Linked by Andrew Youll on Sat 17th Sep 2005 11:22 UTC, submitted by JonasDue
Privacy, Security, Encryption "There's lots of innovation going on in security - we're inundated with a steady stream of new stuff and it all sounds like it works just great. Every couple of months I'm invited to a new computer security conference, or I'm asked to write a foreword for a new computer security book. And, thanks to the fact that it's a topic of public concern and a "safe issue" for politicians, we can expect a flood of computer security-related legislation from lawmakers. So: computer security is definitely still a "hot topic." But why are we spending all this time and money and still having problems?"
Thread beginning with comment 32808
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Computer Insecurity
by protagonist on Sat 17th Sep 2005 23:07 UTC in reply to "RE: Computer Insecurity"
protagonist
Member since:
2005-07-06

If the end user has to RTFM then the programmer has not done his job. The manual should only be required for those less than obvious features that most people don't use anyway. Let's face it, the software companies are always touting how user friendly their program is. And user friendly is equated with definitely not having to read a manual before you can use it. The author of the article was correct in his assessment that we are approaching security backwards. The only way to have a reasonable chance of a secure system is to be a step ahead of rather than a step behind the bad guys.

Reply Parent Score: 1

RE[3]: Computer Insecurity
by g2devi on Sat 17th Sep 2005 23:54 in reply to "RE[2]: Computer Insecurity"
g2devi Member since:
2005-07-09

> If the end user has to RTFM then the programmer has not
> done his job.

For simple software, sure.

For more complex software, that's not practical or even possible in many cases since the software may have to eventually interact with devices or OS configurations that haven't been invented yet.

Think of it this way. When you get a car, you need to get a driver's license before you can safely go on the road with it and read the maintenance manuals. However, you don't need to learn auto repair as long as you know where to hire the appropriate auto repairman and take it in for service every once and a while.

When you get a new house, you have to read the service manuals for the house and pay attention to advisories from City Hall or the Fire Hall about any required upgrades. However, you don't need to become a plumber, carpenter construction worker, or interior designer. You just need to know how to get in contact with one if the need arises.

Ditto with health. When you're born, you need to learn the basics of health and some basic first aid. However, you don't need to get a medical degree as long as you know how to reach a doctor should the need arise.

It would be nice if life never forced you to RTFM, but sometimes it does and if you chose not to even read the Coles Notes (or Cliff Notes) version of RTFM, the responsibility for the consequences rests solely on you.

Reply Parent Score: 1

RE[4]: Computer Insecurity
by protagonist on Sun 18th Sep 2005 02:07 in reply to "RE[3]: Computer Insecurity"
protagonist Member since:
2005-07-06

>> If the end user has to RTFM then the programmer has not
>> done his job.

> For simple software, sure.

> For more complex software, that's not practical or even possible in
> many cases since the software may have to eventually interact with
> devices or OS configurations that haven't been invented yet.

The complexity of the software has nothing to do with it. You should be able to use the basic functions of your software without having to read a manual. That is what the concept of an intuitive interface is all about. The way most manuals are written these days the average user doesn't understand it anyway. And I am not saying the user is stupid, just that the manual is usually as poorly written as the code is.

The point of the article as I perceive it is that we are in the security mess we are in because much of the software has security coded as an afterthought. I agree with his assessment that we are going about security the wrong way. In a business setting very few people need to be able to install software. Lock down the applications you need and forbid anything else. That concept as well as the rest he puts forward make sense and could go a long ways towards securing most networks.

Reply Parent Score: 1