It's not just IE, then?

[HAL9000]

Yes... I too like where this thread has gone... IE/Firefox/Moz/Opera, it's all a personal choice and safe surfing is all about education, simple as that.

[mairving]

Quote:

Originally Posted by Statica sataraid0 raises an exceptional point, one of education and research in using computers. That is the starting point for being less of a target to attacks.

From personal experience though, there are a lot of people out there that can't be educated. I have one user at work that gets an email hoax forwarded to him and proceeds to forward it out to all. Well I explained to him were to go to check the stories, he doesn't. I have told him to send them to me to check them before he sends them out, he doesn't. So in spite of the education that he has received, he is still clueless. Well guess what he no longer has the priviledge of sending an email to everyone. The bad thing is that he is not all that uncommon.

The other issue is that there are still quite a few people still on dialup. Want to keep Windows updated or install XP Sp2? How about updating your anti-virus sigs? No real good way for them to accomplish that so they get a virus. Maybe we should eliminate dialup instead of Microsoft.

I use and like most Microsoft products. The biggest beef that I have with MS is their business philosophy of "get all you can, can all you get, sit on the lid and poison the rest." We need alternatives to Microsoft in order for things to get better.

[Kov-Ice]

Quote:

Originally Posted by Statica These IE vs Firefox threads are getting quite ridiculous, as much as the Intel vs AMD threads. I mean look at the subject of the thread : "It's not just IE, then?" .. rather than a simple "Firefox and IE vulnerable to phishing" or "Vulnerability in Firefox" .. and then it gets progressively worse.

In retrospect, this sure looks like the start of a "VS." thread. That was not my intent. In agreement with you, the title was more to simply point out the fact that blaming IE or recommending Firefox is not the cure. As Ezy and Kram stated, the most vulnerabililties will be exploited in the product most used. You can only hide behind a particular product for so long until the real culprit emerges - the user.

[HAL9000]

Quote:

Originally Posted by mairving From personal experience though, there are a lot of people out there that can't be educated. I have one user at work that gets an email hoax forwarded to him and proceeds to forward it out to all. Well I explained to him were to go to check the stories, he doesn't. I have told him to send them to me to check them before he sends them out, he doesn't. So in spite of the education that he has received, he is still clueless. Well guess what he no longer has the priviledge of sending an email to everyone. The bad thing is that he is not all that uncommon.

I hear ya there. I have some friends that are mad at me because I have blocked their e-mails. No matter how many times I tell them, they don't listen that Microsoft, IBM, Compaq, etc DOES NOT issue virus warnings... they really don't give a flying you know what if you get a virus... that's your problem, not their concern. Yet these same people... over and over... get the e-mail and then spam their e-mail list, yahoo, MSN, AIM contact lists.

[digitalfreedom64]

I've got an idea that might would help microsoft. The should include something when you buy there OS or a computer with their OS that has the potential to educate people the don't know what they should do to protect themselves. Microsoft keeps complaining about users and users keep complaining about microsoft. Basically what i'm trying to say is there is fault on both parts.

[mairving]

Quote:

Originally Posted by HAL9000 I hear ya there. I have some friends that are mad at me because I have blocked their e-mails. No matter how many times I tell them, they don't listen that Microsoft, IBM, Compaq, etc DOES NOT issue virus warnings... they really don't give a flying you know what if you get a virus... that's your problem, not their concern. Yet these same people... over and over... get the e-mail and then spam their e-mail list, yahoo, MSN, AIM contact lists.

The worse part about this is that no matter how many links that I send him proving to him that it is false, he doesn't believe me. He thinks since it was sent to him by a dear friend that he trusts, it has to be true.

[Statica]

How do you suppose it can be done, other than through sites such as these? Believe it or not Microsoft now has an extremely capable KB and releases meant for the common person - everything from errors to security warnings (I used to like LDPs more, but I am getting extremely disillusioned by this ridiculous fragmentation, now I have to search a dozen sites, and then have to check to see how old the information is for Linux issues); with MS, it's rare that I havent got my answers from the KB or public newsgroups.

I'd like to hear your solution for it; other than requiring a competency test and a IT license (much like a driver's license) there is no other way of establishing education.

Let's look at SP2; so now there's a popup to tell you when your antivirus is not running, one to tell you that your antivirus patterns are old etc. Within the first week of people getting used to SP2, I had a number of people complaining to me that there are too many popups (Of course, these pinnacles of intelligence wouldn't have got those popup warnings had they remembered to update their patterns). There always are going to be a bunch of people complaining because they refuse to educate themselves. So let's consider this, Microsoft gets concerned about the increasing security threats - and integrates an antivirus with the OS? Then what?? Another lawsuit and more bad press for integration?
Given the mass appeal for the OS, it is even impossible to suggest locking down on security. So the default user does not have admin rights, now what - you've got a bunch of people complaining that they cannot install their webcam program. It has to come in gradual stages .. we had people who are now interested in technology and its use to make life easier, it's taken a bit of growing pains, but people are starting to realize that they can encrypt or secure their files using NTFS; we can only hope that MS will push the envelop further in making people more aware of the security.
Look, I am also this hardcore UNIXer that even hates Linux because it is catering to the lowest common denominator, I love the UNIX security; but even I do acknowledge, given the targetted computer users, their desire to run freakishly wasteful hardware on games (j/k .. to each their own), and pretty interfaces - that Microsoft does a decent enough job of not just making an OS and then not standing by it. Which other company do you know that is supporting 6 yr old products?

This is the only answer really, getting a bunch of people posting information. For people to ask questions, not assume that they know about emails because they heard about it from a friend who is now on the internet, eh. Maybe along with the EULA and certificate of authenticity .. MS and all OS mfgers should print a card saying "YOU DO NOT KNOW EVERYTHING THERE IS TO KNOW ABOUT COMPUTERS, WE DO NOT CLAIM THAT THIS SOFTWARE IS PERFECTLY SECURE FOR AS LONG AS YOU OWN YOUR COMPUTER, THROUGH ALL THE HACK AND PORNOGRAPHIC SITES YOU LIKE TO DRUDGE THROUGH - FOR BEST RESULTS, REFER TO forum.pcmech.com (shameless plug) TO SEE WHAT YOU ARE DOING WRONG".

[Kov-Ice]

hehe, that would imply that said users had ever read a EULA, much less know what it stands for...

[mairving]

Quote:

Originally Posted by Statica I'd like to hear your solution for it; other than requiring a competency test and a IT license (much like a driver's license) there is no other way of establishing education.

There isn't really a great solution to it other than to hold some accountability. Microsoft should be held accountable if they can't release a patch to fix a vulnerability before it is exploited. I also still think that 90% or viruses could be squashed by blocking downloading of executable files in Outlook or OE or at least changing the default to block them. I believe Outlook does this by default except that it tends to block all files. There should be accountability for those that help transmit a virus, particularly with those that run servers wide open to the world and don't have update their systems. Give them a couple of warnings and then shut them down. There should also be some accountability among those that clueless users that go from one virus to another because of inadequate protection.

Quote:

Originally Posted by Statica Which other company do you know that is supporting 6 yr old products?

I was kind of thinking of this one.

[mairving]

Here is another problem that I have with Microsoft when I tried to install Firefox after installing the new Windows Firefox Vulnerability Patch issued by Microsoft in response to loss of IE marketshare.

[digitalfreedom64]

Everyone has completely forgotten to metion the impact that other up and coming browsers may have. Like the AOL which i believe will flop and the hybrid netscape browser. This is an utterly usless arguement if you're not gonna include all of em.