Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

End User Education - Waste of Time? 4

Status
Not open for further replies.
For years now, I've been watching people obstinantly refuse to learn even the basics of computer operation. Many even seem incapable of grasping the concepts. How many people do you know that insist on opening every single e-mail they get? How many are utterly "click-happy" and go after every pop-up and ad they see? I've come to the conclusion that systems will never be safe until we can take the end-user out of the equation somehow. I'm forced to agree with this article:
What do others think?


Jeff
The future is already here - it's just not widely distributed yet...
 
Click to expand...
A good article. The organization that I work at currently, has what the article suggests in some aspects. Any incoming email goes through a screen and if something is detected, that e-mail is quarantined with a note sent to the recipient. So far I have received two e-mails that it stopped due to possible spam. In both cases it was correct and they were flushed.

I can see ISP's offering this service in the not to distant future. I think some may already do in some way already.




[Blue]Blue[/Blue] [Dragon]

If I wasn't Blue, I would just be a Dragon...
 
Many security issues are really a fight against human nature and bad habits.

Rather than dealing with the weakest link (people), the article is right to direct our more productive attention to infrasture proxies and other macro approaches.
 
lol, you can't save people from themselves, whether its fastening a seat belt, wearing a motorcycle helmet, or opening an attachment.
 
crow053,
That is the best analogy I've heard in a long time. I totally agree with the direction of the article, and the direction of this post. I don't necessarily think that a person has to have OCD in order to say "Oh, I think I need that download manager thing" or, "but I like the little purple monkey on my desktop (bonzibuddy, was purple wasn't it?)". Education of the users will never go away, as time and time again, we must hold their hand (or close our eyes and hope for the best) while they click away. I for one think that the article implemented would be great, but it still won't stop the malware/spyware. That in itself is another nightmare.
 
Mmmm read the article and although it seems well intentioned, is a little naive. What happened if I wanted to send a .pif,exe,bat or scr with no intent of harm?
Another problem then arises, what I call the Volvo (or US the SUV) syndrome. They make them bigger and safer and as a result, the owners decide they no longer need to indicate, stay in lane or bother to take care at junctions, becuase as they see it, their car is safe, so there is no need.
Look at it this way, if the users belive that all virus and worm threats are done by the ISP then they will open everything,because everything has been scanned hasn't it?
As a major company, we tend to get hit by viruses within seconds of them going live. More often than not firewalls, mailsweepers etc pick them up, but sometimes, the attack is so new and quick, that there are no detection facilities availible, so we have to rely on some common sense on the users behalf.
What is needed is a balanced approach, which involves everyone.
Microsoft are doing there bit making the firewall on by default in XP sp2 and releasing patches.
Companes and end users need to practise caution in opening attachments. Our company has a simple attitude to these problems. We force their pc off the network and inform their manager of the situation. We then make them wait for us to fix it.
ISPs can do more, maybe scan for Viruses, but not block harmless files. I'd say more important than this, is look for machines that are scanning networks (either port scanning or pinging) and block their access untill they supply the isp with a good reason for doing it.Maybe go as far as saying that you are no allowed to have access until you have a firewall and even some form of av in place. It would cost them much to supply these as part of the package the give you when joining. After all many worms now no longer rely on someone opening an attachment.

Thats my rant over :)

Stu..


2 decades from retirement, 2 minutes from a breakdown
 
Reasons like this that I try to keep ghosted images of my C drives, keep decent backup copies that are restorable, and pray for the best.

Users never seem to notice the job you're doing if you do it correctly, but, let something go wrong and suddenly you're the person of the moment.

I am now trying to think proactively rather than waiting until the shoe drops on the next disaster.

Good luck. When you find a magic answer on how to educate the users, please let me know. I fight this almost daily.
 
I find yelling like a maniac at a user in front of everyone in the office when they do something stupid has the desired effect....

Just kidding.. but how tempting... :)
 
karenannette,

That is a large downside of our industry. If a network/system admin is doing an awesome job they are never seen. If an admin is doing a horrible job they are always seen running around putting out fires.

Rhetorical question...Which gets promotions and/or raises quicker? The admin management sees running around fixing problems or the one they never see?
 
I think trying to educate the end user is the biggest waste of time. It's human nature to be curious. It's our greatest strength and greatest weakness.

I've settled on the idea that security MUST be accompolished through technology. The network must be locked down to prevent bogus e-mail from coming in, lock down desktops to stop unauthorized program installations etc. etc.

Steven S.
MCSA
A+, Network+, Server+, i-Net+
 
I used to work at a place where, at the help desk, there was a classification of PEBCAK
(Problem Exists Between Chair And Keyboard).

We used it a lot!
 
