14 DAY TRIAL // A fundamental flaw in the Windows Vista base code is also shared by Windows XP, all Linux distributions and even the apex of platform security Mac OS X, claims security developer Sophos. All operating systems, coming either from Apple, Microsoft or Ubuntu, Red Hat etc. share a common weak link in the security chain. Sophos' perspective on the matter is that the issues cannot be resolved.
Mark Harris, Director of SophosLabs has pointed to the end user as a common flaw in the vast majority of exploits. "Malware authors, spammers, phishers and hackers are always targeting the user in one way or another. Either with the lure of cheap medicines, pornography or making money through the stock market. If users didn't purchase items advertised in spam, economics would solve the spam problem. If users didn't click on links or even open emails from people they don't know, ensured they kept systems up to date and paid attention to warning messages, malware would be less effective," Harris commented.
Even Microsoft's Windows Vista, touted by the company as the most secure Windows operating system cannot solve the problem of social engineering. And in this context, the perception that the user is the weakest link in the security process is becoming axiomatic. Vista delivers the User Account Control just as a layer of extra protection. But there is a difference between protection and security. UAC will not offer any security besides an extra warning to users that the task, process or application requesting elevation of privileges to access key area of the operating system, could be of a malicious nature. But again, with all the technology in Windows Vista, if the user clicks "yes"...
"Of course this is simply not going to happen. Human nature is curious and the internet is simply feeding that thirst for knowledge, so we will continue to see spam, malware and web threats for a long time. Best practices and education can help, and shouldn't be abandoned, but whilst there is a user involved, the vulnerability will still be there to be exploited," Harris added.
According to the 2006 State of the Net study published by Consumer Reports, spyware infections produced an economic damage of $2.6 billion. A large part of it was caused by phishing scams and social engineering, over $630 million.