> Why is it so hard to understand that to effectively understand the
> risk and guard yourself from it from doing xyzzy, you need to know
> exactly what it is that xyzzy does and know what it can do?
Because it's unpleasant to realize and human nature to avoid
unpleasantness. "exactly what it is that xyzzy does and what it can
do" is freqently hard to understand, either that or is kept obscure by
the vendor who made it. Lots of people don't want education, they want
reassurance, the proverbial "magic bullet" that will solve all their
problems because some eminent authority said it would, and therefore
saves them the trouble of dealing with it. As my wife is fond of
reminding me, many people have other things to do with their existence
than deal with computer security. The market will see too it that
"magic bullets" will always be available.
> Don't flame me, or even bother disagreeing unless you're able to
> effectively argue how someone can be clueless about what goes on under
> the hood and be safe from someone poking at things under the hood.
I'm not disagreeing with you, but you can reasonably argue it
because "safe" is usually not an absolute term. It's the exact same
reason that fish in a large school or sheep in a big herd can be safe
from predators. The likeleyhood of a determined attack on any one
individual is very low. When someone "clueless" is then faced with two
strategies, one being "Expend the resources to comprehend and deal
with the problem" and "Get the quick fix I don't understand" , often
they can pick the second. Some time down the road they can then
usually say "Gee I wasn't hurt that I know of.. Must have worked".
Bob Beck Obtuse Systems Corporation
True Evil hides its real intentions in its street address. Search and you
shall find it, and the truth shall set you free.