I like the classification ebkac (Error between keyboard and chair). or Id10t pronounced I D ten T error. However, we aren't allowed to use these terms as they are not politcally correct. But how else do you phrase it when you ask the client(user) to power off(shut down) their PC and they click on the monitors power button.

Training, even by IT staff came become a costly waste of time especially if there is a high turn around in staff or changes to what they need training on ie. server access,login. Remote Desktop utilites ie Altaris, SMS, PCANywhere etc) are more valuable then training uses on many issues. You save the time running around, you see extactly what their seeing and while resolving the issue you can coach them on what they need to know. Just my opion from my environment. It works for us.
 
Good topic! Apparently educating end-users is not to be done, as they might get offended once we have to tell them that MSN messenger is not an appropriate tool to use at work. Or that surfing car site for hours, thus infecting their systems with multiple trojans, is not exceptable.

here, things are so pathetic that one weekend, major work was done on half the users PC's. On Monday morning the person who did the work had to send out an apology to the end-users. Why? Well they didn't know how to log back into Windows!!! No joke. Imagine having to apologize to people because they are too slow to catch logging into their own machines.

Seriously folks, the way I look at it is, if the end users don't start taking some responsibility for their actions and inactions, nothing will get better for us, the grunt workers. I say empower the users with some knowledge, then at least their is no excuse for their mistakes.
 
Two Words: Security Policy (an effective and utilized one that is)

Most people don't exactly put their security policies into place. They're kept in some drawer and never ever enforced. I for one, strongly believe in an effective security policy to almost 'force' users into knowing certain tactics about computers before their confronted with something they don't know..

I've got a very detailed part of my policy that deals with email and internet etiquet. And I apply it to! All you gotta tell them is you can see EVERTYING that they do as well as put it in black and white in the policy.

snoots

Oh yeah, i also agree that the ISP's should be helping with the filtering.
 
Security policys are the answer for certain. Solid, well known and circulated security policies which the users must sign when coming on board.

We're finished developing ours. We already have an Internet and e-mail policy, which most people don't bother with because the bottom line is, they are never responsible for their actions *Ugh*
 
Ah, they THINK their not responsible. But the a good policy should say "....the user may be held resposible for their actions and stand grounds of punishment of up to termination." The word Termination is enough to get any employee's blood pounding hard. Hard enough to pound sense right into their heads so they aren't screwing with the IT department!
 
True enough!! Or perhaps an eject button which causes them to eject out of their chairs upon breach of said policies.

hahahaha. Yes, termination will get them a tad scared I would think.
 
Shooting them through the ceiling might bring in some serious legal issues that the policy can't cover.. Unless of course they know the consiquenceses prior to the event! Brilliant!

I wonder if the government would let ISP's filter every email message, ip connection and transfer, and just everything that passes through their systems. Cause whoever said it before, the local computer virus scanners wouldn't be needed. Thus, freeing up more resources. Who the hell wouldn't wanna do that?!?!

Anyway, I guess it's kind of like a monopoly..
 
Hmmm, just throwing out an opposing view for arguement's sake - let's NOT educate the end user.

First, it is too difficult. If you're in a shop that doesn't have a training department then you will have to train the users. That can be just as frustrating as dealing with the id10ts (we use that one as well) and that's not even mentioning the time you'll have to take to prepare for and teach the classes. If you do have a training department then they'll have to remain up to speed on all of the latest changes. Why should I upgrade to XP? What should I expect out of XPSP2? How do utilize InfoPath? I don't know about you, but my training department is too busy organizing 'Phone Skills' and 'Basic Typing' classes to make time for more advanced topics.

Second, I want to keep my job. The more id10ts there are the more work there is for me. Without the id10ts I wouldn't have a job. Sure, they make my job more difficult and frustrating, but at least it's a job. Setting up a system can be relagated to contract work. Maintaining that system just about has to be done on-site. If the users are more technically savvy there won't be as many problems. If there aren't as many problems there won't be as many of us.

Where is the balance? Smarter, less problematic users OR users that create problems/work? I'm reminded of a scene out of The Fifth Element where Gary Oldman's character explains that he creates life through desctruction. If no one ever breaks anything then no one is ever paid to fix it.

$0.02
 
Status
Not open for further replies.

Similar threads

2
  • Locked
  • Question
Loss of my privacy
Replies
12
Views
781
Rick998
Rick998
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
284
Johnkite
Johnkite
Shmid
  • Locked
  • Question
Hi We´re thinking of enabling Ac
Replies
0
Views
193
Shmid
Shmid
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
230
nnaarrnn
nnaarrnn
jsaad
  • Locked
  • Question
udp timer
Replies
0
Views
179
jsaad
jsaad

Part and Inventory Search

Sponsor

Back
Top