I want to wade in on this one, because I can see both sides. I'll use my father as an example. He is very intelligent, a former general of the US Army, captain of industry, etc, etc. He is not, by any stretch of the imagination computer literate. He can use a PC and send and recive emails, but if the screen changes colors, he calls for help. To him, a computer is a "blackbox." At almost 70 years old he has no interest in trying to learn the workings of said box, he just wants to stay in touch and talk to some old friends. He should be able to do that in reasonable safety. He understands there are security issues, and has accepted the fact that his ignorance will occassionaly lead to his PC being wiped out. He counts on keeping a low profile and a decent virus scanner to protect him from most problems, and it will.
I, on the other hand run some domains, manage some websites and love Linux. My exposure is a higher, and I have to take more steps to be sure that not only am I safe, but that I am not unwittingly used as a tool by someone else in a DoS or worse. Then there is the new user. Unless they are so dense as to have to have someone come over and turn on the PC and use the mouse for them, they have to be aware of the basic threats a computer user on the internet faces. However, their skill level does not allow them to combat these threats. Informing them of specifc threats on a constant and consistant basis does them no good, as they cannot respond. It is a sad but true fact that there is more misinformation than factual information available. It is deplorable that Microsoft doesn't make a better effort to secure their software and educate their customers. Given the current disasters in the American corporate model it is not surprizing that Microsoft treats their customers as non-entities, but it is unethical. So, what is a good approach to sending out notices about security flaws? Probably a new mailing list. Anyone that wants to suscribe and try and protect themselves can subscribe. Advise the new users to tackle the basics before subscribing. That way it is a self-paced system and those that wish to remain blissfully ignorant are welcome to do so. In a perfect world, these would not be issues, we do not live in Perfect as the commercial says. We live in a society where half of the people are so failed by the education system that they cannot read and write well enough to fill out a job application. We need to cut the new people some slack while they come up to speed. Besides, there is no surer teacher that fire is hot than a scorch mark on your hand. My two cents, US. Doug Riddle --- Jerald Sheets <[EMAIL PROTECTED]> wrote: > But don't you consider it a moral issue that common *REAL* security > threats are not discussed freely? > > I find that amoral at best and criminal at worst. In any event, it > does > a disservice to new folk. > > A very palatable method of succeeding at free discourse without the > detriment of speech deprivation :-) would be to have a > "clickers-announce" list where such items are "announced" as they > occur, > and then in the context of the same message you could present the > time > and place (and cost if applicable) of the discussion "what it is > and > what you can do". > > As an educator, I would find this a fine occasion to divert from > standard curriculum, and follow a thread explaining the state of > security today, what it is, how it works, and what you can do. > Simply > quashing a free discourse on said topic does a service to no > one....ESPECIALLY newbies. > > --JMS > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Larry Braud > > Sent: Wednesday, July 03, 2002 9:07 AM > > To: [email protected] > > Subject: Re: [brlug-general] IE un-Security > > > > > > John, the problem is, a very large percentage of the > > membership of CC are New-Newbies. They just got their > > computer, (in hours usage), and are afraid to turn it on if > > someone says "security problems". You have to remember that > > on a 1 - 10 scale, the Linux group are at an 8 - 10 and the > > members that we teach are in the 1 - 3 range. Security > > problems are real and I try to address it every workshop I > > give, but a lot of the CC membership still don't even have > > the basic antivirus or firewall software even thought you can > > get them free. Larry > > > > > John Beamon wrote: > > > "Holy crap", indeed. Is it really PI to mention security > > problems in > > > the Clickers' list? What else do 1500 ppl talk about on a > > daily basis > > > in what is essentially a Windows club? > > > > > > </span> > > > > > > oof! That was harsh. I'm sorry. It slipped out before I > could > > > restrain it. No offense intended. Seriously, when MS' own > Supreme > > > Architect (or whatever his title is this week) goes for Trusted > > > > Computing (TM) and makes security job #1 for the world's > largest > > > software company, it seems that a basically Windows club would > > > consider this an important subject to converse freely > > about. I mean, > > > if I checked my mail more than my securityfocus.com and > cert.org, I > > > would APPRECIATE people pointing out major security issues > > from time > > > to time. Finding the subject gauche is just obtuse beyond > > belief in > > > modern computing times. No offense intended, but I "don't get > it". > > > > > > -j > > > > > > > > > > > > _______________________________________________ > > > General mailing list > > > [email protected] > > http://brlug.net/mailman/listinfo/general_brlu> g.net > > > > > > > > > > > _______________________________________________ > > > > General mailing list > > [email protected] > http://brlug.net/mailman/listinfo/general_brlug.net > > > > > _______________________________________________ > General mailing list > [email protected] > http://brlug.net/mailman/listinfo/general_brlug.net __________________________________________________ Do You Yahoo!? Sign up for SBC Yahoo! Dial - First Month Free http://sbc.yahoo.com
