Researchers from a little-known security software company named Sunbelt Software have seemingly uncovered a criminal identity theft ring of massive proportions. According to one of their employees, Alex Eckelberry, during the course of one of their recent investigations into a particular Spyware application - rumored to be called CoolWebSearch - they've discovered that the personal information of those "infected" was being captured and uploaded to a server.
To read all comments associated with this story, please click here.
Member since:2005-07-06
Not to be contrary, but it does (and does it MUCH better than Linux).
You can restrict so much with simple group policies, so much more than you can with Linux, especially since Linux doesn't have a set shell or UI.
You are comparing a fully administered Linux/Unix system with a Windows system that belongs to some dumbass.
Member since:
Member since:"Technology very much can alter this behaviour, if those designing that technology are prepared to try."
Try to your hearts content. It still doesn't change the fact that security and "ease of use" are at odds with each other. The more hoops you make people jump through to use your OS. The less inclined they are to use it. Educating people about security while not so "gee whiz" in any geeks book, is more effective over the long run. And less breakable than any technological solution.
Member since:"Try to your hearts content. It still doesn't change the fact that security and "ease of use" are at odds with each other. The more hoops you make people jump through to use your OS. The less inclined they are to use it. Educating people about security while not so "gee whiz" in any geeks book, is more effective over the long run. And less breakable than any technological solution."
Well you see that is the problem. Because what you are saying is that security is really just a geeks concern. That is a very common attitude which has led to the current state of affairs. You appear to imagine that all Windows users have their machines routinely locked down in a similar way that you do (if indeed you do)- but as I actually work in a support centre I can very much assure you that this is NOT the case.
Indeed something like 60% of the calls we get are to do with Viruses and syware. Why else could this be - and why could such massive numbers of systems such as in the above story be compromised - if indeed it were not true that most Windows users were simply clueless about security?
You say 'educate them' - and on that score I agree - but I think the education has to come in the way people use an OS. Ease of use is all that much use if you risk having your identity stolen and your bank accounts emptied. By not making users think about secuity - by not forcing them to consider these issues you are effectively preventing them from learning the real value of security.
I say use the technology to educate them - whereas you say - well I'm not clear what you are saying. You want to educate them how? Do you imagine that the vast majority of computer users regularly (or even ever) read sites like this? Because I assure you they don't. They epect their computer to work like a washing machine. They expect to turn it on and for it 'just to work'. There is certainly no expectation at all that their computer might pose any significant danger to their personal or financial security. No one ever really thinks that their computer is seriously capable of doing them any harm. But of course as we know, the truth is it can. So again how exactly are you going to reach into people's homes and change their behaviour by your method of education? Technology can do this it can reach into people's homes it can teach them the value of security over ease of use. The two are not as has been implied 'incompatable' - but you must certainly educate people about the value in surrendering at least a little of that ease of use to ensure their own personal security and to teach them how to behave responsibly.
If they are like most switchers who have swiched from Windows to a more secure OS, they will (as I did) quickly come to value the increased security and will be happy to surrender that little bit of extra ease of use for the added peace of mind that this will give them.
Indeed my own experience is that it really IS like being re-educated - because quite soon typing a password to do most things on your PC things does become second nature. So in time you forget what you ever found difficult about it to begin with.
GJ
Member since:
"Once again people, security comes down to people, not technological solutions."
That is just you being an MS appologist. If as Linux does, you can build a system that forces users to consider security, then clearly a large part of the answer can be technological. As I said,you can take a leaf from the spyware writer's book and call it 'reverse social engineering'if you want. You can alter a users behaviour and re-educate them by putting a strict security regime in practice from the minute the turn on their machines to the minute they switch them off.
All you need to do is build your system in such a way that users always need to consider the issue of security in almost all of the things they do - which due to individual permissions on individual applications and directories is already true of Linux. Just having some lame popup box that reminds people that 'they might be at risk' if they don't install this or that commercial app - as does Microsoft's so called security centre - isn't nearly enough.
You need your regime to have a lot of restrictions in place so that you can *make* your users have to deal with them - and in so doing actively teach them the value and the meaning of security.
That isn't something Windows does at all - as clearly whether a non admin account is more secure or not, the vast majority of Windows users do NOT run non admin accounts. Nor have they any real idea about the level of risk that their lack of understanding exposes them to.
Technology very much can alter this behaviour, if those designing that technology are prepared to try.
GJ