PEBKAC Still Plagues PC Security

Billosaur writes "ARS Technica is reporting on a study release by McAfee and the National Cyber Security Alliance (as part of the beginning of National Cyber Security Awareness Month) that suggests when it comes to PC security, the problem between the keyboard and the chair is even worse. PEBKAC has always been a problem, but the study highlights just how prevalent it has become. 87 percent of the users contacted said they used anti-virus software, while 70 percent use anti-spyware software. Fewer (64 percent) reported having their firewalls turned on, and only 27 percent use software designed to stop phishing attempts. Researchers were allowed to scan the computers of a subset of the users, and while 70 percent claimed to be using anti-spyware software, only 55 percent of the machines of those users scanned showed evidence of the software."

And the solution is...

[It doesn't come easy]

I use Avast free home edition anti-virus program and that's it. No firewall (and I turn off the "firewall" that comes with XP) and no anti-spyware programs. And in more than 3 years I have had zero malware of any sort on my computers running XP.

The secret of my success is that I also don't use Internet Explorer (except for the Windows Update website, cause Microsoft makes me). That one step protects me from >95% of the malware. The other 5% is handled by Avast and Firefox. And I don't download and install "free" programs and games.

Boycott Internet Explorer (and all of the loss of security, privacy, and control of your own computer that goes with it), use Firefox and a good anti-virus program, and don't do stupid things on the net and you're golden.

Re:Are you sure?

[garcia]

That you know of. A lot of zombie-related malware is intended to be very stealthy.

They aren't stealthy enough to go through a logged firewall w/o being missed. IMHO, that's the best defense to any network -- paying attention to what the fuck is going on with your connection.

My Theory: XP can work, but not with kids

[spagetti_code]

Similar here, but I've run XP, *no* AV, *no* anti-spyware etc for 4 years. I do have a firewall/wireless hub for the house. I browse with Firefox only, and thats kept up to date and has Adblock and NoScript. My mail is scanned (although quite a few nasties sneak through).

My wife is computer illiterate, but she knows she's only supposed to open a small set of attachments and sees me about the rest. She knows not to open anything she doesn't recognize.

4 years, no viruses/spyware etc. I've tried a couple of those online scans and they came up clean.

However, now the kids are starting to use the PC.... I've switched to Ubuntu. I not convinced I can set up an XP machine that can't be infected by them.

That switch was a *major* pain. Switching MSmoney to gnucash, losing Photoshop, copying outlook mail history to evolution, loss of PDA syncing, blah blah blah.

Re:Are you sure?

[Brigadier]

this is the truth. At my company we are considering going back to cloned drives that get re-cloned once a month. even with spybot,windows defender, company firewall, and f-secure people still get infected.

Antivirus is a Virus

[pQueue]

Every antivirus software I've ever installed acts exactly like a virus. It runs processes I can't kill which spawn new processes, it can't be fully uninstalled, it takes lots of resources, it trys to phone home all the time, and annoys me with popups. Is there any good anti-virus scanner for windows that doesn't change the registry and can be run on individual files or directories when you direct it to? All of the ones I've tried want to take over your system.

Re:Are you sure?

[winkydink]

Storm has, by some estimates, infected over 10 million machines. Vint Cerf, speaking at the World Economic Forum, estimated that as many as 25% of all computers on the internet are infected. How many of those do you think are running a/v? How many of the users of those infected machines that have a/v actually think they are infected?

I've sat at a conference of computer security researchers where it was discovered that one of the attendees was infected. So, it can happen to the best and brightest too.

Re:Are you sure?

[suv4x4]

Seriously, its become standard to retort to claims of malware free with Windows with "Nuh uh! You probably just don't know you have it!" which is stupid if only for the reason that such a claim isn't reasonably falsifiable.

It may be stupid but it's not wrong. I'm a developer and the kind of guy who sets his firewall as limited as possible, has anti-virus on, doesn't download "Free Smileys!!!" software, and in fact I'm very careful about doing things on my computer that may affect my security.

I thought I was clean, I looked clean, and the PC worked like clean. Until one day I the anti-virus detected a popular keylogger installed on my system (4 years ago). That was on top of that during a full-drive scan, not resident alert, who knows for how long was this thing running, and where it came from.

Bottom line is, the infection status isn't something easy to assess, especially if you're not very experienced in the area and especially if you consider that you're virus free by default.

The only way to not push your luck is know what you're doing, and turning your firewall off deliberately is equivalent to not knowing what you're doing.

If you ask me now, since I wiped my disk twice, and changed all my passwords and reinstalled everything since, am I virus free? I'll tell you yes.. but I'll NEVER be 100% sure in my answer, since I could easily be wrong.

