Linked by Thom Holwerda on Sun 23rd Sep 2007 10:54 UTC, submitted by irbis
Bugs & Viruses "For at least a decade, the standard advice to every computer user has been to run antivirus software. But new, more commercial, more complex and stealthier types of malware have people in the industry asking: will antivirus software be effective for much longer? Among the threats they see are malware that uses the ability of the latest processors to run virtual machines that would be hidden from antivirus programs." Note: Please note that our icon contest is still running! So if you have an idea on how to rework this story's icon, read this.
Order by: Score:
Well,it's like ... Easter
by Budd on Sun 23rd Sep 2007 11:21 UTC
Budd
Member since:
2005-07-08

I have it on my XP machine. I'm sure I can live without it but after doing this for years and being taught that's the way to do it I find myself uncomfortable removing from there. It's like Easter, you don't have really to believe in order to enjoy/observe this holiday.

Edited 2007-09-23 11:21

Reply Score: 1

No
by chrono13 on Sun 23rd Sep 2007 11:50 UTC
chrono13
Member since:
2006-10-25

1. Ineffective.
virus.gr used to run extensive tests on detection rates of all anti-virus software and publish monthly results. The last one I have shows Kaspersky rather effective at 99%.
McAfee Enterprise 91%
Symantec 83%
For Symantec, the most popular antivirus in the world, that is a fantastic double digit failure rate of 17%.

2. Ineffective
Most viruses source code is readily available online. A few small changes and this "new" virus is invisible to almost all virus scanners. Too much trouble? Recompile it - chances are this "new" compiled version will also not be detected since it isn't exactly like the one on record. Don't have the source or really lazy? Compress the executable and you'll find again that most anti-virus scanners fail to see it.

3. Black list
Absolutely can not work when there are hundreds, perhaps thousands of new additions to the list *daily*. See #1

4. Cure is worse than the disease.
Many people have Norton (not Symantec) installed on their home computers for protection.
This causes system instability, incredible slowdowns and in most cases it can not be removed by its own uninstaller. When its uninstaller does not fail, much is still left behind.
At work, Sunday morning is filled with tech calls regarding lockups and slowdowns. One of the major servers is being scanned for viruses. If a virus hit on Sunday morning, no one would notice anything out of the ordinary.

5. Subscription
Few pay it. Few want to. Most feel they shouldn't have to. They are right. The OS should not be *that* vulnerable to begin with.

6. Apathy
The "background noise" of the Internet is due to millions of virus or trojan (zombie) Windows machines. Slow, crash-prone, and loaded with spyware and adware popups, and the user will still click it all away, agreeing to anything just so they can check their bank to see if they can afford that Dancing Bunny on ebay. This is also related to #5. If the user has a significant role in the security of the system, it won't be secure.

7. And finally, The Dancing Bunny Problem
"What's the dancing bunnies problem?
It's a description of what happens when a user receives an email message that says 'click here to see the dancing bunnies'.

The user wants to see the dancing bunnies, so they click there. It doesn't matter how much you try to dissuade them, if they want to see the dancing bunnies, then by gum, they're going to see the dancing bunnies. It doesn't matter how many technical hurdles you put in their way, if they stop the user from seeing the dancing bunny, then they're going to go and see the dancing bunny.

[UAC: DancingBunnys.exe, Cancel or Allow?]

There are lots of techniques for mitigating the dancing bunny problem. There's strict privilege separation - users don't have access to any locations that can harm them. You can make the user invoke magic commands to make code executable (chmod +e dancingbunnies). You can force the user to input a password when they want to access resources. You can do lots and lots of things.

However, at the end of the day, the user still wants to see the dancing bunny, and they'll do whatever is necessary to bypass your carefully constructed barriers in order to see the bunny."

In OS design, the Dancing Bunny's problem should ALWAYS be considered and carefully crafted medium between usability and security to include least privileges, password protected rights elevation, and secure defaults.

Windows has failed to deal with Dancing Bunnys for decades. Vista still does not effectively deal with this problem.

Viruses and spyware will only stop, or come to a much more reasonable classification of "rare" when Microsoft designs an OS that is resistant (limited users with password protected elevations) to the Dancing Bunnys problem. Any other solution, including anti-virus, is a poor substitute for real OS and computer security.

Reply Score: 18

RE: No
by flanque on Sun 23rd Sep 2007 12:13 UTC in reply to "No"
flanque Member since:
2005-12-15

I think there's a lot of truth in what you're saying, but at the same time I think your point on users' stupidity will render anti-virus software a 'must have' simply because they don't know any better.

Further, it's that same stupidity that would make us techies look like morons if we convinced ourselves that the people we support don't need anti-virus, until the day it hits the organisation badly and we have to face up to the reality that it doesn't matter what level of user education we are dealing with, we're all humans and we make mistakes. One mistake can be extremely costly.

Add to that the fear campaigns of anti-virus vendors and I just don't see the end of anti-virus software.

I do however see an increased amalgamation of anti-virus, anti-malware, anti-spyware packages. I think it will come to a point where pure anti-virus software will become obsolete if it doesn't also support protection of the above said.

Reply Score: 3

RE[2]: No
by chrono13 on Sun 23rd Sep 2007 12:49 UTC in reply to "RE: No"
chrono13 Member since:
2006-10-25

I am absolutely not advocating that people run Windows without anti-virus. That is just as naive as opening dancingbunnys.exe despite the 3 warning dialogs. In fact, I think Windows users should use updated Anti-Virus, updated Anti-Spyware, Updated Anti-Rootkit, and anything else they can.

