brokencrow: I'm not even going to respond to such stupidity.. I'm joining HTRegz in no longer commenting on your lack of knowledge and/or what you're saying..
Printable View
brokencrow: I'm not even going to respond to such stupidity.. I'm joining HTRegz in no longer commenting on your lack of knowledge and/or what you're saying..
Really? The first part of that statement admits that Microsoft ship their operating system in a potentially insecure state. They do that for commercial reasons, so that it meets their marketing claims to the general publicQuote:
Do you really think that it would make business sense to ship out XP locked down??? nope.. no one would buy it or use it........................................ When you realize that come back and chat... I'll be more than happy to... but until then you're just being foolish.. .and I've got no need to waste my time.
The objection that I have is that between them Microsoft and the OEM manufacturers fail to include any instructions or documentation to advise users of the issues. In other words, to ACTUALLY give them freedom of choice.
So, a system that is insecure is "freedom" and one that is secured is "restricted"?Quote:
People want freedom.. not restrictions....
Let me expose this argument, that I keep seeing time and time again, for what it really is. Basically what it says is:
1. Microsoft cannot be criticised for supplying software that is insecure because a knowledgeable user can secure it. THAT IS ABSOLUTELY TRUE as it stands by itself.
2. Domestic users wouldn't want or buy a system that was "restricted" or locked down by default. This is POTENTIALLY TRUE but would very much depend on what an individual user's perceptions and requirements happened to be? If one assumes that the user requires "unrestricted functionality", as this argument does, then you have a logical impasse.
This is a bit like the logical equivalent of wanting to both have your cake and eat it?
SO LET'S LOOK AT SOME ALTERNATIVES?
1. Microsoft and the OEM's should ship instructions that CLEARLY explain the options, their implications and how to implement the user's choices. There are a number of tutorials and posts on this site that explain how to do this, so why can't/won't the big boys do it?
2. MS products ARE more subject to attack than others because they have such a large proportion of the market. It would be illogical, even foolish to suggest that if another operating system and browser were the most popular to the same extent, they would not be targeted as MS is today, and MS would appear to be "more secure".....................hey, if 90% of systems used the RISC OS then that is where everyone would have their expertise and experience? because that is how they would earn their livings ;)
3. "Security through obscurity" DOES WORK it just happens to be a bad idea because it cannot be relied upon and is based on hope, rather than control.
Which brings us back full circle :cool:
If MS and the OEMs explain the facts they will face increasing pressure from MACs and other OSes.
I agree that is somewhat unfair, but it is a fact of life in the current marketplace & environment.
Basically, if you want to use MS securely you have to lock it down and reduce its functionality, otherwise you might gain some temporary relief from using a relatively obscure and untargeted system.
I wonder which option Steve Ballmer favours?
:)
I really don't know Microsoft's policies on such things since I have not been invited to their board meetings :) However, if this is true, it seems a somewhat questionable practice. A company's name seems to be a very valuable asset. All the bad press which Microsoft has gotten from security issues (whether it is true or not) cannot be good for their business. It seems to me that shipping a locked down browser and OS along with some reasonably detailed security instructions would go a long way toward helping MS take a club out of the hands of people who are using it to beat them. Then they could say, "Well, we've done all we can. If users disable security features, it's beyond our control." And it would be.Quote:
Do you really think that it would make business sense to ship out XP locked down??? nope.. no one would buy it or use it... People want freedom.. not restrictions.
And as a matter of fact, I think all Linux distributions should include some kind of security tutorial on the desktop where a user could see it when he or she logs in for the first time.
Hi preacherman481
I am inclined to agree that the defaults should be for higher security. I speak from personal experience of building OEM kits for people. I tend to lock them down pretty tight based on what they tell me they want to do, and explain some of the most common options and concepts.
They don't understand the difference between internet and trusted zone for example............. :eek:
I very rarely have any complaints, but that IS based on talking to them and finding out the requirements are.
Perhaps the retail side of the industry should take some of the responsibility as well?
It is surprising how little of a system that people use? just look at Microsoft Office suite for example. People buy it and are very happy with what it does, but I doubt if they use much more than 25% or so of its features?
I suspect that MS marketeers are actually rather paranoid in this area? I know that I am :D and would prefer to start off with less functionality and a more secure system, then take it from there.
Obviously I am talking the domestic/home/SOHO environment here.
At the end of the day I go back to my observation that many domestic users buy a PC as they would a washing machine or microwave. I cannot blame them as this is how they are sold to them?
:)
I'm placing my bets on the idea that these systems are indeed harderQuote:
If you are using this as an advantage for Linux, Mac, you might want to explain why fewer viruses are written? E.g. "Is it because they are less popular systems, or is it because they are harder to write viruses for/"
to attack successfully. Unix has always had a big share of the server
market, and it stands to reason that the bad guys are highly motivated
to attack them. They are better operating systems, period.
