Indignation is the immediate response if you suggest to any computer user that they should be given a licence to use their PC only if they pass a test. Why is this? When someone crashes a car on the motorway, naturally, our first response is to utter words of sympathy: "Oh, hope they're not hurt..." - but what we're actually …
Making everyone take a test, doesn't seem practial.
So give everyone a licence, then endorse them for various offences. Such as three points for being stupid enough to being tricked into joining a botnet.
Reach nine points and your licence is suspended for three months.Or two months if you agree to take s computer aptitude test.
It's the OS - stupid!
Licence the OS, not the user.
Car manufacturers must prove that any new design complies with extensive safety regulations before they can market it.
Manufacturers of operating systems, be they open source or proprietary, should be forced to prove that each new revision complies with certain basic security standards - not requiring every user to have read/write access to the system directories for example - before the OS can be distributed. Easy. We'll never be able to control billions of users, but we can influence the OS developers.
Can my ISP support be enrolled?
Can I submit that virgin media support staff be put through a _basic_ IT course (I'd prefer an advanced course, but lets take baby steps!). This may help relieve my frustration when dealing with them :).
1. Be able to set up an email account from scratch
2. Be able to install and uninstall a program from a PC
3. Know what a web browser is
4. Know how to add and remove a printer
5. Know the difference between POP3 and IMAP accounts
6. Understand what an SMTP or outgoing server is
Brilliant. Exactly none of these will help make the machine secure. Go you.
Of course it would be nicer if users learnt to use their machines - but with support calls at 50p a minute it's not going to happen any time soon.
Can desktop support guys stop posting please. Not only do you have a clear conflict of interest. But you are also the bottom feeders of the IT world. (only kidding - but see what elitism sounds like?)
Less enforcement, more education
I see where you're going with this idea, but licensing wouldn't be even slightly practical (especially with multi-user machines - family computers for example).
What is really needed is more an education on the availability of cut-down capability machines at the point of sale (with the assumption of said availability of course). The problem you're essentially highlighting is that of someone going into B&Q, asking a sales rep for something to cut up cardboard for arts and crafts (a stanley knife) and being sold a circular saw. This keeps happening partly due to the consumer not entirely understanding what is available to them (not as obvious when purchasing a PC as with a stanley knife vs saw), the sales rep wanting a larger commission and the sales rep being about as clueless as the customer and thinking that by selling them something with big numbers they must be improving their lives. Yes PC World monkeys, I'm talking to you.
This could get very messy
"In exchange, perhaps we could insist that who we send emails to, and what they contain, is entirely confidential without some evidence of criminality?"
Which would mean that this is not any kind of right but is a specially awarded privilege which can be withdrawn at any time. And of course would be the next time they plant a tabloid scare story.
More and more businesses and government offices etc. are cutting costs by dumping everything on the web. If you forbid someone to use certain functions, how to do guarantee that they have some other way to work with those organisations? Especially when it's a very rapidly moving target.
What happens when someone isn't licensed to use the web but can't find a mobile phone that doesn't have a web browser built in? Or wants to borrow someone else's phone when their battery has died?
What a daft suggestion
The idea's grounded in good intent but how the hell do you propose to enforce a test and a license? What kind of benchmark can possibly exist for any person running any application on any hardware on any kind of connection? So the driving analogy breaks down completely - road users operate within well-defined imits, and they can be tested within them for their intended usage.
For example I am clued up, but I've just entered my username and password into an unencrypted web form to post this comment. Is that bad? Maybe - what's the risk, what are the consequences? That depends on where I am, who I am, how El Reg's page has been compromised, and so on. In otherwords, no-one can say for sure whether entering that info amounts to a 'test fail'. Only I can make an informed judgement - but that begs the question.
The current situation can't go on forever because it presents too much risk and cost all over the place. Eventually we will find more and more new legislation coming in to try and tackle it. Increased education of users is a good thing, but you cannot enforce it, and the unpopular fact is that some people are simply thick and will never get it.
So I predict that we will ultimately end up with a sevice model for consumers. There will be ISPs who are certified to have access to the 'raw' Internet, and they in turn will provision all manner of services to users - sorry, customers, who will not have access beyond the managed modules they have paid for. Ironic really, as Compuserve and AOL drove this model for so long in the early years.
