[Hidden-tech] Security: Mac vs. Windows is no longer an argument

Robert Heller heller at deepsoft.com
Tue Dec 9 12:47:09 EST 2008


At Tue, 09 Dec 2008 11:55:20 -0500 roger at qux.com wrote:

> 
> >>>>> Robert Heller <heller at deepsoft.com> writes:
> 
>   > In this [corporate] environment, it is perfectly viable for the various
>   > in-house office workers to share all sorts of legitimate company stuff ...
> 
> Naw... you can't tell me that there's ever an excuse for automatically running
> executables received in attachments.  Macros in Word documents are a different
> issue (running with root permission?  Hello??) but they aren't the primary
> infection vector for spam-distributed malware.

*I* agree with you, but the 'Pointy Haired Corp. Bosses' might have
other thoughts.  And of course the *marketing* dept. at Microsoft is
generally clueless WRT sensible software design principles. Also, there
is the MS-DOS/MS-Windows weirdless of 'self-extracting' archives, and
other similar nonsense, mostly because MS-Windows tends NOT to have all
of the 'essentual' utilities installed and/or MS-Windows users are
clueless about these sorts of utilities and because people who deliver
stuff (software, media, etc.) have been ingrained with it idea of
making things 'easy' (?) for the end-user, by bundling stuff into a
'click here' lump to install/setup/configure/view/whatever, using some
sort of 'wizard' to do all of these steps with a series of friendly
dialog boxes...  The problem (of course!) is that *anything* can be
delivered this way, including malware of all sorts.  Microsoft makes
this easy, by including all of the tools to make it very (end-)user
friendly with pretty dialogs and suchlike.

> 
>   > The problem is that when a home user ... connects a MS-Windows machine ...
> 
> No, I don't buy that argument.  The trade journals report that 99%+ of the
> machines on botnets are behind decently-maintained firewalls at big
> corporations.  And the system administrators at Intel (as an example of one of
> the more vigilant big companies) tell me they can't do much about the problem
> as long as they support Windows.

I'm not claiming that the corporate worker bees are any more clueful
than home users (since they are generally the same people!) or that
MS-Windows-oriented corp. IT depts are necessarily any more clueful
either (what really can one learn about proper network security in only
6 months of night classes* -- yes you might be MSCE certified, but what
does that mean, really?)...  I would agree that the sort of promiscious
(one-click *or less*) media sharing that Microsoft (and the corp.
culture) encurages/expects is generally bad, no matter what sort of
(good, bad, or indifferent) 'protections' (firewalls, virus scanning,
etc.) are in place.  Even if the proported sender is legit, there
should be a vetting and confirmation process for all attachments.  And
of course this is all on top of Microsoft Windows's *nortoriously*
*bad* security model (which only adds fuel to the fire).


*There is a radio ad for some night school that claims that one can spend
6 months 'studying hard', get your MSCE certification, and go off into
the high paying world if IT work...  Ha!

-- 
Robert Heller             -- Get the Deepwoods Software FireFox Toolbar!
Deepwoods Software        -- Linux Installation and Administration
http://www.deepsoft.com/  -- Web Hosting, with CGI and Database
heller at deepsoft.com       -- Contract Programming: C/C++, Tcl/Tk
                                                                            


Google

More information about the Hidden-discuss mailing list