> The only thing you can do to help your users is to provide them with proper > education and to explain them to keep up to date and run the right tools and > not click anywhere they can.... and that is a mission which is near > impossible.
I thought user education in threat management was long ago abandoned as a realistic defense mechanism. Don't get me wrong, I loved my users when I was supporting a desktop fleet; but the key to their survival was always policy implementation through Active Directory; back in the day, blocking executable files in email prevented a lot more problems than training users not to open them did. Don't get me wrong, every little bit helps. But when you consider your security with a scrutinous eye, you should always ignore the question 'how educated are my users'. It's irrelevant.