Home users still the weakest link

I'm not sure how I missed out on National Cyber Security Awareness Month  -- I know I have the press release around here somewhere.

Free IT resource TechNet: More ways to know it, share it, and keep it running. Sponsored by Microsoft Free IT resource Attend the SOA Executive Forum: Breaking SOA Bottlenecks SOAExecForum.com/may2007 Sponsored by InfoWorld

Then again, when I see the word "cyber," I usually set my brain to "ignore" -- it must be linguistic principles that cause me to react as I do to the never-ending misuse of perfectly good Greek. On top of that, I'm so over National This-or-That Month. I've always believed that designating a month for promoting a particular cause was a nice way to focus the staff of industry associations and other interest groups, while to the rest of the world it seems to trivialize a real problem. But I digress.

The most meaningful thing to come out of National Cyber Security Awareness Month, which was brought to us by the National Cyber Security Alliance (NCSA), was a study of 329 home computer users  that the alliance conducted with America Online. (I have to stop watching cable TV -- the small-business and home-user makeovers suddenly sound really appealing.)

You could tell last week was a slow news week because the IT media were full of the survey's results: In short, home users are clueless, and their machines are hopelessly infested with viruses, netbots, and every other sort of malware.

Well, duh.

I have spyware problems, and I'm just about the most careful (paranoid?) person I can imagine. Unfortunately, hostile and intrusive software is an unavoidable hazard of life on the Net.

The AOL-NCSA study is important because there's a gigungous perception gap among most home computer users. This is the same problem faced by corporate IT and small business alike -- the "Nobody's interested in little old me" mind-set. Maybe they're not interested in you as a person -- or your company -- but they sure want your data, and your Net connection, too.

Let's face it: The home network requires the same attention to defense as the corporate network. After all, someone who wishes to zombify a few dozen PCs doesn't care where the machines are located, as long as they can be reached.

If that's not enough, imagine that someone wants to 0wn you in particular. If I were targeting a business, I'd try to compromise the home networks of the senior employees. One of those people is likely to have taken a shortcut on the information security policy; even senior CIA officials have been known to connect Company-issue equipment to the Internet at home.

There's no easy answer to the problem of household computer security. The draconian solutions that would make you most safe aren't going to be implemented, and as I mentioned last week, education has its limits. It's a pickle, any way you look at it.