Phishing Tales


Recommended Posts

I found this piece of news, it part 1 anyway but it might be helpful to spark a discussion

http://searchopensource.techtarget.com/ori...1157378,00.html

In your book, you write that Microsoft has taken the stance that stopping phishing is the user's, not the browser's, responsibility, and that user education is the answer. What do you make of this stance?

James: I don't agree with it, because there are many responsibilities. The computer user is just that, the user. They are not experts. They know how to use their computers in the way that Windows or Macs train them to use it.

I'm not against education, but that's one step in a very large process. You don't go to battle with just one weapon. There is vendor responsibility; misplaced trust breaks all the education in the world.

I'm not trying to bash Microsoft with that statement. Microsoft believes it has a solution. VeriSign [inc.]; believes it has a solution. The crypto groups at CAcert believe toolbars are the answers, and companies that sell virtual keyboards believe they have the answer.

The truth is education, toolbars and consumer contact doesn't work. The people that will be getting victimized are the ones that you never reached, and the fight to educate against phishing is a losing battle. Phishers move faster. By the time we tell them what it is, they've owned us.

I do agree with James, it just that the Company who create OS want the user to take the responsiblity about phishing. but the problem is, Is their OS is up to it? no they not, they just leave it in the open cause that problem and affect the consumer to take care of the problem. the maker of OS is partly to blame also, If they have a knowlegde about phishing then they should put that knowledge to use. redesign something that will be against Phishing.

Take Linux for example, each string of code in Linux is different, i mean in OS. they not all the same, Slackware, SuSe, Gentoo, and other not the same. They were configered different way. And a virus work on one kind of OS. When the virus "infected" Linux, it take some time to find a solution how to get to take control on root, by that time, anyone who have Linux can remove the virus before the virus took root. With MS and Mac, you are so SOL. im not here to bashing the os maker but they should know that phishing is very common and they just want the user to take care of the solution. For anyone who use non-Linux os tend to be not knowledgeable about phishing, they just know little. Anyone who is tech savvy, then yes, they know all about phishing and take any step to stop them. We need to educate people how to take care of phishing and OS maker need to stop being a lazy @$$ and just work on something that will help stop phishling.

Edited by DarkestDream
Link to post
Share on other sites

I disagree. Phishing is a "con" used by "grifters" to obtain money, information, or services. All of that envolves the user. There will always be gullible people out there not paying attention to what is being asked for or thinking it's the "pot o gold" at the end of the rainbow.

How many folks here get the infamous "update your ebay account, or it will be cancelled" phishing mail? Or the one from Pay-Pal? Now WE all know better than to give out our passwords and ID's don't we? So education will help, but like all other problems, there's pleanty of "suckers" out there that are uninformed. And don't pay enough attention to become informed.

Link to post
Share on other sites

I believe the user should be educated. A decent anti virus program can identify phishing emails but one still needs to be alert. Additional toolbars are a bane to society. People need to get their act together and stop thinking that the promised land lies in the click of a link.

Link to post
Share on other sites

As it pertains to 'phishing' in particular, no way it's the OS author's responsibility, nor should it be. Anything done to protect a widely distributed OS will be obsolete by the time you install it.

Scammers will always target the largest audience to get more 'bang for their buck.' That's Windows right now and for the foreseeable future. Comparing an OS that has a smaller installed base, fractured development and dozens of variations to one, large, monolithic, standardized OS is irrelevant. They may perform similar functions but they are entirely different products targeted to mostly different audiences.

That's not to say OS authors can ignore security, but no matter what they do they cannot protect users from themselves or from determined, malicious miscreants. That's impossible! Compare OS security to automobile security for example. Thieves target the most popular cars because that's where they'll get the highest returns on their efforts. No matter what GM, Ford, Honda, Toyota et al do, no matter how many locks, alarms, electronic doo-dads they install at the factory, thieves will find a way to steal them. And if you leave your car unlocked, it may be stolen, and the more popular your model the more likely it is to be stolen. It's not the manufacturer's fault that their product is so popular it attracts more thieves (though, like software, if there's a 'defect' in the security they can, should and do fix it).

Owners of Hyundais and Saturns can proudly claim their cars are rarely stolen, but that's irrelevant. It's not because they are inherantly more secure (though they have built-in security just like any other car), it's because fewer thieves target them.

Link to post
Share on other sites

This is definately not something for the OS maker to take care of, thats like saying it's Microsoft's fault that you get spam email in Outlook. You can get spam when using any email client, so why would it be MS's fault just because their's is the most commonly used?

Same with Phishing scams, it's not the fault of the OS you use thats to blame for this, it's the greed of others and the gullability of users that's the culprit here. The security of the OS has nothing to do with things if the user decides to type their passwords into some email request, thats just plain up to the user to know better.

How in the world could MS protect people from their own stupidity or gullability by changing their OS? It's an impossible quest to try doing that and a total waste of their resources. It's more realistic for them to develop an educational CD thats shipped with every OS copy, to try and educate the new users to the many scams they're going to be exposed to. Even that would only reach the select few that actually READ the instructions before diving in head first.

Link to post
Share on other sites

claphands.gif:thumbsup:claphands.gif

That's what I was trying to say, Chappy. It's not the OS, the Browser or the IP....... Bottom end is the user. And some can't/never educate themselves. Many just don't care, many can't get a grip. Like old folks that just surf a bit and e-mail family. Unless their family is savy, we all know that's trouble. Many don't care because they just "reformat" for problems and hopefully saved their stuff. Then there is "youngin's" that get access to a 'puter when mom and pop aren't looking.... *Kinda like getting into the booze during a sleepover.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...