Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×

New IM Worm Installs Own Web Browser 479

Aquafinality writes "A new IM worm discovered recently takes the novel step of installing its own web browser onto the victims PC. Ironically titled "The Safety Browser", its default settings actually make your PC less secure - switching on pop-ups, changing your home page and hijacking your desktop with a looped music track that plays every time you switch your computer on. It's clear people cannot resist clicking "yes" to anything they're presented with via IM - with this in mind, what on Earth can we do so stop the spread of garbage like the above? To put it another way, will reducing the amount of potential "suckers" out there dissuade the bad guys from coming up with ever-more elaborate ideas such as this latest scam? Or is IM safety a lost cause?"
This discussion has been archived. No new comments can be posted.

New IM Worm Installs Own Web Browser

Comments Filter:
  • IM safety? (Score:5, Interesting)

    by Whiney Mac Fanboy ( 963289 ) * <whineymacfanboy@gmail.com> on Sunday May 21, 2006 @10:23AM (#15375939) Homepage Journal
    Or is IM safety a lost cause?

    It's very hard to stop people executing something thats sent to them by someone they know - but for other vector methods, perhaps people should consider an IM client that doesn't [securityfocus.com] include [cert.org] activeX [computerworld.co.nz]

    Anyway, mildly interesting, the worm makes no attempt to hide iteself with a "You are beaten, it is useless to resist" desktop paper (!) and music on startup (from TFA) Worse still, music starts to blare out of your PC. Not just any old music - bad music. Bad looped music, with screeching guitars and awful drum n' bass beats.

    But not to worry XP SP2 users, you're protected.... again from TFA:
    Some "good" news, however - SP2 seems to prevent this music from playing in the background.
    snigger.... :-)
    • by OffTheLip ( 636691 ) on Sunday May 21, 2006 @10:40AM (#15375995)
      "Some "good" news, however - SP2 seems to prevent this music from playing in the background." Since Napster is out and other P2P apps will land me in jail I was hoping this music would be a way to add to my MP3 collection. Damn SP2!
    • Re:IM safety? (Score:2, Insightful)

      I agree with your statement saying that it's hard to prevent people from executing stuff, regardless of the media used to propagate viruses, spyware, etc.

      However, I think that it also underlines a serious flaw in the Windows security model. Almost everybody runs with administrator privileges because too many things just don't work otherwise. I hope, but doubt, that Windows Vista will address this issue more than simply provide a few anti-spyware utilities.
      • Re:IM safety? (Score:4, Informative)

        by jacksonj04 ( 800021 ) <nick@nickjackson.me> on Sunday May 21, 2006 @11:35AM (#15376212) Homepage
        If you get hold of the CTP, you'll find that Vista actually does this. If something needs to prod around with something which should need admin (Registry, system folder etc) then you will be prompted for your admin password. Even if you're logged in with an admin account, it will ask you again.
        • by Sycraft-fu ( 314770 ) on Sunday May 21, 2006 @02:25PM (#15376825)
          Why? Because it becomes just another hoop to jump through. They don't consider the implications behind their action. The computer wants something, they give it what it wants to it'll shut up and let them get back to doing what they want to do.

          Admin passwords are useful for knowledgable users because if you do something that shouldn't require admiin, but asks for it you can step back and think why it's asking, and approve or deny it based on more information. However clueless users won't do that, they won't know what should and shouldn't need it, so they'll just blanketly issue the admin password.

          I've already witnessed this on other platforms (MacOS) that ask for admin. I was chatting with a guy while he was tinkering with his Mac, it popped up and asked for admin and he said "Huh, that shouldn't need admin"... as he was typing in his admin password (3 letters long). He even recognised that this might be a situation where it wasn't needed (it was actually, nothing harmful) but just gave it the password anyhow.

          So while I think the privledge escalation is Vista is a nice try, and certianly something I'll use personally, I think it will ultimately make no difference for normal users. They'll just make it go away whenever it pops up, and they'll do that by giving it the password it wants.
      • Re:IM safety? (Score:5, Insightful)

        by techno-vampire ( 666512 ) on Sunday May 21, 2006 @02:04PM (#15376748) Homepage
        However, I think that it also underlines a serious flaw in the Windows security model. Almost everybody runs with administrator privileges because too many things just don't work otherwise.

        I'm no Micro$oft fanboi, but don't blame Bill the Gates for this. Blame lazy deveopers who can't be bothered to Do It Right. They run their bleeding edge machines as Admin and never test to see if their bloatware will run any other way. Not only that, they write programs that need every bit of RAM, every CPU cycle and every possible bit of graphics they have so that when they're finished, you have a program that can only be run on a maxed-out machine as Admin. Last, they look down their noses at you if you complain because you're "too cheap" to buy the hardware needed for their precious program. They don't understand that saying, "It works on my machine!" doesn't cut it if the average user can't afford to match their hardware or wants to keep their copmuter safe by not running as Admin.

        My advice is, just say NO to programs requiring Admin and never, under any circumstances, upgrade your hardware just to play the newest game. I'm not a Libratarian, but if enough people follow my advice, the market will, indeed, take care of it.

