Network and security experts (was Re: Dumb users spread viruses)

Date: Mon, 9 Feb 2004 12:41:26 -0500 (EST)
From: Sean Donelan <>

> > There is nothing wrong with a user who thinks they should not have to know
> > how to protect their computer from virus infections.
> However, someone attending NANOG should at least have cleaned up slammer
> before connecting to the wireless...

I have never seen any evidence that security experts or network operators
are any better at practicing security than any other user group. In every
forum I've been at, the infection rates have been similar regardless of
the attendees security experience.

Sometimes the attendees know about the issue, but do not have the power
to fix it, e.g. corporate IT deparment controls the laptop they are
required to use. Other times, they are oblivious to the equipment being

I wouldn't be surprised if I went to a meeting at the Department of
Homeland Security or NSA, their infection rates are similar.

At a recent large (last 6 months) trade show, the show network saw a
bunch infected systems pop up at once. The problem was tracked (fairly
quickly) to machines brought up by a vendor in their booth that lacked a
number of recent Microsoft Windows Critical Updates. I can't say who the
vendor was, but they REALLY should have been the FIRST to install any

If this happens, what hope do we have for "normal" users.

In their defense, Microsoft hired a convention specialist to handle their
booth. That company in turned hired some random integrator to supply and
configure the Windows machines.