Do we need computer competence tests?

Reverse into parking space, leave laptop on back seat

  • alert
  • submit to reddit

3 Big data security analytics techniques

Column Indignation is the immediate response if you suggest to any computer user that they should be given a licence to use their PC only if they pass a test. Why is this?

When someone crashes a car on the motorway, naturally, our first response is to utter words of sympathy: "Oh, hope they're not hurt..." - but what we're actually thinking is: "If that twit had driven carefully, I'd be able to catch my flight!" And it was amazing how many people who arrived at Heathrow after the BA flight from China crashed into the mud before the runway, didn't say - even on camera! - how glad they were that there were no fatalities. No - they complained about the lack of "proper counselling" rooms and moaned about how nobody seemed to have time to stop and "give clear directions" about where they could find coffee and an internet link and "why were they being charged, when it wasn't their fault?", and was this what London was really like?

But the presence of idiots online is at least as disruptive to everybody's lives.

Every time some kid clicks on a phishing link and invokes a Trojan program, or some greedy idiot agrees to send their bank details to a bunch of crooks in Israel or Russia in the hope of getting hold of illegal cash, their computer gets compromised, and joins the army of "bots" which mean that legitimate businesses are fleeced of terrifying amounts of money by organised criminals.

The thing is that of course you can't prevent this sort of thing happening, any more than you can utterly end death on the road by insisting on regular car tests. There will, always, be some antisocial "libertarian" who will argue that "If I want to buy a computer and use it as I see fit (within the bounds of the law) then why shouldn't I?" - as if asking the question provided the answer.

And if such people are confronted with a change in the law, they'll simply disobey it. People drive cars today without licence, without roadworthiness papers, without insurance. Not surprisingly really, when you consider how often someone is hauled into Court for driving without a licence, and as punishment is banned from driving for six months!

The thing is not the inevitability of a few idiots. It's the sheer number of people let loose on full-power, open operating systems capable of running absolutely any software at all. Do they know how to find and eliminate malware? No! Are they running up to date anti-virus software? No! Could they actually detect a fault in their security package? No!

I think anybody with a reasonable grasp of these basics should be allowed to drive a PC. What I can't see is what we gain by allowing everybody else onto the internet in the equivalent of a 30-ton truck, without the slightest idea of what damage they can cause.

So when will we admit that it isn't a blow against the Electronic Freedom Foundation to say: "Unlicensed users can use secure browsers on restricted 'information appliances' for surfing. But anybody who wants to run a machine that can be compromised has to demonstrate a minimum competence"?

The whole idea is utterly repugnant to anybody brought up on the early microcomputers, or the mainframes before those days. I myself can remember leading a spirited debate at Imperial College, arguing that hacking should never, ever be made illegal. To be sure, making it illegal has had few serious consequences for any hackers, and the Computer Misuse Act won't prevent any virus writer from experimenting... so in that sense, I suppose the argument was worth debating! - but I no longer hold those views with the same simple clarity I perceived then.

Is it possible that in a decade, we'll ask how on earth the Netizens of the 20th century tolerated the mayhem that goes on online?

The answer may have something to do with whether we can agree (as a society, Mrs Thatcher) that people actually have rights to the internet. If we can agree what those rights actually are, then maybe we can agree what abilities ought to be restricted to those who can demonstrate competence.

For example, a "sandbox PC" running only licensed software; what would it be limited to? We don't seem to have a list. Should it be able to run email? If so, how many emails should it be allowed to originate in one day without paying an email premium? Surely, if ISPs limited CC emails to 20 a day and charged 1p per email CC thereafter, most spam would dry up?

In exchange, perhaps we could insist that who we send emails to, and what they contain, is entirely confidential without some evidence of criminality?

What about games? Is it really a blow against human rights to suggest that if you can afford a machine with a kilowatt power supply and a dual-core video card, you can also afford to register the thing and its IP address as a danger to the web? - and that if you don't want to do that, you probably don't really care about gaming? And if in exchange, society agreed that we have a right to complete anonymity when posting in moderated forum sites, would we not have gained something?

Most important, can we design a sandbox PC, which does what most of us want (visiting Facebook, managing photographs and videos and music, searching the web for news and chat) but which can only run other software when recognised by the ISP which provides our web link?

Now, I know the answers to almost none of these questions. But I think the time has come to start asking them, seriously, and to start answering them without kneejerk reactions.

For the web to be a freer place, it may be that the freedoms we have already lost, may be traded against liberties which are of no use.

It is, surely, a loss of liberty to say "You can't buy a Formula One racing car and drive along the motorway at 200 mph" - but how important was that freedom, really? And are we doing something equally daft in insisting on the "freedom" to let someone load the office database onto their personal laptop and leave it in their car outside Tesco; or in leaving it entirely up to the user whether their PC is infected or not?

Or are we too shy to ask uncomfortable questions in public on this subject? ®

3 Big data security analytics techniques


Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.