RE: [fw-wiz] Broken Analogies (was: Transitive Trust)

From: Brian Loe (knobdy_at_stjoelive.com)
Date: 06/21/05

  • Next message: Paul Melson: "RE: [fw-wiz] Transitive Trust: 40 million credit cards hack'd"
    To: "'Ben Nagy'" <ben@iagu.net>, "'Eugene Kuznetsov'" <eugene@datapower.com>
    Date: Tue, 21 Jun 2005 11:51:22 -0500
    
    

    I have to question how much time some of you are spending with the end user.
    In the last three years I have yet to meet one (an end user) at any level
    (to include phone reps, managers, and two CEOs) that complained about
    aggressive protection. This might be because the companies I have worked for
    went from 0 protection to 80% in a matter of months, and they remembered why
    we were implementing it in the first place. Just the same, given options I
    tend to believe that humans will accept protection with minor (and they
    really are pretty minor) inconveniences.

    One only needs to look at national politics to see this is true, virtually
    everyone has given up a great deal of personal liberty in return for a false
    sense of security. Our sell is real security, ought to be easier.

    > People's mentality will never change while this is the case,
    > because all of the cures are worse than the diseases. Take
    > any aggressive quarantine style system and apply it
    > enterprise-wide and people will start to bitch. They will
    > bitch even worse when there is a false positive because the
    > perceived usability cost is too high for them. When we start
    > getting more malware that trashes the host then I think all
    > of these discussions might become more useful.
    >
    > I'm going to leave aside things like acquired immunity,
    > re-infection, and avoidance (people don't tend to kiss those
    > suffering from cold sores).
    >
    > Current worms may _spread_ like diseases, but that's pretty
    > much where the useful similarities end, in my opinion.
    >
    > Oh, and targeted incidents are not like diseases at all -
    > they probably are, actually, more like bears. Or maybe
    > weasels. I actually think you might be better looking at it
    > from an economic modelling approach with supply and demand of
    > exploits and risk / reward of targets. There's probably some
    > game theory in there too.
    >
    > Anyway, enough ramble.
    >
    > ben

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Paul Melson: "RE: [fw-wiz] Transitive Trust: 40 million credit cards hack'd"

    Relevant Pages

    • Re: Ferguson
      ... Not some closed door decision making. ... It's there for your protection. ... And I ain't a bitch, ...
      (rec.gambling.poker)
    • Re: Did I Get Hacked? I saw Guest printing to an IP address.
      ... You are one dumb little bitch. ... I run Windows XP Professional. ... What I really suspect is that you're running ME or one of the Win 9'x ... The protection of the machine is a process and is not a given! ...
      (comp.security.firewalls)
    • Re: New Firewall Group
      ... You had better run to new newsgroup you *clown* bitch! ... Duane ... The protection of the machine is a process and is not a given! ...
      (comp.security.firewalls)
    • Re: New Firewall Group
      ... You had better run to new newsgroup you *clown* bitch! ... Duane ... The protection of the machine is a process and is not a given! ...
      (alt.computer.security)
    • Re: New Firewall Group
      ... You had better run to new newsgroup you *clown* bitch! ... Duane ... The protection of the machine is a process and is not a given! ...
      (microsoft.public.security)