PEBKAC Still Plagues PC Security 300
Billosaur writes "ARS Technica is reporting on a study release by McAfee and the National Cyber Security Alliance (as part of the beginning of National Cyber Security Awareness Month) that suggests when it comes to PC security, the problem between the keyboard and the chair is even worse. PEBKAC has always been a problem, but the study highlights just how prevalent it has become. 87 percent of the users contacted said they used anti-virus software, while 70 percent use anti-spyware software. Fewer (64 percent) reported having their firewalls turned on, and only 27 percent use software designed to stop phishing attempts. Researchers were allowed to scan the computers of a subset of the users, and while 70 percent claimed to be using anti-spyware software, only 55 percent of the machines of those users scanned showed evidence of the software."
And the solution is... (Score:5, Interesting)
The secret of my success is that I also don't use Internet Explorer (except for the Windows Update website, cause Microsoft makes me). That one step protects me from >95% of the malware. The other 5% is handled by Avast and Firefox. And I don't download and install "free" programs and games.
Boycott Internet Explorer (and all of the loss of security, privacy, and control of your own computer that goes with it), use Firefox and a good anti-virus program, and don't do stupid things on the net and you're golden.
Re: (Score:2)
Do you ever visit unknown sites with animations, pdf etc?
Re: (Score:2)
Are you sure? (Score:5, Insightful)
That you know of. A lot of zombie-related malware is intended to be very stealthy.
Re:Are you sure? (Score:4, Interesting)
They aren't stealthy enough to go through a logged firewall w/o being missed. IMHO, that's the best defense to any network -- paying attention to what the fuck is going on with your connection.
Re: (Score:2)
Re: (Score:2)
Re:Are you sure? (Score:5, Insightful)
I've never been infected by malware. And I have confirmed this every time I've been challenged on that point. Doesn't stop people comming out and saying that I really am infected, I just can't detect it.
Re: (Score:2, Insightful)
1. The average user won't be running as root so when you are there, theres nothing you can mess up enough to make the system unusable
2. Linux was designed with the Internet in mind, Windows wasn't, for example, binary files must be flagged to execute them before they execute making it nearly impossible for you to just "visit a webpage" and be infected
3. The code is open and more people will be finding out security flaws before crac
Re:Are you sure? (Score:5, Insightful)
I mean, go on, prove to me right now, without a doubt, that your Linux box is not infected by some rare virus that people haven't seen and don't know how to detect. And just to head you off, claiming "Linux doesn't have viruses" isn't a valid response. After all, maybe you're one of the lucky first people to be infected, and you just don't know it yet! See how convenient this is? You can't prove that you DON'T have a virus short of taking a dump of the bits on the physical platter and doing a diff.
Theres ways to be reasonably sure (as in, 99.999999%). There's no reason to believe that the poster that started the thread was not able to be reasonably sure.
But since you brought this up, tell me how you're going to prevent "Dear stupid user, please install this trojan as root to get your free cursors!" without taking control of the user's own computer away from him or her. You do realize thats how a lot of Windows malware is getting out there right now, don't you?
Oh and just so you know, there are trojans out there for Linux. One of the systems at my old job was cracked. Luckily the admin noticed that someone was trying to get a rootkit on his system. These cracks often involve software installed on the Linux system with incorrect security settings, as I believe was the case here. But thats the point: the security of the system ultimately falls upon the user not doing stupid things, which is impossible to guarantee without taking control of the computer away from said user.
Re:Are you sure? (Score:4, Interesting)
There is one possibility, and that is there was code slipped into the repository prior to the 6.2-RELEASE CD's being created (verified the sum of the CD's when I got them) which could be rooting my box. I don't have the time to be doing (is it Orange book?) procedures that will ensure this doesn't happen. I'm with Rycross, there are so many ways to be infected that saying your not is just setting yourself up for a fall.
Re: (Score:3, Informative)
1. you don't need to be root to cause trouble to others.
2. the executable flag doesn't control if things are runnable:
$ gcc -o hello
$ chmod a-x
$
Hello World!
3. maybe.
4. we are talking about PEBKAC here, it involves some social engineering to get
5. I personally doubt it, the more mainstream linux becomes, the relative number of developers among them will drop.
But I hope you are right (maybe I'm just pessimistic).
