Full Disclosure mailing list archives
Re: Anti-MS drivel
From: "Gregh" <chows () ozemail com au>
Date: Thu, 22 Jan 2004 17:07:56 +1100
----- Original Message ----- From: "Tobias Weisserth" <tobias () weisserth de> To: "Gregh" <chows () ozemail com au> Cc: <full-disclosure () lists netsys com> Sent: Wednesday, January 21, 2004 8:53 AM Subject: Re: [Full-disclosure] Anti-MS drivel
Hi Greg, Am Di, den 20.01.2004 schrieb Gregh um 21:45: ..Let me paint you a hypothetical situation to show you where what you
said is
wrong:I'm dieing to know...
What are you dieing? T-shirts? :)
User receives keylogger attached to email as an exe and stupidly
executes
it.You didn't understand this. Not one bit.
Nope, YOU didnt understand this "not one bit".
If you are a vendor and you ship a software that is intended to be used by average Joe and average Jennie then _you_ have to take this into account.
If the user is so stupid as to not have someone check his computer and secure it, then it isnt the problem of the OS vendor *WHERE* the problem is something like a keylogger though admittedly, if the OS is to blame, there is some reason to blame the OS manufacturer.
Why is it possible that a user is able to make this mistake?
Oh COME now! Are you so INSULAR that you dont realise the real world? My wife works for a MENSA member, a recognised genius who would likely have more brain capacity than most people in the world. He doesnt have a CLUE how to secure his computer. WHY? He isnt in the least INTERESTED in computers outside of using them to do his work on. Oh and BTW, his work, nothing to do with computers other than using them as a tool, made him a multi-millionaire. Why the HELL should this guy, according to you, *HAVE* to know what he is doing with a computer. He, likely, has more money than you and I put together EVER will have unless one of us wins over 300 million US dollars. In my book, this guy is devoting his time the best way possible. Learning what to do with computers to the extent where he can lock it down is actually financially irresponsible to him. He can PAY someone US$200 an hour to do that and per hour STILL come out in front by a LONG shot. What IS it with computer/I.T. professionals (or those who know as much even if not so employed) that they think just because THEY know how to do it, everyone SHOULD know? Not everyone is INTERESTED and not everyone thinks it is a good use of their time!
Why can attachments that come in via email be executed by a user?
Why not? In benign situations it is often helpful to a user. Just because Mr. Nasty decided to exploit this for whatever reason doesnt make it a BAD idea. It just makes it a co-opted idea. Education is the fault here. The person doesnt KNOW what they are doing yet are blindly clicking anyway. If they didnt get someone to educate them or tie things down to safeguard against this, then THEY are at fault. Why can a car be started by ANYONE with the key? If someone starting that car without the permission of the owner takes it and runs over another person, killing them, is that the fault of the car manufacturer?
This is software design flaw, not a user mistake. This is a matter of definition, Greg. When I say that the user is always right then this means that software has to be adapted to the users education and not the other way around.
A common setup - Say WIN98 with Internet access. They call in someone and tell them they want to be as secure as possible. That person installs (name your flavour of WIN98 compatible AV prog here) which works well and also, say, Zone Alarm *free edition*. The person, still no wiser as to executables, receives an infected one from a friend who has an infected machine and didnt actually send it to them but the person thinks it is from them anyway so executes it. Their AV prog jumps in at this point, stops it from executing and informs the user that it was a virus and gives the name. The user doesnt HAVE to worry about thing that way. This IS software already around adapted to the least knowledgeable computer user. The fact that the infected exe CAN be run doesnt mean there is a design flaw. You will never stop viruses happening while the world still uses PCs the way they are now and it doesnt matter what OS you use. There are enough on any of them AND Macs to make people who KNOW what they are doing at least think about them. At this point I took the time to read the rest of your letter instead of reading while replying because I was a little amazed at your lack of understanding of the real world OUTSIDE of computers and I realised I would never convince you that the world operates not the way you want it to but the way it will, so I have to give up right now. All I can say is that experience will, one day, light the way. Greg. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Anti-MS drivel, (continued)
- Re: Anti-MS drivel Tobias Weisserth (Jan 20)
- Re: Anti-MS drivel Gregh (Jan 21)
- Re: Anti-MS drivel Dave Sherohman (Jan 20)
- Re: Anti-MS drivel Harry Hoffman (Jan 20)
- Re: Anti-MS drivel Gregh (Jan 20)
- Message not available
- Re: Anti-MS drivel Gregh (Jan 21)
- Re: Anti-MS drivel madsaxon (Jan 20)
- Re: Anti-MS drivel ken (Jan 20)
- Re: Anti-MS drivel Gregh (Jan 20)
- Re: Anti-MS drivel Tobias Weisserth (Jan 20)
- Re: Anti-MS drivel Gregh (Jan 21)
- Re: Anti-MS drivel Tobias Weisserth (Jan 22)
- Re: Anti-MS drivel Gregh (Jan 23)
- Re: Anti-MS drivel Nick FitzGerald (Jan 23)
- RE: OT: was Anti-MS drivel; SCO fights GPL Andreas Bischoff (Jan 23)
- Re: OT: was Anti-MS drivel; SCO fights GPL Jeremiah Cornelius (Jan 23)
- Re: Anti-MS drivel Cael Abal (Jan 22)
- Re: Anti-MS drivel Gregh (Jan 23)
- Re: Anti-MS drivel Erich Buri (Jan 20)
- Re: Anti-MS drivel yossarian (Jan 20)
- RE: Anti-MS drivel Mike Marshall (Jan 20)