[FreshFries]

We (as in the IT Sec industry including me) prefer to blame Matthew. Or my 80 year old mother for not installing the latest Adobe patches in real time.

With 30 years of daily experience in this field, I am ashamed about how we fail Matthew & my mother in the sense that they can still not just enjoy the internet and open random emails without one of us blaming them for how stupid they are.

[therealx]

Do we somehow fail the dumb accountant or 80 year gma with cars because they can't just get in and drive without learning how to drive?

[djeiasbsbo]

That analogy doesn't work in my opinion, because to even be allowed to drive, an extensive amount of training is required.

I think we need to start very early. There should be more mandatory comouter science and information security classes at schools because we are all confronted with these topics everyday.

Most people can work systems such as washing machines, vacuum cleaners and so on, the problems arise when the internet (or other forms of connectability) comes into the picture. But the reality is that most such systems will probably soon be connected in some way, so the challenge grows.

So I think it is very important that we push for more information/education instead of going into the direction of more locked down, closed off and proprietary systems because these can easily "not respect" the end user.

[josephg]

I blame the way we design our computer systems. For some reason, every program a user runs on a desktop computer has full access to every file saved by every other program. And full network access, and a slew of other permissions. In seconds a single malicious program can make a right mess of things, or exfiltrate sensitive data. A ransomware attack hit a large aged care provider in Australia recently and encrypted the files listing which medication to administer. How? I’d guess that every program on every computer in their network has full write access to their network shares. We made these attacks easy to pull off with our insecure by default designs.

It’s like we’ve given every Tom, Dick and Harry a F1 supercar then we blame them when they crash the thing. The mistake is ours for not making better security models. Desktop apps should be sandboxed by default, and isolated like we isolate phone apps. For all the justifiable fear people have about apple’s control over what software can run on their machines, I think the app sandboxing and signing security model they’re working towards is the right one for 95% of computer users.

[Filligree]

I'm sad to agree. Having watched my own family, and my older parents, it would absolutely be better for them if everything worked that way.

They don't understand the concept of files as separate from applications. They just don't. They understand the concept of sharing -- that seems to be intuitive enough -- but not of files as objects in themselves.

A system which works this way would, of course, be completely rage-inducing to myself.

[therealx]

I disagree. Anyone with minor observation can get behind a wheel and drive. Will they do it well? No (same with a computer) Is it legal? No, but thats because we all decided that as a group. The danger is different, but I think it's still an interesting analogy.

I think we need to all realize that most people aren't cut out for computer science, per se, but most people are cut out to learn to responsibly use a computer.

[pizza234]

Well, put it this way. Let's say that most people is cut out to learn to responsibly use a computer; I don't disagree with this fact.

As a matter of fact though, the same people do _not_ use computers responsibly. What do you do, then? Metaphorically jail them?

There are lots of areas where as humans, it's easy to reach a "sufficient" level, _and_ the dangers of an insufficiency are well known. Punishments or strict measures just don't work.

Everybody knows that they can be sufficiently and with little effort fit, but especially, that unsufficient fitness leads to sicknesses and earlier death. In this sense, which punishment can be worse? Yet, this doesn't work.

[wil421]

An analogy with cars would be your 80 year grandma gets a prompt on her dash to install an update. Turns out it’s malicious and hacks her car.

Leaning to driving is not the correct analogy. Almost everyone can use a mouse or a touch screen to operate a computer.

[vlkr]

You can't compare this. There are much less bad actors in mobile traffic that constantly try to steal your keys, try to suck gas from your gas tank, hide in your trunk or trick you into insurance fraud...