Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Kevin Wilcox (kevintux.appstate.edu)
Date: Fri Feb 06 2009 - 08:36:32 CST
2009/2/6 Yudi Rosen <yr42.listsgmail.com>:
> But Joe the Plumber doesn't want to have to click on endless 'confirm'
> dialogs every time he tries to use the computer. Simply having him run as a
> non-admin user only fixes half the problem.
No, it doesn't fix anywhere *near* half of the problem; it doesn't
address that we have millions of people that use their computers
without knowing anything about them.
"But not every car driver needs to be a mechanic!" Yes, I know this,
but every driver needs to know that there are laws and rules
concerning how they drive and what happens when a 1200 kilogramme car
hits a 100 kilogramme pedestrian at 70 kilometres/hour. Every driver
needs to know they need to have their tyres rotated and their oil
changed. There are things you must know beyond, "accelerator,
decelerator and steering wheel".
"But a computer isn't going to kill anyone if someone gets infected by
a virus or trojan!" Yes, I know this, too, but if you're mixing
questionable software and surfing habits with online banking and
shopping, it's a recipe for destruction. Welcome to identity theft and
empty bank accounts.
We can either continue to pretend like it's *only* really crappy
software or we can realise that it's a combination of easily
exploitable software, user ignorance and user apathy. You can give
them an operating system that has been vetted and been through
multiple code reviews by people that really do know secure OS design
but they wouldn't be able to accomplish anything at all. So what do we
do? We give them operating systems that are less secure, hope they
don't shoot their feet off and turn them loose with it - but we don't
shoulder the burden of training them. Some of us do but we, as a
collective, do not. Until we can properly educate our users, all we
are doing is trying to mitigate risk in the best ways we can while
still providing them a service. I maintain that by not educating our
users we are failing in that goal.
Far better is it to dare mighty things, to win glorious triumphs, even
if chequered by failure, than to take rank with those poor spirits who
neither enjoy much nor suffer much, because they live in the grey
twilight that knows not victory or defeat.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/