While the article on the relative merits of Microsoft and Google (Microsoft vs Google: you choose, www.computing.co.uk/2244381) was good, it failed to mention information security as one of the main issues.

Availability was rightly mentioned, but not confidentiality nor integrity of information. If a company entrusts its information to a public cloud, what standards will protect that data and who will indemnify the firm should their valuable information leak or be maliciously modified or deleted?

Cloud computing has a place for business, but how big a place will depend on how much trust it can generate and not how capable or cheap the solutions are.

Peter Wenham

I called in to my doctors and asked to see my notes – to my horror there were 20 years of notes missing and incorrect information logged (Privacy watchdog concerned over electronic health records, www.computing.co.uk/2241874).

I went to my local MP and he said the same thing had happened to him and not to be concerned. But I am concerned – there are lots of things that are not correct either with my hospital notes or GP notes.

I just do not believe any of them. Where has all my information gone? No one seems in the slightest bit interested.

Gail Curtain

The issues affecting ContactPoint are not about data security – which will never be achieved anyway – the point is that most children don’t need this “protection” (Children’s database hit by problems, www.computing.co.uk/2239150).

The information itself is so woefully inaccurate and often vindictive that the database will cause misery to ordinary families, without helping seriously abused children one jot. Families in crisis need financial and practical support, not policing. The £250m would have been better spent by allocating £5,000 to each child in crisis.

Gary Orman

Whatever measures are included in the proposed identity cards to ensure security will instantly become a target for criminals and terrorists around the world (Gateway reviews must look at privacy, www.computing.co.uk/2211261). Any type of identity card, when illegally duplicated, has the effect of legitimising illegal activity.

Ask anyone involved in physical security and they will attest to the fact that in general, if someone appears to have a legitimate pass, it tends to allay the suspicions of those who are supposed to be on the lookout for criminals and terrorists.

Paul Vine

I am mourning the loss of a free internet (ISPs must comply with snooping law, www.computing.co.uk/2238170). Over the past 10 years, the internet has been slowly strangled by regulation and legislation – in the US as well as in the UK and EU.

Once governments realise that we users will continue to find ways around their monitoring – not because we have things to hide, but because we can and we do not feel that they have a right to know what we are doing – it will legislate against that technology, such as secure proxies and virtual private networking.

I cannot wait until we have full internet censorship as I am clearly not responsible enough to decide what I want to look at.

Ann Oided

I sympathise with Jason Davies and his malware issue (Suppliers have a duty of care to users, letters.computing.co.uk). But it is a myth that computers are secure out of the box against web attacks.

Default installations leave web browsers able and willing to accept unknown program code from unverified remote sources. But daft as this is, a whole generation of web development has taken this sloppiness for granted – relying on ever more active content, remotely served and essentially untrustable program code – even where it is not strictly necessary for the functioning of web sites. It is a vicious circle leading directly to the problem Jason encountered – you are forced to stay insecure or the service stops working.

Web developers and service hosts need to take more responsibility. If they are not concerned about our security, why should we care about their products or services?

Michael D Barwise

Recently, one of my PCs was infected with a virus. A few days earlier I had updated to Windows Service Pack 3, performed all the other updates, checked the firewall was on and the anti-virus definitions were current. After visiting a link from a Google search, a page opened and there was a short delay. I could sense that something was being downloaded, although I was not confronted with the usual warning bar along the top of the Internet Explorer window.

From this point on, Internet Explorer would redirect to an advertisement for some unheard-of anti-virus package that said my PC was infected. After further research and trying known fixes, the virus remained. I had to spend two hours reinstalling the operating system, drivers and other software. I do not use Firefox because it does not support the ActiveX controls that I need. Linux is not an alternative as I use some Windows-only software.

Then I saw the BBC Click TV programme, which said 25 per cent of UK PCs could be infected by botnets (BBC programme builds botnet, www.computing.co.uk/2238434). This is worrying, and I feel let down by the likes of McAfee and Microsoft, which have failed to protect people from attacks. Surely these large companies with high-level programmers can come up with a system that is robust enough to ward off some clever Russian boys in their bedrooms?

I don’t see that I should have to spend even more money on additional security tools. I have considered doing all my web browsing within VMware virtual machines, but the extra time loading it up after the host machine has booted means the temptation to use the big blue E on my desktop has been too great to resist.

Jason Davies

Valuable corporate data has been walking out the door ever since computers first printed reports (Ex-employees walking out the door with corporate data, www.computing.co.uk/2237015).

In the early days of data theft, the scope was limited by the volume of paper involved. These days, the amount of data at risk from illegal removal is virtually limitless. The proliferation of easily connected devices such as memory sticks provides fantastic capacity to quickly garner gigabytes
of mission-critical data.

In the meantime, information security is mainly entrusted to technology, as part of a box-ticking strategy, while the non-technical aspects of security go largely unchecked by anyone.

This head-in-the-sand approach is a ticking time bomb in too many firms.

Colin Beveridge

It will be interesting to see how the government plan to offshore more services fits in with the security standards that are being implemented to meet the Government Connect code of connection that local authorities and others have been working hard to meet (Government IT more likely to go offshore, www.computing.co.uk/2236616).

I for one would not like to complete the code of connection submission for an offshore company in India.

Steve Makin

These plans are sheer evil (How technology is revolutionising spying, www.computing.co.uk/2237195).

To adopt such Stasi methods will shred whatever privacy we have left. I have little faith that the Tories or others will oppose these plans.

The message is clear: If you don’t want the state knowing anything, don’t use the phone, internet, email or credit cards or drive a car. Use cash and communicate by post – and you’ll save the Post Office as well.

Michael, submitted on the web