How do computers get infected? What exactly is a virus? What do security programs really do? How can someone steal my identity online? Who are the people behind these attacks? These are just a few of the questions asked of us by regular computer users: friends, family... and acquaintances from all walks of life.
We thought most computer users didn't want to be educated on the "who, what, why, how" questions of security; they just wanted the risks to go away. Well being safe requires being educated, and as it happens, consumers have lots of questions about online safety but very few meaningful answers. Even as someone who works in the Internet security industry, I am numbed by buzzword fatigue after years of listening to security vendors peddling new wares in the wake of the latest vulnerability: Virus, trojan, worm, phishing, password hacking, pharming, cross-site scripting, keystroke logging, etc.
So what's the deal? Why do we have so many questions with correspondingly so few understandable answers? Seems like supply should meet demand? Here's our stab at why.
A need to know...
People are naturally curious and want to understand threats that can affect them online or off. We all devour reports and investigations into physical-world crime and terrorist threats. The media drowns us in information on the strategies and methods of the perpetrators and we lap it up. This stuff is so fascinating that we even watch dramas and documentaries about it (CSI, Forensic Files, etc). Some real-life crime stories grip the nation (think the shoe bomber, Bernie Madoff, even OJ) and others are more local, but just as gripping. So the demand side is easy. People care about threats in their environment, online or offline, whether it be directly relevant or just out of sheer curiosity.
…but bewildered by the buzzwords
Unfortunately, the supply side is quite noisy. The security buzzword mill has generated awareness and in some cases fear, but definitely not understanding. People throw around buzzwords, and in some cases can even describe a particular threat, but they lack the big story. They lack a narrative in their language. Perhaps a metaphor or just a plainly spoken explanation coupled with a realistic assessment of the situation. Fear mongering and jargon have only led users into a state of apathy (a cry wolf problem) or paralysis (a deer in headlights problem). The result: consumers are systematically led to either under- or overestimate security risks, but never to really understand them.
That's our analysis, and so that's also our bet with this blog. We are passionate about Internet security because that’s our business. Our aim is to provide broadly accessible and interesting analysis and opinion that’s designed to fascinate, not frighten. We don’t wish to make you security experts or even practitioners. We’ll pick topics where we have an opinion or where we think we can demystify the issues. And finally, we promise the following...
- No jargon without explanations
- A common-sense and intuitive way to understand things
- A realistic assessment of the risks
We encourage you to follow our thoughts and let us know what you think.