Re: Controls are ineffective without user cooperation

[Krzysztof Adamski <k () adamski org>]

On Sat, 17 Jul 2004, Stephen J. Wilcox wrote:

> On Fri, 16 Jul 2004, Christopher L. Morrow wrote:
>
> > > According to an AT&T sponsored survey, 78% of executives admitted to opening
> > > attachments from unknown senders in the last year, 29% used their own name
> > > or birthday as a "secure" password, 17% accessed the company network in a
> > > public place and didn't log out, 9% informally shared a network password
> > > with someone outside of the company.
> >
> > surprised? if you don't teach the baby the consequences then they continue to
> > behave badly. I suppose it IS a little bit tough to tell the executive: "Bad
> > Exec!! NO COOKIE!!!" or the equivalent in execu-speak :(
>
> I was looking at a friends PC, her mother uses it and she's a bit of a
> technophobe... I was upset that it hadnt had any of the windows updates
> installed since last time I looked at the PC a year ago even tho windows was
> popping up all the time pleading to be updated!
>
> I attempted to explain the whys and what fors and was surprised at her
> reaction.. she still didnt want to run the updates even tho she now understood
> what they do. 2 reasons:
>
> 1) she's overwhelmed by the amount of things that pop up at you, ask you to
> click on them, tell you theyre an email from microsoft etc etc
>
> 2) she "only uses the pc for web browsing, if it gets infected theres no harm
> that can be done"
>
> So how do you argue with that?

There is a very simple way of demonstrating the problem of viruses on her
PC to her. Install a modem in the PC and connect it to the phone line. It
won't be long till she gets one of the the viruses that dial a long
distance location. Her next phone bill will demonstrate to her why having
a clean PC is important.

This has worked for my in-law. He was the one who plugged the modem back
into the phone line after I unplugged it and told him no to have it
plugged in.

K