mark [at] edgewire wrote:
The end problem is still users and really, these users will click on anything that has a bright and shiny button which says, Ok. Really, does setting up a portal help? Perhaps a "sandboxed" area which has some information on securing their machine and keeping it clean may be the way to go but how much more of a resource will it chew up?
And then the nice phisher people come in and they replicate the quarantine website of various providers (just check IP address, you know the ISP and present the appropriate page) after having lured them to some site they control. Then they simply have a nice big "Install this cool tool to update your computer" link et voila. The problem with all of that boils down to what people have to believe... and how to properly inform them of that... Yes, I think the sandbox/quarantine style things is the way to go for the time being, but there are other more important things that need fixing. (afaik) Most people will get infected by clicking on something at one point in time on some weird website, even after having googled it etc. The problem is that it is really hard to show to the user that a site is 'trustworty' or not, especially as everyone can just get an SSL certificate for faceb0ok.com and m1crosoft.com and soon also for all the nice variants in the IDN space, thus SSL doesn't state anything, it just makes the connection secure (aka unsniffable unless there is a 3 letter acronym doing so, or they have access to either end). And that would not help much either as even Facebook and other such sites have been used to distribute worms, thus it becomes really hard to do it on a domain basis, as what is on a domain at point X in time, will be different at point Y, thus distributing lists becomes problematic too. The company that can come up with a proper universal solution to that problem (and patent it so they can actually get the moneyz) will probly end up doing quite well. Most likely though it means restricting user freedom, which is the counter problem as that is something one doesn't want, and when there is an option to disable it, then people will just disable it. Greets, Jeroen