lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
From: tobias at weisserth.de (Tobias Weisserth)
Subject: Who's to blame for malicious code?

Hi Paul,

a few last words since this is going into "repetitive mode" now ;-)

Am Do, den 22.01.2004 schrieb Schmehl, Paul L um 00:44:
...
> It's an impossible goal.

I know :-)

Of course it's impossible. It's as impossible as trying to change end
users.

Yet we have to try because it is still _easier_ than to change end
users. We can't control end users. As long as "Basic Internet Security"
isn't being teached in Kindergarten then there will always be new
uneducated users who will make the same stupid mistakes time and again.

The products we design are in our hand. We can adapt them, we can change
them according to users behaviour.

The ultimate ideal of the perfect "fool-prove" product design may never
be reached but we can't load off responsibility in front of users doors
("You haven't patched!!!") when a simple measure on our side would have
eased the situation (like turning off risky features by default).

Of course it's not wrong (but pretty useless) to tell people to use
personal firewalls and anti-virus software but not before you have done
everything on your side to improve things.

I will leave you with this since I have basically stated my position and
the private replies I got from some people here on the list reassure me
that this discussion has not been in vain.

kind regards,
Tobias W.


Powered by blists - more mailing lists