-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > But with personal computers there is this conflicting belief, stating in one > hand that the computer should need no maintenance, so there's no need for > understanding its inner works, and on the hand, if something happens, the same > unknowledgable user should take action. Note that the pairs (problem, user > action) range from (personal firewall popup window, choose allow/deny) to (RPC > buffer overflow found, install patches/deploy firewall/turn off service).
And most often the end user will take their computer to their neighbor/friend/whatever in hopes they can fix it and often that person is little more than (ill nab a word from windows here) a power user. In addition, I find the idea that an end user will deploy a firewall, without any knowledge of the protocols they will allow/block AND still somehow remain safe. I've watched so many people just click accept because they dont know what it is and think its important, or are just so sick of little windows popping up that just default to a rule of some sort (accept/decline everything they dont know). Again I really feel the issue most needing to be addressed is user education, as I said its the year 2004, things are not going to get less complex, only more complex, a basic knowledge of computers and network (imho) is necessary, and will only become more neccessary as time progreesses. > My personal view of the problem is that there are two very important obstacles > for computer security: one is the previously stated one about user education, > the other is about (the industry/goverment/the professionals) understading that > software quality is a requirement for security. I can agree here, but it would really depend on how such things were handled, I mean anyone can make a simple mistake and cause a bug- it happens, it shouldnt, but that is life- Of course in depth auditing should be done before release, but well it isnt always as in-depth as we'd like, that also is reality. But overall I agree. j -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (OpenBSD) iD8DBQFAaF1msKAeTAhLiCERAvBaAJ0Qs0HVWgt0dFL/nz2FIFLX3rK87wCeOAKT YxhiKWwPIs9kcZnTrwCYA8s= =T7k4 -----END PGP SIGNATURE-----