Anyone who has ever been in a serious security discussion with a number of people will hear that group of people "I don't run anti-virus and I haven't caught any viruses!”
End users are naive; these “no anti-virus” groups of people are morons.

My point was that if you are not running Windows, then running antivirus is not necessary. All other operating systems have secure defaults and secure design, making anti-virus irrelevant. Note that these other OS's may also have optional security systems (AppArmor, SELinux, etc) that go above and beyond the OS defaults to protect further.

Windows Vista is much more secure than XP by emulating only a small fraction of these security measures that have proven effective and remained effective for decades (assuming they aren't disabled for their annoyance of poor implementation).

But in terms of security, Vista is to XP what Linux is to Vista.

We have to wait another 6 years until 2013 before we see a real secure OS from Micorsoft?

With that sad fact in mind, you are right on all counts. Viruses will continue to thrive for a long time, and reactive, barely effective, costly, 3rd party protective measures will consolidate threat detections.

And yes, ant-virus will still be necessary, and just as ineffective, or worse, than they are today.

Reply Score: 5

RE: No
by Ben Jao Ming on Sun 23rd Sep 2007 12:32 UTC in reply to "No"
Ben Jao Ming Member since:
2005-07-26

You're totally right. I don't pity people who have their credit card details stolen. If you use xp, and you get a virus, it's usually your own fault in one way or the other. People need to get educated instead of being these ignorant blunts who just buy more and more hardware and have bigger and bigger nortons.

That said, I never mind explaining to people what a virus is and how they get them. Unfortunately they never listen... they just want the antivirus program to have this false sense of safety. Maybe I should start telling people to stop using av and just avoid the viruses. It's possible... even with xp.

Edit: Forgot to add my punchline... do you pity people who crash a car, when they don't have a drivers license? Do we need to make cars that can drive safely even though the driver doesn't how to drive it? My answer: NO, DAMMIT!

Edited 2007-09-23 12:38

Reply Score: 2

RE: No
by Lennie on Sun 23rd Sep 2007 12:33 UTC in reply to "No"
Lennie Member since:
2007-09-22

In Unix/Linux it's quiet a lot easier.

Give the user no privileges to install any software in the normal places, don't set executable-bit at mounting of data and home partitions.

That leaves scripts, but they'll have to be executed as: perl script.pl or equivalant.

For the scripting languages a simple wrapper could do some checks, to prevent that as well.

Done: that's all you need to do in Unix. In windows it's a lot more complicated.

Reply Score: 2

RE[2]: No
by Erunno on Sun 23rd Sep 2007 12:54 UTC in reply to "RE: No"
Erunno Member since:
2007-06-22

Except that viruses can still go on a rampage in the user accessible places (read: home directory) and in the worst case destroy all your data. Contrary to server maintainers I reckon that desktop users care much more about their data than the OS which can be easily replaced.

Reply Score: 5

RE[3]: No
by chrono13 on Sun 23rd Sep 2007 13:19 UTC in reply to "RE[2]: No"
chrono13 Member since:
2006-10-25

Most viruses, by the very definition of virus, spread automatically.

Rights restrictions almost immediately prevents most of these transmission methods.

Yes, it can hit the home directory. Does it have rights enough to start again after a restart? Maybe. Run as a system service or destroy ALL users data? No.

Additionally, a simple cron backup to any other location that requires elevation to write leaves the data, or at least most of it, protected.

Requiring right clicking and changing to executable would mitigate accidents and spoofs, though doesn't address the Dancing Bunny issue.

There are other solutions to this problem as well, but I absolutely agree that the data is the most important, and should always be backed up on a regular, automated basis, preferably to a different drive.

Hard drive failure can happen anytime to anyone and destroy all that data instantly, and more effectively than any virus. That doesn't mean data shouldn't be stored on hard drives, it simply means that the more valuable it is, the more care should be taken to ensure it is not lost.

I can let a friend use my computer and not have to worry about what they are doing. They are a limited user and the worst case scenario is removing and re-adding that user, deleting all problems with it. And I never have to worry about my computer failing to boot tomorrow because of an ini file embed in a website I visit today.

And finally, most Windows problems are not exploit related, but initiated through direct user interaction. Whether downloading a file from freesoftware4free.com or Kazaa, the greatest problem with Windows is that running as admin is default, and because it is default, running limited is not easy.

Losing one users files or login ability is terrible. In Linux, the system still boots, and I can still use the machine. I may even be able to use another user/root to recover the files.

Losing all users files and the ability to log in or use the computer is unreasonable, inexcusable, and far too common on Joe Sixpack machines. Sure, many of the files may be recoverable, but you know exactly what happens when Windows won't boot. The Windows CD goes in and the data is formatted away.

That Windows install CD is responsible for more unnecessary data loss than any virus in history.

Edited 2007-09-23 13:21

Reply Score: 5

RE[2]: No
by Ben Jao Ming on Sun 23rd Sep 2007 12:55 UTC in reply to "RE: No"
Ben Jao Ming Member since:
2005-07-26

It's true that downloading something and executing it might take a little bit of skill in theory. Unfortunately there is still some work left, because certain programs make this hard:

In Nautilius, if you double-click a .pl file, it might run it using perl.. same thing goes with other poorly configured file browsers.

In Firefox if you goto an URL that points to some extension you might give it the right to install.. if you're a stupid user who wants to see dancing_bunny.xpi in action.

and so on...

