Jesper's Blog

Obligatory file photo: I am a Senior Security Strategist in the Security Technology Unit at Microsoft. My job is to explain to our customers how to run Microsoft products securely, and to the extent that it is needed, help the product groups figu

Blogs

A Fathers Pride

  • Comments 4
  • Likes

Every parent knows that the main reason you have kids is for the comic relief they provide. However, watching them grow up is also fascinating.

Yesterday my oldest son, who is now seven and a half, and I were sitting in front of the TV when he asked what I was doing. It so happened that I was setting up the AutoAdminLogon feature on the Media Center PC connected to the TV so that it logs on the right account automatically at boot. I explained this to him, and his first reaction was "but doesn't that mean burglars and thieves can get to our movies and pictures?"

This just floored me. I can't get my wife to think about security (not when there are knitting pigs involved) and here is my son with his first actual security question. We ended up having a long chat about this. First I asked if he knew what I was doing for a living, and of course, he did not. He just knew I travelled a lot. So I explained it. Then I asked him why he figured this was a risk, and he explained that without a password people can get to your movies. So we discussed why this might be a problem in some cases, and not in others. When I asked him whether he thought the risk was high that bad guys would break into our house and steal our movies he said it probably was not why they came here. In the end, we decided that if bad guys are in our house we have bigger problems than them sitting down and watching TV on the Media Center. In fact, if they did it would make it easier to catch them.

This was a great little risk management discussion, and proves one thing: even children can assess and make decisions on risk. We are not at all incapable of doing so; we are just not very good at perceiving the right risks. We do have the capacity to do it, if we put our minds to it, open our minds to the whole picture and get rid of preconceived notions, and consider all the factors. However, we all have the preconceived notions and those get in the way of risk management and is one of the things that make us bad at perceiving risk. Risk management, in the end, is not that hard. It is getting rid of our preconceptions and actually perceiving the right risks that is hard for people.

Comments
  • I joke that you have one princess and two mini-Jespers; this is just proof. :-)
    I can't express the pride I felt when I first heard Colin telling one of his friends "I'm going to log on now, so you must look away while I type my password" - completely untrained.
    Then, of course, there's the shame of finding a couple of pieces of spyware on his system, and the pleasure of discussing with him why it was inappropriate to be visiting casino web-pages at seven, while admiring that he'd figured out from the "free-play" pages that it wouldn't make sense to borrow a credit card to play, because "I lost more times than I won".

  • Brilliant post. And brilliant son.

    Of course if MCE was designed to NOT need admin privs... :)

  • You think that's something?  My dog started attacking my pant sleeve when I lowered my lmcompatlevel key the other day!

    (couldn't help myself)

  • good story,  thanks for posting it.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment