Linked by Thom Holwerda on Sun 23rd Sep 2007 10:54 UTC, submitted by irbis
Bugs & Viruses "For at least a decade, the standard advice to every computer user has been to run antivirus software. But new, more commercial, more complex and stealthier types of malware have people in the industry asking: will antivirus software be effective for much longer? Among the threats they see are malware that uses the ability of the latest processors to run virtual machines that would be hidden from antivirus programs." Note: Please note that our icon contest is still running! So if you have an idea on how to rework this story's icon, read this.
Thread beginning with comment 273665
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[4]: No
by Doc Pain on Sun 23rd Sep 2007 18:17 UTC in reply to "RE[3]: No"
Doc Pain
Member since:
2006-10-08

In principle, we do agree. Your comment is worth some comments.

"That will change rapidly the more easier it becomes to install and run linux."

I hope it will.


"How much should "the user" know? I mean if you are going to be operated should you for maximum effect be interested in surgical instruments?"

If you don't want to be the victim of cheaply "remanufactured" single-use-instruments... :-) I see your analogy, you have a point there, but the computer is a tool, a means to achieve a certain goal. Simple conditional expression here: If I want to achieve the goal, I will need to use the tool; that's why I have to know how to handle the tool properly. To come back to your analogy: The surgeon needs to be intrested in surgical instruments, and you (as the one who is being treated by these instruments) trust him, you believe he has done his "homework". Good for you if he really did.

Back to OSes and viruses: As much distracting information should be taken away from the user, I agree here. The user does not use an OS, nor does he use an application program. He wants to see the dancing bunnies, so he will bypass or eliminate any obstacle in his way (i. e. any security barrier, warning). And he will be surprised if a (malware) attachment of the mail "Hi I'm Cindy come see my (insert secondary sexual organs here) now" won't open at once, showing a "security warning" or noting instead.

A user should have a minimum of common sense and the ability to understand his native language. Most of them do, but the ones who don't are the "weak part of the chain". Believing that anything the computer does "on its own" is okay is very dangerous. But so is software that just "simulates" security in order to calm the user. In Germany, we have a term for such behaviour: We call it "Budenzauber" ([boodantsowber] booth magic, or shindig) - shiny programs with lots of knobs and checkboxes, with blinking sqeaking buttons and colourful dialog boxes - that do not do anything they claim to do. (Some famous "Windows" firewalls are Budenzauber and spyware.)

Because people like car analogies, here's one: If we want to drive from A to B, I first need to know where A and B are (at least B if we assume we're located in A), we need to know how to drive, to shift gears, to brake and to accelerate, and we need to know about the rules of public traffic. The driving license usually attests us having this knowledge. A computer user would - according to this analogy - express as follows: "I don't know how to use a PC, but I want to have my photos out of the camera, make them better, and have them on a DVD with the newest music from the nternet playing along. I have no idea how to do it, but I want my DVD at once. The PC should know." You surely can imagine analog situations and claims.

To come back to the user: To find out more, feel free to read http://www.rinkworks.com/stupid/ :-)

"In my personal opinion it's the IT sec scientists and other warriors job to educate those who write software."

But finally, there's someone who uses software. No matter how good developers do their job, there are "evil doers" all around soon doing a better job bypassing means of security. These criminals are usually very educated in regards of security, else they could not do their "job"...

If software does limit the user too much, he won't use it anyway. Remember: Applications should be able to do "everything". :-)

"If only a lot of software including OS's wouldn´t contain so much attack vectors."

You are right, of course. Usually, I think the more functionalities are included, the more attack vector appear. An OS with no Internet connection ability would be quite safe. :-)

"Most people have an incomplete picture of organised crime. They simply don't comprehend organised crime has made an entry in cyberspace a long time ago."

Yes, it has. There are whole "industries" doing data espionage and spam organisation. Theft of credit card data and individual information (in order to prepare advertisement organisation) are famous goals, too.

Reply Parent Score: 2

RE[5]: No
by netpython on Mon 24th Sep 2007 09:50 in reply to "RE[4]: No"
netpython Member since:
2005-07-06

In principle, we do agree. Your comment is worth some comments.

Oh please don't i'm not worthy:-)

But finally, there's someone who uses software. No matter how good developers do their job, there are "evil doers" all around soon doing a better job bypassing means of security. These criminals are usually very educated in regards of security, else they could not do their "job"...

Yes it's an arms race, an ongoing battle with noone from either side winning the war. Though in my opinion what the security aware os designers should and can do is raise the entry level of exploitation a great deal. For example i have an grsecurity patched kernel somewhere running. The simple beauty of it enables me to categorize socket access in three groups. Namely: a) nosocks b) no server socks c) no client socks. Now its rather trivial to populate the groups with objects (deamons, users etc you get the idea..)

What if in the previous grsec implementation context i make a group nosocks and add root to it eg: groupadd -g <guid> <group> && gpasswd -a nosocks. As soon as someone tries to remotely elevate a file to root the connection will be cut off. A similar example would be adding every deamon and user that shouldn't have socket access (user man for example,.). Another example is adding xorg to the noclient group (why should xorg connect itself?).

Rather not as black and white as using an OS from outhern space or if you persist a read only system.
Please forgive my stupidity but does true read only uberhaupt exist? I mean the system memory has to be populated. And processes can still be hooked into?

Reply Parent Score: 2