Author Topic: Educate computer users!  (Read 7316 times)

0 Members and 1 Guest are viewing this topic.

Offline Assarbad

  • AV research & development
  • Malware Experts
  • Sr. Member
  • *****
  • Posts: 368
    • View Profile
    • WinDirStat
Educate computer users!
« on: October 28, 2006, 01:55:51 PM »
Why is spyware (using the term to refer to spyware, adware and all these buggers at once) such a problem? Unlike for viruses[1] I would say that spyware is mostly a problem of uneducated computer users. The important phrase here is "computer users". I don't say that anyone here is uneducated with regards to not being able read or write. it is more how to handle computers, how to work with them securely and so on.

There is a myriad of factors that contribute to whether or not you will be a spyware victim. However, in my impression you don't need to be a computer expert to prevent your machine from being infected with spyware.

Since the "dawn or rootkits" in the spyware sector it is becoming increasingly complicated to defeat these threats. Also it is becoming increasingly dangerous to leave a previously compromised system running. For rootkits one should generally say that a compromised system should not be trusted ever again - with one exception: if the rootkit can be identified with a 100% certainty and has been analyzed to 100% (and I don't mean viewing the file in Notepad :lol:) it will be safe to remove it and its components without leaving remainders of it on your hard drive. Otherwise I say: reinstall.

But back to the topic. I am certainly the last to become a "Microsoft-Basher", but they have a great share of responsibility for the current misery. Here some of my theses. We'd have a safer internet if
  • ... the Internet Explorer would not have been bundled with the operating system
  • ... if the default account wasn't one with admin privileges
  • ... if software vendors would not ask for admin privileges upon installation of their applications all the time (e.g. access to HKLM)
  • ... if ActiveX did not exist in its current form
  • ... if the Internet Explorer would not be so tightly integrated with other OS components (partially mitigated with IE7)
  • ... users were educated enough to see, understand and mitigate the problems they create

Yes, you read right: I said the users are part of the problem. Although Microsoft can be accused of a lot of negligence when it comes to the separation of the TCB from normal (read: uneducated) users[2], the users could well find a wealth of information on the internet and in books to make their systems more secure. One of the biggest problems with the so called "data-highway" (i.e. the internet) is that basically everyone is allowed to "drive" there - having a "driver license" (i.e. the skills) or not. This is ridiculous. Of course I understand that there will be no way (except censorship, which no one wants) to force users from "driving" the "data-highway". However, one can appeal to the responsibility of the users thus motivating them to educate themselves or let others help to educate them. And frankly it is not just a matter of education - instead ignorance is a huge problem as well.

Let me give an example. I worked as a network administrator of a Windows domain for 6 years (and a little more on a voluntary basis). As such I also had "user-contact" quite often. Despite my and lately (when another admin joined in) our attempts to educate the users, we had no results. Let us take MS Word which is (too) often used by the students to write their thesis. Apart from giving up control about your information[3] the application was flaky and would often crash with bigger documents or documents with many (and large) pictures. However, even those who had their thesis almost lost because of Mr. Flaky-Ms-Word-2000, returned to it afterwards (once even just to almost lose the thesis again). The problem was that the document file could just not be opened again, MS Word would crash if you tried. The only rescue was (or StarOffice before) although much of the layout got lost then[4]. In German there is a proverb literally saying that a damage will make you wise - not so in case of Microsoft products as it seems. Whenever you try to get a user to use an alternative product this is turned down by some comment like: I don't know how to work with that. Funnily it can happen that in the next minute you get asked by the very same user how to do this or that in his "favorite" MS product - ridiculous. Same holds for Internet Explorer - users are reluctant to use a safer product (and I talk of the times of IE5, 5.5 and 6) and justify it with the "fact" that they aren't used to the other program. What the heck? If one saw most of our students surf the web it really doesn't make any difference which browser they use, as long as it is not a text browser. Well, what we did then was the hard way: we locked down all possibilities to use IE and put Opera and Netscape/Firefox on the desktop. And it really worked after a short transition time.

