Dumb users spread viruses

Mon Feb 9 00:32:16 UTC 2004

> There is nothing wrong with a user who thinks they should 
> not have to know how to protect their computer from virus 
> infections.  If we (the community who provides them service 
> and software) can't make it safe-by-default, then the 
> problem rests with us, not with the end users.

This is somewhat of a surprising position.  What is considered "safe"?
How do you make a computer safe from the most irresponsible of users,
who will run any executable without thinking twice, other than maybe
locking down their access rights to an extent that 1) is probably
impractical, and 2) would cause an uproar?

It seems there has to be at least some level of basic clue on the user
side of things for there to be any hope of this problem going away.  As
the Internet becomes a commodity, it doesn't seem unreasonable to me to
insist that those who use it be versed in the basics of protecting
themselves against common threats.  No one is asking for expertise --
just the basics would be a big help, wouldn't it?  If we accept that
there's no such thing as "perfect security" or "completely safe", how do
we protect users who assume this isn't the case simply because it's a
more convenient assumption for them to make?

OpenBSD is reasonably safe by default.  But as functionality &
user-friendliness reach levels that non-technical users require/demand,
I'm not seeing how we make systems safe without user cooperation; i.e.,
basic clue on their part.  The "Someone else should be completely &
totally responsible" stuff exhibited in the article just doesn't seem
reasonable here.  Society as a whole could benefit from people taking
more responsibility for themselves -- the Internet doesn't seem any
different in this regard.

-Terry