Monday, May 19, 2008

MICROSOFT Blames Users For security Holes

MICROSOFT Blames Users For security Holes

Well well well, This goes down as one of the cutest excuses of the year award. Microsoft says "The number of virus infections found by a virus vendor does not necessarily equal poor security," wrote Kleef in a blog post. "In many cases it equals poor user behavior. If I, despite all prompting and consent behavior, choose to go to a (probably dodgy) website, accept the ActiveX control prompts to download (probably dodgy) code and I actually choose to execute that code then I'm hosed."

Well is that not convenient as the church lady would say from Saturday night live, Hmmm Maybe Satan made you you do it? When I write I try and think of things from the point of view of the average user, as thats what I am. I'm not a techy, and I'm most definitely not a computer software developer, but this sure as hell sounds to me like the hopelessly useless account user interface on Vista is being used as a way to blame user's for Window's flawed code.

I would like to ask Microsoft how many user's can tell what is a good active X control and what is dodgy? I know I can't, but I do know many websites have them and I can tell you when I say yes using Microsoft's account control it give's me no useful information whatsoever to tell me if it's dodgy or not, it just let's me know something is going on, but I have no idea if thats a normal process or not. Microsoft stop blaming the customer. I want to know what do you think? Is Microsoft right is the User to Blame?

Microsoft has claimed user "complacency" is to blame for malware infections, and denied that its Vista operating system is less secure than Windows 2000.

The claim that Vista is less secure than Windows 2000 was made last week by security vendor PC Tools, which said that over the past six months Vista had suffered 639 unique threats, whereas Windows 2000 has suffered 586. PC Tools's research was conducted by collecting data from customers using its ThreatFire behavioral detection software.


"Ironically, the new operating system has been hailed by Microsoft as the most secure version of Windows to date," said Simon Clausen, the chief executive of PC Tools last week.


"However, recent research conducted with statistics from over 1.4 million computers within the ThreatFire community has shown that Windows Vista is more susceptible to malware than the eight-year-old Windows 2000 operating system, and only 37 percent more secure than Windows XP," Clausen said.


However, Microsoft strongly hit back at the claims, blaming users for executing malicious code on their machines. On Tuesday, Technet blogger and Microsoft evangelist Michael Kleef said the number of infections found by PC Tools was an indication of poor user behavior.


"The number of virus infections found by a virus vendor does not necessarily equal poor security," wrote Kleef in a blog post. "In many cases it equals poor user behavior. If I, despite all prompting and consent behavior, choose to go to a (probably dodgy) website, accept the ActiveX control prompts to download (probably dodgy) code and I actually choose to execute that code then I'm hosed."


Kleef claimed the number of infections was not purely the operating system's fault, but said that "in some cases it's the user and their lack of knowledge and their implicit 'it-won't-happen-to-me' complacency" that causes them to get infected.


Kleef's comments followed on from a blog post on Friday by Austin Wilson, the director of Windows Client Security Product Management, which also denied that Vista was less secure than Windows 2000. Wilson said results collected from over 450 million uses of Microsoft's Malicious Software Removal Tool (MSRT) and published in Microsoft's most recent Security Intelligence Report show Vista is more secure than Windows 2000.


"Our results published in the April 2008 version of the Security Intelligence Report show that Windows Vista is significantly less susceptible to malware than older operating systems," wrote Wilson in the blog post. "Using proportionate numbers, MSRT found and cleaned malware from 44 percent fewer Windows Vista-based computers than Windows 2000 SP4 computers and 77 percent fewer than from computers running Windows 2000 SP3."


Digg!

No comments: