Microsoft and MyDoom.B

february 4, 2004

So, it looks like Microsoft has temporarily escaped the wrath of MyDoom.B. What's more interesting is reading what security people think about worms and viruses on Windows boxes: "I've lost my faith in education. It never helps, people will never learn.... They will click on everything," says Mikko Hypponen, F-Secure's antivirus research director. Interesting, since we all know that the computer using public will click just about anything, then why doesn't Microsoft sure up their OS and the related programs so that people can't just click anything? Maybe instead of blaming the users for being ignorant (which they are), why not put some of the blame on Microsoft for making their applications and OS so vulnerable to worms in the first place? Why is it that on an OS like Windows XP that the default user is an administrator user? Out of the box that makes the OS the most insecure in the world. [url=http://www.apple.com]Apple[/url] at least thought it out when they put together MacOS X. Out of the box, the root account is disabled. The default user has not rights to do dangerous system stuff. In order to do something dangerous a password is needed. And power-users (the non-ignorant computer users) can enable root access by default if they want, but really, why? Microsoft needs to learn that no matter how hard they try to make their OS secure that because of the size of the code that makes up for the OS, it will always be insecure. So therefore, they should go the extra step and turn off idiotic things like having administrator rights for the default user on their Windows OSs. They are learning to turn off the scripting in their various versions of Outlook, but is it helping? Not really because any worm still has full access to the system if a user has administrator rights. Try harder Microsoft, you can't keep blaming the users for this.