Windows 8 – Social Engineering, Remote Shells and the Weakest Security Link

Posted: 24/12/2012 in Uncategorized

reblogged from http://cyberarms.wordpress.com/2012/12/04/windows-8-social-engineering-remote-shells-and-the-weakest-security-link/

 

Windows 8 Screenshot in Backtrack 5

Windows 8 security features have been vastly improved over Windows 7 and XP. And it will stop many attacks that still work in the older versions of Windows. But with all of it’s advances the main security weakest link still remains – the user.

I have installed and supported Microsoft products from MS Dos 2.2 to the current systems. But I do confess, as with Windows ME and Vista, I am no fan of Windows 8. But I must admit, it is more secure than Windows 7. But, like it’s predecessors, it has one fatal flaw.

It let’s users run programs.

Granted it does it’s best to warn them that the “uber cool” program that they MUST have probably isn’t safe. Even stopping them when they had it sent to them via e-mail and they tried to run it.

As we see here:

Windows Protected your PC

This ends the malicious social engineering e-mail attack attempt. Some user’s would accept defeat at this point, and hit the big “OK” button, which returns the user to the safety of the desktop. So, foiled again in their attempt to ruin your day, they leave their desktop and go to find a printer that they can jam.

But this just won’t do for the determined user. You know, the one who’s sole purpose in life is to circumvent every security feature that you try to protect them with.  So, of course, they hit the small “more info” link on the security message above. And Windows 8 gives them one more chance to stop the attack:

Unknown Publisher

And, as you know, most users will promptly see the error of their ways, and select “Don’t Run”.

Okay, who am I kidding?

Of course they are going to hit “Run Anyway”…….

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s