How do you explain the security risks of viruses, worms, spyware, etc. to
people who need to take security seriously, but have NO technical background
and don't want to believe that:
1. Their home computers are vulnerable.
("When I bought it 3 years ago it had Norton on it. Have I updated it? I think
it does that automatically. You mean I have to pay for Norton?")
2. They have anything on their computer that anybody would want.
3. Bad guys would ever crack "their" computer
4. Having their computer used for Distributed Denial of Service attacks
matters because they don't understand what a "server" is, therefor it can't
be a big deal.
5. Keystroke loggers really can trace their sensitive data.
(I don't believe that happens, but even if it does, who cares if their bank
account gets raided? You just log a fraud complaint with the bank! Identity
theft? I don't really believe it would happen to me!)
6. Their computer could be used as a porn server
("What's a 'server'? You're just paranoid. I don't believe it and I don't have
time to go to the websites you recommend or read the stuff from CERT you
printed up for me")
I've tried to explain to them what can happen to compromised systems. No
matter what I say, no matter how much I try to dumb-it-down for them, they
don't "get" it, their eyes glaze over and they and ultimately respond with
"But I don't care." Their level of denial and deliberate naivete is
dumbfounding!
So, "how do you solve a problem like Maria?"
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)