RE: [inbox] Re: [Full-Disclosure] CyberInsecurity: The cost of Mo nopoly

• Previous message: Keith W. McCammon: "Re: [Full-Disclosure] More on Dan Geer"
• Maybe in reply to: Chris Cozad: "RE: [inbox] Re: [Full-Disclosure] CyberInsecurity: The cost of Mo nopoly"
• Next in thread: Ron DuFresne: "RE: [inbox] Re: [Full-Disclosure] CyberInsecurity: The cost of Mo nopoly"
• Reply: Ron DuFresne: "RE: [inbox] Re: [Full-Disclosure] CyberInsecurity: The cost of Mo nopoly"
• Reply: Gary Flynn: "Re: [inbox] Re: [Full-Disclosure] CyberInsecurity: The cost of Mo nopoly"
• Reply: Michael Smith: "RE: [inbox] Re: [Full-Disclosure] CyberInsecurity: The cost of Mo nopoly"
• Reply: Cael Abal: "Re: [Full-Disclosure] CyberInsecurity: The cost of Monopoly"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <full-disclosure@lists.netsys.com>
Date: Tue, 30 Sep 2003 11:30:06 -0500

> -----Original Message-----
> From: Michael Smith [mailto:mike@sane.com]
> Sent: Tuesday, September 30, 2003 9:54 AM
> To: full-disclosure@lists.netsys.com
> Subject: RE: [inbox] Re: [Full-Disclosure] CyberInsecurity:
> The cost of Mo nopoly
>
> I think the point is that most people expect their cars to be
> operational and do NOT do the maintenance themselves... they
> DO outsource it to a mechanic. The average user has A LOT
> less control over their car than their computer. A car is
> basically a single function unit, point A to point B.
> Computers never have been nor ever will be that one
> dimensional. At the most, I think we could hope for users
> who learn to know better than to try to do the 'maintenance'
> on their computers themselves.
>
Oh come on. We don't expect our mechanics to brake and steer for us,
fer cryin' out loud. We're not talking about *maintaining the computer.
We're talking about *operating* it. Things like passwords, awareness of
attachment dangers, the need for routine patching (think oil changes)
and up to date antivirus software (think gas). The car mechanic takes
care of repairs and maintenance, yes, but the driver is the one who has
to bring the car in. That means they have to be *aware* that
maintenance is required. They have to realize that if they don't change
the oil every 3000 miles they will have long term problems.

The same thing is true in computing. Users must realize that
maintenance is required, and it's their responsibility to "bring it in"
for maintenance. They can't just blithely assume that IT is doing it
for them. They need to *know* if it's overdue (think missing patches)
or requires an overhaul (think new OS.)

We don't let people drive cars without some proof that they know how.
We don't even let them neglect the maintenance any more (think emissions
inspections.) Why should we let people use computers with no training,
no awareness of the potential trouble spots, no idea what they're
getting in to? That's insanity. And that's why we have hundreds of
thousands of infections with every new iteration of a worm or virus.
And IT people contribute to the problem by throwing up their hands and
saying that the users don't want to learn or can't be taught. They
*must* be taught. There is no other way to solve the problem.

Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: Keith W. McCammon: "Re: [Full-Disclosure] More on Dan Geer"
• Maybe in reply to: Chris Cozad: "RE: [inbox] Re: [Full-Disclosure] CyberInsecurity: The cost of Mo nopoly"
• Next in thread: Ron DuFresne: "RE: [inbox] Re: [Full-Disclosure] CyberInsecurity: The cost of Mo nopoly"
• Reply: Ron DuFresne: "RE: [inbox] Re: [Full-Disclosure] CyberInsecurity: The cost of Mo nopoly"
• Reply: Gary Flynn: "Re: [inbox] Re: [Full-Disclosure] CyberInsecurity: The cost of Mo nopoly"
• Reply: Michael Smith: "RE: [inbox] Re: [Full-Disclosure] CyberInsecurity: The cost of Mo nopoly"
• Reply: Cael Abal: "Re: [Full-Disclosure] CyberInsecurity: The cost of Monopoly"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Attorney generals trying to shut down usenet? ... ...Jim Thompson ... tree maintenance, swimming pool maintenance, aquarium maintenance, car ... hangs out at home and lives off his wife... ... (sci.electronics.design) Re: Attorney generals trying to shut down usenet? ... secretaries, clerks, small store management, etc. ... tree maintenance, swimming pool maintenance, aquarium maintenance, car ... hangs out at home and lives off his wife... ... (sci.electronics.design) Re: Attorney generals trying to shut down usenet? ... secretaries, clerks, small store management, etc. ... tree maintenance, swimming pool maintenance, aquarium maintenance, car ... hangs out at home and lives off his wife... ... (sci.electronics.design) Re: Refurbished oil ... And why are only Toyota owners lying and creating ... nothing like the fire storm around certain Toyota models. ... the lease either, they skip the "unnecessary" maintenance, they just ... keep tires and brakes on the car for 4 years and turn it back in. ... (alt.autos.toyota) RE: [inbox] Re: [Full-Disclosure] CyberInsecurity: The cost of Mo nopoly ... We don't expect our mechanics to brake and steer for us, ... The car mechanic takes ... >care of repairs and maintenance, yes, but the driver is the one who has ... network is as secure as it's LEAST secure point. ... (Full-Disclosure)