The clueless users who refuse to upgrade'

Link to source article: http://www.theregister.co.uk/content/56/35300.html

 

That is certainly one way to look at it

Not everyone has the same amount of money to dispense in security and I dont think it is fair to blame the latest security threats on those who still use legacy software. Yes a little common sense about opening emails and updating your AV software (and such) will go a long way, but face it, not everyone has the same needs and knowledge for using their computer. And legacy software to those people may be what they are most comfortable with, and the only thing they can afford.

MS is one of those few corporations that have the resources to support their legacy clients and their "latest and greatest" clients (if they wish to do so). If not why would they keep coming out with so many? (besides greed of course heh ). Yet there are still vulnerabilities to be found in their latest software. XP and 2003 clients were just as effected by mydoom as 98. And would it not be fair to say that malware authors will just adapt and target the new OS (like they already have done)? So is this really the problem?

Though I some-what understand this gentleman's point... overall, it seems to me like a very selfish attitude.
Personally I think tolerance and showing people that simple security measures can prevent a lot of headaches in the future, is easier than having everyone upgrade to the latest MS product with no further help in securing their systems. Eventually some kind of "teaching" will have to take place.

 

I agree that not everyone has the finances to upgrade or even the need to but there is a bit of truth in the article about legacy software but it all can't be blamed on that

 

Specious conclusion IMO. It's not the software so much as it is the user. And just about always will be as long as the user is to a significant extent in control of the machine and software. Only an OS with software/hardware that severely restricts functionality and also takes control virtually out of the user's hands might ensure some satisfactory level of protection and security.

But as long as the user has the flexibility to control the functions on the PC, software and system along with the ability to download and install anything from the net or P2P or open email attachments, disable a firewall, etc., vulnerabilities and potentials for exploits will be present. With the latest MS OS' there are some security improvements that nevertheless users manage to defeat.

How many people are using brand new XP's, IE's and OE's and still manage to find ways to get infected? Some regard OE 6 sp1's default "do not allow access to email attachments" setting as a hassle, so they disable that feature so they can happly click themselves silly and open any old attachment that comes from someone they know, might know or never heard of. (I remember when SP1 came out there were lots of threads on OE re: "Help! I can't open any attachments in OE!!" All they wanted to know is how they could open their attachments, not how to tell which ones they should or shoud not open. That would take too long to think about when all they wanted to do iwas just click and open.)

Or that firewall installed OEM might prevent them from doing x, y or z or "slows down' their pc (they might just think so even if it isn't true) and maybe someone told them they didn't need it so off goes the ICF or McAfee or whatever.

Most OEM installs on new PC's include an AV of some sort, most often NAV or McAfee.. The user may figure that much out, but may disable it because it either "slows down their PC" or "uses too many resources" (like they're still running W98 on a 486.100 instead of that nice P4 2.4 ghz XP box). Or "I fogot to update" or "my subscription/trial ran out and I forgot to renew/get something else."

New or old software isn't to blame for people doing what they do.

Also there are now many freeware alternatives to some of the std MS software. Various browsers, email clients even Open Office.org for those who need something like but not actually MS Office. So an "upgrade" to an alternative needn't necessarily result in additional expense.

But the user who is not paying much attention to anything regarding security will not be instantly protected or more savvy by either upgrading to newer software or using alternatives to MS products. When XP SP2 comes out perhaps there will be some quasi-paternalistic big brother type security enhancements to protect the clueless user. And precisely those will among the first things to be disabled by a significant percentage of users. And most often they will be not be replaced or superceded by a safer practice or another security software or other protective measures.

And then when they get hit by the next internet worm, trojan or stupid email attachment that "they knew they shouldn't have opened" it will be that damn MS software that they will blame because "everyone knows it's buggy and unsafe."

 

I fully agree that the user is a much greater risk than the os and software.

 

Very timely discussion...

The NY Times font page has an article about knowledgeable and security-conscious users being fed up with "clueless" users who: (1) unwittingly help disseminate security threats through unsafe practices
and (2) swamp their friends with pleas for help when something goes wrong.

http://www.nytimes.com/2004/02/05/technology/05VIRU.html
* NYTimes.com requires free registration to read its content.

It's getting pretty bad out there. I'm of the opinion that the savvy folks (e.g. Wilders members ) are grossly outnumbered. So it is unlikely that we can win the battle against "willful ignorance".

Any time the general population prove themselves incapable or unwilling to use a technology responsibly, beyond the point society will tolerate, the most common and simplest solution calls for a restriction of freedom. Can't own a gun for protection without occasionally robbing a convenience store? Can't enjoy a beer at the pub without becoming a menace behind the wheel? Can't read your email without spreading MyDoom or inadvertently converting your PC into a porn server?

If something is going to make a difference, it'll most likely result in taking the responsibility for security away from the user. Those of us who are moderately knowledgeable, or even hobbyists, will not particularly like having things sorted out for us.

Just my two cents. I hope I'm dead wrong.

 

I hope that you are wrong also but it would be our luck that the majority will cause the minority to get the fun kicked out of them.