lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <Sea2-DAV46fQSttwUWI00013d67@hotmail.com>
From: disposable001 at hotmail.com (Disposable001)
Subject: Subject: WinME firewalling

Some potentially worthless observations:

Older users tend to think of computers like the other appliances they're familar with: phones, fridges, record players, TVs, etc. Each box does one thing, and it should pretty much happen as soon as you turn it on. There may be some moderate configuration needs, but these can be learned as long as they don't change or look unfamiliar somehow (my advice would be to watch Grandma and actually see how she interacts with a phone, a TV remote and a car, probably her three most complex bits of engineering encountered to date).

To this end, I would try and map a list of the tasks she wants to accomplish (send/rec. email, go to a web address, print things, launch a local app, etc.), and then configure the machine to permit only the traffic and access necessary to accomplish them. Introduce as few variables as possible, and minimize the warnings and GUI clutter associated with using the system. If something doesn't work, it can be logged so -you- can fix it later, but it shouldn't ever present Grandma with technology decisions. It should just break, and maybe tell her to call you. That's it.

Many (most?) of the problems I fix doing end-user support come when the user is presented with the option to do something risky or harmful, and they make an ignorant choice. Minimize these opportunities and Grandma will stay out of trouble, and grow more confident with the system over time. At that point, you can start introducing more sophisticated options if she needs them for some reason.

I note that you mention no new hardware; is software OK? WinME is a trainwreck for security. Something with a fighting chance like 2KPro or XPHome might be better, and is certainly easier to manage and secure. You might upgrade her.

The tradeoff for making the security "invisible" and the user experience simpler is that you'll need to be more involved with support, esp. in the long term. I agree that simply expecting her to learn to use the system "properly" is a "technology priesthood" reaction, and not a solution by any means. Better to put in hand rails than to teach Grandma to skateboard.

Good luck!
R.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031110/2e97665d/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