Can we make computers secure faster than scammers can exploit their flaws?
In his latest Alertbox column, Jakob Nielsen argues that User Education Is Not the Answer to Security Problems: When there is a mismatch between technology and people, the answer should not be to change the humans.
Hard to argue with that. His suggested solution: encrypt everything, digitally sign everything else, turn up the security to max, automate updates, and most of all polish the usability of security features. Oh, and “criminalize [sic] and hunt down spammers, phishers, virus writers, eBay fraudsters and others who violate users’ rights.”
I like Jakob: he’s an optimist for idealism, whose ideas on Web design have had a remarkable effect on many web designers (even if not their clients). I’d like to think he could be right here, but the problem is he’s not talking to a lot of individuals who can directly benefit from taking his advice; amidst others there’s a big company which generally puts features ahead of security.
Plus, people are very, very resourceful. Where there’s a scam to be done, they’ll do it. No program is perfect; ditto security.
- These posts might be related (the database thinks..):
- BT customers scammed by Trojan diallers still have to pay up.. while BT pays the scammers (7 October 2004; score: 67.03%)
- The problem with the "justifiable hacking" defence (16 July 2004; score: 45.7%)
- Is eBay fundamentally broken? Or is it just the users? (16 November 2004; score: 44.47%)
![[Valid RSS]](wp-includes/images/valid-rss.png "Validate my RSS feed"){kind=small}
October 25th, 2004 at 6:47 pm
Yeah, you have to expect some level of savvy from your users. I’m down with Jakob and all for usability, and machines taking on as much of the work as possible, but consider the chainsaw. A sensible person would learn how to use a chainsaw before using it, and thus help to avoid injury.
Computers may not be chainsaws, but they’re unavoidably complex and can do you a lot of damage.
October 26th, 2004 at 11:49 am
Also of course, people are greedy and prepared to take a risk if there’s a chance of a quick few bob. A computer gives credibility to a scam to some folks.