Firewall Wizards mailing list archives

RE: Broken Analogies (was: Transitive Trust)

From: "Brian Loe" <knobdy () stjoelive com>
Date: Tue, 21 Jun 2005 11:51:22 -0500

I have to question how much time some of you are spending with the end user.
In the last three years I have yet to meet one (an end user) at any level
(to include phone reps, managers, and two CEOs) that complained about
aggressive protection. This might be because the companies I have worked for
went from 0 protection to 80% in a matter of months, and they remembered why
we were implementing it in the first place. Just the same, given options I
tend to believe that humans will accept protection with minor (and they
really are pretty minor) inconveniences.

One only needs to look at national politics to see this is true, virtually
everyone has given up a great deal of personal liberty in return for a false
sense of security. Our sell is real security, ought to be easier.

People's mentality will never change while this is the case, 
because all of the cures are worse than the diseases. Take 
any aggressive quarantine style system and apply it 
enterprise-wide and people will start to bitch. They will 
bitch even worse when there is a false positive because the 
perceived usability cost is too high for them. When we start 
getting more malware that trashes the host then I think all 
of these discussions might become more useful.

I'm going to leave aside things like acquired immunity, 
re-infection, and avoidance (people don't tend to kiss those 
suffering from cold sores).

Current worms may _spread_ like diseases, but that's pretty 
much where the useful similarities end, in my opinion. 

Oh, and targeted incidents are not like diseases at all - 
they probably are, actually, more like bears. Or maybe 
weasels. I actually think you might be better looking at it 
from an economic modelling approach with supply and demand of 
exploits and risk / reward of targets. There's probably some 
game theory in there too.

Anyway, enough ramble.

ben



_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: Transitive Trust: 40 million credit cards hack'd, (continued)
- - - Re: Transitive Trust: 40 million credit cards hack'd Adam Shostack (Jun 20)
    - RE: Transitive Trust: 40 million credit cards hack'd Bill Sharrock (Jun 29)
- RE: Transitive Trust: 40 million credit cards hack'd Paul D. Robertson (Jun 20)
  - Re: Transitive Trust: 40 million credit cards hack'd Kevin (Jun 20)
    - RE: Transitive Trust: 40 million credit cards hack'd Brian Loe (Jun 21)
    - Re: Transitive Trust: 40 million credit cards hack'd Kevin (Jun 21)
- RE: Transitive Trust: 40 million credit cards hack'd Paul Melson (Jun 21)
- RE: Transitive Trust: 40 million credit cards hack'd Richards, Jim (Jun 20)
  - RE: Transitive Trust: 40 million credit cards hack'd Eugene Kuznetsov (Jun 20)
    - RE: Broken Analogies (was: Transitive Trust) Ben Nagy (Jun 21)
    - RE: Broken Analogies (was: Transitive Trust) Brian Loe (Jun 21)
- RE: Transitive Trust: 40 million credit cards hack'd Behm, Jeffrey L. (Jun 21)
  - RE: Transitive Trust: 40 million credit cards hack'd Paul Melson (Jun 21)
  - Re: Transitive Trust: 40 million credit cards hack'd Kevin Sheldrake (Jun 30)
- RE: Transitive Trust: 40 million credit cards hack'd Behm, Jeffrey L. (Jun 21)
- RE: Transitive Trust: 40 million credit cards hack'd Stetser Dan Contr Det 4/LAN (Jun 21)