I have been around computers for most of my life and for the past ten years I have been involved in corporate IT on both the network side and the programming side. I was reflecting on some of the changes and trends over the past decade and thought I would share them.
- We have realized that network security is important. Every organization I visit seems to have a firewall, antivirus, and windows updates turned on. Ten years ago it was every computer was connected straight to the internet with an exposed c$ share it seems like. Finally most corporate (and many home users) seem to have taken some basic security measures.
- Users still click on anything that pops up on the screen until they get the application/website to work. I have tried to educate people on this but it has become apparent to many of us in the industry that users just want things to work and it only when they go wrong that they care. For instance, my parents install every plugin they are prompted to as they feel that if it was bad their antivirus would catch it. I don’t fault them for it, it is just human nature. We expect the locks on our house to keep people out when it is simple to smash a window (or cut a hole in the wall). We are coming around the corner on this one and seeing that we can’t educate everyone and things need to just be more secure by default and leak less information.
- People care a lot more about their privacy now. People also don’t realize that most places gathering information don’t care about you as a person, they care about you as a demographic. Granted it is not a happy thought to know how much info about you is floating around but if it personalizes my searches and shows me advertisements for things I am interested in so what? It is only an issue (to me) if that information is used for nefarious purposes.
- Many more technologies are shipping with a more “secure by default” mentality. The *nix/bsd attitude has been like this since I can remember and Microsoft has really turned a corner and secured their products. I remember when a new client would tell us they were running an IIS server and we would just laugh, wipe the box, and install FreeBSD/Apache for them. Nowdays I only laugh when people have an Adobe product installed (we all do… so ha ha). Adobe has realized that this is starting to hurt them and are making a big security push like MS did years ago.
- Schools have not taught about security and they still don’t. I see a bit of growth in this area but I feel this is incredibly lacking. Every time I give a presentation and ask how many people don’t know about SQL injection someone still raises their hands. It is not acceptable to have developers that don’t even know about the most basic/common security holes and how to prevent them. It is like hiring an electrician that does not know how to use a circuit breaker: they might get by for years without an incident but it is bound to happen eventually.
- Phishing/scams/chain letters has risen and fallen a lot. I find most people I talk to realize that people are trying to scam them (or will ask others to see if it is a scam) and that they know if they don’t forward this message to ten other people a kitten will die (except for my sister).
- Piracy became common place. Back in the day it was technically difficult to find the software/music/movies and then crack it if necessary. Now my grandma can run a P2P client (or the vast array of other tools) to get her favorite songs. It is common place and it is sad. Not because I love big rich Hollywood types that complain about the money being stolen from them as they drive through Starbucks in a gold plated Bently. It is the fact that for such a huge market that they continually fail to make it simple to get the content we want quickly, conveniently, and be able to use it how we see fit. If I ran an ice cream store and everyone wanted paint flavored ice cream served off a piece of copper pipe you would see me at the hardware store every day. I think they are starting to get it and I hope to see some progress there so that everyone is happy (except me…. until I get a gold plated Starbucks).
- The goal of software development was and still is for the most part to deliver working software. Security takes a huge back seat and is almost never a first class citizen. I don’t see this trend changing much. The nice thing is that many languages are shipping in a more secure configuration which helps developers not leave as many gaping holes but I still feel that education is very important for developers.