.comment-link {margin-left:.6em;} <$BlogRSDUrl$>

Monday, December 11, 2006

Lusers. All Lusers. 

Microsoft has been touting its latest iteration of Windows, called Vista, as the latest weapon in the arsenal of security. Vista is supposed to be light years ahead of current Windows XP in terms of security. Internet Explorer 7 is supposed to be the answer to IE users' complaints about threats and vulnerabilities. While I think that these enhancements are laudable and necessary, I do not think that Windows Vista will be the silver bullet of security for the coming age of computers. In fact, I doubt that there will be much change at all in the overall security landscape surrounding Windows users.

Consider, if you will, the typical Windows user. He or she can range from a very intelligent, well-educated professional individual to the relatively uneducated, unsophisticated Internet game addict. It's the latter group that unfortunately makes up a large enough percentage of the Windows user group to be a threat. These people wouldn't recognize most security threats if they came announcing themselves with big flashing signs (which many of them actually do). I can't tell you how many times I have had to work with this type of Windows user. Their computers are usually so clogged with crap that they've downloaded that the machine is barely usable. These users are almost impossible to rehabilitate. They feel drawn to download useless and malicious programs because of their online habits. Vista will almost certainly be no match for these types. Very little can be done to protect against stupid people making stupid decisions.

What we need to do is educate. All the technology in the world isn't going to solve a problem of basic education. Many folks just don't recognize a bad program from a good. And many of these people also don't realize that bad programs even exist. To them, a bad program would have a warning label on it or something. Well, the truth is, many ill-intentioned programs come disguised as helpful programs. To compound this problem, many users feel some strange need to install everything the see. They feel it necessary to have browser search bars and tool bars and various other "assistants" to help them use their computers. What they really end up with is a machine filled with spyware and other malicious software. So many of these programs carry monikers of "assistant" or "search" or "help." These key words fool many less-educated users into believing that they are really useful programs. "Hey, it'll help me search the Internet." or "It'll help me organize my photos." I don't personally find a need for any toolbars to help me search. Google is the search assistant. So, to help get started on educating people to recognize malicious software, I am preparing a list of potentially harmful applications that seem to be very popular with the unsuspecting, under-educated crowd. I would highly suggest that users stay away from the following:
I have seen, from time to time, advertisements on web pages in big bold letters: "WARNING! YOUR COMPUTER IS BROADCASTING AN ADDRESS WHICH CAN BE USED TO IDENTIFY IT TO OTHERS. Download this software to prevent this from happening." It will often have the user's IP address displayed prominently in the ad as well, for proof of this horrible discovery. Now, this form of advertising is just low. To a less-knowledgeable Internet user, this would be very alarming and might cause the person to download the software in order to prevent this private identification number from being picked up. However, with a little knowledge, the user will simply know that having this "identification number" is actually normal for any Internet-connected device. Also, this number no more identifies the user than does a PB&J sandwich. It is known as an IP address. It is necessary for any Internet-connected machine to have an IP address (usually assigned by the ISP) for that machine to be able to send and receive data. The only way for packets to get from node to node on the Internet is for the packets and routers to know the address of the next node. If a user is concerned about broadcasting this IP address, they should install and update a firewall to close off ports on that address. So, in short, having an IP address is not a bad thing.

Anyhow, I am sure that even though Vista will enhance security on the Windows landscape, Windows simply can't be hardened enough to protect against stupid decision makers. So, keep up to speed on the security scene. :)

Comments: Post a Comment


This page is powered by Blogger. Isn't yours?