Should MS take responsibility for a user's decisions?

Discussion in 'polls' started by wat0114, Nov 29, 2011.

?

Should MS take Full responsibility for a user's decisions?

Poll closed Jan 28, 2012.
  1. Yes, full resposibility: explain what MS should do.

    2 vote(s)
    7.7%
  2. No, only partial responsibility: explain what MS could do better.

    8 vote(s)
    30.8%
  3. No, not at all: explain why.

    16 vote(s)
    61.5%
  1. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    You did not mention the Atari ST series that used GEM :D

    That was the first system I used that really worked well. Great GUI and pretty darn powerful at the time.

    Sul.
     
  2. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    lol. You are certainly not the only one who has had that type of viewpoint :)

    I used to get uptight about the flaws in windows, and often thought about moving over to a unix flavor. I have, in recent years, changed my stance. Windows has plenty of issues, but

    A. I know it well
    B. It has the best gaming platform and maybe the most software available, although that might be debatable depending on what type of software you need.
    C. 99% of the people I know and would help use it, whereas if I went unix, I would be helping only myself.
    D. If I want to develop a tool or program, or do anything creative myself, there is a great chance it would be useful for people I know or meet.
    E. I can buy my own parts and make my own system, and as opposed to unix flavors, most things just work without having to recompile a kernel or spend days trying to find a proper driver. EDIT: Not to say unix flavors are terrible, but my limited experience with them has been that drivers is a weak area usually, at least for me it has been.

    Windows has lots of things that annoy me, but for what I do these days, and where I think I am heading, it is the best choise for me. Seems that the majority feel the same, or at least keep using it ;)

    Sul.
     
    Last edited: Nov 30, 2011
  3. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,065
    hey noone_particular,

    You cant blame microsoft for making it easy for online crime. windows isnt the only easy to use OS. OSX,ubuntu,android are just a few examples of easy to use operating systems. its just as easy to get owned on any OS if you provide the administrator / root password to a malicious executable file.

    are you suggesting the government should make a mandatory course for anyone that uses or wants to use some sort of computing device?

    the reason a driver testing exists is due to the fact cars are dangerous and can easily kill yourself or others. its not likely you will kill someone using a computer.
     
  4. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,321
    Location:
    AmstelodamUM
    Don't forget GEOS on the Commodore128! :p
    It worked well, was 'a tad' slow but had a word processor with hundreds of fonts, a notepad prog ,spreadsheet prog, a paint prog, etc (all better than what MS offered until '95).
    You indeed can't blame folks for liking easy-to-use comps.
     
  5. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    The problem is not Microsoft or Windows; people want simple things to use. That's the demand, they have to supply it, if they want to keep a business.

    Linux is not any different. Sure, there are variants that require more knowledge than the others. I remember seeing Slackware years before; it was all done using a console.

    But, if many variants appeared, introducing simplicity, then for sure many Linux users and new people arriving to it, wants that simplicity as well.

    I asked before if I, an average Windows user, started using Linux, because I kept getting Windows infected, due to phishing, social engineering, installing stuff without actually knowing what it is, if Linux would save me. Hungry Man told me no. I knew that. I was just trying to make a point.

    Even if Windows, Linux (most variants), etc were harder to use, and require basic understanding, nothing of that would stop us from doing something stupid, at some point. Knowing how an O.S works does not equal knowing to spot a fraudulent scheme, for example. Or knowing if XYZ application is safe, etc.

    An O.S being harder to work with, only means one thing - People need to know how to work with it.

    Instead of working with GUI, people would work with a command line. Would that really make a difference? Would that make people resilient against phishing, social engineering?

    Who knows...

    Is easy vs hard really the issue? No, IMO. If Windows was still harder to use, before it started to have a GUI, someone else would have supplied that simplicity, for sure. If it isn't one, it will be another one seeing that's what people want, and they will supply it and profit from it.

