Text 5574, 354 rader
Skriven 2005-07-01 23:45:16 av Rich (1:379/45)
Kommentar till text 5573 av John Beckett (1:379/45)
Ärende: Re: An Army of Soulless 1's and 0's
===========================================
From: "Rich" <@>
This is a multi-part message in MIME format.
------=_NextPart_000_005A_01C57E96.EF1CE690
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Put aside whether your hours of thought would be sufficient or not, I =
think the issue is that you are taking the wrong approach. The problem = with
users exercising bad judgement is that you won't find a simple fix = to
software because the software isn't broken. You also have a problem = because
you want to stop users from doing something they believe they = want to do and
which is virtually indistinguishable from the user = downloading something like
opera or acrobat reader.
The only ways to keep people from taking unsafe action is to take the =
option away, make the steps required sufficiently difficult or time = consuming
so that only the truly determined, or try to scare the hell = out of users so
that they don't ignore the already bold warnings.
I don't think you want the first option because it means that you no =
longer have the ability to download from the web because george can't be =
trusted to recognize a warning dialog. In a managed environment this is = an
option since IT or machine admins can and do make choices for users. = It
doesn't help at home where even if you tried something silly like = disallowing
this by default, users would turn it on because it is what = they want to do.
The folks providing opera and acrobat reader are also = likely to be unhappy as
their users are unable to download and install = these applications.
The second option should be unpleasant to you too because you now =
have to jump through hoops to do something you do understand and choose = to
do. It also has the potential risk of being perceived as meaningless = by
users that don't understand and reducing the perceived significance = of
similar process in other cases. You could avoid the UI fatigue risk = by
provding no UI and requiring users to know unidentified actions. = This is
sometimes suggested by unix zealots as a way to keep normal = people from doing
anything dangerous or maybe anything at all. The = folks providing opera and
acrobat reader are also likely to be unhappy = as many of their users are
unable to download and install these = applications. They also will likely get
expensive support calls from = people that persist even after failing.
The third option is unlikely to help either if users simply do not =
hede warnings. It also would irritate folks like you too on the premise = that
the computer is resorting to treating you as stupid and that is = insulting.
I do want to follow up on another of your claims when you refer to =
"similar to the hundred other warnings that occur in a day". I'm often in
front of a computer all day long and I = don't think I get more than a dozen or
two. 90% of these are the "do = you want to save this" queries I get because I
use the trick of closing = an app with a modified document and answering yes to
the question is one = fewer click than File/Save then close. I make this
choice because I = know it is less work. I don't expect this of an
unsophisticated user as = this kind of choice demonstrates an understanding of
the confirmations = that you in your scenario users don' t understand and
ignore.
Rich
"John Beckett" <FirstnameSurname@compuserve.com.omit> wrote in message =
news:42c6214b.6824833@216.144.1.254...
"Rich" <@> wrote in message news:<42c56aaa$1@w3.nls.net>:
> Actually you should spout off on exactly how the GUI should be
> different.
I concede your point about how Windows is fairly safe when someone
exercises reasonable judgement. It is true that the most successful
infections have been due to unbelievably naive actions from users when
confronted with an unexpected email.
But I'm keeping quiet about how I would fix Windows because it would =
be
too easy for you to deflect my criticism of Microsoft by pointing out
shortcomings in any scheme that I proposed after half an hours =
thought.
Whether or not I could fix Windows is not relevant to what I see as =
the
central issue: The army of infected computers is proof that Microsoft
should have used a different strategy to conquer the Internet.
Let's say that I have NO worthwhile security suggestions. Does that =
excuse
Microsoft from releasing software that (IMHO) overly-pampers users in =
the
GUI, then abandons them when they actually face danger? The word =
"abandon"
is a little too harsh because current Windows does warn users. My =
point is
that the warning is just too similar to the hundred other warnings =
that
occur in a day. Also, naive users really have no idea that the warm, =
soft,
friendly Windows could actually install malware-from-hell. Microsoft
should know that.
