PEBKAC Still Plagues PC Security 300
Billosaur writes "ARS Technica is reporting on a study release by McAfee and the National Cyber Security Alliance (as part of the beginning of National Cyber Security Awareness Month) that suggests when it comes to PC security, the problem between the keyboard and the chair is even worse. PEBKAC has always been a problem, but the study highlights just how prevalent it has become. 87 percent of the users contacted said they used anti-virus software, while 70 percent use anti-spyware software. Fewer (64 percent) reported having their firewalls turned on, and only 27 percent use software designed to stop phishing attempts. Researchers were allowed to scan the computers of a subset of the users, and while 70 percent claimed to be using anti-spyware software, only 55 percent of the machines of those users scanned showed evidence of the software."
PIBTCAMVTT (Score:1, Insightful)
Are you sure? (Score:5, Insightful)
That you know of. A lot of zombie-related malware is intended to be very stealthy.
Can I get a "Well DUH!" (Score:5, Insightful)
Because idiots are both highly prolific and highly creative.
Unless the world standardizes on a single platform, and never, EVER changes it again, this is always going to happen.
It's a matter of "that's not how I learned it" or "I never learned it", and they wind up making the systems do things they aren't supposed to.
It does, however, go to show you that even hordes of security professionals can't be collectively omniscient.
As always, "security" is a PROCESS, not an endpoint, not a product.
PEBKAC Combined with a Nightmare of an OS, Sheeple (Score:5, Insightful)
I started on Tandy 1000 286s, and Commodore 64s, so I have that discipline, that experience, I learned how to walk before I ran, and ran before I flew. But that just isn't the way our world works.
Do realize that the actions these insecure people with irresponsible habits take affect the lives of millions of people through scams, and DoS attacks.
the blame game: pass the buck as always... (Score:5, Insightful)
This article reeks to me of a security industry that is proactively trying to cover its ass, primarily because of the fact that the only reason they thrive is because microsoft 'needs' to keep it's source closed, and the public 'needs' an illusion of security.
Sorry, but I've recently gone through about my 5th runaround of giving selinux-Enforcing an honest try, and realizing yet again what an utter pile of useless shit it is (for the vast majority of Fedora users at least). (review my past comments which I won't argue over again... or just laugh as setroubleshootd tells you how the solution to your problem is to reboot and force a relabel... pulling in hardcoded path state from
Wake up and smell the insecurity folks and get used to it. Don't say anything within earshot of a mobile phone's mic that you wouldn't feel comfortable with any telecom employee overhearing... or anyone those employees might give network access to...
It's a brave new world. Don't give me this shit that the users are to blame.
Re:Are you sure? (Score:5, Insightful)
I've never been infected by malware. And I have confirmed this every time I've been challenged on that point. Doesn't stop people comming out and saying that I really am infected, I just can't detect it.
This Slashvertisement rates a 4.2 out of 5 (Score:5, Insightful)
This Slashvertisement rates a 4.2 out of 5.
It caused many readers to wonder, "if McAfee has an all-in-one package that can handle all my anti-spyware, firewall, anti-virus and phishing needs?". However, McAfee was unable to get the actual product it was trying to pitch in its press release on Slashdot.
Well done (though not perfect) - another high-five to my those PR pros!
Re:Are you sure? (Score:2, Insightful)
1. The average user won't be running as root so when you are there, theres nothing you can mess up enough to make the system unusable
2. Linux was designed with the Internet in mind, Windows wasn't, for example, binary files must be flagged to execute them before they execute making it nearly impossible for you to just "visit a webpage" and be infected
3. The code is open and more people will be finding out security flaws before crackers do, also there are faster patches then Windows and you can patch it yourself.
4. There are enough differences to make there be just about impossible to make a script to infect the core portions such as there are many different web browsers, lynx, elinks, Firefox, Konqueror, Galeon.... and many programs can run in non-interactive mode making hiding malware harder.
5. The base of developers grows proportional to the base of users, where as MS has to hire more people, Linux programmers don't need to get paid and can be from ANY country, ANY age, ANY religion etc. to contribute code.
So no, there is little threat of malware in Linux the way it is in Windows.
it is not a user fault (Score:5, Insightful)
so, while the problem is between the chair and the keyboard, it is between the chair and the keyboard of the people who create the software, and not the people who use it. mostly.
Re:Can I get a "Well DUH!" (Score:3, Insightful)
Pedestrian to a jumper on a ledge: "I forbid you to jump."
Jumper: Eeeeeeeeeeeeeeeeeeeeeeee! *SPLAT!*
You can forbid all you want.
You can codify it in corporate rules.
You can come up with all sorts of intricate technical controls to enforce it.
