Questions

Once in a while

+
0 Votes
Locked

Once in a while

santeewelding
I encounter a one who has no clue to computer security. This, though they are involved increasingly and critically in important social, financial, and other ways.

I am not asking about standard technical arrangements. I am asking in my meager understanding of it all for how to lay it out in order to bring them along.

What I need from you is how to slam them up against a wall.

Like, saying, you are, "A babe in the wood. You are such a babe, that what I tell you will go over your head, and you not caring or knowing."

Further, something on the order of, "I am not your keeper."

Trouble is, I am. So are you.

How do you do it? How do you do it in your surreptitious way, and remain true and effective?

Could be said, don't you think, about a whole lot in life -- particularly to the younger, and, some older.
  • +
    0 Votes

    People pick and internally justify security that aligns with their conveniences.

    +
    0 Votes
    santeewelding

    Does, or ought, it extend to the general case of people secure in their persons, houses, effects -- as well as "papers"?

    +
    0 Votes

    After protracted rumination, I bow to advice from a newly-joined organization. I can only express what works for me. It is a too-heady place, where one assumes to know what will work for others.

    +
    0 Votes
    AnsuGisalas

    certainly.

    Ought? Probably not.

    Difference is, we have these stories, the old kind - kid goes into the forest, talks to a stranger - and the next thing is they're seeing someone's gut from the inside. You know - educational ones. We have them still, but with more mundane faces on them. We "know" what we can expect to get away with in our neighbourhoods, and what we can't... we've heard it told in so many ways.

    Not so much for computers... yet. Where are the writers when we need them? Where's "Hantzel and Grendel in the big Web?"
    <font color="FFFFFF">yes, I know it's gretchen, usually</font>

    +
    0 Votes
    OH Smeg

    I have just finished cleaning a system after it's user opened a New Years Card which seems to have been the start of loosing his AV Program and most of the Malware Scanners.

    As he does On Line Banking I had to take it part way seriously even though I have told him on numerous occasions that he shouldn't opening things just because they are there. I've also told him that some of the Web Sites that he visits are a Major Risk to Security but he constantly tells me it's a Computer and it's safe.

    I constantly tell him that there are only 2 type of Computer Users those who have lost all of their Data and those who will loose all of their Data.

    He's now wondering how he's going to pay me for this bit of work from New Years Eve till God only knows when. But it struck Home to him when I suggested that it may be a very good idea to ring his bank and suspend his current Password till he can attend a branch and reset it.

    Now instead of him ignoring everything I say he's panicking and ringing every few hours asking what's happened so far. What's the Infection and can I clean it?

    At least now he's beginning to see the need for security but I'm not sure that's it's an improvement.

    Col

    +
    0 Votes
    santeewelding

    I don't ask the doc, "why" and "how". The doc doesn't have to offer, "You could stop smoking, you know."

    +
    0 Votes
    boxfiddler Moderator

    surreptitious. In your face is my thing. If they don't listen, I quit wasting 'my time'. Got tired a long time ago of getting the same computer back from the same people with the same problems.

    Get it together, or go the f*** away. That's my motto, as to this kind of thing, anyhoo.

    +
    0 Votes
    santeewelding

    In your own face, too, I trow.

    +
    0 Votes
    seanferd

    Even people who know they are clueless and claim such (though they might find themselves slightly less clueless than they believe for five minutes of minor investigation every day) won't take instruction - they are used to doing things the same broken way they have always done.

    Those who know better than you - lost cause, until something major proves them wrong, maybe.

    It has taken me many years to get some folks to stop using the Admin account for normal use, even when some group members were on board. (It only takes one Admin account to trash it for everyone.)

    I think my return question would be: What most motivates this person in regards to the situation? Fear? Curiosity? "Not having problems"?

    Appeal to he person's motivations. Still, it might take forever.

    +
    0 Votes
    santeewelding

    Habituation, I think.

    Notice that I used the word "computer" just once with respect to security. It was a relevant peg, given this place, on which to hang the question.

    The question also holds for ideas, notions, habituations, proclivities,..in a general case. If you have ever tried to change your own, faced with writing on the wall, you get a sense of how deep it goes. Appealing to and jettisoning your own motivations ain't easy. It can be like selling your children.

    Crisis might help. "Writing on the wall" is crisis anticipated (viz., national budgetary habituation). The writing is up to you. If you can't do it for yourself, how do you manage to do it for someone else?

    Like you said: bit of a poser.

    Admin account for self.

    +
    0 Votes
    seanferd

    So do I. On one machine, with intent.

    Not specifically computer-related
    If you aren't grokking it in general, then, yeah...

    +
    0 Votes
    santeewelding

    Meant more than the one way.

    +
    0 Votes

    Why

    seanferd

    am I not startled?

    I have suspected you all along.

    +
    0 Votes
    santeewelding

    Through no devise, I hope, of my own.

    _________

    "s" for "c"

    +
    0 Votes
    seanferd

    is your own, is it not? I certainly hope so. It is, as per my estimation.

    This is getting just a bit recursive, on my end, anyway.

    +
    0 Votes
    ron.dondelinger

    Approach this issue as would a teacher with a student. I use the generalized analogy of the computer as the user's house, which makes it easier for the user to grasp:

    1. When the computer is connected to the network or internet, it is like like opening the front door of your house and leaving the door open. Any curious individual walking or driving by can stop and take a peek inside.

    2. Practicing no safeguards (ie Antivirus, Firewall) is like announcing to anyone in earshot "Well, I'm leaving my house unattended!" Someone can walk right in and help themselves to whatever possessions (personal or financial data) they can lay hands on. If they are clever, you won't even know that you had an uninvited guest. Or, you may get the malcontent who derives pleasure from completely trashing your hard drive.

    3. Practicing safeguards is like posting a doorman at the front door. No one gets in without clearance.

    4. Practice viligence!

    * Out-of-date AV definitions are a sleeping doorman.
    * Treat unsolicited emails with the same guarded suspicion as you would unsolicited postal mail or telephone calls.
    * Handle online transactions as you would in person: Read the fine print, and know and trust with whom you are dealing.


    Enlighten the user to the various unfortunate evils that exist, without coming across as condescending, and impart (much of) the ownership of the issue onto the user.

    +
    0 Votes
    santeewelding

    Might not work with someone like my ex, though, who upon our coming to the locked, public-facing door of her office suite, and seeing the doorknob nearly twisted off, remarked that it must have been the UPS man, trying it too hard.

    Thing is, she was serious.

    Thing was, I rolled my eyes heavenward.

    +
    0 Votes
    ron.dondelinger

    Desperate times call for desperate measures. Perchance the UPS man had to go something serious, and no crummy door knob was gonna get between him and a bathroom and completing his business. Well, okay, on this occasion it did.

    With no more information to go on, I'm gonna suggest the door knob failed due to a combination of metal fatigue and stress and/or shear forces. :)

    +
    0 Votes
    SmartAceW0LF

    You know what "it" is.

    +
    0 Votes
    OH Smeg

    When I walked into a warehouse and found the back door hacked to bits with a chain saw and the store room completely empty.

    Now if only I had not of said a few days previously when you walk in and find the entire place empty you can then start thinking that I have stolen something but in the mean time there isn't anything worth my while to steal here.

    Col

    +
    0 Votes
    AnsuGisalas

    take control of their system and show them a nightmare before re-image...???
    Could work...

    +
    0 Votes
    JamesRL

    Once upon a time, I travelled 500kms north to a small town, and went to check into a hotel. It was late. When I arrived at check in, they took my credit card and immediately cut it up.

    They then called American Express and handed me the phone.

    Seems I had used this card to pay for my internet provider, and they had been breached. Someone had access to my card information.

    It was lucky that the breach had been discovered quickly.

    That wasn't the case for many thousands of customers of TJ Maxx (or Winners in Canada).

    So security breaches can happen to companies with full time security folks. Never assume it can't happen to you too. Don't lose a lot of sleep, but do stay vigilant. Or disconnect your computer from any network.

    James

    +
    0 Votes

    Or

    AnsuGisalas

    disconnect your "device" from all "stuff", perhaps?

    +
    0 Votes
    SmartAceW0LF

    I think that I would simply pull up a list of your postings on this forum. In very short order I would have the proper thing to say that would promote enough thought on the part of the intended recipient that after first being bewildered, then confident enough in their own intellect they would re-read and next feel slighted in some way, I imagine they might begin a furious pounding on the keyboard and in midstream stop to re-read once again, knowing they are on shaky ground in terms of intellect, finally stop to examine and extrapolate the full meaning of the text enough to get the message. And if they aren't smart enough to exercise that due dilligence then I would likely feel the task beyond my scope. Whew! I can finally take a breath now!

    +
    0 Votes
    AnsuGisalas

    was almost like reading Catullus in translation. But what less can be expected from out of Alexandria?

    +
    0 Votes
    AnsuGisalas

    has to be the best bet...
    It'll work, because it's our age-old protocol for transferring wisdom.
    They sink in, despite cynicism and other firewalls of the mind...
    So, who've we got who can craft cautionary tales?

    The kinds where random unidentifiable but relatable-with people see bad ends are good. Throw in the odd one where the protagonist happens to have the right tool for the deal. The old tales were, I think, five to one on the negative side - before the Grimms and others bowdlerized them and started the slide towards Disney Princesses™©®.

    I've heard a couple of new ones recently, by the way... one that comes to mind was about a bogieman that goes clack clack clack across a public restroom floor. The best ones, now as afore, are the ones that started out first-degree and from which a prototype was reverse engineered...

    +
    0 Votes
    santeewelding

    But, here, can you get away with what you do?

    +
    0 Votes
    AnsuGisalas

    pretty much everywhere... sorry about the edit-while-you-posted by the way.

    But that "whoosh" sound - of it passing supersonic over everybody's heads - is really boring.
    Only here can I count on an intercept... no fun without it.

  • +
    0 Votes

    People pick and internally justify security that aligns with their conveniences.

    +
    0 Votes
    santeewelding

    Does, or ought, it extend to the general case of people secure in their persons, houses, effects -- as well as "papers"?

    +
    0 Votes

    After protracted rumination, I bow to advice from a newly-joined organization. I can only express what works for me. It is a too-heady place, where one assumes to know what will work for others.

    +
    0 Votes
    AnsuGisalas

    certainly.

    Ought? Probably not.

    Difference is, we have these stories, the old kind - kid goes into the forest, talks to a stranger - and the next thing is they're seeing someone's gut from the inside. You know - educational ones. We have them still, but with more mundane faces on them. We "know" what we can expect to get away with in our neighbourhoods, and what we can't... we've heard it told in so many ways.

    Not so much for computers... yet. Where are the writers when we need them? Where's "Hantzel and Grendel in the big Web?"
    <font color="FFFFFF">yes, I know it's gretchen, usually</font>

    +
    0 Votes
    OH Smeg

    I have just finished cleaning a system after it's user opened a New Years Card which seems to have been the start of loosing his AV Program and most of the Malware Scanners.

    As he does On Line Banking I had to take it part way seriously even though I have told him on numerous occasions that he shouldn't opening things just because they are there. I've also told him that some of the Web Sites that he visits are a Major Risk to Security but he constantly tells me it's a Computer and it's safe.

    I constantly tell him that there are only 2 type of Computer Users those who have lost all of their Data and those who will loose all of their Data.

    He's now wondering how he's going to pay me for this bit of work from New Years Eve till God only knows when. But it struck Home to him when I suggested that it may be a very good idea to ring his bank and suspend his current Password till he can attend a branch and reset it.

    Now instead of him ignoring everything I say he's panicking and ringing every few hours asking what's happened so far. What's the Infection and can I clean it?

    At least now he's beginning to see the need for security but I'm not sure that's it's an improvement.

    Col

    +
    0 Votes
    santeewelding

    I don't ask the doc, "why" and "how". The doc doesn't have to offer, "You could stop smoking, you know."

    +
    0 Votes
    boxfiddler Moderator

    surreptitious. In your face is my thing. If they don't listen, I quit wasting 'my time'. Got tired a long time ago of getting the same computer back from the same people with the same problems.

    Get it together, or go the f*** away. That's my motto, as to this kind of thing, anyhoo.

    +
    0 Votes
    santeewelding

    In your own face, too, I trow.

    +
    0 Votes
    seanferd

    Even people who know they are clueless and claim such (though they might find themselves slightly less clueless than they believe for five minutes of minor investigation every day) won't take instruction - they are used to doing things the same broken way they have always done.

    Those who know better than you - lost cause, until something major proves them wrong, maybe.

    It has taken me many years to get some folks to stop using the Admin account for normal use, even when some group members were on board. (It only takes one Admin account to trash it for everyone.)

    I think my return question would be: What most motivates this person in regards to the situation? Fear? Curiosity? "Not having problems"?

    Appeal to he person's motivations. Still, it might take forever.

    +
    0 Votes
    santeewelding

    Habituation, I think.

    Notice that I used the word "computer" just once with respect to security. It was a relevant peg, given this place, on which to hang the question.

    The question also holds for ideas, notions, habituations, proclivities,..in a general case. If you have ever tried to change your own, faced with writing on the wall, you get a sense of how deep it goes. Appealing to and jettisoning your own motivations ain't easy. It can be like selling your children.

    Crisis might help. "Writing on the wall" is crisis anticipated (viz., national budgetary habituation). The writing is up to you. If you can't do it for yourself, how do you manage to do it for someone else?

    Like you said: bit of a poser.

    Admin account for self.

    +
    0 Votes
    seanferd

    So do I. On one machine, with intent.

    Not specifically computer-related
    If you aren't grokking it in general, then, yeah...

    +
    0 Votes
    santeewelding

    Meant more than the one way.

    +
    0 Votes

    Why

    seanferd

    am I not startled?

    I have suspected you all along.

    +
    0 Votes
    santeewelding

    Through no devise, I hope, of my own.

    _________

    "s" for "c"

    +
    0 Votes
    seanferd

    is your own, is it not? I certainly hope so. It is, as per my estimation.

    This is getting just a bit recursive, on my end, anyway.

    +
    0 Votes
    ron.dondelinger

    Approach this issue as would a teacher with a student. I use the generalized analogy of the computer as the user's house, which makes it easier for the user to grasp:

    1. When the computer is connected to the network or internet, it is like like opening the front door of your house and leaving the door open. Any curious individual walking or driving by can stop and take a peek inside.

    2. Practicing no safeguards (ie Antivirus, Firewall) is like announcing to anyone in earshot "Well, I'm leaving my house unattended!" Someone can walk right in and help themselves to whatever possessions (personal or financial data) they can lay hands on. If they are clever, you won't even know that you had an uninvited guest. Or, you may get the malcontent who derives pleasure from completely trashing your hard drive.

    3. Practicing safeguards is like posting a doorman at the front door. No one gets in without clearance.

    4. Practice viligence!

    * Out-of-date AV definitions are a sleeping doorman.
    * Treat unsolicited emails with the same guarded suspicion as you would unsolicited postal mail or telephone calls.
    * Handle online transactions as you would in person: Read the fine print, and know and trust with whom you are dealing.


