Secure Coding mailing list archives
Re: re: Why Software Will Continue to Be Vulnerable
From: Blue Boar <BlueBoar () thievco com>
Date: Tue, 03 May 2005 12:52:43 +0100
Bill Cheswick wrote: Probably like many of you, I'm the local friends-and-family computer fixit guy.
My father has repeatedly asked why he should care that his computer is totally owned. I've told him that his CPU engine is blowing blue smoke all over the Internet, but that doesn't help.
I think people would care if they knew, but they don't know.
An outbreak of user-obvious malware might change the equation, but I am not suggesting that someone run the experiment.
I think just about the only time I've been called out to lay hands on someone's computer in the last two years (with one exception I can think of), the problem has been malware/spyware. I.e. it had misbehaved to the point where it was untolerable. The browser no longer works, the machine grinds to a halt, the screen goes wonky (screwed up the video drivers), it's popping porn ads at the kids, etc... So my assertion is that much of the malware is very obvious. I'll avoid the temptation to rant at the poor quality of the malware/spyware code itself. I'll also add that I think this is the current big problem for Windows users. Windows itself (XP+) has become reliable *enough*, and the hardware reliable enough (or cheap enough to suffer a forklift upgrade), that it works great... except for the damn malware. The typical reaction I get is incredulity that there are people who sit around all day writing this stuff (malware/spyware.) Any consideration that there's a fault with the OS that allows it in is waaay down the list. So if MS can find a way to make the effects of malware unobservable, then they just about have that market sewn up. Ryan
Current thread:
- Re: Why Software Will Continue to Be Vulnerable, (continued)
- Re: Why Software Will Continue to Be Vulnerable Crispin Cowan (May 01)
- Re: Why Software Will Continue to Be Vulnerable Dave Aronson (May 01)
- Re: Why Software Will Continue to Be Vulnerable Jeff Williams (May 01)
- Re: Why Software Will Continue to Be Vulnerable Michael Silk (May 02)
- Re: Why Software Will Continue to Be Vulnerable Kenneth R. van Wyk (May 02)
- Re: Why Software Will Continue to Be Vulnerable ljknews (May 02)
- Re: Why Software Will Continue to Be Vulnerable Crispin Cowan (May 03)
- Re: Why Software Will Continue to Be Vulnerable Michael Silk (May 03)
- Re: Why Software Will Continue to Be Vulnerable Crispin Cowan (May 01)
- Re: re: Why Software Will Continue to Be Vulnerable Gunnar Peterson (May 02)
- Re: re: Why Software Will Continue to Be Vulnerable Blue Boar (May 03)