Some idiot is STILL going to find a way around it.
Re:Are you sure? (Score:5, Insightful)
I mean, go on, prove to me right now, without a doubt, that your Linux box is not infected by some rare virus that people haven't seen and don't know how to detect. And just to head you off, claiming "Linux doesn't have viruses" isn't a valid response. After all, maybe you're one of the lucky first people to be infected, and you just don't know it yet! See how convenient this is? You can't prove that you DON'T have a virus short of taking a dump of the bits on the physical platter and doing a diff.
Theres ways to be reasonably sure (as in, 99.999999%). There's no reason to believe that the poster that started the thread was not able to be reasonably sure.
But since you brought this up, tell me how you're going to prevent "Dear stupid user, please install this trojan as root to get your free cursors!" without taking control of the user's own computer away from him or her. You do realize thats how a lot of Windows malware is getting out there right now, don't you?
Oh and just so you know, there are trojans out there for Linux. One of the systems at my old job was cracked. Luckily the admin noticed that someone was trying to get a rootkit on his system. These cracks often involve software installed on the Linux system with incorrect security settings, as I believe was the case here. But thats the point: the security of the system ultimately falls upon the user not doing stupid things, which is impossible to guarantee without taking control of the computer away from said user.
Re:Are you sure? (Score:5, Insightful)
The point is that theres no reasonable response to "You may have malware, but you just can't detect it." I mean, if we posit the existence of undetectable malware, or at least malware undetectable by the poster, then what you have asserted is nearly impossible to disprove. Its simply lazy to respond to "I don't have any malware," with "You do, you just don't know it." Its like saying "Nuh uh! I WIN!"
If the above poster has actively looked for malware and has not found any, then its reasonable to assume he is not infected, unless you can prove otherwise.
Re:Are you sure? (Score:3, Insightful)
#1: I'm malware free.
#2: No you're not, you just don't notice it.
#1: Well, I rebooted into safe-mode, ran two anti-virus scans, some rootkit detectors, spy-ware detectors... all came up negative. My harwdware firewall shows no abnormal traffic...
#2: Maybe the virus also infected your firewall and hides itself from the scanners! Theres no way to know!
I mean, at what point is it reasonable to say that a computer is likely clean, or most assuredly clean?
Re:My Theory: XP can work, but not with kids (Score:5, Insightful)
Since 99% of Windows XP-s out there run in admin mode all the time, I'm pretty sure none of them is particularly well doing in the privileges exploit area.
Also this is the user level. Getting privileges higher than the current user isn't so trivial to exploit, since typically the entire browser will run at that level, including any add-ons and plugins. You do need to exploit an app running under admin, and if there's no such, you can't exploit anything.
Re:Antivirus is a Virus (Score:3, Insightful)
Because of this, anti-virus software embeds itself very deeply in the system and runs with ring 0 privs to prevent virii from subverting them.
Re:And the solution is... (Score:3, Insightful)
(1) Don't run Windows as administrator. This is the most important thing you can do to secure your Windows PC.
(2) Use Firefox or Opera, if FF, use AdBlock+ and NoScript addons.
(3) Use common sense. If you "Click here to win 20000$" sounds too good to be true. Yup, it is probably an invitation for malware.
(4) Avoid downloading awesomevideo.exe when surfing for pr0n (or cracks/serials). In fact, treat every executable you download as a virus. Use a VM to test them. Free virtualization is available and is easy to use.
(5) Use a router with built-in firewall (most have it anyways).
(6) If you are really paranoid, do your surfing inside a VM.
Re:Are you sure? (Score:3, Insightful)
Why is my disk spinning all the time? May it be malware? Oh yes, the indexer is doing this...
Why are my apps starting slow? May it be malware? No, after drfragmenting they start faster again... or is the malware now inactive?
What are those connections in my netstats? Well just about 40 apps I have which all absolutely need to phone home for updates, latest news, patches, and god knows what else. Did I verify each single one of those? What if I missed a tiny little trojan mailing my passwords somewhere in China?
Same with rootkit revealers: they reveal suspected entries, and have false negatives, and false positives. you can never be quite sure. I've ran Mark russinovich's rootkit revealer (and still do from time to time) and there are always a bunch of entries that show up on my system.
However looking up on the Internet it turns out all of those are legitimate... But what if the rootkit author uses weaknesses in legitimate software to hide his OWN malicious activites in the same exact locations?
So, all in all, this is why I can't say 100% I'm virus free. I just do everything I'm supposed to do to stay virus free. Guarantees are impossible on either sufficiently complex system.
You know, "any sufficiently complex technology shall be regarded as magic"...
Re:And the solution is... (Score:3, Insightful)
Re:PEBKAC Combined with a Nightmare of an OS, Shee (Score:3, Insightful)
Just because the users are stupid and run Windows as administrator, doesn't mean the OS itself is insecure [amazon.com].
PS: I am posting this from my Kubuntu Feisty machine.
OS design is *still* in its infancy (Score:2, Insightful)
There's a number of separate issues here:
1) IMHO, it's impossible to protect users from messing with their own data, IF you want to make systems useful. A good option could be a versioned filesystem on a remote server (outside direct control of the user), where old versions of his/her files could always be retrieved. Without that, a user that says: "delete file XYZ on my local drive" will just do so, regardless of whether that was the intended or sensible thing to do.
2) It's next to impossible to make the complex software systems of today 100% bug-free. So you always have the chance that some program fucks up (remotely triggered, on purpose or otherwise), and screws up user data. A sensible (automated?) backup strategy should protect you from this one though.
3) And then there's the OS kernel, core libraries, hardware drivers, bootup files etc. This should be the easiest part IMO. It should be possible to have systems where users can fuck up their own data, and sometimes get hit by crappy/malicious programs, but where the base of the system remains functional and reliable, regardless what happens to everything running on top of it. When I consider it's about 25 years ago I first got familiar with the concept of a personal computer, I am really *AMAZED* the IT industry hasn't even reached this point. Is it really *THAT* hard to design software systems where users can add & remove 3rd party packages or update non-essential components, without endangering the core functionality of the system? That's not a user friendliness vs. security, but an overall system design issue.
Re:Are you sure? (Score:3, Insightful)
That's because it's become standard for lusers to waltz into tech support with claims of "Nuh uh! I don't have any malware on my machine!" then be proven wrong about 3 seconds into a Spybot scan. I'm not saying you do, but it's a claim I've heard enough times not to take at face value.
Re:This Slashvertisement rates a 4.2 out of 5 (Score:3, Insightful)
Re:it is not a user fault (Score:2, Insightful)
They've identified the wrong problem (Score:5, Insightful)
anti-phishing, anti-left-handed-metric-wrench software.
The problem is that users CHOOSE to use operating system and
applications which are so miserably designed and written that they
are susceptible to these problems as-shipped by the vendor(s).
(I take the position that any OS which needs anti-virus software
to survive in the wild is clearly broken and should never by used. By anyone.)
Anti-* software is a band-aid. Its use is a clear indication that the
product it's trying to band-aid is broken. And anyone deliberately
using known-broken products should not be very surprised if Bad
Things happen as a result.
It continues to amaze me that anyone is surprised by this --
although I suppose by now I ought to have gotten accustomed to
this state of affairs. [Some] people install obviously defective
operating systems (e.g., any version of Windows), use obviously
defective mail clients (e.g., Outlook), use obviously defective
web browsers (e.g., IE) and then actually expect that they can
somehow make up for this series of stunningly poor decisions
by installing enough add-ons. It doesn't work, of course, which is
why we see hundreds of millions of infected systems out there,
spewing spam, conducting DoS attacks, poking at web servers,
brute-forcing ssh servers, and so on.
My point being that by the time the conversation has gotten to
anti-* software -- it's too late. The damage has been done, and
there's no undoing it (despite lots of wishful thinking and the
earnest assurances of anti-* vendors, who of course, let's not
forget, have a substantial profit motive).
(Ah. About this point, some M$ apologist will raise one of the
usual canards -- for example, "M$ products are attacked because
they're popular". Not true, of course; M$ products are attacked
because they're miserably weak as a result of incompetent design
and even worse implementation. M$ is hardly alone in this, it's
that for some inexplicable reason, it seems to attract the most
defenders -- despite the fact that as possibly the most well-funded,
well-staffed, well-equipped software company in the world...it
has repeatedly proven that it can't even write a decent mail client.)
So. These studies shouldn't ask questions like "Are you using
anti-spyware?" They should ask questions like "Why are you dumb
enough to use an OS/application software combination so badly
written and maintained that anti-spyware is deemed necessary?"
Re:And the solution is... (Score:3, Insightful)
Running it in a VM will probably keep your main system from being infected, but how do you know when it is safe to move the suspect executable out of the VM? No matter how long you run it, it could be that the malware portion will only activate after a bit longer period than that...
Why are you proud of using broken tools? (Score:3, Insightful)
Because I've been a network administrator herding a 100-400 programmers plus their administrators and secretaries and sales guys and so on, for 20 years. And I do protect myself.
* Don't use Windows at all unless you have to.
* If you have to, don't use any application that uses the HTML control on untrusted content.
* If you have to, don't run any services on it you don't need.
THAT is "protection".
If you don't do that, you're having unprotected sex with the Internet.
Using Antivirus software is like taking prophylactic antibiotics and interferon and RU486 every morning. And like taking drugs you don't need, antivirus software can cause problems just by running it. It can crash your programs, lose your data, and false positives can cause you to waste time.
When someone new to our network was having problems, first thing I typically did was turn off ZoneAlarm on their computer. That gave me an opportunity to make sure they had a recent non-IE browser and a non-Outlook mail program, and let them know of our corporate policy on IE and Outlook (which was 'you don't use these programs on our network').
We had no virus outbreaks until we were forced by the parent company to standardize on Macafee antivirus and IE, turn on the Microsoft remote administration tools, and so on... and when the company got hit by the next worm we got it too. First time that had happened since we started seeing the virus storms come through five years earlier.
Do you drive your car without insurance? Do you drive without buckling your seatbelt and leave all of the windows down so that you will be "thrown clear" in the accident?
Nope, and I don't drive my computer without a real OS, and I don't use Windows without disabling as much IE as I can, and I don't run antivirus software so that when I'm infected it'll tell me it's deleting critical system files because they can't be repaired.
Sticking your head in the Windows may make you feel good, but don't kid yourself that it's safe.
Re:And the solution is... (Score:3, Insightful)
Same here, except: 1) I use a hardware firewall since I need to connect multiple computers to the Internet anyway, and use windows file sharing on my LAN. 2) No antivirus except clam, which I run once a month to make sure I haven't done something stupid.
It's amazing how unnecessary all the bloated antivirus, firewall and other security software is. Of course, this 'study' highlights that "on noes, a lot of people not using AV!" which is only natural considering the source.
The fact is, the simple act of disabling Outlook Express and Internet Explorer by default on new computers would probably put most antivirus companies out of business.
Re:And the solution is... (Score:2, Insightful)
In Australia we have a children's story called Rock Stew. Basic gist is that this character is trying to sell "Rock Stew" to a wealthy merchant. First you boil the water, then simmer with the rock in the pot. Then add some ingredients such as chicken, vegetables, etc, etc. Simmer for a bit longer, remove the rock, and serve. Mmm, that's good stew. Stupid wealthy merchant buys this incredible rock.
Of course you and I know the rock had nothing to do with it. It was all them other good ingredients. But some people get suckered in all the same.
Anyway my point is, firefox hasn't saved you - your own common sense of not downloading crap has saved you. My sister, who is known to cry "free emoticons?!? YES PLEASE!" and "Win $100 just for filling out a couple of surveys?!? Sign me up!" - she wouldn't be saved by firefox at all. She'd bypass any pop up blockers etc. that firefox throws her way.
Also, I loved your "I don't have any anti-malware scanners, and my PC has absolutely no malware on it". Classic. It's as good as "Our town fired all the policemen, and now we have no crime! (well, nobody's being caught doing crime)".
Old viruses still prevalent (Score:3, Insightful)
Re:Blame The User still plagues PC security, too (Score:3, Insightful)
A computer is neither a toy now an appliance. It is a tool. It is a very powerful and complex tool. Expecting a "computer company" (Im not sure if you are referring to PC OEM's like Dell and HP, or Microsoft) to be able to successfully design a system to be both meaningfully usable by an idiot to accomplish anything useful while still remaining secure is unrealistic.
Everyone thinks Microsoft did such greate things for IT and computers, when in fact all it did was pretend that it could eliminate the intelligence requirement for using a complex tool. Unfortunately the average moron is now firmly convinced this is true.
This just prooves that... (Score:2, Insightful)
The favourite Microsoft Fanboy Argument about the easiness of Windows is a dead heering, just because someone think they can use an OS does not mean that they can.
...and since Microsoft makes anybody admin per default (on Vista too ?) anything the user run can kill both the virusscanner, firewall and anything else (if not by simply shutting it down then by putting it in debug mode).
--
Yes, I'm propably starting another flamewar... but my args. are valid.
Re:They've identified the wrong problem (Score:2, Insightful)
Re:Are you sure? (Score:1, Insightful)
Not quite. Leaving it on just because you think there are scary hackers outside in the bushes, and that turning on your firewall will keep you safe, is a sign of not knowing what you are doing.
Bottom line is, the infection status isn't something easy to assess,
It's fairly easy. Infections almost always serve a purpose (like a botnet). If you see network activity or disk activity while you aren't doing anything, that's a big tip off.
If you ask me now, since I wiped my disk twice, and changed all my passwords and reinstalled everything since, am I virus free?
If you do that more frequently than Presidential elections, you are doing something wrong. I still have the original Windows XP install I did in August 2001. No problems. No antivirus.