A thought about our attitude to lUsers

[Vorlin]

Did I read "JOURNALISM" in ShagDevil's post? Holy crap, no wonder "Grossberg" (rofl) sounded so smart in his thread!

Ok, here we go...amazingSuperNewAndImprovedDoesItAll Program...v1.0.0.

Firewall
Stateful and stateless packet inspecting covering most of the layers if not all; remember, this guy wants it all. Has a huge learning curve which there's a "default" which allows most common applications (IE, Explorer, WMSN, AIM, Yahoo!, etc...) and has the most intelligent "AI" code that knows when the user is trying to do something as opposed to a program randomly wanting to access the Inter/Intra-net. Blocks everything by default except said assumed rules in prior mention. All programs that are reported show file, file size, location, standard stuff...

Problems
1. Who's to say what is accepted and not? A firewall should ask every time a program that's not on the list tries to get on the inter/intra-net. Common knowledge, right? What happens when a common user is asked? Either they A) say "Always allow" without reading anything about it or B) they somehow find the "Allow all traffic", which defeats the entire purpose of the firewall.
There are more that could be mentioned, but this is the biggest one I've seen.

Antivirus
Auto-updates every day and installs anything found because the server's considered trusted (it's on the "allowed" list in the associated firewall, which breaks rules 1-10 on default firewall settings). Scans the entire drive every week, regardless of the time needed because of the gigs of data any given user may have. Scans every file opened, altered, created, changed, etc... Checks when a file is loaded in memory versus the physical file to see if anything suspicious could happen, regardless of whether or not the user has enough available ram because they're trying to load 483 pictures from their digicam while they're playing music and doing a spreadsheet ... on 128mb of ram that came with their spanking new Dell/HP/Compaq/Gateway.
While we're at it, let's deploy a measure of Tripwire...AV could check MD5 sums on the database cache version of a file versus what's actually on disk. This way anything could be reported if it changed. The default database scan would include system files and most important directories.

Problems
1. Full scans take a while, regardless. Especially if it's an end-user who doesn't think about the stuff they load onto a machine so veritable THOUSANDS of files are going to be there and when said scan kicks off, if a user is on, chances are they'll say "I can do this later" or "WTF IS THIS SH!T" and will cancel it. YAY WE HAVE CIRCUMVENTED THE ENTIRE AV SCAN BY A CANCEL BUTTON WOOHAAAAA! So yeah, right...where were we? What's that you say, no cancel button? Great! Here comes the whole Big Brother regime!

2. File checking isn't a problem, since it's on an on-demand basis, but loading any given file into memory and then having it checked with another "safe" copy in memory is. Imagine the memory needed for that? I don't even know, so I won't guess. But we're making sure they're safe, even though we're killing performance...who cares!

3. I can't even imagine the implications of a tripwire-like database that's supposed to manage itself when an end-user might have any say in the matter, not even including the things that go wrong when windows updates itself (per this guy's idea) and a ton of system files get updated. Nobody can EVER verify the integrity 100% of any given thing at an immediate time so if the AV/Firewall locks access to that file because it doesn't match the database cache and is newer than the stored one. Oh, you didn't need that svchost.exe did you? I'm sorry, you lose, delete now... So if a file is denied access by the database's own program (called filelock.exe, for example) and is denied all activity to the inter/intra-net by the firewall and can't alter any files per the AV locking it down....what if that file is filelock.exe? What happens then? If you're lucky, the system loops and dies. If not, filelock.exe is now out of the equation and it's PARTY TIME AT IP ADDRESS ... YEEEHAAAAAAWWWWWW! Or better, what if it was the firewall itself (main executable)? And the AV? You see where THIS is going.

Spyware
Fairly straight-forward. Have a reference list just like Spybot and Ad-Aware use, have it loaded into memory at boot time and have the real-time monitor active. But that's kind of a trojan method, wouldn't you say? If you don't the user a choice? Who cares, onward we go. Prevent all modifications to the registry and keep files from being created that are considered spyware. Run scans every week and get rid of anything that matches the reference list.

