Has Microsoft made life easier for cyber criminals?

Target data breach: Why UK business needs to pay attentionSince the introduction of Windows 3.0 in the mid 1990’s, we have been a slave to the GUI (Graphical User Interface) when we use computers.  This process was only sped up by Apple’s introduction of the mouse, which made it possible to click on whatever you wanted.

Through all of the iterations of both the Windows and the Apple IOS, we have gotten more and more accustomed to interacting with our computers through pretty graphics.   The only people that avoided this were the hard core Linux and Dos users, but in most cases even they have now come around with the new iterations of the free operating system.

Most users of a GUI have very little idea of the actual functioning of their operating system, or of what is happening when they click to download a program or file.  Double clicking on something on the screen is very easy to do, and seems risk-free—this is something that the cyber criminals are very aware of, and they use it surprisingly well for their nefarious ends.

I recently did a house call to an elderly person, the parent of a client.  Their computer was really slow.   I looked at it and was surprised that it was still functioning.  Never mind the nine search bars attached to Internet Explorer; there were 139 updates to be applied, and 19 applications starting on boot-up.  There was also a very outdated version of Norton on the system that had not been updated in about 18 months.   Considering all this, the computer was functioning amazingly well, but it was still in serious trouble.

Of course, the owner had no idea they were doing anything wrong.  From their perspective, they didn’t know anything about the dangers those updates were designed to protect against, and there was no reason not to download those “free” search bars.

This is what the bad guys do.  They confuse us, and they are very good at doing it.   Ever tried to download a program from one of those software directories?   The program that you are after is buried under pages of other crud; when you get to the program you want, it is bundled with programs that you do not need and do not want, and in some cases the program is riddled with malicious code designed to steal everything from you.

We have been trained by Microsoft and Apple to think that clicking on something is OK.  In today’s world we are often clicking with our finger instead of a mouse, but the premise has not changed.  We still need to click on something.

So we need to change the focus.  It is no longer safe to see something and click to download it, without any intervening thought process.   It is no longer in our best interest to take everything on the internet as “SAFE.”   We have to revert back to our basic instinct, the old flight-or-fight mentality of our ancestors.  It is now more important to be paranoid, use common sense and not trust anyone unless they have given us a reason to trust them.

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.