  • by yagu ( 721525 ) * <yayagu&gmail,com> on Sunday May 21, 2006 @10:25AM (#15375942) Journal

    Once again, fingers pointed at some conduit when the true culprit still seems to be Microsoft's OS. If I were to click the link in gaim, on a linux machine (assume for the sake of argument, this browser is platform independent and would work on a linux box)?

    Probably not, because the typical default access for a linux user is unpriveleged (I've been working intensively in the linux environment, and I'll bet I've not been logged in as a priveleged user (i.e., root) more than two or three times a year during that span). But, an extremely significant percentage (I'll bet it's over 80%) of Windows users continue to be logged in with administrative priveleges -- most without knowing and understanding what that even means.

    Until there's a more consistent and pervasive culture (come on Microsoft, help out with this... how about a PSA campaing?, you can afford it) where users have non-administrative logins, there's little to be done. I still see people on older machines where they haven't even bothered to configure users for their older Windows machines... and don't have the slightest concept of partitioned separate logins for distinct different users.

    This isn't entirely IM's fault.

    (In the meantime, if you're a serious PC user and you want some piece of mind, spring for the extra $500 for your own machine and make it yours and yours only. It's how I've set up friends who use their computers for business/profession who've nearly given up on PC technology what with (shared home) machines popping porn, running slowly, and going Toes Up on them. Sigh.)

    • I use Linux almost exclusively on the command line. In KDE or Gnome, do you really need root privileges to install any software or change your wallpaper?
      • I use Linux almost exclusively on the command line. In KDE or Gnome, do you really need root privileges to install any software or change your wallpaper?

        If you want to use your *BSD or distro package manager, you usually have to be root. Most of the time it's much less painful to install a package than install rom a tarball.

        • Well, you can use sudo in BSD, right? Mac OS X (loosely based on BSD) has sudo just like most Linux distros do, so I'd assume that BSD includes it as well. I know offhand that OpenBSD does, and it's its own patched version as well.
    • I mostly agree with your post - and you put things well, but:

      Probably not, because the typical default access for a linux user is unprivileged (I've been working intensively in the linux environment, and I'll bet I've not been logged in as a privileged user (i.e., root) more than two or three times a year during that span).

      I'm not sure how long user privilege separation is going to continue to be the great protection it is now, once the majority of desktop users have it. Consider a single user desktop with privilege separation (linux, vista (supposedly) or os x):

      1) Malware downloaded & executed by dumb user.
      2) Malware sets itself to start at that user's privileges when the user logs in.
      3) Malware can do many things at malware level at least when user is logged in (including periodically checking its update server for local privilege escalation exploits it can run).

      We're about to enter an age of smarter malware, that takes its time getting root, and keeps a low profile (maybe a little keylogging here or there) until it does... you read it here first :-)
      • I mostly agree with your post - and you put things well, but:

        I think that things like selinux will really help, keeping programmes from doing things which they are not meant to do. As it grows better and adapts I hope that it could become a bit of a security "killer-app" - it would offer so much security if it could just say "ey up, why is this IM installing a browser? better stop that"... and yes, I would like selinux to have a regional accent (and maybe even talk)
        • I mostly agree with your post - and you put things well, but:*

          and yes, I would like selinux to have a regional accent (and maybe even talk)

          That regional accent will have to be Chuck Norris (yes, he has his own region).

          Seriously - I think you're quite right, but I suspect that will just make (and again, this presumes MS & Apple have something similar in their OSes) the worms smarter, and take longer to gain highest priviliges.

          When people are executing untrusted code locally, it's really hard to stop it 1
          • A smarter worm would be a fair bit harder to write, so I should think there will be less of them, at least for a while, for Vista. Preventing programs from installing themselves will lock out a large proportion of the current nasties, preventing registry updates and access to C:\WIN* will lock out a fair few more. I do agree, while people still blindly install any old crap malware will never go away but that doesn't mean it shouldn't have been made as hard as possible for it to get on in the first place. Ru
        • by Jeremi ( 14640 ) on Sunday May 21, 2006 @11:47AM (#15376268) Homepage
          I think that things like selinux will really help, keeping programmes from doing things which they are not meant to do.


          I think using virtual machines as sandboxes could go a long way towards improving security also. Imagine a distro with a super-locked-down secure OS that only ever runs a single app, which is a virtual machine app (VMWare, Xen, whatever). The user does everything inside this virtual machine's guest OS, and never installs or runs any other software on the host OS.


          With that setup, it would be easy to "checkpoint" the state of the system and restore it whenever things have gone wrong (due to malware, user mistakes, whatever). (A clever diff-based mechanism might be able to make OS-state saves/restores fast enough to be done automatically in the background, say once a day). Even if the guest OS was completely compromised by malware, it would still be impossible for the malware to prevent the user from using the (uncorrupted) host OS to "rewind" the computer back to before the infection occurred. The host OS could also keep an audit trail of what happened when inside the guest OS, to help the user find out where things went wrong.

      • by RockRampantly ( 976282 ) on Sunday May 21, 2006 @02:45PM (#15376880)
        Not only that, but:

        4) Malware can install a keylogger so that when the user legitimately needs super-user access, the malware steals the password
        5) Prompt user for Admin password directly (or in the case of Ubuntu for example, the user's own password to run sudo)
        6) Even if the malware can't create its own password prompt, but must use a system default prompt:
        "Warning! A program is attempting to gain Administrator level access. This should only be necessary to install programs or perform other maintenance. Click Cancel otherwise."

        1 -Malware prompts user for password with message above
        2 -Naive user reads message, clicks cancel
        3 -Malware prompts user again for password
        4 -Ad nauseum
        5 -User gives up and enters password

        Privilege seperation can be useful for preventing automated system takovers, but where a user is involved (and that user can get super-user access) becomes moot.
    • It's not the fault of IM but it's not Windows' fault either. As pointed out by others, privilege separation does not solve malware. Period, end of story, it achieves nothing. Unsurprising given that it was designed to solve an entirely different problem, back in the days when malware didn't exist.

      The key problem here is that a program is able to impersonate a user in such a way that other humans can't tell the difference. People are very reliant on trust cues to guide their decision making and computers r

    • Once again, fingers pointed at some conduit when the true culprit still seems to be Microsoft's OS. If I were to click the link in gaim, on a linux machine (assume for the sake of argument, this browser is platform independent and would work on a linux box)?

      Spot on. Therein lies the problem: a faulty underlying security model in the host OS. Since most typical IT clueless sheeple pose the highest user-imposed risk (aka, they'll click anything) run some (discounting something reminiscent of a piece of fru
      • Because you think that if you install Linux on Joe Somebody's machine, he will not enter the root password when asked for it?

        OSes are as secure as the person using it. To think anything else is ridiculous. And that applies to every OSes.

        And I'll get modded down for what I am about to say, but people blame MS for everything, saying they can't do things right, that it should be open source, security through transparency and whatever. But right now, no open source distribution out there is secure if used by
    • Most applications don't need to do anything that requires root privileges. The worm could happily install its browser in the user's home directory. It won't affect other users, but that isn't a big consolation to most home machines where there are often just one or two users.
    • Don't forget PC vendors ...

      Since Windows 2000, it is relatively easy to run Windows in Limited User. ( well ok, there are some application that are a real pain. But I've run WinXP in Limited User mode for 2 years now, and most shitty applications where stuff like MSI Core Center, ... the kind of application you install at the PC setup. )

      And how many big companies are still selling their PC with a default Administrator user ? Dell, HP, Asus, ... all of them configure WinXP with a default Admin User. Why ? N
    • by Iron Condor ( 964856 ) on Sunday May 21, 2006 @01:00PM (#15376531)
      Probably not, because the typical default access for a linux user is unpriveleged (I've been working intensively in the linux environment, and I'll bet I've not been logged in as a priveleged user (i.e., root) more than two or three times a year during that span). But, an extremely significant percentage (I'll bet it's over 80%) of Windows users continue to be logged in with administrative priveleges -- most without knowing and understanding what that even means.

      Disclaimer: My experience is with VAX and Unix boxes in the eighties, my first Linux kernel was 0.9something but I have used Windows only since 98SE. I never really got to "learn" windows and am much less clear on the internals. On the "how is this supposed to work".

      With more than two decades of serious computing behind me, I still do not understand what "Administrative privileges" really means in Windows. Or what it is good for. In U*X everything is a file and thus those magical "privileges" simply boil down to what you can do with a file (including files in /dev, /proc, directories in general, etc). There's a layer of abstraction where I understand that access to this 644 means that I can only read it, but the owner can write to it as well. That's easy.

      In windows, it has never been terribly clear to me -- there appears to be some nod in the direction of file permissions, but all I've ever seen of them is that sometimes I have trouble messing with something the wife has been working on -- that kind of thing. Sometimes there's no problem. Sometimes logging in as admin solves some problem that I have but I hesitate to do so since I nevere really know what Windows does behind the scenes that might become a problem if I were to be logged in as Admin.

      In the end, the preferred way to do something that I can't do as user is to fire up cygwin and do it from the linux prompt.

      And ours is the rare enlightened case where someone took the trouble of setting up user accounts at install time. It was certainly not in the least obvious when and where to set up this kind of thing. I cannot fathom why I would've bothered with it if I hadn't had a Linux backgroud. It's not like XP pops up a screen during install explaining what an Admin is and how he is distinguished from a normal user.

      I still see people on older machines where they haven't even bothered to configure users for their older Windows machines... and don't have the slightest concept of partitioned separate logins for distinct different users.

      Of course not - why would they? This is my computer, I'm the only one using it, if the kid gets old enough to want to diddle with it I'll buy him his own computer. Why would I be setting up different "users"? I doesn't make sense in the Windows model.

      U*X (and VMS and ...) was developed in a networked multi-user context of universities and research labls. Windows was developed to make one computer do one thing for one user. "Multi-user" is an afterthought. Network security is an afterthought. The entire computer-as-an-appliance model of how a computer should behave in Windows just doesn't lend itself to the notion of a "privileged account". You don't have a privileged account in your toaster or your microwave, do you?