Problems
Real-time monitor would be shot in the face by the user after about the second time of installing something. Here's a live scenario. Joe Blow buys an Nvidia card, comes home and installs it. He's installing the drivers when the alert window pops up and says "Hey, someone's trying to put something into HKLM/Software/Microsoft/Driver/etcetcetc, want to allow or disable?". He doesn't know to look for NVidia because NVidia doesn't name everything as such and hits "DENY". No problems there...immediately he's asked if Windows really SHOULD have that unsigned driver and accidentally hits cancel because he was hitting the deny button (or even the allow button) on his alert window for spyware. The machine reboots and things are ALL F'D UP because now, the drivers weren't loaded right, there's no uninstall because it never made it into the registry and a reinstall doesn't work because some string that sounds like vaguely pronounceable line-noise is out there. And this is just one that I can think of.

The main issue is that if you prevent the registry from being written to, you don't put anything needed in, registered dlls aren't inserted, no uninstall strings are written, no aliases or variables are allowed in so if you did have the program "installed", it wouldn't work. Ever. More on this, but I'm writing a book, blah...

So, I think I'll write Mr. Mossberg of the Journalism-type and see what he thinks. I'm sure he has all the answers to these petty, easily-resolved problems.

...

I think I exploded my brain writing this...the problems that I can think of don't even come close to the problems that would be encountered upon releasing a program like this to the masses.

[moxnix]

But.....but....Mr. Mossberg said that Microsoft had to do it for free.

Instead of lectures, consumers need Microsoft to build into Windows an effective, free, constantly updated security service requiring little or no user intervention.

And you know that if MSN builds something, especially for free, that it would be of unsurpassed quality and simplicity. I mean, doesn't their past track record prove that?

*cough.....cough* Sorry got to go get this bad taste out of my mouth after saying that.

[The Grunt]

.Originally posted by Vorlin

1: The first kind of user isn't going to care about knowing more and will brush off anything given with lines like "I don't need to know any of that garbage" or "I don't care to know anything more", etc. These are the worst, in my book, because they bring down what I consider a very good career. They ridicule the IT staff on hand (don't ever say 'Wow, that's a first' or something because they'll respond with a smartass comment like "Oh aren't you supposed to know everything? What do we pay you for?"), don't do anything you tell them to (or do it with the utmost aggravation and frustration shown), things like that. These are the kind who I don't give two rats asses about.

These are the same *******s that come into the computer repair shop I work at and say "well I have a friend of a friend who's A+ and MSCE certified and he said you guys screwed up upgrading my RAM!!!" Then we ask what the problem with it is, and they say something like "well you guys did it, it's your fault, you should know what the F***ing problem is!!!" They really cuss us out and all, even when there's kids around. Then we crack the case and the RAM modules are nice and black. We say "Are you sure you didn't change any settings or anything?" "No, you guys screwed it up, fix it now." We say "you've had this for 6 months since we upgraded your RAM, how long has it been messed up" "Ever since you retards screwed it up"

That cycle continues for a while before they get really hot headed and leave, then come back a few hours later and ask for some new RAM. On their way out we tell them not to screw with latency settings on the motherboard. We put it in for that dude and the CAS settings in the BIOS was on 1-3-5... That will burn up even the highest quality RAM, leads me to believe some folks should just not be allowed around computers.. Gotta love redneck/hick retards...

[linux_obo]

Having read all the above points the one thing that stands out is a point of view from a "regular" user, where as I'm far from a regular user, how many of you here have experienced that look of dis-belief from your car mechanic when you explained how your car's oil light came on and started making funny noises but you thought it would go away if you turned up the stereo ?? (Extream example I know and not very realistic) the point I make is an embaressment factor here, most PC users use 1 or 2 apps on a regular basis the rest don't get touched, I mean why would a user KNOW that his/her AV needs to have regular updates to function correctly ?? after all it's sitting there in the SysTray so it must be working huh ??.

We all have a responsiblity to make the asking of questions LESS painfull for all users, if however after that point the same question is asked over and over and over again then some thing some where is not sticking in the users mind.......

[The Grunt]

Yea, but keeping your AV updated is like checking your oil and gassing up your car. My mom is completely dumb with cars and computers, but she knows to update her AV and windows, and she knows to gas up the car and to check the oil every 2-3 gassups...

If we make it more of a common sense type thing like checking your oil, then users should catch on properly, yea, we still need to go to the mechanic to get our carberator replaced (some of us anyways) just like users still need us to rid spyware or remove a virus...

[gore]

Oh **** the users. Until I make more than they do for cleaning up after them, and them getting nothing but a "Please be more careful next time" after having one release a worm on the whole network because the little sign saying don't open attachments, and don't ever open anything ending in...Anything but .rtf and then watching an admin be chewed out for not making warnings bigger... Blah!

If your job description involves using a computer, then you should know how to actually USE it. I have worked in fast food while morons who think you have to print something 700 times to make sure it prints right get 3 times as much an hour sit in front of a machine all day that they know nothing about.

I can't wait to start my company up, any "users" I have will be beaten with a bag of thin wire terminators for every dumb mistake they make. Of course that will be in the contract in small print so no legal action can be put against me. If they don't like it, Burger King requires no computer skills.

-Gore, the AO BOFH - Luser Abuser.

[Vorlin]

And it's gore from downtown!!!!!111

linux_obo, I agree that we all have areas we're not exactly brain surgeons in, but damn...I can only explain the same thing to the same user concerning the same problem that happened... I mean, you only put your hand on a hot stove eye only once, don't you? Burn your ass good one time and it doesn't happen again, right? So why would it be different for someone who has to open every attachment because some email said "I just need a friend" or "I'm a sad girl" (two real subject lines in previous virii) and you're stuck fixing their POS that's never been defragmented and the systray is bigger than the taskbar.

[ammo]

Personnaly, I'm usually rather tolerant of my users. I don't expect them to update their AV or defrag their drives themselves periodically, if I wan't that to happen, it has to be automated (and is).

What gets to me however, is:
a. when users refuse to understand that with computers, like cars or any other type of machines, things can and do go wrong from time to time, and that it's not (usually/necessarly) the admin's fault that it happens. After all, do you blame your mechanic for getting a flat tire, running out of gas or for your alternator giving out?

b. when users call you up because something is not working and refuse to give you more information than "my e-mail is not working" or "the internet is broken" no matter how much coaching/questionning you do. There's nothing more frustrating than being told "e-mail is not working", to which you ask "why/what makes you say that? is there an error message?..." and then getting the "it just doesn't work, I don't know anything else, that's your job, etc.". How the hell am I supposed to help you if you won't say what's wrong specifically? When you go to the doctor, so you just say "I'm sick, fix me" when you broke leg and not tell him where it hurts, how it happens...

c. When users don't try the most basic things to fix a problem. Example: last week, we changed domaine name and I redirected our website from the old url to the new with mod_rewrite. Our website is set as the home page on our computers by default. For some reason internet explorer redirected to the new url but stuck on a blank page instead of loading from the new url. The only thing to do to fix it was a stop/reload on the page. No one even tried it, in fact when I told them they said "why didn't you advise us about the change and that we would need to do this (stop/reload)"! :sight:

d. The fact that users don't appreciate when everything is going well. We haven't had a single hack or virus outbrake in the 3 years I've been the admin, while at the same time I've had to rebuild the network almost from scratch and we've added nearly 80 computers (out of ~120 total) and upgraded 3 versions of windows... Heh...

Oh well, got to go study if I wan't to pass these 2 last courses to get my BSc diploma this summer


Ammo

[The3ntropy]

Gore > You should try out our policy, it works good, we block all atachments and downloads by default.

We just treat everyone like the baby that they are. We know that they are stupid and treat them like that. We make sure that we talk nice and slow whenever they call us, which makes them call less, and we reply with long drawn out complicated multipage e-mails to simple questions, which makes them e-mail less.

[Palemoon]

Great thread, and a simple fact is in the real worl you will run across the biggest moron in your life and yep they have a degree and yep the are well above you and there are few CEO's that actually know how a computer works and good luck training them the foot stompers that say but Bill says it ain't so and go off to doctor the books.

Training begins first to let people know that M$ does not have all the answers. The text is the new employees manual is there for a reason. You down laod programs install them first reason to be written up it clearly states your company supplyed computer is not yours, also clearly stated doing so may result in spyware, trojans and other nasty stuff that may take out our servers or crash your system and yes you will loose all your local information and your email. When we are lucky this sort of thing is policy it is actually read and understood. It is about the bottom line for business right now back up tapes made onto no longer supported formats on well best put 8 track tapes with no deck let alone the software. Fault whom you wish minor details can kill a business, unless all of us in what we do can support the business we provide in what ever area no amount of geek skills will save us if we do not understand the very industy who's computers we support. Rare I give points here been gone a bit the T3n I can tell actually works, knows and supports the business he know's with skills and has the means to make them fact.