- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Just wrong.
Admin
Charles Robinson nerd fail. Redshirt death was predominantly an original Star Trek trope, where they used the term "landing party", not "away team".
Even more sad though is that he felt he actually had to explain the redshirt reference to a forum full of nerds.
Admin
That's because malware authors use the same trick and have trained the users quite well.
Admin
Admin
My interpretation, especially since the original was a nonpropagating worm, is that this was a new, different email.
Admin
Well, yes. Open browser = click on the browser icon. Open email = click on the email icon. As long as they don't touch anything else, they're fine.
Admin
Can't Windows restrict running executables? Why the hell do they have admin access to their computer anyway?
If there's an IT department, nontechnical users SHOULD NOT have ANY kind of access to the workings of the computer. The computer is just there to run whichever productivity software they have to run.
Admin
BOOP
Admin
Admin
Two WTFs here:
I'm a pretty smart kinda person. At home I wouldn't dream of running some random shit that just arrived in my email. And if it appeared to come from someone I knew, I would at least verify with them first, and still would probably run it in a VM. But at work? Fuck, what do I care if the machines get fucked up. It's not my computer. It's also not my job to make sure the computers work fine.
So, you can complain about users all you want. But if you don't want them to do something, implement a technical solution so that it is impossible for them to do it (see point 1 above). A post-event "solution" (like firing them) wont work either.
Captcha: luctus. Joe luctus when he got a fancy new chair.
Admin
They already don't know how to use Windows for their day-to-day business needs. They just memorize a process: "Click this button, then type my password in this doohickey, press return, look at the list of items, click any six of them, check the box, click Submit, and I get paid!" What's going to be the difference between idiots blindly following a script on Windows and the same idiots blindly following a script on Linux? Nothing! Except that it's going to be a lot harder for them to break the Linux box.
(Captcha: "bene" -- if the bene-fits, wear it.)
Admin
Admin
Soo...the problem with Windows 8 is the exact same problem you'd face with Linux?
Admin
Or I just zip it.
I have to send iterations of software to head office where it is used. I do send the source, but I also send an executable. Why should my boss have to hassle with creating an executable?
Sincerely,
Gene Wirchenko
Admin
Look, email should be PLAIN TEXT only. If you want more than that, use a file sharing service and put the link as plain text in the message.
It would be even better if prominent companies (banks, etc.) would do this as well, and state it as being more secure!
Attachments in email are a total waste!
Admin
someone at my company clicked on it, because they were so charmed that some random Internet stranger loved them.
woops!
Admin
Admin
Admin
They didn't have to run anything. I'm not going to bother to look it up, but there was a time when MS-Outlook was so stupid that it would run an executable without the user having to click on it.
I think that included screen saver installs and stupid stuff like that. The popular anti-virus method was to disable the preview pane.
Stupid Outlook.
Admin
That's what I figured, too.
Admin
Okay, two things about the actual featured anecdote:
Once upon a time, I found myself in the unenviable position of having to send packages of related files (source, tables, documents and whatnot) over Lotus Notes. Don't attach the files separately, because sure as shootin' half the people receiving them are going to miss at least one, and then what they pick up won't work.
Obvious solution: put 'em all in a .zip archive. Problem with obvious solution: this was only of use for recipients who had spent some time screaming and hollering at the Preventer of Information Services to get WinZip or anything else capable of extracting the files installed on their workstations.
Refined solution: use WinZip to create a self-extracting® archive and mail that to the target audience. Problem with refined solution: a self-extracting® archive is an executable, with extension .exe. None of the people who had been forced to sit through the data-security presentations would dare touch them.
Second observation about the featured WTF: You don't suppose, do you, that the vast majority of malware found in the wild is actually created by IT security people as a trap for employees who won't follow prescribed safe-handling instructions, and most of it has simply escaped the reservation because of the sheer number of such employees?
Admin
You've got that backwards. Blocking email attachments from running is putting a band-aid on the symptoms. Firing the people dumb enough to click on attachments, especially when they're told not to, is fixing the problem
Admin
[quote user="da Doctah"][quote user="cellocgw"] Once upon a time, I found myself in the unenviable position of having to send packages of related files (source, tables, documents and whatnot) over Lotus Notes. Don't attach the files separately, because sure as shootin' half the people receiving them are going to miss at least one, and then what they pick up won't work.
Obvious solution: put 'em all in a .zip archive. Problem with obvious solution: this was only of use for recipients who had spent some time screaming and hollering at the Preventer of Information Services to get WinZip or anything else capable of extracting the files installed on their workstations.
Refined solution: use WinZip to create a self-extracting® archive and mail that to the target audience. Problem with refined solution: a self-extracting® archive is an executable, with extension .exe. None of the people who had been forced to sit through the data-security presentations would dare touch them. [/quote]
You mean that actual users in the real world sometimes do things for reasons? Get out...
The trouble I'm seeing with the "just block everything" responses is that when you set up security as a war between the users and IT, the users will win: they've got IT outnumbered, and a screwup that they make in seconds can take hours to unravel.
Admin
I'm surprised I had to scroll so far to see this comment.
Admin
Er..this was the comment I was referring to.
Admin
Admin
heh
Admin
The first day I'm working on a new machine, I turn off hiding of file extensions. Because of the quantum entanglement nature of the Windows code base, this also changes when you save a file in notepad as "hosts." to save it without any extension "hosts", vs. saving it as "hosts..txt"
Admin
I'm a fan of 'brain-engagement' warning messages.
