I voted for some knowledge but the more I think about it the more I'm inclined towards no knowledge being necessary provide the user does what he or she is told. I have a number of clients with (1) A hardware firewall (2) Firefox - No scripts (3) Avast or Antivir (4) an on demand spyware. They have little or no idea of how they are being protected but they surf safely and do not open mail from strangers. Perfect protection is never possible but the law of diminishing marginal returns suggests that after a few protections are in place any further protection does little if any good and simply serves to confuse the user.
Some knowledge is needed IMO, I´m pretty sure that if you have no knowledge at all you will be infected sooner or later. I mean real noobs will not even bother to install an AV/AS + firewall, won´t install patches and will do other stupid stuff.
Btw, after reading the first 2 posts, I have to agree that when you tell a noob the basic rules (plus of course combined with using certain security tools) there is a big chance that this noob will stay safe. For example I have told my mother, sister and brother a couple of things about how you might get infected and they really think about it, they are a bit scared to do stupid stuff now.
Mrk, Thanks for the explanation, however I never said the two positions contradicted one another, but rather that they seemed to run counter to one another. As for you actual position on this matter, I agree and disagree with various parts of it. If a individual has limited or no know-how (knowledge and experience) in a particular field or subject matter, and that individual has a friend who has extensive know-how in that particular field or subject matter, then it would behoove the individual to heed the advise of his friend. As a general maxim I don't think there is or should be much contention over this. What Mrk is basically trying to do, if I'm interpreting this thread corretly, is to apply this maxim to computer security and develop upon it. For instance, if a noob (computer illiterate person) has a freind who knows alot about computer security, then the noob should probably listen to their freind on this matter. That's practically a given, and most people would agree here. The only real areas of contention over this might be whether instead of just blindly listening to and following the directions of their freind, the noob should: 1) gather further information (likely from the web) and/or seek further input from others to verify the validity of their friends advise. To explain why one should do this, I will illustrate a couple situations. It is not that uncommon for quasi-noobs to discover a forum or two, read a couple threads and ask a couple questions and then think that they know the answer to computer security which they are eager to share with all their friends. Sadly this happens all the time. Another instance might be when a quasi-noob simply explores a few tech websites and reads a few reviews on security software and then thinks they know what to do to secure ones computer, simply purchase software recommended by the big guys who (supposedly) know what they're talking about (e.g. PC Mag, PC World, etc). So I'm sure many people have freinds out there who might appear to have alot of know-how about computers and computer security, but in reality have relatively little or even unsound know-how and might give bad advise. These examples and situations are all too common, and can be found in fields and subject matters other than computer security. That is why as a general maxim, one should try to verify the validity of another's advise, be that by acquiring further information on your own or seeking the input of others. This we can call the verification position. 2) attempt to learn the material themselves. This can be argued from several positions. For instance, some might contend that where possible one should always attempt to understand the content of the advise, the underlying subject matter upon which the advise is given, or even attempt to acquire the know-how themselves. The reasoning behind this vary. Some might say that when possible, we should do things ourselves rather than relying on others. Another might say, that if you never learn the material yourself, your no better off. Others might say that the freind may not always be there. Whatever the reason given, they all recommend for the individual learn the material himself. We can call the self-actualization position. Note however that these two objections/positions are different, and that I'm not necessarily supporting either of them, just describing them. The former suggest simply that the advise of another should generally be cross-checked and verified by other sources, while the latter suggests that one should not simply rely on the adivse and directions of another, but should rather seek to understand content being discussed and should attempt to acquire the know-how for themselves. The next step in Mrk's application of and development upon the aforementioned maxim, is to suggest that by simply taking the advise of that friend and following their directions, this should be sufficient to keep ones computer secure. The area of contention arises in determining whether the noob simply following directions from the friend would be sufficient to keep the noobs computer secure. Well as should be obvious it would be hard to objectively determine the answer to this, as it all depends on various factors, such as the level of know-how of the friend, the ability of the noob to follow directions exactly, the quality of the directions themselves, the effectiveness of the programs given by the freind, and the behavior of the noob on the computer and internet. Assuming we're talking about a veteran here at wilders, we can assume that the level of computer security know-how is extensive and that the programs given are effective (if used correctly). The next and most important factors are the quality of the directions and the ability of the noob to follow those directions. Just because one is a computer security expert doesn't mean they will be able to give clear, concise, and coherent directions that can be followed by a noob. But, for the sake of argument, lets assume they can give such directions. The next factor is whether the noob can follow those directions. Given that he is a noob and all, he probably doesn't know any computer terminology, or how anything in the computer works, or why one needs computer security, or what each security program does, or why some computer activities or unsafe. So the directions will have to take all that into account, while not explaining how it all works but by giving directions that bypass the neccessity of knowing how it all works, which it would seem might make it impracticable. But lets assume one can give such directions that take all of that into account. Those directions need to be absolute, they have to account for all the things that may come up when you (the freind) are not there, and they have to provide instruction on what to do in those instances. To me, this seems entirely impractical. One would be much better off explaining the basics of computers and computer security, and then using that as a foundation to give advise and directions which the individual would more aptly be able to understand and follow, and upon which the individual would be more capable of developing know-how of their own, which is what we all should want. Besides, I think the latter approach would result in a much more secure computer for that individual over the long run. So the notion that no knowledge or experience is necessary to secure ones computer, and that all one needs to do is follow the directions of a friend who has such know-how, is at best impractical, and arguably impracticable over the long run. Similarly, the notion that one must be a 'pc geek' (as in having extensive know-how) to keep their computer secure is I think inaccurate. All one needs, is a basic understanding of computers and computer security, some common sense, the right tools and the knowledge of how to use those tools properly.
