__/ [ BearItAll ] on Monday 26 March 2007 13:37 \__
> Roy Schestowitz wrote:
>> Many net users 'not safety-aware'
>> ,----[ Quote ]
>> | Fewer than half of the UK's 29m adult internet users believe
>> | they are responsible for protecting personal information online,
>> | a survey suggests.
>> Much like people who get disconnected and then try to blame administrators
>> for the viruses that their Windows PCs are spreading across the network.
> They are absolutely right. Computers, networks and the Internet, though we
> here are well used to protecting ourselves, by using Linux for example, it
> is all far too complex to expect Joe Bloggs who just wants to login to his
> lottery account and put a quid on for the weekend to understand how to take
> care of his own security. Maybe he wants to put some pictures on his yahoo
> so his daughter in forn parts can see them, it is not up to Joe to ensure
> that his pictures are safe, it is up to yahoo who offer the service.
> At home, it is firstly up to the OS to protect the user. Then, if the OS
> does not provide it, a third party protection suite.
> Joe can be told to protect his password at home, not write it on his
> notepad for example, but between him and the lottery site or him and his
> yahoo pictures, the security has to be taken care of for him.
> We can not trust MS to take care of his security, so on his MS machine he
> needs the third party software to do it. If he has Linux and has taken a
> typical desktop distro, then all of that protection is done for him. The
> defaults for Linux are so well thought out that chances are on his own
> machine he wouldn't need to think of security at all.
> Then out on the web, he needs to be protected from untrust worthy sites. He
> gets some protection, probably not enough at the moment. But the main sites
> that he is likely to use do take care of that side of the security for him.
> I would like to see more use of the likes of SquidGuard out on the Internet
> or locally on his machine but it ought to be controlled in updates, Joe
> can't really know which sites are risky until one of them does him damage.
> I just can't see it as Joe's responsibility to take care of his own
> security other than taking care of his password.
What happens if Joe has gone to fetch some tea and bagels and, in the mean
time, somebody, somewhere in the world buffer-overflow'ed his PC and took
control of everything, including the filesystem? It is fundamental security,
not just exchange of information, that put the user at risk. Do you know how
long it taken a brand-new Windows XP installation to become infected by just
simply sitting there on broadband without being patched? What happens when
people have their computer infected time after time? What happens if this
gets them disconnected and they spend one weekend after another 'mending'
their PC or reinstalling from scratch? Worse -- what happens if they get
fined for it? I am unfortunately finding myself in the position where I have
to explain to people that, despite the fact that they spent 35 quid on AV
software, they will now have to pay a 35 quid fine, on top of the recurring
nuisance. As Murphy said, it's a "productivity sink".
~~ Best wishes
Roy S. Schestowitz | Useless fact: Brazil spans 47.8% of S. America
http://Schestowitz.com | GNU/Linux | PGP-Key: 0x74572E8E
Swap: 1036184k total, 342420k used, 693764k free, 34076k cached
http://iuron.com - next generation of search paradigms