Re: [fw-wiz] The home user problem returns

From: Mason Schmitt (mason_at_schmitt.ca)
Date: 09/13/05

  • Next message: Paul Melson: "RE: [fw-wiz] The home user problem returns" 
    To: "Paul D. Robertson" <paul@compuwar.net>
Date: Tue, 13 Sep 2005 11:36:29 -0700

    > Educating users to fix the problem doesn't work. Educating users there
    > *is* a problem seems to work, just not en-mass.
    >

    Exactly right.

    > Part of the prolem is that end-users are *used* to malware. When the
    > computer gets too slow, they call "that person who understands this" to
    > come clean off the computer and it's ok for another 2 months. Partially,
    > Microsoft is to blame for taking the reliability out of computer
    > software- the levee isn't designed for a big storm, and partially malware
    > that doesn't kill its host has made these all tropical storms. (Hey,
    > someone had to do the Digital Katrina thing, I've saved everyone else
    > the trouble.)
    >

    The fact that users are accepting malware is indeed frustrating. From
    the user education perspective, there are two approaches.
    1 - Just keep drilling the mantra home (firewall, anti-virus,
    anti-spyware, windows updates). Rinse and repeat. It has been shown
    that constant repetition of a few basic concepts like this does work.
    The effectiveness of this approach is amplified when there is personal
    interaction between the person reiterating and the person listening.
    This is why we need to get more people chanting the mantra.

    2 - Just as you said above, let people know there is a problem. Some
    will hear that and it will get them thinking - these are the people that
    can make changes before it causes them pain. Others won't listen.
    These are the people that are going to spend the $50+ every couple of
    months to get their PC cleaned out and after a while will start getting
    upset about it. Once they have endured enough upset, they will do
    something about it. I have seen this play itself out over and over
    again in the 4 years I have worked at this ISP. What's really
    sad/entertaining is that some people need to go through the pain process
    for each new threat that emerges.

    > Anna K. and phishing work(ed) because of the social aspects of their
    > delivery- we're still trying to fight a technical battle against a social
    > problem. We have to take this to the social trenches at some point, or
    > we'll be overrrun.

    Sometimes people problems need to be solved entirely in (meat space /
    carbon layer / layer8). Other times people problems can be solved
    entirely in layer7 and below. However, more often than not, a solution
    that combines both approaches will be the most effective. I believe
    that's why we typically say that policy should be put in place and then
    reinforced using technology. Where we run into problems is when
    either/both side(s) of the coin is/are horribly unbalanced. Such is the
    current state of the onion. The software sucks and people's
    understanding of the Internet sucks.

    That was a whole lot of blather about very little...

    Try looking at the problem this way.
    I know that some of you have been harping on these issues for a long
    long time, some even longer than that. The problem is that while it
    seems like a long long time to you, for the general public they are just
    now starting to glimpse the issues.

    I read somewhere that the general public's understanding of science lags
    50 years behind those doing the research. I'm fairly certain that's
    true - possibly even today despite some of the research being available
    online.

    So, what we have is a combination of hysteresis in public understanding
    and an absence, until fairly recently, of a pain stimulus (money).
    Getting people to understand is just going to take time - perhaps a fair
    bit of time. But the process of understanding will be accelerated due
    to the introduction of a pain stimulus in the form of monetary loss.
    Now that we are seeing large scale information theft in the media
    (CardSystems), laws concerning disclosure and organized crime getting
    involved in online fraud; people/governments/vendors are going to take
    notice. They just needed to feel it before they would react.

    > Tell him if rants like that didn't work in the past, there's no way
    > they'll work now... No, don't tell him- because all we can do is all we
    > can do. Even if it's not enough, it's still a good fight.

    Yes it is, but you need the patience of mother to be able to keep it up.
     You'll have to keep doing it until the Internet community grows up.
    Even then, it will still need to happen, but the message then will be
    more sophisticated. Fortunately, you'll get more and more help along
    the way as people start to wake up. These are just growing pains. Wait
    until the the Internet reaches adolescence.... 

    --
Mason
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
  • Next message: Paul Melson: "RE: [fw-wiz] The home user problem returns"