      Now it gets hairy: If I grant for a moment that there's no such thing as absolute computer security, then all these unsecured windows boxes out there are just the low-hanging fruit. Viruses and worms are only as smart as they need to be to pick those. This is fine with me as it means I merely have to have my fruit hanging higher than everybody else's. My house doesn't have to be absolutely burglar-proof -- just harder to break into than my neighbors. I'll never be perfectly termite-safe, but as long as I'm more termite-safe than my neighbors, they will attract all the termites. You get the picture.

      If geeks succeede in training the masses in making their machines "more secure" it only means that the malwa

      • With more than two decades of serious computing behind me, I still do not understand what "Administrative privileges" really means in Windows.

        If you understand multiuser security, you understand Windows security. It's basically the same as the Unix model, with a few twists:

        + Administrator is not quite as all-powerful as root -- still bound by ACLs for example
        + ACL permissions apply to not just files but also registry keys
        + There's a policy layer to control who can perform certain actions (setting the clock,
  • Users (Score:2, Insightful)

    by hotsauce ( 514237 )
    Lost cause. Next article please.
    • Re:Users (Score:5, Insightful)

      by Allnighterking ( 74212 ) on Sunday May 21, 2006 @04:14PM (#15377170) Homepage
      Let me be the first to point out something..... YOU are a user. Yep So if all users and dumb, and you are a user, then you too are dumb. If you are dumb then your statement looses validity.

      In my mind we need to drop the Microsoft/Apple attitude that users = idiot. If you build systems for idiots only idiots will use your system. Generally I've found that the #1 reason users I work with generally do stupid things because I've either, Improperly documented or explained what something did or how it worked, or because I created something that blocked their ability to do their job.

      Very often users tend to view the people at help desks as idiots because regardless of problem the reaction and lack of willingness to care are obvious from the start. Even cultural attitudes are ignored in the move to "cater to the idiot who uses our product" In one contry clucking your tounge may be a sign of rapt attention. But in the country the user is in it may be a sign of a smug and condiscending attitude.

      In one of the first lessons taught in management classes you will learn that a team of idiots is lead by an idiot. I claim that the same is true here as well. If you have idiots for users it's because you have idiots for techs.
  • by Ant P. ( 974313 ) on Sunday May 21, 2006 @10:27AM (#15375949)
    Make "Yes" buttons, by default, HURT people physically.
    • The first person to combine a goatse popup with your idea gets a million quid bonus ;)
      • Hmmm... Windows app that polls/intercepts all windows on the desktop, checks their type and strings on any buttons + adds hidden window over button area that intercepts the click, passes it to underlying window and at the same time presents user with top-desktop picture of goatse for 500ms?

        Granted I haven't done any windows programming for 4 years now, but it certainly sounds possible, or so I remember...
    • Just relabel the buttons to "No, thanks" and "Fuck off". Has anyone ever seen ActiveX controls do anything useful, anyway?
    • And on a more serious note, you could instead make modal dialogue boxes use better buttons than "Yes", "No", "OK", "Cancel", and "Reset". Verbs are good (e.g. "Install", "Remember", and "Unknowingly Submit Social Security Number and Credit Card Numbers to Random Company").
    • Reflex Action (Score:3, Interesting)

      by shadypalm88 ( 753382 )
      Relabelling the "Yes" and "No" buttons to the actual result of clicking it (e.g. "Install this software") might combat the reflex action and force people to actually read the message instead of just jumping to the Yes button.
  • safety (Score:5, Insightful)

    by joe 155 ( 937621 ) on Sunday May 21, 2006 @10:27AM (#15375950) Journal
    I think safety is always going to be hard to push on people who don't seem to understand the importance of what you are telling them. I'm sure you'll know from your own experience how hard it is to get even your own parents to take adequate security steps. I don't understand what this virus is doing though surely you would notice a new browser and remove it? certainly not use it...

    As for removing the incentive for people to do this I think it will be hard; there will always be a few "suckers" and even 1 in a million can be profitable; so it'll be hard to stop it.
  • Yes (Score:5, Insightful)

    by IamTheRealMike ( 537420 ) on Sunday May 21, 2006 @10:29AM (#15375953)
    • Block transmission of executables at the server level
    • Use something like CoreForce to prevent IM clients executing other programs (and switch "open this file" type actions via a privilege mux or RPC to a higher privileged system service).
    • Use operating system level services to prevent any application scripting another, restricting that privilege to accessibility applications.
      • Users have proven themselves to be perfectly willing to manually unzip and otherwise reconstitute untrusted executables from formats that cannot be scanned by automated filtering.
      • I don't know exactly what CoreForce is, but how are you going to differentiate between IM programs and trusted programs? Is it some sort of automated system, or a static list that the user must manage? If it's automated it can be fooled (what prevents any random program from declaring itself non-IM?) and if it's manual what preve
  • Sensationalism (Score:4, Insightful)

    by Toby The Economist ( 811138 ) on Sunday May 21, 2006 @10:29AM (#15375954)
    > Or is IM safety a lost cause?

    The question is sensationalist given the context.

    The article describes a particular new threat - all good and well.

    However, no information on the distribution of IM attacks is given. We have no idea if they are rare or frequent. How can it then be asked if IM safety is a lost cause? the question is almost orthagonal to the article; one cannot have a meaningful opionion about IM safety in general given only information about the *existance* of a particular, new threat.
  • by markdavis ( 642305 ) on Sunday May 21, 2006 @10:30AM (#15375957)
    As others have said, and no doubt will continue to say, you will not change the masses' behavior. The problem is not that people will click on things that look interesting, the problem is that the program will execute something presented to it.

    There is no reason that *any* instant message client should ever execute other code, privileged or not. That is not the purpose of IM- IM is not a program launcher, it is a tool for communication.
    • While in theory your solutions works, you are forgetting that the user WANTS to run whatever it is they are running. If the default way to run things was to save them and then run them, that is what the user would do. They are being tricked into running something. The onyl way to stop that is to make the user not want to run it. If the IM is changed to where it won't run executables directly, the user will do whatever they need to do to run the file, because that is what they want to do. Changing the d
  • Awww (Score:2, Funny)

    Its for Windows and Internet Explorer only :(

    Why can't this run on Linux?
  • by Giant Ape Skeleton ( 638834 ) on Sunday May 21, 2006 @10:33AM (#15375972) Homepage
    The question on every Slashdotter's mind:

    does the browser pass the Acid2 test?

  • by theCat ( 36907 ) on Sunday May 21, 2006 @10:36AM (#15375982) Journal
    Next month, an IM worm will install not just a browser, but an entire operating system. It will be Linux, but it will be setup to give the worm owner complete remote ops. It will have basic mail, IM , web browsing and word processing all via the usual open source tools, and will be made to look something like Windows. And 90% of the people who wake up to find this new OS running on their system will simply use it.

    You KNOW they will. That's the level of what we're talking about.

    For one thing people have become accustomed to random stuff showing up on updates and upgrades. The remore operatior will simply launch a splashscreen that says "A gift from Microsoft for your loyalty!" and people will go nuts. For another thing, there is a good deal of evidence accumulated over the many years of this malware war that the users who are keeping malware authors in business are total noobs. Many are developmentally disabled, or are children, or are computer phobes who avert their eyes when the machines "does something odd". Some are simply dumb as cabbages. They click "yeah sure, pwn me" on every dialog box because they are functioning as part of the attached peripherals a NOT an intelligent user.

    No, I'm not bitter. I'm not being sarcastic. I've woken to the reality. This is our world, and we white hats are just a liitle slow on the uptake is all. What this suggests about computer ownership (like maybe you need an operator's license, as required with radio broadcasting, if you are going to traffic in the public sphere) is probably the next frontier of the discussion, that's all.
    • by i_should_be_working ( 720372 ) on Sunday May 21, 2006 @10:56AM (#15376051)
      It's funny 'cause it's true.

      I'd like to do a social experiment and write a virus that pops up a window asking the question: "Install Virus?". The options are "No Thanks" and "yeah sure, pwn me". Now, I'm usually an optimist, but I think the results of this study would be depressing.
      • I'd like to do a social experiment and write a virus that pops up a window asking the question: "Install Virus?". The options are "No Thanks" and "yeah sure, pwn me".

        That's a darn good idea. And, yes, some people would get pwned, and not necessarily because they're "stupid".

        1. Assumed "Install Virus?" meant "Install Anti-virus software".
        2. Accidentally hit RETURN instead of selecting "No thanks" button. (An easy mistake; anyone can make it.)

        Perhaps the results of such an experiment would help to enligh

    • by Anonymous Coward
      What you're thinking of is something called "Tuxissa" which was
      an April Fool's Joke around 1999 after "Melissa" had hit the
      internet. The basic premise was to take
      the Microsoft virus/worm attack of the day and piggyback
      onto it kickstart or something like it.

      The only problem at the time was the bandwidth requirements for
      getting millions of basic Linux installs on all those Windows
      boxes was prohibitive -- No one server could feed all those
      client installs --- at least not in 1999.

      However, now that we have Bitto
    • I'm not sure that WINE is up to the task, just yet.

      As another responder noted, many of us have been looking forward to this for the last 7 years.

      It will require a ton of testing. But, I suppose, that's what the army of zombie boxen are there for! ;-)

      • I'm not sure that WINE is up to the task, just yet.


        WINE may not be, but VMware is... how soon until viruses just install a copy of VMWare, then run your original OS image inside of VMware while silently doing whatever they like out in the "real" OS?

    • How true ...

      My father had a spyware on his machine that would display a 'Purchase Helper' panel that eats 33% of his screen on his company PC while browsing.

      He just thought, 'hey, must be the admin that remote accessed my machine to install that' and never worried.

    • (like maybe you need an operator's license, as required with radio broadcasting, if you are going to traffic in the public sphere)

      Interesting, but...
      There's a distinction between operating a receiver and operating a transmitter (and yes I know, receivers DO transmit;)
      You don't need an operator's license to use the US Postal Service (OK, well kinda, sorta)

      the users who are keeping malware authors in business are total noobs
      Except, if you follow the line of reasoning you have started on, you discover that the
  • Trusted Computing (Score:3, Interesting)

    by psp ( 7269 ) on Sunday May 21, 2006 @10:38AM (#15375987)
    I know TC is not held in particularly high regard around here, but imagine this scenario:

    1. An OS with a solid configurable TC implementation.
    2. A knowledgeable computer user sets up the OS for the executablerunning IM user.
    3. The OS is configured to only run applications from certain vendors (Mozilla, StarOffice, Microsoft?).

    I would love to have TC for my sisters computer. She has never had the need to run any applications besides the ones I have installed.

    Or is this already possible with any OS? The ability to specify a list of allowed executables and the disability for a user application to change the list.

    • Your point about 3 is moot.
      All trusted applications will be runnable.

      Think of the XBOX, only signed games can run, in this scenario, microsoft are the trust authority, if a piece of software remains unsigned then it cannot be run.

      However, this only gives a false sense of security because all it takes to break this is somebody finding an exploit in a data file allowing unsigned code to be read and executed.

      No TCP system will ever be able to handle signing every single data file although the RIAA/MPAA would l
      • Now if the system administrator could choose what vendors and/or signers to trust, treacherous computing would actually be a useful tool. Imagine if SELinux or OpenBSD or something allowed you to use this method of signing your own self-built applications and trusting your distro vendor's signing. It might be a simple method of added security.
    • 3. The OS is configured to only run applications from certain vendors (Mozilla, StarOffice, Microsoft?).

      The ability to specify a list of allowed executables and the disability for a user application to change the list.


      And then they will figure out how to disguise their trojan app as a legitimate app, and we're worse off than square one. Worse, because since you will "trust" your computer, it will take longer for you to cotton on to the fact that your box has been compromised.
    • Re:Trusted Computing (Score:3, Informative)

      by bcmm ( 768152 )
      They have some interesting locked-down Windows boxes at my sixth form. You can't write to the C drive (obviously), and you can't run executables from your own network folder, or from USB sticks, or in fact from anywhere you have write access to.

      It infuriates me, but it wouldn't even be noticed by the sort of people who catch this "worm" (surely actually a virus, as the user is required to run it him/herself?).
      I don't know how its done, but it seems to be at a fairly low level (doesn't just apply to
    • Re:Trusted Computing (Score:3, Informative)

      by sqlrob ( 173498 )
      Or is this already possible with any OS? The ability to specify a list of allowed executables and the disability for a user application to change the list.

      I can think of at least [wikipedia.org] two [apple.com]
    • Two of the many options are
      a: use GNU/Linux
      b: don't give your sister an administrative account.

      And, not to be rude but judging by that low /. number I don't see how this wasn't already known. You steal someone's account?:)
    • I would love to have TC for my sisters computer. She has never had the need to run any applications besides the ones I have installed. Or is this already possible with any OS? The ability to specify a list of allowed executables and the disability for a user application to change the list.

      Already doable in OS X, via Parental Controls. You can specify "user can only run the apps in this list" and that's all they can launch, period. Without knowing an admin password, they can't change anything. You can also l
    • Don't be an idiot. All that "trusted computing" will do is mark the executables with exploits as being "trusted" so that you cannot avoid them or patch them.

      What you are basically asking for is "don't run an executable that is in a directory the user can write". This has certainly been done on Linux (disable turning on the executable bit, or ignoring it, on a file system) and I think this can be done on Windows too. It's done with software.

      It has nothing to do with "trusted computing" and it is rather sad,
  • by Dorsai65 ( 804760 ) <dkmerriman.gmail@com> on Sunday May 21, 2006 @10:39AM (#15375988) Homepage Journal

    When you try to make everything idiot-proof, you just raise the quality of the remaining idiots.

  • by craznar ( 710808 ) on Sunday May 21, 2006 @10:40AM (#15375997) Homepage
    Split the friggin' internet in half.

    Give out odd numbered IP addresses to Linux users, and even numbered addresses to Windows Users.

    Then Linux computers just turn off access from even numbered source addresses.

    Problem solved.

    Ok - time for bed.
  • by Burdell ( 228580 ) on Sunday May 21, 2006 @10:41AM (#15376000)
    As long as people will click "yes" to install/run some random bit of software, Mac/Linux/*BSD/etc. are not going to be any better than Windows. These aren't holes in the OS, they are holes in the user. Much of the malware (spam zombies, SSH password scanners, etc.) doesn't need any special privileges to run, so it could run as a normal user.

    Something like SELinux may help, but then email/IRC messages can just come with instructions for the chcon command to run (people open encrypted ZIPs with the password in the body already; putting a command to "fix" a download is not that different).
    • In my 20 years of system administration I have often had people come to me and say "Peter, I just clicked the wrong button and my computer's acting funny." I've less often had people say "Peter, I downloaded a file to the desktop and opened it and my computer's acting funny." I've had several people say "Peter, I just clicked the wrong button AGAIN and I think I'm infected."

      I've never had the same person come to me twice with "I've downloaded and opened a file and I'm infected." Give people even a small bre
    • In Linux, applications are not executable by default. You have to first download it, save it somewhere in your home folder, change its permissions to allow execution and then run it. It gives you more time to realise that what you are doing is stupid. I think the average user that just wants to email and so on (the typical use who would get infected) wouldnt bother to learn all these steps.

