RE: Security and the Under 30 User

["Dixon, Wayne" <wcdixo () aurora lib il us>]

Just my thoughts...

Being one of the 'Under 30' Crowd I have determined that this segment of
'my generation' comes down to lack of respect for authority and the
whole "ME ME ME" complex.  Many 'kids' my age do not have an any
interest in anything other than social networking sites, and wasting
time. Time management skills are nowhere to be found within this segment
of the population.  Now, don't think that I believe that ALL of the
'under 30' crowd is irresponsible and do not have any respect, I do know
a fair number of people who do respect authority, and do know the
consequences of their actions.

The biggest issue I see is the lack of education amongst the 'under 30'
group.  Many believe as though 'it'll never happen to me'.  Therefore
they don't care what happens to them, their computer or their property.
In Regards to the anti-virus or anti-spyware sentiments I myself do not
run anti-virus on my home computer, but then again I don't use limewire,
click on spam links in email and I know where everything I download is
coming from.  Most of the 'under 30' group tend to click on everything
that pops up on their computer screen.  Therefore when they get the 'A
Virus has been detected click to download 'Trojan.exe' to  clean it up.'
appears, they'll click and download it, because they do not have any
idea how to be security conscience.  

The ability to disable AV should be removed within these companies, this
is just good security practice.  The blame for the AV slowing down the
computers comes down the vendors. They tend to pile more and more
'features' instead of attempting to educate their users with proper
security practices.  I find that products like Norton 360 are a complete
waste and cause more hassles than they are worth.  Don't try running any
modern 'updated' version of an AV on an older computer, it spells
trouble.  For instance, we were running some 1.8GHz PCs with 256MB of
RAM, and we couldn't use Trend Micro on these because as soon as you
load up Trend it shoots the memory usage up to 350MB, and this was just
anti-virus, not including the firewall.  So I can understand this
sentiment of AV slowing down systems.

The claim of key logging is something to worry about, but usually you
almost never download a key logger without some other form of malware
already infecting your computer.

On the subject of banks, I would refuse to pay $5 to $25 per transaction
to combat fraud, that's too high.  Why don't banks just implement
multi-factor authentication. As in username (1), password (2), security
question (3) and a security dongle (4).  I realize that from a technical
standpoint it is not simple nor is it inexpensive, but if it will combat
fraud shouldn't it be implemented?

As for the web content filtering, those who quit will only find that
most employers do this (if they allow any internet access) and
eventually they will have to either just deal with it or go to flipping
burgers.  Although part of me also thinks that the way that the 'under
30' crowd consumes media is an 'instant gratification' result and they
may feel as though they are being singled out in that area.  Many of the
'under 30' crowd tend to use RSS feeds to aggregate content instead of
going to individual websites like CNN, MSNBC, or ABC.  So blocking of
certain types of content can be construed to be singling out a certain
segment of the population. I myself prefer to have constant
communication with people, and luckily I work in an environment where my
boss does not argue with what I do and my employer and our board do not
believe in filtering.  (My boss knows the work will get done).


Some of my own general thoughts.

First being that this attitude stems from the lack of education, and
funding for said education.  Mainly, in the realm of Internet and
computer security for the home user.  Many users do not want to become
security experts when dealing with their own home computers and they are
increasingly becoming reliant on those of us who do know what is going
and do keep up with the changes in technologies.  So we become the first
line of defense when something does happen.  Great example is I went to
my parents house for Super Bowl Sunday, and I spent half my time
cleaning up computers and fixing their issues.

Secondly many of the 'under 30' crowd do not care if their computer
becomes infected with spyware/malware because it's not their own
computer.  They didn't purchase it with their own money, their parents
did, therefore they do not feel compelled to take responsibility with
it.  They do not value items, it's all considered throw-away to them.

Thirdly, while Email and phone calls are the 'norm' for the 'over 30'
crowd, Text message, sending messages on either myspace, facebook, and
more recently, twitter and like platforms, are the norm for the 'under
30' crowd.  I myself do not talk on my cell phone that often.  I text
message more than I talk, I don't use myspace since it's a cesspool, and
I'm constantly seeing what is going on with facebook and twitter.

