Originally Posted By: andy
Which takes us back to where we started, the mainstream security tools dont seem to target these attacks and I dont understand why.


Mostly because they can't. It isn't a technical control that is required or possible.

Actually, you can build technical controls that could do this but users don't want them as they impact on usability. Annually, about 5% of all the security work I do is awareness training. It isn't sexy or glamourous, and the downside is every time we do it we need to change the approach as users forget/are indifferent after about 6 months at best.

I think it is human nature (normals, not geeks) to ignore any of this stuff as it doesn't seem to have a direct impact on safety (in the old fashioned 'will it stop me being eaten' kind of way)
_________________________
Rory
MkIIa, blue lit buttons, memory upgrade, 1Tb in Subaru Forester STi
MkII, 240Gb in Mark Lord dock
MkII, 80Gb SSD in dock