And this is news?
|
| Author | Content |
|---|---|
| tracyanne Dec 15, 2008 7:48 PM EDT |
nt |
| tuxchick Dec 15, 2008 8:00 PM EDT |
Actually it is-- windows users have very short memories. I wish that articles like this would point to alternatives, instead of the same old sieve patches. |
| TxtEdMacs Dec 15, 2008 9:16 PM EDT |
Maybe not ActiveX, but they give some advice: Quoting:Many security experts, meanwhile, are urging Internet Explorer users to use another browser until a patch is released. |
| tracyanne Dec 15, 2008 9:22 PM EDT |
The majority of people will 1) never become aware of this message 2) be totally confused, as in "what's a browser? my computer opens MSN9." 3) Ignore the message "they are always saying stuff like this, someone's just trying to make more money off me." |
| tracyanne Dec 16, 2008 12:08 AM EDT |
And in the case of one windows user I know (my partners sister) "I don't care" |
| tracyanne Dec 16, 2008 2:21 AM EDT |
From the MSDN article.Quoting:An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights. That, of course, would be the vast majority of Windows users. |
| dumper4311 Dec 16, 2008 1:34 PM EDT |
"windows users have very short memories" Mythbusters once tested the short term memory of goldfish . . . . Not making a direct comparison or anything, just noticing a pattern. :) |
| tuxtom Dec 17, 2008 4:21 AM EDT |
Linux How? |
| gus3 Dec 17, 2008 10:50 AM EDT |
It's time for the world to face a simple, overwhelming fact: User security has always been an afterthought to Microsoft. When it was put in place on Windows NT, it was designed not for the home user, but for users under the care and feeding of a full-time sysadmin. Their attempts in the last decade to make system security idiot-proof have both left the competent out in the cold, and underestimated the creativity of idiots. It is time to put a wooden stake through the heart of the "Windows security" myth. |
| bigg Dec 17, 2008 11:08 AM EDT |
Something that gives me chills every time I think about it. To this day I don't know how to set up Windows XP so that the user is not also the administrator. I've just used XP as it comes out of the box. I'd bet the vast majority of users could say the same. If you don't know enough to use it properly, you shouldn't be using it. |
| tuxchick Dec 17, 2008 11:18 AM EDT |
Well Bigg, it works like this. You create and use an unprivileged user account, and then only malware will have admin rights. Then when you get tired of not being able to do anything, you escalate yourself to admin privs, and then both you and the malware will be on an equal footing. |
| tracyanne Dec 17, 2008 4:59 PM EDT |
what Carla said about sums it up. |
| TxtEdMacs Dec 17, 2008 6:29 PM EDT |
TC and all you other guys, You have it all wrong! I appreciate Microsoft, they are the best in the business. Listening to one of their marketing spiels, you will swear bulls can fly. I truly admire their artistic inventiveness, needless to say they are not easily deterred by facts. My heroes, wondrous people ... I stand in awe. |
| jdixon Dec 17, 2008 6:44 PM EDT |
> ...you will swear bulls can fly. Isn't that where buffalo wings come from? :) |
| jdixon Dec 17, 2008 6:46 PM EDT |
> To this day I don't know how to set up Windows XP so that the user is not also the administrator. From memory, go to the control panel, go to user accounts, select the appropriate account, and change it to a restricted user. That's also and option when you create the account. You either have to have administrative rights or it has to be your account. |
| TxtEdMacs Dec 17, 2008 8:44 PM EDT |
jd, The stuff I am thinking of will absolutely ruin your appetite for those wings. |
| jdixon Dec 17, 2008 10:14 PM EDT |
> The stuff I am thinking of will absolutely ruin your appetite for those wings. Well, that's a bull of a different color. :( |
| tracyanne Dec 17, 2008 10:15 PM EDT |
and smell |
| bigg Dec 18, 2008 10:28 AM EDT |
jdixon: That might work (haven't tried) but I didn't even know until moving to Linux that there was a difference. |
| techiem2 Dec 18, 2008 8:21 PM EDT |
Yeah, that's the correct method (or one of them). The problem of course, once again comes down to training the user to never use the admin account except for installing software.... Which also means you have to make sure all of their software works with a non-admin account...and figure out what hacks to do to fix the stuff that doesn't..... We often have to deal with this at the college when we update things in the labs. It's amazing how much software is simply not written to properly handle running under a non-admin account (i.e. they want admin rights to directories...want to write to system level reg keys...etc.). But I suppose given how little effort MS has put into getting users to actually use their machines properly and not run under admin accounts...there's not much incentive for the software developers to spend the time to write things properly. |
Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]
Becoming a member of LXer is easy and free. Join Us!