Hello, Let's leave the phrasing and semantics aside for a moment. Most people do not want to learn - anything. That's simple human nature. Given enough fear though, they will obey those they think are smarter / superior. People who are willing to learn - already show a huge quantum leap over the rest. These can be convinced, through reason, to apply certain measures even if they do not fully understand them. Some will try to master the full knowledge. Others won't. Misguided advice - happens all the time. But given the right advice ... things will work out fine. Again, I go by the example of my own family - certain members are not very computer-savvy. But they follow simple rules that my brother and I have told them, and everything works like it should. They do NOT know what registry is. And they do not need to. You do not need to understand how an engine works to drive a car. You do not need to know how PC works to use it on a relatively high and reasonable level. We, the geeks, think that executables, viruses, trojan, whatnot mean something to most people. The truth is, they can't open the CD-ROM tray without botching it once in a while. These people could avoid all the trouble in the world if they listened. This is the key. Listen to those with knowledge. That's the real wisdom. If only more people heeded this, in all aspects of life. Unfortunately, too many inept people are trying to make wrong decisions based on wrong assumptions based on false sense of knowledge, stemming from pride, ignorance and plain human malice. These are helpless cases. You know the kind that try to invent their own solutions while you're helping them? The annoying people? Those will get infected over and over and over again. What is professionally termed as a sucker. So, if you're willing to listen, simple things will get you far. Computers are complicated. But normal control can be assumed with very little effort. And most people fail to see this simple truth because they are overwhelmed by concepts like CPU, registry and memory bugger overflow corruption event enumeration policy violation exception at 44 Baker Street. Mrk
Hey Mrk: This poll is great! Make people think and work to support their positions, rather than is oft the case elsewhere just cough out an opinion! ( I have been guilty of that in the past) When do I get my Moosehead? You may not be able to get it through customs these days! Why? says he defending his position, because it is a liquid (an expert told me and I listened) Cheers eh
Education is the key here. We're a knowledgable bunch here, and some of us are still learning, but what about Joe Average? The problem is how to educate that group of people on being secure.
Mrk, Before I continue, I just want to clarify that this discourse is obviously nothing personal, but rather is simply an intellectual dialogue of sorts. So don't take any of this the wrong way. Also note that I agree with you on alot of things, so don't take these disagreements as an outright opposition to you or your various perspectives in general. Now back to the subject. . . I agree that many people don't want to learn things they don't have to, especially when it comes to technical matters. However I must briefly point something out. . . I have to disagree with you here. I contend that it is not by human nature that many people 'do not want to learn' but rather by the human condition. One need only look at children to understand this. All people are inherently predisoposed to learn, we have some sort of intrinsic quality that inclines us to learn, to acquire new knowledge, to seek understanding. This is an evolutionary imperative, for if we were not to have this quality we would surely go extinct. This quality is what compels children to observe and emulate. It is only after such childhood development has more or less completed that some people become complacent and indifferent. The condition much of mankind is currently in is one of conspicuous consumption, materialism, and superficiality, one dominated by pop culture, social drama, and fashion, one wherein it is 'cool' to do bad in school and it is 'hot' to be a 'dumb blonde.' This is the social environment we find ourselves in, and it is why 'most people do not want to learn.' This is a result not of human nature, but of the human condition. While you might find this a technicality or simply semantics, it is an area of interest to me and the difference is significant. As a side note, I find it interesting that I am taking the position defending human nature in this case, as I am typically the one who takes the less than optimistic perspective of it. Back to the subject. . . As I said, I agree that many people aren't that inclined to learn about computers and matters related to them (such as computer security). However, this doesn't undermine my point that we would be better off enlightening the noobs out there on the basics of such matters. So, if a freind who is a noob is seeking help with his computer because it is running slow because it is infected, should you: (a)simply clean up his computer, install some security software, and provide directions on how to use it with the hopes that the directions are clear enough and that he is apt enough to follow them OR (b)in addition to the (a), explain the basics of computer security: what each program is supposed to do on a basic level, what to expect of each program on a basic level, how to properly use each program on a basic level. I guess it depends on the context. If the noob is completely incapable or unwilling to learn, then you should go with (a). But if the person shows some willingness and aptitude to learn, then you should definitely go with (b). The reasons for this should be obvious, and have already been articulated in my previous post. I agree that an individual does not need to be a 'pc