Kurt, You introduced cars as an analogy. Please have a look at: http://en.wikipedia.org/wiki/List_of_motor_vehicle_deaths_in_U.S._by_year to see that deaths due to car crashes, as a % of the population have been falling for years in the US. That's despite the fact that there are more cars, travelling at faster speeds, than ever before.
I'm not saying that cars are perfectly safe - that's a strawman argument. I'm saying that the car industry doesn't just throw up its hands in the air and use the arguments that you are using: namely that driving a car is dangerous and people should "suck it up". Furthermore, research continues into ways to make cars even safer, because the industry realises that trying to change human behaviour (whilst part of the solution - aka driving tests) isn't going to solve the problem completely. As for the last part - you don't think that revealing the AV, FW, IDS/IPS products that a company uses isn't giving away information to attackers that could be used against that company? That's completely naïve. If I know you are using product X, at version X, then I know that I can use vector/attack Y to bypass it, because your product is vulnerable, or doesn't yet detect Y Cheers Ken -----Original Message----- From: Kurt Buff [mailto:[email protected]] Sent: Sunday, 26 August 2012 3:01 AM To: NT System Admin Issues Subject: Re: OT : Humor only an Admin can enjoy. Ken, I made a small mistake in my comment to your analogy with cars - the word isn't irrelevant, it's more along the lines of mistaken. Consider how advanced the car industry was after 40 years. Not very. And 70+ years after that it's still not "safe". Computing is more complex, and will take even more time to get to a "safe" state, if it's even possible, which to my mind is an open question. Kurt On Sat, Aug 25, 2012 at 9:32 AM, Kurt Buff <[email protected]> wrote: > On Fri, Aug 24, 2012 at 10:35 PM, Ken Schaefer <[email protected]> wrote: >> I disagree. >> >> Car manufacturers have been constantly finding ways to make our >> driving experience safer, and less stressful. Whilst it still >> requires some level of co-ordination, skill and concentration to >> drive a car, it is far safer and far easier to drive a car now than at any >> time in the past. And companies are working on ways to make it even more so. > > And yet deaths via car crash remain perhaps the most frequent form of > death not due to disease. It's still dangerous. And your comment is > irrelevant, because any activity that a) requires human interaction > and b) has the possibility of harm to humans, financially or > physically requires vigilance and care on the part of those > potentially affected, no matter well understood and technologically > developed. > >> Likewise the IT industry has to find better ways to keep things >> secure rather than relying on changing the entire human race's >> behaviour. Because the latter is a losing proposition - it always has been >> and always will be. >> >> Constant whinging by *IT Professionals* has done nothing to change that fact >> in the past 40 years. > > It could be argued that man's natural state is illiterate, > disease-riddled and violent. Before we could overcome that with better > technology, we had to change the culture, i.e., man's nature, and it > wasn't easy. Computing is a very new phenomenon, and 40 years is a > very short period of time to introduce a new culture. > >> Passwords may have worked when users only had to remember 5. >> These days it's starting to break down. > > And printed words only work when you have to recognize 40 or 50 and > maybe type your name. > >> So, what do to? Microsoft tried CardSpace, and building password >> memory systems in Windows and IE. Wasn't entirely successful. Some >> companies are trying federated identity systems (e.g. "login with >> your Facebook account"). Maybe the government should just issue >> people with smart cards (whether or not they are tied to your actual >> identity - at least they would be relatively impossible to duplicate, with >> today's technology). > > Tell that to the vendor of ORCA cards. And no, I don't want federated > identities - they will be abused. Check that - they are already being > abused. > >> The constant whinging about programmers, users and everyone else, on this >> list, is so tiring. >> No one is discussing solutions. Telling the entire population of the >> developed world to "suck it up" is not a solution IMHO. > > It's what we have. When you come up with something that is less > dangerous (and federation isn't it, nor are any government-mandated > solutions) and easier, I'll listen. I doubt it will come soon. > >> FWIW IT admins here seem to have no compunction re. posting the >> products they use, the configuration they have, the AV they have >> installed, their password complexity rules, their administration >> techniques, and the companies they work for and when they are >> out-of-the-office etc. It's rank hypocrisy. > > Uh, you're going to have to connect those dots for me. Aside from the > last two (revealing your company on-list is a big security mistake, > IMHO, and OOFs are a form of moronity, regardless if they're imposed > by corporate rules), I consider those part of the community education > process, which is what we're trying to do with users. Of course, when > some of our community state to users that passwords are passe without > giving real alternatives, that would be hypocrisy... > > Kurt > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
