RE: Who's to blame for malicious code?

[Tobias Weisserth <tobias () weisserth de>]

Hi Paul,

a few last words since this is going into "repetitive mode" now ;-)

Am Do, den 22.01.2004 schrieb Schmehl, Paul L um 00:44:
...
> It's an impossible goal.

I know :-)

Of course it's impossible. It's as impossible as trying to change end
users.

Yet we have to try because it is still _easier_ than to change end
users. We can't control end users. As long as "Basic Internet Security"
isn't being teached in Kindergarten then there will always be new
uneducated users who will make the same stupid mistakes time and again.

The products we design are in our hand. We can adapt them, we can change
them according to users behaviour.

The ultimate ideal of the perfect "fool-prove" product design may never
be reached but we can't load off responsibility in front of users doors
("You haven't patched!!!") when a simple measure on our side would have
eased the situation (like turning off risky features by default).

Of course it's not wrong (but pretty useless) to tell people to use
personal firewalls and anti-virus software but not before you have done
everything on your side to improve things.

I will leave you with this since I have basically stated my position and
the private replies I got from some people here on the list reassure me
that this discussion has not been in vain.

kind regards,
Tobias W.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html