This message was posted on Usenet, NOT JLAforums, & on Mon, 26 Jun 2006
10:17:18 +0100, Roy Schestowitz wrote:
> __/ [ dsteel0@xxxxxxxxxxx ] on Monday 26 June 2006 10:06 \__
>
>>
>> Roy Schestowitz wrote:
>>> Open source gets results, while Microsoft blames malware on 'stupid users'
>>>
>>> ,----[ Quote ]
>>> | Two very different news articles crossed my desk today. First, there was
>>> | a report that open source developers on 32 projects fixed 900 bugs in
>>> | two weeks that were reported by an automated scan program from Coverity,
>>> | sponsored by a grant from U.S. Homeland Security. Second, a presentation
>>> | was given by a Microsoft security official who said that rootkits,
>>> | phishing, trojans, spyware, and other forms of malware had gotten so bad
>>> | on Windows that IT departments needed to come up with a fast way to
>>> | "nuke the systems from orbit", i.e., wipe out the hard drive and start
>>> | over. He goes on to say that phishing is a problem because "there really
>>> | is no patch for human stupidity".
>>
>> So how does the statement "phishing is a problem because there really
>> is no patch for human stupidity" equate to "Microsoft Blames Malware on
>> 'Stupid Users"?
>
>
> That is a valid point. I just used the same heading as in, due to laziness:
>
> http://digg.com/software/Microsoft_blames_malware_on_stupid_users_
>
>
>
>> IMO, Phishing is not malware, and neither is is specific to any OS. His
>> comment regards human stupidity is absolutely true, and the most secure
>> system in the world will do you no good if your user is stupid enough
>> to give "someone from technical support" their username and password,
>> will it?
>
>
> Phishing can be attributed to a plethora of different factors. Among them:
>
> * Mass-mailing (SPAM) which constantly urges users to visit malicious sites.
> 80% of the SPAM comes from Windows machines that have been hijacked.
>
> * Browser deficiencies. Need I say more? How many flaws have so far been
> discovered in IE? They allowed redirections of all sorts, pop-ups that
> appear to come from different sites, prompting for passwords.
>
> * Infected machines. How many users are routed to sites to "fix their
> Registry", having spotted a fake system notification and pressed OK?
>
> * There are more, but I'll omit them.
I also believe that the poor M$ coding & "security" assist in this.
Outlook & Outlook Express are IMHO the main culprits. Imagine, 45+
executable extensions that *only* require a mouse click to infect teh
whole damn system, because the *user* is an admin too! I understand it has
to be like that, because quite a few M$ apps will NOT run *unless* the
user is an admin.
It just seems incredibly stupid to me.
|
|
