It won't matter to the 53% of the population who can neither read nor write, as to the purchasers, who reads the things anyway?
India has reportedly concocted a plan to cut down on IT security problems: forcing hardware vendors to include a security awareness brochure with all desktop PCs, mobile phones and USB modems. The plans were dreamt up to improve the country’s cyber security preparedness, in response to the increasing volume of online threats …
Thank you Eadon, you are the very reason I make a very good living advising companies how to strengthen there security after having a breach. How many times have I heard the phrase "well our adminitrators told us it was fine because it was running on XXXX".
Before Code Red the attack ratio of defaced machines was roughly 80/20 MS to *NIX based systems after Code Red it switched to 20/80. Why? because management were told MS bad, *nix good, but the real fact is that an ignorant MS admin is still an ignorant *nix admin.
Security is about people and process, not just assuming that technology X is good and tecnology Y is bad.
Having spent the majority of my weekend disinfecting two Linux VMs - one Fedora Core 12, the other Ubuntu 8.4 - as well as a Mac (Leopard) ...
...fuck you, sir. Those platforms do indeed need anti-malware. More to the point, they need anti malware that doesn't suck. Windows needs it more urgently, but all platforms are suffering.
Oh, and I personally got hit by that Internet Explorer 0-day on Saturday too. I use IE once in 3 months...BAM! Sirefef. Well thanks, Microsoft. And a great pick "up yer jacksies" to whatever assclown wrote the damned viruses in the first place, too.
@Eadon, I believe the above said "malware." Not virus. There are plenty of Linux worms and viruses - oh, rarely the kernel, but the components that are packaged as part of various popular distributions are vulnerable enough to allow propagation. I have seen these in the wild.
Are infections the result of incompetent Linux/Unix/Mac admins? Yes. But by the same token, the same is true of Windows infections. Indeed; sometimes competent admins - or users - make mistakes. Nobody is perfect, and any engineer that doesn't take human fallibility into account when designing their system doesn't deserve their iron ring.
Every system - every single fucking one, including FOSS-based fuckery - has its many and varied flaws. Your job as an IT professional – whether that be self taught, engineer or otherwise – is to understand the systems you use and treat them appropriately.
That means understanding Windows before shooting your mouth off about it, something you clearly haven't done. And don't you dare give me bullshit about "anyone who understood Windows would never choose to use it" because that's fucking tripe and you goddamned well know it, sir. Windows isn't fit for purpose in some instances, but is perfectly workable – even the optimal, best fit! – in others. Open source is the best solution in some cases, absolutely the wrong choice in others.
You confuse your personal religious beliefs – which frankly border on a little nerdy jihad – with proper, objective consideration. Believe it or not, sir, you can be – and quite demonstrably have been, several times, in public on these very forums – wrong. More to the point, sir, your basic argumentation of "because you disagree with me and my opinion, you are No True Scotsman" is so deeply flawed that it is an elementary logical fallacy taught to primary school children in most first world nations.
Any system can be compromised; and every system can be compromised at a fundamental level. The selection of one versus another is a question of risk analysis, technical and legal requirements and – for some – personal ethics. Your constant and continued pigeonholing of everyone who disagrees with your take on the matter as shills, fanboys, or in some other way "A Microsoft" worshiper is tiresome, bothersome and ultimately irritating as fuck. You're like an anti RICHTO, and I put that clown on "ignore" for a reason.
The worst part of this all isn't even the constant, predictable, mind-numbing drumbeat of your thread-hijacking personal vendetta…it is that you are so very demonstrably wrong; you operate as much on outdated propaganda as anything, attacking those who dare speak up with ad homenim attacks. You use false tautologies and pre-canned rhetoric to make your "case," rarely pointing to objective analyses, only occasionally even attempting anything approaching evidence (preferably in the form of an HREF) and you refuse to accept for consideration any logic or evidence that would pierce the impenetrable bubble of your own belief system.
