Great Debate: Security's greatest threat? Dumb users vs. dumb design

Dumb users will continue to be dumb

Ryan Naraine: Let’s not beat around the bush. Users are stupid and can’t get out of their own way, even when it concerns their safety.

We’ve spent the better part of the last decade educating users about the risks associated with clicking on attachments in e-mails or clicking on links to “Britney Spears naked” or “Ghaddafi’s final moment” videos. Well, guess what? Users click on everything, even things they know are risky. According to Microsoft’s Security Intelligence Report, 99 percent of all attacks in the first half of 2011 distributed malware through social engineering and unpatched vulnerabilities.  User interaction -- click on something and install the malware for the bad guy -- is still the go-to tactic for cyber-criminals.

We can chalk it up to laziness, human nature, stress, tiredness, whatever.  Dumb users will continue to be dumb, despite software design choices.

Dumb design: Computers must serve people

Justin James: Decades of computer use have proven to us that no amount us training and education can ever change the behavior of some users. Unfortunately, computer security all too often depends on “herd immunity” because once a machine or account within the network has been compromised, the rest often fall like dominoes. In today’s world, it is just too easy for a single mistaken click to turn a healthy machine into a trainwreck within hours.

Computers serve people, not the other way around. If the systems we design are not secure with real world users, then they do not serve the users! If certain people will not drive a car safely, despite the obvious dangers, what makes you think they are going to learn to use a computer safely? Instead of trying to make better drivers, we need to be building better brakes.