> Shouldn't the campaign involve avoid insecure files in insecure format from unknown or unverified sources?
That's an interesting question. I think answering in the affirmative is infeasible.
Slightly smarter user behavior is part of the solution, sure, but users should not bear much if any of the burden of determining whether a file is secure (in this case, by remembering what file formats can include an OLE object and whether those are secure to open yet) and whether the many links of authentication all hold.
Oh, I got this message via <channel> from <person>, how do I know <person> actually sent it, or not? Well, <several entities> were involved in <system that delivered it>, do I trust all of them? Oh, I don't need to, because <other systems> authenticated the message. But what's the probability that <person> is either trying to infect me, or has an infected machine that's infecting any <format> files they send me? What other attack vectors are there? The rabbit hole runs deep.
Computers should just work. When a user thinks he got a message from <person> but it's not actually from <person>, that's not the user's fault, but the system's. When a message that the user expects to show him a bunch of pictures (slides from a presentation) actually contains executable code that takes control of his machine, that's not the user's fault for not knowing the latest CVEs are.
Yes, certainly, computers should be safe. But they aren't. So another less idealistic defense is to teach fear to users. Just as I have to induce fear of cars to my kids (annoyingly necessary), I will tell them to not trust anything coming from computers.
I'm old now and I'm in computers since I was maybe 14, and, believe me or not, I've never told my name to my computer.
That's an interesting question. I think answering in the affirmative is infeasible.
Slightly smarter user behavior is part of the solution, sure, but users should not bear much if any of the burden of determining whether a file is secure (in this case, by remembering what file formats can include an OLE object and whether those are secure to open yet) and whether the many links of authentication all hold.
Oh, I got this message via <channel> from <person>, how do I know <person> actually sent it, or not? Well, <several entities> were involved in <system that delivered it>, do I trust all of them? Oh, I don't need to, because <other systems> authenticated the message. But what's the probability that <person> is either trying to infect me, or has an infected machine that's infecting any <format> files they send me? What other attack vectors are there? The rabbit hole runs deep.
Computers should just work. When a user thinks he got a message from <person> but it's not actually from <person>, that's not the user's fault, but the system's. When a message that the user expects to show him a bunch of pictures (slides from a presentation) actually contains executable code that takes control of his machine, that's not the user's fault for not knowing the latest CVEs are.