Pots and Kettles
"to let someone load the office database onto their personal laptop and leave it in their car outside Tesco"
But it only seems to be government/MOD employees who do that, so perhaps they should get their house in order first?
Kudos to Michael for remembering the BBC interview debacle. I'd forgotten it was GK they meant to have!
License no - training, probably
Bear in mind there's no longer a dog license in the UK - iffy PC practices vs half-starved, maltreated Rottweiler... doesn't really stack up.
However, this issue of incompetent users is what has given rise to the Vista nag-screen. Seamlessly escalating privileges only as and when required is actually not a bad idea - the problem is that it relies on people knowing what they _should_ do when presented with a pop-up that says "program xxx.pr0n.wmv.exe requires administrator privilieges; would you like to grant them?".
What's required is free, accessible PC training. UKOnline offers this to some extent but they tend to be "want to learn how to use the internet for shopping, email and online banking?". Which is fine, but before you can progress to that you should have completed something on basic computer security.
Besides, the biggest problem with a license is that the people who would be implementing the license are among those least qualified to do so, the government. I've lost track of how many government IT disasters there have been (most of which have never been satisfactorily resolved).
What about games? Is it really a blow against human rights to suggest that if you can afford a machine with a kilowatt power supply and a dual-core video card, you can also afford to register the thing and its IP address as a danger to the web?
Won't work - non-static IP addresses for starters, plus gamers are among those people most likely to alter their hardware configuration (chuck in extra memory, gfx cards etc) invalidating any kind of hardware fingerprint. The only people that can halfway accurately identify any "person" connected to the web is their ISP - assuming they've not given their login details to a "trusted technical friend". Besides, it's not like there aren't readily available anonymisers (proxies) out there to mask your IP even if it is static.
The point you were trying to make is that it is the users that require a license, not the software they're running. There are some very technical gamers who may have home networks proxied through FreeBSD with hardware firewalls; who actually know what programs and services should be running on their Windows gaming PCs and what level of internet access those programs require (client/server at least). Of course there are numpties who just play WoW as well ;)
Anyone who normally runs their computer with an administrative account should be defenestrated.
OK, but only after we've defenestrated all the sloppy "software engineers" who seem to think that their apps always need to run in admin mode. Even MS seem to have gotten their act together there somewhat - their software actually seems to work fine on limited privileges accounts now.
Point of Order re: Thatcher ref' on society
Just an aside - Thatcher did not say Society did not exist per se, she was saying, basically, that the word is merely a desciption of the end product of all us lot and how we behave, what we do, etc. As such it is not a body, an organisation, association or other but is actually lots of individuals. It was in response to specific question and so needs to be seen in context:
In answer to a question about what has caused a deterioration in the nation's moral standards, she answered:
"I think we've been through a period where too many people have been given to understand that if they have a problem, it's the government's job to cope with it. 'I have a problem, I'll get a grant.' 'I'm homeless, the government must house me.' They're casting their problem on society. And you know, there is no such thing as society. There are individual men and women, and there are families. And no government can do anything except through people, and people must look to themselves first. It's our duty to look after ourselves and then, also, to look after our neighbour. People have got the entitlements too much in mind, without the obligations. There's no such thing as entitlement, unless someone has first met an obligation."
The problem is
humans will remain humans. There will always be ethical and unethical people and the unethical will always find a way around "the law". To say that OS's should be made with limited functionality may be fine and dandy but what about open source Linux, where you can modify and rewrite it any way you choose? Does that mean open source should be banned or creativity chopped off at the knees? What about the hardware - Should it be hard coded to restrict "dangerous" activity? OOPS there goes my FTP to my website. OH yeah, i can get a third party FTP client to bridge a connection. As a matter of fact I can get just about any third party program to do what Windows makes hard for the average user to do.
Do we allow the ISP's to scrutinize every connection we make? Make encryption or proxies illegal? There goes my privacy.
The problem as I see it is that OS's such as Windows has enabled much of what's going on by turning things on by default and having hardware that is "stupid" to what's happening and even measures such as DEP can be circumvented.
So here comes Vista with all it's annoying security dialogs and quirks, making what used to be tolerable.... intolerable and no more secure than previous versions.
So to me it would seem it's the end user who is unfortunately stuck with security since we all want our privacy and freedom. Sandboxing is all fine and well too but what does the average joe deny or allow to write to the disk? Joe needs to be smart enough to decide that unless you want to totally sandbox everything and not allow anything to write to disk.
The virtual world is much like the real world in terms of keeping your privacy and allowing you to do your own thing, as long as it's legal. Then there's things that may be illegal here but legal somewhere else. So I go somewhere else and we all know there are a lot of "somewhere else's".
There certainly isn't any concrete answer to keeping the net alive and well, without the "accidents" or deliberate unwanted actions. Well, there may be one way but do you really care to be completely regulated and controlled?
As in real life, we are all walking or surfing targets and always will be. The best we can do is educate and train people. So maybe a license is the way to go but there will always be some who break the speed laws or drink while they surf or fall asleep behind the wheel.
Besides all that, what will happen to poor M$ if they didn't have anything to do by way of "upgrades" if everyone who surfed with a license had the ability to stave off all the nasties out there?
IT's a cruel world.
Does it have to be Compulsary?
I think too many people are concentrating on the 'compulsary' nature of Guy's suggestions, but what about non-compulsary training or licencing.
A voluntary government sponsored Internet/Security awareness course akin to the ECDL could be a useful qualification for people to have for job applications etc, and might encourage people to learn these things for themselves.
Also, at the moment Microsoft Windows (or in fact any of the other OS's) don't really include any advice on IT security, and this would be a very useful tutorial to give new PC users when they first switch the machine on.
ECDL anybody ?
... thre is a "European Computer Driving License". Now I have no ide how good or bad this is, but in my last company (selling software to estate agents, who pay peanuts), it wasn't uncommon to have to explain to users how to send an email - it wasn't *our* job, but they couldn't send us a screenshot without it (and don't even start me about talking them through getting a screenshot).
I suggested that we should insist that we would only support users who had gained an ECDL ... an idea which was laughed out of the boredroom. Fast forward, two years, and I had to go on a course for one of the products I develop in, as the vendors will not support anyone who hasn't been on a course ! With some sense, as 95% of the issues I would have raised with their support desk were addressed by the training ....
Instead of farting around with teaching youngsters how to be PC, maybe we should work to ensure our schools equip kids to *use* a PC.
We, the intelligent, DO have the right to call the shots here
1) Those people are operating machines which cause economic damage to their surroundings by spreading spam, phishing email messages and malware.
2) Everyone, them included have to pay for that damage.
3) Non-damaging people are therefore subsidising those who damage
4) I'm f**king paying for your f**king internet f**king access you fat f**king dimbulb. Since I am, I get to say what you can do with it. Get over it.
Another elegant demonstration of logic. Hurrah.
The dog with the universal remit-to-bite
I see no end point to this nonsense.
We all are experts on a very few things, duffers on a lot more, and completely incompetent on huge tracts of action. And everything - from cars and planes down to computers and fire extinguishers - is capable of causing problems.
If I have to be competent before I can do anything, you've closed off the vast majority of human activity to me. And yourself. The details may differ from one person to the next -- the effect is universal.
To milk a poor analogy
Everyone seems to be forgetting that we are dealing with a (perceived) issue that crosses every border on this planet (and what with laptops in space... etc.). It has thus far not even been possible to standardise the road traffic laws across a few borders, so how does anyone think we can get agreements about something like computer networking.
Is the American inclination to think that the internet stops at the border now making its way into the UK?
Just take the safety labels off everything and let the problem solve itself. For a lot of people, idiocy extends far beyond the realm of the PC.
Tests for those in charge of data
Testing the average Joe seems fairly pointless. What is important is testing those who are in charge of sensitive data about many people. For example, secretaries who deal with patient data, or the IT staff who set up computers in libraries. These people could easily be provided with extra training in how to prevent machines being infected and how to encrypt data. Truecrypt is free, FFS.
One very simple thing that most Japanese internet cafes do to prevent viruses infecting their machines is to install a £5 card which prevents permanent alteration of the PCs HDD. Users can run applications and save to the HDD normally, but as soon as the PC is rebooted all changes are discarded and it returns to it's prior state. Even if the system becomes riddled with viruses, one reboot later and they are gone.
Javastation running from (flash?)rom+ smartcard slot for storing your bookmarks. People not licensed to properly mantain a regular computer should stick to online mail and office solutions. We require licensing for weapons. And quite frankly: Some of the users connected to the internet today are capable of weapons-grade stupidity. Given the economic cost of these drone-infested bot-farmers, for the infrastructure itself, we can quite clearly place blame for people loosing jobs on those (their behaviour creates expenses, those expenses cause companies to have to downsize to cut expenses, downsizing creates unemplyment, thus those bot-farmers are responsible for parts of the unemployment).