You are the individual manifestation of Fox News as a FOSS jihadi and just as culturally dangerous. FOSS itself – including Linux, and the many, many projects that are included with it in mainstream distributions – is a truly fantastic development for systems administrators, developers, engineers, and pretty much anyone in our society who needs to in any way rely on computers.
You sir, individually and personally are toxic. You are toxic to the open source movement you pretend to champion and you are toxic to a professional environment which ultimately should be considering all technologies objectively, dispassionately and carefully. It is clear you are intelligent, passionate and motivated. It is clear you have a great deal of knowledge. Your information dissemination techniques, however, are clearly inadequate when compared to the strength of your desire to communicate your beliefs.
You do yourself and your cause far more harm in your approach than you believe. You do the FOSS movement harm by making life difficult for those of us who in fact do have to work in heterogeneous environments and try to convince the very people you chide and berate in these forums to accept FOSS-based technologies as replacements or upgrades to existing or planned deployments.
In the real world; there is room for – and requirement for – both FOSS and proprietary technologies. Rather than attempting to libel proprietary vendors based on outdated (or outright false) information on a continual basis, how about working to update your knowledge of those systems so you can make more accurate and relevant arguments that will have the net result of convincing individuals to move towards open source?
Flies, sugar, and vinegar are all things to be considered. Now, back to testing samba 4…
Reminds of nothing more than the abuse heaped on anyone who dared criticise the church of $cientology ..
Chicken and egg. Eadon's constant abuse is similar to the the abuse the Scientologists heap on anyone who disagrees with them and is therefore returned in kind.
Have to go with Dogged on this one. Eadon is - to my mind - like a tiny little wannabe Penguin David Miscavage. He just runs around Fair Gaming anyone who dare not speak the Book Of Eadon's personal view on IT, IT practices, Microsoft, etc. Worst part is, I agree with some of what he says, but it is swamped out by the pure bullshit he otherwise spews and the vitriolic nature which which his bilge issues forth.
The Mac was infected via Java. *sigh*.
I have no idea what got the Ubuntu; it was rooted and compromised beyond my ability to repair, I ended up pulling the data and burnign the system. The Fedora was compromised becuase some twunt refused to update the system, and the dude walked in through an SSH bug. (Easy to guess user password +running SSH on default port makes me sad.)
We don't seem to have a problem with multiple languages in leaflets for EU distribution (or even tins of baked beans), even though e.g. Latvian speakers tend to be concentrated in Latvia - we just get rather large leaflets (and large lables on the tins in Lidl)
And shirley the solution is to require *vendors* in India to include a brochure with each purchase? Pop a copy in the carrier bag or tape it to the box?
Latvian speakers tend to be concentrated in Latvia - ordinarily a fair assumption, but.....
I wouldn't be at all surprised if close to half of the economically active Latvians weren't in Latvia anymore.
And only about 3% plan on coming back, long-term.
For many the choice is leave now, or starve/freeze or get ill and then have to leave later anyway.
Main destinations are Ireland, UK, Norway, Germany, Nordics, Canada, Australia, USA.
They often don't tell their home country, but the EU destinations are reporting up to 400,000 arrivals since the crisis began. That's about a 20% loss of population, mostly young working-age, over about the last 3.5 years, and accelerating.
Hence your food labels.
" the solution is to require *vendors* in India to include a brochure with each purchase?"
That depends on what the problem you want to solve is. If the problem is that insufficient regulatory claptrap paperwork is being printed, shipped, and thrown away unread, then you've got a viable solution.
If the problem the Indian government want to solve is user IT security, then they'll have to come up with a better approach. And there's some easy things they could do, like mandate in law that manufacturers have a responsibility for fixing security problems, and that (as shipped) all products must have automatic updating which is fully enabled. Mandate sensible rules for password setting for consumer facing businesses, minimum standards (eg 2FA) for on line banking. Mandate ISPs and phone companies to promote best practice (not really expecting them to do much, but enabling the government to punish the real security stragglers as an incentive to the rest). Mandate routine ISP blocking of malware destination sites, and automatically disconnect devices that are showing signs of malware activity (on the basis that if your average PC user's device is part of a botnet, then their ISP is far more likely to know than the user).