As one can see, ignorance is a huge problem, too. Let's face it, MS had not worked on IE for several years and not only was the usability a horror, the security was a much bigger issue. What are these poor users going to do now that they have to transition from IEx to IE7? Everything has changed ... menu items have disappeared or were relocated. Will they be as reluctant to it as they were when changing from MS Word 2000 to an alternative product or from IE to Opera and Netscape/Firefox? I bet not. Because it's labelled Microsoft again ... it does not "smell" differently.

So what can we do then? I say we should educate the users instead of investing to much in the removal of symptoms. Uneducated users are a problem and one that is very visible if you get the connection between the spam in your mailbox and the botnets on the internet. Spyware (actually all malware for this matter) is no more just a private problem of the user being infected with it. Often enough it is a problem to all of us. And users hold two keys to the solution of the problem in their hands:
  • They can put pressure on software vendors such as MS through their "consumption" behavior.
  • They can learn to be more security aware and help make the net a bit safer.

As noble as it is to help the victims of an infection, as much it is necessary to educate these people and make them "multiplicators" of this newly gained knowledge. I think it should be set down in the forum rules as the very first point that a user agrees to "safe-computing" for the future[5]. As I said, it is nice that users can turn here to get help. But instead of getting only help they should find help to help themselves. In my opinion the users and their behavior are the keys to an internet with less malware - not the fight against symptoms. (Yes, I know that often users turn here only after they have been infected. Reason enough to attempt changing that.)

Hope you got not too bored from reading this ;)

[1] - viruses use covert channels to intrude a system. Often skilled users will not be able to detect such an intrusion without helper programs (such as AV/AS programs).
[2] - the TCB (or Trusted Computing Base) is a theoretical part of the operating system into which only trusted entities can inject code. However, since the administrator on Windows is a trusted entity (though not strictly part of the TCB), he is allowed to help code take the step into the TCB (i.e. install drivers or services). The problem here is, that as opposed to how this reads, the administrator needs not to take any interactive steps - code running in the user context of the administrator just has his rights and that's it. Vista helps mitigating this by requiring an interactive step by the (human) administrator to acknowledge a certain action (UAC).
[3] - MS Word 2000 was saving a lot of unrelated information in the .doc files
[4] - ... somthing users love to complain about. Not seeing that MS has not documented the .doc file format and developers of other products have therefore to try find out how the format works.
[5] - of course he will get help the next time. But making a promise to be more security aware in the future could be a step to force the security issue into their awareness.
Oliver (working at FRISK but posting here as a private person!)

Clogged disks on Windows? Check out: WinDirStat

Offline JOSEPH

  • Blogging In 2006
  • Full Member
  • ***
  • Posts: 148
    • View Profile
Re: Educate computer users!
« Reply #1 on: November 05, 2006, 10:40:48 PM »
Wow! What a mouthfull or should that be eyefull of inyetresting commentary from your review. At the moment my own research is filled deeply and involved in rootkit payloads and hiders as such. A great area of CURRENT study and education on not only the Windows XP and (Vista?) vulnerbilities but the aspects that make up the code that functions from drivers/API hooking etc. which right now is a competition between developers on who can best invent & construct those invisible entries introduced into users PC from the web/programs etc.

Liked your Blog and got a chuckle out of your recent experiences encountered at the LS Camp. One thing is certain over there, they have their priorities making headlines all over various many security forums in a fashion only they are best at publishing.  :sinking:

At any rate, HIPS have taken a SOLID lead over many bot detectors although several have integrated HIPS approaches to cut down on the efforts of depending on the less-than-perfect submissions process that Ad-Aware-SE has fallen gravely behind in. Anyone simply need read Wilders Topics on AAW as well as many others weighing in (DSL Reports) (including right here at Landzdown Forums, courtesy Corrine's explicit advisement) that strictly confirms results of a lack of serious enthusiasm or could it be the robust competition is un-nerved that camp to the point where it is now in a state of near total confusion  :tease: at best.
EASTER (aka Joseph)