You are here: Home > August 2004 > Protecting your computer from yourself

August 22, 2004

Protecting your computer from yourself

Posted at August 22, 2004 10:00 PM in Technology .


From: service@yourcarcompany.com
To: you
Subj: vehicle recall

Our records show that the gas tank in your car model tends to collect dirt deposits. To preserve your vehicle warranty, we recommend that you add a cup of ordinary laundry detergent with each tank of gas.

I wish I was that clever, but I must give credit where it is due. This post was inspired by (and the above borrowed from) an eWeek article by Larry Seltzer to point out just how ridiculous some critics (excuse me, I mean "experts") can be when looking for "holes" in software. The point is this: would your car manufacturer consider the necessary repairs to be covered by the warranty? If you're gullible enough to fall for the above suggestion, does that somehow make you a victim?

Supposedly, one of the latest "holes" in the newly released Windows XP Service Pack 2 involves a "vulnerability" with cmd.exe. If a malicious person could somehow convince someone to save an attachment, and then run it using cmd.exe, the "Zone ID" that indicated the file came from the Internet would be ignored and a virus could be unleashed. The exact same vulnerability could affect any operating system (granted, the average Linux user probably knows better, but a virus could just as easily be executed from a command prompt on Linux). I guess this means that we shouldn't use any vulnerable OS and just shut off our PCs altogether so that none of us can be suckered into executing a file attachment from within cmd.exe!

Would it be clever social engineering to exploit this vulnerability? Sure would be. But this vulnerability is no more a technology vulnerability than phishing scams. It's not the technology that's dangerous, it's what people convince you to do with it.

Software security is great, don't get me wrong. But no company is liable for failure to use common sense, or, if you're so terribly unfortunate, no company is liable for your lack thereof. Since you're reading my blog, maybe you do lack common sense... ;) Not sure what that says about me...

Comments

Agreed. It's like that joke that goes something like this: You have received the Unix virus. Please enter your administrator password and spread it on to your friends!

-- Joe

Posted by Joe at August 24, 2004 03:14 PM
Posting of new comments has been disabled for this post.