RE: EBAY and AMAZON

["Keith Medcalf" <kmedcalf () dessus com>]

> Windows security sucks.

The real problem with Windows is that there exist folks who believe that it is, or can be, secured.  They believe the 
six-colour glossy, the Gartner Reports, and other (manufacturers') propaganda.  As a consequence they do not act in a 
fashion which will keep them safe.

> Most users will pick convenience over security.  What fraction of users
> (customers) would be happy with your suggested settings?

More than you might think -- still a minority however.  There's not 2.437 pounds yet.

> My probably naive view is that this type of problem could easily be solved by
> having the serious work done on a special class of well locked down machines
> and making a pool of more open systems available for checking mail or
> facebook or whatever.

You would be surprised at the number of Fortune 500 companies that lock-down their policies into deliberately insecure 
settings, and refuse to permit more secure settings.  I can't quite figure this out, except to observe that there is a 
very severe shortage of security clue in the world and an appalling over-abundance of ignorance and stupidity.

> I've heard stories of people filling USB slots with epoxy so idiots can't
> insert thumb drives found in the parking lot or brought from home.  I forget
> the context.

This is, unfortunately, a typical reaction which arises from a failure to carry out proper root-cause analysis.  The 
root cause of the issue is not "thumb drives", "baby fingernail drives", or whatever removable media type.  The root 
cause is the propensity of Windows to engage in "magical" behaviour -- to put executable "data" everywhere and then to 
execute that "data", magically.  And a failure to provide a "Magic Off" setting that actually works.  Actually, there 
is -- it is called the power switch.  Seriously though most of the magic can be turned off or bypassed, if you want to.

Companies that engage in such behaviour are signing their own "all our base are belong to you" death warrants.  Rather 
that voting with their wallets and insisting on correction of the root-cause of the problem, they instead continue to 
pour money down the crapper investing in never-ending supplies of draino and roto-rooters while at the same time 
continuing to financially reward the paper-towel flushers so they can buy and flush yet more clogging crap which 
requires yet more draino and roto-rooters.  Shampoo, Lather, Rinse, Repeat.  (Looking up the effects of adding those 
instructions to shampoo by Proctor & Gamble on their sales and profits is left as an exercize for the reader).

Security does not require buying more draino and roto-rooters.  It just requires that you not do stupid things inimical 
to security.  Stop flushing paper towels down the toilet and you don't need draino and roto-rooters, nor will you need 
hazmat gear to clean the oozing excrement off the floor.  Of course, it might be wise to keep a bottle of draino, a 
roto-rooter, and some hazmat gear on hand just in case -- but to concentrate on the symptoms rather than the underlying 
cause is just plain stupidity.  Deliberately encouraging and financing those working to ensure the toilet is always 
plugged up and the crap is always running in the halls is sheer lunacy.  Unfortunately, the lunatics are in charge of 
the asylum, and they have chosen the outcome they shall suffer.

Now, back to our regularly scheduled programming, already in progress ...

---
()  ascii ribbon campaign against html e-mail
/\  www.asciiribbon.org