Slashdot Mirror


User: 99BottlesOfBeerInMyF

99BottlesOfBeerInMyF's activity in the archive.

Stories
0
Comments
10,115
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 10,115

  1. Re:stupid on Microsoft Confirms Excel Zero-Day Attack · · Score: 1

    A colleague that I am in regular e-mail exchange. The fact that the e-mail is not from him is easily detectable by style.

    Does everyone in your company only exchange e-mail with others while encrypted? If not, someone else can grab the packets from the network and reassemble the mail. You know anyone in between can read your e-mail right? Assuming they just look for e-mails with excel attachments, they can change a few words and send a second e-mail very similar to the first, even referencing the first. Think, "Here is an excel file for the Herman account, can you get back to me with your revised assessment?" becoming "I made a few changes to this excel file I sent last week for the Herman account, can you get back to me with your assessment?" Heck, they can even make it look like they're replying to your response to the original mail. 90% of people are not going to notice this until it is too late, and even then many won't

  2. Re:This is ridiculous on EU Officials Cautious on AntiTrust Issues · · Score: 1

    You had me up to here. They are doing no such thing: they're not saying you have to use music from their store, in fact you can load music onto that iPod from anyplace you want (including pirated stuff).

    I don't think you understand antitrust law. Whether or not you can load data from elsewhere is irrelevant. If Apple has a digital music player monopoly then it illegal for them to gain any advantage from that monopoly to gain market share in another market (DRM formats, jukebox software, OS's, or peppermint stick sales).

    Suppose Apple has a monopoly with the iPod. They also are in the digital music downloads market. It is illegal for them to do anything with the iPod to gain an advantage over Napster or Sony in the digital music downloads market. Can Napster bundle their software with every iPod sold? If not, neither can Apple. Can Napster restrict their music with DRM on the iPod? If not it is illegal for Apple to do. Basically, the iPod division at Apple has to treat products in markets other than the monopoly just as they would products from another company. When the ITMS calls them and says, "hey we want to integrate seamlessly with your player and we wrote some protocols" Apple is legally obligated to treat them the same as if Sony called with the same request. That means no secret protocols, no bundling, and no favoritism. Either everyone gets to ship their music player on CD with iPods, or no one does. It's the law.

    Basically people are taking the iPod's possible monopoly over portable music players, and use that to justify cracking open Apple's music distribution outfit. This doesn't make any sense: Apple doesn't have a monopoly over music distribution; in reality the iTMS doesn't have more than a few percent of the worldwide music-sales market...

    That is the whole point. It is not illegal for them to have a monopoly on music players. It is illegal for them to use the monopoly on music players to unfairly gain market share in music sales or any other market. All this assumes they have such a monopoly, which has not yet been determined.

    To show a parallel. MS has a monopoly on Windows. That is legal. They bundled Windows Media Player with Windows. That is illegal. They wrote secret, undocumented protocols to let their new server OS better interoperate with Windows desktop (the monopoly) while other OS's could not. That was illegal. The UE convicted MS of both of these abuses, but they did not yet stop either of them. It would be hypocritical of the EU to stop Apple's monopoly abuse when they have allowed MS's in the very same market. Personally, I think the EU should stop both.

  3. Re:news? on Microsoft Confirms Excel Zero-Day Attack · · Score: 1

    So why don't they just implement SPF or DomainKeys internally?

    It takes time and is easily bypassed. The attacker can just find some company or government agency they exchange mail with that does not implement them.

    Isn't this exactly the kind of filtering that antivirus software claims it can do?

    No. They look for particular, automated malware. This is a directed attack that can be customized for the individual target and padded with as much data as needed to conceal it.

    Or they could just set their mail handling software to strip attachments from senders that don't have SPF or DomainKeys.

    What about customers with whom they do business, but who do not sign their mail? It is disruptive to stop all incoming attachments from those partners in many businesses.

    It's the same old threat, caused by the same old problems:

    To some degree, but it is different in that it is being used as an easy directed attack rather than an automated worm.

    lack of support among vendors of Windows apps for running their apps as a non-administrator, which makes users run as admin all the time

    This would not actually make much difference. They can still acquire the files on the machine, even without admin.

    uneducated or careless users

    A user should not have to be afraid to open data from what appears to be someone they know. The application should not be able to run executables. Excel should be sandboxed and should not be able to touch other files or the system. Default mail clients should implement interoperable signing and encryption to confirm identity and maintain the privacy of the data.

  4. Re:Should be self-evident on Arctic Sea Level Falling? · · Score: 1

    Are you claiming that a given mass of H2O has the same volume at solid and liquid temperatures?

    No. I'm claiming that a given mass of H20, in a body of water displaces the same volume of that water at both solid and liquid temperatures. This is because the solid form, while having a greater volume, is less dense and thus some of it protrudes above the surface of the water and does not displace water (and thus raise the water level). Coincidentally, these two factors cancel out. Go ahead and put some ice, floating in water (not piled on the bottom, floating freely). Measure the water level. Now wait for it to melt and measure again. You'll get the same measurement.

    This is a pretty well known phenomenon and the reason the arctic levels not rising is surprising is because so much of the ice is not floating freely, but is suspended on land masses. Since that is so, we'd expect that ice (which has not been displacing any water) to raise the level, not lower it. The relative volume of the different phases does figure into the equation, but is cancelled out by the buoyancy.

  5. Re:Ignorant Government Idiots on EU Officials Cautious on AntiTrust Issues · · Score: 1

    If you don't publish your source, you don't get copyright.

    I have previously advocated going even further. For those companies that do publish a work, they use copyright to make a profit. They stop making a profit when they stop selling that work. I think the day a publisher stops selling a work at a reasonable market price is the day that work should enter the public domain and stay there. That will ensure all works, even ones the publisher does not find profitable, do not "vanish" as so many have in the last several decades. I also still think we need a reasonable and shorter maximum copyright duration as well and protections for creators versus distributors. The artist(s) involved in the creation of a work should be guaranteed no less than 50% of the profit from each sale (note profit not cost). Copyright reform is badly needed, but sadly most people just don't care that our musical, artistic, literary, and cinematic heritage is being steadily destroyed.

  6. Re:This is ridiculous on EU Officials Cautious on AntiTrust Issues · · Score: 1

    That's such a load of crap. He may have a point if Apple were the originators of the content itself, but that's not the case.

    I think you're missing several important points. First it does not matter how many companies are intermediaries or what options are available today. Copyright is supposed to be a two-sided deal. If the government provided a monopoly on the publication of something, subject to a whole series of rules and restrictions, why should content producers be able to implement technology that takes those rights away from the purchaser? I mean, if the law already states the proper balance of rights, why should the government grant them a monopoly at all if they are further restricting it?

    As for choice, sure you can buy a CD today, maybe. Many of those CDs now have DRM as well and they may not even be available tomorrow. My opinion is DRM should void the copyright deal. Let them put any technological restrictions they want on it, but the government should not have to uphold their half of the deal then either and if someone cracks it, it is free to distribute. That sounds fair to me.

    The second point you're missing is this is being presented by some parties as an antitrust issue. If Apple has a monopoly on digital music players (which is a big if) then they are illegally tying ITMS and iPods. Now MS is doing the same thing with WMF and Windows, and the EU has done nothing, but two wrongs don't make a right.

    For example, Barnes & Noble might start selling only ebooks in a proprietary .bn format that can only be played on their bnReader device. That won't stop you from swinging by Borders and picking up the good ol' dead-tree version, though.

    Nope. What he's saying is the book publisher might start offering it only in the .epb format, which can only be read on their player and not selling a dead tree version. Then the consumer must choose between not reading a work (or possibly any works) or reading it with fewer rights than the copyright deal signed into law grants them.

    I say it is time to reform copyright, including making DRM illegal. I don't mean just Apple's DRM. I mean all of it.

  7. Re:Confusing the device provider w/content provide on EU Officials Cautious on AntiTrust Issues · · Score: 1

    The only part of the Apple solution that is 'locked' is the iTunes Music Store... That's what capitalism is all about.

    We're talking about anti-trust law here. If Apple is wielding monopoly power in the digital music player space (which has yet to be determined by the courts) then advantaging themselves in any way in the separate music jukebox software space is a violation of the law. It doesn't matter that people can download some music from other places and put it on the iPod. It doesn't matter if they can rip the same music from CDs. It is easier for consumers to buy from ITMS, so Apple gains an advantage. Heck, just distributing iTunes with every iPod is illegal (if they are wielding monopoly power).

    Now, there are several big caveats here. First, Apple has about 70% of the market, last I looked, which makes their being declared a monopoly pretty iffy. Second, the definition of markets is vague. It would be perfectly reasonable for the courts to rule that DRM'd digital music downloads and non-DRM'd digital music downloads are different markets. Third, For DRM formats, Apple is competing against Microsoft's WMF format. Microsoft has already been convicted of abusing their monopoly to promote that format and as such is not really in a position to bring complaints against Apple. Further, they have not stopped leveraging that monopoly and the courts have not acted to stop them. Apple can easily argue that the EU is unfairly discriminating against it if they apply a harsher penalty against them. Does anyone thing Apple offering a special version of the iPod upon request that costs the same, but does not include iTunes will make any difference in the market?

    Basically, Apple is verging on doing something illegal, but MS has clearly already done the same thing and was punished a slap on the wrist. Now I'm all for forcing Apple to open their DRM or for making DRM illegal entirely, but they need to apply the same standard to MS as well.

  8. Re:stupid on Microsoft Confirms Excel Zero-Day Attack · · Score: 1

    The point was I do not believe that spammers can successful spam a single company.

    I think you may be confusing terms. Of course spammers can spam a company, they do it all the time. They can spam them to the point of DDoS. Or do you mean you don't think someone can successfully use this exploit to compromise machines in a given company? If so, you're wrong. They have successfully exploited machines at various companies. They spoof an address from someone at the company and send it to someone else. So no one is opening an e-mail from a stranger. I'd say 90% of companies e-mail excel documents within the company, thus there is nothing strange about it.

  9. Re:Ignorant Government Idiots on EU Officials Cautious on AntiTrust Issues · · Score: 2, Interesting

    You forgot:

    4. Play music on selected phones.

    That said I don't think companies that intentionally restrict consumer rights above and beyond what copyright law does should be given the protections of copyright. It should be an either or proposition. Either copyright your song and consumers are obligated to follow the rules about not copying it, but you cannot impose any additional rules, or don't copyright it and impose your own technological restrictions, but if someone breaks your DRM they can do anything they want with it including republish.

    I think what Apple is doing now is wholly necessary, but only because they are competing against the windows media format which is illegally bundled with a monopoly OS. I'm all for the EU making it illegal to further restrict use of copyrighted media by either format and the return to sane, standard formats that will entail. All I really ask, however, is they apply whatever standard equally to both iTunes and Windows Media.

  10. Re:stupid on Microsoft Confirms Excel Zero-Day Attack · · Score: 1

    I do not believe that e-mail spamming attack against a single company can be that effective.

    For the previous, Word exploit, they were actually spoofing addresses so it appeared to be coming from an employee.

    Very low percentage of e-mail users, especially professionals, actually open the attachments in unsolicited e-mails.

    ...and the fact that most systems are so insecure that users have to avoid viewing data, because it can compromise their machine is just pathetic. Whole generations are trained to work around Window's horrible lack of security. Anyone who claims MS's monopoly hasn't held back progress in the field is a crackhead.

  11. Re:Should be self-evident on Arctic Sea Level Falling? · · Score: 1

    I disagree. They simply pointed out that ice decreases in volume when it melts. The assumptions about the "purity" of the ice and the fact that it's not somehow trapped under the surface (see "kettles", for instance) were your own.

    The original poster wrote, "Frozen water expands, taking up more room. When the ice melts, the volume it takes up reduces, lowering the sea level." I think that strongly implies they were talking about the expansion and contraction of water, not material trapped within the ice. In any case, even if they did not, they are still wrong. The ice does not take up less space, (being water by definition) but materials trapped within it might be more dense.

  12. Re:Another reason to have an open file format on Microsoft Confirms Excel Zero-Day Attack · · Score: 1

    With an open file format such as OpenDocument, it would be much harder to hide malicious code and/or exploits in a document...

    ...and with an open standard you could switch your users to an alternate spreadsheet if the problem persists. his vulnerability is only a major concern because of the monoculture. If 25% of users were suing OpenOffice, 25% were using MS office, 25% were using Corel, and 25% were using something else all to open the same spreadsheet files, this type of vulnerability would cause a lot less concern.

  13. Re:news? on Microsoft Confirms Excel Zero-Day Attack · · Score: 1

    Why is this news? If users are willing to click on an attachment from someone they don't know, then of course they're extremely vulnerable.

    These are carefully crafted messages spoofed to appear to coming from someone within the company. It is someone they know and it is an excel spreadsheet, which is data and should not be able to install any software unless Excel is designed for crap (which it is).

