It won't matter to the 53% of the population who can neither read nor write, as to the purchasers, who reads the things anyway?
India has reportedly concocted a plan to cut down on IT security problems: forcing hardware vendors to include a security awareness brochure with all desktop PCs, mobile phones and USB modems. The plans were dreamt up to improve the country’s cyber security preparedness, in response to the increasing volume of online threats …
It won't matter to the 53% of the population who can neither read nor write, as to the purchasers, who reads the things anyway?
I'm quite sure it's not THAT bad Eadon - did Clippy bully you when you were a child or something? I'm as skeptical as the next geek but therapy can actually help - I simple chat with a professional might make you feel better.
Thank you Eadon, you are the very reason I make a very good living advising companies how to strengthen there security after having a breach. How many times have I heard the phrase "well our adminitrators told us it was fine because it was running on XXXX".
Before Code Red the attack ratio of defaced machines was roughly 80/20 MS to *NIX based systems after Code Red it switched to 20/80. Why? because management were told MS bad, *nix good, but the real fact is that an ignorant MS admin is still an ignorant *nix admin.
Security is about people and process, not just assuming that technology X is good and tecnology Y is bad.
Earth to Eadon, I need to pop your bubble:
Nor to the other 47%, most of whom work as IT slaves and will bypass any and all security measures for the sake of 'productivity' at their employers' whim.
@AC 12:14 - Yes, but in the mind of Eadon, people who have a malware infection on their Android phone are idiots who've downloaded from inappropriate sources, whereas people who have malware on Windows have got it because Windows is bad m'kay.
Having spent the majority of my weekend disinfecting two Linux VMs - one Fedora Core 12, the other Ubuntu 8.4 - as well as a Mac (Leopard) ...
...fuck you, sir. Those platforms do indeed need anti-malware. More to the point, they need anti malware that doesn't suck. Windows needs it more urgently, but all platforms are suffering.
Oh, and I personally got hit by that Internet Explorer 0-day on Saturday too. I use IE once in 3 months...BAM! Sirefef. Well thanks, Microsoft. And a great pick "up yer jacksies" to whatever assclown wrote the damned viruses in the first place, too.
@Eadon, I believe the above said "malware." Not virus. There are plenty of Linux worms and viruses - oh, rarely the kernel, but the components that are packaged as part of various popular distributions are vulnerable enough to allow propagation. I have seen these in the wild.
Are infections the result of incompetent Linux/Unix/Mac admins? Yes. But by the same token, the same is true of Windows infections. Indeed; sometimes competent admins - or users - make mistakes. Nobody is perfect, and any engineer that doesn't take human fallibility into account when designing their system doesn't deserve their iron ring.
Every system - every single fucking one, including FOSS-based fuckery - has its many and varied flaws. Your job as an IT professional – whether that be self taught, engineer or otherwise – is to understand the systems you use and treat them appropriately.
That means understanding Windows before shooting your mouth off about it, something you clearly haven't done. And don't you dare give me bullshit about "anyone who understood Windows would never choose to use it" because that's fucking tripe and you goddamned well know it, sir. Windows isn't fit for purpose in some instances, but is perfectly workable – even the optimal, best fit! – in others. Open source is the best solution in some cases, absolutely the wrong choice in others.
You confuse your personal religious beliefs – which frankly border on a little nerdy jihad – with proper, objective consideration. Believe it or not, sir, you can be – and quite demonstrably have been, several times, in public on these very forums – wrong. More to the point, sir, your basic argumentation of "because you disagree with me and my opinion, you are No True Scotsman" is so deeply flawed that it is an elementary logical fallacy taught to primary school children in most first world nations.
Any system can be compromised; and every system can be compromised at a fundamental level. The selection of one versus another is a question of risk analysis, technical and legal requirements and – for some – personal ethics. Your constant and continued pigeonholing of everyone who disagrees with your take on the matter as shills, fanboys, or in some other way "A Microsoft" worshiper is tiresome, bothersome and ultimately irritating as fuck. You're like an anti RICHTO, and I put that clown on "ignore" for a reason.
The worst part of this all isn't even the constant, predictable, mind-numbing drumbeat of your thread-hijacking personal vendetta…it is that you are so very demonstrably wrong; you operate as much on outdated propaganda as anything, attacking those who dare speak up with ad homenim attacks. You use false tautologies and pre-canned rhetoric to make your "case," rarely pointing to objective analyses, only occasionally even attempting anything approaching evidence (preferably in the form of an HREF) and you refuse to accept for consideration any logic or evidence that would pierce the impenetrable bubble of your own belief system.
You are the individual manifestation of Fox News as a FOSS jihadi and just as culturally dangerous. FOSS itself – including Linux, and the many, many projects that are included with it in mainstream distributions – is a truly fantastic development for systems administrators, developers, engineers, and pretty much anyone in our society who needs to in any way rely on computers.
