Jesper has a great new article on why no technology or software solution is going to dig us completely out of our security problems. Read it for the great writing, authentic voice and cogent thoughts.

If you are a person involved in what we call at Microsoft (this week) "Content Publishing", read it for the following passage that should be burned into the brains of everyone who "publishes content" at Microsoft (bloggers, I am looking at you too):

"Finally, host-based outbound firewalls are a perfect example of why pure technical solutions can fail. These firewalls ask users intelligent questions, such as the one you see in Figure 1.

Figure 1 What We Show the User
Figure 1  What We Show the User

The problem is that these dialog boxes were not exactly written by people people. They were written by propeller heads, for propeller heads, because the propeller heads typically do not know any real people. When the average user is confronted with this dialog, he does not actually see it at all. What he sees is a lot like Figure 2.

Figure 2 What the User Actually Sees
Figure 2  What the User Actually Sees

For all these reasons, technical solutions to what are essentially people problems do not work very well. They may help technical people, but technical people do not need the help."