    Isn't it all about what people want? People want it, someone gives it to them. They don't really care about the side effects or collateral damage.

    Most likely more than 90% of drivers got no bloody idea how cars really work. They do take their lessons to get the driver's license, but that's it.

    There's a difference between knowing how to drive a car and knowing how to make the car work in your favor, which is why there are lessons for those who want to learn defensive techniques. Lessons aside the ones demanded by law.

    This is how I see O.S users. There are those who know how to turn on a computer and know basic stuff, and then there are the ones who have defensive skills.

    -edit-

    In the end of the day, it's all a business, isn't it? Some want simplicity, they will get. Then, will have to face with the consequences of such simplicity. Then, they either accept they need to make a change, and someone supplies the change, profiting from it, or they will simply not care about it.
     
  6. wat0114

    wat0114 Guest

    Hey, that's pretty good :thumb: :)

    Windows, especially 7, is really not that difficult to run securely, especially if one has the defensive skills that m00nbl00d alludes to, even without the aid of 3rd-party utilities,although one or two select security apps can make things easier. Most of the malware hype is exactly that - hype. The attack vectors are aimed more recently toward addons such as Java or Flash, rather than the O/S, and there's strong evidence that user interaction to trigger malware happens in at least 95% (someone provided a graph somewhere and I have it tucked away somewhere, too) in cases of infection.
     
  7. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    I don't really see how an OS can be considered "secure" with millions of infections.

    But that could just be me.
     
  8. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    But, the O.S with millions of infections, isn't infected because it's Windows... The infections occur because of what I mentioned - they are users who know how to turn on a computer and know basic stuff, such as opening Microsoft Word, etc., Windows Explorer to look for music, photos, click a music, search the web, etc.

    Most aren't aware of any side effects, and Microsoft or any other O.S developer doesn't actually advertise it on their eye candy boxes being sold on the market, do they? -edit- I mean, they don't advertise for the dangers of the Internet, etc -end of edit-

    All my life, since I started using computers and Windows, that I've heard other folks saying that Windows is this or that, always negative stuff. Linux or Mac OS was always way better, including in what respects to security.

    I honestly believed that when they told me that, that if I mistakenly installed something or was tricked to do something, that these O.Ss would still protect me against malicious crap. It turns out, reality is a lot different. These O.Ss can be as compromised as Windows. And, you can bet that the same millions of Windows users who constantly get their systems infected, would still get their O.Ss infected whether they were using Mac OS or Linux.

    So, if these millions of Windows users, were actually millions of Linux/Mac OS users, Windows would be more secure, right?

    This reminds of an article I read quite some months back at F-Secure blog, due to advising alternatives to Adobe Reader, due to exploits. They mentioned that people shouldn't do what many did way back with Internet Explorer, switching to Firefox. According to them, 40% of IE users starting using Firefox and that meant that 40% of the 100% attacks against IE went to Firefox.

    Microsoft has done a lot security wise. Let's see what futures brings in as well. But, don't forget that this has to be done, having under consideration simplicity. And no, UAC isn't difficult... unlike some say all over the Internet... so called experts. But, that's another topic. ;)
     
  9. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    I just don't see why that excuses the OS. Or third party applications for that matter.

    Why does the OS assume users know how to use it when it's been targetted for years as an "easy to use" product for all ages. I mean, I think we can assume that MS wants a secure product and we can also say that security belongs in the kernel, which they are in charge of. So why are we asking users to handle security when that job belongs to the OS? I mean, sure, MS can release an insecure OS and there's no law saying "Hey, it's your responsibility" but I mean... you'd think that would be their goal.

    Absolutely.

    Yep.

    Although Linux has a bit more security/ restrictions on applications. But nonetheless it would still be infected.
     
  10. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Don't confuse things. I'm not saying that they should provide a vulnerable O.S or that third-party developers should provide vulnerable applications as well.

