Well said, Ken. * *
*ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market… * On Sun, Aug 26, 2012 at 2:41 AM, Ken Schaefer <[email protected]> wrote: > Kurt, > > You introduced cars as an analogy. Please have a look at: > http://en.wikipedia.org/wiki/List_of_motor_vehicle_deaths_in_U.S._by_year > to see that deaths due to car crashes, as a % of the population have been > falling for years in the US. That's despite the fact that there are more > cars, travelling at faster speeds, than ever before. > > I'm not saying that cars are perfectly safe - that's a strawman argument. > I'm saying that the car industry doesn't just throw up its hands in the air > and use the arguments that you are using: namely that driving a car is > dangerous and people should "suck it up". Furthermore, research continues > into ways to make cars even safer, because the industry realises that > trying to change human behaviour (whilst part of the solution - aka driving > tests) isn't going to solve the problem completely. > > As for the last part - you don't think that revealing the AV, FW, IDS/IPS > products that a company uses isn't giving away information to attackers > that could be used against that company? That's completely naïve. If I know > you are using product X, at version X, then I know that I can use > vector/attack Y to bypass it, because your product is vulnerable, or > doesn't yet detect Y > > Cheers > Ken > > -----Original Message----- > From: Kurt Buff [mailto:[email protected]] > Sent: Sunday, 26 August 2012 3:01 AM > To: NT System Admin Issues > Subject: Re: OT : Humor only an Admin can enjoy. > > Ken, > > I made a small mistake in my comment to your analogy with cars - the word > isn't irrelevant, it's more along the lines of mistaken. Consider how > advanced the car industry was after 40 years. Not very. And 70+ years after > that it's still not "safe". Computing is more complex, and will take even > more time to get to a "safe" state, if it's even possible, which to my mind > is an open question. > > Kurt > > On Sat, Aug 25, 2012 at 9:32 AM, Kurt Buff <[email protected]> wrote: > > On Fri, Aug 24, 2012 at 10:35 PM, Ken Schaefer <[email protected]> > wrote: > >> I disagree. > >> > >> Car manufacturers have been constantly finding ways to make our > >> driving experience safer, and less stressful. Whilst it still > >> requires some level of co-ordination, skill and concentration to > >> drive a car, it is far safer and far easier to drive a car now than at > any time in the past. And companies are working on ways to make it even > more so. > > > > And yet deaths via car crash remain perhaps the most frequent form of > > death not due to disease. It's still dangerous. And your comment is > > irrelevant, because any activity that a) requires human interaction > > and b) has the possibility of harm to humans, financially or > > physically requires vigilance and care on the part of those > > potentially affected, no matter well understood and technologically > > developed. > > > >> Likewise the IT industry has to find better ways to keep things > >> secure rather than relying on changing the entire human race's > >> behaviour. Because the latter is a losing proposition - it always has > been and always will be. > >> > >> Constant whinging by *IT Professionals* has done nothing to change that > fact in the past 40 years. > > > > It could be argued that man's natural state is illiterate, > > disease-riddled and violent. Before we could overcome that with better > > technology, we had to change the culture, i.e., man's nature, and it > > wasn't easy. Computing is a very new phenomenon, and 40 years is a > > very short period of time to introduce a new culture. > > > >> Passwords may have worked when users only had to remember 5. > >> These days it's starting to break down. > > > > And printed words only work when you have to recognize 40 or 50 and > > maybe type your name. > > > >> So, what do to? Microsoft tried CardSpace, and building password > >> memory systems in Windows and IE. Wasn't entirely successful. Some > >> companies are trying federated identity systems (e.g. "login with > >> your Facebook account"). Maybe the government should just issue > >> people with smart cards (whether or not they are tied to your actual > identity - at least they would be relatively impossible to duplicate, with > today's technology). > > > > Tell that to the vendor of ORCA cards. And no, I don't want federated > > identities - they will be abused. Check that - they are already being > > abused. > > > >> The constant whinging about programmers, users and everyone else, on > this list, is so tiring. > >> No one is discussing solutions. Telling the entire population of the > >> developed world to "suck it up" is not a solution IMHO. > > > > It's what we have. When you come up with something that is less > > dangerous (and federation isn't it, nor are any government-mandated > > solutions) and easier, I'll listen. I doubt it will come soon. > > > >> FWIW IT admins here seem to have no compunction re. posting the > >> products they use, the configuration they have, the AV they have > >> installed, their password complexity rules, their administration > >> techniques, and the companies they work for and when they are > out-of-the-office etc. It's rank hypocrisy. > > > > Uh, you're going to have to connect those dots for me. Aside from the > > last two (revealing your company on-list is a big security mistake, > > IMHO, and OOFs are a form of moronity, regardless if they're imposed > > by corporate rules), I consider those part of the community education > > process, which is what we're trying to do with users. Of course, when > > some of our community state to users that passwords are passe without > > giving real alternatives, that would be hypocrisy... > > > > Kurt > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
