Security and the Common Coder

I understand that our intertubes, blogoweb, dumb-o-sphere, whatever the devil it is the children call it these days, we have super-big security risks:

Viruses.

Trojans. (Giggity!) …think more high-tech-Greek, Freud.

Worms.

Phishing. (Early, if you run on Dunkin’)

Once, I was on the other side. I rode Mr. Toad’s Wild Ride. It was a long, strange trip. And there were times that I actually did like it.

The problem was that, it was always extremely repetative. I’d fix the same problems over and over, which left little time (and money) to actually improve systems.

“Oh, that ‘illicit’ toolbar on your Internet Explorer? Yeah. That’s usually due to spyware. When you have free time, let me know when I can remove it for you.”

I’ve had my share of spyware infestations. By now, we all have.

So, I told you that story to tell you this one.

Yes, security is important. Absolutely.

But there is a point where too much “security” becomes a detriment, and will eventually break down the very fabric of the policy.

I do a lot of web surfing in the duration of the day. The majority of which are items that consider themselves forums: where developers post questions, ask for help, supply expert help, and get themselves recognized in a worldwide field.

Forums, by and large, are always blocked. Crisis averted. I’ve just lost the wisdom and approach of millions of other people who probably solved this problem before.

The other part includes blogs that educate me about strategies to better myself as a developer: to learn better strategies in which to practice my craft and build my skills. Maybe stumble upon* quality answers to complex problems so as not to reinvent the wheel (with corners**). Perhaps even save the project itself a load of time that could be used to a) meet the budget or b) add features.

Alas, blogs have a comment field. OMGWTFBLOCKZORZ! That comment spam is horrifyingly dangerous to the network! And some people use naughty words!

And I won’t even mention web mail. Hell, you probably can’t read this post at work because I just wrote the two words next to each other. Surely that picture of your niece at her second birthday is riddled with nasty bugs.

To be fair, a bit of my daily surfing is web comics. Yet, those, as the true productivity suckers of my day, aren’t blocked. Not that I’m asking them to be blocked; quite the contrary. Programming is super-draining, and we often need a quick distraction to reset our thought process. A few are, though.

Thus, we’ve reached the point where Google effectively indexes the “Blocked by NetNanny” page.

But, what exactly is the point of blocking the internet now?

The internet is riddled with virii, trojans, keyloggers, worms, and malware. It is a sad truth. And it always will be.

The internet is fundamentally insecure.

I submit, however, that the answer to security is not restricting access. For that tactic will infuriate users (yo), and create a false sense of said security.

“Hey, this machine runs an antivirus scanner constantly and all bad emails are automatically blocked. No bad things can get in here.”

Instead of trying to protect users from themselves, a better tactic need be formed. We need to educate users. Teach them to recognize the signs of fraud, incompetence, stupidity, and overall bad form. For this will transcend the internet and move into real life.

So, go ahead. Block us from this site, that site, everywhere a site, site. The infestation will happen anyway. Because, quite honestly, yes. We wanted to piss you off*.

Fix a user’s infestation, a user’s network goes down the next day. Teach a user to avoid an infestation, and a user’s network stays active for years.

**Not my bit, but, I absolutely identify with the idea.

*What? Sometimes I have a bad day, and someone must feel my wrath.