Tuesday, December 8, 2009

Smoking doctors vs PC users

You know, I get one of these Greg House moments every once in a while, and this time it just happened to be when a friend on Twitter (@falconsview) brought up an interesting question... the train of thoughts went something like this:

ME: Looking down from doctor's office at a bunch of doctors at the back entrance of the hotel ... smoking.
@andrewsmhay: "ah, but at least they know, and accept, the risk (as stupid a risk as it is)."
@falconsview: "can you actually say that people "know the risk"? I mean, really? people tend to be v bad at estimating risks..."

We proceeded to poke fun of doctors and how they probably get a discount on cancer treatments and other rather tasteless things ... but this stuck with me.

As I was sitting in traffic on the way home I thought to myself ... "self ... you know this could really apply to the user categories in my previous post!" ...

How many people think they understand the risks of what they're doing when they use their computers in an unsafe manner yet in reality have no idea how big the risks they're taking?

For example, a very close personal friend of mine does all her life on her laptop - yet when asked why she doesn't back up her response is "it's no big deal ...".  This demonstrates a clear lack of understanding of the risks of the digital age.

Think about it this way, everyone that you know that has a computer, especially those that are not-so-tech-savvy probably thinks they have some clue on how to be safe.  They may even think they understand what it means when all those pop-ups asking them to make system changes pop up.  They may even fool themselves into thinking that they understand what's going on with their computer ...the reality is 99.999% of them don't.  I'd be willing to make a wager on that.

The solution?  Maybe Best Buy and the other PC stores should sell a free 1hr "class" with each computer.  This class would illustrate the risks of using the PC, and how to minimize un-necessary risks maybe?

Oh ... that's right.  Nevermind, that'll never happen.  Why?  Because as long as "Geek Squad" exists it is in the best-interest of the big electronics stores to have you buying, screwing up your PC, and coming back to get it "fixed" by one of these chuckle-monkeys.  Sad huh?

So those doctors that were smoking ... I'm sure they understood what they were doing is stupid, and to what degree it is stupid - but are they mentally comprehending the risks?  Like the users ... probably not.


andy.itguy said...

Raf, As usual you have some good thoughts. In addition to the whole Geek Squad and making money thing, do you think that many (if any) people would actually attend the free class if it were offered? I don't think there would be more than a small handful that would attend. Of course every little bit counts. :)

Keep up the good work and come visit us in North America when you can. :)

nickhacks said...

I fall within the camp that is skeptical about the success of 'user education'. I don't think normal people will ever do a very good job of understanding risks or security, mainly because it's something they don't want to have to focus on. Their focus will always be on getting their tasks done and they will click on the 'Yes, please infect my computer with a virus!' button if it means that the damn pop-up will go away and they can get on with their work.

I think we'll have better results securing the computers, operating systems, applications, networks, and servers that normal people use. Make things so secure that they don't have to assess the risks.

The smoking equivalents would be inventing cigarettes that are 'safe' and would not have a risk of causing cancer versus educating people about the risks of smoking and hope they quit (because it is a 'risky' activity).

Scott said...

I'd suggest that those people who think they understand the risk are simply willing to take that risk. Perhaps they feel they have little to lose (i.e. free downloads vs. getting malware) or simply don't expect to get that losing "roll of the dice" that comes with the risk. After all, plenty of people share copyrighted music and don't get caught, right?

Anonymous said...

Go to any major research institution and camp outside the cancer research labs. Plenty of them smoke!

Raf said...

@Andy - Sadly I think you're right, very few people would attend. I think that the effort is worth the risk though? Maybe credit card companies would run programs that would take 1% APR off your credit card (or waive the card fee for the year) if you took an annual "online security course?" that they could offer?

@nickhacks - I see us already trying to build "safer software" but there is just no substitute for having a more educated populous. The reason that is true is because people *demand* high-functional apps, and the more function you pack in, the harder it is to secure in any meaningful way. Sadly I feel that the more security features we add that are "visible" the harder it is for users to use and actually has the opposite effect. Invisible security is the only thing that seems to work...

@Scott - I see where you're coming from ... but even those that roll the dice don't always comprehend what they're doing and then come back and complain about it, and demand their money back. It's like those people who play 3-card Monty on the streets and think they can actually "win" ... it's a no-win game but they still play?

@Anonymous - First off, please register so I can acknowledge your comment ... second, I fear you're correct, although I suspect that would get you in trouble as what we call a "stalker" :)