"Opening a Executable from the Internet is a dangerous operation, to continue enter the result of 15 minus 3:"
I'd like to see a study of that helps activate the critical thinking parts of the brain or not.
Admin
It's got nothing to do with that, actually.
Microsoft saw the "Apple App Store"/"Google Play Android Market Whatever It's Called Now" model where the OS vendor got a nice fat 30% slice off of all application sales. Everyone in Redmond simultaneously facepalmed -- they've had their OS in the dominant position on the desktop market for decades now and they're not skimming anything off the top. How do they get in on this?
Well, they can't just start saying that every application on Windows must go through their Windows App Play Market Store or whatever; that would kill the golden goose. Nobody will buy Windows if it doesn't run the collection of software that they've been building up since 1995. So they allow such "legacy" software to run in "legacy desktop mode" and bundle their Windows Store for the new "Don't Call It Metro" interface. Design the OS to kick the user into Metro until they're sufficiently trained (seriously, even the bundled PDF reader does it, ffs!), require all Metro apps to be distributed through the "Windows Store", and there you go!
Developers would surely love the ease of releasing apps through this method, users will get used to using Metro and want to purchase applications that work with it (or at least use the Windows Store to buy applications), and Microsoft will skim 30% of the purchase price off of every copy of Photoshop or Calladuty or whatever.
Only it looks like the users aren't going along with the plan. Too bad, I guess.
Admin
(CAPTCHA: caecus - Just in caecus you're wondering...)
I sit near sales now...and the VP loves to lecture. Favorite topic: "Our Brains are lazy!"
Think of all the short-cuts we use to get jobs done - the Critical Brain mass requires calories and wants to chill out most of the time.
Maybe that's why a red-shirt always signed up for an "landing-party" assignment. He didn't think about it...
...I'm tired...
Admin
The real WTF is using Notepad. Sorry but I've just laughed so hard I pissed in your pants.
Admin
One day at work (McDonald's), the satellite internet connection we were using went down. We couldn't process any credit cards for the rest of the day because nobody knew how to activate the backup dialup system.
Admin
Let's see:
He runs a network with no default network, and a web proxy with draconian filters, he scans every single inbound email with an antivirus, and filters spam ... but he doesn't block executable attachments? That's TRWTF.
When you have a network full of idiots, all file transfers (email, web, whatever other protocol he allows) should be filtered on a white-list basis. You can get doc, xls, ods, pdf, jpg, png, etc. Anything not on the list, gets quarantined. You still get the email with an attached notice saying an attachment was removed. The users can request it if required, and you can manually check the damn file.
There, problem solved.
Admin
The real WTF is after all these years of having these problems with viruses is no one thought to use a system to sandbox programs. You could intercept disk read and write function calls from a program and only allow it to use designated folders that it has 'permission' to use. You could even include such a feature in the OS itself for convenience. Much simpler than maintaining virus signature databases and doing virus scans. A popup message cold say:
dancingBunnies.exe has requested to delete C:* Abort this operation? YES NO
To quote Theodoric of York "Naaaa".
Admin
Should I use Wordpad instead? or just "COPY CON: FILENAME" from a command prompt?
Admin
I'm late to the party... In Sydney, Australia there is a small nuclear reactor used primarily for research. It is a popular destination for physics class excursions.
During a visit to the site one of the scientists told me they had a Big Red Button they would wire up in an accessible location whenever a school excursion came through.
The button was connected to a counter. It's purpose was to count how many kids were ...brave... enough to press a Big Red Button in a nuclear reactor. Apparently there were always a few.
Admin
Windows extension hiding has been in place long enough now that most users simply don't know that extensions are a thing.
This is probably as it always should have been. Name and format should always have been separate pieces of file metadata. Mashing them together is lazy design, akin to putting comma separated values in a database text column.
Admin
it's a old dos 8.3 thing.
Admin
The only HTML needed in emails is indenting with blockquote. Even then, we could just use > and have the email client add blockquotes for you.
CAPTCHA: minim - Plain text is the bare minim. Just what we need to help with idiots that open suspicious emails.
Admin
What's wrong with Notepad++, to take the most obvious example?
If you need to know how to edit your hosts file but still haven't learned how (or haven't got the commercial authos) to install what are basically now near as dammit industry-standard free s/w then that is TRWTF.
Admin
DOS would save a file with the name "NoVirus.exe" as "NOVIRUS .EXE" with a space.
Admin
You mean, you PAID MONEY for a Start menu replacement?
...Good gosh, I'm beyond words. The first two Google results for "windows 8 start menu replacement" show many free applications for this. I personally recommend Classic Shell.
Admin
Admin
Surely Mainteneance will configure my desktop and IT will configure my computer?
Admin
I'd love to know what a "Machiavellian filter" is.
Admin
He didn't steal anything. The chair is still on company premises.
Admin
So get rid of Unity and use something that's not crap. Solved. No harder than the "fix" for TIFKAM in Win8.
Also, I find it ironic how many people are suggesting users should just learn TIFKAM, when for years, "learning Linux" was the prime reason people had for not using it...
Admin
Belgian Email Virus:
Hi, This is a virus. Format your hard drive and then email me to all your friends.
Admin
Stardock Start8 works better than Classic Shell and costs less than a sandwich.
"software that costs money working better than Holy Free Libre Gratis Open Source Software? That's unpossible!"
No, it's true, give it a go; the first thirty days are free.