Information Security News mailing list archives
Re: Microsoft to Blame for 'Love Bug'? (fwd)
From: "Curt Bryson (NTI)" <cbryson () TELEPORT COM>
Date: Fri, 12 May 2000 09:28:22 -0700
Users who "run" executables (be it scripts or EXE files) sent to them via unencrypted and unsigned email deserve to be shut down. I will concede this point, with one caveat: How much money do we put into training users before slapping them in a chair in front of a Windows machine and saying "go to work". How many system administrators turn off "view as a web page" and the Outlook "preview pane"? How many then warn users to NEVER turn these features on again. How many have the backing of management that is required to make such a policy? How many sysadmins turn on file extensions so that users ACTUALLY SEE what it is they're clicking on? And, no I am not bashing sysadmins alone... they wouldn't have to go through these gyrations if M$oft would DISABLE STUPID FEATURES OUT OF THE BOX. ALL features are stupid... all of em... have them OFF by default and let the user/administrator turn them on once appropriate risk management/mitigation choices are made. With VERY few exceptions, this concept seems to work ok for keeping BSD relatively secure. Does anyone else spend several hours per machine tweaking registry entries, etc., disabling stupidity EVERY TIME you install windows on a machine? Even NT systems have features on that should be off for an allegedly "network-centric" machine. Until someone else's marketing team goes to work full-time, MS is the standard we have to deal with, but COME ON... a little common sense and customer responsiveness would be nice. Qucik observation: Bill Gates is not as out of the loop as many thought. The anti-MS rumblings in the geek klatches started rising again as soon as the ILOVEYOU worm got rolling. Before too many publications picked up on said insrurrection, however, he was making press releases softening the blow to his products (read: blaming everything else). Gotta give him credit, he got HIS side of the story out first... THAT's playing the "media game" well. --Curt "Hi, my name is Curt, and I'm a <gulp> 'triple-booter'." ISN is sponsored by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Re: Microsoft to Blame for 'Love Bug'? (fwd) William Knowles (May 12)
- Re: Microsoft to Blame for 'Love Bug'? (fwd) Felix von Leitner (May 12)
- Re: Microsoft to Blame for 'Love Bug'? (fwd) Curt Bryson (NTI) (May 12)
- Re: Microsoft to Blame for 'Love Bug'? The Badger (May 12)
- Re: Microsoft to Blame for 'Love Bug'? Grant Bayley (May 12)
- Re: Microsoft to Blame for 'Love Bug'? (fwd) Felix von Leitner (May 12)