    Of course, the problem is made worse by the fact that MS makes it so difficult not to run with administrator privileges.

    Not very much. Without admin they could still send all the useful files somewhere public for them to copy. They need to implement jails or VMs or zones or something and they need to fix their office suite.

    If this is really targeted at a particular business, then the solution seems pretty simple: that business tells all their employees not to click on attachments from people they don't know, and whips up some software to filter out this stuff before it even gets to their users.

    First, it is from someone they know. Second, how do you filter this? They can just change the name and contents of the excel file. You can filter all excel files, but that does serious damage to the business operations in many cases.

    If they're big enough to be an attractive target for extortion, they're presumably big enough to have an IT staff competent to take care of those simple steps.

    You are misinformed and badly misjudging this threat.

  14. Re:OS-X is a closed OS on Apple Losing Touch With the OS Community? · · Score: 1

    It seems to me that "who could use it as needed" mean that there is at least some free licensing involved...

    You're mistaken. In the early days code was copyrighted, but no one bothered to enforce it and it was often specifically given to the public domain. Licenses were not involved until much later.

    and that what they are claiming has been added on to it is a LACK of copyleft...

    I think you are misjudging the context.

    The second, the only one that actually supports your claim... well, it's not contemporary.

    That is sort of the point. Just go ask any group of old-timers. It's not like I'm just making this stuff up. The problem is you're asking for citations to support what people commonly understood an uncommon term to mean. How often does someone write that down? I found a few references to show others agree, but I'm certainly not spending more than a few minutes on this. If you are really interested, I think if you do some real research you'll find plenty of people who recall.

    The third doesn't support it at all, and it's not clear why you cited it.

    The dates.

    The fourth directly opposes it...

    Again, look at the dates when they stopped calling it Free software and claim to have "invented" open as a term. Now do a google search for earlier instances of the term open source. You'll find a whole lot of them.

    What i meant was you should provide cites of people actually using open source in what you claim is the old meaning - maybe in old articles or on usenet.

    And how are you to know what they meant by the term when they used it? I'm sure somewhere there is an old post that describes the term to a newbie, but I'm certainly not going to waste my time looking for it. If you don't believe me, I'm okay with that. I was just trying to inform.

  15. Re:Facts...facts...who's got the facts? on iPod Faces Patent Probe · · Score: 1

    The patent claims limit the scope to portable media players, which does not necessarily mean laptop computers.

    Right, which means it is not an innovation, but an old way of doing things with "on a portable media player" tacked on the end. It is bogus. The radio is a real, patentable invention. A radio, on an airplane, is not a real patentable invention. It is just an old invention, in a new place. Using a radio receiver attached to a computer and playing it through a computer is not a new invention either.

    Sure, laptop computers play music, but that is not their primary purpose, whereas a portable media player is specifically geared to just that.

    That is your assumption. How do you know people did not have laptops they used just for playing music? For that matter, if I patent a device that slices oranges and apples, can someone else patent a device that does the same thing, the same way, but doesn't work well for oranges? No. That is because patents cover what an invention does and how, not the "intended purpose." An old laptop, playing music via linux and MPlayer does the same think as an ipod does now, in the same way. It can be used for other things, but then ipods can be used for general purpose computer as well.

    The patent mentions specific button configurations and how the user interacts with the menu.

    Most patents cover multiple aspects of a device. The iPod interacts using a wheel (which they patented) and there is plenty of prior art on buttons for those functions on music playing devices.

    If the patented approach had been in common use for years, it is less likely the PO would have issued the patent.

    If you were paying attention it would be obvious the patent office doesn't bother to read most of the patents it rubber stamps. Most of their patents are overturned if someone takes them to court and they sure don't bother searching for prior art. This is a farcical patent and Creative is trying to use it to get money via abusing the legal system. It happens all the time.

  16. Re:What are you talking about? on New Worm Starts Munching MSN Users · · Score: 1

    Interesting point. Is the solution here to lock the association between certain file extensions and the category of software that is permitted to read them?

    I don't think so. For example, you might want to read .jpg files in a number of different programs for different purposes. Rather, I think we simply need to restrict anything that runs as an executable or script very granularly. Something like jails, VMs, or zones. Further, simply keep track of what files a program creates and let it continue to modify them, but require user intervention if it tries to modify something else. Build an application management model that lets each program keep its files (config files not data) in its own space, so they don't have to share. Heck, they can even have copies of libraries they need, included. It's not like it will put a dent in modern disk space.

