Computer security: We're part of problem

Greed may be behind the nation's breaches in computer security, but companies offering products consumers don't need and the public's willingness to accept them have not helped, according to an expert on the subject.

Eugene Spafford, a professor of computer sciences at Purdue University, told those attending Thursday's installment of the January Series at Calvin College that you are almost on your own when it comes to protecting personal information transmitted through computers. As executive director of Purdue's Center for Education and Research in Information Assurance and Security, Spafford has counseled two presidents, the National Security Agency and the FBI on computer security matters.

"Most of our problems are things that wouldn't be there if students had paid attention during introductory courses, but they are there," Spafford said, adding an estimated $100 billion yearly is lost worldwide because of computer-related crime.

Among the leading causes are computer manufacturers and software designers continually offering more powerful systems than the average user needs, and programs that create vulnerabilities with continued updates.
The other problem, of course, is the public accepts the current trend, Spafford said.
"Your average home system has speed and connectivity far beyond what is necessary," Spafford said. "That leaves a lot of room, most of which is used for spyware, viruses and worms.
"We have developed a culture of patching where we are used to repeated, temporary fixes. There are few other products where we accept this rather abysmal performance, and we treat it as a matter of course."
The most important preventative medicine is using some common sense and keeping security software and firewalls updated. But that can be tricky in a world where two new worms or viruses are created every hour of every day, Spafford said.

"That means your anti-virus software has to be updated about every 20 minutes," Spafford said. "If someone walked up to you on the street and said, 'I'm with your bank. There's a problem with your account. Please fill out this 3-by-5 card with all of your personal information,' I doubt you'd do it, but that's what they're doing online."

And according to Spafford, don't wait for the government to come to the rescue anytime soon.
He said the Department of Homeland Security, long touted as a white knight in the fight against computer crime, is spending less than 1 percent, or about $16 million of its $1.3 billion budget, on the issue.

"The Department of Homeland Security is spending more making sure you don't carry a pair of nail clippers on a plane than they are on cyber security," Spafford said. "Which do you think is more dangerous?"