Linux Today: Linux News On Internet Time.

Are users right in rejecting security advice?

Mar 17, 2010, 16:32 (2 Talkback[s])
(Other stories by Michael Kassner)

[ Thanks to Golodh for this link. ]

"Researchers have different ideas as to why people fail to use security measures. Some feel that regardless of what happens, users will only do the minimum required. Others believe security tasks are rejected because users consider them to be a pain. A third group maintains user education is not working.

"Herley offers a different viewpoint. He contends that user rejection of security advice is based entirely on the economics of the process. He offers the following as reasons why:

* Users understand, there is no assurance that heeding advice will protect them from attacks.
* Users also know that each additional security measure adds cost.
* Users perceive attacks to be rare. Not so with security advice; it's a constant burden, thus costs more than an actual attack."

Complete Story

Related Stories: