New Tool Blocks Downloads From Malicious Sites 192
Hugh Pickens writes "Science Daily Headlines reports that a new tool has been developed (funded by the National Science Foundation, US Army Research Office and US Office of Naval Research) to prevent 'drive-by downloads' whereby simply visiting a website, malware can be silently installed on a computer to steal a user's identity and other personal information, launch denial-of-service attacks, or participate in botnet activity. The software called Blade — short for Block All Drive-By Download Exploits — is browser-independent and designed to eliminate all drive-by malware installation threats by tracking how users interact with their browsers to distinguish downloads that received user authorization from those that do not. 'BLADE monitors and analyzes everything that is downloaded to a user's hard drive to cross-check whether the user authorized the computer to open, run or store the file on the hard drive. If the answer is no to these questions, BLADE stops the program from installing or running and removes it from the hard drive,' says Wenke Lee, a professor in the School of Computer Science in Georgia Tech's College of Computing. Blade's testbed automatically harvests malware URLs from multiple whitehat sources on a daily basis and has an interesting display of the infection rate of different browsers, the applications targeted by drive-by exploits, and the anti-virus detect and miss rates of drive-by binaries."
Not new, vaporware (Score:5, Informative)
Great idea, and I can't wait for it to surface. But, don't get your hopes up. Brian Krebs reported on this back in February (http://krebsonsecurity.com/2010/02/blade-hacking-away-at-drive-by-downloads/) and it's been vaporware the entire time. Demo videos look great, but there has been absolutely no public movement on the project since this spring.
When it gets released, THEN post something to /.
Re:Not new, vaporware (Score:4, Insightful)
I don't know about progress or eventual usability, but they definitely come up pretty high on the "tortured acronym" list...
Re: (Score:2)
...they definitely come up pretty high on the "tortured acronym" list...
Try removing "Drive-By" from the name...
BLock All Download Exploits
I'm wondering if the "drive-by" portion is added by the journalists to play at their readers' level, or if it was an assumption of the potential customers' reading comprehension level by some dweeb in marketing.
Re: (Score:2)
Typical government acronyms. A lot of government agencies and defense contractors feel the need to give their product some stupid ass name like this to imply that it's a powerful program. I mean, it's called BLADE! It must be good. This is usually more important that actually describing what the device does. Thus, we end up with a lot of bullshit devices like "Kill, blade, death" and so on that all sound like doomsday devices but are real
Re: (Score:2)
It's even worse for studies in medicine, where I think they come up with a word and then just put out a phrase were about half the word are dropped in order to fit the backronym. For example: ALLHAT - The Antihypertensive and Lipid-Lowering Treatment to Prevent Heart Attack Trial.
Re: (Score:2)
At least they're not trying to be ALL THAT... though with your acronym they easily could have :P
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
But if it was published then, we would be crying about Slashvertisment.
It's not yet available (Score:3, Insightful)
Just like flying cars, warp travel, or a cure for cancer.
WTF folks. Why link it if it's not available? Sure, the "golly gee wiz" effect might get a whole five minutes if someone reads very slowly, but if it's not available then linking to it doesn't do anybody any good. By the time it does become available it will be long forgotten to all except those that make out a 3x5 card, and tacks it up on the wall.
Prior art (Score:3, Interesting)
Sounds like Mac OS X.
Re: (Score:3, Interesting)
I was thinking more along the lines of:
Well, it's called Tron. It's a security program itself, actually. It monitors all contacts between our system and other systems. It finds anything going on that's not scheduled, it shuts it down. I sent you a memo on it.
Life mirrors art? Then again, maybe I just have Tron on my brain after seeing an extended 3-D preview of Tron: Legacy at Disney's California Adventure on Friday. If anyone reading this can, I highly recommend visiting DCA to see the ElecTRONica section they have going on (Friday through Sunday nights). Flynn's Arcade is pretty well done.
No, I am in no way affiliated with Disney either. Just a fan of Tron.
Re: (Score:2)
Next time, though, lose the glasses and tailor the crotch to fit a man, not a woman.
Re: (Score:2)
I run Windows in admin mode, which of course permits these activities. Thus it seems BLADE would do nothing for me and my ilk.
Re: (Score:2)
Sounds like Mac OS X.
Except that Mac OS X isn't funded by the US military. I'm not an Apple fan, but their motives are all up front: they want your money.
Re: (Score:2)
Except that Mac OS X isn't funded by the US military. I'm not an Apple fan, but their motives are all up front: they want your money.
You think the Military works for free? They want your money too.
Re: (Score:2)
Re: (Score:2)
It also sounds like many of the firewall solutions we have today. We have firewalls that already block malware infested sites, through either the host file or through their own mechanism, and that will intercept/sandbox/delete anything that gets downloaded/launched without the users explicit permission. And we have firewalls/anti-virus solutions that automatically update themselves with the latest lists of blocked ip addresses, the latest lists of virus/malware signature definitions, and several that will e
Re: (Score:2)
We have those solutions (BlueCoat for one). However, most of the infections don't come from sites with good network security admins that have the budget for those appliances. Some malware gets past the firewalls (likely someone deciding they can tether their corporate PC to their cellphone and download pr0n that way) hits a company with competent network admins, the IDS blows, then the offending machines will be booted off the switch and shunted to a remediation server so fast, the bits will fly.
The infec
Re: (Score:2)
sounds like what every anti-virus should be doing.
