[Dshield] Users don't pay attention
Fielder, Wayne (CPE)
Wayne.Fielder at ky.gov
Fri Aug 19 11:43:06 GMT 2005
I think that is the solution Aaron. My users are spoiled. Because many of
them VPN into our network (a decision made by higher authority than I) we
have taken on their home machines as well. The machines aren't officially
on our support list but we darn sure BETTER support them if we wanna keep
our internal stuff somewhat safe.
I've taken to offering my services whenever they get hit. I price myself
outta the game and suggest that they read up on nuking their machines and do
it themselves. No no. They come to me and pay the price. Easy money.
SOME of them have grown weary of writing me a monthly or BI MONTHLY check
and have actually started trying to learn something.
Hit people in the pocket book and they begin to realize the fallacy of their
self imposed ignorance.
Some on this list have mentioned "job security" with a smile. While that's
true on it's face...who really wants to clean up after these people all the
time? I'm seriously considering amending our Acceptable Use Policy to
include something along the lines of an expectation that the user will
undertake due diligence when using the web and email. Due Diligence would
be defined as being aware of the sites you are going to, not trusting
embedded links in email, and being forward leaning on OS Patches, AV
signatures, Spybot definitions, and personal firewall updates. Some penalty
would have to be outlined as well...I'm think public flogging but I doubt
MGMT would accept that. Perhaps private flogging...
From: Aaron Lewis [mailto:aaron at adldatacomm.net]
Sent: Thursday, August 18, 2005 10:05 PM
To: 'General DShield Discussion List'
Subject: Re: [Dshield] Users don't pay attention
Do the work and send them a bill. Eventually they'll catch on. I think MS
had done more than their share to make it easy and automated to keep a
system up to date. What else can they do. As IT staff all we can do is
explain the risks and move on. If they choose to ignore us then they suffer.
> -----Original Message-----
> From: list-bounces at lists.dshield.org
> [mailto:list-bounces at lists.dshield.org]On Behalf Of admin
> Sent: Thursday, August 18, 2005 8:30 PM
> To: list at lists.dshield.org
> Subject: [Dshield] Users don't pay attention
> I think fighting these exploits is impossible. As soon as I read about
> this latest Plug and Play exploit I emailed ten small companies and
> end users that I knew were running Windows 2000 and told them where to
> get the patch and how to configure their routers and Zone Alarm
> This was a week ago and so far only one person has done anything. They
> are starting to call me one by one asking for help now that they have
> been had.
> What are we going to do? Most Windows users don't want to know
> anything about computers. They won't even turn on the automatic
> updates or install patches when they are warned by someone they should
> trust. I ask them why? And they say "I don't know how". I say look I
> told you in the email and it is all spelled out on the Microsoft web
> page. I really think it is a loosing battle!
> Barton L. Phillips
> Applied Technology Resources, Inc.
> Tel: (818)652-9850
> Web: http://www.applitec.com
> send all posts to list at lists.dshield.org To change your subscription
> options (or unsubscribe), see:
send all posts to list at lists.dshield.org To change your subscription options
(or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
More information about the list