Another case might be that you download and run a program you trust and then it does something you don't want it to. Even if you're in userspace this might affect your privacy and sniff up stuff like credit card numbers.

Saying that Linux/Unix is safe from this kind of stuff is wrong, but assuming that the user is smart enough to avoid it is more likely than for xp users.

Reply Score: 4

RE[3]: No
by Gone fishing on Sun 23rd Sep 2007 13:15 UTC in reply to "RE[2]: No"
Gone fishing Member since:
2006-02-22

I agree on reason Linux doesn't have malware is it's generally savvy users. Ubuntu just doesn't have the same number of idiot users as Windows. However, I think it's hard to over estimate how poor windows is you don't have to do something real stupid in Windows to catch a cold. Yes I can see that when Ubuntu has 30% of the home user market share some will run Sudo so they can see the dancing bunnies, they might even need an AV, but Windows provides basically the ideal conditions for growing malware (even makes me feel quite nostalgic for RISCOS)

Reply Score: 2

RE[3]: No
by chrono13 on Sun 23rd Sep 2007 13:24 UTC in reply to "RE[2]: No"
chrono13 Member since:
2006-10-25

"Saying that Linux/Unix is safe from this kind of stuff is wrong"

Absolutely. No OS, Mac, Linux, BSD, Vista, XP... none is imunne from at least the logged on users rights to files. All those files are potentialy at risk.

And yes, all operating systems are vulnerable to spoofs, since the attack is against the user, not the OS.

I'm talking about direct attacks on the OS, other users files, and so forth. If I came accross otherwise, I didn't mean to.

Edited 2007-09-23 13:25

Reply Score: 2

RE[2]: No
by netpython on Sun 23rd Sep 2007 17:13 UTC in reply to "RE: No"
netpython Member since:
2005-07-06

How many linux/unix users harden their boxen as any admin worth his/her salt does?

Reply Score: 4

RE[2]: No
by Doc Pain on Sun 23rd Sep 2007 17:16 UTC in reply to "RE: No"
Doc Pain Member since:
2006-10-08

"In Unix/Linux it's quiet a lot easier."

In principle, it is, but not in reality. Let me explain:

"Give the user no privileges to install any software in the normal places, don't set executable-bit at mounting of data and home partitions. "

This would imply a difference between the user (who may not do the things mentioned above) and the administrator (who may do because it's his job). In today's world of UNIXes and Lunix, there's hardly a difference between user and administrator. A PC at home - a server at home (intended or due to malware running), but no administrator. Or put into other words: User and system administrator are the same person. Due to a lack of interest, knowledge, experience and maybe time, the "administrator part" does not do his work, but the "user part" wants to see the dancing bunnies.

The weakest part of a chain will cause a fraction. THis part usually is the user. The best means of security won't work if they are bypassed to increase comfortability or a "look and feel" the software manufacturer assumes his customers to require.

Of course, security is more important to UNIX / Linux than it is (or at least, has been) to "Windows". Hey, the Internet runs on UNIX, we can't afford dancing bunnies in routers and name servers! :-)

If you can't increase users' interest in security, even AV software will fail. Reality proves that it does in fact - just imagine why more than 90% of mail today is spam.

If you take responsibility away from users, they feel everyone thinks they're stupid. If you give responsibility to them, they feel overwhealmed and uncomfortable. In my personal opinion, today's Linux desktop OSes have found a good balance here. I wish "Windows" would do so, too, but - without wanting to insult anyone - "Windows" users still "have no time" to care about important things when they use a PC; the Linux users seem to be more educated and responsible in these regards. Of course, a computer is just a tool, but you still need to know a few things in order to handle it properly. Linux users have understood this requirement, so have Linux OSes.

Reply Score: 3

RE[3]: No
by netpython on Sun 23rd Sep 2007 17:39 UTC in reply to "RE[2]: No"
netpython Member since:
2005-07-06

Linux users have understood this requirement, so have Linux OSes.

That will change rapidly the more easier it becomes to install and run linux.

If you can't increase users' interest in security, even AV software will fail.

How much should "the user" know?
I mean if you are going to be operated should you for maximum effect be interested in surgical instruments?

In my personal opinion it's the IT sec scientists and other warriors job to educate those who write software.
If only a lot of software including OS's wouldn´t contain so much attack vectors.

Most people have an incomplete picture of organised crime. They simply don't comprehend organised crime has made an entry in cyberspace a long time ago.

Reply Score: 2

RE[4]: No
by Doc Pain on Sun 23rd Sep 2007 18:17 UTC in reply to "RE[3]: No"
Doc Pain Member since:
2006-10-08

In principle, we do agree. Your comment is worth some comments.

"That will change rapidly the more easier it becomes to install and run linux."

I hope it will.


"How much should "the user" know? I mean if you are going to be operated should you for maximum effect be interested in surgical instruments?"

If you don't want to be the victim of cheaply "remanufactured" single-use-instruments... :-) I see your analogy, you have a point there, but the computer is a tool, a means to achieve a certain goal. Simple conditional expression here: If I want to achieve the goal, I will need to use the tool; that's why I have to know how to handle the tool properly. To come back to your analogy: The surgeon needs to be intrested in surgical instruments, and you (as the one who is being treated by these instruments) trust him, you believe he has done his "homework". Good for you if he really did.

