South Korea's Zombie PC Prevention Bill to make security software mandatory

http://www.zdnet.com/blog/security/...bill-to-make-security-software-mandatory/8487

 

They were doing good up until this point: "to empower the KCC agents, without a warrant, to “examine the details of the business, records, documents and others” of anyone upon mere suspicion that the person (individual or company) has violated the duty to use security software".

Bad, South Korea, bad. They should know better than to go this far. You can't complain about a country (North Korea) and then act just like them (U.S, you listening to this too?). It's becoming quite normal to create and rush through laws in the name of security. Governments, however, can't take all the blame. The media has a long, bad habit of sensationalizing and over-blowing things, from legitimate security threats all the way down to civil matters. When that happens, people get nervous. And when people get nervous, governments get nervous, and then we end up with over-reaching, impractical and unnecessary laws and court/government intrusions.

 

It would have been easier to just pass a law that no one is allowed to use Windows.

 

Well, the problem with that though, Chrono, is that Macs are vulnerable too. And, though I'm sure anyone who says it will verbally flogged, Linux isn't foolproof either. In fact, though off-topic, I get a little tired of "just use Linux" being the answer used for security problems. Security starts with users, and sensible, effective laws should follow to help those users. Unfortunately, users are still behind, and, instead of creating laws for users, laws are being created against them.

 

It's true that no OS is perfect, but my point was more that the Korean authorities are using the wrong solution. AV software is *not* a panacea to all security problems. The vast majority of people run such software already and yet botnets and malware are worse than ever. Such a law will only help line the AV vendors' pockets and will do very little to stop malware.

 

Very true, however, I don't think it was specified what security measures are to be taken. That really should be left up the user, though yes, I know, most will take the easy route and slap on a freebie AV. Much can be said for having the government require much better security...but the question is, will they teach their people how to use it? You can't just tell your citizens to run off and download an AV, AM, firewall and a default/deny app. Number 1, it's not fair to them. Number 2, you are asking for a lot of trouble once they get to screwing with it or their systems freeze up like a hairless cat in Antarctica.

If they're going to go through with this, then they need to have a serious, thorough education program/class for everyone, and not some half-arsed "FAQ" on some ISP page. If they do it right, this whole thing might work out with minimal damage (lets face it, users will be users, you have no idea what they'll do). If they just tell their people "This is the law now..get at it", then they are setting themselves up for pain that I don't even want to think about. And, no, it won't stop malware, even if they do it perfectly. Nothing will stop malware short of full blown government control. Which, with every new law announced and method of tracking people that gets created and used, seems to be where we're heading one country at a time.