Schneier is up to it again :) This time, he writes an article about users and security, in which his thesis is that it isn’t that users are stupid (as many security and help desk people believe firmly :) but that the people that have created and developed computers and operating systems are the ones that are messing up things by making them overly complicated after convincing them that they can’t live without them.
The real problem is that computers don’t work well. The industry has
convinced everyone that people need a computer to survive, and at the
same time it’s made computers so complicated that only an expert can
maintain them.
If he (or I :) tried to fix the heating system in a home or office, he’d probably end up breaking a whole lot of security rules…and it’s not because he doesn’t care about security or is stupid, but that he is not an expert on heating systems. And it’s the same thing happens with computers and the common user.
For the most part, I agree with him. Yes, most users aren’t stupid…many of them do things that are very complicated and that I wouldn’t dream of trying, like surgery. But I don’t think all, or even most, users care about security. I’ve tried to educate users about security, telling them to avoid doing this or that or the other so their systems won’t get compromised…but most of them just don’t care, “nothing I have in my computer is worth worrying about” they say. And if it’s a work computer, their answer is usually “computer security is not my problem, is the sysadmin’s” (and boy, does that answer piss me off).
We need to educate the users, yes…but, unlike Bruce, I *do* think that punishment is a valid form of behavioural modification. I’ll tell you once, I’ll tell you twice, the third time, I’ll wack your head with a stick. It’s one thing to understand that users aren’t experts and that computers are overly complicated…it’s a different thing for the user to simply not care about what we, the people who have to take care of security, tell them.
Technorati Tags: it security, computers, bruce schneier
Tags: Thoughts
If you enjoyed this post, make sure you subscribe to my RSS feed!!
Comments
This entry was posted on Tuesday, August 22nd, 2006 at 2:47 pm and is filed under Thoughts. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
Cumpleaños feliz,
Te deseamos a tí,
Y que cumplas muchos años,
Muchos años feliz.
Thanks bunches, buddy, I appreciate it :)
Even if nobody decided to give me any of the stuff I listed in the blog that I wanted lol!