Full Disclosure mailing list archives
Is user education a lost cause?
From: "Schmehl, Paul L" <pauls () utdallas edu>
Date: Tue, 20 Jan 2004 16:15:56 -0600
-----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Tobias Weisserth Sent: Tuesday, January 20, 2004 2:54 PM To: Mary Landesman Cc: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Anti-MS drivel We all agree that the people behind these attacks are the bad guys. But we can't change them, we can't eradicate them. We have to live with them.
To a certain degree I agree with you, however my viewpoint isn't quite as bleak. I believe there are *some* things we can do to at least reduce the number engaged in this type of activity.
The one thing we can change though is accepting or not accepting the way vendors ship software.
What about changing users? You don't allow for any of that at all? I think it's not only possible but will happen over time. Just as people learned the rules of the road for driving (and some seem to never learn), I believe many will learn the rules of the road for the Internet. It just takes time, just as driving rules took time. (In fact, we're still learning, aren't we?) I think one of the "security community's" basic responsibilities is to educate users and to never give up on educating users. After all, one of the most important parts of our job is writing policy, is it not? If that's true, and yet we don't believe users can be educated, then why is policy writing so important? Obviously it's because we believe that policy can change *most* users. Yes, there will always be some small percentage that are either stupid or combative, but the vast majority just need to understand the risks in order to know how to behave in a secure manner. Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Is user education a lost cause? Schmehl, Paul L (Jan 20)
- Re: Is user education a lost cause? Ron DuFresne (Jan 20)
- Re: Yes, user education is a lost cause ;-) Tobias Weisserth (Jan 21)
- <Possible follow-ups>
- RE: Is user education a lost cause? WolfgangK (Jan 20)