Pages: pp. 8-9
With respect to certain security suggestions Michael Caloyannides made in his article "Online Monitoring: Security or Social Control?" (Privacy Matters, Jan./Feb. 2004), I would like to add a few comments.
On page 82 the author states, "Given the near weekly discovery of major security flaws with Microsoft's Internet Explorer, I recommend switching to Netscape or Opera immediately." First, is Netscape or Opera fully functional or compatible with Windows, or should we also switch to another operating system? This also involves certain support issues. In other words, is it easier to support Netscape than IE? Given that IE is preinstalled with Windows, there might not be sufficient reason to take it off unless it is either extremely insecure or difficult to use.
Caloyannides further recommends switching from Outlook or Outlook Express to "another email client such as Eudora." The situation is similar to the IE example. I'd also like to point out that users' preferences will likely be based on the email utility's suitability for their purposes. As we know, many organizations have deployed Microsoft Exchange Server technology, which has full integration with the Outlook client. Unless people decide not to use Exchange Server, changing to another email application could affect functionality.
The author states that users should "never open any HTML-enabled file (such as Word or Excel) while online." Yet the beauty of email is that we can send not only messages but also attachments. Although attachments can serve as security holes, the trade-off between security and convenience must be carefully evaluated. To stop opening or even to block Word or Excel attachment could significantly reduce email's value as a communication tool.
Finally, as an administrator responsible for dozens of servers, upgrading service patches, downloading, and installing software are almost routine acts. It is hard to imagine how to follow Caloyannides' recommendation to "never go online with administrator privileges, regardless of what you renamed the administrator account to," without affecting efficiency.
I agree that security is important, but usability is equally a concern. I believe that a strong (network-level) firewall together with good antivirus programs for both mail servers and desktops already provides an "optimized" solution. In addition, data backup and workstation imaging are necessary to prepare for the worst. That way, we can avoid going as far as giving up our current systems or being scared by every email attachment.
University of British Columbia
In reading the article "Balancing Video-Game Piracy Issues" (Pam Frost Gorder, Jan./Feb. 2004), I thought that any discussion of piracy should also ask the following questions:
These questions can be asked for products other than games, including music, movies, and applications. I do believe piracy is unethical, and a reasonable effort should go into preventing and discouraging it, as well as into prosecuting those who gain "benefit" from the act of piracy. That said, I also think a more balanced approach should be developed.
Got comments? IEEE Security & Privacy welcomes all communications from its readers, whether to comment, make a point, or express an opinion about our pages or Web site. Letters will be edited for clarity and brevity. Please send your comments to lead editor Kathy Clark-Fisher at firstname.lastname@example.org. Or you can log onto our community forum to post your views with your peers. Please visit www.ieeecommunities.org/securityandprivacy/.