North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Dumb users spread viruses

  • From: Todd Vierling
  • Date: Mon Feb 09 11:51:21 2004

On Mon, 9 Feb 2004, Paul Vixie wrote:

: > Uneducated users should live with the slowness.  It's protecting the rest of
: > the world from their blissful ignorance.
: if it protected them or anybody else i'd say you were right, but since it's
: a pattern matcher it always takes 2 to 24 hours for a new pattern file to
: be developed and distributed after a new worm is released.  why even bother?

Because the updates do, in most cases, remove the infection automatically
after the update is in place.  It's a better situation than sitting on our
hands watching Swen, Nimda, Sobig, and friends continue pounding at our
doors for months on end.

: > The average Windows user CANNOT BE TRUSTED TO DO THE RIGHT THING because
: > they are blindly trusting the (1) operating system's security, and (2)
: > non-malicious intent of the things they view or download.

: once you add a particular operating system to the equation i can't disagree
: (mostly due to lack of facts i've actually gathered or checked personally.)
: however, in the situation you describe, the fault is still with the OS, not
: with the end user.

"Good luck" getting the OS manufacturer in question to fix things.  I'd be
happy to file or join an amicus brief if you're looking to take them to
court.  This, however, has not happened yet and probably will not happen for
some time.

Antivirus software is an imperfect solution where there would be *no*
solution otherwise.  It's the digital adulterer's condom.

: as i said before, if we (the creators and distributors of the products and
: services these users depend on) can't make them safe, then the fault is
: with us, not with the people using them.
: it's as if not knowing how the fuel injectors work on my car could make it
: blow up on the freeway.  we'd blame the manufacturer, not the driver, right?

Computers provide much more control to the end-user, which leads to an
increased level of confused ignorance.  Even if you turn off the
system-supplied mail client and Web browser and somehow manage to disable
all things using that Web browser's embedded component, people will still
download and run trojans.  It happens all the damned time.

To extend the automobile metaphor but add the control/confusion level I
described:  Let's say the driver sees the "PUT IN YOUR CAR EVERY 2-3
MONTHS!" tagline on a bottle of motor oil.  Knowing this should go in the
car, but without knowing what an oil change is, s/he happily pours it into
the gas tank.  Now who's liable when the head gasket blows or the engine
catches fire from overheating?

-- Todd Vierling <[email protected]> <[email protected]>