MyDoom sparks talks of security's future

TalkBack 13 of 136:: Next »; « Previous

Thread View
Flat View

Points: 1) The admin/root isssue is the most valid point, but the average home user would still need to have root-level access to install/etc. on their machine. Proper security in Windows would slow them down (and that's a good start), but dumb users will still be dumb enough to type in the admin password or whatever. Finding a way to get proper security to the 6-8 year-old systems that were written when these things weren't an issue, that's another challenge.

2) Don't tell me you bought into that MS lie -- the browser is NOT "deeply" tied into the OS. It's in there more than it should be, perhaps, but "deeply" -- come on. This is also not the issue that spread this trojan.

3) Media Player has some hooks, but Outlook? Again, come on. It's not integrated at all. It might be possible to be more secure (or less) if it was. And again, these are not the issues that caused this thing to spread, and you also left out the main culprit - the user's ZIP program.

4a) Supressing file extensions - agreed, it's not a great idea, but seeing them still only goes to protecting those who understand them; many would still open naked_photo.bmp.exe, either because they simply didn't even bother to check or because they don't know what it means. It would be another good start, though.

4b) ActiveX, in general, and in the browser specifically has issues in its current implementation. No arguments there. But this wasn't what caused this trojan to spread.

4c) Neither VBScript nor integrating apps is a bad idea. The current implemenation is lacking somewhat in security and needs fixing, but integrating apps and a means to do so is generally a GOOD thing. And, yet again, this wasn't the thing that caused this trojan to spread.

This is, first and foremost, an issue with USERS and their behaviors.; Posted by: pschroeder@... Posted on: 02/03/04 You are currently: a Guest | Members login | Terms of Use

Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

No, it shows Microsoft software is not working!!! Bobby Sskcat | 02/03/04

You need a life.... DarbyOhara | 02/03/04

Flaming does not prove your point Michael Kelly | 02/03/04

I'll give it a shot. Immanuel Tranz-Mischen | 02/03/04

Excellent suggestion pschroeder@... | 02/03/04

So why hasn't MS done this? Immanuel Tranz-Mischen | 02/04/04

Good question pschroeder@... | 02/04/04

Why wait 4 to 6 years? Immanuel Tranz-Mischen | 02/04/04

waiting pschroeder@... | 02/05/04

partly agree ryusen | 02/03/04

Ask And Ye Shall Receive ... coffeenite | 02/03/04

Please do go on Michael Kelly | 02/03/04

Points pschroeder@... | 02/03/04

More Points coffeenite | 02/03/04

Deep browsers and ZIP programs pschroeder@... | 02/03/04

Browsers, operating systems, and untrusted techies Anton Philidor | 02/03/04

No, it proves that there is always a bigger idiot nucrash | 02/03/04

Users aren't always that dumb ... coffeenite | 02/03/04

...but, quite often, they are! pschroeder@... | 02/03/04

Eh .... coffeenite | 02/03/04

What to do? Doug@... | 02/03/04

Do this MarcB_z | 02/03/04

Sigh pschroeder@... | 02/03/04

Get rid of ActiveX and VBA and 97% of the problem is solved MarcB_z | 02/04/04

Neither of which would have solved THIS problem (NT) pschroeder@... | 02/04/04

But that other 3% thingy would have (NT) MarcB_z | 02/05/04

maybe ... except for the dumb user issue (NT) pschroeder@... | 02/05/04

Fine for the corporate environment jfrankcarr | 02/03/04

question Hanover Phist | 02/03/04

...which... pschroeder@... | 02/03/04

you are right ryusen | 02/03/04

Save and execute no fix wolf_z | 02/03/04

AMEN, Built-in SECURITY helps tho' MarcB_z | 02/03/04

Ok, so then they should have rights to restrict what you can do on your pc? TreborG2 | 02/03/04

I think they should be restricted voska | 02/03/04

restrictions ryusen | 02/03/04

Nobody said "restrict" MarcB_z | 02/04/04

Restrict execs Domb2 | 02/03/04

don't forget... pschroeder@... | 02/03/04

Harder to hurt yourself/easier to effect others Domb2 | 02/03/04

integration pschroeder@... | 02/03/04

RE Integration Domb2 | 02/03/04

RE RE integration pschroeder@... | 02/03/04

re re re: ryusen | 02/03/04

Integrated NOT EQUAL TO welded MarcB_z | 02/04/04

Exactly. bhanes@... | 02/03/04

Maybe we could return to non-executable mail? Atlant | 02/03/04

Easy, get rid of VB & Office Macros MarcB_z | 02/03/04

Lot's of systems use this technology Heatlesssun | 02/03/04

Excel and Word are good reporting tools jfrankcarr | 02/03/04

getting rid of useful features, ryusen | 02/03/04

Microsft "solution" negates "useful" features MarcB_z | 02/04/04

you don't get it... JPG & GIF can have embedded URLs! TreborG2 | 02/03/04

Stupid Human Tricks Squawkbox | 02/03/04

Actually ... Image files don't work that way coffeenite | 02/03/04

Email should be just plain text voska | 02/03/04

Files pschroeder@... | 02/03/04

Even at that bhanes@... | 02/03/04

Of all things... rbethell | 02/03/04

spam filtering doesn't stop mail from *known* sources TreborG2 | 02/03/04

{cough} change the OS {cough} Xunil_Sierutuf | 02/03/04

still the wrong answer TreborG2 | 02/03/04

good comments Domb2 | 02/03/04

How about bhanes@... | 02/03/04

The answer is so simple... Heatlesssun | 02/03/04

Simpler solution tic swayback | 02/03/04

to scan the attachment Fred Flintsone | 02/03/04

Yes, I read it ! chawly | 02/09/04

funny thing about linux... ryusen | 02/03/04

Suggested Solutions Domb2 | 02/03/04

Other options Letophoro | 02/03/04

And item 5 Domb2 | 02/03/04

Pop-up msg's worthless Gasman_z | 02/03/04

Overrides are too common Domb2 | 02/03/04

Let's agree and disagree chawly | 02/09/04

The real story usapride | 02/03/04

About enough MkIIISupra | 02/03/04

license requirement Domb2 | 02/03/04

Amen ... but apply that across the boards pschroeder@... | 02/03/04

Nice post..... Jose Jimenez | 02/03/04

problem with licencing ryusen | 02/03/04

The NSA are fools? B.O.F.H. | 02/03/04

well bhanes@... | 02/03/04

Yes but ..... chawly | 02/09/04

Granted I only deal with SMB's JoeMama_z | 02/03/04

It won't work j.m.galvin | 02/03/04

I have one big problem with your statement JoeMama_z | 02/03/04

ZIP files pschroeder@... | 02/04/04

in my origional post.... JoeMama_z | 02/04/04

antivirus pschroeder@... | 02/04/04

Unless your anti virus updates every day. JoeMama_z | 02/05/04

Daily updates pschroeder@... | 02/05/04

P.L.B.A.C. Virus JoeMama_z | 02/05/04

So what was that MyDoom thingy FilledOut | 02/03/04

What it was tic swayback | 02/03/04

Sorry FilledOut | 02/03/04

Hey Kids Fred Flintsone | 02/03/04

It Shows that Microsoft Has Near-Zero Security brenthawkinsmd | 02/03/04

What mail software has built in Virus protection? PeteS_z | 02/03/04

some do not JWatson77 | 02/06/04

Corporate vs. Home users jfrankcarr | 02/03/04

What a sad state of affairs. No_Ax_to_Grind | 02/03/04

Actually the Internet was a DoD/DARPA project... B.O.F.H. | 02/03/04

It started well before that. No_Ax_to_Grind | 02/03/04

History lesson B.O.F.H. | 02/03/04

Interesting turn of events tic swayback | 02/03/04

Just hilarious nograin | 02/03/04

SpongeWare pj-xmesh | 02/03/04

We'll let you answer the phone jfrankcarr | 02/03/04

Stop it! You can't use common sense here!!! No_Ax_to_Grind | 02/03/04

well... yucantrak | 02/03/04

True JWatson77 | 02/06/04

Short coming in MS products grumpy_trumpy | 02/03/04

Short coming in Victoria Secrets products No_Ax_to_Grind | 02/03/04

Linux - a Burka for your computer? jfrankcarr | 02/03/04

You still don't "get it" do you. No_Ax_to_Grind | 02/03/04

Well, to use another analogy jfrankcarr | 02/03/04

Congratulations - you get it Harry Bardal | 02/03/04

Product Flaws tic swayback | 02/03/04

The point is, blaming the victim. No_Ax_to_Grind | 02/03/04

Should the user shoulder any responsibility? tic swayback | 02/03/04

But... quietLee | 02/04/04

I agree JWatson77 | 02/06/04

How's that again? pschroeder@... | 02/03/04

No Spam from Zombie attackers ratatat62 | 02/03/04

Education of the END USER is the only solution morgaine2003 | 02/04/04

Why Email Executables? dadon | 02/04/04

Business reasons pschroeder@... | 02/04/04

Why Email Executables? dadon | 02/05/04

FTP pschroeder@... | 02/05/04

Fighting Fire With Fire LAMski | 02/08/04

Fix Email, not OS DGSteig | 02/09/04

Wrong solution! Wrong target! Wrong thinking! harperwill@... | 02/09/04

problem is between keyboard and chair... absentia | 02/09/04

my Doom a8a09923@... | 02/09/04

Oh well, sh** happens ... Shodan_z | 02/13/04

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Building the Virtualized Enterprise with VMware Infrastructure VMware VMware virtualization software has been adopted by over 120,000 enterprise ... Download Now
Why Isn't Server Virtualization Saving Us More? A Few Small Changes May Dramatically Increase Your Efficiency VMware Companies have rapidly adopted server virtualization over the past few ... Download Now
Virtualization: Architectural Considerations And Other Evaluation Criteria VMware Of the many approaches to x86 systems virtualization available in the ... Download Now

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

SmartPlanet

Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
More from IBM
How to Drive Better Business Outcomes with Exceptional Web Experiences Download the eBook
Driving Business Agility through SOA Connectivity & Integration Read the White Paper from IBM
Linking Decisions and Information for Organizational Performance Read the Tom Davenport study

Read the original story

MyDoom sparks talks of security's future

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

SmartPlanet

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More

ZDNet News & Blogs

Product Reviews

Product Blogs

White Papers & Webcasts

Downloads