(Via Don Park:)
“Security companies need to start thinking more about helping users protect themselves by providing more information about what is going on and letting them play an active role in security. If something suspicious is going on, don’t let the information sit until probability crosses some security policy thresholds. Inform the user rightaway. Remember that, to the user, no news is good news so they’ll think what they are doing is all right unless they are warned away from dangerous edges.”
Although I can understand where this desire comes from, I’m not sure this is feasible. A good example how this does not work is personal firewalls. If Joe User installs a personal firewall and starts receiving intrusion warning, he gets the feeling he’s under attack and will most likely pull the plug.
Security requires the ability to judge whether an event is a breach of security or just normal network activity. Programs today are not good at doing this, and so are unexperienced users. I think that such a service would only work as a premium service, where experienced security people judge information coming from a consumer’s PC and alert him if they find something suspicious.