lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: tobias at weisserth.de (Tobias Weisserth) Subject: Who's to blame for malicious code? Hi Paul, a few last words since this is going into "repetitive mode" now ;-) Am Do, den 22.01.2004 schrieb Schmehl, Paul L um 00:44: ... > It's an impossible goal. I know :-) Of course it's impossible. It's as impossible as trying to change end users. Yet we have to try because it is still _easier_ than to change end users. We can't control end users. As long as "Basic Internet Security" isn't being teached in Kindergarten then there will always be new uneducated users who will make the same stupid mistakes time and again. The products we design are in our hand. We can adapt them, we can change them according to users behaviour. The ultimate ideal of the perfect "fool-prove" product design may never be reached but we can't load off responsibility in front of users doors ("You haven't patched!!!") when a simple measure on our side would have eased the situation (like turning off risky features by default). Of course it's not wrong (but pretty useless) to tell people to use personal firewalls and anti-virus software but not before you have done everything on your side to improve things. I will leave you with this since I have basically stated my position and the private replies I got from some people here on the list reassure me that this discussion has not been in vain. kind regards, Tobias W.
Powered by blists - more mailing lists