As an IT admin you're all too familiar with the type of user who gets a warning that they're visiting a malicious site, about to open a malicious executable, or read spam email, but they do it anyway, overriding the security of their system. Some of them even have to enter a password to override their security settings, and yet they do it anyway, and sure enough they infect themselves with a virus or malware.
The folks over at Blue Coat wrote a recent article on their Security blog talking about an new phishing attack, that basically had no information at all in the attack with the exception of a single link (the email basically had no subject, from, or text other than the link), and sure enough some users of their home security product, K9 went ahead and overrode the settings to visit the link and were infected.
Examples like these are good reminders why we don't depend on our end-users to maintain their own security, or make sure their security is up to date. It's why a secure web gateway or web proxy maintained by an IT department is so important, and also why you don't give your users the admin password.
Thursday, June 9, 2011
Subscribe to:
Post Comments (Atom)
Posts
2 comments:
I blame the application for having too many false warnings.
It's actually the fact that spam detection had too many false positives, making users think web detection will as well. When actually the truth is most web detection probably doesn't have as much false positives (and has a much higher risk if you're wrong about it being a false positive - with email you can actually look at the text before clicking an attachment, with web you get drive-by downloads).
Post a Comment