Jack Goldsmith (New York Times) pleads
for a government regulation of computer security. I do agree with him
that some regulations should be implemented, also in Europe. We already
have laws saying that if you don't lock the doors of your house or your
car door, you're responsible for the consequences. But not every
computer or network breach can be avoided by regulations, and users
can't always be kept responsible. For example, one can't expect from the
everyday user to protect himself from zero-days. I would however
regulate the fact that users should have at least a firewall and
anti-virus, and that signatures should be updated on a regular basis.
Then if a user would for example be victim of a zero-day, and his
computer is used for larger attacks, at least he can say "I had
signature version such-and-such", and it can be deducted that his
anti-virus did not yet protect against this threat at that specific time
or date. I think at least a user should have an up-to-date anti-virus
and firewall, and if they don't they can be kept responsible.