You sir, individually and personally are toxic. You are toxic to the open source movement you pretend to champion and you are toxic to a professional environment which ultimately should be considering all technologies objectively, dispassionately and carefully. It is clear you are intelligent, passionate and motivated. It is clear you have a great deal of knowledge. Your information dissemination techniques, however, are clearly inadequate when compared to the strength of your desire to communicate your beliefs.
You do yourself and your cause far more harm in your approach than you believe. You do the FOSS movement harm by making life difficult for those of us who in fact do have to work in heterogeneous environments and try to convince the very people you chide and berate in these forums to accept FOSS-based technologies as replacements or upgrades to existing or planned deployments.
In the real world; there is room for – and requirement for – both FOSS and proprietary technologies. Rather than attempting to libel proprietary vendors based on outdated (or outright false) information on a continual basis, how about working to update your knowledge of those systems so you can make more accurate and relevant arguments that will have the net result of convincing individuals to move towards open source?
Flies, sugar, and vinegar are all things to be considered. Now, back to testing samba 4…
You obviously work for the Civil Service ...
"Having spent the majority of my weekend disinfecting two Linux VMs - one Fedora Core 12, the other Ubuntu 8.4 - as well as a Mac (Leopard)"
You are unfortunate .. what was the method of infection of the Fedora, Ubuntu and Mac?
Hey Eadon, I can tell you hit the spot from all the personal abuse being heaped on you. All these disinterested parties coming out of the woodwork to dis you. Reminds of nothing more than the abuse heaped on anyone who dared criticise the church of $cientology ..
Reminds of nothing more than the abuse heaped on anyone who dared criticise the church of $cientology ..
Chicken and egg. Eadon's constant abuse is similar to the the abuse the Scientologists heap on anyone who disagrees with them and is therefore returned in kind.
The Mac was infected via Java. *sigh*.
I have no idea what got the Ubuntu; it was rooted and compromised beyond my ability to repair, I ended up pulling the data and burnign the system. The Fedora was compromised becuase some twunt refused to update the system, and the dude walked in through an SSH bug. (Easy to guess user password +running SSH on default port makes me sad.)
@Eadon Please don't sent an ethics officer to perform a sec check! I'll purge my Microsoft thetans, I swear! Obviously your two word rebuttal was shown me the light! All heil Eadon! Der Furher FOSSen Uber Alles!
Have to go with Dogged on this one. Eadon is - to my mind - like a tiny little wannabe Penguin David Miscavage. He just runs around Fair Gaming anyone who dare not speak the Book Of Eadon's personal view on IT, IT practices, Microsoft, etc. Worst part is, I agree with some of what he says, but it is swamped out by the pure bullshit he otherwise spews and the vitriolic nature which which his bilge issues forth.
We don't seem to have a problem with multiple languages in leaflets for EU distribution (or even tins of baked beans), even though e.g. Latvian speakers tend to be concentrated in Latvia - we just get rather large leaflets (and large lables on the tins in Lidl)
And shirley the solution is to require *vendors* in India to include a brochure with each purchase? Pop a copy in the carrier bag or tape it to the box?
Latvian speakers tend to be concentrated in Latvia - ordinarily a fair assumption, but.....
I wouldn't be at all surprised if close to half of the economically active Latvians weren't in Latvia anymore.
And only about 3% plan on coming back, long-term.
For many the choice is leave now, or starve/freeze or get ill and then have to leave later anyway.
Main destinations are Ireland, UK, Norway, Germany, Nordics, Canada, Australia, USA.
They often don't tell their home country, but the EU destinations are reporting up to 400,000 arrivals since the crisis began. That's about a 20% loss of population, mostly young working-age, over about the last 3.5 years, and accelerating.
Hence your food labels.
" the solution is to require *vendors* in India to include a brochure with each purchase?"
That depends on what the problem you want to solve is. If the problem is that insufficient regulatory claptrap paperwork is being printed, shipped, and thrown away unread, then you've got a viable solution.
If the problem the Indian government want to solve is user IT security, then they'll have to come up with a better approach. And there's some easy things they could do, like mandate in law that manufacturers have a responsibility for fixing security problems, and that (as shipped) all products must have automatic updating which is fully enabled. Mandate sensible rules for password setting for consumer facing businesses, minimum standards (eg 2FA) for on line banking. Mandate ISPs and phone companies to promote best practice (not really expecting them to do much, but enabling the government to punish the real security stragglers as an incentive to the rest). Mandate routine ISP blocking of malware destination sites, and automatically disconnect devices that are showing signs of malware activity (on the basis that if your average PC user's device is part of a botnet, then their ISP is far more likely to know than the user).
And make service providers of all kinds (from ISPs, phone companies, Facebook, banks) responsible from making users aware of security threats, particularly those that don't have a major tech aspect (eg social engineering attacks).
