We have all met people who really have no clue about using a PC. They find they can do things and just repeat even if they are risky operations like downloading and executing random software from the web. However, some believe using that other OS is perfectly safe if there is no Problem Existing Between Keyboard And Chair. That’s not always true.
That other OS of M$’s has repeatedly been attacked by malware during perfectly innocent operations:
- before XP SP2, M$ did not even turn on the firewall by default so an innocent user could have his PC hacked by someone probing ports out on the web,
- M$ thought it inconvenient that users should be involved with the complexities of file types and hid “file extensions” from users, making “butterfly.jpeg.exe’ seem like “butterfly.jpeg” to the user who wanted to see the image or a larger version of it and M$ also routes files according to their “file extension” to various applications so what the user thinks is an image can be executed,
- M$ even made some proper image files executable so that malware could be injected into them, and
I read this today, “My opinion is that employees *can* and *should* be trusted. Those that abuse the trust need to dealt with in an agreed upon way by HR and upper management. For example, a user that gets a virus on their computer would be required to talk with their manager about “safe downloading” practices. If they have another violation, some of *that user’s* rights should be restricted. If it happens again, HR should become involved, because they are obviously not competent enough to do their job.”
That’s clearly wrong but the authour supposedly is out there running IT systems…
I have even read in comments to my blog that such and such a user has never had malware on his/her system simply because they are smart and only visit “good” sites. Well, how is a normal user to know whether some normally “good” site has been hacked and a trojan/backdoor has been dropped off. Is the normal user to go by instinct?
Last year, I worked at a place that was plagued by malware. It was a lot of work just to keep machines running. I know that people were not browsing to naughty sites, because I could see the sites visited in the log of the web-cache and I could see the occasional malware detected at the firewall. Very little, if any, of the malware was a result of users’ actions. It was totally innocent use of the web for professional and educational reasons and thousands of new malwares daily that don’t get blocked automatically by filters.
People can be problems but getting them to use IT was a much bigger problem than using it badly/recklessly. I put malware in its place by installing Debian GNU/Linux system wide. Same users, no problem.