Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

End User Education - Waste of Time? 4

Status
Not open for further replies.
For years now, I've been watching people obstinantly refuse to learn even the basics of computer operation. Many even seem incapable of grasping the concepts. How many people do you know that insist on opening every single e-mail they get? How many are utterly "click-happy" and go after every pop-up and ad they see? I've come to the conclusion that systems will never be safe until we can take the end-user out of the equation somehow. I'm forced to agree with this article:
What do others think?


Jeff
The future is already here - it's just not widely distributed yet...
 
That's true, but in the sence of 'common sense'it's a good practice that users no what is good and what is bad.

Don't get me wrong, i love my job and i agree that id10ts keep me busy, but there's nothing worse than loosing a busy arse server in the middle of the afternoon cause someone opened a dear john letter from someone they thought they knew and it endedup bringing the system to it's knee's.

Just because users know whats good and what's bad in email, doesn't mean they aren't gonna still break stuff.. ya know?

As long as M$ keeps making their software they way they do, we shouldn't ever have any worries!

"ooooooooo, they added a Junk folder in Outlook 2k3, how protective!" erm..
 
again, just playing devil's advocate...

If you have a problem with users opening email attachments...filter them.

If you have a problem with users launching incorrect apps...deny their rights.

If you have a problem with users browsing for porn...block the sites.

Fortify your position while weakening theirs.

By the way, as I write this I feel more and more evil.
 
hey Mich, is your password "God" by chance??? LOL
 
Don't get what I say wrong, I'd rather work in an environment where the users are educated then not. The more educated they are the more real the problems are,ie. instead of talking someone through mapping a printer, because they lost their profile(Windoze world) I'd rather work refining security profiles, researching ways to optimize my systems.
[cheers]
 
I think when the users realize that we can actually monitor their web searchs, as well as filter their e-mail (we have a good spam filter and loads of 'juicy' e-mails get caught in it) then they may just start playing a little safer with things.

Alas though, there is always someone begging to have their Internet connection removed. ;)
 
My favorite email to send out:

"Will the individual responsible for clicking the attachment that turned our Exchange server into a porn-relay please commence with the walk of shame to their network administrators office?"



The tell-tale sign of a properly running network is a bored network administrator!

-Shrubble
 
In general, I have found that companies where the IT department can work with Management down have a good success with end-user education and behaviour. Rather than you having to take drastic actions, you talk to the users manager and things work out very nicely. Where the manager is the offender, talk to whoever is higher in the Organisational chart.
Now this is not always feasible but I've worked for large companies where the CEO/President understood this and with a nice directive email from them to the company (written by the IT department!) we have worked wonders with policies, standard operating environments, disk quotas etc.

Have users screaming at you that they want this or that etc and need it now, ask them to get their request authorised by their manager and sent to IT. I have had many calls like this where once the manager authorisation was requested, it turned out that "maybe it isn't that important now". Explaining to managers for example that the "critical" software one of their staff wants to play around with will cost $30,000 in licence fees brings an end to the "critical" part quite fast.



Claudius (What certifications??)
 
So this wasn't the best thread for me to read this morning, but I guess it is too late now.

I am going to try to stick with the generalities, because I have met a few individuals who choose not to learn, and choose to generally avoid computers. Nuff said. They are and will always be individuals when it comes to computers.

Most of the people I have come into contact with want to learn. They want to know more about how to use their computers.

I am going to be honest that I don't subscibe to the problem is the user. The problem is us. We all know the what end users can do, and will do. How do we lessen what they do?

There isn't any of us who hasn't dealt with a person who just had to open that one email, but how do you deal with it?

I had one of the most success anti-virus programs that I have ever seen. 95% percent of it was just educated users.

I have seen many rewards from training users, and they have pushed me to learn even more.

Craig

 
In my office I keep Images of all the hardrives so that when someone goes "click happy" there is always a quick fix. As for e-mail atachments it is easy to have end users rename .exe to .exx, and so on, for internal atachments. If you block all .exe atachments at the e-mail server after awhile the end user eather learns to rename, or gives up. Eather way workes for me.
 
I think that this article and discussion will only be applicable for a few more years. Kids are growing up with a mouse in their hand instead of bicycle pedals under their feet. Companies like mine have learned how to restrict their "click happy" users without letting them know they've been restricted (with the use of basic block lists, firewalls, and other security methods).

Once the (l)users have been cycled out, it's a pain we have to deal with, but only for a limited time.

:)
 
Another issue is the size of the business and the number off staff. After all if you have 50 users and 2 IT Staff, then education (and chastization) is not that big an issue. However if you have 5000 user and ten IT staff, then education is no longer possible, so you rely on IT Policies, filters etc.
I put users in 3 catagories.
The dumb and technophobe. A pain but only a low risk, as they tend to listen when you say NO!
The computer savy. The ones who have hardware firewalls, spyware removers and a/v software on the home pc's. Usually a safe bet.
Then the most dangerous. The know it alls.....
The ones who say they know all about safe surfing and they they are ok as they have a cracked version of a firewall, a spyware remover they got of a russian warez site and a free antivirus software solution with monthly updates.
The latter should have private parts attached to the mains and the power flicked on!
Rant pt2 over...
Stu..

