[LINK] Perspective on security! [was: Security efforts hindered by untrained users]

Stephen Wilson swilson at lockstep.com.au
Thu Jan 31 11:32:49 AEDT 2008 

Jeez ...

>> it's like their brain just switches off - they've made the decision that
>> it's too hard or too much effort (or that it's "easier" to get someone
>> else to do it for them) and they revert to being a pathetic, helpless
>> child.
>
> Yes, noticed this too. I think there must be some fundamental brain
> mechanism at work here -- the equivalent of rabbits freezing in the
> headlights, maybe?

I'm surprised by the naked contempt displayed in many of these comments 
for regular computing users.  Even the self-evident jokes in this thread 
drip with sarcasm reflecting an unhelpful air of superiority.

In many ways, commodity computing today mirrors the state of the 
automobile industry c. 1900s.  You had to be a technical wizard to get 
the most out of a car, to operate it safely, to maintain it.  The supply 
chain was still very complicated, no one-stop-shops back then.  And no 
traffic rules either, or driver licenses, or road worthy certificates. 
The "business case" to buy an car instead of a horse was shaky.  But I 
digress ...

With regards security and usability, let's retain some perspective. 
We're in the very early stages of a new technological revolution.  The 
deep deep knowledge that is required to safely operate computers (to 
make sense of dialog boxes and security warnings etc etc etc) may well 
become unnecessary in another decade.  The Internet might adopt the 
sorts of embedded security mechanisms that are needed to safeguard 
privacy and security (as opposed to sharing physics papers as the WWW 
was originally intended to do).  And PCs might adopt proper security 
firmware (like Trusted Platform Modules) to make them safe enough to 
double as ATMs (as opposed to playing video games and writing BASIC 
programs as the Wintel platform was originally designed for).

[Or maybe things won't get better.  My fear is that software still 
advances too quickly for hardware and standards to keep up.  Speed of 
development after all is why we have software, but it takes discipline 
to engineer the stuff properly, including testing.  I would speculate 
that if cars were made of software instead of alloy, and took hours to 
modify instead of years, the auto industry (including its standards and 
safety regulations) might have never settled down as it has.]

Meanwhile, let's approach security and usability with a blend of good 
software design, testing, human factors engineering, education, support 
services, cryptography and so on.  And stop with the glib blame game, 
like 'if the bloody users only educated themselves, it would all be OK'.

Cheers,

Stephen Wilson
Managing Director
Lockstep

Phone +61 (0)414 488 851

www.lockstep.com.au
-------------------
  * Lockstep Technologies: ICT Secrets of Innovation Finalist 2007
  * Lockstep Technologies: Anthill / PwC Cool Company Finalist 2007
-------------------
Lockstep Consulting provides independent specialist advice and analysis
on authentication, PKI and smartcards.  Lockstep Technologies develops
unique new smart ID solutions that safeguard identity and privacy.

More information about the Link mailing list