Dan Geer On Trusting PCs In Botnets 301
walk*bound writes "In an essay published by ZDNet, security scientist Dan Geer has an interesting proposal for e-commerce sites to evaluate the trustworthiness of clients that try to connect. Assume that end users either always say 'Yes' or always say 'No' to security dialog boxes. Then make the decision one of two ways: 'When the user connects, ask whether they would like to use your extra special secure connection. If they say "Yes," then you presume that they always say "Yes" and thus they are so likely to be infected that you must not shake hands with them without some latex between you and them. In other words, you should immediately 0wn their machine for the duration of the transaction — by, say, stealing their keyboard away from their OS and attaching it to a special encrypting network stack all of which you make possible by sending a small, use-once rootkit down the wire at login time, just after they say "Yes."'"
That worked so well (Score:5, Insightful)
Re: (Score:2)
Re: (Score:2)
Re:That worked so well (Score:4, Funny)
At least I didn't get Gilligan and the Professor in the mix.
Re: (Score:2)
Re:That worked so well (Score:4, Insightful)
Re: (Score:2)
Re: (Score:2)
More smarmy than my first reply, I mean.
Re:That worked so well (Score:5, Interesting)
I'd say that the main problem with this scenario is the idea of a business being benevolent. I don't trust them to not screw me... but isn't that the author's point? It's an interesting concept, even if it likely wouldn't execute well. At the very least, the idea of somehow measuring a customer's willingness to just click the "yes" button is worth some thought.
Re:That worked so well (Score:5, Insightful)
Actually, if I "agree" (i.e., say yes), it means I *do* mind being root-kitted. If the company then proceeds to root-kit my machine, they are definitely opening themselves up for a lawsuit.
That question is almost as bad as the infamous:
But really, this error reinforces some of the disturbing aspects of the original question as cited. Users who answer "Yes" to using a more secure question may be idiots who always click yes; they may be knowledgeable users who expect something like SSL. They are unlikely to be sophisticated users that expect to be root-kitted.
I certainly agree with parent about the dangers of assuming benevolence -- from corporations, or governments.
Holmwood
Re: (Score:3, Insightful)
Re:That worked so well (Score:5, Funny)
(assuming that "Yes means No and No means Yes" is still in effect).
Re: (Score:3, Insightful)
Re: (Score:3, Interesting)
Maybe we should have a similar system on the internet: A special, restricted use network to be used only by licensed operators, and a free, no-license citizen's band internet for myspace users and similar fauna.
Asking to be Secure means already infected? (Score:3, Insightful)
A few of the commentators on \. have managed to translate the editorial into a proposal that actually might make some sense, but reading it as written, the proposal is the worst, most
WTF (Score:5, Insightful)
Numbers (Score:5, Insightful)
BTW, I think this is an interesting essay in the sense that it dares suggest that users are mostly responsible for the security of their computers, not Microsoft. The vast majority of people who have 0wned machines are in that state because they did something they shouldn't have. There's no coding around that, I think. Unless we deny users the right to use their computers... or educate them.
Re:Numbers (Score:5, Insightful)
You can't educate most of them. They don't want to learn. It's unfortunate but it's the truth. Laypeople think that "firewall" and "anti virus" is all they need to keep them safe from nasty people. I have the unfortunate task of dealing with people like that on a daily basis (many ask why I'm so jaded) and they don't care what the real experts say.
If you tell average Joe that he shouldn't do something that he wants to because it's a bad idea and then Joe's "expert" mate says "nah man you've got firewall and AV installed you'll be right" he'll ignore you. He will listen to the "expert" mate of theirs that installed Windows once or twice using the restore disk that came with their shiny Dull PC and now thinks they know everything because the "expert" doesn't get in their way of doing stupid things.
The number of users who click 'yes' and 'no' will be split 50/50, depending on the question. I don't think it's possible to predict what people are going to click because it all depends on the type of message and the wording.
A lot of people always click allow or always click block when ZoneAlarm pops up a warning. They'll always click "Allow" when Windows pops up and says that they are trying to install an unsigned program. They have seen that type of dialog before and kind of know what to expect when they make their usual response.
Random Internet questions are different because people aren't expecting them to be there. There is no preconceived notion of how to respond to the random question other than to read it and work out what it's trying to say.
