I think it really depends. If it is something specific to the OS then yes they are at fault but if it is something stupid the user did then no.
That has nothing to do with what I just said. It shows infection rates (as you say, per thousand) are lower in WinV/7. It is impossible to attribute that to anything/ correlate. I showed you an example (Tracer) that provides higher security than other programs with less false positives ie: higher compatibility and also uses very little resources.
Per thousand of machines with the specific Windows OS... let me help you understand the figure: Of each 1000 Windows XP SP3 machines (1000 machines with Windows XP SP3 as their OS), 109 machines (or 10.9%) are infected. Of each 1000 Windows 7 x64 SP1 machines (1000 machines with Windows 7 x64 SP1 as their OS), 11 machines (or 1.1%) are infected. And so on for all the other numbers. Can it be used across the entire (latest) Windows "ecosystem" without any trade-off? Remains to be demonstrated.
User Kees1958 would disagree with you. Users, in general, yes. Users, specifically, no. Uneducated VS Educated. Wouldn't the same apply to the other O.S, such as Mac OS and Linux? I don't know exactly how they work, but say I'm one of the Windows users and my system is always getting infected; I switch to Linux because I hear it's secure/more secure. I know practically nothing about it, but I know I can either user what is called root, which is the equivalent of an administrator account or I can use a restricted account, which would be what Windows 7 calls standard user account. Suppose I get an e-mail from supposedly a friend of mine, with some file to open. In the e-mail it's said that the I should open the file with root, and it explains how I should do it. Obviously, the file is not from a friend; my friend's system simply got infected and his/her e-mail contacts started getting these messages. If I do run the file as root - phishing attack, right? - will Linux prevent say a keylogger from sending information to the attacker? Or, will the info go straight away?* Same question goes for Mac OS. This is a genuine question folks. I got practically no knowledge of such O.Ss. But, I'm constantly hearing that Windows has no proper security model. So, my question is: Even if I'm tricked to install a keylogger in Linux/Mac OS X, will such O.Ss protect me? Is this the security model you want in Windows? Is it present in these O.Ss? Do you want Windows to minimize these stuff? Does Linux do it? Does Mac OS do it? Well, I just hope my Windows is not infected. -edit- * If it would be required root... I'm just mentioning root, so that the attacker gets more access.
I don't know how to make it clearer. It is impossible to say whether or not that is due to XP being more popular or Win7 being more secure. Whether these are percentages that are based on market share has nothing to do with the correlation between market and attacks. Do you understand? Again, I have no idea how to make that simpler to understand. If you don't we can just move on. It works on XP, V, 7. Anyways, it's not about showing you a perfect security model. The concepts are there. This argument is just silly now. Education definitely helps. But not always. I wouldn't rely on it for sure. I also don't think that my engineer employees or my editors or whoever need to be educated in computer security just so that they can do their jobs. Not everyone has access to that education. Not everyone has the brains for it. Not everyone wants/ cares about it. No they will not. No I definitely would not try to emulate OSX or Linux' security models. I doubt it is. Education makes up for poor policy. We're all fairly educated here.
dude, your conclusion is flawed because 1. XP wasn't "that more popular" than 7 when the study was made and 2. the data is taken from a similar sample of thousand (that means from similar kinds of users). The figures are based on research done during 2011 year. If we ignore this and look at data from December 2010, Windows 7 already had almost 1/2 of the Windows XP's total market share. Over the year of 2011, the situation only improved for Windows 7. Well, if you continue confusing "proper" security model adapted for the entire (latest) Windows "ecosystem" with a theoretical "perfect" security model not yet proved to be adapted for the entire (latest) Windows "ecosystem" and not proved to come without trade-offs for such "ecosystem".... it will always be a silly discussion.
And I wouldn't say that it's purely based on market share either. There are multiple variables. One is absolutely that Win7 is harder to hack. But that doesn't make XP any less of an easy target and until XPs market share is considerably lower it will always be the easy target. And the fact that businesses use it makes it ideal as well. I am not saying this is purely about market share. I'm saying there are multiple factors and you can't attribute it purely to security improvements. Ok.
Hm. I think the malwares that mostly infected XP during the study can infect 7 too -- when allowed to run. If you go back to the link I provided to you and read the entire text and the related links (including the PDF report from MS), you'll get what I'm saying, mostly because they separated malwares in classes but didn't say "this class affects XP and this class is unable to affect 7". This shows that what is really protecting 7 are the relevant warnings and user practices. Also:
Oh Gosh well if Microsoft says so... 45% of the malware infects via user interaction. 43% infects via USB autorun. USB autorun is disabled in 7. The malware that effects XP does not infect 7. If XP is being targetted by autoruns 7 users have nothing to worry about. 43% of those infections simply don't apply to 7, but the 45% of user interaction malware definitely does and not a lot has changed in V/7 to stop that.
