues? And, if we do care, will marketplace embarrassment and corporate user agitation make the vendors care?
No comments:
Post a Comment