Linked by Thom Holwerda on Sun 23rd Sep 2007 10:54 UTC, submitted by irbis
Bugs & Viruses "For at least a decade, the standard advice to every computer user has been to run antivirus software. But new, more commercial, more complex and stealthier types of malware have people in the industry asking: will antivirus software be effective for much longer? Among the threats they see are malware that uses the ability of the latest processors to run virtual machines that would be hidden from antivirus programs." Note: Please note that our icon contest is still running! So if you have an idea on how to rework this story's icon, read this.
Thread beginning with comment 273683
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: ...
by chrono13 on Sun 23rd Sep 2007 20:46 UTC in reply to "RE[2]: ..."
chrono13
Member since:
2006-10-25

I work with hundreds of end users and on some of my spare time, with family and friends.

They are ignorant. Just as ignorant toward a computer as I am a car.

I understand the basics, and I change my oil, and I am always willing to learn more, especially when someone says it is important, or that I should know it just to keep my vehicles in good shape or drive.

Average computer users are ignorant. This is not a bad thing. Reasonably, they should not have to learn anything beyond phishing. Everything else should be secure by OS design, the admin, and in the cases where they are the admin (home), the OS should at least be secure by default, so that securing it does not require knowing as much about your computer as your mechanic knows about your car.

If a user believes that Dancing Bunny's are harmless, it is ignorance, not stupidity.

If I had to know as much as my mechanic to drive, I wouldn't. Or, I would drive anyway and complain like hell when someone tells me that I should have known that I need to spend $50/year for muffler gremlin protection, and that I need to do a half dozen things under the hood monthly to make sure the engine doesn't fall apart.

To ask that anyone, let alone someone who just wants to use the computer, to know the amount of knowledge required to turn Windows default unsecure state into even moderately secure is unreasonable. The efforts required to sustain it thereafter, unreasonable even to those who know how.

They aren't stupid, users are only assuming things which we take for granted to know otherwise. Windows is not secure, and it is almost never the fault of a user when they get a virus, or other malware, or simply do not know any better. They are assuming things that should be true.

The user is not to blame for the failings of the Operating System. This is true for all operating systems. For Windows it is the lack of security and stability, for Linux it is the lack of user friendliness, neighbor support (chicken and the egg), and so on.

Reply Parent Score: 2

RE[4]: ...
by Morin on Sun 23rd Sep 2007 21:58 in reply to "RE[3]: ..."
Morin Member since:
2005-12-31

[@chrono13]

My comment obviously doesn't apply to you, as you are trying to understand the users. I think we agree that the users *are* ignorant, but trying to fix the whole malware problem at the user is bound to fail. Your car analogy is spot on.

[@Doc Pain]

Same here. However, there are some specific arguments i'd like to reply to:

> Uninformed / misinformed users are one problem, you surely will
> admit it.

Yes, I admit it. I just don't think that this direction of thought will lead to a solution for the problem. Or better, it won't lead to a *complete* solution as long as it does not include technical perfection of the system itself.

> Maybe you're lucky and mostly encounter the smarter users along your
> daily work.

Mostly yes, but I did have the "pleasure" to fix the computers of the "black sheep" too. Luckily I'm not doing this as a job, so I am seldom asked to fix computers, and then mostly by friends.

My argument still holds though: Take a user with no knowledge about the workings of a computer, who will neither explain a problem properly that he encountered, nor even listen to your questions or replies - yes, the user is ignorant, but it's equally ignorant to call him stupid and claim that he/she must be educated. Regardless of the fact that you'll never "educate" him/her.

> I'd like to add that there are individuals around who like to know
> more, experience computers in detail and understand how they
> work. Some software (OSes, apps) give them the ability to do so,
> other software, usually "dumbed down", doesn't.

I find it refreshing to give a user *real* insight in this area (and of course, other areas too). If they can learn themselves, the better. Sometimes this needs special software, sometimes not: For example, the more I work with Mac OSX, the more cases I encounter where I find it too dumbed-down (read: not configurable). For a newbie though, OSX might be ideal to learn some basics. A developer on the other hand may find Linux more interesting because all its inner workings can be studied.

However, a system that can be studied en detail does not equate to a system that *needs* excessive user-knowledge and maintenance.

> This leads me to this conclusion: Would a "two classes" software
> offering be a solution? A "read only PC" for home use? Functional
> software for professionaly only? I think you agree: This would be
> problematic.

A read-only PC would be enough for many people. Above that, it may be sufficient if advanced features are hidden by default but can be unlocked - possibly by passing some kind of "user exam", which can be as simple as *finding* the switch to enable advanced options.

