Windows 8 – Social Engineering, Remote Shells and the Weakest Security Link

reblogged from http://cyberarms.wordpress.com/2012/12/04/windows-8-social-engineering-remote-shells-and-the-weakest-security-link/

 

Windows 8 security features have been vastly improved over Windows 7 and XP. And it will stop many attacks that still work in the older versions of Windows. But with all of it’s advances the main security weakest link still remains – the user.

I have installed and supported Microsoft products from MS Dos 2.2 to the current systems. But I do confess, as with Windows ME and Vista, I am no fan of Windows 8. But I must admit, it is more secure than Windows 7. But, like it’s predecessors, it has one fatal flaw.

It let’s users run programs.

Granted it does it’s best to warn them that the “uber cool” program that they MUST have probably isn’t safe. Even stopping them when they had it sent to them via e-mail and they tried to run it.

As we see here:

This ends the malicious social engineering e-mail attack attempt. Some user’s would accept defeat at this point, and hit the big “OK” button, which returns the user to the safety of the desktop. So, foiled again in their attempt to ruin your day, they leave their desktop and go to find a printer that they can jam.

But this just won’t do for the determined user. You know, the one who’s sole purpose in life is to circumvent every security feature that you try to protect them with.  So, of course, they hit the small “more info” link on the security message above. And Windows 8 gives them one more chance to stop the attack:

And, as you know, most users will promptly see the error of their ways, and select “Don’t Run”.

Okay, who am I kidding?

Of course they are going to hit “Run Anyway”.......