Normally I probably wouldn’t be criticising any effort to raise awareness of the need for properly protecting your home computer. After all, I banged on for long enough about government taking a role in this when I was at the Office of the e-Envoy.
The folks at NISCC (pleasingly pronounced “Nicey”) have responded to the challenge with a little site, itsafe. An odd choice of name – I guess it could have been ITsecure, SecureIT, SafeIT or any one of 1001 others, but it will do the job if enough people link to it (at which point the name of the site is irrelevant). The NISCC folks, on whom I relied more than a few times when at OeE, are a clever and capable bunch who also handle the UNIRAS site – a kind of tech-heavy version of itsafe.
Another odd thing about the site is that the home page of the site today lauds the launch event, where a Home Office Minister unveiled the site:
There was good press coverage though – the site is widely reported in the professional technology press (Computing etc) and even a bit of mainstream coverage with Mike Cross briefly referring to it in the Guardian (although I don’t think he meant his referral in a good way). A site like this will need to be linked to by tens of thousands of sites to be effective though. It will need to be seen as a definitive source, and that will take a lot more work.
The site has some useful stuff: there are a couple of “how to” ideas, e.g. how to update windows XP or office (but there isn’t a how to update MAC OS X or any other operating system). There is a single advisory – the definition for which is when the problem won’t affect enough users to justify an alert or email being issued – for problems in Firefox that can be fixed with an upgrade to the new version. With 25 million downloads already in less than 100 days, I think Firefox is gaining enough ground to perhaps be given alert of its own – if only to get the word out to yet more people that there are other options for browsers.
What worries me though is that the site is nearly empty. And if it’s to be a definitive source, it needs to have things that are hard to find elsewhere or that are much higher quality than you would find elsewhere; and information that is entirely vendor neutral.
There are plenty of things that could be featured that would improve IT safety – protecting against Spyware, with accreditation of sites with good downloads perhaps? The right browser settings to give best protection, with the risks that you are still exposed to. A detailed study of phishing emails and how to recognise them? Perhaps an archived list of security measures you should already have taken? Maybe, just maybe, a tool that assesses the security of your setup – one that checks if your firewall is on, maybe even collects data from your PC on settings? Would you trust government do to that for you? I’m not sure if I would – but there are plenty of other sites that I would trust even less. Government moving in here could create a sea change in vendor behaviour.
I always thought that government should provide a definitive source for all software patches you needed. You would log your configuration with a government site and then when you visited, it would know what downloads you need and would be apply to source them from a variety of places, bring them together, and allow you to download them. That would be a big leap of trust from where we are now, and it would require enormous vendor co-operation. But if government couldn’t put the stress on to get that, then who could?
Still, maybe it’s just me, reflecting on yet another poor rugby performance from my national side who have just lost to Ireland. Three losses in a row is enough to put any supporter in a bad mood (not even counting the fact that they’ve only won 5 games out of the last 14). The wooden spoon beckons – beating Italy would not count as not winning the wooden spoon. Perhaps I should support Wales more often.