RE: The home user problem returns

["Paul Melson" <pmelson () gmail com>]

-----Original Message-----
Subject: Re: [fw-wiz] The home user problem returns

> "Marcus J. Ranum" <mjr () ranum com> wrote:
> > Pointless. If educating users was going to work, it would have worked 
> > by now. If Anna Kournikova worm and phishing hadn't gotten people to 
> > take this seriously years ago, they aren't going to next year, either.
>
> It may be pointless in home user space, but, IME, it's most definitely
> *not* pointless in the workplace.  I regard end-user education as one of
my best 
> defenses.  And it has worked for me.

This thread has really gotten me thinking about user training, mostly
because it's something on my to-do list for the year and the timing is just
about perfect.  

So I decided that I would be an optimist but also a pragmatist about this in
my professional life and I've been doing a little bit of homework in the
environment I currently work in.  So here are my generalized observations:

The first one is simple, and applies directly to what I quoted above.
Anymore, the distinction between home users and business users is all but
pointless thanks to cheap broadband, cheap laptops, and cheap VPN solutions.
The brutal reality of that observation is that if this sounds like your
environment, then your users' lousy security at home will translate into
problems for your business network, or at least an important risk that you
now have to manage.

The second observation is based on data collected from my current employer's
nifty ticketing system.  After going through all of the spyware, IM, virus,
worm, p2p, crapware tickets (roughly 60 in 2005) that have been fielded, the
vast majority of them have a common thread.  All of the systems affected are
Windows XP, our standard desktop OS (though we've got a few dozen Linux and
Mac desktops as well).  No shock there, this dead horse has been beaten
repeatedly in this thread alone.  But the thing that turned a little light
bulb on in my head was the fact that the vast majority of these users
actually came from a minority segment of our user base - those people with
local admin privileges.  These people are typically analysts, developers,
and so on - users with better than average technology savvy.  

I suspect that this is actually a two-pronged issue.  The big, pointy prong
being that if users can install software and modify the Registry and system
file space, crapware can stick around.  The second, more subtle prong being
that these people have this access specifically so that they can use
software that is "unsupported" by tech support staff - we've defined these
users as our victim pool for crapware and worms not just at the OS level,
but also at the business level.  And I suspect that most organizations are
in this same boat if they bother to take local admin away from desktop users
at all.


PaulM





_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards