Published January 13, 2015
The president's computer security adviser asked technology executives Tuesday for a shopping list of changes, including bundled security software for high-speed Internet users and a new way to get software updates on personal computers.
Richard Clarke told software companies that their responsibility doesn't end when they fix a hole in their products that could let hackers in.
"The problem is that people do not apply those patches," Clarke said, citing the viruslike Code Red and Nimda outbreaks earlier this year. Both took advantage of holes that had been publicizths in advance.
Clarke estimated 90 percent of virus attacks could be stopped if software firms did more than just placing the patch programs on their Web sites.
"It is not beyond the wit of this industry to force patches down" to users, Clarke said.
Home users can be a target of hackers as well as large companies and governments. Hackers sometimes target people who have high-speed Internet access, taking control of their computers and using them for further attacks.
Clarke, speaking at the Business Software Alliance's first Global Tech Summit, said high-speed Internet providers must protect their customers.
"People who sell cable modems and (digital subscriber line) modems should sell it packaged with firewalls," Clarke said. Home firewalls, as well as antivirus software, provide an extra layer of security against hacker attacks.
The Business Software Alliance includes top software companies such as Microsoft, Adobe and Symantec.
Software companies should ship their products with security levels set to their highest settings, Clarke said. Software firms try to strike a balance between security and usability, and say their customers want more features rather than stronger security.
"It will not be an afterthought anymore," Clarke said.
Clarke also promised the government would be more open with the private sector, and asked the companies to help him develop a national strategy for dealing with Internet threats.
"America built cyberspace and America must secure its cyberspace," Clarke said.