It’s hard to maintain a secure environment if everyone involved doesn’t take on some degree of responsibility. I’d hope that someone who was told their machine was part of a botnet would immediately want to fix the problem, but it seems that hope might be naive.
picture from Shutterstock
Mike Rothery, first assistant secretary for the national security resilience policy division in the Attorney-General’s Department, discussed this issue at the Digital Security Summit in Canberra yesterday. He noted that experience with AusCERT and other government bodies found that many people were entirely indifferent when informed that their computers were insecure:
About one in five people who are contacted and told their home machine is part of a botnet go ‘so what?’
A typical scenario is that an old machine has been passed on to kids within the family. Under those circumstances, some parents disclaim all responsibility, Rothery said. Not only does that help botnets remain active, it also means multiple generations of people clueless about security emerge.
Under the circumstances, part of me hopes those parents end up with a massive bill for excess bandwidth. In an enterprise environment, this exact reaction wouldn’t happen, but the responsibility for fixing the problem is likely to be bounced straight back to IT.