Employees using a computer at work should not be able to have root. The systems should be locked down. The network should be locked down. It is a business, and if you make money with computers, you should have proper administration in place, else the business is being very foolish in this day. If the engineer/whatever is working from home on personal pc, they should pay someone or learn how to protect thier business machine. Not doing so is, again, foolish. Business is not pleasure, and with the amount of exploitation available, for any computer OS, proper steps should be taken. Users should not have to be educated in computer security to do thier jobs. It is the job of the administrator to set that up. One can argue that linux/mac both make the admin job easier out of the box, but a good admin isn't limited by the OS, but rather by what the users must do. Making strict rules that never give users escelated priveleges etc is easy to do really. You are correct, not everyone wants to or can or cares. They should not have to. They should live within the confines of a strict user account, and should not have root. Period. Ever. Thier brother or uncle or friend should have root, someone who actually does care, is interested or can be admin, that is who should be admin. This would take care of the problem, quite simple really. But, what normal person, who should not have to know such things, is going to want to call thier admin up to install the latest majhong game? No, they want that root power to do what they want. Maybe a better survery (more interesting) would be, If you could stay free of infections and malware (etc etc) for good, would you be willing to not have control over your computer, but rather call an administrator to both approve of a new software/hardware and also to install the new software/hardware? Yes No Honestly, it isn't like you have a bad idea, it sounds great in theory. But how are you EVER going to get those normal folk, who should not have to know anything about security, to own and use thier computer the way they want to without restricting them in the same manner corporate environments are? I will ask that question of everyone I know this week and see just how many really really really want that tradeoff The results should be interesting... Sul.
The business was purely an example. The same things apply to those users when they're on their home computers. In an enterprise environment you had SysAdmins who use 3rd party programs or opt-in built in protections (such as applocker) to lock a system down in a way that essentially cuts out compatibility (with anything other than the whitelist) to ensure a secure walled-garden. I know I wouldn't want this, definitely not. That's one of the issues of a MAC approach. I'm fairly sure of myself lol these ideas are not mine alone. I talk to people in the field often. I also haven't even begun to really go into my opinions - I'm way more invested in implementing these ideas for self gain as opposed to discussing security philosophy on a forum =p To be clear, whatever it is that my idea is, it has nothing to do with a walled garden approach or relying on whitelisting.
Nope. If you cant be responsible for what you do to your own computer,you deserve whatever happens. If you cant pay the loan on your house,you lose your house. You dont pay car insurance for your vehicle,you dont deserve to be on the road,it's a law for a reason. Life is about being responsible,period. Dont want to be,there are penalties. Someone can't be around to hold your hand in everything that you do,period.
It is their job. However users can and do make it more difficult than it needs to be. I've seen a few trying to pull their hair out in frustration.
Try not to use car insurance as an example of responsibility ever again, okay? On to Microsoft, they are responsible for keeping their OS patched up...they are not responsible for your dumb arse actions.
Some of that is the fault of the company though. Companies won't spend money, the IT guys have to deal with whatever they've got in front of them, and the users get thoroughly miffed when their ancient systems and mix-match of software starts screwing with their ability to do their jobs. If I'm a user at work, getting paid to do a job, and being at risk for being out on my behind if that job isn't done, you bet your butt I'll work around restrictions or crap software. The IT guys can go buy some aspirin if it bothers them.
Not directly, but Microsoft is directly responsible for creating the current conditions that make internet crime and malware so easy and profitable. In what you refer to as "the innocent days of yore", computer users had to possess or develop a basic set of skills in order to make a PC function properly. By the time 98 was released, the OS was doing most of those tasks. By the time XP came out, the user didn't have to know anything at all. The car analogy that's been expressed here does apply, but not in the way it's being presented. When someone learns to drive, they get a very basic understanding of how the car works and some instruction of how to drive it. That used to be necessary for the early versions of Windows too. What we have now is the equivalent of taking someone who has never driven, giving them a license, the keys to a hot rod and sending them out in rush hour. Whose fault is it that this person is an accident waiting to happen? Microsoft deliberately chose to make the computer equivalent of this possible. For the sole purpose of profit, they put powerful tools into the hands of people who have no idea how to properly use them.
Let's not forget that Apple was far easier to use than MS-DOS or Windows on top of MS-DOS before Microsoft integrated the GUI into Windows. People want an operating that is easy to use. Apple saw this and Microsoft saw this. To say that Microsoft or Apple deserves blame for selling a product people want doesn't add up.
if Windows was a building, the landlord would have torn it down a long time ago as being too costly on maintenance. one is left with the feeling that the whole foundation of the building is somewhat faulty to start with.
