[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Windows 7 UAC compromised
- To: yr42.lists@xxxxxxxxx, kevin@xxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] Windows 7 UAC compromised
- From: "Elazar Broad" <elazar@xxxxxxxxxxxx>
- Date: Fri, 06 Feb 2009 09:55:20 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
<snip>
I maintain that by not educating our users we are failing in that
goal.
</snip>
With many it is in one ear, out the other, unless you are allowed
to use a clue bat...
On Fri, 06 Feb 2009 09:36:32 -0500 Kevin Wilcox
<kevin@xxxxxxxxxxxxxxxx> wrote:
>2009/2/6 Yudi Rosen <yr42.lists@xxxxxxxxx>:
>
>> But Joe the Plumber doesn't want to have to click on endless
>'confirm'
>> dialogs every time he tries to use the computer. Simply having
>him run as a
>> non-admin user only fixes half the problem.
>
>No, it doesn't fix anywhere *near* half of the problem; it doesn't
>address that we have millions of people that use their computers
>without knowing anything about them.
>
>"But not every car driver needs to be a mechanic!" Yes, I know
>this,
>but every driver needs to know that there are laws and rules
>concerning how they drive and what happens when a 1200 kilogramme
>car
>hits a 100 kilogramme pedestrian at 70 kilometres/hour. Every
>driver
>needs to know they need to have their tyres rotated and their oil
>changed. There are things you must know beyond, "accelerator,
>decelerator and steering wheel".
>
>"But a computer isn't going to kill anyone if someone gets
>infected by
>a virus or trojan!" Yes, I know this, too, but if you're mixing
>questionable software and surfing habits with online banking and
>shopping, it's a recipe for destruction. Welcome to identity theft
>and
>empty bank accounts.
>
>We can either continue to pretend like it's *only* really crappy
>software or we can realise that it's a combination of easily
>exploitable software, user ignorance and user apathy. You can give
>them an operating system that has been vetted and been through
>multiple code reviews by people that really do know secure OS
>design
>but they wouldn't be able to accomplish anything at all. So what
>do we
>do? We give them operating systems that are less secure, hope they
>don't shoot their feet off and turn them loose with it - but we
>don't
>shoulder the burden of training them. Some of us do but we, as a
>collective, do not. Until we can properly educate our users, all
>we
>are doing is trying to mitigate risk in the best ways we can while
>still providing them a service. I maintain that by not educating
>our
>users we are failing in that goal.
>
>kmw
>
>--
>Far better is it to dare mighty things, to win glorious triumphs,
>even
>if chequered by failure, than to take rank with those poor spirits
>who
>neither enjoy much nor suffer much, because they live in the grey
>twilight that knows not victory or defeat.
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at https://www.hushtools.com/verify
wpwEAQECAAYFAkmMT1gACgkQi04xwClgpZgnUgP7B0HbM0CEvXuhzgFmOuCe78TAbNsu
sbc4JuWZU7sY6AqL7gHlg7MP4x6z3j49DWYtpHOHLvwThJeKzwxAthXnnaH0I6PT64Ki
5l2HO42hI+hmablEJKvqSdBCMJgk48UGONnFAPvVCuThr3yyIRpnIb9vjH5RDY093yOo
KMo1FTY=
=eAt7
-----END PGP SIGNATURE-----
--
Protect our community. Click here to take criminal justice classes and begin a
rewarding career.
http://tagline.hushmail.com/fc/PnY6qxtpLJCHFvjYoeYUQ4XsQaFkOvAGtlKkYBY2VxrXTypHIfN0k/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/