The only real problem with this, is that MP/RI/MAFI-AA have most of those four still buying their music, among the online population that would be forced to turn off their system, and make a nice, profit of their computer illiteracy, since these aren't capable of using a torrent client, nor are they capable of critical thinking, nor capable of seeing how paying an immoral business (who uses extortion as their weapon of choice) is just as immoral as purchasing goods manufactured using child-labour, or contributing to smuggling.
As long as the media corporations have most of their paying sheep^w^wcustomers among the illiterate, this interest group will use every method (notice: Not every legal method. Every method.) to make sure this group stays online, including keeping their buddies in the "nice-and-shiny-interface-claiming-to-be-antivirus-software"-business well-fed, and keep up the hysteria to get people looking away from the real malware like copyprotection-rootkits, DRM, watermarking, blackmail contracts for the real artists, etc.
So where are we?
The 25% of those on the internet, that would have passed a license test (and 25% is an optimistic number!) agree that the internet would be a better place if we could find a way to disconnect the remaining 75%, preferrably by disconnecting them at the wrists. This is because we are getting fed up calming them down from media-induced hysteria, and cleaning up their computer from their bad habits. The hysteria is about having the shiniest Neat-InSecurity package around, instead of handling the real problem like "clicking randomly at everything on the horizon". This 75% includes most people wearing a suit to work. This 75% usually includes "Your Boss"(TM), and here we again hit a snag. How do you explain to your boss that YOU are allowed to have a computer, because you know the difference between left and right clicking, while he is an incompetent git that has enough difficulties getting a license for humanity, let alone a license to use a computer.
So now we have two major obstacles: Media corporations and most of the suit-wearing workforce. Notice how these two groups are also known as "your company
s owners", and "your boss". Now how was this license thing going to fly again?
Ahh, the solution is simple. Issue real sysadmins the license to kill, not only to use the shell-command...
I know. Coat-time.
Testing users or certifying their computers and software is both unrealistic and undesirable. Sorry, we got used to our reckless freedom and we EMPHATICALLY don't like anybody telling us which OS (apples, anybody?) and programs (OOomydocumentsmustbestandardized) are good or bad for us.
Some very strange ideas
Starting with the assumption that falling for a 419 turns you computer into a bot sort of sets the tone I think. A lot of ranting backed by either little knowledge or major misunderstandings.
Just because you sent someone $2000 in up front fees does not mean you allowed them to access your computer. Yes, you're an idiot if you did, but you're only a danger to yourself.
As already mentioned by someone else, very few people could detect a fault in their "security package". I suspect by the use of the words "security package", Guy is running something like mcafee or norton all in one jobbies, and wouldn't stand much of a chance detecting a flaw either. Sensible people actually pick the right tools for each job rather than leaving everything to a single package or application. A firewall written specifically as a firewall is probably going to do a better job then a firewall written as part of an antivirus.
"anybody who wants to run a machine that can be compromised". And which machines is it that can't be compromised? Perhaps he's fallen for the myth of "you can't make a virus on linux or mac". Maybe regular users are supposed to invest in millitary grade hardware and software (isn't that windows these days?)
On the whole issue of charge per email, how exactly will that fight spam? Spammers tend to make a lot of money from what they do, while the rest of us make no money from sending an email. All this achieves is discrimination against the poor. And it's not like spam couldn't be reduced massively if SPF was actually used on both ends. Judging from the amount of emails I get claiming I sent someone some spam from a server in china, it isn't.
There are a lot of legitimate uses for mass email, from mailing lists to updating dnsbl lists. Do away with such things as open proxy monitors and you've just shot yourself in the foot if your aim is to reduce the damage of bots.
As for privacy being reduced in emails because of spam, did he miss everything since september 2001?
How on earth do you equate someone not willing to register their gaming rig on some international register with not caring about gaming? Not only do you have to give up privacy, but apparently in Mr Kewneys world you'd pay for the privilege. You already have complete anonymity when posting anyway. Unless you are required these days to provide proof of name/address etc when signing up to a forum, nobody knows who you are unless you tell them.
Guy may want facebook, news, and chat, but I prefer to spend my days avoiding mindless crap. Perhaps we can invent a different network for those who think the internet is a giant T.V and phone, and nothing more.
His final remark about leaving a database on a laptop outside Tesco has nothing whatsoever to do with his proposals. He wants to block people accessing the internet unless they pass some test, but this kind of stupidity does not require access to the net.
What a bunch of elitist BS
the core of the argument is that instead of educating users, we should penalise them for their ignorance. you also revealed a surprising lack of IT savvy with your suggestions, beginning with dodgy car metephores and a lack of understanding of how bot nets function and ending with the naive presumption that a locked down internet appliance would be 100% secure. As long as you have software requiring updates, you will require administrative rights in some shape or form. castrating the less educated is not the solution.
the only solution is government sponsored re-education coupled with responsible media behaviour. how many windows users are even aware that they can create a non-admin account for day-to-day use, let alone what that means or that it is advisable? please replace the FUD with knowledge. and for the love of god, if you are going to play the role of an elitist prat, then at least approach the subject from a sound knowledge base.
Other end of the stick.
How about we defenestrate those companies (starting with their entire senior executive, then working our way down their major shareholders) that deliberately and with malice aforethought derail or hold back standards and practices that would make computing more secure?
Instead of blaming the users of the crap that's being made available, how about blaming the companies that have put profit before security? If a car manufacturer did that... oh, wait, Ford did and they profited from it. Never mind. resuming...
Companies that have put crappy, poorly written, easily compromised operating systems up for sale while marketing them as "secure" to a general public that can't know better? Or perhaps blaming the governments have have repeatedly refused to take these software companies to court for lying and cheating the consumer with their practices?
As for "direct damage", talk to the pensioner who just got scammed for most of their savings, or the person who gets jailed because a computer in their classroom is a virus infested pile of unsecure crap. THEN talk about whether there is any real damage or not to allowing these practices to continue.
Heh.. my dear old dad....
... claims that the Government (Capital G) never should have let the public have personal computers. He has his points but overall I think he's wrong - never stops him from asking me to look something up on the net. Cracks me up.
About the "bottom feeders of IT", the tech support types - I was one once upon a time and used to fantasize about black helicopters landing and removing every piece of electronics (even down to the time blinking vcr's), breaking the consumer's little fingers, and never, ever, be able to access the net ever again.
Fun stuff to think about while on the phone with a total idiot bitching about why nobody ever TOLD him about using AV software and why it doesn't "do it automagically".... what ever "it" is that it does... sigh.
People ask why I don't do residential call outs instead of just business clients - I simply don't have time for folks who believe that if they pay you once, it should come with unlimited lifetime support for their machine...
Paris icon because endusers and Paris have something in common - both have no sense and something infecting their "workstations"
And if people are allowed to enter written content on websites...
...they have to pass a basic spelling test!
Obligatory car analogy
Here is a car analogy that is reasonably true.
Scene - The Midlands Car Show Room.
Customer: My friend says that I should buy a car - I want to visit my sister in Brighton.
Salesperson: We have really good cars here. Brighton is a long way, so you will need a comfortable car with a big engine - Like our WinCar. Do you have a family?
C: Yes - I have a partner and 2 children.
S: Oh, our WinCar SuperPlus is ideal for you, it has special shiney stuff to keep the children entertained.
C: Is that it? It looks complicated.
S: No, not really, everyone with children should have one of these. It is very shiney, and will be really comfortable for you all when you go to Brighton.
C: I have not driven before - Is that all right?
S: Yes, it is very easy - everyone else does it. I can teach you the basics here. This button here starts WinCar. See the lever on the floor - push that to "D" when you want to go forwards - If you want to go backwards you push it to "R". Now when you want to go around a corner turn the steering wheel. There are a couple of other things that would be useful - You can make the wipers go if it is raining - All of this stuff is in the really simple manual.
C: Are you sure? It still looks a bit complicated...
S: Oh everyone can do this - You did say you have a friend who knows about cars? They will help you.
C: Yes, but he is a bit busy - He works with cars, and can't always find the time to help.
S: Oh, you will need this book then "WinCar SuperPlus for Prats", it is very good, and will soon see you right.
C: OK - I'll take one.
S: Thank you (trousering customer's dosh), You will really like it.
S: (Sits Customer in WinCar). Oh by the way, when you leave the salesroom, remember to drive on the left...
