Linked by Thom Holwerda on Sun 23rd Sep 2007 10:54 UTC, submitted by irbis
Bugs & Viruses "For at least a decade, the standard advice to every computer user has been to run antivirus software. But new, more commercial, more complex and stealthier types of malware have people in the industry asking: will antivirus software be effective for much longer? Among the threats they see are malware that uses the ability of the latest processors to run virtual machines that would be hidden from antivirus programs." Note: Please note that our icon contest is still running! So if you have an idea on how to rework this story's icon, read this.
Thread beginning with comment 273733
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[5]: ...
by Doc Pain on Mon 24th Sep 2007 01:04 UTC in reply to "RE[4]: ..."
Doc Pain
Member since:
2006-10-08

"Yes, I admit it. I just don't think that this direction of thought will lead to a solution for the problem. Or better, it won't lead to a *complete* solution as long as it does not include technical perfection of the system itself."

This is true. OS and applications - that can be claimed - should have the goal to form a solid and secure basis. As long as OS internals, protocols, stacks, drivers, along with programming interfaces and libraries, do contain stuff that can easily be abused and utilized for "viral behaviour" (data espionage and saboutage, spamming, spoofing etc.), even better educated and experienced users can't be totally safe.

"Mostly yes, but I did have the "pleasure" to fix the computers of the "black sheep" too. Luckily I'm not doing this as a job, so I am seldom asked to fix computers, and then mostly by friends."</li>

You're really lucky, I guessed right. :-)

[i]"My argument still holds though: Take a user with no knowledge about the workings of a computer, who will neither explain a problem properly that he encountered, nor even listen to your questions or replies - yes, the user is ignorant, but it's equally ignorant to call him stupid and claim that he/she must be educated. Regardless of the fact that you'll never "educate" him/her."


The term "educate" may be misleading here. To put it into more friendly words: Experience is what's needed here. It's like learning how do use a bike. At first, you fall onto your nose, and friends help you, encourage you to try again. But they won't do very long, so you do some training in order to drive on your own, including less and less injuries due to control or balance loss.

You know, my boss never thought about backups. But suddenly, his "great" IBM DTLA hard disk broke, it was a disaster for him. Now he's doing backups - he gained experience. And I told him: The day he stops making backups, the hard disk will fail. :-)

In Germany, victims of computer saboutage were taken to trial and sentenced for assistance in data espionage. Their mistake: Leaving a PC without proper protection, so it got used by criminals for storing and sharing commercial applications, movies, and pornography. "But I didn't know!" didn't convince the judges.

Furthermore, some common sense is essentially needed. Things users do know from the real world (e. g. "nothing is for free" or "a shiny box does not guarantee a shiny product") should be transported into the more abstract computer world. Nobody on the Internet will give you a US$ 500 watch for free, even if you click on the bunny. And when the PC says "enter your credit card number and PIN", better ask yourself what to do, because you wouldn't give your confidental data to someone on the street, would you? When users would trust their knowledge (the knowledge they had before a PC entered their home or work), using the computer would be more safe for them.

"I find it refreshing to give a user *real* insight in this area (and of course, other areas too)."

Some of them are very surprised when they learn the truth about how something works, how old fashioned a "brand new" product is or how cheap and crappy their "expensive" stuff really is. :-)

I demonstrated to a former customer the easieness of breaking into his PC - using an 1:1 STP cable connection, of course. It didn't take me 10 minutes to gain complete access over his data. I did copy some of his files, deleted (prepared) files and changed some system settings. He was surprised how easy it was when I could explain to him what I did in fact.

"If they can learn themselves, the better."

So did the majority of "us professionals". :-)

Of course, learning is possible from mistakes, but you should not make every mistake over and over again.

"Sometimes this needs special software, sometimes not: For example, the more I work with Mac OSX, the more cases I encounter where I find it too dumbed-down (read: not configurable). For a newbie though, OSX might be ideal to learn some basics. A developer on the other hand may find Linux more interesting because all its inner workings can be studied."

While users usually do not find any need to know about how somethings work, developers do, more or less specific (using kernel interfaces, system libraries, toolkits etc.). This possibility is one of the great advantages of free software such as Linux, Solaris or the BSDs.

"However, a system that can be studied en detail does not equate to a system that *needs* excessive user-knowledge and maintenance."

Every system needs maintenance. The question is: How is this maintenance requirement organzied? Is user interaction needed? Is it included in the OS or is additional software neccessary?

"A read-only PC would be enough for many people."

There have been TV sets with internet connection around, but I think nobody uses them anymore.

In the gaming sector, there are gaming consoles for the ones who do not want to play on the computer.

Thin clients (e. g. Sun Ray) offer centralized functionality with no responsibility for the user, but need a qualified system administrator on server site.

"Above that, it may be sufficient if advanced features are hidden by default but can be unlocked - possibly by passing some kind of "user exam", which can be as simple as *finding* the switch to enable advanced options."

Such a "level structure" has been included in GeoWorks Ensemble where you could switch (without barrier) between beginner, advanced and professional users, making the menu contents changing from just the basic functions up to complex functionalities.

Your idea of an "exam" is interesting. (Car analogy: the driving test in order to get the driving license)

"I agree that it's a hard problem, but I think it's also an interesting problem ;) "

In fact, it is. And it will stay interesting because it will determine the development of the software world (and maybe the hardware world, too) in the future.

Reply Parent Score: 2

RE[6]: ...
by Morin on Mon 24th Sep 2007 10:12 in reply to "RE[5]: ..."
Morin Member since:
2005-12-31

> At first, you fall onto your nose, and friends help you, encourage you to
> try again.

That only works nice when users "fall on their nose", as with (nonexistant) backups. Unfortunately with malware it's more like telling people they shouldn't smoke because they'll get lung cancer from it.

> Furthermore, some common sense is essentially needed.

Indeed. Users who enter their credit card number anywhere just to see the dancing bunny are lost anyway - they might as well get cheated on without involving a computer. However there are cases where common sense is far from enough, e.g. if a website disguises as a banking program (*any* popular banking program - it will still hit enough users to be profitable).

> There have been TV sets with internet connection around, but I think
> nobody uses them anymore.

I should have been more specific. I didn't mean a pure read-only PC but rather one that allows a user to handle files freely but not extend functionality, except through very limited scripting (e.g. website-confined javascript). The kind of thing that one might prepare for one's grandparents.

> Your idea of an "exam" is interesting. (Car analogy: the driving test
> in order to get the driving license)

It wasn't really *my* idea, but I read it somewhere on OSNews. I think the comment referred to OSX, where (reportedly) the advanced options can only be changed by editing text config files, so they will only be touched by users who know how to do that.

Reply Parent Score: 2

RE[7]: ...
by netpython on Mon 24th Sep 2007 10:18 in reply to "RE[6]: ..."
netpython Member since:
2005-07-06

Users who enter their credit card number anywhere just to see the dancing bunny are lost anyway -

The target is more likely the client database of major online shopping centers. Credit card numbers by the hundred thousands instead of a single one ( to labour intensive).

Reply Parent Score: 2