Firewall Wizards mailing list archives
Re: The home user problem returns
From: Mason Schmitt <mason () schmitt ca>
Date: Tue, 13 Sep 2005 11:36:29 -0700
Educating users to fix the problem doesn't work. Educating users there *is* a problem seems to work, just not en-mass.
Exactly right.
Part of the prolem is that end-users are *used* to malware. When the computer gets too slow, they call "that person who understands this" to come clean off the computer and it's ok for another 2 months. Partially, Microsoft is to blame for taking the reliability out of computer software- the levee isn't designed for a big storm, and partially malware that doesn't kill its host has made these all tropical storms. (Hey, someone had to do the Digital Katrina thing, I've saved everyone else the trouble.)
The fact that users are accepting malware is indeed frustrating. From the user education perspective, there are two approaches. 1 - Just keep drilling the mantra home (firewall, anti-virus, anti-spyware, windows updates). Rinse and repeat. It has been shown that constant repetition of a few basic concepts like this does work. The effectiveness of this approach is amplified when there is personal interaction between the person reiterating and the person listening. This is why we need to get more people chanting the mantra. 2 - Just as you said above, let people know there is a problem. Some will hear that and it will get them thinking - these are the people that can make changes before it causes them pain. Others won't listen. These are the people that are going to spend the $50+ every couple of months to get their PC cleaned out and after a while will start getting upset about it. Once they have endured enough upset, they will do something about it. I have seen this play itself out over and over again in the 4 years I have worked at this ISP. What's really sad/entertaining is that some people need to go through the pain process for each new threat that emerges.
Anna K. and phishing work(ed) because of the social aspects of their delivery- we're still trying to fight a technical battle against a social problem. We have to take this to the social trenches at some point, or we'll be overrrun.
Sometimes people problems need to be solved entirely in (meat space / carbon layer / layer8). Other times people problems can be solved entirely in layer7 and below. However, more often than not, a solution that combines both approaches will be the most effective. I believe that's why we typically say that policy should be put in place and then reinforced using technology. Where we run into problems is when either/both side(s) of the coin is/are horribly unbalanced. Such is the current state of the onion. The software sucks and people's understanding of the Internet sucks. That was a whole lot of blather about very little... Try looking at the problem this way. I know that some of you have been harping on these issues for a long long time, some even longer than that. The problem is that while it seems like a long long time to you, for the general public they are just now starting to glimpse the issues. I read somewhere that the general public's understanding of science lags 50 years behind those doing the research. I'm fairly certain that's true - possibly even today despite some of the research being available online. So, what we have is a combination of hysteresis in public understanding and an absence, until fairly recently, of a pain stimulus (money). Getting people to understand is just going to take time - perhaps a fair bit of time. But the process of understanding will be accelerated due to the introduction of a pain stimulus in the form of monetary loss. Now that we are seeing large scale information theft in the media (CardSystems), laws concerning disclosure and organized crime getting involved in online fraud; people/governments/vendors are going to take notice. They just needed to feel it before they would react.
Tell him if rants like that didn't work in the past, there's no way they'll work now... No, don't tell him- because all we can do is all we can do. Even if it's not enough, it's still a good fight.
Yes it is, but you need the patience of mother to be able to keep it up. You'll have to keep doing it until the Internet community grows up. Even then, it will still need to happen, but the message then will be more sophisticated. Fortunately, you'll get more and more help along the way as people start to wake up. These are just growing pains. Wait until the the Internet reaches adolescence.... -- Mason _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: The home user problem returns, (continued)
- Re: The home user problem returns Paul D. Robertson (Sep 13)
- Re: The home user problem returns Marcus J. Ranum (Sep 13)
- Re: The home user problem returns Mason Schmitt (Sep 13)
- Re: The home user problem returns Marcus J. Ranum (Sep 13)
- RE: The home user problem returns Tina Bird (Sep 13)
- RE: The home user problem returns Marcus J. Ranum (Sep 13)
- Re: The home user problem returns Mason Schmitt (Sep 14)
- Re: The home user problem returns R. DuFresne (Sep 13)
- Message not available
- Message not available
- Re: The home user problem returns mason (Sep 14)
- RE: The home user problem returns Paul Melson (Sep 22)
- Re: The home user problem returns Mason Schmitt (Sep 13)
- RE: The home user problem returns Paul Melson (Sep 13)
- Re: The home user problem returns Mason Schmitt (Sep 13)
- Re: The home user problem returns Jim Seymour (Sep 13)
- RE: The home user problem returns Tina Bird (Sep 14)
- RE: The home user problem returns Paul Melson (Sep 22)
- Message not available
- Re: The home user problem returns Mason Schmitt (Sep 12)
- RE: The home user problem returns Paul Melson (Sep 13)
- Re: The home user problem returns Mason Schmitt (Sep 13)
- Re: The home user problem returns Jim Seymour (Sep 13)
- RE: The home user problem returns Bill Royds (Sep 14)