Tim (The Car Expert) - Hat, Coat, Exit, pursued by a lemming.
Barking up the wrong tree...
If you want to compare surfing to driving, then computers are no where near the standards of a car. A car has to be fit to drive on the roads. Cars are equipped with all sorts of safety devices. You don't have to pay a monthly subscription to make sure your car doors are locked. Your car won't crash for no reason. You don't need to update your car to run on newer roads. If you buy a new car it won't have a completely different layout. Being the 'administrator' of your car is not a security risk.
Have you all gone mental?
Or am I completely mental? I was under the impression that Register readers were IT professionals. At least 50% (source: my hat) of IT Professionals rely on clueless users to make a living (and I'm not just talking about helpdesk folk here). Isn't that the point of development - taking something difficult and making it easy? What we really need to fear is the day that users aren't screwing up because we'll all be out of a job.
save us all from.....
all this nonsense.....
i have never read such utter drivel in all my life......
the bigest issue i have with my home computer network is the kids pc, but even that took one hard lesson... opening a file someone sent her, a so called friend. The pc became so screwed up, it would not even start in safe mode.... so a format and re-install it was....
I know i could have saved all her photos, emails, homework bookmarks and other assorted stuff... but i decided to make the lesson even harder....
now, she takes the advice, close any popups via the X.... dont open anything any one sends you, unless you virus scan it... and ask first what it is. and 9 times in 10 she will ask me first..... from the hardware firewall, she only has one open port to the WAN... port 80... she only has web access up to 9-30 at night... and all msn chat logs are saved in a location that we can check them over when ever we feel like.... plus a long list of other rules regarding net access....
the upshot of it all, is a 12 year old child that will grow up with the understanding of computer security.... lol, she even reminds me about the antivirus updates, and is aware of 'update tuesday'
the answer is in education, and hard lessons, but there is no need for any new licences... bloody hell, how many licences are you going to need in this country....
so far, the number of licences i have had to obtain is 8... and that is just to run a small B & B.... the total anual cost of these licences is over 1000 quid... one of them is so i can play 'original recordings' on a CD player in a dining room... another is so i can serve hot food after 11 pm
When I got a 28k8 modem & a Demon account waaaay back in '95 I knew very little about the internet but I learnt quite quickly that it's basically a mirror, a mirror of humans and their achievments, accomplishments, failures etc.
The net was still farily much in it's infancy back then so generally the people who were online were those who knew how to operate computers becuase there was no cushy interface like Windows 98 & onwards to get email, browse the web etc.
But then slowly the unwashed masses appeared bit by bit and then in droves and now we're flooded with the fuckwits, mainly started out with people (mainly kids) getting modems for christmas and then the Eternal September decreased the average IQ of all internet users: http://en.wikipedia.org/wiki/Eternal_September
I don't know what can be done about educating users not to click on bad links, how to avoid becomming a bot zombie etc. but something does need to be done by someone with the ability (not Microsoft, they've caused enough problems already)
BTW, I still use the same email address since joining Demon, my spam levels aren't great but I'm not flooded by them, partly because of the Brightmail filter Demon use.
Q: What's the difference between intelligence and stupidity?
A: There's a limit to intelligence.
I call BULLS--T!
It's been a while since I last read so much bulls--t.
So yes, BULLS--T has been declared.
Prove me wrong.
"Very few computer users even know how to detect that their computer is running malware, let alone find the malware in question, let alone eliminate it."
My point is that MS have MADE it impossible. It hides extensions, Win98 hid files if you installed WMP (you cannot see them unless you boot clean into DOS, but not if you open a cmd.exe in windows nor if you drop to dos from win98). The system is hiding things from you.
All a virus writer needs to do is work out how to hide their malware in the same way and the OS will prevent cleaning up.
And it's only gotten worse.
As to the TPM, that is giving the computer to the manufacturer or ISP and them letting you use it. It only works if YOU THE OWNER are in control of TPM. But that doesn't help MS and it doesn't give ISP's power, so it's not going to happen.
Competence test before "Use"
C'mon Guy. Some people ought to have a "Competence test" before they're allowed to procreate.
No, but I also think we should eliminate speed limits and seat belt laws.
I don't agree at all, but I also think we should eliminate speed limits and seat belt laws. If the road is empty why can't I drive 120MPH?
