Re: ILoveGNU
"Jaldhar H. Vyas" <jaldhar@debian.org> writes:
> All the security features in the world will not help if users decide
> to do dumb things. And they will.
I don't think the loveletter would have spread thus widely, if
clicking on the .vbs attachment would have popped up a friendly
warning like the following (ok, probably not in these words):
Hey, you just clicked on code. Executing unauthenticated code could
show an animated Easter Bunny, but could also format your harddisk,
after having sent all your personal information to the New Order.
Only click on "Yes, I want this done" if you know what this code
does. Otherwise, back off slowly, do not be alarmed and click on
"Chicken out" when you're ready.
> Even Microsoft software does have some security features. (I
> remember turning off Javascript and HTML in Outlook even before the
> first virus hit.) But people don't even use those fully.
Especially those people with low computer-literacy will leave all
settings on their defaults. If these are insecure, this is a big
problem. I wonder what functionality is lost by making the user think
twice about running active content.
> From what I've read about computer security, I've learned that it is as
> much a social matter as a technological one. Perhaps the open nature of
> Linux will help educate users more about good security habits but I
> plan on thinking pessimistically.
Still, if you hold on to simple security habits (i.e. read your e-mail
not as root), the virus would have a hard time making your system
unbootable (which some loveletter variants reportedly did). Your
homedir can be hosed still, of course...
--
Robbe
Reply to: