der Mouse wrote:
And to inject a slightly different perspective, the BOFH in me says
it's one of the best reasons _to_ do so. Financial penalties for
getting pwned are one of the very few things that might actually get
users to stop being idiots about such things. As long as running a
grossly insecure machine on the net incurs minor-to-no costs, people
will continue doing it.
Or, could you pass the costs on to the idiots that are supposed to
KNOW better about security that left Grandma at risk? Perhaps
'Mr. OS vendor" will pony up and vet all their customers that end up
zombified. Probably not.
The major problem, I think, is the Prisoner's Dilemma that inheres in
implementing it.
I agree, Mouse. But you have to consider, in your prisoner's
dilemma, that a new scenario exists - the bad guys could be
rewarded based on bad policy.
John
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
https://www.irtf.org/mailman/listinfo/asrg