Thoughts on AOL Users

I read the following in the Economist yesterday in their latest information technology survey:

"LISA HOOK, an executive at AOL, one of the biggest providers of traditional ('dial-up') internet access, has learned amazing things by listening in on the calls to AOL's help desk. Usually, the problem is that users cannot get online. The help desk's first question is: Do you have a computer? Surprisingly often the answer is no, and the customer was trying to shove the installation CD into the stereo or TV set. The help desk's next question is: Do you have a second telephone line? Again, surprisingly often the answer is no, which means that the customer cannot get on to the internet because he is on the line to the help desk. And so it goes on."

This amazes me. This is the sort of user we expect to defend themselves on the Internet? This is the crowd that we hope to "educate" and in whom we hope to foster "security awareness?" This story is another data point convincing me that a good portion of the Internet-connected user base should not be using personal computers. They should access the Internet with some sort of thin client to check their email and browse the Web. Given enough bandwidth, they could do all of their work via thin client and never know their "Computing Services Provider" (CSP) is offering them services remotely. Projects like the PXES Universal Linux Thin Client demonstrate the ability to run a window environment on old, cheap hardware. This could run on a small form factor appliance without a hard drive.

I see two, possibly three existing companies that could implement such a system. AOL would be the best-positioned. It's losing customers and firing employees, so it needs to take a bold new step to grow its business. AOL already ships millions of CDs per year. Why not make those CDs bootable Linux thin client live CDs? Google is my second guess. Google is migrating information away from the desktop, with Gmail. Why not migrate everything to Google? My third choice is Apple. I'm reading Insanely Great, the story of the Mac. A recurring theme is simplicity, which appeared in the Economist article I cited. Nothing is simpler for the end user than a thin client. If a user won't buy a Mac, why not make that user's existing PC look and feel like a Mac using a thin client?

I don't see how we can expect computing novices to defend general purpose computers able to run any code a user or intruder wants. Let the power users run their own systems as we always have, and give people who don't care to tinker with their PCs thin clients accessing secure, centralized servers. I feel this way about my car. I really don't care how it works, but I do want reliable, secure transportation. My computers are different; I want to know everything about them.

If the end user has concerns over centralized storage of their data, put it on USB 2.0 thumb drives. We're already seeing 2 GB models and I expect to see larger ones in the future.

Comments

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics