Bob Scoble writes eloquently about computer security. I especially like his description of how his wife’s heirloom jewlery is protected and uses that to make the point about layered security in computing.
I think a large component of the computer security “problem” is that this is really the first time that “normal people” have to contend with and understand security if they wish to be more secure. This is the first time in history that huge numbers of “normal” people have important “assets” that are under continued “attack”–computers on the internet.
Before now, people knew to have, or consider having, locks on their front door. They watch their wallet and handbag when walking through big cities. They lock their car doors when going into the grocery store even if only for a few minutes. Despite this, the vast majority of people hae never been “attacked”. Security incidents, even though worried about, just didn’t happen (to most people).
“Designed” security, say for heirloom jewelry, was designed by others. While normal people recognise that security exists, understood the need for that security, and even sought it (e.g. for jewelry or cash money) they didn’t really need to understand it. They don’t know how to establish an understanding of risk and controls. (They haven’t read Bruce Schneir’s books http://www.rmschneider.com/writing/Schneier_5steps.html).
In today’s world, “normal people” are now forced for the first time to really understand security on their internet connected computer. They feel they are under attack. They see evidence they are under attack. But they don’t know, and in general are not interested, knowing how to design a security system in defence.
They just want it taken care of, preferably by Microsoft.