Secure Coding mailing list archives
Re: Administrivia & Request: Aloha, the moderator is back
From: Fernando Schapachnik <fernando () mecon gov ar>
Date: Mon, 29 Mar 2004 18:56:30 +0100
En un mensaje anterior, jnf escribió:
in email and things of that nature), is simply that users are not educated, and no one really attempts to make them educated- no program or security will ever stop the end user who truly believes that porn.exe is actually a picture of some naked girl. Problems will continue as long as
Well, some great players in computer industry are going that way. The idea is to make things so simple that the user needs to know less and less, going to an ideal state where you express your desires as clumpsy as you wish and the computer 'decodes' the right thing to do. Ie, there is no intention to educate the user. This approach doesn't seem so wrong at first sight (think of cars -- you can make a long trip knowing very little of how they work). The problem is, software has bugs, and then computers behave in unexpected ways (eg, they have virii). And then you are lost, because something you know nothing about just broke. If it were your car, you would take it to a car repair, where competent and trained people will take care of the problem. Pretty much the same happens with corporate servers: admins (hopefully trained and competent) take care of maintenance and repair. But with personal computers there is this conflicting belief, stating in one hand that the computer should need no maintenance, so there's no need for understanding its inner works, and on the hand, if something happens, the same unknowledgable user should take action. Note that the pairs (problem, user action) range from (personal firewall popup window, choose allow/deny) to (RPC buffer overflow found, install patches/deploy firewall/turn off service). My personal view of the problem is that there are two very important obstacles for computer security: one is the previously stated one about user education, the other is about (the industry/goverment/the professionals) understading that software quality is a requirement for security. Regards. Fernando.
Current thread:
- Administrivia & Request: Aloha, the moderator is back Kenneth R. van Wyk (Mar 27)
- Re: Administrivia & Request: Aloha, the moderator is back Crispin Cowan (Mar 29)
- Re: Administrivia & Request: Aloha, the moderator is back jnf (Mar 29)
- Re: Administrivia & Request: Aloha, the moderator is back Fernando Schapachnik (Mar 29)
- Looking for Experts Julie Ryan (Mar 29)
- <Possible follow-ups>
- RE: Administrivia & Request: Aloha, the moderator is back Gary McGraw (Mar 29)
- Re: Administrivia & Request: Aloha, the moderator is back M Taylor (Mar 30)
- RE: Administrivia & Request: Aloha, the moderator is back Tim Bolton (Mar 30)