Sometimes the security of Windows is compared with that of Linux. To =
me,
the comparison is fairly pointless. IMHO Windows is much easier to
administer and secure than Linux, and the cause is rather obvious: =
Windows
development is much better resourced; Windows testing is much more
thorough (paid for with large revenues); and Windows design is much =
more
focused where the platform and environment are tightly controlled by a
central design team.
> You are also lying when you say that it is "exactly the same GUI=20
> presentation" used for the two examples.
I will overlook the irrelevant and absurd "you are lying" tactic. I
suppose that your excitement comes from your observation that in fact
Windows DOES provide a clear warning to users about dangerous =
attachments,
and you therefore can't see what my "exactly the same" claim is about.
Let's focus on the bottom line: There ARE thousands of infected =
computers.
What is the explanation? Surely Microsoft wouldn't say "We had no idea
that an offer of Love/Lust would cause our users to ignore our =
warnings".
Windows presents an animated puppy when users want to search files. =
The
same users who need a puppy are then asked to understand the enigmatic
"some files can damage your computer" warning. I can imagine the =
thought
processes of the user: "If you're going to connect me to the Internet, =
I
*am* going to get stuff. This must be like those 'don't put frozen =
bread
in the toaster' warnings."
I'm not asking that Microsoft accept guilt for the sins of the world. =
But
Microsoft supporters should occasionally acknowledge that there have =
been
some flaws in Windows development.
John
------=_NextPart_000_005A_01C57E96.EF1CE690
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2668" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2> Put aside whether your =
hours of=20
thought would be sufficient or not, I think the issue is that you are = taking
the=20
wrong approach. The problem with users exercising bad judgement is =
that=20
you won't find a simple fix to software because the software isn't =
broken. =20
You also have a problem because y<FONT face=3DArial size=3D2>ou want to = stop
users=20
from doing something they believe they want to do and which is virtually =
indistinguishable from the user downloading something = like opera
or=20
acrobat reader.</FONT></FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> The only ways to keep =
people from=20
taking unsafe action is to take the option away, make the steps required =
sufficiently difficult or time consuming so that only the truly = determined,
or=20
try to scare the hell out of users so that they don't ignore the already =
bold=20
warnings.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> I don't think you want the =
first=20
option because it means that you no longer have the ability to download = from
the=20
web because george can't be trusted to recognize a warning dialog. = In
a=20
managed environment this is an option since IT or machine admins can and = do
make=20
choices for users. It doesn't help at home where even if you tried =
something silly like disallowing this by default, users would turn it on =
because=20
it is what they want to do. The folks providing opera and acrobat =
reader=20
are also likely to be unhappy as their users are unable to download and =
install=20
these applications.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> The second option should =
be unpleasant=20
to you too because you now have to jump through hoops to do = something
you=20
do understand and choose to do. It also has the potential risk of =
being=20
perceived as meaningless by users that don't understand and reducing the =
perceived significance of similar process in other cases. You = could
avoid=20
the UI fatigue risk by provding no UI and requiring users to know =
unidentified=20
actions. This is sometimes suggested by unix zealots as a way to =
keep=20
normal people from doing anything dangerous or maybe anything at = all.
The=20
folks providing opera and acrobat reader are also likely to be unhappy = as
many=20
of their users are unable to download and install these = applications.
