Full Disclosure mailing list archives
Re: Windows 7 UAC compromised
From: Kevin Wilcox <kevin () tux appstate edu>
Date: Fri, 6 Feb 2009 09:36:32 -0500
2009/2/6 Yudi Rosen <yr42.lists () gmail com>:
But Joe the Plumber doesn't want to have to click on endless 'confirm' dialogs every time he tries to use the computer. Simply having him run as a non-admin user only fixes half the problem.
No, it doesn't fix anywhere *near* half of the problem; it doesn't address that we have millions of people that use their computers without knowing anything about them. "But not every car driver needs to be a mechanic!" Yes, I know this, but every driver needs to know that there are laws and rules concerning how they drive and what happens when a 1200 kilogramme car hits a 100 kilogramme pedestrian at 70 kilometres/hour. Every driver needs to know they need to have their tyres rotated and their oil changed. There are things you must know beyond, "accelerator, decelerator and steering wheel". "But a computer isn't going to kill anyone if someone gets infected by a virus or trojan!" Yes, I know this, too, but if you're mixing questionable software and surfing habits with online banking and shopping, it's a recipe for destruction. Welcome to identity theft and empty bank accounts. We can either continue to pretend like it's *only* really crappy software or we can realise that it's a combination of easily exploitable software, user ignorance and user apathy. You can give them an operating system that has been vetted and been through multiple code reviews by people that really do know secure OS design but they wouldn't be able to accomplish anything at all. So what do we do? We give them operating systems that are less secure, hope they don't shoot their feet off and turn them loose with it - but we don't shoulder the burden of training them. Some of us do but we, as a collective, do not. Until we can properly educate our users, all we are doing is trying to mitigate risk in the best ways we can while still providing them a service. I maintain that by not educating our users we are failing in that goal. kmw -- Far better is it to dare mighty things, to win glorious triumphs, even if chequered by failure, than to take rank with those poor spirits who neither enjoy much nor suffer much, because they live in the grey twilight that knows not victory or defeat. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Windows 7 UAC compromised, (continued)
- Re: Windows 7 UAC compromised Miller Grey (Feb 05)
- Re: Windows 7 UAC compromised Kevin Wilcox (Feb 05)
- Re: Windows 7 UAC compromised Miller Grey (Feb 05)
- Re: Windows 7 UAC compromised Kevin Wilcox (Feb 05)
- Re: Windows 7 UAC compromised Miller Grey (Feb 05)
- Re: Windows 7 UAC compromised M.B.Jr. (Feb 05)
- Re: Windows 7 UAC compromised Jimmy Astle (Feb 06)
- Re: Windows 7 UAC compromised Valdis . Kletnieks (Feb 05)
- Re: Windows 7 UAC compromised M.B.Jr. (Feb 05)
- Re: Windows 7 UAC compromised Yudi Rosen (Feb 06)
- Re: Windows 7 UAC compromised Kevin Wilcox (Feb 06)