    One thing is for them to solve problems with the O.S and/or other of their applications, and for third-party developers to fix theirs. Another one is to blame them if I deliberately install something in my system, without caring for the consequences. For example, would you blame a security vendor because people download pirated security software? Do you blame Microsoft because a lot of people install a pirated Windows?

    Blame them all you want, if they don't patch flaws. I don't see how you can blame them, if you make mistakes. You can't blame Microsoft/other for not treating people as stupid. This would be an insult, wouldn't it?

    If there's a security flaw or a flaw making the O.S/application malfunctioning, they should fix it. I actually believe there should be laws obligating them to do it. It's a business and we're consumers, and as consumers we should have that right. (Free applications is a tougher situation, I suppose.)

    This brings us the car analogy all over again. One thing is knowing how to drive a car, a different one is knowing how to use the car in your favor, should you face a situation of danger.

    More than 90% of drivers (at least here) know how to drive a car, but got no defensive driving skills.

    I believe it's the same situation with the computers.
     
  11. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    See, this is the difference. I consider users installing malware a security flaw of the OS. This is because I believe all security belongs in the kernel, which is the core of the OS. If a model starts offloading security to the user, surprise, we see huge spikes in user-oriented malware.

    Again, cars do not work. There aren't millions of malicious drivers out there trying to crash into me for profit. They don't trick me into letting them crash into me. They don't exploit red lights or whatever in order to crash into me.

    Computers aren't cars lol

    Even if they were cars are meant to protect drivers both from other drivers crashing into them (let's call that a ridiculous comparison to hackers...) as well as mistakes like crashing into a poll (let's call that a ridiculous comparison to user-error/ socially engineered malware.)

    But again, the analogy is a bit silly and it's so vague and inaccurate we can twist it to either of our arguments until we end up talking about tire structures and airbags instead of computers =p
     
  12. wat0114

    wat0114 Guest

    One has to realize that at least somewhat of a necessary balance between security and usability is required. MS I'm sure could lock down the O/S more than it presently does, but then it's going to cripple usability to an appreciable extent, where no one will get any actual work done because of it. An example is that low integrity processes, IE9 browser for example, needs to read higher level ones to maintain information flow. This has some confidentaility consequences, but it's necessary for a minimum usability experience. In some ways MS is between a rock and a hard place.

    Why does the user get off scott free?
     
  13. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    Absolutely. This is always the challenge with security for a user OS. How do you "lock it down" without restricting too far? It's almost nonsensical.

    But I think it's entirely possible. I posted earlier about Tracer (credit to MrBrian for bringing that really interesting program to my attention), which essentially aims to create a MAC model but based on behavioral analysis.

    It's very effective in their tests, which tested over 2000 malicious samples (I was wrong before when I thought it was less than that.) In fact it was less restrictive than your typical AV due to fewer FPs.

    Though it is not the security product I'd call ideal it's great to view as a "proof of concept" for a restrictive model that doesn't actually restrict the user.
     
  14. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    The O.S could watch for know or try to detect malicious patterns/behaviors at kernel level. Is this something you'd like to see? Would it be 100% effective? I got my serious doubts. Also, how many legitimate applications operate in the same way, due to their nature? Then, we'd be introducing white-listing. (Plus all over security stuff that Microsoft introduced so far.)

    Other than this, as wat0114 mentioned, would be a complete lock down. Is this what you want?


    Cars do work... I know cars aren't computers. But, what I meant to give was the end result - bad things happening to the person. And, while driving a car you don't only have to watch out for other crazy drivers (there are plenty out there, trust me. lol).

    But, what if they did? Would you blame car manufacturers due to the fact you're a dumb and stupid driver? (I'm not really calling you stupid or dumb. :D)
     
  15. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    one of the problem i see is that computers are sold as appliances.
    thus, Joe/Jane Average thinks they operate similarly as a toaster or DVD player.

    most users are not even familiar with the concept and importance of backing up their data, less alone being educated about computer security.

