On Sun, Feb 04, 2001 at 09:32:16PM +0100, A. L. Meyers wrote: > No babble at all. Why don't we millions of e-mail users insist on > security? Why aren't ISPs offering number 3 default? Why do the users > have to do all the work? I'll tell you why this happens. For the same reason that users tolerate crappy M$ operating systems that have swiss cheese security and no stability. They have been conditioned this way. Because they think that this is the way that its supposed to happen and there's nothing that can be done about it. Its not like this in other areas of life. If you were driving your new car, and at random intervals, you had to pull over, turn it off, wait and restart, just about every consumer would be down at the dealership jumping on somebody's desk. The other reason that this happens is that security times convenience is a constant. Make a system more secure and the complexity increases as well. Most people don't want to be bothered with the added workload of securing their systems. > The whole inet must be overhauled: secure by default! Unfortunately, this will not happen in the near future. The Internet was designed as a) a headless entity that could survive having multiple areas of it turned to air pollution by nuclear weapons and still survive, and b) a think-tank method for researchers to share their research. Neither of these are conducive to dealing well with the threats. It is akin to building a house on the sand, realizing its sinking, and deciding to try to concrete the beach. -- --Brad ============================================================================ Bradley M. Alexander, CISSP | Co-Chairman, Beowulf System Admin/Security Specialist | NoVALUG/DCLUG Security SIG Winstar Telecom | balexander@winstar.com (703) 889-1049 | storm@tux.org ============================================================================ The art of flying is to throw yourself at the ground and miss. -- Douglas Adams
Attachment:
pgpY5BboJfjYX.pgp
Description: PGP signature