As to the Internet Explorer defaults, Microsoft is about to get religion on this
because they have already been advising people that the only way to
protect themselves is either "don't surf to untrusted sites" or disable
active scripting.
The really sad thing is (I've been preaching this for a while now), that they
could have a secure browser with a high degree of functionality by setting
the internet zone very strict and give you a simple one button click
to move sites to the trusted zone whenever things "don't work"
http://www.microsoft.com/windows/ie/...s/pwrtwks.mspxQuote:
Restriction commands in the tools menu help you set sites as trusted or restricted without having to wade through the control panel to find the controls.
The stuff is available, but i know my wife does not know how to do
this.
:cool:
I don't find it inconceivable that in the future there will be some kind of legal/civil penalty for failing to properly secure a system. Some kind of "due diligence" liability. Don't laugh, you all know that these compromised computers aren't idle. These "bot fleets" are used for cracking, spamming, and DDOS attacks, and all these things cost money. And where money is involved,,,, well, you know laws won't be far behind.
Well, and that is a problem. Computers are not toys. They may not be deadly weapons, but they can be economic weapons.Quote:
At the end of the day I go back to my observation that many domestic users buy a PC as they would a washing machine or microwave.
I thought I'd try this little test since I do not run Firefox but rather a browser based on IE.
With my standard setup (which is NOT a plain box) I can't even click the link to start the test.
Oh...geez...I have to turnoff my popup blocker which also stops javascripts. ;)
Single click -off goes the popup blocker. Try again.
Now I get another tab (webpage) to appear, first with a Google page, then back to Secunia site which shows a Secunia address (http://secunia.com/19521_swf_result/).
If I wait a couple minutes, the address changes to a Google address, and a couple minutes after that the address returns to Secunia with large RED letters S E C U N I A.
Here's what my popup blocker logged, in part:
GET http://secunia.com/Internet_Explorer...rability_Test/ HTTP/1.0
GET http://secunia.com/html/default.css HTTP/1.0
GET http://secunia.com/gfx/blank.gif HTTP/1.0
GET http://secunia.com/gfx/orangebottom.gif HTTP/1.0
GET http://secunia.com/gfx/logo.gif HTTP/1.0
GET http://secunia.com/gfx/dub.gif HTTP/1.0
GET http://secunia.com/gfx/15line.gif HTTP/1.0
GET http://secunia.com/gfx/longline.gif HTTP/1.0
GET http://www.google.com/ HTTP/1.0
GET http://www.google.com/favicon.ico HTTP/1.0
GET http://www.google.com/intl/en/images/logo.gif HTTP/1.0
GET http://secunia.com/19521_swf/?0.030482915521364673 HTTP/1.0
GET http://secunia.com/19521_swf_result/ HTTP/1.0
GET http://secunia.com/html/default.css HTTP/1.0
GET http://secunia.com/gfx/logo.gif HTTP/1.0
GET http://secunia.com/favicon.ico HTTP/1.0
I guess all this is a moot point if javascript is turned off for all but trusted sites.
The theoretical part of me says: this could be a dangerous exploit!
The practical side of me says: I wonder how widespread this exploit is and how many people have been ripped off because of it?
Here you go, preacherman, a good article on virii in Linux and Windows:
http://www.theregister.co.uk/2003/10...ndows_viruses/
I doubt viruses & spyware will ever pose the threat to the *nix family they do to Windows.
excellent! thank you soda_popinksky, that is what i needed to know! i appreciate the help! :)Quote:
Hey -
Yes, increasing the security level for the internet zone will lower the functionality of IE. This will reduce the number of threats against it. Patching will mitigate known vulnerabilities. If you can do your surfing under a user account, then the level of exploitation possible through the browser will be greatly limited as well.
Microsoft has tons of documentation on the subject... As i've pointed out many times in the past... there's http://www.microsoft.com/athome/secu...s/default.mspx. There are plenty of other tips on their site... Dell will come in and set your computer up for you if you want.. I just past a poster on a lamp post a few hours ago walking to the store... for $20/hour a guy will come to your house and secure your computer for you... How many people look at instructions as it is... nothing in my house has been assembled with instructions...Quote:
Originally posted here by nihil
Really? The first part of that statement admits that Microsoft ship their operating system in a potentially insecure state. They do that for commercial reasons, so that it meets their marketing claims to the general public
The objection that I have is that between them Microsoft and the OEM manufacturers fail to include any instructions or documentation to advise users of the issues. In other words, to ACTUALLY give them freedom of choice.
As for including safety instructions or telling you how to operate it properly.. Is Ford responsible for providing training so you can obtain your drivers license??? Most places don't even ensure that you have a license to buy a car (I've driven a few home for buddies that bought cars for their upcoming 16th birthday's)... I have a gas stove... it's much more dangerous than a computer... The manufacturer (Danby), nor the gas company (Enbridge), nor the store that sold the stove provided training on what to do if the pilot light goes out, or how to relight it
If Microsoft said we're going to include documentation on how to properly secure your system... but we're going to charge you an extra 10 dollars... how many people would scream... they'd complain.. and why should Microsoft provide it free of charge.. it's already on their website.. just go get it.