    Enlighten the user to the various unfortunate evils that exist, without coming across as condescending, and impart (much of) the ownership of the issue onto the user.

    +
    0 Votes
    santeewelding

    Might not work with someone like my ex, though, who upon our coming to the locked, public-facing door of her office suite, and seeing the doorknob nearly twisted off, remarked that it must have been the UPS man, trying it too hard.

    Thing is, she was serious.

    Thing was, I rolled my eyes heavenward.

    +
    0 Votes
    ron.dondelinger

    Desperate times call for desperate measures. Perchance the UPS man had to go something serious, and no crummy door knob was gonna get between him and a bathroom and completing his business. Well, okay, on this occasion it did.

    With no more information to go on, I'm gonna suggest the door knob failed due to a combination of metal fatigue and stress and/or shear forces. :)

    +
    0 Votes
    SmartAceW0LF

    You know what "it" is.

    +
    0 Votes
    OH Smeg

    When I walked into a warehouse and found the back door hacked to bits with a chain saw and the store room completely empty.

    Now if only I had not of said a few days previously when you walk in and find the entire place empty you can then start thinking that I have stolen something but in the mean time there isn't anything worth my while to steal here.

    Col

    +
    0 Votes
    AnsuGisalas

    take control of their system and show them a nightmare before re-image...???
    Could work...

    +
    0 Votes
    JamesRL

    Once upon a time, I travelled 500kms north to a small town, and went to check into a hotel. It was late. When I arrived at check in, they took my credit card and immediately cut it up.

    They then called American Express and handed me the phone.

    Seems I had used this card to pay for my internet provider, and they had been breached. Someone had access to my card information.

    It was lucky that the breach had been discovered quickly.

    That wasn't the case for many thousands of customers of TJ Maxx (or Winners in Canada).

    So security breaches can happen to companies with full time security folks. Never assume it can't happen to you too. Don't lose a lot of sleep, but do stay vigilant. Or disconnect your computer from any network.

    James

    +
    0 Votes

    Or

    AnsuGisalas

    disconnect your "device" from all "stuff", perhaps?

    +
    0 Votes
    SmartAceW0LF

    I think that I would simply pull up a list of your postings on this forum. In very short order I would have the proper thing to say that would promote enough thought on the part of the intended recipient that after first being bewildered, then confident enough in their own intellect they would re-read and next feel slighted in some way, I imagine they might begin a furious pounding on the keyboard and in midstream stop to re-read once again, knowing they are on shaky ground in terms of intellect, finally stop to examine and extrapolate the full meaning of the text enough to get the message. And if they aren't smart enough to exercise that due dilligence then I would likely feel the task beyond my scope. Whew! I can finally take a breath now!

    +
    0 Votes
    AnsuGisalas

    was almost like reading Catullus in translation. But what less can be expected from out of Alexandria?

    +
    0 Votes
    AnsuGisalas

    has to be the best bet...
    It'll work, because it's our age-old protocol for transferring wisdom.
    They sink in, despite cynicism and other firewalls of the mind...
    So, who've we got who can craft cautionary tales?

    The kinds where random unidentifiable but relatable-with people see bad ends are good. Throw in the odd one where the protagonist happens to have the right tool for the deal. The old tales were, I think, five to one on the negative side - before the Grimms and others bowdlerized them and started the slide towards Disney Princesses™©®.

    I've heard a couple of new ones recently, by the way... one that comes to mind was about a bogieman that goes clack clack clack across a public restroom floor. The best ones, now as afore, are the ones that started out first-degree and from which a prototype was reverse engineered...

    +
    0 Votes
    santeewelding

    But, here, can you get away with what you do?

    +
    0 Votes
    AnsuGisalas

    pretty much everywhere... sorry about the edit-while-you-posted by the way.

    But that "whoosh" sound - of it passing supersonic over everybody's heads - is really boring.
    Only here can I count on an intercept... no fun without it.