Why would it require bundling at the manufacture or customs level? Why wouldn't it be down to distributors or vendors to include the document with the equipment?
Stock a bunch of those sticky-backed windows (larger versions of the sort stuck to parcels when sending them via the post) and just slap one on each box?
With the USB one, simply have a stock in the store, and when someone brings one to the counter, hand one over with the product.
FFS, who pays any real attention all the packing docs these days? Long gone are the times when you had to dig around for the mail-in warranty validation. The extra paper will just go straight to the recycling/trash along with the packing etc. If they really wanted to get the point across they would force a security tutorial app to run on first boot/start/whatever on each device before it could be put to use. This is just another waste of trees.
Any of the devices mentioned could include a multi language readme file. Obviously, cost-free compared with paper, given that no-one will bother to read or heed such warnings, whatever the format.
Well yeah. But some people really need a large sign in a 90 point font to actually pay attention to something.
The printed approach should get everyone that doesn't need a frickin neon sign to get their attention.
OK well in the days of the "paperless office" etc. Why do they not simply give people a LINK to the page containing the brochure. Hmmm an exploit on that link page could provide a lot of Indian victims ;-)
A leaflet campaign - brilliant, they always work (/sarc)
Reminds me of a photo in Road & Track magazine years ago about a new approach to traffic safety near Leh, India -- photo was of a sign the said "Accidents are prohibited on this road".
I prefer to think of this as a good idea. Most security issues are PEBCAK's, so raising awareness there is a good thing.
Better than doing jack shit at least.
Actually the glass is empty. Another please barman!
They could put the brochure in with products in an electronic format. They've moved manuals over to a PDF on a CD so why not include the security brochure as well?
you have all missed the point - this is India: the point of regulations (and there are millions) is so that underpaid jobsworths can go round and confiscate what they fancy and/or get a bung because it's in breach of some rule - last week they were confiscating phones here because they didn't have a best before date.
It would be cheaper and slightly more effective if one could call such a muse effective, for them just to run an ad campaign ans post the little to be read leaflet to every household in the country.
The concessions agreed allow them to distribute the awareness training material via PDF - that then gets infected.
They could just do what the Indian Govt itself does, stick with Hindi and English communications only.
English is good for when the individual states can't, or don't want to be forced to, speak Hindi to the Government, which may well not be their state's main language. Which is why English hasn't been dropped yet. Or so says WikiPedia, at any rate.
So English is a kind of secondary Lingua Franca (bad joke alert!)
And yeah, I think it's an excellent idea to have basic security warnings. Nice one, India!
What happens to all the dead trees that get dumped in the trash?
Ironic, this, when only two days ago I was autodialed by some Indian claiming to work "for Windows" who was concerned that my "computer has a virus that it is spreading all over the internet".
I didn't have time to play with the dolt so just provoked him into saying he couldn't talk about IP Adresses because doing so over the phone was illegal before I hung up and went for breakfast.
If you get a call from someone working "for Windows" it might be worth stringing him/her along for a bit to see what else you can get them to say.
I would have liked to have mine talk about giving credit card details for whatever bogosity he was about to try on me, then casually drop into the conversation that the FBI were monitoring my phone because I am a foreign national in America and could he please hold the line, as the little light on my phone was flashing which meant an agent wanted to speak to him - just to see how his script was written for that sort of contingency.
But as I said, Eggs Benedict were calling to me.
We had a user who reported receiving a similar phone call recently.
Much to my surprise the user (who is not normally the swiftest when it comes to computers) did the right thing and kept asking questions, didn't do anything the phisherman asked, demanded to speak to a manager, etc until he hung-up on her in frustration.
I have always wanted to get one these calls myself. I think it would be tremendous fun to see how long I could keep them on the line pretending to do what they ask while having the darndest problems... "Gosh thanks so much for calling me, I don't want 'the haxors' to steal all my desktops and megapixels from the inter-cloud! Oh dear, the screen's gone all blue again... Can you help me fix that too?"
Already had these chumps many moons ago - and me and my friends made it our mission to hold them on the phone for as long as humanly possible!
It was amazing - they'd get incredibly irate and abusive after a while - only to get even more frustrated when they discovered they were in a virtual machine with very few options of recourse. "Don't piss me off, I'll crash your computer!" "AHAHAHAHAHA Good luck with that buddy" *click*
Then they'd keep autodialling our number. I think my number eventually got blacklisted by them - but at times we'd get dialled and I'd answer - ready to troll them some more - only to discover their call had mysteriously dropped the moment I answered! I thank 2talk for this probably unintentional benefit when I decided to port the phone number to their VoIP service.
You takes yer chances.
Who is going to protect us all from this Android and iPhone malware infestation?
Well if the US congress builds that Planetary Earth Defense System itll be down to Lord Vader
Biting the hand that feeds IT © 1998–2017