Professor Proposes Laws Against Insecure Computers:
A leading Internet security specialist is calling on governments to make it illegal for computer manufacturers to sell products that are vulnerable to attacks from cyber criminals.
His call coincides with the arrest in Spain of three of the alleged ringleaders running one of the world's biggest networks of zombie computers.
The botnet spread into some of the biggest global companies, government agencies and more than 40 major banks, including more than 100 cases of virus infection in Australia.
[Professor Bill Caelli said,] "Governments throughout the world have to recognise that they have to start regulating the IT industry itself."
Oh, yes the Government will make it all better. As a result of reading that article I have written the following open letter to the Parliament of Austrlia1:
Dear Sirs and Madams,
I recently read an article on ABC news (http://www.abc.net.au/news/stories/2010/03/04/2836693.htm) which stated that Professor Bill Caelli of the Queensland University of Technology was recommending that it be made illegal for computer manufacturers to sell products that are vulnerable to attacks from cyber criminals. I wish to take this opportunity to respectfully disagree with Professor Caelli on this matter.
There are several problems with such a suggestion, with a few of the most major being:
How do we decide whether a particular computer system is sufficiently secure to be used by the Australian public? Do we decide Windows + 12 month subscriptions to several security suites is enough? This would not offer an improvement over the current situation, but would simply add an extra layer of bureaucracy and expense. What about longer subscriptions? That would make computer systems a lot more expensive (~$50 per year of subscription probably), while having debatable benefits. Would we not allow Windows at all anymore? Though I don't use Windows, this would be a disaster for many people, and once everyone stopped using Windows, crackers would start concentrating on the other Operating Systems, and while Mac OS and Linux are less vulnerable in theory, large number of Windows Admins would not know how to properly secure other operating systems, which would probably result in those companies and individuals being less secure.
Another concern is that such a law would make it very difficult for small computer companies to exist. If they had to get ever combination of software checked by a government agency it would be expensive and time-consuming. This expense would be annoying for a large company, but fatal for a small company. At the present I can by a computer constructed in Australia (from foreign made parts) by a small local computer shop, if such a law was introduced this would most likely no longer be the case.
It would slow down access to new software suites for Australians because every new software package would have to go through a long government testing process. It could also result in increased software piracy, due to the increase in cost of software, and the extra delays in releasing it.
--
Timothy Pollard
Bachelor of Information Technology (Software Development)
http://blog.timp.com.au
1. I've emailed this to the ABC, my local member, and the Federal Minister and Shadow Minister for Broadband, Communications and the Digital Economy.