lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <871080DEC5874D41B4E3AFC5C400611E03F60BF0@UTDEVS02.campus.ad.utdallas.edu>
From: pauls at utdallas.edu (Schmehl, Paul L)
Subject: [inbox] Re: CyberInsecurity: The cost of Mo nopoly 

> -----Original Message-----
> From: Michael Smith [mailto:mike@...e.com] 
> Sent: Tuesday, September 30, 2003 9:54 AM
> To: full-disclosure@...ts.netsys.com
> Subject: RE: [inbox] Re: [Full-Disclosure] CyberInsecurity: 
> The cost of Mo nopoly 
> 
> I think the point is that most people expect their cars to be 
> operational and do NOT do the maintenance themselves... they 
> DO outsource it to a mechanic.  The average user has A LOT 
> less control over their car than their computer.  A car is 
> basically a single function unit, point A to point B. 
> Computers never have been nor ever will be that one 
> dimensional.  At the most, I think we could hope for users 
> who learn to know better than to try to do the 'maintenance' 
> on their computers themselves.
> 
Oh come on.  We don't expect our mechanics to brake and steer for us,
fer cryin' out loud.  We're not talking about *maintaining the computer.
We're talking about *operating* it.  Things like passwords, awareness of
attachment dangers, the need for routine patching (think oil changes)
and up to date antivirus software (think gas).  The car mechanic takes
care of repairs and maintenance, yes, but the driver is the one who has
to bring the car in.  That means they have to be *aware* that
maintenance is required.  They have to realize that if they don't change
the oil every 3000 miles they will have long term problems.

The same thing is true in computing.  Users must realize that
maintenance is required, and it's their responsibility to "bring it in"
for maintenance.  They can't just blithely assume that IT is doing it
for them.  They need to *know* if it's overdue (think missing patches)
or requires an overhaul (think new OS.)

We don't let people drive cars without some proof that they know how.
We don't even let them neglect the maintenance any more (think emissions
inspections.)  Why should we let people use computers with no training,
no awareness of the potential trouble spots, no idea what they're
getting in to?  That's insanity.  And that's why we have hundreds of
thousands of infections with every new iteration of a worm or virus.
And IT people contribute to the problem by throwing up their hands and
saying that the users don't want to learn or can't be taught.  They
*must* be taught.  There is no other way to solve the problem.

Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