I’ve not updated properly for a while, but this kicked me into action.
It references a post by Asa Dotzler with the exciting title “microsoft security manager calls users stupid.”
A couple of months ago, Mike Danseglio, the Program Manager for the Security Solutions group at Microsoft blamed users for the Windows security nightmare, saying “there really is no patch for human stupidity.”
Nice one, Mike.
Actually, Mike, there really is no patch for that kind of blame shifting. We make software and it’s our job to make it work. Designing and building software is an extremely complex process but it is not magic and it is not only possible to make it safe, it’s a requirement.
Of course, if we actually bother to read the original quote…
Danseglio said the success of social engineering attacks is a sign that the weakest link in malware defense is “human stupidity.”
“Social engineering is a very, very effective technique. We have statistics that show significant infection rates for the social engineering malware. Phishing is a major problem because there really is no patch for human stupidity,” he said.
So what our Microsoft security expert is actually saying is that whatever software you build to protect users, they’ll still be vulnerable to attacks which tempt them into doing something silly. One of the best examples of this was the “I love you” bug of a few years ago, which tempted thousands of single office workers into downloading a dangerous attachment. Why did they download the attachment? Because they thought it was a love letter.
And when our Microsoft security expert points out that users need to be smarter in order not to be infected, he gets laughed at by Mr. Firefox. Not argued with, not listened to, but instead his comments are taken out of context in order to make him look stupid.
The Mozilla corporation will never have my support while it continues to act like a 14 year old teenager browsing the internet from his mother’s basement. Get some bloody professionalism.