Re: Web searches hijacked by malware



On Wed, 9 Dec 2009, in the Usenet newsgroup alt.computer.security, in article
<7oag0qF3q69q0U1@xxxxxxxxxxxxxxxxxx>, Mike Easter wrote:

MT seems to be arguing with DHL, except to say that the same infected
user can neither make a rational decision about whether to target
malware remove *NOR* be able to flatten/rebuild.

True. The ``bar'' to using a computer has been lowered substantially
since the IBM PC was introduced in 1981. Before that, you had mainly
geeks or enthusiasts using the personal computers - such as the Apple
][ and CP/M systems. Even the first IBMs (probably up to the AT)
were of very limited use. Data transfer mechanisms evolved from
paper copies to floppy disks to dial-in to a BBS. That was about the
time that mal-ware became more common. Want a trip down Memory Lane?

NEWVIRUS.ARC 02-01-88 BEWARE NEW VIRUS + IMMUNIZATION FROM BIX 1024

VIRUSINF.ARC 02-17-88 ADDTL INFO ON COM/EXE VIRUS 6528

FILETEST.ARC 04-20-88 VIRUS DETECTOR BY DR. LEVINE 61056

That's from a 1990 directory listing at a BBS.

Now, what has changed in the twenty (plus) years since then? First
is that personal computers have become pervasive - probably as many
out there (overall) as television sets. In accordance with several
often quoted ``laws'', the capability of these systems has made
astounding progress. The system memory has grown from (literally)
hundreds of bytes to multiples of gigabytes. Magnetic media has
grown from kilobytes on a cassette tape to terabytes on a device not
much larger than that tape. And then we have connectivity to the
world, which started as a 300 BPS modem on dial-up to a fiber
connection limited by how much the provider wants to sell - but
gigabit service is available.

What has not grown is the skill level of the users. It's gone in
exactly the opposite direction. Most users technical skills are
limited to moving a mouse, and pressing the button[s] there-on.
They have no idea what is going on - even in fundamental concepts.
The Internet is one massive web site good for entertaining the user.
It's magic. And best of all, you don't need to know ANYTHING about
what is happening... oh, this looks like a pretty icon.

Maybe MT's ultimate argument is that the user should be using an OS
less vulnerable to such problems, which OS has been installed by the
'factory' -- maybe a Mac :-)

While a less vulnerable operating system might help, it's no panacea.
Snow Leopard and Ubuntu are proof of that. The O/S have to be
dumbed down to the (complete lack of) skill levels of the user.

At one time, there was talk of an anti-mal-ware capability being
added to windoze such that it would only run ``trusted'' binaries
that were somehow digitally signed, and the signature could be
verified at a microsoft site (more likely a content provider like
Akamai or similar) before allowing the binary to run. Obviously
this is a bad idea, as it's going to slow the operation down (while
the system checks the signature), won't work when you don't have
connectivity, and is a means of censorship/extortion by microsoft.

No, the solution to the mal-ware problem is education - requiring
the user to actually have some clue about what is going on. You
know the chance of that happening - remember it's a users naturally
given _right_ to be st00pid, and they won't stand for any
restriction of that right. Instead, if they look for anything at
all, they will look for some "silver bullet" that will prevent
mal-ware infestations, and clean up after one actually does get
installed.

---------------------------------
| Something Funny Just Happened. |
| Fix It For Me. |
| [ OK ] |
---------------------------------

Sorry - computers don't work that way.

Old guy
.