____/ Doug Mentohl on Friday 04 April 2008 21:58 : \____
> Who is the company that made right-click, email, browsing and typing
> on your own computer dangerous ..
The problem is the belief that execution of arbitrary code is seen as safe.
Office macros, ActiveX, E-mail attachments/content executed upon viewing or
clicking. With a networked environment, binaries can be very easily passed and
the worst one can do is permit them to run easily, especially with full system
privileges.
Microsoft would tell you that Windows is easy to use, but with a broken model
of /mistrust/ it also makes Windows easy for criminals to use (remotely). As
USA indicated a couple of weeks ago, on an average day, about 40% of the
world's PCs are zombies. All that needs to be done to make one a zombie is
simply to plug in the PC to the network socket (the BBC reported on this some
time ago). That's not just about the execution model, but the underlying
system, such as a bad TCP/IP stack. Did you know that 2 months ago,
Microsoft's 'new & shiny' TCP/IP stack allowed Vista to be hijacked merely by
sending it a properly-crafted TCP/IP packet? Security by 'obscurity'... it
figures.
--
~~ Best of wishes
Roy S. Schestowitz | Open minds, open source
http://Schestowitz.com | RHAT GNU/Linux | PGP-Key: 0x74572E8E
23:00:01 up 16 days, 10:09, 4 users, load average: 1.24, 1.25, 1.19
http://iuron.com - help build a non-profit search engine
|
|
