Full Disclosure mailing list archives
Re: Anti-MS drivel
From: "Gregh" <chows () ozemail com au>
Date: Wed, 21 Jan 2004 07:45:00 +1100
----- Original Message ----- From: "Tobias Weisserth" <tobias () weisserth de> To: <full-disclosure () lists netsys com> Sent: Wednesday, January 21, 2004 3:55 AM Subject: RE: [Full-disclosure] Anti-MS drivel
Hi Paul, Am Di, den 20.01.2004 schrieb Schmehl, Paul L um 17:01:But the *real* problem isn't the OS, it's the users.Actually, that's wrong. Users are never the problem. It's always the software. When a user doesn't understand something, then there's a problem with the software, not the user. When a user doesn't operate the software in the way the developers intended to, then there's a problem with the software.
Let me paint you a hypothetical situation to show you where what you said is wrong: User receives keylogger attached to email as an exe and stupidly executes it. User has no anti virus software on the system so keylogger installs without interference. User shuts down the machine and goes to bed. Next day, user starts the machine and gets on to their web banking with keylogger doing it's thing and reporting to Mr. Nasty, all the keypresses. User goes to bed and shuts down the machine again that night. On the other side of the world in a different timezone, Mr. Nasty receives User's keypress log and sees the web banking account details, logs on to User's bank account which contains $10,000 and in a few short hours, Mr. Nasty has transferred the entire amount to somewhere he can reach in this other country, which doesn't have any agreement with User's Govt so he can be touched in any way. User gets up in the morning, goes to his computer, turns it on and logs on to his web banking account, finding it at a zero balance and immediately starts screaming blue murder to the bank. The bank says "We understand your plight, User, but the transfers were done with your web banking username and password so was quite legal in our eyes. We cant help you, the $10,000 is gone". So who do you blame there? The world's MEDIA blames the bank, at least in my country. We all know the truth is Mr. Nasty is to blame ultimately but he is in that country where he cant be touched. So who bears the brunt of this? User does, of course. It isn't up to the bank to even WARN their web bankers about such things though I think you will find they all do. If the users infect their own machines and cause this problem it isn't the software (OS or otherwise) that caused this problem. It is the USER. See, User in the story above, may well be so computer illiterate that web banking is the pinnacle of his computer talent because he is basically uninterested in computers but thought web banking would make his life easier. He could, however, have hired someone who works in computers and knows how to secure his computer so that he can not automatically stuff his life up like that. He didn't. In Australia when things similar to that happen, it is always the corporate entity portrayed as the bad guy here when it really isn't, in this case. I keep thinking it is like someone who drives a Toyota suing Toyota because of a car accident they had through the brakes not working though the car is 4 years old and never had a service in it's life since that person bought it. Ultimately, though they may know NOTHING, the user is to blame for scenarios as above. They hire locksmiths to make sure their doors aren't so easy to open to unauthorised people. Why aren't they hiring "Computer Locksmith" companies to do the same? Ignorance is why! Gee, you don't buy a KNIFE without knowing it can be a weapon rather than a vegetable cutter, should someone grab it and wield it at you. Well, you don't buy a computer without realising that if someone grabs it and wields it, the computer can ALSO be a weapon used against you. Greg. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: [inbox] Re: Anti-MS drivel, (continued)
- RE: [inbox] Re: Anti-MS drivel Curt Purdy (Jan 21)
- Re: Anti-MS drivel Gregh (Jan 20)
- Re: Anti-MS drivel Tobias Weisserth (Jan 20)
- Re: Anti-MS drivel Gregh (Jan 21)
- Re: Anti-MS drivel Dave Sherohman (Jan 20)
- Re: Anti-MS drivel Harry Hoffman (Jan 20)
- Re: Anti-MS drivel Gregh (Jan 20)
- Message not available
- Re: Anti-MS drivel Gregh (Jan 21)
- Re: Anti-MS drivel madsaxon (Jan 20)
- Re: Anti-MS drivel ken (Jan 20)
- Re: Anti-MS drivel Gregh (Jan 20)
- Re: Anti-MS drivel Tobias Weisserth (Jan 20)
- Re: Anti-MS drivel Gregh (Jan 21)
- Re: Anti-MS drivel Tobias Weisserth (Jan 22)
- Re: Anti-MS drivel Gregh (Jan 23)
- Re: Anti-MS drivel Nick FitzGerald (Jan 23)
- RE: OT: was Anti-MS drivel; SCO fights GPL Andreas Bischoff (Jan 23)
- Re: OT: was Anti-MS drivel; SCO fights GPL Jeremiah Cornelius (Jan 23)
- Re: Anti-MS drivel Cael Abal (Jan 22)
- Re: Anti-MS drivel Gregh (Jan 23)
- Re: Anti-MS drivel Erich Buri (Jan 20)