[LINK] Perspective on security! [was: Security efforts hindered by untrained users]

Thu Jan 31 12:12:27 AEDT 2008

Stephen Wilson wrote:

> I'm surprised by the naked contempt displayed in many of these comments 
> for regular computing users.  Even the self-evident jokes in this thread 
> drip with sarcasm reflecting an unhelpful air of superiority.
> 

Even as a long standing member of this list, I think I agree with you 
Stephen, the views we express on this list tend to be elitist on many 
occasions :(

[snip]

 > With regards security and usability, let's retain some perspective. 
We're in the very early stages of a new technological revolution.  The 
deep deep knowledge that is required to safely operate computers (to 
make sense of dialog boxes and security warnings etc etc etc) may well 
become unnecessary in another decade.

[snip]

I teach people to survive on the Internet whilst they are learning how 
to optimise their participation in the wired/wireless world.  How do I 
do that?

This is my best advice to those less well versed in this wondrous world 
we inhabit and it takes commonsense, and a very little bit of technical 
know-how, to implement:

1. I provide information and know-how about suitable safety devices - 
installing firewalls, antivirus, anti spyware tools in the windows 
environment and the need to keep these current at all times.  I also 
point out the limitations of these tools and the need for them to THINK 
about what they are doing.

2. I teach them what i call a 'cause and effect' strategy with respect 
to dialogue boxes.
* Did you do something that caused that (firewall/security device) 
dialog box to come up?
* If not tell the firewall no ie cancel/deny etc.
* If you did and it 'looks alright', it *probably is* ok to click 
allow/ok etc.
* If you aren't sure take the cancel option.

3. Be very conservative about where you go wandering in the web, just 
like you would if you were visiting a strange city.

4. If you read something on the screen and it sounds too good to be true 
had you read it on a flyer in your letterbox, then it certainly will be 
just the same online.  That is - don't suspend disbelief just because 
you are gob-smacked about the medium.

It's not the same as understanding what you are doing but it's a 
strategy that has largely worked for me over the years as I have 
acquired what Internet savvy I have got.

In the early years of the Internet (c1993) I used to advocate that the 
browser ought to be the 'only doorway' to the Internet and locked down 
to a whitelist and as users became more aware and savvy, they'd pass a 
test that would allow them to have a broader whitelist and so on ... 
until they had free access cos they had sufficient nous to cope with 
that level of freedom. I still think that 'protected' environments are 
worth implementing, but appreciate the complexity of doing so.

cheers
brenda

-- 
Brenda Aynsley, FACS, PCP
Director Oz Business Partners http://www.ozbusinesspartners.com/
Mobile:+61(0) 412 662 988 || Skype: callto://baynsley
Phone:08 8357 8844  Fax:08 8272 7486 Nodephone:08 7127 0107

Chairman Pearcey Foundation, SA Committee www.pearcey.org.au
Immediate Past Chairman ACS SA Branch www.acs.org.au/sa

*Produced by Ubuntu and Mozilla Thunderbird*