The way western civilization coped with having to install a lock on the door was to put the key under the door mat or flower pot, and leaving the back door open for people who needed access without going through the extra hassle of unlocking.

In small transparent societies with a uniform culture that worked well. The problem is that most societies aren't uniform nor small anymore. Sure, you'll find exceptions, like Amish people who don't bother to lock their doors, or remote mountain passes where the turnpike fee is paid by leaving money in an envelope for the gate keeper.

There's only two real solutions to the problem -- either trade convenience for ever-increasing security measures, or force untrusted people away from the society (eggshell method -- hard on the outside, soft on the inside), keeping it small and uniform enough that the lessened security model works.

A firewall appliance is a good example of the second solution. The problem is that people invite strangers in, be it by email, P2P or otherwise, and expect people on the outside to be as well behaved when they visit there. That won't do.
An antivirus program is an example of the first measure. Unfortunately, that won't work either, both because there's a limit to how much security can be imposed and still have a working system, and because people are quite frankly too lazy to implement and keep current adequate security measures.

What I see as the *only* solution here is education. Forced education. A driver's license to be able to use the Internet services, with sizeable fines for not having a license or not following the rules.
If it's voluntary, people won't learn, and WILL open and run the britney_spears.scr that apparently was sent by cousin Phil in Oregon.



[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/231/25640#25640