[LINK] Perspective on security! [was: Security efforts hindered by untrained users]

rchirgwin at ozemail.com.au rchirgwin at ozemail.com.au
Thu Jan 31 18:29:19 AEDT 2008 

Brenda & Link...

Brenda Aynsley wrote:
> Stephen Wilson wrote:
>
>> I'm surprised by the naked contempt displayed in many of these 
>> comments for regular computing users.  Even the self-evident jokes in 
>> this thread drip with sarcasm reflecting an unhelpful air of 
>> superiority.
>>
>
> Even as a long standing member of this list, I think I agree with you 
> Stephen, the views we express on this list tend to be elitist on many 
> occasions :(
...the problem isn't the existence of an elite, but its attitude. In 
many / most areas of invention, products get simplified to create the 
broadest possible market. But in technological products, complexity is 
first added, then justified, and those who don't enjoy or understand the 
complexities are then ridiculed. And the ridiculing comes from the 
technically elite ...

Looking at the premise that "managers who don't understand computers 
shouldn't be managers": it depends. I don't know Frank Lowy's computer 
expertise, but his specialty is making money out of property, and you'd 
be hard put to argue incompetence in his speciality. So a universal 
statement is subject to erosion by exception.

Even if we regard some "core skills" with computers as being 
unavoidable, no two experts will agree on the necessary core skills (as 
they relate to the ordinary user), and the list keeps getting extended 
by new complexities in the next round of releases.

Take the statement "everybody needs to understand computer security". 
This is answerable at least in part by the number of experts who can't 
keep up. So how much security knowledge is enough for the ordinary user? 
Simplistic elitism doesn't help answer that question: I know enough to 
set *simple* security rules, but then find myself having to re-state the 
rules every time the damn firewall vendor sends an upgrade. I can easily 
understand how this could be excessively burdensome to someone who 
doesn't understand IP addressing, and doesn't understand that Windows 
Explorer has no reason to talk to the Internet (let alone the excessive 
number of processes that need to be managed and that's just on one box).

I'll toss in an inflammatory statement of my own: saying "user education 
is the answer to security" is a cop-out that lets software writers, from 
the operating system upwards, shirk their responsibility by making fun 
of people who aren't "in the club".

Richard
>
> In the early years of the Internet (c1993) I used to advocate that the 
> browser ought to be the 'only doorway' to the Internet and locked down 
> to a whitelist and as users became more aware and savvy, they'd pass a 
> test that would allow them to have a broader whitelist and so on ... 
> until they had free access cos they had sufficient nous to cope with 
> that level of freedom. I still think that 'protected' environments are 
> worth implementing, but appreciate the complexity of doing so.
>
> cheers
> brenda
>
>

More information about the Link mailing list