Bruce Schneier, Marcus Ranum debate home users and security


This article can also be found in the Premium Editorial Download "Information Security magazine: How to dig out rootkits."

Download it now to read this article plus other related content.

Home users: a public health problem?

Marcus Ranum

CounterPoint I'm sure that many of the things Bruce points out about computers at some point or another applied to automobiles or any other technologically interesting and complex device. There was a time, in the early days of the automobile, when any idiot could go 75 miles per hour with no requirement for training, safety equipment or sobriety. As Bruce says, eventually that kind of thing becomes a public health issue and then society begins to enforce constraints. Question is, do society's constraints make a difference, or does time cure these ills?

When I was growing up, there was just one kid in my entire high school who had a computer. Today, it seems every kid 8 and older is a Windows sysadmin. And some of them are better at it than you might expect. That's because they grew up doing it, and the human brain appears to be able to integrate amazingly complex tasks as "normal" as long as we're introduced to them early enough. Bruce, I think the problem is not with all the home users--I think it's with the adult home users.

I see the generational distinction most clearly with my parents. My father still writes using an old Underwood typewriter. My mom has adopted a computer, but she's exactly the kind of user you're worried about--she clicks "OK" on anything, and seems to be trying to collect spyware. Thinking about it, most of the generation before mine is

    Requires Free Membership to View

pretty uncomfortable with computers, and I was one of the early experimental kids who grew up networking on the ARPANET and BITNET. Does that have something to do with the fact that I have always had a good grasp of the concepts of transitive trust and distributed systems? I think it does; I think the analytic parts of our brains, if given a task early on, are able to make sense out of all kinds of insanely complicated things.

"Educate the user" is an old mantra in security, and its uselessness is one place where Bruce and I agree. I think, though, that building simpler systems is not the answer. The answer is to let the current user population die off! It's going to happen, anyhow.

This was first published in September 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: