-{ Quote: "Attacks that rely on "social engineering" tricks to fool users into visiting malicious Web sites are just as dangerous as any that exploit software vulnerabilities, a Microsoft security researcher argued this week." }-
Story (http://www.securitypipeline.com/184429083?)

I've sent Bill Gates an email with the SiteAdvisor link. ;D

-{ Quote: "Story (http://www.securitypipeline.com/184429083?)" }-A sad, ridiculous attempt at distracting people from the insecurity of their products, here...
-{ Quote: "An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site." }-WHAT? Are they blaming this on users or something? Are they forgetting that you can't guess what's on a site by just looking at its url? Are they forgetting that a familiar, non-malicious site could have been compromised (http://www.wilderssecurity.com/showthread.php?t=121808)?

And by the way, how's that a machine being hacked through a web browser exploit never happens in OpenBSD?

Improving the title :
Microsoft: Our Bugs Aren't The Only Problem, We Are The Problem.

Just for the record, what are you guys using for an operating system?

-{ Quote: "Just for the record, what are you guys using for an operating system?" }-I have machine with OpenBSD and one with Windows XP. Note that in fact, I would probably NOT use Windows if I didn't have to, but I often have to finish stuff in asp (for work) at home so I actually kind of you know, need to use a Windows machine.

Going from win2000proSP4 to winXPproSP2.

-{ Quote: " so I actually kind of you know, need to use a Windows machine." }-

That seems to be the crux of the problem. Most of us use Windows. And, there is no getting around the fact that as far as security goes, Microsoft has often been behind the times.

A fact: the Internet was not designed to be secure in it's original form. Go to Wikipedia and enter the search term: internet.

Another fact: Windows was designed with business's in mind. Not surfing the Internet. In fact, when I first started playing around on the Internet, Microsoft had no browser. Again, their focus was on business apps.

Along the way, I think we can all agree, they made some errors. Once again, Wikipedia is a good source of info on the "Browser wars".

So, here we are today. Most of us use a Microsoft designed operating system. And if the truth be known, speaking personally, I've had a blast using XP. Warts and all. Even with the security shortcomings, I have been able to stay malware free.

Knowledge is the key. No matter the operating system you use.

I hope some of the posts made here on the forums help someone learn about their systems.

-{ Quote: "That seems to be the crux of the problem. Most of us use Windows. And, there is no getting around the fact that as far as security goes, Microsoft has often been behind the times." }-Can't disagree there.

-{ Quote: "So, here we are today. Most of us use a Microsoft designed operating system. And if the truth be known, speaking personally, I've had a blast using XP. Warts and all. Even with the security shortcomings, I have been able to stay malware free.

Knowledge is the key. No matter the operating system you use." }-Agreed. But then again, the Windows OS has poor documentation (at least in the OS itself), closed source, and limited development tools. Compared to what one could learn in a Linux/BSD system, Windows falls quite short. Sure, not everybody has the time and will to learn Unix shell scripting, or perl, or how configure qmail. But if knowledge is power, I wouldn't say that Windows makes this power so easily accessible for everybody. Just my opinion.

At work they use Windows, so it's easier for me to use the same OS.
I'm not interested in other OS's, maybe at the age of 25, but that's long ago.
I don't work with computers, I work with people and I use my PC as a sophisticated typewriter. Security is just a hobby, not my job.
Everything I know about security, I learned at SWI and alot more at Wilders.

-{ Quote: "Compared to what one could learn in a Linux/BSD system" }-

Linux is getting there. It's not there yet for the masses. So, once again, we have a Microsoft or Apple designed operating system.

The fact is, there will always be security holes in operating systems, no matter the origin. It is the nature of the beast.

Wilders is here to sort out problems people are having with their computers and to prevent them in the future -- no matter the operating system.

Therefore, we post.

Some months ago, a list of fonts sites was posted at Ten-Forward which included one with a BHO exploit. (it was soon discovered and removed from the thread). If a visitor to the site was convinced that the plugin was necessary, it installed wupdt.exe behind the scenes (unless caught by other means). Is this the user's fault, or the fault of the browser exploit?

This site could appear in a search of fonts sites, and a user might not suspect anything is wrong.

__________________________________
Description:
wupdt.exe IEPlugin is an IE Browser Helper Object that monitors site addresses,
content entered into forms, and even local filenames browsed, and pops up advertisements
when it sees a targeted keyword.
__________________________________

http://www.rsjones.net/imgs/fontmania.gif
http://www.rsjones.net/imgs/fontmania-scan.gif
_______________________________________________

It maybe true that their bugs aren't the only problem, but their intended features are just as much to blame. Windows was never conceived as a network OS and so the obsession of MS to seamlessly integrate the web with the local PC is a terrible and misguided mistake. The PC and the rest of the universe are definitely different entities and should be kept separate. All of their clever technologies for breaking down the barriers such as active x, MS networking and so on are the key weaknesses in the OS and therefore become the key areas of attack, so the barriers should have never been broken down in the first place.

Unix, Linux and MacOS X all have networking at their core and are therefore much more secure from the outset. The real weakness with Windows is the result of the MS "vision" which although very successful commercially has been a foolish and dangerous route to take.

But that is the price of success. How long it will continue is up to the fickle market which MS are responding to.

I use Windows XP, Ubuntu Linux and MacOS X, so I have a relatively wide experience in the OS arena. ;)

You can't blame the user for this for the obvious reason that you can't see what's behind a link, and the blame lies with the exploit.
But the OS, in this case windows, doesn't go free either.

In my opinion there is a basic designflaw in the way microsoft implemented their browser into the system. It is firmly hooked into the the operating system, so once the malware is in it can go all the way because it has the whole system to play with.

So i think they should take out IE of the system, that would help matters a great deal, it is a malware-writers dream.
Those are the things they should be concentrating on instead of blaming users clicking on links, we are not perfect everybody can be misled by this.


Lamehand

I use PC-BSD 8) and Windows Xp(which I enjoy, but it just well, I don't know, it is vulnerable, used by many(i like to be a rebel), and I have various other reasons.)

PC-BSD is so easy it is crazy. All you do is download a file from the internet from the .pbi website, double click it, hit next a few times and it is installed. The installer for the OS is all GUI as well, so there is a very weak excuse for saying that you don't move from windows to another os because it is too hard to install stuff.

Alphalutra