Secure Coding mailing list archives
Re: Protecting users from their own actions
From: "Kenneth R. van Wyk" <Ken () KRvW com>
Date: Wed, 07 Jul 2004 14:28:48 +0100
Wall, Kevin wrote: Isn't this something that users probably shouldn't be given a choice on? Normally I would think that corporate security policy dictate keeping the AV software / signatures up-to-date as well as dictating the (personal) firewall configurations. Some centrally administered software should do these things... I agree that central administration works best in today's corporate environments, but I was referring also to the more general desktop environments as well, right down to the home and SOHO users that have to install and/or update their own. Aside from that issue, though, the primary point that I wanted to get across is that there are substantial limitations to what we can accomplish through user education. I believe that our software -- from enterprise app servers through desktop emailers and browsers -- needs to do better at protecting users, even when they make decisions that we would think to be unwise. Cheers, Ken van Wyk
Current thread:
- Protecting users from their own actions Kenneth R. van Wyk (Jul 06)
- <Possible follow-ups>
- RE: Protecting users from their own actions Wall, Kevin (Jul 06)
- Re: Protecting users from their own actions Kenneth R. van Wyk (Jul 07)