Stop blaming the victims

“Laziness is compromising our online security.” That’s the headline and message of an article by Lee Matthews over at ExtremeTech. Here’s the basic gist of the argument:

Basic security, such as updating web server software, is easy. Most people don’t do it. Therefore, most people are lazy. This is a core cause of the Web’s security woes.

This is a classic case of “blame the victim,” and if anything is lazy here, it’s the thinking. Keeping software up to date isn’t easy. Consider WordPress, which has made things much easier in recent years with its one click update feature. Except, in reality, it’s still not really one click. First you have to logged in to even know that there’s an update available. Then, when you click, you’re encouraged to back up both the database (another one-click operation) and your files (a manual process involving connecting via FTP to your web server). Then, after you update, you might still have to update plugins, and of course you have to check that the update didn’t break anything. As for updating the underlying PHP platform, this is often impossible for a site owner using a shared hosting plan and non-trivial for hosting providers that risk breaking their customers’ PHP applications in the process.

Even when things are easy, people have various reasons for not doing them. Laziness is just one. Maybe updating WordPress is less important to their lives or their businesses right now than other items on their to do lists. Maybe they don’t understand the security implications of not updating WordPress (which could affect how they prioritize it). Maybe they’re overwhelmed by all the things each week that they’re supposed to update: smartphone apps, the operating system, web browser, plugins, etc.

The technology industry still has a long way to go to make technology easy to use securely and to keep secure for users. Most of those users are not tech geeks like the readers of ExtremeTech. And the majority of them, most likely, aren’t lazy.

Advertisements

2 thoughts on “Stop blaming the victims

  1. “Keeping software up to date isn’t easy.”

    There are a lot of tools available that allow users to keep their software up-to-date, such as Secunia’ Personal Software Inspector (PSI).

    Rightly or wrongly so, users and system administrators are the primary reason computer security is a problem. There is more to it than laziness, but it’s a good place to start! LOL

  2. Well, this particular ExtremeTech article was about keeping web server software up to date, not desktop software. And it specifically bemoaned the fact that lots of websites are using outdated versions of WordPress and PHP. Which is, indeed, a problem, and one that webmasters have an important role in solving.

    On the desktop side, tools like PSI are great, and I wish more people used them. Then again, most people don’t even know such tools exist or that there’s a need for them. Users absolutely have a responsibility to keep their systems up to date. But the industry also has a responsibility to do a better job communicating what is expected of users and making it easier for users to meet those expectations.

Comments are closed.