Ever heard of Michael Fiola? Thousands of people in Massachusetts have, and thanks to the swiss-cheese security of Microsoft’s Windows operating system, they think he’s a child pornography peddler.
I’ve always warned people about the security risks of using Windows, but this is one I never saw coming. Sure, viruses and spyware can obliterate your work documents, bring your finances to a grinding halt, or nuke your collection of family photos, and sure, the really bad ones can be gateways to identity theft … But in Michael’s case, a virus almost landed him in prison.
Thanks to the insecurities of Windows, the virus on Michael’s work-issued computer busily set up shop distributing child pornography. It was a smart little bugger – it snagged “content” from all the seediest sources, and hastily redistributed it by the gigabyte. The IT folks at Fiola’s then-employer picked up on his higher-than-usual Internet “usage”, and recalled his now-infected laptop. On finding out what was now living there, they promptly fired Michael, and filed criminal charges. “They destroy[ed] our lives,” he said after the smoke cleared.
As it turns out, Michael had the good sense that his [now former] employer lacked: he hired a computer forensics expert, and they went to work figuring out where all the porn came from. After a month of carefully reconstructing what had occurred – under the radar of the IT department, their “antivirus” software, and Fiola’s awareness – they presented their findings and the charges were dropped.
Meanwhile, Michael Fiola had to go find work in another state, his family shellshocked and his life overturned and violated. Granted, a lot of things had to happen the wrong way to end up at this result: The IT department had to mess up Fiola’s antivirus configuration. The virus had to infect his machine. The network folks had to notice his increased usage, and the techs had to uncover the virus’s porn stash. The Massachusetts DOIA had to make the decision to fire Fiola without a proper forensic investigation, and they had to choose to go public with their decision. But if the machine had been secure in the first place, none of it would ever have happened.
If you’re reading this blog entry from a Windows PC, take a second to think about what security means to you as a computer user. Insecurity could mean that your resumes, family pictures and financial records might all be gone (or at least hopelessly inaccessible) by the time you wake up tomorrow morning, or when you return from getting a cup of coffee. It could mean that your “digital personal effects” – maybe your journal, maybe your finances, maybe your political aspirations, maybe your protest plans – might be aired for all to see. It could mean that, when you go to bed tonight, someone halfway around the world could be logging into your bank accounts and helping themselves to your hard-earned identity.
Or, as Michael Fiola found out – the hard way – it could mean that someone, or some faceless piece of malicious code, is able to commit one of the most heinous of human crimes in your name. I’m glad that Michael has been exonerated, but I’m saddened by the fate he’s been forced to endure at the hands of cowards who inhabit the darkest parts of the digital world.
I’m not trying to scare you out of using Windows. I’m just trying to make it clear that if you do choose to use Windows, you should invest in good security software, and know how to use it and keep it updated. And if you’d like to consider an option that’s more secure by design, then we can talk about Mac OS-X or Linux.