> From: John Taylor
> 
> I don't think it's as simple as that. Today's software is so complex
that
> it's astoundingly easy to trick the average user into installing
anything
> you want them to. You don't need to take advantage of a buffer
overrun.
> Just pop up a message telling them that their Flash player is out of
date,
> and that it will be automatically updated if they click "Ok". Nine
times
> out of ten, you'll end up owning their system. The virus scanner helps
> mitigate this by essentially keeping a catalog of malicious software.

I disagree.  Stupid users defeat all automatic methods except maybe the
thing client (or auto-refresh on reboot).  The only proper combination
is good software, as you suggest, AND good user training.  But if users
were trained to not click on the button and Microsoft software had even
a modicum of quality control, then it's my contention that most of these
virus writers would wither and die, because without those buffer overrun
exploits (very simple to fix), most things would be impossible, and it
wouldn't be worth the effort.  There would still probably be a few
mutant nerds out there trying to create worms, but it wouldn't be a
multi-billion dollar business.

But you're correct that some software to help users guard against
themselves is a good thing, and I include myself as a user.  Some of the
stuff (and this is particularly true of Windows-based attacks) is so bad
that all you have to do is mistype a URL and your machine is toast.


> This is not really a Windows-only problem.

But Windows makes it far, far, far, far easier.  Yeah, I think four
"fars" is about right.

Joe


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.