“Is there a way to build a better, smarter user?”

Humans are the most hackable item in the information systems bus. We can patch and anti-virus and firewall ourselves stupid, but one human clicking still trumps all that.

Pete Herzog has a seminar called “Smarter Safer Better” (see http://www.isecom.org/seminars.html), a title that eerily presages this recent DarkReading article (thanks to Herbbie), When Will End Users Stop Being Fooled By Online Scams?” at http://www.darkreading.com/security/attacks-breaches/240002116/when-will-end-users-stop-being-fooled-by-online-scams.html.

So when author Tim Wilson poses this question…

Despite millions of dollars in security tools and hours of awareness training, many organizations still find themselves breached by phishing and old-school social engineering attacks. Is there a way to build a better, smarter user?

…I can at least say I do know of one proven effective training. Proven effective humans, on the other hand, are very hard to find.

Anti-Exploit Protection software: another layer for Windows?

So, should we add another layer of protection to Windows? CrystalAEP, and “anti-exploit protection” product, thinks we should, and they make a good case. You can see their product at http://www.crystalaep.com/index.html. The idea is good: prevent drive-by installation or execution from the web, similar to the old Execution Prevention strategy of Unix gone by. Not on the approved list? Sorry, can’t execute!

The question is, does another layer of software make Windows any safer? Or is it just another mass of code to exploit, another product to keep patched? Good question.