You Can’t Depend on Antivirus Software Anymore

[shmu26]

The shame depends heavily of cultural context. So, it could work in Japanese enterprises 50 years ago. But, now people are not shameful, especially in the private sphere.

point well taken, I didn't say it in the right lingo. I am coming from a different cultural context. The modern way to say it is to "de-legitimize" behavior.
Yes, education is essential, because you can't do what you don't know.
But to deal with the human factor, we need to change the current paradigm. I suggestthat getting infected should be "de-legitimized"

 

[Paul123]

It's that kind of fear that sells AV software more than viruses.




Basic awareness is all that is needed to keep those who wish to act wise, wise. Acting contrary to that wisdom (and people will; we've *all* done it) is what invites trouble.

It's not like awareness of VD/STD/whatever-it's-called-now prevents the spread of it.
It's not like understanding the "birds and the bees" prevents unplanned pregnancy.
Such is the same with malicious logic; that's why it works.

I've never come across a compromised system that didn't begin with "Well, I clicked on..."

The problem is, with the proliferation of phones and iPads IT awareness is probably becoming less, as the workings of the O/S is essentially hidden from the user. Maybe the answer is Apple's paradigm that you get everything through the store (ensuring its been checked by Apple first). I'd hate that though as it gives Apple exclusive power over software developers (such as for example f.lux, which they refused to have in the store, but then introduced as their own idea in their O/S), but I can't help feeling that is what Microsoft want to do too.

 

[Paul123]

But to deal with the human factor, we need to change the current paradigm. I suggestthat getting infected should be "de-legitimized"

Not sure that would work. If a company is infected it is de-legitimized as it shows sloppy security, but most companies will pay a ransom, rather than have their names plastered over the paper's as having fallen for malware or viruses. Paying ransoms only encourages further attempts by hackers. 'Shamed' people are far less likely to seek help to solve the problem.

 

[shmu26]

Not sure that would work. If a company is infected it is de-legitimized as it shows sloppy security, but most companies will pay a ransom, rather than have their names plastered over the paper's as having fallen for malware or viruses. Paying ransoms only encourages further attempts by hackers. 'Shamed' people are far less likely to seek help to solve the problem.

could work for individuals, though, if people stop looking at themselves as victims and start reflecting the blame back on themselves.