Keep it simple to "spread the word"?

[Dermot7]

Do you think it's necessary to de-mystify computer security in order to
enlighten, or are people, generally, just too lazy to learn for themselves?

Please see:

http://www.reuters.com/article/idUST...technologyNews

I certainly believe there are seemingly countless acronyms to remember, but
this is understandable.

[Cudni]

It is essential to demystify and simplify as well as educate about the computer security as much as possible. When the majority rather than minority is aware of security issues then we will all be that much safer.

[Joeythedude]

I agree completely with the article.

As regards Malware , viruses : I don't need "trust" Anti-Virus companies at all.
And its all down to education on my part.

Personally I've come to understand what a malware writer wants to do - run an executable file on your PC.
Thats it.
What way this is done doesn't really matter ; "social engineering" , "drive-by-download" , "PDF exploit" , browser exploit" are all just means to an end.
But now I've figured that out I can take steps to prevent it , and still use my PC pretty freely.


As regards Firewalls
This is where I'm more a novice. I just can't find a meaningful analogy as to how they work.
And believe me I've tried. But have other things to do with my time
So in this area I have to "trust" the opinion of others as to what to do.

[dcrowe0050]

Well I know that everyone approaches security in a different way even if they have the same understanding of it. Some people load there computer down with unnecessary software, some people simply wait to get infected and then rely on backup images to save them. Some buy a security suite and call it invincible. I don't know how many different setups I have encountered. The thing is that most all of these setups works in their own way for the specific person using it. I do believe that knowledge offers the best defense, but sometimes to much knowledge breeds paranoia. And its not always very easy to educate a novice on the complexities of something such as rootkits. What I mean to say is that there will always be some aspects that we are not knowledgeable in. Malware creators have been one step ahead of us for a long time and I do not see it changing anytime soon. Thus I think it is important for users to be knowledgeable about there Operating System as much/or more than it is to be knowledgeable about malware. It is easier to explain the critical parts of the OS than it is to explain the different types of malware and there uses and techniques, and how big of a threat they are. If a user knows his system and knows what parts are more crucial and need to be protected and how to do this then they are ahead of the average user. Of course learning about the OS has a bunch more benefits too, such as system hardening, SRP, SEHOP, UAC, and all the other built in security features. I may be wrong but I have always seen this as an important first step.

[siljaline]

Although dated ... 10 Immutable Laws of Security Article here

[Dermot7]

Thanks folks, I agree with all you say. I believe that most incidences of infection
are users own negligence or ignorance, but it's also true that malware authors
are, by compulsion/greed, increasingly inventive, and, unfortunately usually
seem a step ahead.
dcrowe0050 says "I do believe that knowledge offers the best defense,"
yes, and I thought of:

"The best security in a browser, is what's behind your brow sir!".

But, definitely, the best tuition for people can only be effective if clear, and as
basic as possible.

[Hugger]

When you go to the doctor's office because you're sick, do you want him to explain the situation to you in layman's terms that you can easily understand and discuss with him?
Or do you want the doctor to be a total sh@# and use technical terminology that you do not undrstand?
I don't think that keeping it simple is the whole answer because far too many people don't care if they infect someone else's pc with emails etc..
But for those that do care then keeping it simple is a great place to start.