Slashdot Mirror

← Back to Stories (view on slashdot.org)

Users Rejecting Security Advice Considered Rational

Posted by kdawson on from the no-thanks-for-the-externalities dept.

WeeBit writes "Researchers have different ideas as to why people fail to use security measures. Some feel that regardless of what happens, users will only do the minimum required. Others believe security tasks are rejected because users consider them to be a pain. A third group maintains user education is not working. [Microsoft Research's Cormac] Herley offers a different viewpoint. He contends that user rejection of security advice is based entirely on the economics of the process." Here is Dr. Herley's paper, So Long, And No Thanks for the Externalities: The Rational Rejection of Security Advice by Users (PDF).

2 of 389 comments (clear)

  1. Re:This is not a "new" interpretation by luckyXIII · · Score: 0, Troll

    Not always. Sometimes they're dumber than you think they are.

    --
    Some people have it coming - I'm just the delivery system.
  2. Want security? Buy a Mac by WillAffleckUW · · Score: 1, Troll

    Want security? Buy a Mac.

    Want s/w that breaks? Buy Windows.

    Want to roll your own and get every ounce of power out - use a Linux distro.

    At one point I was the acting security officer for Pacific Region. If people can subvert security they will.

    Not much has changed in the security sphere for a long time, and difficult security just begs to be subverted.

    --
    -- Tigger warning: This post may contain tiggers! --