Older Means Wiser To Computer Security 181
An anonymous reader writes "Growing up in the digital age, 18 – 25s may appear to be a more tech-savvy generation, but that does not translate into safer computing and online practices. A new study reveals that they are the most at-risk group, and prone to cyber-attacks. That makes this group even more vulnerable to online security threats. Younger users tend to prioritize entertainment and community over security, perhaps due to overconfidence in their security knowledge. For example, they're more concerned about gaming or other social activities than their online security. They also have less sophisticated security software, and hence, have reported more security problems than other groups."
Still true, as it always has been (Score:5, Insightful)
When I was 18 I knew everything. Now that I'm older I know better. :)
Re:Not news to Slashdot (Score:5, Insightful)
Being "tech savvy" has lost it's meaning these days. People are considered "tech savvy" by just being able to use a smartphone. And that is effectively increasing the pool of people called "tech savvy". But the number of people that genuinely understand security is not growing. If anything it is shrinking.
lack of theory (Score:5, Insightful)
Us old folk had:
* No home computers to start with, because they didn't exist until we were about 35
* 8 bit computers when those arrived
* etc up through the present day
Younger folks were dumped right into a world were "using" a computer means being far, far away from the actual machine, above a huge number of software abstraction layers and interacting with it like it was a glorified television. The younger folks who "get" security are the ones who have taken the initiative to learn how their machines work, but those folks are rare-ish. Most of them are quite happy to treat the machine like a "magic" device, or at best, learn some simple scripting language and figure they have "leaned computers!". Us old folk, on the other hand, did not have that choice. We had to know how the machine worked, because that KIM-1 didn't program itself. We had to learn from the CPU on up. Lots of young folks don't even understand how protection rings work, or the difference between an executable and a text file: to them, it's all just "icons you click on and stuff happens". There's also very little understanding of things like the concept of a virtual machine, and what it's limitations to encapsulation might be. It's no surprise to me that they get jacked on a routine basis, with the way I see most of them operating their devices. They'll click on anything they're told to without any apparent thought.
Lawn.
Re:Computer illiteracy (Score:5, Insightful)
LOL. Yes, at 54, the 20-somethings are always surprised when I can figure out how to do something much faster than they can. Of course, I've been doing it since the 1980s as have many of my cohorts. Experience does count for something.
I wonder... (Score:5, Insightful)
Wouldn't it be terrible if 18-25 year olds behaved the same way in other aspects of their life? Like sex, studies, personal security...
Oh, wait...
Re:Not news to Slashdot (Score:5, Insightful)
I disagree. I'm old enough to remember when "tech savy" was someone that could set the clock on a VCR. It's always been this way.
This website is older than a lot of the people who visit it now. I've been here since the very beginning. This site, like many others, began catering to larger populations by dumbing down the content. This of course ups page views and ad clicks. Then the "tech savy" folks move on to other "tech savy" sites and the cycle continues.
I'm just the old guy that kept coming back every few months to check on things and feeling nostalgic.
But I digress. People in the 18-25 age group feel immortal. I know because I was one of them not too long ago. This feeling of youth and being impervious seeps into everything they do, including computer usage. Who needs an AV program? Software updates? Nah I don't need them. It's just how it goes.
They get a little older, a little wiser, life takes a few chunks out of their asses and the cycle continues. It's all just a big joke as the Comedian would say.
Re:Shocking... (Score:3, Insightful)
Re:Not news to Slashdot (Score:5, Insightful)
This cannot be a surprise to anyone familiar with either the Dunning-Kruger effect, or the tendency of adolescents/young adults to act in denial of their own mortality.
Young people (as a group) do not understand technology better than older people (as a group) do; they just aren't afraid of it. That makes them better at figuring out how to use it, but worse at figuring out how to use it wisely.
Re:Not news to Slashdot (Score:5, Insightful)
Much of the reason for that is difficult to blame on the technical people. Companies no longer have budgets for training, let alone following best practices. Compound that with expectation that a technical person can handle any gawd awful technology you tell them they have to support.
