Best Argument: Dumb design
Save dumb users from themselves
End users have gotten smarter about using technology but human vulnerability will always be the weakest link in the security chain.
The inquisitive nature of human psychology will always push us to click on that strange URL or open that e-mail attachment. Cyber-criminals make a living out of using social engineering to infect our computers and use your resources to make money. Dumb users will remain dumb but we have an opportunity to make software design decisions that can reduce the effectiveness of social engineering.
Our software products must start making decisions for end-users and remove the temptation of the lure. It's already happening. Modern e-mail clients have started to automatically block harmful attachments. Modern web browsers are putting up roadblocks to malicious web sites. Modern operating systems are using things like ASLR and DEP to block vulnerability exploitation without the end-user ever seeing anything.
We need to get to a world where the errant click means very little. We need software developers to bake security into design decisions to save dumb users from themselves.
You can't blame users - fix it!
Security's greatest threat? Dumb design
This is one of those debates that has been going on for as long as human beings have been building tools that they weren't going to just use for themselves but share with other people. In tech, this debate would have been a lot different even a decade ago, when virtually every tool in the computer industry required a manual and some training (or, at least a trial-and-error period). Today, the user expectations are different and the resources and capabilities of our product builders are a lot better.
Doc's final thoughtsIN PARTNERSHIP WITH Ricoh
Doc has to agree with Justin on this one and take Ryan to task for thinking so poorly of users. The bad guys are getting better and better at luring folks into their schemes, and Doc doubts very much that many people are falling for the old “Brittany Spears Naked” bit these days. You know, Ryan, that it’s not that simple anymore, and Doc’s willing to bet you’ve been fooled into opening something you thought was innocent.
Justin has it right – it’s time to put even more effort into security and shore up our information resources. In other areas such as our food supply and our drug supply, we’ve built in systems to protect the manufacturing and distribution chains so that problems are relatively rare. Why should information be any different?
Yes, there will always be bad guys and mischief makers out there trying to game the system. But private enterprise (perhaps with a little more government support) is pretty resourceful and should be able to keep one step ahead of those wishing to bring systems down. Of course, users need to exhibit some basic common sense, but in the end, technology should be as foolproof as possible. Don’t let the manufacturers of our software and hardware off the hook here – they need to step up the effort and provide stable, hard-to-hack products.
Now please, Ryan, can you send Doc that link to the Brittany Spears photos?