From: jeremy hunsinger <jhuns@vt.edu>
the problem with the body metaphor is that it is quite hard to seize total control of someone's body and mind... but it isn't that hard to take control of a computer, even without any virus, etc.
True, but I really liked the body metaphor, especially from the threat model perspective and looking at how people behave. I would venture that people approach computer security risks more from a hygiene perspective: * Many people have a vague idea of how [security flaws/illnesses] happen * There is a lot of misinformation, made manifest through behavior that an expert would consider irrational. * It's correlated to a degree of trust: we won't get infected by people we're close to * There are plenty of media scares that lead to * Over-estimation of rare risks (credit card theft, getting AIDS by using a public restroom), and an under-estimation of the damage from common behavior (not washing hands, opening an unexpected attachment) * The overall system has proven to be very resilient, but it's very easy to concieve of catastrophes. ...and we can even prescribe secure behavior in terms of hygiene: * Don't download or open files that you don't know to be clean * Use professional [security/medical] services every so often * Keep informed from _reliable_ news sites /\llan Allan Friedman Pre-Doctoral Candidate, Public Policy Kennedy School of Government, Harvard University