Re: (Score:3, Insightful)
Hiding the extensions by default might make the interface seem less cluttered, but it definitely creates cr
Re:Numbers (Score:5, Insightful)
BBBBBZZZZZZZZZZZZZZZZZZZZZTTTTT!!!!
Sorry, Charlie. You got this one wrong!
True or false: Some places are more secure places to keep your money.
True or false: Some cars are safer during a crash than others.
True or false: Some airports are safer/more efficient than others.
Now for the kicker:
True or false: Some software is more secure/better designed than others.
The truth is that my wonderful Mother in Law had her computer infected by merely clicking the subject line of an email on her otherwise patched computer with antivirus and a hardware firewall on a DSL connection. What did she do that she shouldn't have?
People sometimes do stupid things, and even reasonable things in cars and get into accidents. But even so, a car that's well designed will protects its occupants better, and frequently makes the difference between injury and death. You get into an auto accident on the freeway, which would YOU rather be in: A Yugo or a Mercedes? I know which one I'D pick...
People *do* make mistakes, and they *do* things that are stupid. If using a computer requires perfect behavior in order to work, then they won't work.
Re:Numbers (Score:4, Insightful)
No. They might be to stupid to operate a computer, or to stupid to operate a computer connected to Internet without getting infected in less than 30 seconds. But I believe even most primates are intelligent enough to own one. What that requires, is simply an understanding of private property.
Why were you trying to educate them in the first place? Did they ask you to educate them? Did they seem particulary interested in Internet security? Or was there some other reason that focused more on your needs than theirs?
What you should do is to stop fixing friends (of friends) computers for free. If they have to pay (not necessarily you) for support, they will learn about Internet security by necessity.
I have a friend who is a cook, and I don't expect him to cook me free food (if he always did, I would never learn to cook). Nor do I expect my friend who is a debt-collector, to collect debt for me either.
The reason idiots ask you to fix their computer, is (a) because you actually do it, and (b) because you always says yes, they assume you enjoy it. If you say no, they will (a) respect that, and (b) not stop being friends with you. Unless they are psychopaths, in which case you are better off anyway.
Flawed premise. (Score:5, Insightful)
A better test would be to popup 'would you like a free ipod'. Having pointed this out, I do have to add: this is a retarded idea.
Re: (Score:2)
Re:Flawed premise. (Score:5, Insightful)
Re:Flawed premise. (Score:5, Insightful)
How is that tinfoil hat treating you? People quite a bit cleverer than either of us have gone to a lot of trouble to address 'trust' issues in on the internet.
By the by, when you patch your OS you're trusting a site on the internet. I hope I haven't shocked you.
Re: (Score:2)
You're assuming that the only weakspot is HTTPS, but of course the biggest loopholes in computer security are on the people side.
Re:Flawed premise. (Score:5, Insightful)
Linux is often viewed as more secure than Windows...If I download a Linux distro, am I an idiot? Same goes for Firefox. The second bullet point on the Firefox web page [mozilla.com] is "Stay Secure on the Web". What if I download a Windows firewall update that Microsoft claims is more secure than the old version? Am I an idiot?
Re:Flawed premise. (Score:5, Funny)
(Posted from a Windows system, by an idiot.)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2, Insightful)
They are small enough that having an IT guy full time isn't an option, and self-important enough that waiting
Re: (Score:2)
The luddites from 1997 called and want their paranoia back.
I, and many millions of others, trust some web sites with huge quantities of personal financial information. We call them "banks" here on the surface world. That information can do far more personal damage to our lives than any virus could. The idea that I should be more afraid of running a Java applet from my bank than I should be of say, providing them with root access to my retirement fund, is
Re: (Score:3, Insightful)
Re: (Score:3, Interesting)
As soon as you plug that cable in, you impart some minimum amount of trust to teh interwebs. As far as I can tell, nobody who has installed reputable trust
You missed it. Re:Flawed premise. (Score:2)
The point is that if someone is willing to run malware once then they're most likely already infected and part of a botnet.
The point is that it's not the user's fault [slashdot.org] because it's trivial for web site operators to 0wn user machines. When M$ themselves estimate 2/3 of all machines are compromised, no rational person can continue to blame the user.
Re:Flawed premise. (Score:5, Insightful)
Not only is it stupid, I imagine that it would be very hard to implement.
Who wants to volounteer to code a "use-once rootkit" that provides a "special encrypting network stack" that guarentees secure communication on a machine that you believe is compromised with x brand of malware and y number of existing rootkits? How are you going to make it so secure than malware writers can't subvert it for their own purposes?