Only the truly stupid believe they know everything.
Stu.. 2004
 
My users know that if they fail, they will be working on a TYPEWRITER, Murder She Wrote style.


Dev
 
I like to take direction from a certain Mr Travaglia in these cases myself...


[joinedupwriting]
"whaddaya mean, 'invalid tag'?!?"
[/joinedupwriting]

[lightsaber]
 
My users know that if they fail, they will be working on a TYPEWRITER, Murder She Wrote style." That's awesome..

I've been thinkin lately about educated my users on the increasing number of Scam emails. I had a lady get a fake lottery scam message about two months ago. All she had to do was send a response to the message containing her back account number and any pin numbers, and they'd kindly deposit the $17 million for her! She was frickin extatic, but thank god she ran it by me first. she was nearly in tears when i told her the truth behind it... THEN! a month later she got another one, and she was all excited again!! OMG!!!

Anyway.. has anyone done anykind of traing for their employee's that's more on a personal protection level rather than just business?

-snoots
 
snootalope

I do this daily! My users are as up to date as I am on the latest scams and viruses. I send out notifications of viruses so offsite users will know to update virus defs NOW. I send out notifications of scams and spams so my users know to not open them and so they know how to recognize these e-mails as easily as I do.

I claim to have the smartest group of users any admin has ever had. We haven't had one instant of a virus, no victims of fraud, no phishing expeditions.... I just love my users because they're as smart as I am.

Er... well, they're probably a little smarter than I am since I'm just the sys admin.

:)
 
So how do you educate them? Do you just send an email saying some south aferican freak is trying to send ya'll 23 billion dollars, tell him no. Or do you send em' to some updated site?

Is it appropriate to send a link with your messages that sendst the users to a site that explains these messages? idk, that kind of sounds like you're encouraging users to surf the web at work! that probably wouldn't slide with the folks on the top floor!
 
An educated user is a safe user in my book.

Yes, I just send an e-mail out telling them about the "419" scams. I send links in addition to the text from that link with all e-mails so they know where to go for more information. They also know that I'm including as much information in my e-mail as there is on that site. I also realize that my e-mails are often forwarded to their friends and family, so I also put a date in the subject so if something comes back to bite me, I know where to look for the original.

Since the folks on the top floor are up here with the rest of us (2 story building), they receive the e-mails just like everyone else, and they're usually the ones found looking at the site I link to!

HTH
 
Sorry, had to post again.... Below is a sample e-mail of what I send out. This one went out for the MyDoom virus with the subject 07/26/04: Very Urgent Virus Alert - MyDoom-O

The W32/MyDoom-O worm travels in the form of an email attachment (mainly .zip files), attached to a message pretending to be from the user's internet provider's or company's support team saying that their PC has been used by hackers to send spam.

The MyDoom-O worm can generate a number of different emails when spreading itself. A typical example sent by the virus looks as follows:

Dear user <email address>,

Your account was used to send a large amount of spam during this week. Obviously, your computer had been compromised and now runs a trojan proxy server.

Please follow instruction in order to keep your computer safe.

Have a nice day,
<domain name> user support team.

So, if your email address was John.Smith@XYZCorp.com the email would be signed from the "XYZCorp.com user support team".


PLEASE DO NOT OPEN ANY .ZIP ATTACHMENTS THAT YOU ARE NOT EXPECTING, even if it appears to come from someone you know!

Please ensure that you have updated virus definitions/subscriptions for your selected antivirus program. Should you have any questions, please let me know how I can help!


Then I back myself up by helping when they have questions, which is always. No questions and not reading the e-mail means they incur the Wrath Of Dollie, which means they are made an example of at the next staff meeting (which has only happened once!).
 
I work in an educational environment where we not only have the usual staff and faculty, but a revolving door of students, so user education never ceases. As for the virus problem, we have multi-tiered protection. We have an Intrusion Prevention System which besides blocking other attacks does block email viruses as well. Then we make use of SBL's and XBL's from spamhaus.org that adds yet another level of protection as it will not only block known spammers, but block known senders of exploits and such. Then we have our email system making use of two anti-virus scanners, quarantine on the email server for suspicious emails, and then should it make it past that, users have anti-virus. The onion model is your friend. ;) Anywho, enough on that.

As for user education, I think it is paramount. Users need to know the legalities of P2P programs used to download illegal music and software. Users need to know that they never ever open an attachment from someone they aren't expecting an email from and to never open attachments with known bad extensions (this is easier to get across than some might expect). Users need to know that spending their time browsing for online poker sites is bad. Users need to know that clicking before looking is not a good thing™. We'd be out of a job if we didn't teach our users because managment we complain about not being able to get their email due to the network pushing 1mb/sec from all of the spyware floating around. ;)
 
I am a very basic user, but haven't had a virus for over two years because I don't download my email. I just leave it on Yahoo network. I know that all u IT admistrators have a miriad of problems with user education and am thinking my solution might solve alot of your problems? Is there a way to lock out users from downloading all together? U can keep their email on your network or yahoo or another free vendor.
Please ignore this post if it is too seriously ridiculous.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top