Re: (Score:3, Interesting)
I've sat at a conference of computer security researchers where it was discovered that one of the attendees was infected. So, it can happen to the best and brightest too.
Re:Are you sure? (Score:5, Insightful)
The point is that theres no reasonable response to "You may have malware, but you just can't detect it." I mean, if we posit the existence of undetectable malware, or at least malware undetectable by the poster, then what you have asserted is nearly impossible to disprove. Its simply lazy to respond to "I don't have any malware," with "You do, you just don't know it." Its like saying "Nuh uh! I WIN!"
If the above poster has actively looked for malware and has not found any, then its reasonable to assume he is not infected, unless you can prove otherwise.
Re: (Score:3)
Re: (Score:3, Interesting)
Whereas his lack of a firewall means that malware is actively looking for him. Based on the number of malware-indicating signs I get in my logs every day on my firewall, running on a dynamic IP on RoadRunner, I'd be very surprised if said malware isn't looking directly at his IP address many times a day, some of it using vulnerabilities he can
Re:Are you sure? (Score:5, Interesting)
It may be stupid but it's not wrong. I'm a developer and the kind of guy who sets his firewall as limited as possible, has anti-virus on, doesn't download "Free Smileys!!!" software, and in fact I'm very careful about doing things on my computer that may affect my security.
I thought I was clean, I looked clean, and the PC worked like clean. Until one day I the anti-virus detected a popular keylogger installed on my system (4 years ago). That was on top of that during a full-drive scan, not resident alert, who knows for how long was this thing running, and where it came from.
Bottom line is, the infection status isn't something easy to assess, especially if you're not very experienced in the area and especially if you consider that you're virus free by default.
The only way to not push your luck is know what you're doing, and turning your firewall off deliberately is equivalent to not knowing what you're doing.
If you ask me now, since I wiped my disk twice, and changed all my passwords and reinstalled everything since, am I virus free? I'll tell you yes.. but I'll NEVER be 100% sure in my answer, since I could easily be wrong.
It's not different on a Linux server by the way, so this is not a Windows vs Linux argument AT ALL.
Re: (Score:3, Insightful)
#1: I'm malware free.
#2: No you're not, you just don't notice it.
#1: Well, I rebooted into safe-mode, ran two anti-virus scans, some rootkit detectors, spy-ware detectors... all came up negative. My harwdware firewall shows no abnormal traffic...
#2: Maybe the virus also infect
Re: (Score:3, Insightful)
Why is my disk spinning all the time? May it be malware? Oh yes, the indexer is doing this...
Why are my apps starting slow? May it be malware? No, after drfragmenting they start faster again... or is the malware now inactive?
What are those connections in my netstats? Well just about 40 apps I have which all absolutely need to phone home for updates, latest news, patches, and god knows what
Re: (Score:2)
The only thing he is running is the free avast. He has disabled all firewalls. He doesn't do anything for malware/spyware. So let's see what you posted:
Re: (Score:3, Insightful)
That's because it's become standard for lusers to waltz into tech support with claims of "Nuh uh! I don't have any malware on my machine!" then be proven wrong about 3 seconds into a Spybot scan. I'm not saying you do, but it's a claim I've heard enough times not to take at face value.
Re:Are you sure? (Score:5, Funny)
Yes it's called vi. *dons asbestos vest*
Re: (Score:3, Interesting)
this is the truth. At my company we are considering going back to cloned drives that get re-cloned once a month. even with spybot,windows defender, company firewall, and f-secure people still get infected.
Re: (Score:2)
Re: (Score:2)
My Theory: XP can work, but not with kids (Score:5, Interesting)
My wife is computer illiterate, but she knows she's only supposed to open a small set of attachments and sees me about the rest. She knows not to open anything she doesn't recognize.
4 years, no viruses/spyware etc. I've tried a couple of those online scans and they came up clean.
However, now the kids are starting to use the PC.... I've switched to Ubuntu. I not convinced I can set up an XP machine that can't be infected by them.
That switch was a *major* pain. Switching MSmoney to gnucash, losing Photoshop, copying outlook mail history to evolution, loss of PDA syncing, blah blah blah.
Re: (Score:2)
Re: (Score:2)
However, now the kids are starting to use the PC.... I've switched to Ubuntu. I not convinced I can set up an XP machine that can't be infected by them.
