[LINK] Study shows pop-up warnings are ineffective
Stilgherrian
stil at stilgherrian.com
Wed Oct 1 09:03:02 AEST 2008
On 01/10/2008, at 12:37 AM, Malcolm Miles wrote:
> If they are running as a default Vista user, then the game doesn't
> even start. When they run the malware installer, the user will get a
> UAC dialog, prompting them for an adminstrative userid and password.
> As a default user, they don't have those credentials so the malware
> installer won't run. In a corporate locked-down environment you can
> configure Vista so that default users don't see a UAC prompt and any
> installs will fail.
I'v installed Vista Ultimate with default settings. The computer owner
doesn't need to do anything when a UAC appears except click on "OK".
No password required. I contend, as I did the other day, that the
majority of users will be baffled by the request and will
automatically click on "OK" so they can proceed with their life... and
that was the point of the article cited which started this whole thread.
Talking about "a corporate locked-down environment" is all well and
good, but the median business in Australia is a sole trader working
from home, possible with a part-time bookkeeper. They're unlikely to
have ANY IT support, let alone a securely configured environment. Most
"experts" have experience in larger organisations, and perhaps should
spend a few days in a shoe shop or a 2-man carpentry business to see
how computers get used in those more typical environments.
This isn't about Vista, or Windows even. It's about IT systems being
designed as if the user is an IT professional. By and large, they're
not.
Someone said that people shouldn't be using computers in the workplace
without appropriate training. "Should" is always such a tricky word:
it's about what someone reckons someone else should be doing, and in
this case ignores the actual reality "out there".
All the "security features" (if security can ever be provide by
"features") are useless if people don't know what they mean. Saying
they should use a different OS or be trained or whatever is a lovely
dream, but the reality is that businesses are operating NOW using
these (to us) terrible, risky practices and they don't even KNOW that
what they're doing is risky, let alone what to do about it.
So, what are we going to do that will ACTUALLY fix it and which can
ACTUALLY be achieved in a small business environment? Apart from
whingeing, of course. ;) (Not directed at you, Malcolm, just free-
associating off your comment about UAC.)
Stil
--
Stilgherrian http://stilgherrian.com/
Internet, IT and Media Consulting, Sydney, Australia
mobile +61 407 623 600
fax +61 2 9516 5630
Twitter: stilgherrian
Skype: stilgherrian
ABN 25 231 641 421
More information about the Link
mailing list