[Dshield] Most absurd

Johannes Ullrich jullrich at euclidian.com
Fri Sep 12 17:11:26 GMT 2003

Training for consumers / end users is absurd. Maybe something
basic during the install sequence. For example, some screens
about basic virus security ("Don't click") while the software
is setup as you turn on the PC.

Other than that, it is much easier to ship a PC "secure" and 
this way force the users to get educated as they try to figure
out how to turn on a particular service. At least they should 
know that (A) it is turned on and (B) how to turn it off.

However, "professional" users are a different story. Someone
running an ISP, or a company running a larger IT operation
has to have qualified personnel on staff. Needless to say, 
SANS offers such training ;-).

I hope that at some point, commercial pressure will work. Companies
can only sell buggy software if people buy it. Maybe insurance
companies will soon give companies a break on liability 
insurance if a company hires qualified IT staff. And ISPs that
can't control traffic on their network may lose customers.

Johannes Ullrich                     jullrich at euclidian.com
pgp key: http://johannes.homepc.org/PGPKEYS
   "We regret to inform you that we do not enable any of the 
    security functions within the routers that we install."
         support at covad.net

More information about the list mailing list