I agree that it's a hard problem, but I think it's also an interesting problem ;)

Reply Parent Score: 2

RE[5]: ...
by Doc Pain on Mon 24th Sep 2007 01:04 in reply to "RE[4]: ..."
Doc Pain Member since:
2006-10-08

"Yes, I admit it. I just don't think that this direction of thought will lead to a solution for the problem. Or better, it won't lead to a *complete* solution as long as it does not include technical perfection of the system itself."

This is true. OS and applications - that can be claimed - should have the goal to form a solid and secure basis. As long as OS internals, protocols, stacks, drivers, along with programming interfaces and libraries, do contain stuff that can easily be abused and utilized for "viral behaviour" (data espionage and saboutage, spamming, spoofing etc.), even better educated and experienced users can't be totally safe.

"Mostly yes, but I did have the "pleasure" to fix the computers of the "black sheep" too. Luckily I'm not doing this as a job, so I am seldom asked to fix computers, and then mostly by friends."</li>

You're really lucky, I guessed right. :-)

[i]"My argument still holds though: Take a user with no knowledge about the workings of a computer, who will neither explain a problem properly that he encountered, nor even listen to your questions or replies - yes, the user is ignorant, but it's equally ignorant to call him stupid and claim that he/she must be educated. Regardless of the fact that you'll never "educate" him/her."


The term "educate" may be misleading here. To put it into more friendly words: Experience is what's needed here. It's like learning how do use a bike. At first, you fall onto your nose, and friends help you, encourage you to try again. But they won't do very long, so you do some training in order to drive on your own, including less and less injuries due to control or balance loss.

You know, my boss never thought about backups. But suddenly, his "great" IBM DTLA hard disk broke, it was a disaster for him. Now he's doing backups - he gained experience. And I told him: The day he stops making backups, the hard disk will fail. :-)

In Germany, victims of computer saboutage were taken to trial and sentenced for assistance in data espionage. Their mistake: Leaving a PC without proper protection, so it got used by criminals for storing and sharing commercial applications, movies, and pornography. "But I didn't know!" didn't convince the judges.

Furthermore, some common sense is essentially needed. Things users do know from the real world (e. g. "nothing is for free" or "a shiny box does not guarantee a shiny product") should be transported into the more abstract computer world. Nobody on the Internet will give you a US$ 500 watch for free, even if you click on the bunny. And when the PC says "enter your credit card number and PIN", better ask yourself what to do, because you wouldn't give your confidental data to someone on the street, would you? When users would trust their knowledge (the knowledge they had before a PC entered their home or work), using the computer would be more safe for them.

"I find it refreshing to give a user *real* insight in this area (and of course, other areas too)."

Some of them are very surprised when they learn the truth about how something works, how old fashioned a "brand new" product is or how cheap and crappy their "expensive" stuff really is. :-)

I demonstrated to a former customer the easieness of breaking into his PC - using an 1:1 STP cable connection, of course. It didn't take me 10 minutes to gain complete access over his data. I did copy some of his files, deleted (prepared) files and changed some system settings. He was surprised how easy it was when I could explain to him what I did in fact.

"If they can learn themselves, the better."

So did the majority of "us professionals". :-)

Of course, learning is possible from mistakes, but you should not make every mistake over and over again.

"Sometimes this needs special software, sometimes not: For example, the more I work with Mac OSX, the more cases I encounter where I find it too dumbed-down (read: not configurable). For a newbie though, OSX might be ideal to learn some basics. A developer on the other hand may find Linux more interesting because all its inner workings can be studied."

While users usually do not find any need to know about how somethings work, developers do, more or less specific (using kernel interfaces, system libraries, toolkits etc.). This possibility is one of the great advantages of free software such as Linux, Solaris or the BSDs.

"However, a system that can be studied en detail does not equate to a system that *needs* excessive user-knowledge and maintenance."

Every system needs maintenance. The question is: How is this maintenance requirement organzied? Is user interaction needed? Is it included in the OS or is additional software neccessary?

"A read-only PC would be enough for many people."

There have been TV sets with internet connection around, but I think nobody uses them anymore.

In the gaming sector, there are gaming consoles for the ones who do not want to play on the computer.

Thin clients (e. g. Sun Ray) offer centralized functionality with no responsibility for the user, but need a qualified system administrator on server site.

"Above that, it may be sufficient if advanced features are hidden by default but can be unlocked - possibly by passing some kind of "user exam", which can be as simple as *finding* the switch to enable advanced options."

Such a "level structure" has been included in GeoWorks Ensemble where you could switch (without barrier) between beginner, advanced and professional users, making the menu contents changing from just the basic functions up to complex functionalities.

Your idea of an "exam" is interesting. (Car analogy: the driving test in order to get the driving license)

"I agree that it's a hard problem, but I think it's also an interesting problem ;) "

In fact, it is. And it will stay interesting because it will determine the development of the software world (and maybe the hardware world, too) in the future.

Reply Parent Score: 2