They=20
also will likely get expensive support calls from people that persist = even
after=20
failing.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> The third option is =
unlikely to help=20
either if users simply do not hede warnings. It also would = irritate
folks=20
like you too on the premise that the computer is resorting to treating = you
as=20
stupid and that is insulting.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> I do want to follow up on =
another of=20
your claims when you refer to "<FONT face=3D"Times New Roman" =
size=3D3>similar to=20
the hundred other warnings that<BR>occur in a day</FONT>". I'm = often
in=20
front of a computer all day long and I don't think I get more than a = dozen
or=20
two. 90% of these are the "do you want to save this" queries I get =
because=20
I use the trick of closing an app with a modified document and answering = yes
to=20
the question is one fewer click than File/Save then close. I make =
this=20
choice because I know it is less work. I don't expect this of an=20
unsophisticated user as this kind of choice demonstrates an = understanding of
the=20
confirmations that you in your scenario users don' t understand and=20
ignore.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<BLOCKQUOTE=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"John Beckett" <<A=20
=
href=3D"mailto:FirstnameSurname@compuserve.com.omit">FirstnameSurname@com=
puserve.com.omit</A>>=20
wrote in message <A=20
=
href=3D"news:42c6214b.6824833@216.144.1.254">news:42c6214b.6824833@216.14=
4.1.254</A>...</DIV>"Rich"=20
<@> wrote in message <A=20
=
href=3D"news:<42c56aaa$1@w3.nls.net">news:<42c56aaa$1@w3.nls.net</A>&g=
t;:<BR>>=20
Actually you should spout off on exactly how the GUI should be<BR>> =
different.<BR><BR>I concede your point about how Windows is fairly =
safe when=20
someone<BR>exercises reasonable judgement. It is true that the most=20
successful<BR>infections have been due to unbelievably naive actions =
from=20
users when<BR>confronted with an unexpected email.<BR><BR>But I'm =
keeping=20
quiet about how I would fix Windows because it would be<BR>too easy =
for you to=20
deflect my criticism of Microsoft by pointing out<BR>shortcomings in =
any=20
scheme that I proposed after half an hours thought.<BR><BR>Whether or =
not I=20
could fix Windows is not relevant to what I see as the<BR>central =
issue: The=20
army of infected computers is proof that Microsoft<BR>should have used =
a=20
different strategy to conquer the Internet.<BR><BR>Let's say that I =
have NO=20
worthwhile security suggestions. Does that excuse<BR>Microsoft from =
releasing=20
software that (IMHO) overly-pampers users in the<BR>GUI, then abandons =
them=20
when they actually face danger? The word "abandon"<BR>is a little too =
harsh=20
because current Windows does warn users. My point is<BR>that the =
warning is=20
just too similar to the hundred other warnings that<BR>occur in a day. =
Also,=20
naive users really have no idea that the warm, soft,<BR>friendly =
Windows could=20
actually install malware-from-hell. Microsoft<BR>should know=20
that.<BR><BR>Sometimes the security of Windows is compared with that =
of Linux.=20
To me,<BR>the comparison is fairly pointless. IMHO Windows is much =
easier=20
to<BR>administer and secure than Linux, and the cause is rather =
obvious:=20
Windows<BR>development is much better resourced; Windows testing is =
much=20
more<BR>thorough (paid for with large revenues); and Windows design is =
much=20
more<BR>focused where the platform and environment are tightly =
controlled by=20
a<BR>central design team.<BR><BR>> You are also =
lying=20
when you say that it is "exactly the same GUI <BR>> presentation" =
used for=20
the two examples.<BR><BR>I will overlook the irrelevant and absurd =
"you are=20
lying" tactic. I<BR>suppose that your excitement comes from your =
observation=20
that in fact<BR>Windows DOES provide a clear warning to users about =
dangerous=20
attachments,<BR>and you therefore can't see what my "exactly the same" =
claim=20
is about.<BR><BR>Let's focus on the bottom line: There ARE thousands =
of=20
infected computers.<BR>What is the explanation? Surely Microsoft =
wouldn't say=20
"We had no idea<BR>that an offer of Love/Lust would cause our users to =
ignore=20
our warnings".<BR>Windows presents an animated puppy when users want =
to search=20
files. The<BR>same users who need a puppy are then asked to understand =
the=20
enigmatic<BR>"some files can damage your computer" warning. I can =
imagine the=20
thought<BR>processes of the user: "If you're going to connect me to =
the=20
Internet, I<BR>*am* going to get stuff. This must be like those 'don't =
put=20
frozen bread<BR>in the toaster' warnings."<BR><BR>I'm not asking that=20
Microsoft accept guilt for the sins of the world. But<BR>Microsoft =
supporters=20
should occasionally acknowledge that there have been<BR>some flaws in =
Windows=20
development.<BR><BR>John<BR></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_005A_01C57E96.EF1CE690--
--- BBBS/NT v4.01 Flag-5
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)
|