Security threats Toolkit
Story: Experts: Windows 7 at risk from legacy flaw
Hidden Filename Extensions and Assumed Idiot Users
The issue is more like this:
1) Is your User community or group too stupid to protect themselves? Or stated another way: "Do you trust your User groups to always do the right thing?"
2) Do you want to do everything you can to protect your Windows related infrastructure?
3) Are you tired of fixing and delousing malware infected desktops?
I view it as one more thing to add to the checklist to secure the systems from the Users virtually certain inability to protect themselves and their work pro-actively.
Windows XP Pro and Home editions are practically useless with a lot of software applications if the default install is done into c:\Program Files AND the User is actually setup as User and not local Admin.
Users on Visaster, complain constantly about the UAC window boxes that come up if a desktop has it locked down. That has more than likely caused IT Admins to loosen security on the main complainers' desktops.
Windows 7 looks like it will mitigate some of that but the UAC infrastructure is still there.
An social experiment I would like to run would be have the Users sign a voluntary reimbursement agreement. Subsequently if it is found that the User installed something that he/she shouldn't have, violated security policies of the IT department, used an elevated logon when they shouldn't have, opened email attachments from unknown senders or with prohibited filename extensions or deliberately web-surfed sites on the black-list, the penalty should be their hourly pay-rate times the number of hours required by the IT tech to fix the malware. Assigned to the slowest and most methodical IT technician, a couple of instances and suddenly the entire corporate domain User groups would be in compliance quickly!
Users who won't sign the agreement, only get User status on their logon. No Local Admin or PowerUser privileges.
Of course, the IT department would have to devise a really tight security profile that would be applied to the User logons. Logging successful user logons in the event file with the User and LocalAdmin profiles denied browse or read access to the event logs would document who was on the system when things went sour.
Obviously this entire experiment could be un-done by the pointy-haired bosses caving in to User pressure to get it changed back OR showing favoritism for certain "pet" employees.
Xwindowsjunkie
Hardware Design/Engineering, Houston, Republica de Tejas
Member since: May 2007
Site Activity Rating:
This member is ranked #28 in our top 100
Full Talkback thread
Story: Experts: Windows 7 at risk from legacy flaw
-
Not really that serious knapper -
But as Adrian Kingsley-Hughes pointed out in... Chris Rankin -
Bit of a weak argument knapper -
I saw the whole extension because I... Chris Rankin -
Your missing the point knapper
-
Actually, you've missed t... Chris Rankin
-
Not really that serious ator1940
-
So, what else is new? thinkfeeldo
-
Hidden Filename Extensions and Assumed Idiot Users Xwindowsjunkie
