Firewall Wizards mailing list archives
Re: The home user problem returns
From: Mason Schmitt <mason () schmitt ca>
Date: Tue, 13 Sep 2005 14:13:55 -0700
Educating users to fix the problem doesn't work. Educating users there *is* a problem seems to work, just not en-mass.Nope. Because we're dealing with shared environments - so even if you managed to somehow raise the clue level in 50% of the population it winds up having almost no effect because the clueless infect the clueful second-hand.
I think that was Paul's point. Home users can't be educated to the point that the problem becomes "fixed". I don't think they need to be or should be, so if that's where the effort is being expended, then I agree - it's a waste of breath. I do think that over time education efforts will result in an increase in clue in the vast majority of people. If this weren't the case, then there would be no point to having a public education system... Not everyone is going to get straight 'A's, some people will fail, others who are living a hand to mouth existence, or who's country is too backward or too poor will or for whatever reason doesn't have education available to the masses will not learn - which leads nicely to your comment below concerning AIDS.
It's really a problem in epidemiology. Imagine if 50% of your population refused to worry about AIDS yet was capable of having sex with 1,000,000 different partners a day* - The numbers are all tipped the wrong direction, for education to work. Spammers have pretty much proved that.
Well, no, the spammers haven't proven that. What the spammers have shown us is that even if they only sucker a minute percentage of the people that actually receive their crap, that it's financially worthwhile. The reason being that the economics of spam allow the spammers to plunder a public resource (the net) with relative impunity. Ecological economists such as Herman Daly, have shown that when you don't factor in the cost of continual withdrawal from a natural resource, that your books aren't really balancing. This is again an issue that is only going to be rectified by increasing the spammers costs which many people are working on. I also don't think the user education problem is an epidemiological one either. To suggest that ignorance to a growing and changing computer security environment is somehow like a rapidly spreading pathogen is a little bit of a stretch. If ignorance were infectious, you'd probably be dead or an idiot right now. I remember you ripping apart Dan Geer's mono culture idea that was such a big deal a little while back. Not trying to pick a fight here, I just don't get the argument.
my magic 8-ball says "Outlook Not Good" and it's not talking about the mail software from Microsoft. (But it'd be right if it was...)
:)
Trying to point out that it's a social problem brings up this immediate surge of knee-jerk "HACKING IS COOL!" reaction. After my "Dumb ideas" article got slashdotted yesterday, I have an in-box filled with about 250 "u r such a d0rk w3rd" emails - all reacting to my observation that we need to decouple hacking ideology from internet security if we want to make progress. It's not happening and I, for one, am tired of this fight.
It's ok to take a break and regroup. It's also ok to retire. You have made progress. I know that I for one have copies of "Low Carb Security" and your recent "6 dumbest ideas..." hanging on my wall. I keep them there (and re-read them every so often) because they are successful attempts at distilling the millions of little problems into a few simple concepts that I can hold onto. I have learned a ton from this list and I'm now passing on the little bit that I have learned (and will continue to learn) to my co-workers, friends and our customers.
I came up with a really cool mental hack the other day on this topic, but I haven't figured out how best to approach it. But, basically, it's the observation that people _HATE_ spammers and _HATE_ spam. Yet, people seem to _LOVE_ hackers and think hacking is _COOL_. How did this happen??
Hollywood, fiction, dumbass teenagers trying to carve out some sort of identity for themselves, money... What makes clothing fashions, music, etc popular? This is all just part of our society's poorly functioning machinery. The fact that you get a deluge of email as a result sucks, but don't take it personally.
Yet, nobody (except me and a few of my weird buddies) seem to think it's a problem that "security researchers" are overlapping pretty seriously with rootkit/malware/trojan writers.
You know, if you hadn't pointed this out some time ago, I wouldn't have given my nagging doubts too much thought, because I figured that these people are professionals, they know what they are doing. Silly me. Again however, I'm going to move a bit closer to the fence on this one, because despite the undercurrent of money and fame in the security industry right now, pressure is being applied that is going to force us to find ways of creating better software.
(*Did you wince when you read that? I did!)
Yes.. :P -- Mason _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: The home user problem returns, (continued)
- RE: The home user problem returns Eugene Kuznetsov (Sep 13)
- RE: The home user problem returns Marcus J. Ranum (Sep 13)
- RE: The home user problem returns Paul Melson (Sep 13)
- Re: The home user problem returns Mason Schmitt (Sep 13)
- RE: The home user problem returns Paul Melson (Sep 13)
- Re: The home user problem returns R. DuFresne (Sep 13)
- Re: The home user problem returns Mason Schmitt (Sep 13)
- RE: The home user problem returns Paul Melson (Sep 13)
- Re: The home user problem returns Paul D. Robertson (Sep 13)
- Re: The home user problem returns Marcus J. Ranum (Sep 13)
- Re: The home user problem returns Mason Schmitt (Sep 13)
- Re: The home user problem returns Marcus J. Ranum (Sep 13)
- RE: The home user problem returns Tina Bird (Sep 13)
- RE: The home user problem returns Marcus J. Ranum (Sep 13)
- Re: The home user problem returns Mason Schmitt (Sep 14)
- Re: The home user problem returns R. DuFresne (Sep 13)
- Message not available
- Message not available
- Re: The home user problem returns mason (Sep 14)
- RE: The home user problem returns Paul Melson (Sep 22)
- Re: The home user problem returns Mason Schmitt (Sep 13)
- RE: The home user problem returns Paul Melson (Sep 13)
- Re: The home user problem returns Mason Schmitt (Sep 13)