Ransomware and the Internet of Things
Ransomware is getting a lot of press these days. Especially with respect to the Internet of Things. Some security writers are throwing in the proverbial towel with the problem.
I think the solution is simple.
Distribute the load of related software development and only sell devices that use free and open source software.
Manufacturers of these products are only interested in profits. They could care less about security or after-sale support. Second, vendors have no incentive to maintain existing devices. They only want to sell new devices. This is the current popular economic and business model — rape the planet of resources.
Fair enough. Then use software that can be openly audited and patched.
Several free and open source projects already exist that could serve as a basis and common standard for vendors. By using such software vendors would reduce the cost of software engineering.
When the device reaches vendor end-of-life (EOL), nobody will panic because the software can still be patched and updated.
Devices using only free and open source software will be big sellers because the code can be reviewed by security experts and consumer protection advocates. Worrying about EOL and security becomes a non-issue.
There is no need for the illusion of political regulation. Free and open source code is fixable by thousands of people. Regulation will end up like anything else — a fuster cluck with those who can afford to buy politicians winning the day.
A nice industry would arise for people who can help non technical users keep their devices updated in a secure manner.
Many vendors do not want to use a common or standard code base because that would disclose how the vendor tracks and data mines customers. Similarly, without the tracking and data mining efforts, which foolishly expose unnecessary open ports, many of these devices likely would be secure out of the box.
Another reason vendors won’t use free and open source software is customers can keep using their products for many years rather than being coerced into replacing and buying new every three years or so. There would be no additional sales with such customers.
Posted: Commentary, Usability Tagged: General
Category:Next: Not Your Fault
Previous: Advertisers Are Sick People