The idea presented is bafflingly stupid, but the idea behind it is not: different security models for users based on behaviour patterns.
If someone uses a six character dictionary-word password (you could check once before hashing and store the result), or fails to uncheck the "receive offers from our partners" checkbox when entering their e-mail address, then perhaps they're not terribly savvy computer users and it would be an idea to throw a few more CAPTCHAS at them each time they log in, or more closely monitor their account for suspicious activity.
Or a different approach. (Score:5, Interesting)
Instead of giving your credit card into to a store (when your bank already has it), have the store generate a random string. Copy that string to your bank's website (where you have logged in) and your bank will pay the store for that item(s) in the shopping cart identified by that string.
There. Your credit card info NEVER crosses the wire.
And the bank can keep records of which stores/accounts have complaints and give you some stats. Kind of like eBay's rating system.
That store has a 99%+ positive rating with 1,532 transactions in the past month (1,926,872 total transactions).
vs
That store has a 25% positive rating with 4 transactions in the past month (4 total transactions).
Re: (Score:2)
Its not only stupid, its fucked up... (Score:2)
Re: (Score:2)
That's a pretty retarded idea too, though. You're assuming people enter their real email address, when usually addresses are either fake, or some throwaway fake yahoo account which nobody reads and nobody cares if the spam can piles up in.
It's dangerous for a computer program to make assumptions about the state of mind o
It's a joke. (Score:4, Informative)
When you pull your head out of M$ propaganda you will understand what the author is saying. You don't get the joke because you are a victim of double think and believe things that glaringly contradict each other.
The author is responding to hate mail he got for challenging the M$ party line that only idiots get 0wned.
He parodies the party line brilliantly by saying:
and then suggesting that vendors instantly 0wn anyone who says they want a secure connection. This is not a serious suggestion, it simply point out the absurdity of blaming the user for something others so easily and frequently do. Vendors are screwed and he knows it.
The author is also pointing out how insulting it is for M$ to continue to blame the user for M$ security problems. If M$ really believes this, they must also believe that 2/3rd of their customers are idiots who and have VD. Is there any other vendor on the planet that so casually insults their customers?
Amazingly enough, the general population still believes the M$ party line. I had this argument with a co-worker the other day. He so strongly believed that it's the user's fault that he could not accept estimates by Vint Cerf or Michael Dell as accurate. Stories of corporate network dissaster are similarly dissmissed as the fault of idiots at work. More amazing than the man's inability to take in new information was the temper tantrum he threw when calmly questioned and confronted with facts. M$'s own estimates will also bounce off his otherwise bright head because it would force him to conclude that there's either a 2/3rd chance that he's an idiot or worse - he's been wrong headed and vocal for years, which is the definition of an idiot. How does M$ build such loyalty while being so abusive? Windoze security is a oxymoron and it's time the public at large understood that.
Re: (Score:3, Funny)
Re: (Score:2, Informative)
It doesn't really matter how many safeguards you build into the system, ignorant users will do dumb things. And when you're talking about a universe of almost a billion PCs,
Re: (Score:3, Informative)
The easiest way to shut you up is to ask you to prove one of your outrageous lies.
What, like Vint Cerf and Michael Dell saying between 20 and 40% of Windoze machines are part of a botnet? [bbc.co.uk], M$'s assertion of 2/3rds [eweek.com]? Such outrageous lies. Take it back to Redmond, AC, your talking points don't work anymore.
Re: (Score:2)
As I said in my other post, it's all about trust. If I trust the website, and it offers me extra security it requires no thought at all to click yes.
If I don't trust the site, I'm going to click no to installing anything regardless of features offered. (Although if you get me curious enough I might poke around and see if I can figure out what it wanted
Fool! (Score:2)
The only way to be sure is to kill -9 the application. But since windows (at least, XP) doesn't have kill -9, only a weaker {ctrl-alt-delete, send exit signal, wait a bunch, then kill}, you have to cut the power. With the switch, not the button.
Re: (Score:2)
That's actually a reasonable point to make, and reminds me of the good old days where clicking 'no' to a javascript popup would redirect you to thousands of cascading goatses shimmering in the light.
More seriously, if the request is coming from a popup rather than your standard browser interface just close the window you dumbfuck. [Not you personally parent, the metaphorical user who is clicking o
Re: (Score:3, Interesting)
But since windows (at least, XP) doesn't have kill -9
You information isn't quite correct. Right click on taskbar -> Task Manager -> Processes. Right-click on offending process -> End Task. BAM! Dead as a doornail. No waiting. (under normal circumstances) If you don't know the process name, you can head on over to the applications tab, right-click on the application and choose "Go To Process." Alternatively, if you're a "power user" (and I use that term lightly) there are the most excellent and free Process Explorer (for those who like clicking and p
Re: (Score:3, Informative)
In normal circumstances this is a good thing as it
Re: (Score:3, Funny)
Re: (Score:2)
Dumb. (Score:5, Informative)
I thought this was a misquote. I checked TFA, and this is exactly what it says. This guy thinks someone who prefers secure connections is more likely to be pwned.
Re: (Score:2)
It would be more realistic to put up a requester saying "Do want a secure connection?" Cancel or Allow.
Anyone who clicked "Allow" more than a dozen times could be presumed to be infected...
Re: (Score:2, Insightful)
Re: (Score:2)
I think if your bank web site offers you a virus, the problem is not with the user accepting it.
Re: (Score:2)
If I click yes and get owned by a virus, it just shows that initial decision to trust them was flawed in the first place and that is something that is outside the scope of this
Re: (Score:2)
Re: (Score:2)
Your evaluation only makes sense for business relationships in which the value of the relationship is less than the value of the security of the
Re: (Score:2)
Re: (Score:2)
Re: (Score:3, Insightful)
Re: (Score:2)
Boy, you just can't get a break today, can you? The billiontyfuck dollar firewall at our workplace has a HTTP interface that you can go to. It will spool down an activex control and let you use the VPN to get to the internal network. If you're not a Windows user, it also lets you download a linux version.
Re: (Score:2)
Please tell me that it is at *least* an SSL deployed ActiveX control.
It's this kind of stuff that makes penetrating corporate networks so easy once you've owned the ISP of someone who networks in from home. That and the fact that most everyone these days is happy to download an exe and run it if they think they get some dancing bunnies to giggle at.
Re: (Score:2)
Re: (Score:2)
Besides which, all of these systems have flaws in them, no matter how "clever" the people who make them are or how much they spend to do it.
Re: (Score:2)
Well, I think your level of computer security awareness speaks for itself :)
Re: (Score:2)
I also took popup to be generic for anything that looks like a popup, such as an ActiveX installer thing.
It's a joke. Re:Dumb. (Score:2)
This guy thinks someone who prefers secure connections is more likely to be pwned.
No, he thinks that blaming the user is a joke when even M$ admits 2/3s of their customers are 0wned. It's a joke [slashdot.org]. Do you really think he's suggesting vendors screw all the customers who say they want a secure connection? If so, you admit it's trivial and that it's not the user's fault. The joke is on people who wrote him hate mail for stating the obvious: Windoze is a security dissaster and large percentages, if not al
Re: (Score:2)
The point of the article is that people who click "Yes" to install random software from the Internet are much more likely to be 0wned. Just because the software claims to be secure is no reason to trust it any more than what you'd find at a shady porn site.
off topic (Score:2, Interesting)
Re: (Score:2)
How do i reply again? (Score:2)
Awesome!!1! (Score:2, Funny)
--In Soviet Russia, internet connection owns you!
Wait a second.... (Score:5, Insightful)
I would assume that any reasonably secure computer user would.... say yes? I mean, I suppose this approach would work if you assumed *everyone* either always said yes or always said no... but what about people who pay attention to what URL they are at (yes, this is *really* the site I want to buy stocks from) and *read* the prompt (yes, I would like to use a secure connection). You've just root-kitted (well, tried to rook-kit(heh, root-kit as a verb)) your most secure and computer-savy users. They aren't going to like it.
If my trusted e-commerce site decided to give me a root-kit or take control of my keyboard/mouse... well they wouldn't be *my* trusted e-commerce site anymore. Now, if you have a security dialog that anyone actually reading *wouldn't* agree to this approach might work, as the *only* ones who agreed would be the ones who automatically say "yes."
So yes, instead of taking a little loss on people who got tricked into buying someone else a stock you should *obviously* try to trick and "0wn" your clients for agreeing to a reasonable proposition ("would you like to use a secure connection with your trusted e-commerce site"). That is *clearly* the best approach.
Re: (Score:2)
Taking the control of the keyboard away from the OS *is* the super special security that they are asking you to install.. you said yes.
Re: (Score:3, Insightful)
what part of this is hard to understand?
Taking the control of the keyboard away from the OS *is* the super special security that they are asking you to install.. you said yes.
The summary *and* the article are poorly worded. Rather than simply asking "Do you want to use our extra-secure connection?" (as in, this could be a somewhat slower but more secure 256 bit standard SSL protocol) the question should have been phrased as "Do you want to download and install this executable software to enable our extra-secure connection?". In that light, the rest of the discussion actually somewhat makes sense... however much you agree or disagree with the rest.
Re: (Score:2)
WTF? (Score:5, Insightful)
yes (Score:2)
Yes.
What was the question again?
Re: (Score:2)
~S
Re: (Score:2)
1. Assume pink unicorns exist.
2. Bunch of wild-ass conclusions you derive regarding people and unicorns.
3. ???
4. Profit!
Re: (Score:3, Insightful)
So, I access a site I presumably already trust which would presumably be worthy of that trust, as they're trying to protect themselves and their users (albeit in an utterly retarded way). It pops up a dialogue asking me if I want to use a new, even more secure connection, and if I say yes then they root my PC because they think I'm an idiot and therefore my PC is almost certainly inf
I didnt know this was april fools (Score:2)
Re: (Score:2)
Cause it is the root-kit thing that gives more security.. from the perspective that the vast majority of clients are probably infected with at least some malware.
Re: (Score:2)
Woke up this morning, don't believe what I saw (Score:5, Funny)
Seems I'm not alone in being alone
Hundred million castaways, looking for a home
Ill send an SOS to the world
Ill send an SOS to the world
I hope someone don't get my
I hope someone don't get my
I hope someone don't get my
PC in a botnet, yeah
PC in a botnet, yeah
PC in a botnet, yeah
PC in a botnet, yeah
Re: (Score:2)
Dumbest. Idea. Ever. (Score:3, Interesting)
Let's assume I go to this page. Let's assume I am a trained clickmonkey. So I get a dialog that asks "yes" or "no", and I click yes because I always click yes.
Erh... who'd click no?
What's the demographic of people who would click no there? People who do read security popups but don't want to be secure?
Sounds to me a bit like a scam. Nobody would click no there. So this all smells a bit like "look, we ASKED the customer if he wants to get a rootkit, it ain't like we didn't tell them".
Re: (Score:2)
Someone who has pop-ups enabled and don't read them but just look for the close or no thanks button to get rid of it.
Yes, another kdawson masterpiece. (Score:5, Insightful)
Re: (Score:2)
Re:Yes, another kdawson masterpiece. (Score:4, Informative)
BRILLIANT (Score:4, Funny)
They'll never even know this was a good guy root kit the whole time!
I for one (Score:2, Funny)
better dialog box (Score:5, Insightful)
The ones who say "Yes" to that are justifiably pwned. Everyone else is reasonably trusted and left alone. It's a good filter!
Re: (Score:2)
Huh? (Score:4, Interesting)
Anyway, assuming that ridiculous assumption is correct, the author then makes another ridiculous assumption, that if you always say yes to dialog boxes, that means your computer is infected with all kinds of malware. They then decide it would be a good idea to root kit this PC and encrypt network traffic to it. I'm not quite sure what the point of this is either since the machine would have to decrypt the traffic for it to be any use, so any malware present on the machine could still have access to the traffic. I think they could be saying that the point of this is to protect their host machine from your horrible horrible malware. To be honest if a web host is so vulnerable that malware infected clients visiting it cause them to catch it to like some kind of electronic herpes, you have even bigger problems to worry about than the inevitable lawsuits from arbitrarily rootkitting your client's PCs.
In short, it's a long time since I've read such complete nonsense, even given Slashdot's normal submission quality. If anyone managed to follow the article's logic, perhaps you could explain it to me, and possibly also tell me which parallel universe you're from so I can cross it off my holiday list.
https (Score:2)
WTF?
Mr. Geer doesn't go far enough (Score:4, Insightful)
Seriously, using user behavior to assess security risk isn't a dumb idea. But the way this essay frames it is just silly. With the number of assumptions he's made (about user behavior, having a super "rootkit" that can defeat all others, etc.) he might as well go the whole nine and just own everyone he can.
The Slashdot Experience (Score:5, Funny)