Back to OSes and viruses: As much distracting information should be taken away from the user, I agree here. The user does not use an OS, nor does he use an application program. He wants to see the dancing bunnies, so he will bypass or eliminate any obstacle in his way (i. e. any security barrier, warning). And he will be surprised if a (malware) attachment of the mail "Hi I'm Cindy come see my (insert secondary sexual organs here) now" won't open at once, showing a "security warning" or noting instead.

A user should have a minimum of common sense and the ability to understand his native language. Most of them do, but the ones who don't are the "weak part of the chain". Believing that anything the computer does "on its own" is okay is very dangerous. But so is software that just "simulates" security in order to calm the user. In Germany, we have a term for such behaviour: We call it "Budenzauber" ([boodantsowber] booth magic, or shindig) - shiny programs with lots of knobs and checkboxes, with blinking sqeaking buttons and colourful dialog boxes - that do not do anything they claim to do. (Some famous "Windows" firewalls are Budenzauber and spyware.)

Because people like car analogies, here's one: If we want to drive from A to B, I first need to know where A and B are (at least B if we assume we're located in A), we need to know how to drive, to shift gears, to brake and to accelerate, and we need to know about the rules of public traffic. The driving license usually attests us having this knowledge. A computer user would - according to this analogy - express as follows: "I don't know how to use a PC, but I want to have my photos out of the camera, make them better, and have them on a DVD with the newest music from the nternet playing along. I have no idea how to do it, but I want my DVD at once. The PC should know." You surely can imagine analog situations and claims.

To come back to the user: To find out more, feel free to read http://www.rinkworks.com/stupid/ :-)

"In my personal opinion it's the IT sec scientists and other warriors job to educate those who write software."

But finally, there's someone who uses software. No matter how good developers do their job, there are "evil doers" all around soon doing a better job bypassing means of security. These criminals are usually very educated in regards of security, else they could not do their "job"...

If software does limit the user too much, he won't use it anyway. Remember: Applications should be able to do "everything". :-)

"If only a lot of software including OS's wouldn´t contain so much attack vectors."

You are right, of course. Usually, I think the more functionalities are included, the more attack vector appear. An OS with no Internet connection ability would be quite safe. :-)

"Most people have an incomplete picture of organised crime. They simply don't comprehend organised crime has made an entry in cyberspace a long time ago."

Yes, it has. There are whole "industries" doing data espionage and spam organisation. Theft of credit card data and individual information (in order to prepare advertisement organisation) are famous goals, too.

Reply Score: 2

RE[5]: No
by netpython on Mon 24th Sep 2007 09:50 UTC in reply to "RE[4]: No"
netpython Member since:
2005-07-06

In principle, we do agree. Your comment is worth some comments.

Oh please don't i'm not worthy:-)

But finally, there's someone who uses software. No matter how good developers do their job, there are "evil doers" all around soon doing a better job bypassing means of security. These criminals are usually very educated in regards of security, else they could not do their "job"...

Yes it's an arms race, an ongoing battle with noone from either side winning the war. Though in my opinion what the security aware os designers should and can do is raise the entry level of exploitation a great deal. For example i have an grsecurity patched kernel somewhere running. The simple beauty of it enables me to categorize socket access in three groups. Namely: a) nosocks b) no server socks c) no client socks. Now its rather trivial to populate the groups with objects (deamons, users etc you get the idea..)

What if in the previous grsec implementation context i make a group nosocks and add root to it eg: groupadd -g <guid> <group> && gpasswd -a nosocks. As soon as someone tries to remotely elevate a file to root the connection will be cut off. A similar example would be adding every deamon and user that shouldn't have socket access (user man for example,.). Another example is adding xorg to the noclient group (why should xorg connect itself?).

Rather not as black and white as using an OS from outhern space or if you persist a read only system.
Please forgive my stupidity but does true read only uberhaupt exist? I mean the system memory has to be populated. And processes can still be hooked into?

Reply Score: 2

RE: No
by yachp on Sun 23rd Sep 2007 20:34 UTC in reply to "No"
yachp Member since:
2007-08-30

"7. And finally, The Dancing Bunny Problem"

Why can't some kind of quarantined place be created where one could safely run potentially suspect programs.

I mean whether is a dancing bunny program or a naked picture of how knows who, what we are typically talking about are photos or videos or something of that nature.

Why can't a space be created where a program that is supposed to show a video, or picture or whatever be simply be restricted to what its supposed purpose is.

I mean if it is a video, it doesn't need to access one's email program. It doesn't need to delete any files that are already on your computer. It doesn't need to change any settings on your computer. So why can't these functions be denied a suspect program.

Then one could simply run the dancing bunnies program and if that program tried to access something that wasn't a video, it wouldn't be able to.

Reply Score: 1

RE[2]: No
by matthekc on Sun 23rd Sep 2007 21:04 UTC in reply to "RE: No"
matthekc Member since:
2006-10-28

http://en.wikipedia.org/wiki/Sandbox_(computer_security)

I don't think antivirus is an effective solution. exe's should all run in a virtual environment with a clever set of rules to reduce risks. If the app tries to break the rules shut it down and report it. All sorts of 1980's and 90's communication protocols have holes and need to be reworked. Until apps are sandboxed and protocols are fixed this isn't going away. Switching to linux is a partial preventative to the problem not a cure.

Reply Score: 1

RE[2]: No
by wannabe geek on Mon 24th Sep 2007 03:15 UTC in reply to "RE: No"
wannabe geek Member since:
2006-09-27

"Why can't some kind of quarantined place be created where one could safely run potentially suspect programs."

