Have your say at computerweekly.com
Companies are at risk from staff ignorance
In response to Bill Goodwin's article on the need for companies to improve the security
awareness of their staff and reports of the MyDoom virus
We need to close the door on viruses before they hit the desktop. After all, staff rarely open an e-mail and launch a virus or worm on purpose; generally they are simply unaware. By placing network protection at the gateway, the risk of virulent code being unleashed is eliminated. The feeling is still "it will never happen to me". If MyDoom infected 100 million e-mails in its first 36 hours, how long will it be before your company becomes a victim?
Jonathan Mepsted, regional director, Fortinet UK & IE
No matter how sophisticated the software implemented, or how many times security policy is repeated, people are still not taking the danger of opening an unsolicited e-mail seriously enough.
Name and address supplied
The "it will never happen to me" attitude towards viruses is a flawed philosophy because demographic, location and those factors that go some way to protecting a person from mugging or burglary, do not exist on the internet. A PC in a bedsit in South London is no less protected than a PC in a library in Chigwell.
There is also a perception by users that they are the only losers in the battle against viruses, and the likes of Norton, Symantec and MacAfee are winners. Therefore there is a reluctance line the pockets of these anti-virus companies.
The sooner anti-virus measures are built in to the operating system the better. In addition, centralised control, much like Messagelabs uses, must be implemented nationally at ISP level by government across the internet with public money. That cannot cost much compared with tax revenues and the positive impact on the economy must easily offset the cost of maintaining the system. Once done internationally, I believe viruses will die out as virus writers realise there is no point in trying.
Bill Self, IT manager, London
Every ISP should require its subscribers to have known, effective, anti-virus software installed before connection - and back this requirement up with the ability to automatically test any machine trying to connect for the presence of such software.
The outbreak of the MyDoom virus last week only serves to emphasise the findings of the Computer Weekly survey into company security.
Name and address supplied
Strong bank security is better than education
In response to Bill Goodwin's article on phishing alert systems
Although I wish I could share the view of Stuart Okin of Microsoft, I feel his view on the need for customer education around website/e-mail authenticity simplifies the problem of online fraud.
Education will go only part of the way. Banks will lose customers if they do not display more visible and proactive signs that they are tackling fraud. Most security measures appear to be flawed - both in terms of using weak log-in and password processes and the methods used to validate an individual's identity at time of application for services such as opening accounts.
Banks need to make changes that will protect them and their customers from identity theft. Technologies such as biometrics and smartcards could be used to reduce these problems.
There will always be those who will attempt to breach banks' security. This leaves banks with one option - to ensure their security is as strong as it can be, so customers do not take their business elsewhere.
Ann Hosford, business development manager, Fujitsu Services
This was first published in February 2004