Make ISP’s Secure Home Computers, FIRST Conference told by Bruce Schneier

Internet Service Providers should be required by Governments to protect home users against Trojans and worms, technology guru Bruce Schneier said at the Forum of Incident Response and Security Teams (FIRST) annual conference in Baltimore, USA

Internet Service Providers should be required by Governments to protect home users against Trojans and worms, technology guru Bruce Schneier said at the Forum of Incident Response and Security Teams (FIRST) annual conference in Baltimore, Maryland, USA [June 25-30]. We can’t expect home users to secure their computers against Trojans and worms because it’s not their problem – they don’t care,"Mr Schneier, founder and CTO of Counterpane Internet Security, told delegates in a keynote speech." Mr Schneier said the issue disclosed a phenomenon he called "externality" – where the cause and consequence of trouble were separated. He used the analogies of a chemical plant releasing toxic waste which poisoned a town downstream, or a corporate which was robbed of customer data: the victims weren’t the plant or the corporate but the townsfolk and the customers. In these cases balance was restored by regulation or liability: both plant and corporation could be penalised or sued, and the prospect of heavy fines or damages made it worth their while to guard against spillages or to protect customer data. But it was impossible to deploy the same legal sanctions against millions of domestic web users. "How do you compel the home user to secure his or PC against Trojans and worms? You don’t. You can’t. It has to be down to the ISPs. Governments are going to have to require ISPs to provide security for home-users." He described the home internet world as "asymmetric" – a market in which the sellers knew a lot more than the buyers, and warned: "if the buyer can’t tell the difference between good product and bad product, then good product gets driven out of the market." "Security is not a functional product like word processing – how does the buyer choose?" More than 300 delegates from 39 countries – the greatest geographical spread ever – attended FIRST’s conference. The worldwide Forum of Incident Response and Security Teams leads the world's fight-back against cyber-crime, sabotage and terrorism, and consists of the Internet emergency response teams from 180 corporations, government bodies, universities and other institutions from across the Americas, Asia, Europe and Oceania. More about the FIRST Baltimore Conference at www.first.org/conference/2006 More about FIRST at http://www.first.org&http://www.first.org/about FIRST hosts a Global Security News Feed at http://www.first.org/newsroom/globalsecurity

Mon, 26 Jun 2006 22:20:00 +0000

Make ISP’s Secure Home Computers, FIRST Conference told by Bruce Schneier

Internet Service Providers should be required by Governments to protect home users against Trojans and worms, technology guru Bruce Schneier said at the Forum of Incident Response and Security Teams (FIRST) annual conference in Baltimore, USA

Internet Service Providers should be required by Governments to protect home users against Trojans and worms, technology guru Bruce Schneier said at the Forum of Incident Response and Security Teams (FIRST) annual conference in Baltimore, Maryland, USA [June 25-30].

We can’t expect home users to secure their computers against Trojans and worms because it’s not their problem – they don’t care,"Mr Schneier, founder and CTO of Counterpane Internet Security, told delegates in a keynote speech."

Mr Schneier said the issue disclosed a phenomenon he called "externality" – where the cause and consequence of trouble were separated.

He used the analogies of a chemical plant releasing toxic waste which poisoned a town downstream, or a corporate which was robbed of customer data: the victims weren’t the plant or the corporate but the townsfolk and the customers.

In these cases balance was restored by regulation or liability: both plant and corporation could be penalised or sued, and the prospect of heavy fines or damages made it worth their while to guard against spillages or to protect customer data.

But it was impossible to deploy the same legal sanctions against millions of domestic web users.

"How do you compel the home user to secure his or PC against Trojans and worms? You don’t. You can’t. It has to be down to the ISPs. Governments are going to have to require ISPs to provide security for home-users."

He described the home internet world as "asymmetric" – a market in which the sellers knew a lot more than the buyers, and warned: "if the buyer can’t tell the difference between good product and bad product, then good product gets driven out of the market."

"Security is not a functional product like word processing – how does the buyer choose?"

More than 300 delegates from 39 countries – the greatest geographical spread ever – attended FIRST’s conference. The worldwide Forum of Incident Response and Security Teams leads the world's fight-back against cyber-crime, sabotage and terrorism, and consists of the Internet emergency response teams from 180 corporations, government bodies, universities and other institutions from across the Americas, Asia, Europe and Oceania.