Re: router and firewall?
- From: "cquirke (MVP Windows shell/user)" <cquirkenews@xxxxxxxxxxxxxxx>
- Date: Sat, 06 May 2006 21:59:34 +0200
On Fri, 5 May 2006 06:56:27 -0400, "Manny Borges"
Hehe, total agreement. Users are monkeys sometimes. Ok a lot of the time.
The problem is pervasive and deep, because "the system" is built of
many layers and parts, each of which is "user" to a deeper layer.
The general problem is: Whoever creates an object, over-estimates the
understanding and effort that will be applied by users of that object.
For example, someone may create a control, to be re-used by
application software. The application software creator is the "user"
of that control, and the control's creator may expect some insight as
to how the control works, what constitutes sane parameters, etc. But
the application developer is using dozens of controls, and isn't going
to read even the ReadMe on any of them unless something goes wrong in
a way that is obviously related to that control. Guess the rest...
It is not they can't understand, they just think that our job is to
understand for them. Which is not entirely wrong.
What is a Big Tree to us is just another stick in the forest to them.
I don't want to sound like an a$$, but I just don't work on small netorks
much so I have developed a major bias against any kind of client controlled
and maintained software. I am much more comftorable with centralized
applications and ironfisted network management.
That's "bulk computing" I guess. My approach is quite the opposite; I
set each PC up to be the most it can be, and to give the user as much
control over it as possible. What they do with that is up to them.
That is why it is my opinion that any solution that has the user make a
choice that could affect thier computers security is the incorrect option.
Stand-alone consumer PCs are owned, used and administered by the same
end user. If they are not to make those decisions, who is? Are MS
defaults to be the de facto SysAdmin of the world, or is it up for
grabs by whoever can fake some sort of authentication?
Before security, comes safety. Here's the difference:
- things that no-one should do, should not be possible
- things that some should do but not others, should be secured
For example, let's say you're a stand-alone owner/user of a PC, and
you always work directly from the mouse and keyboard. There is no
reason why anyone should ever be able to "administer" the PC via any
network, especially the Internet - so the safest solution is to rip
that functionality out, for that particular installation.
Far less safe, is to rely on some half-assed (or even 99%-assed)
security that permits only "some" (a set of zero users, in this case)
to "administer" the PC via networking.
A subsystem or facility that is not used by anyone (in this case,
remote admin) is unlikely to be understood, managed, secured, patched,
properly configured, maintained, checked etc. Users will only bother
to learn the things they are interested in, and/or actually use.
Safety is also the bedrock for security, with sanity beneath both.
When the actual actions of software bear no resemblance to anyone's
intent - for example, a buffer overrun that allows a .JPG to run as
raw code - the result is insane, unsafe, and insecure.
--------------- ---- --- -- - - - -I'm baaaack!
--------------- ---- --- -- - - - -.
- References:
- router and firewall?
- From: Daniel Royer
- Re: router and firewall?
- From: steam3801
- Re: router and firewall?
- From: Sigmundur Jonsson
- Re: router and firewall?
- From: Glen
- Re: router and firewall?
- From: Manny Borges
- router and firewall?
- Prev by Date: Re: the difference of STarting a program from an Automatic Service and a Startup entry
- Next by Date: Re: Links do not work
- Previous by thread: Re: router and firewall?
- Next by thread: Re: router and firewall?
- Index(es):
Relevant Pages
|