geek' to maintain a secure computer. Taking your approach, all they need are the right tools, the right instructions on how to use those tools, and the right directions on what and what not to do on their computer. However, unless you make the assumption that you will remain available to that person for guidance when unforseen issues arise, the instructions and directions would have to be extensive enough to sufficiently account for all instances that might arise. And in order for the noob to be able to follow those extensive directions, they would likely have to understand some of the basic workings of computer security. I'm not saying they would have to become intimately familiar with the registry, but they would likely need to know what is encompassed in (b). For while it is possible to simply give uber extensive directions, it would likely have to rival many computer manuals and would be no better than them. For the noob is no more likely to read and understand the computer manual that came with their computer than they are your extensive directions that are on par with such a manual. It is much more practical to explain the basics of computer security and use that as a foundation upon which the individual can develop their computer security know-how. But to reiterate, some individuals are not willing or able to learn such things, and so all you can do is (a). In reality, I do both (a) and (b). It all depends on the person. However, I do (a) with the knowledge that, assuming I'm not available to that person for continuing guidance, it is not unlikely for it to fail. Whether or not (a) is sufficient over the long run to keep their computer secure depends on all the factors I articulated in my previous post. As a final note, I think that when possible, (b) is the preferable option, in that more competent computer users and more secure computers means a safer internet for us all, plus you're helping a friend (or client, whatever the case may be). -TypicallyOffbeat
Secure, dont forget it depends on the default configuration ! Look at XP vs OS 10. XP user can wreck havoc, OS 10 is far more limited in what they can do. PC security has nothing to do with skill as far as the end user is concerned.
Interesting, one of the reasons why this thread has attracted such a wide range of comment and interpretation is that the original claim was: The claim is: "PC security has nothing to do with skill." Whereas the poll question left out the "PC" adjective. Some choose the claim others (by the time you get 50+ replies) dealt with the poll title version.
I voted Some Knowledge only because my own standard of security for, say, a friend or family member would require having at least a qualitative understanding of why you do the things you need to do. I think, though, that the average computer user needs no knowledge of computing (beyond being able to follow well-written directions) to _substantially_ increase their security over what the default is for XP and Vista. Basically, it's turn on the firewall, turn on the auto-updates, and turn off autorun. Would it be an exaggeration to claim that the above three steps will reduce the chance of infection for the average user by 90%? 95%?
I think this response is very intelligent - let me tell you how I understand it... I understand it like this: You've to keep up with the technology, that's, the software which is active and effective today. Is that what you meant, ance?
I did not vote. Do`t know if you are considering skill and knowledge as one in the same. I have found that some of the least knowledgeable people were also some of the safest surfers due to fear of the unknown. = they are not click crazy. While I have also found some of the least skilled people to have some of the cleanest\safest, although slow, machines due to total over-kill in the use of protection programs. Again, I guess the words knowledgeable and skilled are interchangeable depending on your (intended) meaning.
MrKvonic, those is those are key words - Discipline and Willingness. But, the user has to have the will to learn the very basics. Not doing things with a hysterical blindness. Later today, or tomorrow I'll be explaining some family members why they should only allow javascript, java, etc to sites they trust, as in allowing on a per-site basis. I won't educate them on what is javascript, etc, but I will tell them that there are sites that need these technologies to attack their systems, and if the browser has them disabled for those sites, then those sites won't be able to do a damn thing. But, they need to know why I'll disable javascript, and how they can enable it on a per-site basis. I can't just disable it and leave it like that. Some, knowledge is required.
Some knowledge is required to have a fairly secure computer. First of all you have to have knowledge of what apps you need and what they do and to also set them up optimally for your situation. bigc
First you have to know which security programs to use and why you are using them and be willing to learn the information about the particular subject that you need to operate the piece of security software efficently.
Some knowledge is needed. It's very basic knowledge, though, such as knowing that "running programs you don't know may be harmful". The more security you want, the more you need to know - or as an alternative, have someone who knows help you out.
Okay then. I actually expected something like that, but I personally take this question, which is asked in this topic/poll, like I described before.
People that know nothing about computers are not going to know how to secure things....... (And they wont understand if you try to explain things to them!)
The very poor design of security in all Microsoft OS to date means that you must have great skill to deal handle these beasts. This is a joke poll.
