[Dshield] Blackworm liability with ISPs?

Anonymous Squirrel anonymous.squirrel at gmail.com
Wed Feb 8 12:58:44 GMT 2006

On 2/7/06, Micheal Patterson <micheal at tsgincorporated.com> wrote:
> I hate to say this, but requiring a training session to be able to
> purchase
> a PC these days isn't as ludicrous to me today as it was 10 years ago.
> There
> are far too many end users that have no idea how to update it, don't know
> what a virus is, nor do they understand the necessity of keeping the OS
> patched.
> It's at that point that Mom and Dad realize that they're in a world of
> hurt
> and shock. They needed to know the possible problems last year when they
> bought the PC to do their taxes and send email to Grandma in her summer
> Florida home. If they had known more about it then, they might have an
> idea
> about what Billy was doing all this time.
Excellent points. If the education was slightly modified to fit the precise
capabilities of the access device purchased, market forces will take care of
the rest.  Imagine this: a clueless user who only wants to to taxes and
email grandma has two choices of access devices for purchase:

1) A general purpose swiss-army knife of computing (XPSP2, *nix, OSX, etc).
Their training covers *all* they can do to react to the threat environment,
and the training must be completed before purchase.

2) A locked-down appliance that can only do taxes and e-mail grandma.  Once
again, the training covers all they can do to react to the threat
environment, and must be completed before purchase.

Seems to me the hassle factor is vastly reduced in #2.  Assuming the price
were the same, which will they choose?

As I said before, the core problem is access devices whose capabilities are
far beyond the understanding and motivation of the user.

Now, how does the consumer model apply to businesses, many of whom do not
have competent administrators, or do have competent administrators but allow
the users too much control over the box.

More information about the list mailing list