North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Responsibility: user or OS? (Re: Microsoft XP SP2)
JS> Date: Mon, 19 Apr 2004 10:39:10 -0700 JS> From: Jeff Shultz JS> > Also, do you realize how much the 'average technical school JS> > graduate type' makes just from acquaintances who complain JS> > that their computers are slow, by simply removing whatever JS> > "flavor of the month backdoor spam proxy virus" JS> JS> Ah, now you are talking about why I happily promote Ad-Aware JS> and Spybot. They're a start. However, I've encountered many systems with suspicious/malicious ActiveX controls or BHOs that neither AdAware nor Spybot caught. I can't think of many other people who are willing to rip out chunks of the Registry manually. How savvy should users be expected to be? Education is good, but there comes a point where the OS/software need to make abuse a bit more difficult. I'm curious to see how Win2003 Server and its executable restrictions fare. Not a silver bullet, of course, but a good start. I've given several presentations where I ask an audience member to stand up and blindly do whatever I instruct. Nobody has been willing yet. Most people will only perform certain "whitelisted" actions in a public crowd. Perhaps software should observe similar defaults. Java applets are scored for "safety" based on what calls the execute; why not extend the approach to all applications? Why not run with safe defaults? Eddy -- EverQuick Internet - http://www.everquick.net/ A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita _________________________________________________________________ DO NOT send mail to the following addresses : email@example.com -or- firstname.lastname@example.org -or- email@example.com Sending mail to spambait addresses is a great way to get blocked.