It's not different on a Linux server by the way, so this is not a Windows vs Linux argument AT ALL.

Re:Are you sure?

[Architect_sasyr]

The tripwire installation (cold boot checking), Snort console and usage graphs say that my FreeBSD box hasn't been infected since it was installed.

There is one possibility, and that is there was code slipped into the repository prior to the 6.2-RELEASE CD's being created (verified the sum of the CD's when I got them) which could be rooting my box. I don't have the time to be doing (is it Orange book?) procedures that will ensure this doesn't happen. I'm with Rycross, there are so many ways to be infected that saying your not is just setting yourself up for a fall.

Re:it is not a user fault

[siddesu]

your analogy would be true if the people had at their disposal equipment for dealing with computers similar to the one they have to take care of disease and so on in their bodies. as it happens, it is the body that takes care of all these, and the person doesn't participate in the process. the various over-the-counter medicines mostly make the process less painful. why is that so? because the body (or the person) has other things to do.

so, to extend _your_ analogy, just as the genes -- the ultimate designers of the body -- take care of their 'product' in the case of sickness, so should the software designers and vendors take care of their product -- the software when it is sick. the user has other, better things to learn.

anyhow, out of here ;)

Re:it is not a user fault

[big_paul76]

Here here.

In WWII, they had frequent aircraft crashes caused by pilots landing with the gear up.

They consistently attributed these accidents to "pilot error".

Then somebody took a look at the design of the cockpit, and realized that it wasn't designed in a way that would make it immediately obvious to a pilot whether or not the gear was up or down. When the cockpit was re-designed, the high rate of 'gear up' landings evaporated.

In other words, the designers were blaming the users for a design flaw. Happens all the time in the software industry these days.

I'm not saying that PEBKAC errors don't happen, or that idiots don't do stupid things. But I suspect that a large slice of the cases we classify as "user error" should really be called design error.

No!

[TwilightXaos]

That is stupid. Users have a right to own their own software and hardware. Users, customers, and people do not buy a license to use software. Nor do they, for the most part, lease hardware. They buy it, and they own it, and it is theirs. What you are suggesting, is selling criplled machines under the guise of security.

Aside from being moraly retarded, it still ignores the issue of human nature. All it would take is one person that has some of these "root passwords" to sell them, or leak them, and users machines could be compromised and they would not even be able to detect it. It will happen, sooner or later. You cannot say that the info won't be leaked, Social Engeneering, lapse of judgement, or outright theft could all cause the leak. Look at the recent history of leaks on /. alone for examples. To say that even with the information an attacker could not break your Hard Core security model is niave at best. All code has bugs. All security models have holes.

As I have stated above, your idea does not solve the problem, and is an insult to users of whatever product you make with this idea in mind. Further, for it to be effective you must get people to use it. How would you do that? Even good Software is not enough to compel users to switch if what they are using does the job at least medocore. Look at the number of people using Windows, and Office. This is evidence enough that people won't change. Would you have governments regulate that this security must be used? Certianly this scheme must be a DRM like scheme if it restricts the rights and privleges of users on their own machines. Would your "qualified professionals" support this? Let's just ask some of them here on /.

Your poorly laid out suggestion also ignores another key question: Who would determine which ones of us are "qualified professionals"?

If users don't control their own machines, Someone must. They will need this "root password" to to software upgrades, install trusted and usefull software (we can't let users do this or the point is moot), do system upgrades. If every nimbwit @ best buy's geek squad can get this access then systems will still be infected, because some of these people are dumber than most users we are trying to protect. They would, at the very least, use their access to unlock their home machines. Then they are victim to all the same tricks and exploits they are now. If you restrict it too much then people won't want to use your platform, and will either use something else or get very upset until things are changed. Of course then we need to decide who picks the "qualified professionals". I don't want you picking them, and I bet you don't want me to. Neither of us wants lawmakers to pick them. Microsoft wants Microsoft to pick them; others disagree sharply. This is another non-trivial issue your moronic idea fails to acount for.

In short:
Piss Off!

Re:Are you sure?

[n3tcat]

Odds are that your virus scanner found one of your keygens from an old warez program you had. I've seen that happen a LOT in the last 6 months or so, and not just on my computer but several of my friends' computers as well.

Re:Are you sure?

[Syberghost]

But that's the point; he only has anti-virus installed and DOESN'T use any of the tools that CAN detect other malware types, so he ISN'T actively looking for malware.

Whereas his lack of a firewall means that malware is actively looking for him. Based on the number of malware-indicating signs I get in my logs every day on my firewall, running on a dynamic IP on RoadRunner, I'd be very surprised if said malware isn't looking directly at his IP address many times a day, some of it using vulnerabilities he can't yet have patched for the simple reason that patches for it don't yet exist.