You could've tried installing a good firewall (ZoneAlarm isn't exactly the most efficient one, but it's easy to use and free), and dropping to a non-admin account.
By definition, you can't infect system files in non-admin mode. Some software may not run, or not run properly, but I'd give that a shot, since you can't run any of your Windows software *at all* u
Re: (Score:2)
Sure you can, if you combine your malware with an elevation of privileges exploit.
Re:My Theory: XP can work, but not with kids (Score:5, Insightful)
Since 99% of Windows XP-s out there run in admin mode all the time, I'm pretty sure none of them is particularly well doing in the privileges exploit area.
Also this is the user level. Getting privileges higher than the current user isn't so trivial to exploit, since typically the entire browser will run at that level, including any add-ons and plugins. You do need to exploit an app running under admin, and if there's no such, you can't exploit anything.
Re: (Score:2)
Re: (Score:3, Informative)
I not convinced I can set up an XP machine that can't be infected by them.
Removing Administrator rights in XP stops 98% of possible malware infections, since it's difficult to install ANYTHING. You can even have them use IE 7 safely because they won't be able to install ActiveX controls and the JVM is likely to flip out given the rare possibility of a Java exploit.
Of course, they can't install anything. And you might run into the occasional app that requires Administrator rights. I strongly suggest you don't use these apps because it is network-aware apps with lousy coding pract
Re: (Score:2)
I believe the opposite to be more useful, but to each their own.......... No anti-virus, no windows patches. Instead, run a strict firewall, use software you trust, and use your machine as a limited user whenever possible (though XP does make this difficult).
Re: (Score:2)
It's interesting you should mention this. Lately, I get this feeling of dread every time I let my computer check for updates (it's on manual update, something else I always recommend). It always crosses my mind that the computer may not start back up after installing the latest Microsoft patches. Doesn't that make you feel gooooood all over....
Re: (Score:2)
I've never been hit by a virus, and I've been hit by spyware only once. Sadly, it was entirely my fault. I had switched over to IE to view a site that wasn't rendering in Mozilla (first mistake) and a popup appeared asking if I wanted to run an ActiveX control. I reached for "Cancel" but somehow hit "OK
Re: (Score:2)
And I don't download and install "free" programs and games.
I think this is the real reason you don't have trouble.
I haven't had a virus "hit" since about 1995, sent to me on a floppy disc via my employer (word macro virus). But then I live behind a router, update whenever MS tells me too and avoid seedy places on the net. I used firefox for a long while but have gone back to IE (a debate for a later time). Updating when MS wants to is a big part of that. Most of the exploits out there had long been patched by the time they hit the front page. The rest, since I kno
Re: (Score:2)
excuse me? (Score:2)
Re: (Score:3, Insightful)
(1) Don't run Windows as administrator. This is the most important thing you can do to secure your Windows PC.
(2) Use Firefox or Opera, if FF, use AdBlock+ and NoScript addons.
(3) Use common sense. If you "Click here to win 20000$" sounds too good to be true. Yup, it is probably an invitation for malware.
(4) Avoid downloading awesomevideo.exe when surfing for pr0n (or cracks/serials). In fact, treat every execut
Re: (Score:3, Insightful)
Running it in a VM will probably keep your main system from being infected, but how do you know when it is safe to move the suspect executable out of the VM? No matter how long you run it, it could be that the malware portion will only activate after a bit longer period than that...
Re: (Score:3, Insightful)
Re: (Score:2)
Re: (Score:2)
Of course, I'm not recommending that users don't run AV
Re: (Score:2)
Re: (Score:2)
Re: (Score:3, Insightful)
Same here, except: 1) I use a hardware firewall since I need to connect multiple computers to the Internet anyway, and use windows file sharing on my LAN. 2) No antivirus except clam, which I run once a month to make sure I haven't done something stupid.
It's amazing how unnecessary all the bloated antivirus, firewall and other security software is. Of course, this 'study' highlights that "on noes, a lot of people not using AV!" which is only natural considering the source.
The fact is, the simple act of
Re: (Score:3, Informative)
If you want to stop using IE altogether, you can use Windizupdate, which works with Firefox and Opera, and possibly a couple of other browsers.
Re: (Score:2)
Unfortunately a little common sense goes a long way and most people have even less (common sense) than that.
As I read the summary, the very same thing crossed my mind.
Well, duh, I don't run any software to detect phishing attempts for me. Am I any more at risk?
Of course I'm not; I can very well detect them on my own.
Besides, what would running such software prove? Would I somehow be miraculously unable to be terminally stupid?
OS design is *still* in its infancy (Score:2, Insightful)
The hardest part about being in IT is trying to protect users (and our systems) from themselves.
There's a number of separate issues here:
1) IMHO, it's impossible to protect users from messing with their own data, IF you want to make systems useful. A good option could be a versioned filesystem on a remote server (outside direct control of the user), where old versions of his/her files could always be retrieved. Without that, a user that says: "delete file XYZ on my local drive" will just do so, regardless of whether that was the intended or sensible thing to do.
2) It's next to impossible
Can I get a "Well DUH!" (Score:5, Insightful)
Because idiots are both highly prolific and highly creative.
Unless the world standardizes on a single platform, and never, EVER changes it again, this is always going to happen.
It's a matter of "that's not how I learned it" or "I never learned it", and they wind up making the systems do things they aren't supposed to.
It does, however, go to show you that even hordes of security professionals can't be collectively omniscient.
As always, "security" is a PROCESS, not an endpoint, not a product.
Re: (Score:2)
My personal o
Re: (Score:3, Insightful)
Pedestrian to a jumper on a ledge: "I forbid you to jump."
Jumper: Eeeeeeeeeeeeeeeeeeeeeeee! *SPLAT!*
You can forbid all you want.
You can codify it in corporate rules.
You can come up with all sorts of intricate technical controls to enforce it.
Some idiot is STILL going to find a way around it.
Re: (Score:2)
Re: (Score:2)
You can forbid all you like.
Sooner or later, it's STILL going to happen
it is not a user fault (Score:5, Insightful)
so, while the problem is between the chair and the keyboard, it is between the chair and the keyboard of the people who create the software, and not the people who use it. mostly.
Re: (Score:2)
I endorse this choice, as it would lead to more dates for moi.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2, Insightful)
as computers have become more powerful and versatile and the software more complex, the average user has a choice -- either become a nerd who follows all news, and spends large portion of their time learning about new technologies, how they are integrated, what risks are there, etc.; or ignore the problems, _trust the vendors_ to mostly do the right thing, learn the part of the interface they care about and react if they get hit. it is just not realistic to expect a user to know a lot about computers, as it is unrealistic to expect that a sick person can successfully self-medicate themselves to health. so, while the problem is between the chair and the keyboard, it is between the chair and the keyboard of the people who create the software, and not the people who use it. mostly.
Wow, way off. You have just presented a false dichotomy [wikipedia.org]. A user can choose to learn a reasonable amount of information required to maintain the health of their system and its components whether or not they 'care' about them or not. An average level of knowledge, action, and competency is not a overzealous requirement. Consider your analogy which is just as flawed. Most people are not 'medical nerds'. Yet they can deal with colds, flu, localized infections, allergies, headaches, etc. Likewise most people ha
Re: (Score:3, Interesting)
so, to extend _your_ analogy, just as the genes -- the ultimate designer
Re:it is not a user fault (Score:5, Interesting)
In WWII, they had frequent aircraft crashes caused by pilots landing with the gear up.
They consistently attributed these accidents to "pilot error".
Then somebody took a look at the design of the cockpit, and realized that it wasn't designed in a way that would make it immediately obvious to a pilot whether or not the gear was up or down. When the cockpit was re-designed, the high rate of 'gear up' landings evaporated.
In other words, the designers were blaming the users for a design flaw. Happens all the time in the software industry these days.
I'm not saying that PEBKAC errors don't happen, or that idiots don't do stupid things. But I suspect that a large slice of the cases we classify as "user error" should really be called design error.
Re: (Score:3, Funny)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I would say (Score:2)
PEBKAC Combined with a Nightmare of an OS, Sheeple (Score:5, Insightful)
I started on Tandy 1000 286s, and Commodore 64s, so I have that discipline, that experience, I learned how to walk before I ran, and ran before I flew. But that just isn't the way our world works.
