Linked by David Adams on Thu 30th Sep 2010 20:38 UTC, submitted by fran
Bugs & Viruses "To mark the first anniversary of Microsoft Security Essentials, the company has released some sobering statistics it has gathered during the past year via the free anti-malware software. According to Microsoft, Security Essentials has been installed on 31 million computers worldwide. Out of that group, 27 million users reported malware infections during the year."
Thread beginning with comment 443347
To view parent comment, click here.
To read all comments associated with this story, please click here.
lemur2
Member since:
2007-02-17

Not only is most malware installed voluntarily but there is still a huge problem with people having older versions of XP installed with updates off. It's an easy numbers game for criminals to play, they don't even have to go poking around for holes.


Agreed. The paradigm needs to change. It should be impossible to install software outside of a software installation manager, which requires even then a locally-entered password for a special-to-purpose account with elevated priveledge.

Clicking "OK" is not enough.

Reply Parent Score: 1

darknexus Member since:
2008-07-15

Agreed. The paradigm needs to change. It should be impossible to install software outside of a software installation manager, which requires even then a locally-entered password for a special-to-purpose account with elevated priveledge.

Clicking "OK" is not enough.


Hmm, as I recall that's exactly what the iPhone does now isn't it? We all know just how much we love that...
Repositories won't solve the problem. Openness won't solve the problem. Why? Because people don't care. They're not going to vet the software, and given how easy it is to add repositories in, say, Ubuntu, the paradigm will simply shift from "click this link" to "want some naked pictures? Just add this repository..." Next thing you know, you've got an infected glibc or worse. It's been verified all right... by the repository owner, who signed it with their gpg key which *you* validated when you added the repository! Do you really think malware writers won't think of that should this shift ever happen on a broad scale? They won't need to infect existing repositories. Most users will do anything they're told if told correctly, so they need only add *new* repositories. Again, social engineering, right out in the open.
So, how do we stop that? Only allow software to be installed from approved repositories? Wait though, isn't that exactly what we hate about the iPhone and Apple?
Bottom line: No matter what paradigm shift may happen, the malware will not be far behind. Package managers are superior, but they will not end the problem. They'll shift the delivery mechanism, but they'll only divert it not stop it.
There's only one way to stop this: user education. People need to stop treating their computers like magic boxes, get some common sense, and a little basic knowledge. They need to treat computers like tools, you have to know at least a little about how to keep them running well and how not to damage them.

Reply Parent Score: 4

lemur2 Member since:
2007-02-17

"Agreed. The paradigm needs to change. It should be impossible to install software outside of a software installation manager, which requires even then a locally-entered password for a special-to-purpose account with elevated priveledge. Clicking "OK" is not enough.
Hmm, as I recall that's exactly what the iPhone does now isn't it? We all know just how much we love that... Repositories won't solve the problem. "

Good try, but no. AFAIK, iPhone applications can be rejected by Apple for reasons other than that they contain malware.

Openness won't solve the problem. Why? Because people don't care. They're not going to vet the software, and given how easy it is to add repositories in, say, Ubuntu, the paradigm will simply shift from "click this link" to "want some naked pictures? Just add this repository..." Next thing you know, you've got an infected glibc or worse.


There are thousands of repositories, many of them are binary repositories. Because of the community nature, however, if a bad apple were to show up such as you suggest, the repository and key would quickly be added to a blacklist.

No system is perfect. There was a very isolated case with an IRC server sofwtare that had got "poisonned" on one or two servers recently, because the original authors did not provide any signatures. It was quickly fixed when discovered, and I believe the two dsitributions that picked up the bad software (Gentoo and Arch) have already changed their policy about unsigned source packages.

Once again, it doesn't require everyone to vet the software. In fact, it only requires one person to find the malware, and it will get fixed for everyone who uses the distribution. Quickly, without much fuss. According to the experiences so far, this is what happens in the real world. It isn't as though there have been no attacks via repositories, just very, very few successful ones. Maybe a dozen machines, worldwide, at most, in ten years, have ever been compromised via repositories.

It's been verified all right... by the repository owner, who signed it with their gpg key which *you* validated when you added the repository! Do you really think malware writers won't think of that should this shift ever happen on a broad scale? They won't need to infect existing repositories. Most users will do anything they're told if told correctly, so they need only add *new* repositories. Again, social engineering, right out in the open. So, how do we stop that?


Blacklisting.

Only allow software to be installed from approved repositories? Wait though, isn't that exactly what we hate about the iPhone and Apple?


Whitelisting restricted repositories, shouldn't be necessary, blacklisting malevolent repositories has been more than enough so far. Actually there haven't even been any of those, the one instance of malware getting into a repository was through pure slackness by the repository maintainers including unverified source.

Bottom line: No matter what paradigm shift may happen, the malware will not be far behind. Package managers are superior, but they will not end the problem. They'll shift the delivery mechanism, but they'll only divert it not stop it.


That is your contention but it it is not really supported by real-world outcomes with real wrold repositories and real world distributions.

In the real world, this delivery mechanism has been used for over a decade by many distributions for thousands of packages for millions of users, and the instances of malware can still be counted on the fingers of one person's hands.

There's only one way to stop this: user education.


Your claim is not at all supported by the actual facts.

People need to stop treating their computers like magic boxes, get some common sense, and a little basic knowledge. They need to treat computers like tools, you have to know at least a little about how to keep them running well and how not to damage them.


All that needs to hapen is to eliminate packages where only the author can know the functionality of the code. Make it so that such packages cannot be installed. Make it so that in order to get any ability to be installed, at least some real world actual end users of the software have to have the ability to know how it works.

That single step would eliminate malware.

After all, people won't buy or eat rotten fruit if they can tell it is rotten. At the very least, if rotten fruit is inspected and the inspectors could emplace a sign which says "this is rotten fruit" ... the amount of rotten fruit eaten would reduce from kilotonnes down to tens of grams.

Why should software be any different?

Edited 2010-10-01 04:52 UTC

Reply Parent Score: 3

Neolander Member since:
2010-03-08

Repositories won't solve the problem. Openness won't solve the problem. Why? Because people don't care. They're not going to vet the software, and given how easy it is to add repositories in, say, Ubuntu, the paradigm will simply shift from "click this link" to "want some naked pictures? Just add this repository..." (...)

Totally agree. A repository just puts several pieces of software together, it does not magically make each of these pieces of software malware-free. Unless of course we only use "trusted" repositories, and looking at the iPhone we know that it does not work that well as far as freedom is concerned. Plus, old-fashioned infiltration techniques still allow one to put malware in the repository.

The major advantage of the repository system is that it gets rid of the horrible installer ecosystem where you have to give admin rights to anything bearing a NSIS or Windows Installer icon. And OSX-like bundles do that just as well.

There's only one way to stop this: user education. People need to stop treating their computers like magic boxes, get some common sense, and a little basic knowledge. They need to treat computers like tools, you have to know at least a little about how to keep them running well and how not to damage them.

It would be the best solution, and it's the sole solution to problems like phishing in fact. After all, that's why we have driving licenses. On the other hand, that education program should be made as short as possible.

But even a properly educated user can't face an extreme lack of information.

Consider the following scenario : on Windows, you open an installer-looking program, and give it admin rights through the UAC prompt. It has a perfectly normal installer behavior, except it also silently installs malware in the background. The user won't know before the malware goes wild.

What went wrong there (apart from use of installers) ? Admin rights. They are a binary system where software either can do nearly anything or can do nothing outside the user directory. So malware and legit installers both require the same admin rights and can't be distinguished from each other.

The solution to this class of problems is a more fine-grained security model, allowing one to know what untrusted software is up to before agreeing or denying. Such a thing could eliminate a lot of malware by only telling the user to be careful with untrusted software and common social engineering tactics, and a tiny bit about the basic structure of their OS (folder hierarchy and things like that, nothing technical).

Edited 2010-10-01 10:54 UTC

Reply Parent Score: 2

nt_jerkface Member since:
2009-08-26

It should be impossible to install software outside of a software installation manager, which requires even then a locally-entered password for a special-to-purpose account with elevated privilege.


That isn't a viable solution due to all the existing third party software. I would also rather not see all software go through MS first.

Getting people off XP would make a huge difference. XP isn't secure enough by default and so many of those old installs are hopelessly infested and need to be reformatted.

Adobe reader needs to be dumped as well. It's a completely unnecessary security risk.

Reply Parent Score: 2

jbauer Member since:
2005-07-06

Adobe reader needs to be dumped as well. It's a completely unnecessary security risk.


Unfortunately alternatives suck badly. Foxit's text rendering is plain terrible, and IIRC even sometimes shares some vulnerabilities with Adobe Reader.

Reply Parent Score: 2