      But won't this make things harder for n00bs to play their stupid games? Not at all. Programs will in the future will be
    • Wrong. To execute a file in Linux and most other unixes, the file has to be marked as executable. If you send be a shell script via mail or im, and i click on the file's icon in Konqueror, KDE will lauch a text editor, and open the file in that. It's even less dangerous than visiting web pages.

      Windows, on the other hand, will happily execute any file with the suffix .exe, and to make matters worse, it will usually hide the suffix. Now that is dangerous behaviour: It makes it difficult for the user to know w
    • On Mac/Linux/etc you are not administrator!!!!...It is not AUTOMATIC. You have at least one more step in order to hose your system. If it's a stupid user who hoses' their account, you hose their account. If you are the USER who enters the root password on Mac/Linux/etc in such a case then you deserve whatever happens.

      It's statements like yours which keep us in this mess. There is a better way. Just add that step. There is no need to AUTOMATICALLY execute anything from the Internet. Remove these AUTOMATIC fe

    • That's not true. On Microsoft Windows, these things tend to happen automatically. Without a whole raft of illegally obtained 3rd party Microsoft Windows security software, I have little chance of blocking most forms of Microsoft Windows malware. Shit will happen automatically without me knowing, and it will automatically affect my entire system. This behavior is built-in and systemic to Microsoft programming practices.

      On Linux, I have to first be running a trojan program. I have to either seek out the
  • by madnuke ( 948229 ) on Sunday May 21, 2006 @10:42AM (#15376004)
    Internet Explorer 7!
  • by ettlz ( 639203 ) on Sunday May 21, 2006 @10:43AM (#15376010) Journal
    • Don't ever give received files execute permissions on UNIX and Windows systems with NTFS
    • On Windows systems, rename .exe files to .exe.unsafe. Refuse to run such files and pop up a stern warning message. If they just rename it, well they get what they deserve.
    • I think a better solution is to have the pop-up say, "An error has occurred loading this program; it contains bug # 23754983 at 0xdeadbeef, and cannot be fixed by Windows." The technically aware would know that this just means that the program is deemed unsafe and should be renamed/flagged/etc as being okay.

      Actually, it should probably just delete the file automatically. If your best method for executable distribution is IM, you deserve to lose.
  • by i_should_be_working ( 720372 ) on Sunday May 21, 2006 @10:47AM (#15376020)
    We can browse if we want to,
    we can leave your friends behind
    Cause your friends dont browse and if they dont browse
    Well theyre are no friends of mine

    I say, we can browse where we want to,
    catch a virus we will never find
    And we can act like we come from out of this OS
    Leave the real one far behind,
  • A lost cause (Score:2, Interesting)

    by hausmaus ( 684529 )
    It's not the OS's fault, nor is it the IM program's fault. It's the fault of ignorant computer users, no matter what OS they use, doing stupid things that they know they shouldn't be doing, even when they're told constantly.

    Thankfully, their ignorance means more money and work for me in my business to fix their problems that they brought on themselves.

    If they're stupid enough to open something from a program that they know could be bad, then they do deserve whatever they get.

    It used to be smart people usin
  • The internet is full of people using computers. Some people are competent, others are not; some people are honest and others are crooks. There are some technically advanced, unethical people on the internet who will try to take advantage of the "suckers." What better place to find suckers than on IM channels - which are loaded with the younger set (many of which are gullible).

    Since the internet is not centeral to any one government it is difficult to regulate which is both good and bad. The structure of
  • Well... (Score:5, Funny)

    by Wellington Grey ( 942717 ) on Sunday May 21, 2006 @11:14AM (#15376128) Homepage Journal
    what on Earth can we do so stop the spread of garbage like the above? To put it another way, will reducing the amount of potential "suckers" out there dissuade the bad guys from coming up with ever-more elaborate ideas such as this latest scam?

    Clearly there isn't enough evolutionary pressure on the heard. What the good guys need to do is build computers that explode when the user does something stupid.

    -Grey [wellingtongrey.net]
  • This is too wordy, and it makes a typical Windows user's head hurt, but it's the right idea:

    http://www.secureyourcomputer.org/ [secureyourcomputer.org]

    No, it's not pushing any commercial addons. It needs to be made simpler and shinier, but most of all the word needs to get out.
  • Frankly, I rejoice at news of some ubervirus causing massive damage. Dang, I wish viruses went back to being plain malicious rather than profitable tools as they are now. Every noob that has their computer trashed is one less noob on the net, one step closer to a pre-september 1993 internet. People blame villains and crooks for spam, viruses, popups and other such malware but really it's all the fault of the idiots who make it good business. Here's hoping that noobs get hunted to extinction and we can claim
  • Maybe some uberuser should make a "Click here for Brittney Spears Pics" trojan that wipes the computer. It could load a little program that runs at startup and nukes the PC from orbit.

    Any other bots and spyware on that machine go away, and the user ends up with a clean factory restore (after his brother-in-law comes over to show him how to use the restore disks).

    Over time, this could be modified to seek out zombie machines directly.
  • But safety is defined as the minimum of the user's ability and the system's. I.e. you can have the best user with knowledge about every single entry point for malware, if the system has a security hole that allows an outsider to run it (regardless of the user's attempts to avoid it), it will run.

