Re: Microsoft Blames Malware on 'Stupid Users'

Home	Messages Index

[Date Prev]	[Date Next]	[Thread Prev]	[Thread Next]

Author Index	Date Index	Thread Index

Re: Microsoft Blames Malware on 'Stupid Users'

Subject: Re: Microsoft Blames Malware on 'Stupid Users'
From: Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx>
Date: Mon, 26 Jun 2006 10:17:18 +0100
Newsgroups: comp.os.linux.advocacy
Organization: schestowitz.com / MCC / Manchester University
References: <4586128.AlgHrdcLnU@schestowitz.com> <1151312770.322271.65920@b68g2000cwa.googlegroups.com>
Reply-to: newsgroups@xxxxxxxxxxxxxxx
User-agent: KNode/0.7.2

__/ [ dsteel0@xxxxxxxxxxx ] on Monday 26 June 2006 10:06 \__

> 
> Roy Schestowitz wrote:
>> Open source gets results, while Microsoft blames malware on 'stupid users'
>>
>> ,----[ Quote ]
>> | Two very different news articles crossed my desk today. First, there was
>> | a report that open source developers on 32 projects fixed 900 bugs in
>> | two weeks that were reported by an automated scan program from Coverity,
>> | sponsored by a grant from U.S. Homeland Security. Second, a presentation
>> | was given by a Microsoft security official who said that rootkits,
>> | phishing, trojans, spyware, and other forms of malware had gotten so bad
>> | on Windows that IT departments needed to come up with a fast way to
>> | "nuke the systems from orbit", i.e., wipe out the hard drive and start
>> | over. He goes on to say that phishing is a problem because "there really
>> | is no patch for human stupidity".
> 
> So how does the statement "phishing is a problem because there really
> is no patch for human stupidity" equate to "Microsoft Blames Malware on
> 'Stupid Users"?


That is a valid point. I just used the same heading as in, due to laziness:

http://digg.com/software/Microsoft_blames_malware_on_stupid_users_



> IMO, Phishing is not malware, and neither is is specific to any OS. His
> comment regards human stupidity is absolutely true, and the most secure
> system in the world will do you no good if your user is stupid enough
> to give "someone from technical support" their username and password,
> will it?


Phishing can be attributed to a plethora of different factors. Among them:

* Mass-mailing (SPAM) which constantly urges users to visit malicious sites.
80% of the SPAM comes from Windows machines that have been hijacked.

* Browser deficiencies. Need I say more? How many flaws have so far been
discovered in IE? They allowed redirections of all sorts, pop-ups that
appear to come from different sites, prompting for passwords.

* Infected machines. How many users are routed to sites to "fix their
Registry", having spotted a fake system notification and pressed OK?

* There are more, but I'll omit them.

Best wishes,

Roy

-- 
Roy S. Schestowitz      |    Bring home the world cup, England!
http://Schestowitz.com  |    SuSE Linux     ¦     PGP-Key: 0x74572E8E
 10:05am  up 59 days 15:08,  12 users,  load average: 0.01, 0.14, 0.36
      http://iuron.com - Open Source knowledge engine project

Follow-Ups:
- Re: Microsoft Blames Malware on 'Stupid Users'
  - From: William Poaster

References:
- [News] Microsoft Blames Malware on 'Stupid Users'
  - From: Roy Schestowitz

[Date Prev]	[Date Next]	[Thread Prev]	[Thread Next]

Author Index	Date Index	Thread Index