Human Nature vs. Security

Human Nature vs. Security
Daniel Hanson, 2004-03-29

Social engineering in the latest crop of viruses has people jumping through hoops to open malicious attachments. How do we change the pattern?

Colapse all | Post comment

Human Nature vs. Security 2004-03-30
Anonymous

Western society made the move to installing and using locks because not using them had direct, significant consequences. If you didn't lock your doors your stuff got stolen and the insurance wouldn't pay for it. We'll see users start to change their attitudes and approach when and only when behaving...

[ more ] [ reply ]

Human Nature vs. Security 2004-03-30
IT Professional (2 replies)

Most average users ARE morons!! Why do people touch the bench that has a sign that says "wet paint"? Why would someone jaywalk on a busy downtown street? If the "average" user can be fooled into believing that a naked Britney Spears will appear on their screen if they open an attachment, they sho...

[ more ] [ reply ]

Human Nature vs. Security 2004-03-31
Anonymous

When that time does come, maybe time at my job of working in a computer lab will not be taken up explaining to people that they are clicking on the left mouse button when I tell them to right click on something. ...

[ more ] [ reply ]

Human Nature vs. Security 2004-04-05
Anonymous (1 replies)

Hate to bust your bubble, but without the majority of average users ("moron" as you put it), MOST of us would be without work. Yeah, telling people over and over again to do the same thing is annoying, but then again, it gives us something to do during the day while our overhead finds something else...

[ more ] [ reply ]

Human Nature vs. Security 2004-04-07
Anonymous

So you are saying that you don't want the world to be 100% virus/etc free because there are too many security professionals such as yourself that need jobs?

Isn't that like saying "Sure we could cure the common cold for good, but that would put too many doctors, insurance employees, drug manufact...

[ more ] [ reply ]

Nice summary of the problem, but where's the solution? 2004-03-30
Anonymous (2 replies)

You haven't pointed out anything most of us don't know already. I was hoping you'd have something to add.
...

[ more ] [ reply ]

Nice summary of the problem, but where's the solution? 2004-03-30
Anonymous

He did post a solution: Wait, and people will start doing something once they've been hit hard.

Whether this is a good solution is moot, and if the author truly believes this is the solution, he's either in the wrong field of work or does it only for the money....

[ more ] [ reply ]

Nice summary of the problem, but where's the solution? 2004-04-06
Anonymous

The "solution" is to be patient and wait for a virus/worm to be released which wipes the users drive clean. When all you can do for your users is to re-install their OS, and they have lost all of their data, it might begin to sink in.

This sounds about right to me. Users are known to run email ...

[ more ] [ reply ]

Human Nature vs. Security 2004-03-30
Mene Tekel (1 replies)

The way western civilization coped with having to install a lock on the door was to put the key under the door mat or flower pot, and leaving the back door open for people who needed access without going through the extra hassle of unlocking.

In small transparent societies with a uniform culture ...

[ more ] [ reply ]

Human Nature vs. Security 2004-04-06
Anonymous (1 replies)

While you're at it, can we license other things too? I mean, if people need a license to use the Net ( the size and scope of government power required is making my head spin ), can we please also license them to have children?...

[ more ] [ reply ]

Human Nature vs. Security 2004-04-07
Anonymous

actually, if you start with licensing people to have children, the need to license people for net access will go away in a few decades... if the license requirements were stict enough....

[ more ] [ reply ]

Human Nature vs. Security 2004-03-30
Simonis

One small error in the article:

>>
How does a user differentiate between my_vacation.jpg and my_vacation.jpg.exe if they can't see the file extension? What rule can be given?
<<

If extensions are hidden, the user would be presented with "my_vacation" and "my_vacation.jpg". Clearly, if I sa...

[ more ] [ reply ]

Human Nature vs. Security 2004-03-30
Anonymous

"Once the realization hits that there are personal consequences for certain behaviors, people will begin to consider what might happen if they open this weirdly named file. I fear what will happen to make users realize the threat"

I would bet that most people know that there are consequences for ...

[ more ] [ reply ]

Human ignorance vs. security 2004-03-30
F. Obfusco

The reason that people lock their doors and their cars is that they have a good idea of what happens if they don't. People understand what burglary is: it's someone going into your house and taking your stuff. They understand what auto theft is: it's someone going into your car and driving off with ...

[ more ] [ reply ]

Human Nature vs. Security 2004-03-30
Yvan Boily (1 replies)

The obvious answer is that people require a negative selection pressure to force them to adapt to the new reality of the internet.

History has shown time and again that the most effective way to force both individuals and companies to adhere to new policies and rules (and thereby implement the se...

[ more ] [ reply ]

Human Nature vs. Security 2004-04-02
Anonymous

Car insurance has made manufactures less concerned with automobile safety over the years.

Would't 'security insurance' also be perceived as a blanket for giant software companies to pass on some liability to the insurance industry? Even if it isn't a written thing, it would be established that i...

[ more ] [ reply ]

Human Nature vs. Security 2004-03-31
jaywalker (3 replies)

Hi i'm one of those average-user jaywalkers and all i'd like to say is, i would have loved to let myself be educated if i had ever been offered to. As long as there is not a proper education offered people cannot voluntarily take it. If such an education is so valuable to corporations (someone here ...

[ more ] [ reply ]

Human Nature vs. Security 2004-04-01
Brainclots (1 replies)

As someone who would LOVE to teach those classes, I echo the sentiment of those above that classes must be offered. The problem is, who will pay me for performing this all-important, end user education? Not that I need $1M, but I can't do it for free. What if ISP's were somehow compelled to offer...

[ more ] [ reply ]

Human Nature vs. Security 2004-04-04
Mene Tekel

Having the ISP pay for educating the users in how to use Internet is like having road owners (counties and states) pay for driver's education, and shooting range owners pay for gun training.
It's the responsibility of a driver to acquire (and pay for) the necessary training to not be a hazard on th...

[ more ] [ reply ]

Human Nature vs. Security 2004-04-01
IT Professional (1 replies)

You have paint all over your hands too don't you? The web is full of training sites. Search for them instead of playing games all day....

[ more ] [ reply ]

Human Nature vs. Security 2004-04-02
Anonymous

Here, download this attached .exe file. it is a training program designed to stop you downloading and running .exe files from untrusted sources.

>>

lol
...

[ more ] [ reply ]

Human Nature vs. Security 2004-04-01
Anonymous

There are tons of courses, books, sites, and other resources available right down to television. Please do not equate your refusal to avail yourself of the available information with a lack of a opportunity to do so. I suspect that if you are clever enough to know that SecurityFocus exists, then y...

[ more ] [ reply ]

Human Nature vs. Security 2004-03-31
Anonymous (1 replies)

With everything pointing toward due diligence in the corporate execs of protecting their information systems, why not force the user to comply with the same due diligence to protect their personal information systems? Why must responsibility in western civilization always lay in someone else's hand...

[ more ] [ reply ]

Human Nature vs. Security 2004-04-01
The Suite (1 replies)

I could not agree any more with that statement. I strongly beleive that user ignorance to issues at hand that affect an organization should be held liable to the user. If user fails to adhere to rules and principles put in place to protect them and the environment they are in, then there should be d...

[ more ] [ reply ]

Human Nature vs. Security 2004-04-02
Anonymous

Why not just revoke protection from the users that don't adhere to good practices? If the store all of the credit card information on their computer, and don't bother with a firewall, antivirus, etc. and their card gets stolen, they don't get protection from the banks or agencies? This would mean i...

[ more ] [ reply ]

A technical solution to part of the problem... 2004-04-01
Roger

"In fact we are almost back at the point where plain text email is the only option to get through gateways"

I once worked at a place where we realised this years ago. Just as HTML mail was appearing, we decided it was a revolting and stupid idea, and managed to get our CIO (who was fairly clueles...

[ more ] [ reply ]

Human Nature vs. Security 2004-04-01
Chris

A difference between the time when people started locking their doors and the present time is that before, people were more aware of their duties and responsibilities in their community.

Today, should anything bad happen, the first reflex is to find a culprit, someone to sue. People refuse to tak...

[ more ] [ reply ]

Human Nature vs. Security 2004-04-01
Educational Netowrk admin

I find that working in a school environment, the only way to solve the problem is filtering. What i mean by that is give access to only such a filtered version of the internet that is deemed harmless. On our school you can download vitually nothing, browse approximately half of the internet (what is...

[ more ] [ reply ]

this is a good study in how evil works 2004-04-01
Anonymous

This is a great study in how evil works. (1) It shows up as something appealing, and many people fall for it. (2) It slowly turns ugly but in as discrete a manner as possible so that many others will continue to fall for it.

Viruses used to do real damage and present real annoyance to the infect...

[ more ] [ reply ]

Human Nature vs. Security 2004-04-01
KB

Normal users and e-mail worms remind me of the Simsons cartoon where Bart keeps touching the toaster, pulling his finger back and saying "Ouch" only to reach out and touch the toaster again with the same finger.

There was a comment earlier about the "not my fault" ignorant arguement in Western...

[ more ] [ reply ]

Human Nature vs. Security 2004-04-02
Roy

Releasing an antivirus?? do you not remember the absolute noightmare caused first by blaster, and then by naachi as it searched for blaster to apply a microsoft patch?

What if a home made 'teaching' virus was accidentally escaped the perimiter? you may be liable.

The answer is in the title. ...

[ more ] [ reply ]

Human Nature vs. Security 2004-04-05
Anonymous

Why do most of these responses sound like they were written by that Saturday Night Live Computer Guy - you know, the one who says, "move!", "was that so hard??", and "you're welcome!". Such bitterness just because you are exposed to people who don't spend every waking moment adhering to abstract ru...

[ more ] [ reply ]