Great Debate: Security's greatest threat? Dumb users vs. dumb design

Moderated by Jason Hiner | October 31, 2011 -- 07:00 GMT (00:00 PDT)

Summary: Are today's IT security problems mostly the result of less-than-adequate design principles on the part of systems developers? Or is user operating error the primary culprit? Justin James and Ryan Naraine face off.

Ryan Naraine

Ryan Naraine

Dumb users

or

Dumb design

Justin James

Justin James

Best Argument: Dumb design

The moderator has delivered a final verdict.

Opening Statements

Dumb users will continue to be dumb

Ryan Naraine: Let’s not beat around the bush. Users are stupid and can’t get out of their own way, even when it concerns their safety.

We’ve spent the better part of the last decade educating users about the risks associated with clicking on attachments in e-mails or clicking on links to “Britney Spears naked” or “Ghaddafi’s final moment” videos. Well, guess what? Users click on everything, even things they know are risky. According to Microsoft’s Security Intelligence Report, 99 percent of all attacks in the first half of 2011 distributed malware through social engineering and unpatched vulnerabilities.  User interaction -- click on something and install the malware for the bad guy -- is still the go-to tactic for cyber-criminals.

We can chalk it up to laziness, human nature, stress, tiredness, whatever.  Dumb users will continue to be dumb, despite software design choices.

Dumb design: Computers must serve people

Justin James: Decades of computer use have proven to us that no amount us training and education can ever change the behavior of some users. Unfortunately, computer security all too often depends on “herd immunity” because once a machine or account within the network has been compromised, the rest often fall like dominoes. In today’s world, it is just too easy for a single mistaken click to turn a healthy machine into a trainwreck within hours.

Computers serve people, not the other way around. If the systems we design are not secure with real world users, then they do not serve the users! If certain people will not drive a car safely, despite the obvious dangers, what makes you think they are going to learn to use a computer safely? Instead of trying to make better drivers, we need to be building better brakes.
 

Talkback

97 comments
Log in or register to join the discussion
  • RE: Great Debate: Security's greatest threat? Dumb users vs. dumb design

    Dumb users you can never eliminate; dumb designs just requires an extra bit of thinking and hard-work.
    scholarsarena
    Reply Vote I'm for Dumb design
    • RE: Great Debate: Security's greatest threat? Dumb users vs. dumb design

      @scholarsarena You clearly havent met enough LUsers.
      DickCheney777
      Reply Vote I'm for Dumb users
    • RE: Great Debate: Security's greatest threat? Dumb users vs. dumb design

      @scholarsarena Your conclusion is backwards! Given dumb users can never be eliminated they will always be the greatest security threat; whereas, by your assertion, poor design can be rectified. Since the dumb user is the greatest threat to computing security, intelligent design must compensate for the ignorance of the "herd."
      David A. Pimentel
      Reply Vote I'm for Dumb users
  • RE: Great Debate: Security's greatest threat? Dumb users vs. dumb design

    Dumb users or dumb design is the question. Yes is the answer.
    DKFlorida
    Reply Vote I'm Undecided
    • RE: Great Debate: Security's greatest threat? Dumb users vs. dumb design

      @DKFlorida Agreed. They're both problems. Developers are, after all, humans just like the users. And they're just as dumb.
      CobraA1
      Reply Vote I'm Undecided
  • RE: Great Debate: Security's greatest threat? Dumb users vs. dumb design

    PEBKAC. :)
    The one and only, Cylon Centurion
    Reply Vote I'm for Dumb users
    • RE: Great Debate: Security's greatest threat? Dumb users vs. dumb design

      @Cylon Centurion

      OTOH, we had Windows XP and Internet Explorer 6. BOTH can be categorized as dumb design. They're both STILL dumb design. I almost feel sorry for those still using it.

      Dumb users and dumb design = Epic fail.
      The one and only, Cylon Centurion
      Reply Vote I'm for Dumb users
      • RE: Great Debate: Security's greatest threat? Dumb users vs. dumb design

        @Cylon Centurion I used both XP and IE6 for years with no problems whatsoever but other people I knew did get infected with things by falling for fake security alerts and links in emails. I'm firmly on the side of dumb users. I still think XP was and is a fine OS. I am now primarily on Win 7 but my older laptop is still running XP and always will until it dies.
        dch48
        Reply Vote I'm for Dumb users
      • RE: Great Debate: Security's greatest threat? Dumb users vs. dumb design

        @dch48

        Despite that, Windows XP was fundamentally flawed. The data is out there to back that claim up as well. I personally think it's still flawed even after 10 years on the market.
        The one and only, Cylon Centurion
        Reply Vote I'm for Dumb users
  • RE: Dumb Users or Dumb Designs

    Our hope lies with (1) some users being willing/able to behave more responsibly, and with (2) some designers being willing/able to improve the systems. It'll help if software companies stop laying off their most experienced programmers in favor of lower paid high school grads.
    StayCalm
    Reply Vote I'm Undecided