LISTSERV - VICUG-L Archives - LISTSERV.ICORS.ORG

VICUG-L Archives

Visually Impaired Computer Users' Group List

VICUG-L@LISTSERV.ICORS.ORG

	LISTSERV Archives
	VICUG-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives
Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]
Subject:	Re: Microsoft Windows: Insecure by Design
From:	David Poehlman <[log in to unmask]>
Reply To:	David Poehlman <[log in to unmask]>
Date:	Mon, 1 Sep 2003 21:56:37 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (294 lines)
the fault with windows though is that it is deceptively simple till you need
to do something complex and it is seemingly complex when it comes to some
things that should be simple and by default and design, it is an attack
waiting to happen and that knowledge is kept in obscurity by the language in
which it communicates.  In other words, How can you ask questions if you
don't know that there are questions to ask or to ask questions.  Yes, we are
out here to help, I have had to do a lot of assisting people who did not
even know they needed assistance till I pointed out some things through
observation of their systems and asked them some questions.  Lots of
interactions do not go this way.  Instead, people call for help with a
problem, the person answering the call deals with the problem but ignores
anything that they might observe as a result of dealing with the problem
that might need attention because it is not part of the immediate issue and
of course, they have lots of other calls to take.

Many people who have cars and computers have challenges that block them from
persuing long sessions in training or with manuals and taking the time to
deal with preventing isues or potential issues that might arise.  I have
assisted many people with this as well by doing things they need done and
were they not challenged by time or other difficulties could do them selves.

I am glad that I have the ability to deal with the issues described in the
original article to a fair degree, but also understand that many don't have
that ability or cannot invest the time so feel that it is on the developper
to whom lots of money is payed, to provide a safe and secure environment in
which to use their products.  I might also add accessibility on an even keel
with the flashy stuff they want to put out and the wow and stuff.  Instead
of having a small staff to deal with accessibility issues, companies who get
a lot of money by selling products to the public should have staf and
resources on a level and scale rivalling that of marketing or some other
high function of the company that they feel is important.  If video delivery
were an afterthought of some company, how much would they sell?

----- Original Message -----
From: "Kelly Pierce" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Monday, September 01, 2003 2:01 PM
Subject: Re: Microsoft Windows: Insecure by Design


It was a little disappointing to find that many in the vicug here didn't
like reading manuals and understanding specifications of peripheral
devices.  I guess I believe in information self-sufficiency.  I not only
want to use my system, but be able to configure, install, troubleshoot,
repair, and upgrade it too.  It is like the car owner who can also change
his oil, flush out valves, and replace his tires.

Now that all many of the technology related resources, including books
and manuals, are accessible, I am happy that I can utilize them.

There are communities like vicug-l to get support and aid too.

Kelly


----- Original Message -----
From: "Gordan Wahl" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Tuesday, August 26, 2003 11:19 AM
Subject: Re: Microsoft Windows: Insecure by Design