Do realize that the actions these insecure people with irresponsible habits take affect the lives of millions of people through scams, and DoS attacks.
perfect business plan, yeah! (Score:3, Funny)
Re:PEBKAC Combined with a Nightmare of an OS, Shee (Score:3, Insightful)
the nightmare OS that is Windows
What's wrong with XP SP2 security wise? Or Vista? or Windows 2003 Server? Care to elaborate? No really, what is this big nightmare about Windows security post XP SP2?
Just because the users are stupid and run Windows as administrator, doesn't mean the OS itself is insecure [amazon.com].
PS: I am posting this from my Kubuntu Feisty machine.
Re: (Score:2)
Re:PEBKAC Combined with a Nightmare of an OS, Shee (Score:3)
Um, no. You ran as fast as you could on those Tandys and Commodores, which inspired you to run on to the next thing when it came out. Get off your high horse and quit whining about all the "stupid lusers". I think people like you are the only ones feeling "entitled" to anything.
Just because the general popu
the blame game: pass the buck as always... (Score:5, Insightful)
This article reeks to me of a security industry that is proactively trying to cover its ass, primarily because of the fact that the only reason they thrive is because microsoft 'needs' to keep it's source closed, and the public 'needs' an illusion of security.
Sorry, but I've recently gone through about my 5th runaround of giving selinux-Enforcing an honest try, and realizing yet again what an utter pile of useless shit it is (for the vast majority of Fedora users at least). (review my past comments which I won't argue over again... or just laugh as setroubleshootd tells you how the solution to your problem is to reboot and force a relabel... pulling in hardcoded path state from
Wake up and smell the insecurity folks and get used to it. Don't say anything within earshot of a mobile phone's mic that you wouldn't feel comfortable with any telecom employee overhearing... or anyone those employees might give network access to...
It's a brave new world. Don't give me this shit that the users are to blame.
Re: (Score:2)
This Slashvertisement rates a 4.2 out of 5 (Score:5, Insightful)
This Slashvertisement rates a 4.2 out of 5.
It caused many readers to wonder, "if McAfee has an all-in-one package that can handle all my anti-spyware, firewall, anti-virus and phishing needs?". However, McAfee was unable to get the actual product it was trying to pitch in its press release on Slashdot.
Well done (though not perfect) - another high-five to my those PR pros!
Re: (Score:3, Insightful)
Perhaps the real problem... (Score:2)
One day, we'll look back at PC security of today and laugh at the crap one had to go through just to not have your typical PC go down in flames.
Just a thought.
Re: (Score:3, Informative)
...Could be tomorrow if you downloaded an
PEBKAC? Why not PBKAC? (Score:2)
Re: (Score:2)
Re: (Score:2)
PICNIC (Score:5, Funny)
That's the phrase I heard used to describe this condition.
Re: (Score:2)
Re: (Score:2)
Most people who have computers have them for work, because kids allegedly need them for school, or because someone told them they would be left behind without one. These people have no clue how they work and no desire to learn. Microsoft makes life harder for them with every change. We have had the start menu since Windows 95, yet most still use their icons for everything.
Re: (Score:3, Informative)
There's a nut loose on your keyboard.
OSI Layer 8 error.
There's heaps of ways to describe the problem.
Re: (Score:2)
Weird stats. (Score:2)
13% don't use antivirus... how many are Mac or Linux users?
30% don't use anti-spyware stuff... how many are running OSX or Linux (again), or are browsing with scripts and other stupid things turned off?
73% don't report using anti-phishing software... doesn't IE have that on by default now? So the users are almost CERTAINLY misinformed about this one; they've got protections running they don't even know about.
Same for firewalls. I know both OSX and Windows XP
Re: (Score:2)
Anti-virus advertisement (Score:2)
In my history of major computer usage, I had three "infections" that I had experience with. Of these three, I do admit I was a little foolish with one of them, but they have all been purged entirely. The anti-virus or anti-spyware only served as a reactive approach, and weren't effective in preventing the software from entering in the first place (in spite of the AV software displaying a warning that a program was infected.)
The only way t
Microsoft should give us all refunds... (Score:2)
I mean they don't sell cars without brakes do they?
ah yes, PEBKAC revisted. (Score:2)
2) posts concerning elistist administrator mentality concerning users and the perils of treating users as the problem
3) posts concerning effective training
4) that ac who always posts that longass vulgar post.
Thank you and goodnight
no math nazis? (Score:2)
A subset of this would have a pretty big margin of error would it not?
Most studies i recall use more than 1000 people to get to 3% error, not knowing the subset (or the set for sure) wouldn't a margin of error nearing 10% be entirely possible?
This would seem to invalidate the whole thing pretty much (in case the MacAfee tag didn't do that already!) This would lea
They've identified the wrong problem (Score:5, Insightful)
anti-phishing, anti-left-handed-metric-wrench software.
The problem is that users CHOOSE to use operating system and
applications which are so miserably designed and written that they
are susceptible to these problems as-shipped by the vendor(s).
(I take the position that any OS which needs anti-virus software
to survive in the wild is clearly broken and should never by used. By anyone.)
Anti-* software is a band-aid. Its use is a clear indication that the
product it's trying to band-aid is broken. And anyone deliberately
using known-broken products should not be very surprised if Bad
Things happen as a result.
It continues to amaze me that anyone is surprised by this --
although I suppose by now I ought to have gotten accustomed to
this state of affairs. [Some] people install obviously defective
operating systems (e.g., any version of Windows), use obviously
defective mail clients (e.g., Outlook), use obviously defective
web browsers (e.g., IE) and then actually expect that they can
somehow make up for this series of stunningly poor decisions
by installing enough add-ons. It doesn't work, of course, which is
why we see hundreds of millions of infected systems out there,
spewing spam, conducting DoS attacks, poking at web servers,
brute-forcing ssh servers, and so on.
My point being that by the time the conversation has gotten to
anti-* software -- it's too late. The damage has been done, and
there's no undoing it (despite lots of wishful thinking and the
earnest assurances of anti-* vendors, who of course, let's not
forget, have a substantial profit motive).
(Ah. About this point, some M$ apologist will raise one of the
usual canards -- for example, "M$ products are attacked because
they're popular". Not true, of course; M$ products are attacked
because they're miserably weak as a result of incompetent design
and even worse implementation. M$ is hardly alone in this, it's
that for some inexplicable reason, it seems to attract the most
defenders -- despite the fact that as possibly the most well-funded,
well-staffed, well-equipped software company in the world...it
has repeatedly proven that it can't even write a decent mail client.)
So. These studies shouldn't ask questions like "Are you using
anti-spyware?" They should ask questions like "Why are you dumb
enough to use an OS/application software combination so badly
written and maintained that anti-spyware is deemed necessary?"
Old viruses still prevalent (Score:3, Insightful)
Not just microsoft... (Score:2)
The problem is between the computer and Microsoft via the tubes.
Bullshit; it's not just Microsoft. A long-standing complaint of mine about Apple Mail is that it does not show the true URL in an HTML email via tooltips or any other method. The only way the user has to see the URL is to copy it, then manually paste it into the address bar in Safari or Firefox. So, "Click here to login to your account" is impossible to verify without extra work.
It'd take one engineer about 10 minutes to code in such a
Re: (Score:3, Insightful)
Because of this, anti-virus software embeds itself very deeply in the system and runs with ring 0 privs to prevent virii from subverting them.
Re: (Score:2)
We laughed all the way as well.
I think we may have problems...
Re: (Score:3, Funny)
These people may have more sexually transmitted diseases, but i bet they get laid more often.
Re: (Score:2)
Much like those who think that running a PC without up-to-date virus killers and spyware scanners is irresponsible. That depends on other factors, and software like this is only a minor tool to help avoid it, and sometimes even cause more problems than they solve by becoming a pillow for the users, who erroneously think they're safe and discard other more effective approaches, lik
Why are you proud of using broken tools? (Score:3, Insightful)
Because I've been a network administrator herding a 100-400 programmers plus their administrators and secretaries and sales guys and so on, for 20 years. And I do protect myself.
* Don't use Windows at all unless you have to.
* If you have to, don't use any application that uses the HTML control on untrusted content.
* If you have to, don't run any services on it you don't need
Re: (Score:3, Insightful)
A computer is neither a toy now an appliance. It is a tool. It is a very powerful and complex tool. Expecting a "computer company" (Im not sure if you are referring to PC OEM's like Dell and HP, or Microsoft) to be able to successfully design a system to be both meaningfully usable by an idiot to accomplish anything useful while still remaining secure i