dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
7727

BronsCon
join:2003-10-24
Fairfield, CA

1 recommendation

BronsCon to Nanaki

Member

to Nanaki

Re: The battle of the operating systems... Windows vs. The UNIX World

said by Nanaki:

Others i figure is black berry firefox os etc.

I would guess that includes Linux and the BSDs as well, which pretty much own the server market, so if that market is included in the count, Windows will be at a clear disadvantage. Now, imagine if they rolled Android into the Other category along with Linux; 74.95% is no small number, leaving Microsoft and Apple to chew on 1/4 of the market. It's no wonder MS is sweating; Apple's still a relative newcomer if you ignore the years before OSX, so I'd say they're doing quite well in this market, though they could be doing better in mobile.
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

Nanaki (banned)

Member

If they were open source they would split the mobile market with android with out breaking a sweat. And yeh that could be the other didn't think bout that.
dave
Premium Member
join:2000-05-04
not in ohio

dave to Nanaki

Premium Member

to Nanaki
The end user will never possess the skill to determine whether installing a given program is sensible. It is ridiculous to expect people to do so, when what they're dealing with is a household appliance as far as they are concerned.

BronsCon
join:2003-10-24
Fairfield, CA

1 recommendation

BronsCon

Member

All things carry inherent risk. Driving a car carries the inherent risk of injury or death, operating a computer carries the inherent risk of leaking all of your personal and financial information to a malicious 3rd party. In both cases, the end user giving enough of a shit to learn to operate their equipment properly can and does reduce the level of risk, while willful ignorance pushes the level of risk through the roof.

Nanaki: Look at this argument from a different perspective. You live in Ohio. At least you can say "Dave's not here, man."
dave
Premium Member
join:2000-05-04
not in ohio

1 recommendation

dave

Premium Member

It's not "operating" the equipment, it is "modifying" the function of that equipment. Installing some piece of software in your computer is akin to attaching various pieces of equipment to your car engine. No-one expects the untrained to do the latter safely. The fact that installing software involves no physical pieces doesn't make it any less of a functional modification.

Your car analogy suggests nothing more than there needs to be a (a) computer operator licence, and (b) annual inspections of the equipment. This seems implausible to me, both politically and commercially. So I'm left with the point that expecting the untrained to safely execute functional modifications, or more specifically to distinguish between a good modification and a bad modification, is an exercise in wishful thinking.
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

Nanaki (banned) to BronsCon

Member

to BronsCon
said by BronsCon:

while willful ignorance pushes the level of risk through the roof.

That describes my brother perfectly. I wish i still had the emails from the keylogger i tricked him in to installing. over 100 installs just to view porn.jpg.exe. It as worse than that i emailed it to him from his email address . I used the logs from the key-logger to put together a smoothwall firewall black list. But he worked very har to view that file. That included fully updating his computer re-formatting doing it all again installing over a dozen image viewers etc.

Way later on he sold the computer after he was unable to get to any porn sites. What caused me to do all this was he had so many "porn dialers" on his computer calling home and acting as click bots that it was slowing down my entire network. Upload logs were in to the 50mb a hour range 24/7 with a few 100 mb down. All this activity was from spyware etc running on that computer.

BronsCon
join:2003-10-24
Fairfield, CA

1 edit

BronsCon to dave

Member

to dave
said by dave:

It's not "operating" the equipment, it is "modifying" the function of that equipment. Installing some piece of software in your computer is akin to attaching various pieces of equipment to your car engine. No-one expects the untrained to do the latter safely. The fact that installing software involves no physical pieces doesn't make it any less of a functional modification.

No, I'm talking about simply *using* the computer, not installing software. Are you arguing that computers should be idiotproof, or that untrained users should not be allowed to install software?
said by dave:

Your car analogy suggests nothing more than there needs to be a (a) computer operator licence, and (b) annual inspections of the equipment. This seems implausible to me, both politically and commercially. So I'm left with the point that expecting the untrained to safely execute functional modifications, or more specifically to distinguish between a good modification and a bad modification, is an exercise in wishful thinking.

No, I'm arguing that people need to take personal responsibility for their own actions. Using equipment you are not properly trained to use, or have been trained on but still do not understand, is an action a person *chooses* to take and they need to take responsibility for the outcome of that action. The first time someone used to driving a Civic gets behind the wheel of a Ferrari, it's gonna get out from under them; if they know how to operate the vehicle, they'll recover from that; if they don't, they'll crash. A responsible person will take responsibility for that crash, as it was a result of their choice of action, while an idiot will blame the car. Right now, I see a lot of people blaming the computer when their choice to operate the machine they don't know anything about results in their financial information being stolen. Wanna venture a guess which group I put those people in?
dave
Premium Member
join:2000-05-04
not in ohio

1 recommendation

dave

Premium Member

Let me be explicit:

The vast number of non-technical people do not need a general-purpose computer; they need a device that lets them browse the web, read email, and safely watch cat videos. This device should have very limited configurability. Only that way can it be secure for them.

This does not extend to saying that all computers should be idiot-proof.
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

Nanaki (banned)

Member

The problem with that is those same users also want their free games and other garbage.

trparky
Premium Member
join:2000-05-24
Cleveland, OH
·AT&T U-Verse

trparky to BronsCon

Premium Member

to BronsCon
said by BronsCon:

All things carry inherent risk.

I understand that using a computer carries risk but sometimes that risk is completely outside the control of the user. Case in point, Adobe Flash.

We all know that Adobe Flash is the most ill-written piece of garbage that has ever been produced. All it takes is for someone to be even a version out of date, hit a web site at the wrong time, and... *wham* instant drive-by download without the user even knowing what's happening. You could be browsing a trusted web site such as the New York Times and hit a rogue advertisement and instantly get infected.

The point I'm trying to make here is that the issue isn't always the user's fault.

BronsCon
join:2003-10-24
Fairfield, CA

BronsCon

Member

This thing called Flashblock (or, simply not installing Flash) is making it difficult for me to follow your point.
Kearnstd
Space Elf
Premium Member
join:2002-01-22
Mullica Hill, NJ

1 recommendation

Kearnstd to trparky

Premium Member

to trparky
That is one reason I block ads. Unless ad networks can be held liable when they send out malware I will not take the risk.

trparky
Premium Member
join:2000-05-24
Cleveland, OH
·AT&T U-Verse

1 recommendation

trparky to BronsCon

Premium Member

to BronsCon
BronsCon See Profile, this is where you're not thinking like the average user. Remember, they want to be able to play games and in a lot of cases, games require Adobe Flash. These are the kinds of users who want to go to Facebook and play Candycrush or whatever that damn game is called.

The thing I'm trying to get you guys to understand is that you guys are thinking from the security expert's point of view. You know what you're doing. You know how to remain secure. You know how to remain safe. The vast majority of non-technical people don't. That is the whole point I'm trying to hammer into you guys.
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

Nanaki (banned) to trparky

Member

to trparky
I guess you miss the fact that a popular method of tricking users in to installing malware is fake flash player updates and flash is bare used as a attack vector any more. Fake updates are the big vector now. I see them pop up allot. On ever thing from windows to android and Linux even got one on a iPhone from a web page wanting me to download this important flash player update for windows 7 I laughed at that one. Guess they didn't bother to use any sort of user agent detection. I also see them for drivers and java and windows. Fake update warning are way up their in the most common infection vectors. Hell maybe even the number one method for all I know.

trparky
Premium Member
join:2000-05-24
Cleveland, OH

trparky

Premium Member

OK, I didn't know that they've started resorting to those kinds of tactics.

Funny how we kept telling users to keep software up to date and now the bad guys turn that kind of thing against them.

BronsCon
join:2003-10-24
Fairfield, CA

1 recommendation

BronsCon to trparky

Member

to trparky
Again, Flashblock. If you know Candy Crush is safe (and the reality is that it's no less safe than Facebook itself), you click the "Allow" button and just the flash for Candy Crush is enabled. I know it's a difficult concept for you, but it wasn't really that hard for my mother or my 12 year old (10 at the time) sister to figure out. For reference (so you don't get to thinking I'm some dumb kid) my sister is adopted and *MUCH* younger than me.

The whole point that *you* are missing is the point of *personal responsibility*. If you don't know how to use something safely (and if you don't know there are unsafe uses of a thing -- and there are unsafe uses for any and every thing -- you don't); if you continue to use that thing anyway, you are being irresponsible. That this has become acceptable in our society, and that we have, by and large, come to accept these same irresponsible people placing the blame for their actions onto others, is not something you should be proudly trying to defend.

Step back and look at your argument. It amounts to "there should be special guns for people who don't know how to safely handle guns". No, there shouldn't; people who don't know how to safely handle guns shouldn't handle guns. People who don't know how to safely handle computers shouldn't handle computers. People who don't know how to safely handle [arbitrary object here] should not handle [arbitrary object]. It applies equally to everything from a sheet of paper all the way up to nuclear weapons.
Frodo
join:2006-05-05

Frodo to trparky

Member

to trparky
I was just looking at Flash and was reading this:
»www.fireeye.com/blog/thr ··· oit.html
quote:
Using the WinHttp library, it downloads an object ...
The EMET utility has an ASR option which, if enabled, allows the user to blacklist modules. So, I enabled it and added WinHttp.dll as a forbidden module. We'll see if Flash still works. I like that ASR option.
dave
Premium Member
join:2000-05-04
not in ohio

1 edit

1 recommendation

dave to BronsCon

Premium Member

to BronsCon
Yesterday our mythical user bought a television. Today they bought a computer. From the same store. Why is it their fault for failing to understand that they are unqualified to operate one of these appliances? The entire industry (with the exception of the anti-malware salesthings) is geared up to telling them how easy it is to use a computer.

(Fortunately the situation is being addressed: soon the TV will be as big a risk to privacy as well)

Your arguments about cars and guns miss the mark, because we have laws that indirectly express the idea that untrained users cannot safely handle such devices. Left to themselves, the car and gun industries would be selling their wares to every unqualified person with a wallet. So, it seems the choice here is: (1) laws, or (2) development of some end-user gadget that is easier to safely use. My argument is not quite on target either, because the big risk of guns and cars is to others; computers not quite so much. But the existence of botnets is a risk to others, so it's not entirely wrong.

BronsCon
join:2003-10-24
Fairfield, CA

1 recommendation

BronsCon

Member

That's a failing of the industry. People shouldn't be encouraged to do things they're not qualified to do, but it is done in the name of sales. You can hop in a Ferrari and drive off in it (or attempt to, at least) if you can write a big enough check, and the dealer won't stop you; and you cna kill yourself and others very easily behind the wheel of a car, especially one that's too powerful for your driving abilities. Why, when industry does that, would you think industry would treat nonlethal items with any more respect?

Again, it all comes down to personal responsibility. I can count the people I know who have any sense of it on my fingers.

trparky
Premium Member
join:2000-05-24
Cleveland, OH

trparky to dave

Premium Member

to dave
So what you're saying is that the computing industry is a victim of its own success. We have told users that they are easy to use when in fact they really aren't.
dave
Premium Member
join:2000-05-04
not in ohio

dave to BronsCon

Premium Member

to BronsCon
Perhaps your moral position is more worthy than mine, but on the other hand, I'm a practical engineering sort of guy: so, do we want a solution or don't we?

BronsCon
join:2003-10-24
Fairfield, CA

BronsCon

Member

I'm a practical engineering sort of guy, as well, but I also understand that there is no such thing as a technical solution to a social problem.

trparky
Premium Member
join:2000-05-24
Cleveland, OH
·AT&T U-Verse

trparky

Premium Member

So I guess the general consensus is... we can't fix it.

Try as we might, we can't fix the issues with the computing industry. We can put band-aids on top of band-aids but in the end we really aren't at all going to solve the issues at hand. It's a hopeless cause.

I guess that we can all agree on that.

BronsCon
join:2003-10-24
Fairfield, CA

BronsCon

Member

Right, and the thing about band-aids is they actually end up making the problem worse over time. If we strive to build a safe haven of computing, we build a false sense of security and never see the exploits coming; and if we don't allow people who aren't qualified to use computers use them on the open internet, we damage business and end up with a huge public outcry. The only real solution is for people to take personal responsibility for their actions; and for that we'd need a sweeping societal change that certainly wouldn't start with computer use habits; sadly, we all know that isn't going to happen either.

At the end of the day, this is a good thought exercise and, with any luck, we'll all be proven wrong and someone will actually solve it some day. Logically, though, it is clear that this is highly improbable.
dave
Premium Member
join:2000-05-04
not in ohio

dave to trparky

Premium Member

to trparky
It depends what you mean by 'fix'. If you mean continue to sell totally flexible devices to which totally uninformed people can make totally unconstrained functional modifications, then I'd say it can't be fixed, because you're not addressing the actual problem.

On the other hand, the situation may fix itself since desktop computers will likely vanish as devices used by the vast public. If the replacement device, tablet or phone, has a more limited software environment, then that seems better.

I hadn't really considered before you mentioned it that iOS may be a step in that direction, since I don't use iThings, except for an iPhone which I don't do a whole lot with beyond phone and email.
psloss
Premium Member
join:2002-02-24

psloss to trparky

Premium Member

to trparky
said by trparky:

So I guess the general consensus is... we can't fix it.

Try as we might, we can't fix the issues with the computing industry. We can put band-aids on top of band-aids but in the end we really aren't at all going to solve the issues at hand. It's a hopeless cause.

I guess that we can all agree on that.

In a big-picture, solving-world-hunger, peace-for-everyone sense, I'd agree.

But I don't think we live in a one-size-fits-all world.
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

Nanaki (banned) to BronsCon

Member

to BronsCon
To many people do things like clean up our friends and families computers for free or under charge to clean up computers in general. Start charging 50-75 bucks per time across the industry as a industry and people will start to think twice about what they install. There's some guy local here charging $15 to do full clean ups with back ups. If it cost damn neat a 4th the cost cof the computer to remove the viruses people will be more careful.

maartena
Elmo
Premium Member
join:2002-05-10
Orange, CA

maartena to trparky

Premium Member

to trparky
In the end, technology for the masses is driven by the cost to support it afterwards. A product that sells to the public will need to be delivered in such a way that when it is bought, the users don't flood the support lines (which costs money) with all of their problems, causing in turn others NOT to buy that product.

This is why for the first 10 years or so that wireless routers existed, they pretty much all shipped unsecured out of the box. Router manufacturers didn't want to bother with getting the calls on how to set it up, they wanted something plug-and-play. Now most routers come with WPS, or are secured by default with a numeric code written on the box. Still you would be surprised how many unsecured routers I find on my phone when visiting people and places.

It is the same with OS-es, Flash, Phones, iDevices, anything. It really doesn't matter how the code on the back end is secured, if you want to have it spread among the masses, and not stay within the same 2% user base the Linux Desktop has been since 1995 or so, you are going to have to "dumb down" your OS.

This is why MacOS9 pretty much ran as admin, this is why Windows XP and before pretty much ran as admin, and MacOSX and Vista enabled the admin protected mode with passwords and/or UAC.

JohnInSJ
Premium Member
join:2003-09-22
Aptos, CA

JohnInSJ to trparky

Premium Member

to trparky
said by trparky:

I'm backing out of this. I'm not going to win, I know it. I'm done.

It really comes down to the fact that I see people struggle with technology every day; be it because it's too hard to use, too complicated to use, or something went horribly wrong. Why can't we do better?! Users deserve better!

The bleeding edge always bleeds. The trailing edge is getting far far better - but there's always nifty neato new stuff at the bleeding edge. I mean, hell, we have on demand HD media streaming that children can order up from many sources. That's freaking magic if you jump in your wayback machine and set the dial for 2000. It's not even imaginable if you jump ALL THE WAY BACK to the '90s.

"Give it a second. It's going to space."

So sure, it could be better. It could be much much better. But honestly, it doesn't suck nearly as bad as it did half a decade ago.

BronsCon
join:2003-10-24
Fairfield, CA

BronsCon to Nanaki

Member

to Nanaki
Just make people liable their computer in the same way they're liable for their cars and guns. If your car (regardless of driver) was driven through someone's home, you're liable (your insurance will cover it, but you're still liable), if your gun is used in a shooting, you're liable. If your computer is used to hack a bank, you should be liable, as well.

Right now, a person's liability is their own files and financial information, even if their device is used to steal from millions. They only risk losing their files of having their information or money stolen individually in a targeted attack, and those are exceedingly rare when compared to botnet and proxy infections. And a botnet or proxy infection only impacts them in ways they're unlikely to even link to an infection; their computer gets slower, which they're trained to believe should happen over time anyway (even though we know better), or their internet connection gets slower (the reality it it's saturated at *their* end, but they don't know that) and the blame their internet provider. The infections that lead to thousands or millions of people being impacted by having their financial details or private information stolen, by and far, *do not* affect the people whose systems are infected; making those system owners liable would change that overnight.

When there are real financial and criminal implications, people will think about what they install. And I'm sure you'll be able to buy computer insurance shortly after that happens; assuming it ever does. Give everyone 6 months between when it's voted into law and when it takes effect, and you'll see a massive spike in retail computer sales (as people replace their old, possibly already infected computers) and attendance of basic computer classes (as they learn how not to get infected again) during that time; that won't be bad for the economy, either. Hell, make it like most moving violations where you can attend traffic school (the first time) and allow them to attend "cybersecurity school" the first time their compromised system is used to financially harm or publicly humiliate someone else.

I'm not proposing we flip a switch and make everyone liable for the current state of their systems; too many people would be bankrupted overnight if we did that. It's definitely something we've got to ease into, but I have to ask why it hasn't been the case all along. You're liable for every bit of your property, to the point that someone who breaks a window to break into your house can cut themselves on the broken glass of the window *they broke*, sue you, and win; what is so damned special about computers that, suddenly, everyone is absolved of any and all personal responsibility and liability when using one?