Built-in security needed to restore consumer confidence

Poorly engineered products and media hype are deterring users, say experts

The prosperity of ecommerce and e-banking is being undermined by user insecurity and overly complex products, according to experts speaking at the annual Information Security Solutions Europe (ISSE) event in Rome.

In a panel debate, Peter Keller of telcoms firm Swisscom argued that as many as a third of all consumers may be limiting themselves to browsing and using email, because they are too afraid to attempt more complex procedures online.

He blamed scaremongering among the mass media, and poorly engineered and difficult to use products as major causes of user insecurity.

Security expert Bruce Schneier agreed, explaining that internet service providers could play a vital role in providing the same support and protection for consumers as corporate IT departments do for enterprise users.

“Computers are fundamentally too hard to use but we’re all using them,” he said. “Home users don’t have an [IT department] but ISPs could fulfil that role.”

Swisscom’s Keller also argued that vendors must provide better security information to their customers to explain the “true risks rather than confusing them with too many security messages”, and added that regulation may be required to enforce quality and reliability of some products.

Michael Howard, a senior Microsoft security manager, admitted that Microsoft has in the past been guilty of bombarding users with overly technical information.

“Users don’t make good trust decisions partly because they don’t know what’s going on,” he argued. “Some of the dialogue boxes we’ve given no-one would understand.”

He added that technology vendors cannot assume any level of education in the end user, therefore it is fundamentally important that products are manufactured with security measures built-in as standard.

“We’re going to provide these baseline defences in the operating system to protect you and then provide the functionality to unlock things if you are an alpha geek and want to do this,” he explained.