    But how would you go about building this sort of control into software in general?

    Given MS's glacial development times, I firmly believe they should leverage the in house and acquired VM technology they have.

    Is it possible that the problem with Microsoft security wasn't so much Microsoft, but the inherent compromises brought on by a requirement to fit the model into the x86 instruction architecture?

    That may have set the pattern for many of MS's security woes, but x86 is not a standard and if a chip doesn't run with Windows, it isn't going to win in the market. MS has all the power and money and people they need to fix this. They just don't have the motivation. They can make more money simply by declaring in press conferences that Vista is super secure. It's not like people (in general) can really migrate to other systems.

    I apologize if my answers are less architecture oriented than you'd like. I'm no spring chicken, but the VMS boxes that were still around by the time I was at university, were no longer production machines. I'm not really familiar with it except a few hundred "its like this because VMS did it that way" bits of trivia.

  17. Re:Should be self-evident on Arctic Sea Level Falling? · · Score: 1

    "Heavy" ice, that is ice that is weighted down by rocks and other debris so that it doesn't float

    That's not actually ice though, but a conglomerate of ice and other materials. There is super-dense ice that can sink, but that is an extreme rarity. In addition, there are also plenty of ice conglomerates that contain lighter than water organics and trapped air pockets. In any case, I think it is clear what the poster intended to express and that it was flawed. It is an easy mistake to make.

    I'm not postulating that it's the cause here, but lower sea levels could result from the melting of subsurface, non-buoyant ice.

    Perhaps. I don't really know enough about the subject to present an informed opinion. There certainly are a lot of possible factors.

  18. Re:Sue Creaitive!! on iPod Faces Patent Probe · · Score: 1

    ...what is the relation between product quality and market share?

    Product quality, along with price, demand, and availability are criteria that determine relative market shares in a free market.

    Microsoft has a market dominance over linux(excluding servers)...

    MS has a monopoly, thus the free market is no longer acting.

    VHS eliminated Beta.

    Betamax was more expensive and since it was a limited market (protected by patents) rather than a supply and demand market, VHS won. The price difference overcame the technological advantage.

    What has been shown by these and other examples is that marketing not quality of products lead to market dominance.

    Perceived quality, not actual quality does win, but perceptions usually align with reality rather than perception in the long term. It is not marketing that won either of the above cases.

  19. Re:OS-X is a closed OS on Apple Losing Touch With the OS Community? · · Score: 1

    "Take, for example, "open source." That used to be a simple term for software where the source was visible to the end user, who could use it as needed. Now it implies software licensed with source code provided and no copyleft provisions, at least to some. " [http://www.linuxinsider.com/story/37558.html]

    "Those involved with journalism and open source intelligence used the earliest known practices of open source that focused on accessibility rather than modification of sources." [http://en.wikipedia.org/wiki/Open_source]

    From the OSI pages at opensource.org, "Bruce Perens wrote the first draft of this document as "The Debian Free Software Guidelines" ...in June, 1997. He removed the Debian-specific references from the document to create the "Open Source Definition."" [http://www.opensource.org/docs/definition_plain.h tml]

    "Hence the term `open source', which the first participants in what would later become the Open Source campaign (and, eventually, the Open Source Initiative organization) invented at a meeting held in Mountain View the offices of VA Research on 3 February 1998." [http://www.catb.org/~esr/writings/homesteading/ha cker-revenge/ar01s05.html]

  20. Re:Facts...facts...who's got the facts? on iPod Faces Patent Probe · · Score: 2, Informative

    I haven't seen any articles that explain in depth what the patent covers, so I can't comment on exactly how broad its scope is.

    It covers navigating songs using a three layer hierarchy on a portable music player. The example listed is organizing songs into artist folders, containing album folders, containing song files. Mplayer and a dozen other players did this years before the Creative patent was filed.

    Now, if we're talking about software which automatically parses ID3 tags and/or filenames and arranges the music accordingly, Creative might very well have been the first to do that...

    Nope, they aren't even close to being the first to do that and such a patent would not apply to the portable, but to the jukebox software.

    In any case, I'm not defending their having the patent, I'm just trying to set the record straight because a lot of people here don't seem to have a clue what this patent dispute is all about.

