Safety first

WE LIVE IN A funny world. If I go out and buy a handgun, or want to drive an automobile, the government puts up a number of regulatory hurdles. But the toughest part of buying a computer and an operating system is remembering which credit card is paid down. Now, some might point out that a firearm is a weapon, and an automobile can certainly be a weapon in the wrong hands, as I saw over Memorial Day weekend when an uninsured driver's car jumped the curb and took out the front window of my neighborhood sushi joint.

(Mmmm ... drive-thru sushi ...)

But a computer also can be a weapon in the wrong hands, and can be just as dangerous to its user as to others. Given that software vendors don't seem willing to include trigger locks -- er, to configure their programs' default security settings to be as hardened as possible -- I'm starting to wonder if it isn't time to require licenses for computer users.

This suggestion is no crazier than our current driver's licensing laws might appear to someone from 1915. In that year, my grandfather received a Chevrolet as a fourteenth birthday present from his dad, a Boston banker who "bought it to see if it could compete with that fellow Ford's car." Even after World War II, it was common for a farmer's children (and that definition was loosely applied, as my mother will confirm) to be given driver's licenses at that age.

Just as our attitudes toward licensing drivers -- to say nothing of firearm ownership -- have evolved, so too must our laws regarding computer ownership and use. Requiring prospective computer users to show they know how to use a computer safely and responsibly isn't as far-fetched as it sounds, when you consider the damage unwitting users could potentially cause by operating unsecured systems, presenting toeholds for cyberterrorists. I like the idea of confiscating computers that become compromised, just as cars of uninsured drivers are confiscated.

Oh, there's one small reason why this is a bad idea: It just goes against everything I stand for regarding personal freedoms and rights of individuals. The alternative, licensing software vendors, also gets interesting from a free speech perspective. Are they publishers or simply manufacturers? "Prior restraint" is a phrase I never like to hear used casually.

So we're back to our first idea. It's time to require trigger locks on software. Put in context, that means that programs should install themselves in the most secure configuration possible. This should include doing away with default user names and blank passwords, but that's just scratching the surface. I bet you have a few ideas along these lines and would gladly send them along.

While I'm trolling for feedback, here's another question for the audience. (I'm sure vendor reps will nod their heads and make soothing noises about commitments to security.) Frankly, I don't see too many products that have proper security right from the start. Do you?