Aside from SPAM that I've had moderate success at filtering, none of these people has caused me an issue. Haven't had a virus since 1988 (damn floppy disks.) SPAM is a specific problem that needs a specific solution.
re: Charge for e-mail
Better: get the ISP to pay the penny.
If the customer pays, the ISP doesn't care. If the ISP pays, they'll inform the user, block them or sandbox them. It will also shut down spammer-friendly ISP's that don't care if someone is paying a lot of money to them to host their site that spams people, hell, they're getting paid.
> I'm surprised no one has suggested that the problem should be eliminated at source.
...and so was I, until I read your post and just a couple of others which spotted where the *real* problem lies.
It's very unfair to expect users take steps to guard against faults in the OS but since Microsoft is uninterested (or incapable) of properly dealing with them, the user gets it in the neck as usual.
"It's because some idiot decided that, because fire doors should always be closed after use, they should not have any way to latch them open during use."
Ahem the door are closed to prevent the spread of fire. that idiot would be the fire Marshall. Oh and there is no latches to to prevent people from leaving it open.
But hey if you know some thing I dont know I'd like to hear it.
"Surely, if ISPs limited CC emails to 20 a day and charged 1p per email CC thereafter, most spam would dry up?"
Who uses CC these days except cardigan-knitting office women? Not to mention, a large number of people use Gmail and such for their email, not their ISP's service.
Surely the author wouldn't pass this computer competence test he himself suggests.
We need some sensible restrictions now...
... before the terrorists that govern the country bring in some utterly repugnant piece of stupid, moronic, misconcieved legistlation to control the "terrorists/peodophiles/criminals".
We should start by mandating that all PCs should start life in a locked-down state.
If the user lacks the competence with a PC to open it up to de-neuter it, they aren't savvy enough to be allowed to use it in an open manner.
Email White Lists - Only permit users to send emails to those people that they know
Digital Signatures on email should be mandatory.
PGP would be nice, too.
ISPs to be made directly responisble for BotNets on their systems. Make it hit their pocket, then they'll control their users. £1000 per incident per connected node - That will definitely get their attention.
URL Whitelists that will limit the users access to any dodgy domains.
And before any bleeding heart liberal starts bleating; most of the neutered won't even notice anything anyway - except that they won't be able to get anymore cheap V14gr4 anymore!
@Robert Cross (re: no su on XP) and ECDL
First off, I've taught the ECDL. It's eminently basic - how to open Word, how to format bold and italic, how to check for and send an email. We need something broader - into security apps and the theory of viruses, perhaps.
As for "OMG HELPZ0RZ tehre's no SU on XP and I have to runz0rz as ADMINZ or not at all!!11!!1!!!", that's what the context menu is for. If you need to run an executable with admin priveleges under a limited user account, simply right-click on said executable and select the option "Run as...". Then you get to input your admin login and password to run said executable. Just the same as, *gasp*, Linux. I'm constantly surprised at how often this is thrown up as a defence against Windows/for Linux. Education before speech, my friend. Grow up.
The real question is how come young goats are using the net?
"Every time some kid clicks on a phishing link ..."
I am in two minds about this really - it is not just young goats clicking the phising link :)
I don't know how you would train people to avoid that,
I think the test should involve installation of the operating system.
The word processor only being unlocked when the person has written the equivalent of War and Peace in a text editor.
The person should have learned and demonstrated to accompany any requests for IT support with various <strike>bribes</strike> offerings.
Any use of Visual Basic to be accompanied with an electric shot, each time the hand reaches for the mouse.
If they won't use unix, they have to use DOS for the period of one year and pay the princely sum of 1000 GBP for it.
But hey if you really want to stop cracking then really all you have to do is recognise the little technical geniuses as they mature, get them some decent jobs doing some decent work for, and
importantly, decent pay and reap a profit margin. Every country should nurture and grow their technical future, not offshore it, bring it back, outsource it, offshore and bring it back again.
What happens is people in IT in various countries keep getting the boot, then have to start the merry go round again. A lot just think, hey it is easier to make a buck on the other side of the tracks.
But, if you want to put a test in to give IT control over the sector then sure, but the test should be lead by the IT sector, not the legal sector, not the government sector, not for the love of all things digital the academic sector, but the IT sector looking after ITself.<--- see what I did there.