    I appreciate your effort to clarify the issue since there is a lot of FUD, but don't you think you should actually read up on what the patent does cover before attempting to clarify it to others?

  21. Re:Facts...facts...who's got the facts? on iPod Faces Patent Probe · · Score: 4, Interesting

    This isn't a patent on MP3 players or buttons or anything or FUD-related nonsense, it's a patent on a specific organizational structure in the software.

    No, this is a patent on organizing music in a hierarchy, but on a portable, much like patents on a dutch auction, but on the internet, or patents on blue lights, but in a car. This patent was applied for 5 days before Apple released to the public iTunes and long after other music jukebox software did this same thing. Apple, and many other companies, sold laptops with speakers. In particular, look at a Linux laptop, with a speaker, running MPlayer. Creative's case hinges on proving that their patent issued years after people were doing just that, should prevent the selling of iPods (which run Linux and use it to organize and play music in the same way). It isn't even a matter of it being obvious, it is a matter of them filing for the patent years after people were already doing this by arguing that the iPod somehow differs fundamentally from other portable computing devices.

  22. Re:Still getting the raw end of the deal? on How iTunes Hurts Weird Al · · Score: 1

    In America, where I'm pretty sure he signed it, the responsibility is on you, not anyone else, to make sure you understand your contract.

    I agree, he was foolish. On the other hand, assuming he does not agree, what is his choice? He's dealing with a cartel that controls distribution in the majority of channels. If he doesn't agree his new music is not sold in 90% of stores, won't be heard on the radio, and he is basically finished. This is not a reasonable choice and it is exactly the situation the authors of our copyright laws wrote they were trying to prevent. Thus, while he may have been foolish and could not understand 100 pages of mixed English and Latin, using bizarre vocabulary he was still put in an untenable position by our unjust laws.

  23. Re:Should be self-evident on Arctic Sea Level Falling? · · Score: 1

    Frozen water expands, taking up more room. When the ice melts, the volume it takes up reduces, lowering the sea level.

    Frozen water expands, taking up more room, but also lowering the density. Ice on land that melts goes into the sea, theoretically raising the water level. Floating ice melts, becoming more dense, thus the part that was above the water now displaces space as well, resulting in no net change in the water level. So a positive amount of displacement from runoff added to no change in displacement from floating ice should result in raising sea levels. You can determine this experimentally with a glass and some ice cubes.

  24. Re:GAIM on New Worm Starts Munching MSN Users · · Score: 1

    Another thing about chat clients is that they should stick to limited functionality. There are way more secure ways to transfer files.

    When will people learn? Reducing functionality is not a good way to increase security since it motivates people to bypass your security. If you don't support file transfer, a lot of people won't use your program and thus be vulnerable.

    The proper solution is to implement the functionality correctly, either by integrating with an existing, secure solution or by implementing it securely by default. Windows security sucks, but that does not mean an IM client has to let users fall prey to it. Why not transfer files, but warn users when something downloaded is not data and explain in clear language the ramifications. Encrypt the buddy list to make sure a trojan can't access it directly to automatically propagate (with an export feature for other programs). Is this really so hard? Sure the OS should be handling this, but since it isn't it is up to the writer of the application to inform users and restrict access to files that pose a risk and which most programs should never need to access.

  25. Re:What are you talking about? on New Worm Starts Munching MSN Users · · Score: 2, Interesting

    As far as I read it this doesn't have anything to do with "bad security" just "bad users". You have to download the code and execute it.

    I strongly disagree. Windows fails to make it clear to most users that this is a program, not a movie. That is a security failing of Windows. By default Windows lets any program, even if it has never run before, do anything it wants to. This is a security failing. By default programs should be limited and users should have to explicitly grant the right to do things like connect tot the internet, and especially to do suspicious things like read your MSN buddy list.

    The problem is not that users are stupid, it is that software is poorly designed. By default why should the OS let random programs read my MSN buddy list? How many that aren't worms need to do that? It is a stupid choice, given the current state of Windows malware.

    First, fix the OS. Make sure users know what is software and what is data, then restrict all of it by default. Fix the UI so users aren't conditioned to constantly click "OK" for vague or useless reasons. Give them real, informed choices and the power to do whatever they want, but only if they are expecting it and only the exact functions they want. Once that is solved and the automated exploits are locked out, you can complain about stupid users. Until then, stop denying the problem because you have been trained to work around it.