Finally, as a rant, I've heard many 'security experts' claim that
libraries are a haven for 'hackers' and key loggers.  While this may be
true in some libraries, it is not the case is most libraries.  Libraries
are severely aware of security and do take steps to combat keystroke
loggers, running of 'unapproved programs' and are very security
conscience.  

The views that I have given are a generalization, not every 'under 30'
person does all of this, I know many who do not.  Feel free to contact
me if you have a counterpoint or would like to challenge something I've
stated.


Wayne Dixon 
Assistant Network Manager
Aurora Public Library
1 E. Benton Street
Aurora, IL 60505
Phone: 630-264-4257
Fax: 630-896-3209
Email: wcdixo () aurora lib il us
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of net sec consule
Sent: Thursday, February 07, 2008 11:26 AM
To: security-basics () securityfocus com
Subject: Security and the Under 30 User



Hi,

First, the disclaimer: I am over 40, have never been
'cool' and I have always been considered 'the tall,
lanky, four-eyed geek.'  But I don't get the under-30
crowd's attitude towards IT security. Can someone
please give me a clue? I am at a loss how to respond
to the attitude I hear, and it impacts my client's
security and my credibility.

I have been doing network security consulting for over
15 years. I also do several public service IT security presentations to
community and professional groups each month. In either environment, I
consistently get a hostile reception from those under 30. The attitude I
get is "IT security is a bunch of moronic bull (expletive deleted)
dreamed up by paranoid moronic geezers to justify their existence." 

I my consulting practice, I often find where under 30
users either don't have anti-virus or anti-spyware
installed. Or, if their company has installed it, they
have disabled it. They label the AV concept 'stupid'
and believe that malware is just a fact of life and
you should 'get over it', and that it really isn't as
bad as 'people like me' claim it is. I also find that
the majority of the younger crowd has either disabled
the anti-virus that came with their personal computer
or did not renew the subscription when it expired.

You mention key stoke loggers and other spyware, the
attitude I get is "If you don't have anything to hide,
then you have nothing to worry about."  Or, "Why
should I worry about privacy? Every aspect of my life
is already out there for anyone to read in my blog on
MySpace."

If you bring up all the malware slowing down their
computer, you get arguments that AV software slows it
down worse. I also get the attitude that "Everything I
need to keep is on my flash drive, so what whenever my performance
starts to (expletive deleted), I just blow away the hard drive and
reinstall."

Mention Joe Lopez and his loss of bank funds, and the
attitude is that his case is an anomaly; "Why haven't
other cases made the news? He must have done something
to p-o BoA." And it never fails that someone claims to
have a friend that had money stolen from their bank
account or credit card, and the bank put the money
back. I bring up that we are all paying for such
losses by lower interest rates on savings and higher
credit card and bank free rates, they could care less.


(A couple of side note to banks: 
   1) I have had many people claim that they would be
willing to pay $5 to $25 per transaction just to be
able to continue to use online banking if that was
what was required to offset the fraud costs. When
probing deeper, the per transaction cost appears to be
about one-half hour's pay. Just for the convenience of
not having to write a check or use snail mail.
   2) I have heard several of the younger crowd claim
that it is common practice that when you get mad at
your bank, just post your credit card information
on-line so that the bank gets a bunch of fraudulent
charges against the card and cancels it. They see it
as a way to punish the bank for upping their interest
rate or imposing late fees.)

In the corporate world, the attitude is even worse. I
have a client that recently implemented web content
filtering that blocks the social networking sites,
blogs, chat rooms, and other non-business content.
That resulted in the mass resignation of under 30
staff, because "I can't work here if I can't keep in
contact with my friends while I work." Some are even
screaming "age discrimination" because sites like
FoxNews or CNN 'that the old geezers use' were not
blocked.

Can someone please explain this attitude? Why the
fierce resistance to anything relating to security?
Why the "I don't care about privacy" attitude? Why do
they have to be in constant communication with their
friends, to the point they would rather be unemployed
than out of contact?

I do not understand and cannot comprehend these
attitudes!

Please enlighten me!

Thanks.


 
________________________________________________________________________
____________
Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.
http://tools.search.yahoo.com/newsearch/category.php?category=shopping