RE: The home user problem returns

[StefanDorn () bankcib com]

Let me get this straight,

You 'secured' your wife's PC by removing a few pieces of software, put 
Mozilla on it, slapped on some freeware spyware detection and just let 'er 
rip?

Rule #1: Don't let a system access the internet unless you've secured the 
access, and know exactly what's allowed inbound and outbound through your 
network.

Rule #2: Don't let people who don't know what they are doing run with 
administrative permissions, or full access to your network services.

Rule #3: If you run Windows, get an antivirus and configure it to scan 
everything that comes in and out of the system, be it a read/write 
operation or network traffic. It's not the ideal solution, but until 
Microsoft makes their OS a little smarter, you need it.

I think user education is important. However, there needs to be a control 
for those people who simply refuse to learn it. Using Marcus' car buying 
analogy, you could take it a step further by looking at people getting 
licensed to drive. Driving without a license can land you a fine or in 
jail for a night, or if you were to get in an accident, you can encounter 
some serious legal repercussions.

People who refuse to learn the rules of the road don't get licenses, and 
if someone who is licensed breaks the rules too many times, their license 
and record can be marked and/or revoked.

ISPs could adopt this model by either classifying users based on testing 
them on their knowledge (take a few web based tests about web security or 
something, and the ISP will open up more ports/access for you?), or 
perhaps by basing it on limiting or locking out repeat offenders.

Stefan Dorn

firewall-wizards-admin () honor icsalabs com wrote on 09-13-2005 07:39:53 PM:

> hermit921 <hermit921 () yahoo com> wrote:
> >
> [snip]
> > On the good side, I have a friend who is almost totally computer 
> > illiterate, but has never had a virus or spyware or any other malware.
> > Rule #1: never double click any attachment.  If you have to open it, 
choose 
> > a program that should open that type of file and do a File -> Open.
> > Blindly following these rules has kept her safe for over 10 years.  So 
I 
> > know people can learn, at least by rote, regardless of understanding.
> > Rule #2: never use Microsoft software.  This probably helps an immense 

> > amount, too.
> [snip]
>
> Your friend could be my wife.  WinXP (home edition) for some three
> years or so.  (She *insisted* on having a 'doze PeeCee.) OE was
> *immediately* removed from the desktop and replaced with Pegasus.  IE
> was *immediately* de-fanged (turned off all the ActiveTrojan stuff),
> then used to fetch Mozilla.  Wife was told "Use this.  Use the other
> only if this doesn't work.") Computer's behind a "firewall router"
> (configured by your's truly, naturally).  Same aggressive mail server
> filtering rules as at work.  I only a week or two ago finally broke
> down and put AV software on it, because one of her correspondents
> insisted my wife was sending her infected JPEGs.  (She wasn't.)  She
> has had SpyBot S&D for some time, and uses it religiously.
>
> It can be done.  I've seen it with my own eyes.
>
> Jim
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () honor icsalabs com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards