| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: pauls at utdallas.edu (Schmehl, Paul L) Subject: [inbox] Re: CyberInsecurity: The cost of Mo nopoly > -----Original Message----- > From: Michael Smith [mailto:mike@...e.com] > Sent: Tuesday, September 30, 2003 9:54 AM > To: full-disclosure@...ts.netsys.com > Subject: RE: [inbox] Re: [Full-Disclosure] CyberInsecurity: > The cost of Mo nopoly > > I think the point is that most people expect their cars to be > operational and do NOT do the maintenance themselves... they > DO outsource it to a mechanic. The average user has A LOT > less control over their car than their computer. A car is > basically a single function unit, point A to point B. > Computers never have been nor ever will be that one > dimensional. At the most, I think we could hope for users > who learn to know better than to try to do the 'maintenance' > on their computers themselves. > Oh come on. We don't expect our mechanics to brake and steer for us, fer cryin' out loud. We're not talking about *maintaining the computer. We're talking about *operating* it. Things like passwords, awareness of attachment dangers, the need for routine patching (think oil changes) and up to date antivirus software (think gas). The car mechanic takes care of repairs and maintenance, yes, but the driver is the one who has to bring the car in. That means they have to be *aware* that maintenance is required. They have to realize that if they don't change the oil every 3000 miles they will have long term problems. The same thing is true in computing. Users must realize that maintenance is required, and it's their responsibility to "bring it in" for maintenance. They can't just blithely assume that IT is doing it for them. They need to *know* if it's overdue (think missing patches) or requires an overhaul (think new OS.) We don't let people drive cars without some proof that they know how. We don't even let them neglect the maintenance any more (think emissions inspections.) Why should we let people use computers with no training, no awareness of the potential trouble spots, no idea what they're getting in to? That's insanity. And that's why we have hundreds of thousands of infections with every new iteration of a worm or virus. And IT people contribute to the problem by throwing up their hands and saying that the users don't want to learn or can't be taught. They *must* be taught. There is no other way to solve the problem. Paul Schmehl (pauls@...allas.edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/
Powered by blists - more mailing lists