> Hi Peter,  Thanks for the article and all the information it contained.
> I just have one problem.  Its like the Gourmet Expert on fine dining,
> whin asked how a fine dish was prepared, replyed, "I don't Know.  I am
a
> 'eater' mot a 'cooker'.  So as a blind PC user, "I just know how to use
> it.  I don't know how to keep it well, or how to fic it when it gets
> sick."
> Next question.  Am I the only one who has this problem?
> Gordon Wahl
>
>
> ####
> Peter Altschul wrote:
> >
> > http://www.washingtonpost.com/wp-dyn/articles/A34978-2003Aug23.html
> >
> > Microsoft Windows: Insecure by Design
> >
> > By Rob Pegoraro
> > The Washington Post
> > Sunday, August 24, 2003; Page F07
> >
> > Between the Blaster worm and the Sobig virus, it's been
> > a long two weeks for Windows users. But nobody with a
> > Mac or a Linux PC has had to lose a moment of sleep over
> > these outbreaks -- just like in earlier "malware"
> > epidemics.
> >
> > This is not a coincidence.
> >
> > The usual theory has been that Windows gets all the
> > attacks because almost everybody uses it. But millions
> > of people do use Mac OS X and Linux, a sufficiently big
> > market for plenty of legitimate software developers --
> > so why do the authors of viruses and worms rarely take
> > aim at either system?
> >
> > Even if that changed, Windows would still be an easier
> > target. In its default setup, Windows XP on the Internet
> > amounts to a car parked in a bad part of town, with the
> > doors unlocked, the key in the ignition and a Post-It
> > note on the dashboard saying, "Please don't steal this."
> >
> > Not opening strange e-mail attachments helps to keep
> > Windows secure (not to mention it's plain common sense),
> > but it isn't enough.
> >
> > The vulnerabilities built in: Security starts with
> > closing doors that don't need to be open. On a PC, these
> > doors are called "ports" -- channels to the Internet
> > reserved for specific tasks, such as publishing a Web
> > page.
> >
> > These ports are what network worms like Blaster crawl in
> > through, exploiting bugs in an operating system to
> > implant themselves. (Viruses can't move on their own and
> > need other mechanisms, such as e-mail or floppy disks,
> > to spread.) It's canonical among security experts that
> > unneeded ports should be closed.
> >
> > Windows XP Home Edition, however, ships with five ports
> > open, behind which run "services" that serve no purpose
> > except on a computer network.
> >
> > "Messenger Service," for instance, is designed to listen
> > for alerts sent out by a network's owner, but on a home
> > computer all it does is receive ads broadcast by
> > spammers. The "Remote Procedure Call" feature exploited
> > by Blaster is, to quote a Microsoft advisory, "not
> > intended to be used in hostile environments such as the
> > Internet."
> >
> > Jeff Jones, Microsoft's senior director for "trustworthy
> > computing," said the company was heeding user requests
> > when XP was designed: "What customers were demanding was
> > network compatibility, application compatibility."
> >
> > But they weren't asking for easily cracked PCs either.
> > Now, Jones said, Microsoft believes it's better to leave
> > ports shut until users open the ones they need. But any
> > change to this dangerous default configuration will only
> > come in some future update.
> >
> > In comparison, Mac OS X ships with zero ports open to
> > the Internet.
> >
> > The firewall that's down: A firewall provides further
> > defense against worms, rejecting dangerous Internet
> > traffic.
> >
> > Windows XP includes basic firewall software (it doesn't
> > monitor outgoing connections), but it's inactive unless
> > you use its "wizard" software to set up a broadband
> > connection. Turning it on is a five-step task in
> > Microsoft's directions (www.microsoft.com/protect) that
> > must be repeated for every Internet connection on a PC.
> >
> > Mac OS X's firewall isn't enabled by default either, but
> > it's much simpler to enable. Red Hat Linux is better
> > yet: Its firewall is on from the start.
> >
> > The patches that aren't downloaded: Windows is better
> > than most operating systems at easing the drudgery of
> > staying on top of patches and bug fixes, since it can
> > automatically download them. A PC kept current with
> > Microsoft's security updates would have survived this
> > week unscathed.
> >
> > But hundreds of thousands, if not millions, of Windows
> > systems still got Blasted, even though the patch to stop
> > this worm was released weeks ago.
> >
> > Part of this is users' fault. "Critical updates" are
> > called that for a reason, and it's foolish to ignore
> > them. (The same goes for not installing and updating
> > anti-virus software.)
> >
> > The chance of a patch wrecking Windows is dwarfed by the
