Worse, I haven't seen a solution coming out in the next year that is likely to change any of these facts. In 2010, I expect end-users to continue to lose hundreds of millions of dollars to malicious hackers.
But I'm not here just to complain without offering solutions. There are existing solutions that can significantly reduce security risk, such as Microsoft's End-To-End Trust initiative or Trusted Computing Group's standards, but it takes a planet -- and apparently a tipping-point event -- to make it happen. I am encouraged by President Obama's cyber security initiatives, but the wheels of government turn even more slowly than the commercial sector without a public outcry.
For now though, continue to fight the best fight you can against malicious hackers and malware. The three best pieces of advice that I can give to any reader to protect their computers are:
- Try not to get tricked into installing software, however you can accomplish this. If you can do this better, you almost don't need to do anything else.
- Don't be logged in as administrator or root most of the time.
- Make sure your OS and applications are patched in a timely manner.
Do these three things well and you'll be more secure than 99 percent of the rest of the computer world. Do these three things poorly and no amount of advanced security solutions (e.g. firewalls, IDSs, anti-malware solutions) will save you.
With all of this said, I'm hoping 2010 will surprise me. I'd like nothing more than to write a column talking about real, lasting improvement made in the computer security world. It's depressing that I could apply this column to any year end over the past two decades.