"As to the TPM, that is giving the computer to the manufacturer or ISP and them letting you use it. It only works if YOU THE OWNER are in control of TPM. But that doesn't help MS and it doesn't give ISP's power, so it's not going to happen."
Sorry, can you explain your point?
Bad idea, but not for business/consultants...
Driving tests, along with any other competence test required to do something (ie. MOTs, dog owning, medical, legal and engineering licenses) are about preventing actual bodily harm to others - this keeps society running smoothly as idiots aren't depriving society of anyone but themselves if they mess up.
However, there is little net gain to society from enforcing basic computing licenses - a slightly faster Internet connection and a few less clicks to filter spam. Especially when compared with the massive infrastructure and privacy invasions required to maintain the licensing scheme (just look at TV licensing) - the costs far, far outweigh the benefits.
The issue of certification isn't entirely moot, however - the lack of respectable and enforced certification programs for IT workers (outside of certain niches) means that it's possible for anyone to walk into a business, talk up a storm to get hired and destroy a business very quickly through incompetence.
It also means that wages are kept artificially low for high-skilled workers as high-school kids and people in the third world can ply the trade for peanuts to end-users who can't tell the difference between good implementation and bad until their business is almost dead due to bad IT implementation.
IT systems are some of the most complex ever devised by mankind (50 million lines of code/working parts in Windows Vista, compared to a few dozen in an internal combustion engine) yet you need less qualification to ply the trade than a McDonalds burger flipper with a basic hygine cert.
Alas , I always remember a certain tale of a French Industrialist in post war France running a certain large European Car Company whose unfortunate founder was beaten to death as a collaborator by an enraged misinformed mob of twerps and the idiot doctor who refused to treat him at the time for the very same reason leaving him to die in agony , nice doctor indeed(I hope he died ashamed of his stupidity when the truth about the company in question during the troubled times eventually emerged) !
Anyway to cut a long story short one night whilst driving home in the companies car with his heavy case he carried with himself everywhere was put on the back rear parcel shelf ! To avoid some obstacle or drunk lying on the road he swerved and then ran off the road and came to rather sudden stop with very minor front vehicle damage and the unfortunately for him the unrestrained case flew forward like a lethal missile to strike him on the back of the neck and head killing him instantly !
A good hint never to place any object on the rear parcel shelf or carry it unrestrained on the back seat either any car at any time , for speed does not kill but the sudden heavy deceleration forces do the deed !
I am self taught in almost all of what I know of computers and software, had I had to apply for a test when I was a young'en then I would have failed, then.. well you see why this is a Bad Thing :)
Competence test for using the internet.. that's a different matter.
Legislating common sense
Just doesn't work. It never has, and never will, which I guess is most fortunate at times. While we here in the USA attempt to do this all the time (low flush toilets, etc.) it never works. Having a license to "operate" a computer isn't going to make the user more competent. There are companies that attempt to do this by conjuring up certificates that imply some sort of competence (MSCE, or some such). All this does is build up a budding industry of selling books and test helpers (MSCE made easy, MSCE in n days, etc).
The best suggestion I saw was to eliminate all the warnings and let the Darwin awards take over. Unfortunately in our (USA's) litigious society it won't work too well. Witness the number of stickers that are on a step ladder next time you use one (or pass by one in the hardware store). Ladders have been around for thousands of years, but with all the warnings you think they were invented yesterday. Oh, well.
Common sense can't be legislated, and it is useless to try. Lord knows the French system of laws makes an attempt.
Good point made above
First you should license the people who sell the computers, then the people who support the computers, then you can get to the end users. With tech support being outsourced to unskilled workers in whichever country is cheaper this time, with ISPs specifically refusing to employ IT skilled helpdesk staff because they might deviate from the official line, it's way too soon to start blaming the users.
'Allowed to live' test?
A short list of people whose stupidity and ignorance either directly or indirectly causes avoidable human and suffering deaths:
People who don't recycle.
People who voted for Tony Blair.
Daily Mail readers.
Owners of diesel cars (particulates from dirty diesel engines cause hundreds of deaths in the UK every year).
Anyone who has ever bought anything made in China.
There are more, but I think that pretty much covers the entirety of the rich part of the global community.
Clicking the wrong link costs us money, but it doesn't cost lives in the way that the above activities do.
Well, I only fall foul of one of those (after all, who can honestly say that some item they've never bought wasn't made in China - it's damn near unavoidable), so am I still condemned to death?