> > odds that an unpatched PC will get hit. And for those
> > saying they don't trust Microsoft to fix their systems,
> > I have one question: If you don't trust this company,
> > why did you give it your money?
> >
> > Microsoft, however, must share blame, too. Windows XP's
> > pop-up invitations to use Windows Update must compete
> > for attention with all of XP's other, less important
> > nags -- get a Passport account, take a tour of XP, hide
> > unused desktop icons, blah, blah, blah.
> >
> > Microsoft's critical updates also are absent from retail
> > copies of Windows XP, forcing buyers into lengthy
> > Windows Update sessions to get the fixes since last
> > year's Service Pack 1 upgrade. At least the version of
> > XP provided to PC manufacturers is refreshed once a
> > quarter or so -- and Microsoft says it's working to
> > shorten this lag.
> >
> > The lack of any limit to damage: Windows XP, by default,
> > provides unrestricted, "administrator" access to a
> > computer. This sounds like a good thing but is not,
> > because any program, worms and viruses included, also
> > has unrestricted access.
> >
> > Yet administrator mode is the only realistic choice: XP
> > Home's "limited account," the only other option, doesn't
> > even let you adjust a PC's clock.
> >
> > Mac OS X and Linux get this right: Users get broad
> > rights, but critical system tasks require entering a
> > password. If, for instance, a virus wants to install a
> > "backdoor" for further intrusions, you'll have to
> > authorize it. This fail-safe isn't immune to user
> > gullibility and still allows the total loss or theft of
> > your data, but it beats Windows' anything-goes approach.
> >
> > Because Microsoft blew off security concerns for so
> > long, millions of PCs remain unpatched, ready for the
> > next Windows-transmitted disease. Microsoft needs to do
> > more than order up another round of "Protect Your PC"
> > ads.
> >
> > Here's a modest proposal: Microsoft should use some of
> > its $49 billion hoard to mail an update CD to anybody
> > who wants one. At $3 a pop (a liberal estimate), it
> > could ship a disc to every human being on Earth -- and
> > still have $30 billion in the bank.
> >
> > Living with technology, or trying to? E-mail Rob
> > Pegoraro at [log in to unmask]
> >
> > __________________________________________________________________
> > McAfee VirusScan Online from the Netscape Network.
> > Comprehensive protection for your entire computer. Get your free
trial today!
> >
http://channels.netscape.com/ns/computing/mcafee/index.jsp?promo=393397
> >
> > Get AOL Instant Messenger 5.1 free of charge.  Download Now!
> > http://aim.aol.com/aimnew/Aim/register.adp?promo=380455
> >
> > portside (the left side in nautical parlance) is a
> > news, discussion and debate service of the Committees
> > of Correspondence for Democracy and Socialism. It
> > aims to provide varied material of interest to people
> > on the left.
> >
> > Post            : mail to [log in to unmask]
> > Subscribe       : mail to [log in to unmask]
> > Unsubscribe     : mail to [log in to unmask]
> > Faq             : http://www.portside.org
> > List owner      : [log in to unmask]
> > Web address     : <http://www.yahoogroups.com/group/portside>
> > Digest mode     : visit Web site
> >
> > Your use of Yahoo! Groups is subject to
http://docs.yahoo.com/info/terms/
> >
> > VICUG-L is the Visually Impaired Computer User Group List.
> > To join or leave the list, send a message to
> > [log in to unmask]  In the body of the message, simply
type
> > "subscribe vicug-l" or "unsubscribe vicug-l" without the quotations.
> >  VICUG-L is archived on the World Wide Web at
> > http://maelstrom.stjohns.edu/archives/vicug-l.html
>
>
> VICUG-L is the Visually Impaired Computer User Group List.
> To join or leave the list, send a message to
> [log in to unmask]  In the body of the message, simply
type
> "subscribe vicug-l" or "unsubscribe vicug-l" without the quotations.
>  VICUG-L is archived on the World Wide Web at
> http://maelstrom.stjohns.edu/archives/vicug-l.html
>


VICUG-L is the Visually Impaired Computer User Group List.
To join or leave the list, send a message to
[log in to unmask]  In the body of the message, simply type
"subscribe vicug-l" or "unsubscribe vicug-l" without the quotations.
 VICUG-L is archived on the World Wide Web at
http://maelstrom.stjohns.edu/archives/vicug-l.html


VICUG-L is the Visually Impaired Computer User Group List.
To join or leave the list, send a message to
[log in to unmask]  In the body of the message, simply type
"subscribe vicug-l" or "unsubscribe vicug-l" without the quotations.
 VICUG-L is archived on the World Wide Web at
http://maelstrom.stjohns.edu/archives/vicug-l.html
ATOM RSS1 RSS2
LISTSERV.ICORS.ORG