Procrastination is Bad! (Also in Information Security)

ProcrastinationToday was the last day of activity of the FBI servers which replaced the rogue DNS used by the DNSChanger malware. They allowed people infected by the virus to continue to work “as usual“. I won’t come back on this very long story. You should be back from a trip to Mars if you are not aware of what happened. But this is a good opportunity to talk about “procrastination“. Wikipedia defines it as: “the act of voluntarily putting off a task despite consciously knowing that one will be worse off for having done so“. In other words, people tend to replace boring tasks by funny ones.

The DNSChanger story is a very good example of procrastination. First, people are failing to protect their computer. Setup backup & restore procedures, installing patches, updating softwares… These are so boring tasks! Let him who never clicked on “Upgrade Later” cast the first hard drive!

Then, once the FBI seized the rogue servers, why did they install servers with the same IP address? Ok… Instead of preventing thousands of people to surf the web, they allowed more time to people to fix their owned system. But for lot of them, they just postponed the problem. By stopping the DNS immediately, more people could be affected but sometimes an electroshock can have a positive effect.

According to security blogs (like the one of F-Secure), the shutdown of the servers is effective and did not produce major outages. Major ISPs deployed their own servers to make the life of infected people easier. It is a good thing? How much time money was spent to permit lazy people to access the Internet? This survey result says all. If procrastination is bad in the “real life“, it is also in information security! Install patches in no time, do not postpone your backups, upgrade, upgrade and … upgrade!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.