    Joe and Jane are ripe for the picking and until the OS itself is "bulletproof", only education and an awareness of potential dangers can save them.

    having switched to Linux, i am aware that it is more secure because the way the architecture is built and that it benefices of not being a 'low-hanging fruit' but the browser, and apps not installed from a repository, will always be a source of worry.

    i think security is more a mindset rather that the tools you use to implement it.
    it has to go beyond computer security and implemented in the real world as well.
     
  16. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    -edit-

    I'm not saying something like that wouldn't be great. It would. The O.S should protect the users the best way possible, without taking away usability and simplicity. But, blame Microsoft because there are users who simply don't care and don't want to care? Not at all.
     
  17. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Exactly... and, until that changes...

    Education is their only salvation... But, many do not want to be saved. :argh:
     
  18. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    Behavior analysis alone is not enough but it's definitely a nice start. As we've seen with Tracer it can be very effective. I think Tracer's a great idea but it's flawed.

    A lot of applications can act malicious, usually installers/ updaters (changing registry entries, touching all parts of your system, injecting code.) That's why you have to be careful when blocking behaviors.

    Whitelisting can definitely help. There are implications, which is why I wouldn't ever use whitelisting as a black/white situation. I would use it more as a heuristics measure.

    No, I definitely do not want MS to prevent users from installing applications unless they are definitively malicious.

    There are crazy drivers but their goal isn't "kill all other drivers" and they aren't in nearly the same proportions as malicious files. Their goals are also "Run into someone" (in terms of a malicious hacker driver whatever) not "Trick person into letting me run into them.)

    If a manufacturer didn't protect me from me making a mistake? Absolutely... thankfully they absolutely do protect me from my own mistakes - a lot more people would be dead if they didn't.

    But a driver's mistake isn't "Oh that tree looks friendly ill go crash into it WOAH WHY AM I ON FIRE" it's usually "Whoops, I was driving to fast and hit black ice."

    I just don't see how the situations are too similar. But manufacturers definitely do protect drivers from themselves because drivers, just like users on a computer, make loads of mistakes and don't always follow the rules.
     
  19. guest

    guest Guest

    What if I want to run a malware? The PC and the OS are mine and I use them for whatever I want.
     
  20. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    lol!

    i had to tell my mother to back up her data.

    her solution was to save all her work on a USB key. Only and nowhere else, not even on her laptop.

    so i ask "then what happens when the USB key borks out?
    some people just have no clue. ;) lol

    if they can't even back up their data they're doomed, LOL
     
    Last edited: Nov 30, 2011
  21. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    Uh, go ahead?
     
  22. guest

    guest Guest

    So, that's Microsoft current approach. SmartScreen and MSE detect malware and offer the users the option to let the OS tools deal with it (block/delete) or continue anyway.
     
  23. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    I would prefer it outright blocks it, lets the user know the file was malicious, and then if the user wants to run it they can go to the quarantine or whatever.

    My issue with SmartScreen is not that it's a blacklist (although, lol, blacklists) but that it doesn't always give a definitive answer. Like I said in the other topic it's nice as a layer but I wouldn't ever rely on it and it would be nice to have some security in MS that I could actually rely on.
     
  24. guest

    guest Guest

    YEAH! That's what MSE does now BY DEFAULT.

    It doesn't give a definitive answer when it hasn't one! Compare the different warnings it displays only ONE TIME IN YOUR LIFE ffs..
     
  25. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    Uhhhh, good for MSE? lol

    Yeah, when it doesn't have an answer it provides the user with information and gives it to them. I think that's fine. If it were me I'd work on a system where that doesn't happen, but as some extra layer of security it's better than nothing.

    Blacklists (like in MSE and SmartScreen) are great for definitive answers. We've just seen consistently that they don't do too well int he long run - whether that ends up being the case or not is another story. We'll have to see.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.