And make service providers of all kinds (from ISPs, phone companies, Facebook, banks) responsible from making users aware of security threats, particularly those that don't have a major tech aspect (eg social engineering attacks).
Why would it require bundling at the manufacture or customs level? Why wouldn't it be down to distributors or vendors to include the document with the equipment?
Stock a bunch of those sticky-backed windows (larger versions of the sort stuck to parcels when sending them via the post) and just slap one on each box?
With the USB one, simply have a stock in the store, and when someone brings one to the counter, hand one over with the product.
FFS, who pays any real attention all the packing docs these days? Long gone are the times when you had to dig around for the mail-in warranty validation. The extra paper will just go straight to the recycling/trash along with the packing etc. If they really wanted to get the point across they would force a security tutorial app to run on first boot/start/whatever on each device before it could be put to use. This is just another waste of trees.
you have all missed the point - this is India: the point of regulations (and there are millions) is so that underpaid jobsworths can go round and confiscate what they fancy and/or get a bung because it's in breach of some rule - last week they were confiscating phones here because they didn't have a best before date.
They could just do what the Indian Govt itself does, stick with Hindi and English communications only.
English is good for when the individual states can't, or don't want to be forced to, speak Hindi to the Government, which may well not be their state's main language. Which is why English hasn't been dropped yet. Or so says WikiPedia, at any rate.
So English is a kind of secondary Lingua Franca (bad joke alert!)
And yeah, I think it's an excellent idea to have basic security warnings. Nice one, India!
Ironic, this, when only two days ago I was autodialed by some Indian claiming to work "for Windows" who was concerned that my "computer has a virus that it is spreading all over the internet".
I didn't have time to play with the dolt so just provoked him into saying he couldn't talk about IP Adresses because doing so over the phone was illegal before I hung up and went for breakfast.
If you get a call from someone working "for Windows" it might be worth stringing him/her along for a bit to see what else you can get them to say.
I would have liked to have mine talk about giving credit card details for whatever bogosity he was about to try on me, then casually drop into the conversation that the FBI were monitoring my phone because I am a foreign national in America and could he please hold the line, as the little light on my phone was flashing which meant an agent wanted to speak to him - just to see how his script was written for that sort of contingency.
But as I said, Eggs Benedict were calling to me.
We had a user who reported receiving a similar phone call recently.
Much to my surprise the user (who is not normally the swiftest when it comes to computers) did the right thing and kept asking questions, didn't do anything the phisherman asked, demanded to speak to a manager, etc until he hung-up on her in frustration.
I have always wanted to get one these calls myself. I think it would be tremendous fun to see how long I could keep them on the line pretending to do what they ask while having the darndest problems... "Gosh thanks so much for calling me, I don't want 'the haxors' to steal all my desktops and megapixels from the inter-cloud! Oh dear, the screen's gone all blue again... Can you help me fix that too?"
Already had these chumps many moons ago - and me and my friends made it our mission to hold them on the phone for as long as humanly possible!
It was amazing - they'd get incredibly irate and abusive after a while - only to get even more frustrated when they discovered they were in a virtual machine with very few options of recourse. "Don't piss me off, I'll crash your computer!" "AHAHAHAHAHA Good luck with that buddy" *click*
Then they'd keep autodialling our number. I think my number eventually got blacklisted by them - but at times we'd get dialled and I'd answer - ready to troll them some more - only to discover their call had mysteriously dropped the moment I answered! I thank 2talk for this probably unintentional benefit when I decided to port the phone number to their VoIP service.
Biting the hand that feeds IT © 1998–2019