SecurityVision 2009 Lacks Security Vision

In the past week, I attended an IDC conference SecurityVision 2009. Something quite strange was said during the opening address which kind of surprised me. The speaker was admitting to having a virus on her computer which she could not get rid off. Her “IT people” were unsuccessful either. But it was okay, because (so she explains) the computer did not do anything dangerous except causing some annoyances on her display. What kind of IT security are you trying to teach people?

How can it be that a virus cannot be gotten rid off? How can anyone be so certain, particularly since one clearly doesn’t understand it enough to get rid of it, that the virus was not doing anything fishy in the background? If this is the kind of messages we get from an IT security conference, how can we expect the lay-person to understand IT security any better? This is truly alarming.

All the “IT experts” say IT security is important. Personally, I feel it is important too. But it is quite disappointing to see IT people treat the topic so lightly. Particularly, at an IT security event.