Archive for November, 2008

Microsoft’s Morro

Tuesday, November 25th, 2008

While I welcome the news that Microsoft is providing security to protect its own operating system from attack, rather than asking people to pay for it, I am a little sceptical.

Microsoft’s reputation in security is not as good as it might be. OneCare certainly had a number of negative reviews. But a company of the size and sophistication of Microsoft should be able to produce a system that at least challenges other free software like AVG or Avast.

It is always a good thing for PCs to ship with some sort of anti-virus already installed, which can only help in the battle against malware. But no-one should think that this is enough on its own to protect them from all threats; and I hope the impact of Morro won’t be for users to get complacent about their security.

Companies certainly would be ill-advised to replace sophisticated security systems with free software from Microsoft; and I don’t expect that many companies worth their salt will even consider this as an option. I would expect that they will continue to follow the policy of having different systems in their network to provide in-depth defence.

I wait with interest for the first reviews.

Tags: , , ,
Posted in Security | Comments Off

Cyber threats: is the government doing enough to protect us?

Monday, November 10th, 2008

There is much debate at the moment around whether the government is doing enough to protect the UK’s national infrastructure from cyber threats. Concerns were highlighted in the recent debate in the House of Lords on Internet security (www.parliament.uk), introduced by Lord Broers.

Three major issues came out of the debate, that we need to address urgently.

The first is the international nature of cyber-crime. A national e-crime unit, though a good start, is not enough to begin to deal with the scale of e-crime. Many of the cyber-gangs operate out of Russia, China and the US, so we need a much more international approach and improved collaboration between governments. This brings its own problems, of course, for example where we see situations that could be state-sponsored cyber-warfare. While the government is doing considerable work to bring in UK initiatives to tackle cyber-crime, and is looking at ways to work alongside industry and agencies to tackle the problem, it needs to do more to work alongside other governments, not just within the European Council member states.

The second is that we need to address, immediately, the number of data breaches in the UK. Companies who are responsible for data breaches must be held to account, and security standards laid out by government in its report earlier this year must be clear, and legally binding.

And thirdly, the issue was raised in the debate of a kitemark to set a single standard for security systems. It is a really interesting idea, but it cannot be done unilaterally by the UK – it would have to be an international initiative, or it would effectively restrict UK development.

Tags: , , ,
Posted in Campaigns | Comments Off