[Hidden-tech] Security: Mac vs. Windows is no longer an argument

[Robert Heller]

At Mon, 08 Dec 2008 16:49:31 -0500 Roger Williams <roger at qux.com> wrote:

> 
>    ** Be sure to fill out the survey/skills inventory in the member's area.
>    ** If you did, we all thank you.
> 
> 
> >>>>> RA Cohen <roy at net-vantage.com> writes:
> 
>   > someday, coming to you real soon, will be that email attachment you
>   > inadvertently opened that turns your machine into a zombie
>   > spam-thrower.
> 
> After 20 years managing networks and designing network equipment, I have to
> confess that I'm still bewildered by this.  Why on earth would _anyone_ design a
> mail client or desktop manager so that it automatically executes code after
> extracting it from an attachment -- and why on earth would any user _permit_ this
> behaviour once he knows that his computer is configured that way?!

It is supposed to be a 'convenience' feature to make it easy for users to
share rich media content with each other.  Or some such *marketing*
nonsense.  Microsoft needs to (re-)sell its software over and over again
in order to maintain a revenue stream.  It does this by selling the
*same* system with a new name, additional features (mostly bad ideas
fromthe *marketing* dept.), and cosmetic makeovers.

You also have to realize that the default setup of MS-Windows assumes a
'proper' corp. network environment,  one where there is a good firewall
and an in-bound E-Mail server that is stripping off bad attachments. 
In this environment, it is perfectly viable for the various in-house
office workers to share all sorts of legitimate company stuff (eg
PowerPoint presentations, Word Documents, and Excel spreadsheets).  The
problem is that when a home user (who generally has no clue and no IT
dept to back him/her up) connects a MS-Windows machine configured for
this sort of environment directly to a DSL, Cable, or FIOS modem, you
have a machine waiting to become a spambot...

> 
> >From the feedback I get from Windows users, I have to assume that they're
> powerless to stop their computer from automatically executing code that it
> receives from unknown and untrusted sources.  I know that my Mac, Linux, and
> Solaris installations don't do that.
> 

-- 
Robert Heller             -- Get the Deepwoods Software FireFox Toolbar!
Deepwoods Software        -- Linux Installation and Administration
http://www.deepsoft.com/  -- Web Hosting, with CGI and Database
heller at deepsoft.com       -- Contract Programming: C/C++, Tcl/Tk