Bitfrost

http://wiki.laptop.org/go/Bitfrost

Or you can always use VirtualBox.

Reply Score: 1

No internet
by Gone fishing on Sun 23rd Sep 2007 12:32 UTC
Gone fishing
Member since:
2006-02-22

Working in the third world – our virus problems are horrendous. Lots of people can now afford a PC, but few can afford the internet dial up is very expensive and ADSL not available every ware and again very expensive, I guess about 10 times the price of the UK or US. People share files we have internet cafes as a result viruses are ubiquitous – I'd say 19 out of every 20 flash disks I see has viruses.

AVs are not a solution what use is Avast if it can't update? (no internet) As for Norton a six month old Norton AV is very, very, very much worse than nothing. The problem is Windows and user stupidity (Britney_sex.exe yes please). But Windows makes the problem so much worse, its hard to envisage how an OS could have a worse problem with malware than Windows. I suppose Vista might make a small improvement but the cost of the OS, the power of the machine needed to run it, still no internet and its general vileness means that most PCs here will be running badly cracked un-patch XP professional for years.

Reply Score: 4

Being Lazy
by Earl Colby pottinger on Sun 23rd Sep 2007 13:21 UTC
Earl Colby pottinger
Member since:
2005-07-06

I know there is something wrong with my girl friend's computer, it is so slow lately.

But she refuses to believe that it could be a virus/rootkit since you subscribes to an antivirus service from her ISP.

Additionally, since I have suggested a backup and reformat approach she insists that it is too much work to go through all those files to figure out what she wants to keep and what to dump.

Result the computer seem to be getting slower by the week and she keeps on complaining but refuses to do the work needed.

PS. she is also dumb enough to let her son use her computer when he has his own laptop. I keep telling her if he was not one of the causes why would he need to use her machine instead of his laptop. She does not want to hear it.

Some people are too lazy to own computers

Reply Score: 3

RE: Being Lazy
by chrono13 on Sun 23rd Sep 2007 13:30 UTC in reply to "Being Lazy"
chrono13 Member since:
2006-10-25

"But she refuses to believe that it could be a virus/rootkit since you subscribes to an antivirus service from her ISP."

I forgot to add False Sense of Security to my list.

All of these *reactive* scanners instill a false sense of security. You have anti-virus. Do you have a virus? No? How do you know? Because your anti-virus didn't detect one?

This is also unfortunately true for those who do not have subscriptions to update their antivirus. "But I have antivirus. How did I get a virus?". I kindly explain that they owe some company $50/year for the privilege of mediocre protection.

Ok, I don't say it like that, I'm actually really nice in real life, but that is what I want to say.

Reply Score: 4

Corporate malware?
by chrono13 on Sun 23rd Sep 2007 13:38 UTC
chrono13
Member since:
2006-10-25

I know at least a dozen programs off of the top of my head that are fairly well known that write to the system directories, set startups, updates, and in many other ways do more damage to more systems than viruses.

AOL may have been classified as badware, but besides lacking self-replication, in what way is it not a virus?

So many Windows programs cause the system to become unstable, place unnecessary files into system folders, and hooks or spiders it's way into the operating system and even into other programs(!), does not fully remove on uninstall (or only removes shortcuts on uninstall) yet they are considered "safe", some even mainstream (Norton, AOL, etc).

What about Corporate malware?

How to detect and remove that?

Does anyone know of any instances where corporate programs got/get away with this on any other OS than Windows? This is a serious question, not an incitement to argument : )


I'll slow down on my posting and length ;)

Edited 2007-09-23 13:39

Reply Score: 2

RE: Corporate malware?
by Soulbender on Mon 24th Sep 2007 04:16 UTC in reply to "Corporate malware?"
Soulbender Member since:
2005-08-18

"What about Corporate malware? "

What's corporate malware?

Reply Score: 1

RE[2]: Corporate malware?
by chrono13 on Mon 24th Sep 2007 06:28 UTC in reply to "RE: Corporate malware?"
chrono13 Member since:
2006-10-25

Install AOL, Norton (not Symantec) Internet Security (or if you really hate yourself, System Works), Yahoo Music Jukebox, Yahoo Messenger, Real Player 11, and any full sized printer CD (e.g. HP all in one printers ~800mb of software).

Now measure system speed and stability.
For extra fun, try to remove it all.

Reply Score: 1

...
by Morin on Sun 23rd Sep 2007 14:43 UTC
Morin
Member since:
2005-12-31

The only thing that equals the average user's ignorance for the inner workings of a computer, is the ignorance for the user's mind expressed in these comments here...

Reply Score: 3

RE: ...
by Luis on Sun 23rd Sep 2007 17:14 UTC in reply to "..."
Luis Member since:
2006-04-28

The only thing that equals the average user's ignorance for the inner workings of a computer, is the ignorance for the user's mind expressed in these comments here...

I've read the comments and can agree with some and disagree with others. But since you seem to know exactly how average users' mind works, could you please elaborate? I'm sure you have an interesting opinion.

Thanks.

Reply Score: 2

RE[2]: ...
by Morin on Sun 23rd Sep 2007 19:54 UTC in reply to "RE: ..."
Morin Member since:
2005-12-31

> I've read the comments and can agree with some and disagree with
> others.

Same for me.

> But since you seem to know exactly how average users' mind works,
> could you please elaborate?

I did not say so, and therefore refuse to comment on your statement, except for explaining what I actually said: Plain ignorance, as in "the user is stupid", "the user must be educated", "the user is ignorant", and not even thinking about the question *why* the users does what he/she does, is ubiquitous in this comments section.

May I add now that calling the user ignorant under these conditions is hypocritical.

Reply Score: 2

RE[3]: ...
by chrono13 on Sun 23rd Sep 2007 20:46 UTC in reply to "RE[2]: ..."
chrono13 Member since:
2006-10-25

I work with hundreds of end users and on some of my spare time, with family and friends.

They are ignorant. Just as ignorant toward a computer as I am a car.

I understand the basics, and I change my oil, and I am always willing to learn more, especially when someone says it is important, or that I should know it just to keep my vehicles in good shape or drive.

Average computer users are ignorant. This is not a bad thing. Reasonably, they should not have to learn anything beyond phishing. Everything else should be secure by OS design, the admin, and in the cases where they are the admin (home), the OS should at least be secure by default, so that securing it does not require knowing as much about your computer as your mechanic knows about your car.

If a user believes that Dancing Bunny's are harmless, it is ignorance, not stupidity.

If I had to know as much as my mechanic to drive, I wouldn't. Or, I would drive anyway and complain like hell when someone tells me that I should have known that I need to spend $50/year for muffler gremlin protection, and that I need to do a half dozen things under the hood monthly to make sure the engine doesn't fall apart.

To ask that anyone, let alone someone who just wants to use the computer, to know the amount of knowledge required to turn Windows default unsecure state into even moderately secure is unreasonable. The efforts required to sustain it thereafter, unreasonable even to those who know how.

They aren't stupid, users are only assuming things which we take for granted to know otherwise. Windows is not secure, and it is almost never the fault of a user when they get a virus, or other malware, or simply do not know any better. They are assuming things that should be true.

The user is not to blame for the failings of the Operating System. This is true for all operating systems. For Windows it is the lack of security and stability, for Linux it is the lack of user friendliness, neighbor support (chicken and the egg), and so on.

Reply Score: 2

RE[4]: ...
by Morin on Sun 23rd Sep 2007 21:58 UTC in reply to "RE[3]: ..."
Morin Member since:
2005-12-31

[@chrono13]

My comment obviously doesn't apply to you, as you are trying to understand the users. I think we agree that the users *are* ignorant, but trying to fix the whole malware problem at the user is bound to fail. Your car analogy is spot on.

[@Doc Pain]

Same here. However, there are some specific arguments i'd like to reply to:

> Uninformed / misinformed users are one problem, you surely will
> admit it.

Yes, I admit it. I just don't think that this direction of thought will lead to a solution for the problem. Or better, it won't lead to a *complete* solution as long as it does not include technical perfection of the system itself.

> Maybe you're lucky and mostly encounter the smarter users along your
> daily work.

Mostly yes, but I did have the "pleasure" to fix the computers of the "black sheep" too. Luckily I'm not doing this as a job, so I am seldom asked to fix computers, and then mostly by friends.

My argument still holds though: Take a user with no knowledge about the workings of a computer, who will neither explain a problem properly that he encountered, nor even listen to your questions or replies - yes, the user is ignorant, but it's equally ignorant to call him stupid and claim that he/she must be educated. Regardless of the fact that you'll never "educate" him/her.

> I'd like to add that there are individuals around who like to know
> more, experience computers in detail and understand how they
> work. Some software (OSes, apps) give them the ability to do so,
> other software, usually "dumbed down", doesn't.

I find it refreshing to give a user *real* insight in this area (and of course, other areas too). If they can learn themselves, the better. Sometimes this needs special software, sometimes not: For example, the more I work with Mac OSX, the more cases I encounter where I find it too dumbed-down (read: not configurable). For a newbie though, OSX might be ideal to learn some basics. A developer on the other hand may find Linux more interesting because all its inner workings can be studied.

However, a system that can be studied en detail does not equate to a system that *needs* excessive user-knowledge and maintenance.

> This leads me to this conclusion: Would a "two classes" software
> offering be a solution? A "read only PC" for home use? Functional
> software for professionaly only? I think you agree: This would be
> problematic.

A read-only PC would be enough for many people. Above that, it may be sufficient if advanced features are hidden by default but can be unlocked - possibly by passing some kind of "user exam", which can be as simple as *finding* the switch to enable advanced options.

I agree that it's a hard problem, but I think it's also an interesting problem ;)

Reply Score: 2

RE[5]: ...
by Doc Pain on Mon 24th Sep 2007 01:04 UTC in reply to "RE[4]: ..."
Doc Pain Member since:
2006-10-08

"Yes, I admit it. I just don't think that this direction of thought will lead to a solution for the problem. Or better, it won't lead to a *complete* solution as long as it does not include technical perfection of the system itself."

This is true. OS and applications - that can be claimed - should have the goal to form a solid and secure basis. As long as OS internals, protocols, stacks, drivers, along with programming interfaces and libraries, do contain stuff that can easily be abused and utilized for "viral behaviour" (data espionage and saboutage, spamming, spoofing etc.), even better educated and experienced users can't be totally safe.

"Mostly yes, but I did have the "pleasure" to fix the computers of the "black sheep" too. Luckily I'm not doing this as a job, so I am seldom asked to fix computers, and then mostly by friends."</li>

You're really lucky, I guessed right. :-)

[i]"My argument still holds though: Take a user with no knowledge about the workings of a computer, who will neither explain a problem properly that he encountered, nor even listen to your questions or replies - yes, the user is ignorant, but it's equally ignorant to call him stupid and claim that he/she must be educated. Regardless of the fact that you'll never "educate" him/her."


The term "educate" may be misleading here. To put it into more friendly words: Experience is what's needed here. It's like learning how do use a bike. At first, you fall onto your nose, and friends help you, encourage you to try again. But they won't do very long, so you do some training in order to drive on your own, including less and less injuries due to control or balance loss.

You know, my boss never thought about backups. But suddenly, his "great" IBM DTLA hard disk broke, it was a disaster for him. Now he's doing backups - he gained experience. And I told him: The day he stops making backups, the hard disk will fail. :-)

In Germany, victims of computer saboutage were taken to trial and sentenced for assistance in data espionage. Their mistake: Leaving a PC without proper protection, so it got used by criminals for storing and sharing commercial applications, movies, and pornography. "But I didn't know!" didn't convince the judges.

Furthermore, some common sense is essentially needed. Things users do know from the real world (e. g. "nothing is for free" or "a shiny box does not guarantee a shiny product") should be transported into the more abstract computer world. Nobody on the Internet will give you a US$ 500 watch for free, even if you click on the bunny. And when the PC says "enter your credit card number and PIN", better ask yourself what to do, because you wouldn't give your confidental data to someone on the street, would you? When users would trust their knowledge (the knowledge they had before a PC entered their home or work), using the computer would be more safe for them.

"I find it refreshing to give a user *real* insight in this area (and of course, other areas too)."

Some of them are very surprised when they learn the truth about how something works, how old fashioned a "brand new" product is or how cheap and crappy their "expensive" stuff really is. :-)

I demonstrated to a former customer the easieness of breaking into his PC - using an 1:1 STP cable connection, of course. It didn't take me 10 minutes to gain complete access over his data. I did copy some of his files, deleted (prepared) files and changed some system settings. He was surprised how easy it was when I could explain to him what I did in fact.

"If they can learn themselves, the better."

So did the majority of "us professionals". :-)

Of course, learning is possible from mistakes, but you should not make every mistake over and over again.

"Sometimes this needs special software, sometimes not: For example, the more I work with Mac OSX, the more cases I encounter where I find it too dumbed-down (read: not configurable). For a newbie though, OSX might be ideal to learn some basics. A developer on the other hand may find Linux more interesting because all its inner workings can be studied."

While users usually do not find any need to know about how somethings work, developers do, more or less specific (using kernel interfaces, system libraries, toolkits etc.). This possibility is one of the great advantages of free software such as Linux, Solaris or the BSDs.

"However, a system that can be studied en detail does not equate to a system that *needs* excessive user-knowledge and maintenance."

Every system needs maintenance. The question is: How is this maintenance requirement organzied? Is user interaction needed? Is it included in the OS or is additional software neccessary?

"A read-only PC would be enough for many people."

There have been TV sets with internet connection around, but I think nobody uses them anymore.

In the gaming sector, there are gaming consoles for the ones who do not want to play on the computer.

Thin clients (e. g. Sun Ray) offer centralized functionality with no responsibility for the user, but need a qualified system administrator on server site.

"Above that, it may be sufficient if advanced features are hidden by default but can be unlocked - possibly by passing some kind of "user exam", which can be as simple as *finding* the switch to enable advanced options."

Such a "level structure" has been included in GeoWorks Ensemble where you could switch (without barrier) between beginner, advanced and professional users, making the menu contents changing from just the basic functions up to complex functionalities.

Your idea of an "exam" is interesting. (Car analogy: the driving test in order to get the driving license)

"I agree that it's a hard problem, but I think it's also an interesting problem ;) "

In fact, it is. And it will stay interesting because it will determine the development of the software world (and maybe the hardware world, too) in the future.

Reply Score: 2

RE[6]: ...
by Morin on Mon 24th Sep 2007 10:12 UTC in reply to "RE[5]: ..."
Morin Member since:
2005-12-31

> At first, you fall onto your nose, and friends help you, encourage you to
> try again.

That only works nice when users "fall on their nose", as with (nonexistant) backups. Unfortunately with malware it's more like telling people they shouldn't smoke because they'll get lung cancer from it.

> Furthermore, some common sense is essentially needed.

Indeed. Users who enter their credit card number anywhere just to see the dancing bunny are lost anyway - they might as well get cheated on without involving a computer. However there are cases where common sense is far from enough, e.g. if a website disguises as a banking program (*any* popular banking program - it will still hit enough users to be profitable).

> There have been TV sets with internet connection around, but I think
> nobody uses them anymore.

I should have been more specific. I didn't mean a pure read-only PC but rather one that allows a user to handle files freely but not extend functionality, except through very limited scripting (e.g. website-confined javascript). The kind of thing that one might prepare for one's grandparents.

> Your idea of an "exam" is interesting. (Car analogy: the driving test
> in order to get the driving license)

It wasn't really *my* idea, but I read it somewhere on OSNews. I think the comment referred to OSX, where (reportedly) the advanced options can only be changed by editing text config files, so they will only be touched by users who know how to do that.

Reply Score: 2

RE[7]: ...
by netpython on Mon 24th Sep 2007 10:18 UTC in reply to "RE[6]: ..."
netpython Member since:
2005-07-06

Users who enter their credit card number anywhere just to see the dancing bunny are lost anyway -

The target is more likely the client database of major online shopping centers. Credit card numbers by the hundred thousands instead of a single one ( to labour intensive).

Reply Score: 2

RE[3]: ...
by Doc Pain on Sun 23rd Sep 2007 21:07 UTC in reply to "RE[2]: ..."
Doc Pain Member since:
2006-10-08

"I did not say so, and therefore refuse to comment on your statement, except for explaining what I actually said: Plain ignorance, as in "the user is stupid", "the user must be educated", "the user is ignorant", and not even thinking about the question *why* the users does what he/she does, is ubiquitous in this comments section."

As you may have read from my comments, users usually aren't interested in particular procedures (How do you do this?), but in pure results (I want this.). Distracting information should be kept away from them in order not to irritate them, so they can concentrate on achieving their goal.

"May I add now that calling the user ignorant under these conditions is hypocritical."

Uninformed / misinformed users are one problem, you surely will admit it. Other problems are criminals benefitting from this situation, and software manufacturers that (unintentionally?) support these "evil-doers". Additionally, there are persons with dangerous half-knowledge. They are spread in all three groups mentioned. There are users who are plain stupid, but I (thankfully) think it's not the majority...

Example?

First Man: "My laptop is running so slow and crashes all the time. I'm going to take it to the shop to check it for viruses."
Second Man: "I don't worry about viruses. Not many people know that viruses work in the back of the memory, and Windows is in the front of the memory. So it's something else."

More at http://www.rinkworks.com/stupid/cs_viruses.shtml

To be serious once again, I do understand your opinion. Maybe you're lucky and mostly encounter the smarter users along your daily work. The "users are stupid" mentality usually comes from the poor individuals who had to get along with the "more narrow minded" users. Hey, some of them even seem to be unable to use their own native language. :-) The more you make the computer usable to the average individual, the less it is usable to the professional user, but the professionals finally are the ones who create software. It's as if you create a toy toolkit (hammer, nails, saw) that looks like a real toolkit, but is made of harmless material (rubber hammer, polystyrene nails, paper saw) so it won't harm anyone; and now you give this toolkit to its manufacturer so he should use it to produce more of them... tricky situation, strange analogy, I know.

I'd like to add that there are individuals around who like to know more, experience computers in detail and understand how they work. Some software (OSes, apps) give them the ability to do so, other software, usually "dumbed down", doesn't.

This leads me to this conclusion: Would a "two classes" software offering be a solution? A "read only PC" for home use? Functional software for professionaly only? I think you agree: This would be problematic.

If you give something to users, it's too complicated.
If you take something off them, they feel delimited.

Final line here: Computers (still) aren't easy. q.e.d. :-)

Reply Score: 2

Effectiveness???
by TemporalBeing on Mon 24th Sep 2007 15:06 UTC
TemporalBeing
Member since:
2007-08-22

I'm not sure measuring an AntiVirus's effectiveness against Malware, Adware, etc. is really the right thing here as those are in a very different scope. But even then, AntiVirus software is - at least on Windows - a good thing to have as it will at the very least keep out the virii that came in the past, which if people stopped using AntiVirus software the virii writers/distributors would certainly return to if not just because they could and cause more havoc with little effort.

Also, measuring how well an AntiVirus does at preventing Malware/Adware/etc, is like measuring how well an Airplane is at racing in the Indy 500. They're just two different things - an virii attackes weaknesses in the software and exploits those weaknesses, while Malware/Adware/etc attack normal uses of software and (primarily) user habits. If you want to protect against Malware/Adware/etc, then use the right tool to do so. If you want to protect against computer virii, then use an AntiVirus software like ClamAV.

Personally, I run ClamAV on all my Windows systems, and am looking at putting it on my Linux systems - especially my network router, to help protect the Windows systems - as well. It has also been shown recently to be one of the top 3 AV's - on par with McAfee, so I feel rather confident in this choice, even though I originally did it to avoid the fees to McAfee/Norton/Symantec/etc and be able to have an up-to-date virii database with the software.

Reply Score: 1

story's icon
by adinas on Mon 24th Sep 2007 15:09 UTC
adinas
Member since:
2005-08-17

Boy! is the current icon ugly. Please someone create a nicer icon.

Reply Score: 1

Not here
by WyldStylist on Mon 24th Sep 2007 15:54 UTC
WyldStylist
Member since:
2006-12-30

Dont need Antivirus .
I Run Microwinx 50 mb windows for web-browsing with pre installed stuff nothing can be installed on this machine anymore after the cleanup i can only run my stuff ;)
Unless i import a virus in registry i have the secure system . As long as microsoft does Big Megasoftware with security features full of security holes there will always be exploits unless someone makes a small os that can run in installer mode and no install/no run things mode. If that happens firewalls,anti-adware and Virusscanners would die.

Reply Score: 0

AV is a bandaid
by trev on Mon 24th Sep 2007 20:21 UTC
trev
Member since:
2006-11-22

Unfortunately, Windows has significant security flaws in it's design. User expectation of similar behavior makes it even harder to change this.

Users should escalate their privileges BEFORE they run something that requires it and release them once done. They should NOT be prompted to escalate when doing it. Novice users should be required to have/get basic understanding of the risks BEFORE they are given the power to escalate privileges. This fundamental concept is lost in the quest to reduce support calls/tickets and the problem still exists in Vista.

AV is a bandaid that TRIES to react to the ever changing hostile environment to make up for this (with varying degrees of effectiveness BELOW 100%). This is why you will need it on any system that does not respect the concept above. The include: win 2000, XP, Vista, Linspire (while running as root) and others I'm sure.

Reply Score: 1