5 years ago, I was much better with security than I am now. 5 years ago, I handled Solaris (2 versions), Redhat (2 versions), Sun and HP hardware, 2 vendors HBA cards, and 2 SAN vendors.
Today, 47 operating systems, 3 different PC hardware vendors (unfortunately much is from a home grown slap it together cheap shop), Sun (equipment dating back 12 years to present). OSes must include Windows, ESX, Citrix Xen*, Solaris 8-11, disparate versions of Ubuntu, CentOS, RHEL, Fedora, Gentoo, NetBSD, FreeBSD, plus many tasks that 5 years ago were the job of a staffed Network person. That's in addition to Netapp and some other cheap NAS vendored gear.
I generally laugh when I get recruiter postings for jobs demanding candidates be senior level SAN admin, Unix Admin, Windows Admin, VMWare admin, Cisco Admin, and what ever else they can stick on to a single person's job the sounds technical. I also cry because nobody can be an expert with anything in a market making those demands.
Security has to take a back seat. I just make it a point of telling people when they are demanding insecure solutions to cover my ass.
Awful story (Score:5, Insightful)
There are so many problems with this story. It should never have been posted.
1. It's sponsored in part by ZoneAlarm, and it repeatedly says people should use more security software without discussing the efficacy of that software.
2. The opening sentence is stupid on two fronts:
[A new] report found that 18 – 25s are more confident in their security knowledge than 56 – 65s, but have experienced more security issues in the past two years compared to older users.
People's subjective measure of their confidence in security knowledge is a worthless statistic, and younger people use technology far, far more than older people so of course you'd expect them to experience more security issues.
3. "In comparison, 56 – 65s are more concerned about security and privacy and are twice as likely to protect their computers with additional security software."
The implication being more security software = good. Like if you have MSE already you should really get Norton or maybe buy ZoneAlarm.
4. "Computer security increases in priority with age"
This is completely irrelevant without further discussion (that's not provided). Older people might overprioritize just as younger people might underprioritize, but they jump to the second conclusion since it suits their advertisement.
5. "respondents aged 18 – 25 are less likely to use paid antivirus, 3rd-party firewalls, or integrated security suites than 56 – 65s. 45% of 18 – 25s view security software as too expensive in comparison to 37% of 56 – 65s."
Yet again, conflict of interest, and even then the percentages they do list are not terribly dissimilar and with smallish sample sizes could be statistically indistinguishable. Of course no error bars were reported.
All in all, this is basically an advertisement for ZoneAlarm with irrelevant and questionable statistics (that to be fair are probably not technically wrong) that should never have been posted to /. Again! Bad editors.
Re:Not news to Slashdot (Score:4, Insightful)
Most recruiters will go through the long list of expertise you are looking for, and stick your resume in the circular file as soon as you say "I'm not an expert with that one". From experience, you can get interviews if you bullshit them and say "Fu*$ Yeah!, I'm an expert with any technology!". This is why you have companies training people on the list of 80,000 acronyms one must have in order to get a job in the US, and how to quickly Google answers. Of course I have yet to see someone come from one of those training places and be worth more than a turd in the trashcan when it came to actual knowledge and skills.
I started replying back to people stating that they are not looking for a single person, since no single person could possibly be an expert with what they were asking. I try to do so in a professional manner so they get the point, but at the same time they will receive lots of replies to that same job posting from people that claim to be experts in everything.
Re:Shocking... (Score:4, Insightful)
Let's be a bit more honest about it, one bitten twice shy and for many older people involved in security, twice and even thrice bitten. Security consciousness is more unfortunately largely driven by security failures. Even when an individual is more security conscious the rest of the company bucks and baulks at the security requirements, routinely finding ways to get around them, until of course the company network is compromised a few times as a result. Security reduces productivity and is an inconvenience but it does not reduce productivity as much as a security failure.
Oscar Wilde (Score:3, Insightful)
"Experience is the name everyone gives to their mistakes." --Oscar