    Likewise, you can have a top secure system, where a team of a few hundreds experts waded for years through the source to make it absolutely bulletproof, when the user allows anything and everything to execute (provi
  • by layer3switch ( 783864 ) on Sunday May 21, 2006 @11:34AM (#15376208)
    By reading the article, it seems it's just general user clicking on "OK" rather than "Save As" worm. How is it different if the delivery is done through email or popup or iframe on some website listed on Google or Yahoo or whatever cross link sites? Or AIM for that matter? How about Gaim? or How about Jabber?

    Perhaps re-examining the actual exploit rather than delivery medium as the cause would be a good way to head toward right direction in my opinion.
  • by ShyGuy91284 ( 701108 ) on Sunday May 21, 2006 @11:36AM (#15376217)
    UNIX/LINUX place a lot of restrictions on what can be modified by the user, and is part of where their good security comes from. Perhaps if children using AIM weren't logged in under the admin account or one with similar priviledges it would prevent the whole system from being hyjacked, and would just cause that account to need to be deleted. I don't know how much Windows limits user accounts, but if this isn't within the ability of Windows, it's quite sad.
  • by edunbar93 ( 141167 ) on Sunday May 21, 2006 @11:37AM (#15376223)
    How about making a new virus that, immediately after the user does something stupid enough to install it, turns the volume up to the max in windows, and starts looping a wav file that says "MORON ALERT!! W00PWOOPWOOP! MORON ALERT!!" and starts flashing their monitor red and blue, refusing any user input until they type "I have learned today that I should be more careful about the things I click on".

    Oh yeah, and it sends itself to everyone in his address book, so that the shame can be shared among others.
  • by DaveLV ( 790616 ) on Sunday May 21, 2006 @11:43AM (#15376252)
    Maybe we can't put the genie back into the bottle, but I think the real problem is that every Internet-enabled application these days is bastardized into a file transfer mechanism. IM programs should be for typing messages back and forth between two or more people. Why should IM even have the ability to transfer files?
  • by AlgorithMan ( 937244 ) on Sunday May 21, 2006 @11:47AM (#15376270) Homepage
    well - just make a "nice worm" that tells you

    "hi, your computer is obviously insecure - may I install
    [] firefox
    [] thunderbird
    [] AVG free (Antivirus)
    [] hijackthis
    [] and one of the following freeware firewalls: [insert firewalls here]
    for you? - P.S. I'll install the software from official mirrors, no faked, phishing software - if I wanted to harm you, I could have done this already
    [No] [Yes]

    may I also interest you in
    [] OpenOffice
    [] miranda
    [] bsplayer
    [] ...
    [No] [Yes]

    May I recommend myself to your friends?
    [No] [Yes]

    thank you for your interest
    I'll remove myself from your system now. goodbye!
    [OK]

    I think most people that stick with ms software do this because they have no clue how to install alternative software (seriously - my family uses PCs for 14 years now and still they call me and ask me how to install this and that software) so make a "worm" that assists you in making your pc more secure (and shows you that you need it at the same time) maybe put in links to small, easy-to-understand "getting started" sites...
  • by Mr Z ( 6791 ) on Sunday May 21, 2006 @11:51AM (#15376284) Homepage Journal

    Does anyone have a link to the really bad music this worm subjects its victims to? Hearing it would seriously enhance my sense of schadenfreude...

    --Joe
  • by reldruH ( 956292 ) on Sunday May 21, 2006 @11:57AM (#15376307) Journal
    That sounds a hell of a lot like the browser [aol.com] that gets installed with the new version of AIM [aim.com]. During install I tried telling it not to install the browser but it did anyway, was amazingly slow and had lots of pop ups. It sounds pretty similar to this worm.
  • by Anonymous Coward on Sunday May 21, 2006 @12:21PM (#15376399)
    The only solution to this problem is to kill all the people.

    Unfortunately we can't do that yet, so the problem remains unsolveable.
  • by wolrahnaes ( 632574 ) <seanNO@SPAMseanharlow.info> on Sunday May 21, 2006 @01:10PM (#15376567) Homepage Journal
    Build computers with a robot arm that will reach out and smack the user in the back of the head every time they're about to run an EXE from a IM or popup.

    A slightly lower-tech implementation has worked for me. When my friends ask me to fix their computer for the 30 billionth time after they infected it, I smack them in the back of the head and tell them not to be a moron, and then send them on to pay the Geek Squad to deal with their problems.

    Where these people used to be reinfecting themselves on a weekly basis, they seem to have stopped now, so a combination of physical and wallet pain seems to be the best motivation to not be a retard.
  • by suv4x4 ( 956391 ) on Sunday May 21, 2006 @03:04PM (#15376932)
    A new IM worm discovered recently takes the novel step of installing its own web browser onto the victims PC... It's clear people cannot resist clicking "yes" to anything they're presented with via IM - with this in mind, what on Earth can we do so stop the spread of garbage like the above?

    If you get infected, your IM might ask you if you want to get rid of a dangerous IM worm, just click yes and you'll be ok.
    You also get very cheap C1ALi5, dunno what is it, but it seems like a great deal, so I ordered a bunch.

"Plastic gun. Ingenious. More coffee, please." -- The Phantom comics

Working...