Usability of security software is partly to blame for low protection levels in many computers, according to international security experts. In a panel session at this year’s Australian Unix Users Group (AUUG) conference in Melbourne Wednesday, software security developers gave reasons why the IT industry is still at the mercy of so many problems.University of Auckland computer scientist Peter Gutmann said many security standards were written 10 years ago and have mostly just been tweaked since then. SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe “A lot of the security stuff is designed by crypto geeks, [and] because of a lack of usability, people can’t apply them correctly,” Gutmann said, adding that usability is just as important as “having a bunch of crypto and let people figure it out from there.” Gutmann said the protocols were designed without usability, and even if a user-friendly GUI could be put over it, it is unlikely the original developers would accept it.“They would rather have 100 percent perfect software that’s unusable than 99 percent perfect software that is usable,” he said. OpenBSD developer Ryan McBride, who works on packet filter and IPSec code, lashed out at intrusion-detection systems, saying the technique has no way of detecting whether a virus is attacking a network. “I do IDS work in a Fortune 50 company and it’s a case of, ‘Oh look, another box has a virus—go turn it off,’ ” McBride said. “It’s very hard to automate turning things off in security.”McBride said IDS isn’t the place to solve the problem, but inside the software is. University of NSW School of IT senior lecturer Dr. Lawrie Brown said when looking at modern software, part of the problem is the enormous body of unsafe software that people continue to use, which propagates vulnerabilities. Brown said there is also a mindset within the general population that computers are relatively new and people are unaccustomed to the importance of information security. German network security PhD student Tobias Eggendorfer seconded this by saying end users are not educated to deal with security threats. “It will take 20 to 30 years to educate people about computer security,” he said. “You wouldn’t give your house key to someone, so why do the same with your password?”-Rodney Gedda, Computerworld AustraliaRelated Links: ‘Geek Speak’ Driving New Wave of Spam Celeb Sites New Best Way to Pick Up MalwareCheck out our CIO News Alerts and Tech Informer pages for more updated news coverage. Related content opinion Four questions for a casino InfoSec director By Beth Kormanik Sep 21, 2023 3 mins Media and Entertainment Industry Events Security brandpost Four Leadership Motions make leading transformative work easier The Four Leadership Motions can be extremely beneficial —they don’t just drive results among software developers, they help people make extraordinary progress wherever they lead. By Jason Fraser, Director, Product Management & Design, VMware Tanzu Labs, Public Sector Sep 21, 2023 5 mins IT Leadership feature The year’s top 10 enterprise AI trends — so far In 2022, the big AI story was the technology emerging from research labs and proofs-of-concept, to it being deployed throughout enterprises to get business value. This year started out about the same, with slightly better ML algorithms and improved d By Maria Korolov Sep 21, 2023 16 mins Machine Learning Artificial Intelligence opinion 6 deadly sins of enterprise architecture EA is a complex endeavor made all the more challenging by the mistakes we enterprise architects can’t help but keep making — all in an honest effort to keep the enterprise humming. By Peter Wayner Sep 21, 2023 9 mins Enterprise Architecture IT Strategy Software Development Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe