Trojans, Rootkits, and the Culture of Fear

Jon, a Mac Mini is $600 :slight_smile: How much have you paid for your PC + Windows license + VS license (+ MS Office or whatever else you’ve got)?

Your other arguments are good, but the “Macs are expensive” line is getting old fast, in fact it’s already obsolete.

Here’s something interesting: Sudo for Windows.

There’s been some debate in the comments about what kind of user experience there should be with installing software. I think it’s important to remember the examples Jeff’s talking about: .EXE files being sent via email that purport to be an “active” greeting card. If a legit ecard app needs admin access to install, then Windows is doomed.

If Microsoft is serious about users running non-admin in Vista, they’ll change the requirements for software developers to obtain a Microsoft-certified logo. Essentially, certification should ensure a piece of software be installed without admin privleges. If not, why not? I can see a hardware install or AV software requiring such access, but beyond that the reasons start to dwindle. I can’t see why a game install would need it. Wasn’t that the goal of DirectX?

This really should be about antivirus (which does run on linux and osx) being obsolete and debilitating to computers rather than an OS debate.

However, you’ll find most users do NOT run into security related issues all that often. A virus every now and then, some spyware, and the off chance of being added to a botnet. The majority of those people, I guess, hanging out on porn or crack/hack sites.

The issue should be problems with the user, not the OS. Advocating choosing Linux over Windows for security issues is VERY tired. At least advocate Linux for usability and a wide range of VERY available applications. That’s why I’ll be changing to Linux on my next PC build… not security.

Many thanks for including a full color reproduction of Munch’s Scream in today’s blog. It’s a glorious painting and states quite succinctly how many of us feel about computer security these days.

I’ve always wondered what happens when your VM gets corrupted. If its been hacked, even just for one session, it can still keylog your passwords and send your credit card details on.

But the culture of fear is soooooo marketable…

Almost all of their services are related to security. There even guaranteed for a whole 30 days…can’t beat that.

Comparing the conflict of interest issue in antivirus with that of auto mechanics is inaccurate. You want to take your car to the busiest auto mechanic you can find, because since he is so busy, his self interest is to get your car out the door and not see it again. It is only in the self interest of an auto mechanic whose business is flagging to artificially create business.

However, this relies on a scarcity: the mechanic’s time. The antivirus software developer does not have an analogous scarcity, so for him it really is a conflict of interest.

As to virtualization, I am more and more excited by this prospect, but not for security reasons. A virtualization layer can expose a standard hardware set, so researchers in operating systems no longer need to support every device on the planet to get their system into the real world. A Linux kernel is the best option for the underlying system for two reasons: 1. you can strip it down to almost nothing far more easily than Windows; 2. it has the broader hardware support than other candidates like Mach. Anyone want to run a Lisp machine again? Or howabout a Haskell machine?

Linux, Mac OS X, and “LUA” Windows Users are currently safe because there are so few of them.

For a malware author it isn’t economical to write malware for these users. If market share goes up the situation will change.

There is no protection against malware inside OSX or Linux and the security model has no advantages over Windows – actually the opposite is true.

This can be seen on thousands of compromised web servers out there where Linux is more prevalent (LAMP!). Most attacks against buggy PHP scripts are written for Unix platforms.

With the acquisition of GreenBorder Google is either trying to implement something similar to Protected Mode IE (i.e. browser sandboxing) for Firefox or it is trying to wrap ReadFile(), to insert ads into your favourite documents :slight_smile:

The problem with antivirus software is delay in releasing updates to clients. If new worm appears most AV products are unable to catch it, rendering them completely useless. And there are new worms every day. That makes AV product to be actually pretty useless, despite people pay money for them and then believe they are protected. IMO AV software is waste of money, as it just does not work.

What works is to have hardware firewall + some knowledge not to execute unkown stuff, but unfortunately average computer user does not have either.

I agree with Josh’s comments that this is not about OS. And advocating any one OS over another is truly tiring. Part of the problem of course the anecdotal stuff posted by Jeff that suggests that the problem is partly with Vista and talking about other OSes. As though they are less vulnerable.

On an equally anecdotal level I am using Vista and have had no issues with games or any other application.

Its really more about security software suites that are slowly becoming irrelevant. And about users not exercising some minimal sense. I am not using any of the big security suites (using light weight AVG and Defender) and I havent had any issues. Didnt have them with XP either.

(no flames please - I use Mac and Linux too - associated with a print shop)

Microsoft understands that the average user does not want to do the things you listed here.

They will never run as user only and even if they did they would surely type the admin pwd to get the “dancing bunny” thing installed so why would that help ?

They will never accept running a browser completely isolated from thei harddrive, how would that work witout removing most functionality of the web ? You couldnt even download a file with that which no user will accept.

The average user wants full power over their system, period.

What works is commons sense, and maybe that’s something we need to teach, with the risks that are out there maybe it’s time to dicuss a mandatory drivers license for the web ?? Why not ?

“It’s too bad the powers that be at Microsoft didn’t have the guts to pull the trigger on limited user accounts as a standard setup in Vista.”

I’m sorry, did you just completely forget the account you retold above where the person has pulled the trigger themselves and had a hard time with it? If they had pulled the trigger then waves of people would be turning off any form of limitation and returning to admin accounts because it’s too painful (It’s happening at the moment because they slightly botched the solution, but it would be far worse). We would have a security epidemic worse than is at the moment. You have to do these sorts of things slowly.

Get the rootkits trojans to the hell.

I think the answers of ‘use a mac’ or ‘use linux’ are flawed because in my mind, i can still download and run a rogue application, and it can still trash my data. Who cares about reinstalling the machine if all the data is corrupted.

Same with running as non-admin - that rogue program, running under your credentials, can still read all of your files looking for passwords and credit card details, and corrupting what it feels like.

Running windows in non-admin mode never worked for me. I had a few commercially bought programs (Adobe Photoshop Album 2.0) that would simply not work as non-admin (a nice dialog informed you of that on start-up). Non-admin (currently) just makes it harder, but not impossible for the virus writers. Death by 1000 cuts indeed.

Anecdotally, I’m sure my machine was last infected when I let someone use my computer. They were staying with us and I (thought I) set up a non-admin very low privilege account. Some sort of mostly benign trojan got me, and that was only defeated by a clean wipe - I was lucky.

Virtualisation is good, but it’s no panacea. Virtualisation is better because I can load of certain configurations (dev, not dev, playground) but trying to do it for things like email and browsing - the most exploited virus vectors - is pretty impossible. Graphical programs suck too. You’re still reinstalling a virtual machine, because the virtual machine has all the same downfalls of the real machine. You’re really just putting up walls to limit damage when it does happen, but are you really making that much of a dent in the problem? Oh, and you did buy all of those licenses for all those virtual machines right? Mr Universal MSDN is fine, but my mom isn’t.

Sandboxing - it’s mostly the answer. And not done the way .net’s access permissions work, but something that any old user can use and understand. Heck it should be something that any old programmer can understand too - because they’re the other 1/2 of the problem.

Most programs:

  • don’t need access to all files in the system (or all file types in the system)
  • don’t need access to system files (after install, ever?)
  • don’t need unrestricted access to all network ports/sites
  • don’t need to listen on tcp connections
  • don’t need unlimited network bandwidth
  • don’t need access to the entire registry

Done as part of the install (program supplies a manifest) and enforced from the OS would probably make a lot of these issues go away. The OS could highlight warnings (and allow the user to override) saying ‘no this program may not do xyz’. I’d like to do this with commercial programs that I trust too. I want to know what any program is doing or allowed to do in the system.

It’s not a simple fix, but MS (and others) will have to make some breaking changes at some point or they will continue to be plagued from all of nonsense. The truth is there’s a lot of things in Windows that are broken and not getting fixed anytime soon.

What’s the rest of the answer - I wish I knew. For now just filling up the security holes, avoid IE, and Hope For The Best ™.

Using IE or Firefox has nothing to do with this, there have been plenty of security holes in both browsers and also most users fail to update their plugin software like java, flash and adobe pdf which often have serious bugs.

Don’t go that way, don’t say “use this and that”, it’s not helpful to anyone to think they are secure just because they use a certain brand of whatever software, it’s ridicoluos. They need to use common sense.

Also, I think we exaggerate the problem, how often does this happen to an average user that uses common sense ? Me personally I have had this issue twice in 12 years and in both cases nothing really evil happened, it was quickly discovered and disposed of and after fixing everything I took the precaution to change my passwords for email and other things.

I think we have to live with this, and I don’t agree it’s a “security mess”, it doesn’t happen that often to an average user. It was a mess back on Windows 95/98 both which were impossible to secure but it’s not a “mess” today.

[ICR]: When Microsoft pulls the trigger, they put a few million dollars more into the usability of the trigger than that particular user probably did.

I think Jeff “Tiro Fijo” Atwood’s point is that if Microsoft made limited user accounts the default, they’d also put in the effort to make it as painless as possible. And it only gets more painless from there as application developers are forced to take limited users into account.

I’m not sure what you mean about doing this slowly. It took long enough to release Vista, so they had time to implement this default properly. It looks like everyone at MS was too busy waving their genitalia at the WinFS team and working on that UAC bollocks.

I recently switched to Ubuntu Feisty on my Thinkpad with XP running in VirtualBox. I’m pretty novice when it comes to Linux but Ubuntu has been a dream. I haven’t had any major questions or issues that didn’t have an answer readily available in their forums. When running XP, I barely notice a performance hit even with 2005 sql 2005 running. Also, pretty much all the software I need to get by on is available and easy to install. I’ve been so pleased w/ the Ubuntu that I’m pretty sure I wouldn’t even have XP if it weren’t for my work…There’s no reason to fear the Linux anymore. Try Ubuntu out and I promise you’ll love every bit of it.

I use linux, so “i don’t know what you’re talking about”.

Sorry i couldn’t resist.

Felix: “How much have you paid for your PC + Windows license + VS license (+ MS Office or whatever else you’ve got)”

That’s ridiculous, a Mac Mini doesn’t come with VS nor Office either. Take those out of your equation and I can buy a similarly powered PC for $350. Of course, that’s dramatically underpowered and the next step up in Macs is way more expensive then what I paid for my PC. That’s the biggest problem with Apples and price, there is no middle ground, you either get and internet surfing machine (Mac Mini) or a supped up powerhouse that’s twice as expensive and twice as powerful as the PC you really need.