Exactly... security = restrictions... everyone knows thatQuote:
So, a system that is insecure is "freedom" and one that is secured is "restricted"?
How do I lock down my network... I restrict outside access... how do I secure my wireless access point... I restrict mac address access... how do I filter certain ports... I restrict access to them... how do I keep users out of other users folders... I restrict their access to folders... security is all about restrictions... as for insecure = freedom... if you have no restrictions on you... you're free... so yes.
Any user can secure the software... they just have to learn how to do it... Do we criticize the car companies for not supplying instructions to add oil, fill the washer fluid or add gas??? My Grandma can't do those things... she pays to have it done rather than learn how... is that Ford's fault??? nope... So how can you blame Microsoft because people don't want to learn to do it..Quote:
1. Microsoft cannot be criticised for supplying software that is insecure because a knowledgeable user can secure it. THAT IS ABSOLUTELY TRUE as it stands by itself.
This is more than partially true.. Users get frustrated enough by the bar's in IE 6 SP2 asking them to allow an Active X Control to run... or this software to install.. or this pop-up to open... or in Outlook when certain attachments are blocked because of their type... If the average user get's pissed off at this, how are they going to function if they find out they can't install their software just by double clicking anymore...Quote:
2. Domestic users wouldn't want or buy a system that was "restricted" or locked down by default. This is POTENTIALLY TRUE but would very much depend on what an individual user's perceptions and requirements happened to be? If one assumes that the user requires "unrestricted functionality", as this argument does, then you have a logical impasse.
This is a bit like the logical equivalent of wanting to both have your cake and eat it?
Why should Microsoft do it... a co-worker and I were having a great chat the other day about freedom of information... nothing is free.. Even volunteer work... you do it because it makes you feel good... people post tutorials here because they feel good helping others... Computers are their hobby so it makes sense that this is where they'd spend their free time... and they feel good by putting their hobby to use, it makes them feel justified... Microsoft is a company... companies want to make money, so why would they want to do this for free... there's nothing in it for them... Just as Ford doesn't walk you step by step through changing your oil, or putting on the spare tire...Quote:
SO LET'S LOOK AT SOME ALTERNATIVES?
1. Microsoft and the OEM's should ship instructions that CLEARLY explain the options, their implications and how to implement the user's choices. There are a number of tutorials and posts on this site that explain how to do this, so why can't/won't the big boys do it?
Why would this be illogical or foolish, it's entirely true... It's true... Microsoft is at the point it's at, because of it's popularity... People target what is popular and in use... For Example.. you used to see tons of toys / exploits / vulns / whatever for ICQ... now that it's gone you see them for MSN, AIM and Yahoo..Quote:
2. MS products ARE more subject to attack than others because they have such a large proportion of the market. It would be illogical, even foolish to suggest that if another operating system and browser were the most popular to the same extent, they would not be targeted as MS is today, and MS would appear to be "more secure".....................hey, if 90% of systems used the RISC OS then that is where everyone would have their expertise and experience? because that is how they would earn their livings ;)
Agreed.... but I"m not sure that I'd call that working... I say it "appears to work"Quote:
3. "Security through obscurity" DOES WORK it just happens to be a bad idea because it cannot be relied upon and is based on hope, rather than control.
I'm not sure how MS wlil face increasing pressure from Apple and other's if they explain the facts... Every OS needs to be locked down to be secure... you can't brand that as an MS only problem.... At the same time.. users don't want that.... Even HP-UX.. you can run Trusted HP-UX... it's much better... but a lot of people don't want to.. even though you purchase the same software and type one little command to convert it.. companies don't do it. If companies won't do it why would users do it..Quote:
Which brings us back full circle :cool:
If MS and the OEMs explain the facts they will face increasing pressure from MACs and other OSes.
I agree that is somewhat unfair, but it is a fact of life in the current marketplace & environment.
Basically, if you want to use MS securely you have to lock it down and reduce its functionality, otherwise you might gain some temporary relief from using a relatively obscure and untargeted system.
I wonder which option Steve Ballmer favours?
:)
'Tis better to remain silent and appear foolish, than to open your mouth and remove all doubt'... Perhaps words you should live by... Do a current users to current threats... and then speak again... You're a ****ing tard... my only irritation is that you see that as a bunch of ****'s so the full effect cannot be appreciated... Go read a book and get a life... leave this site to those with a clue and those that need help... or accept that you don't have a clue and say you need help..Quote:
brokencrow
I doubt viruses & spyware will ever pose the threat to the *nix family they do to Windows.
Peace,
HT