Re: (Score:2)
I'd rather have it part of the OS. Almost all the functionality of antivirus programs should be at a lower level, although having signature scanning and the host based IDS available from different vendors will make it harder for a blackhat to make a "one size compromises all" piece of malware.
Ideally, it would be nice to have some features as part of the OS, including (but not limited to):
IP blacklisting. Of course, stuff can be whitelisted, but having the ability for a machine to grab a database of IPs t
Re: (Score:2)
No, that doesn't sound like Mac OSX, which is somewhat more open than Microsoft Windows (the OS fundamentals are OS). Are you thinking of iOS?
Interesting idea (Score:2)
But the data available to the browser and the programmability of the web browser must be inconsistent - there must be something that a webpage can do that is impossible to detect whether or not a human or a computer did it.
Take clickjacking for example, you trick people into clicking somewhere.
Although I love the idea. This could be extended to be social too: how many people ACTUALLY initiated this installation compared to it happening by itself? If nobody initiated it themselves, you can safely brand it ma
It's better the devil you know... (Score:2, Insightful)
The day the army/navy/government are responsible for my 'defence' online is coming. It's a red-pill blue-pill thing and I think I will prefer to keep the status-quo, chancing it with the malware from the safety of my linux PC. Running to the military to 'protect me' is simply naff, particularly online.
Re: (Score:2)
Law enforcement does have a role to play, though obviously it is not the whole solution. These attacks are no longer carried out by script kiddies for the hell of it. They are well organised criminal gangs who do it to make money. The criminal gangs who ram-raid banks and shops selling high value items are something the police etc deal with, even though the banks and shops concerned take security measures to try and make life more difficult for them. These people, or at least some of them are raiding ba
What the fuck (Score:5, Insightful)
You need a special tool to not automatically download and run the first program your web browser sees?
Downloads shouldn't start automatically. Downloads shouldn't run automatically.
Yet even sourceforge doesn't provide copy and paste friendly download links anymore. It's got to automatically start your download for you because you're just too fucking lazy to make one more click.
BADBDE. Fail.
Re: (Score:3, Interesting)
I'm guessing they want to prevent other websites from linking to the downloads directly and have them link to the project webpage instead.
Re:What the fuck (Score:4, Insightful)
Yet even sourceforge doesn't provide copy and paste friendly download links anymore. It's got to automatically start your download for you because you're just too fucking lazy to make one more click.
Actually that's an extra stop to serve you ads.
Re:What the fuck (Score:4, Insightful)
3rd Party (Score:3, Insightful)
If a browser permits "drive by" downloads like this, it's got a bug, and it should be fixed there.
But it can't be fixed there.
If you RTFA, you'll notice in their stats that the largest proportion of all threats exploit bugs in Adobe Acrobat and Flash plugins.
No amount of coding in Firefox can fix bugs in Adobe software, short of reverse engineering the plugin and applying binary patches on load to fix it (which should be considered a violation of the plugins license, in the jurisdiction where Firefox' development is happening)
The only real long-term solution would be to completely drop the proprietary p
...but it helps a lot. (Score:2)
Open-source doesn't magically grant immunity from bugs.
Magically : Not. But it makes bugs inherently more fixable. (A programmer only needs to be willing to fix it, access to the source makes it possible). See the fast response time when bugs are discovered in major open-source software.
On the other hand proprietary software can't be fixed by anyone but the software developers themselves (anything else would be difficult for legal and practical reasons). And the developers have their own agenda, on which you might not be top priority because you're not their ta
Re: (Score:3, Insightful)
Modern security relies on the wise supposition that there are and will always be flaws, therefore multiple layers of protection are employed to minimize the possibility of those flaws affecting you. This is called "defense in depth."
Re:What the fuck (Score:5, Informative)
You are right, download shouldn't run automatically. And actually, no browser intentionally allows downloading programs automatically.
Unfortunately, internet browsers are a quite complex piece of software which connects to a lot of other complex libraries, and each of these software elements may contain security vulnerabilities, used by exploits that download and run malicious code. The idea is this: some hacker find out about a security bug in some windows library (which could be a result of things like a buffer overflow bug), such as the library that displays some file format (WMF, AVI etc.), ActiveX, JavaScript etc., and then embed in a website some file that uses this exploit ( windows metafile, embedded video etc.). Such vulnerabilities are being discovered all the time, and Microsoft keeps releasing new security patches that fix these bugs, but from the moment the bug is discovered to the moment you download a security update there is enough time where your computer is exposed to such exploits.
I don't think it is realistic to expect software to be free of such vulnerabilities. Every OS got them. Fortunately for people using other OSes such as Linux, it is not targeted as much as Windows by hackers because it is not as common as a desktop OS, and the fact that most users do not run as admins also helps to reduce the potential damage of a malware. I believe there are other ways to reduce exposure to such exploits: for example, use data execution prevention and use a sandbox to isolate the browser and all the libraries it uses from the rest of the system. However, you need to design the system from ground up to be able to implement these measures properly.
Re: (Score:2)
Even if a browser is free of holes, add-ons are always an issue.
Ideally, there needs to be protection from the OS on up. This way, the OS puts the browser in a jail, VM, or sandbox, separating browser instances (windows, tabs) from each other. Since the instances are in different contexts, a browser window to a bank is not affected (or data changed in transit) by a browser window to a blackhat site that has executable code to execute in the browser's context. Techniques like copy on write from the browse
Re: (Score:2)
Drive-by downloads are not typically downloaded by your browser (except in the case of exploits targeting vulnerabilities in the browser itself). They are usually downloaded by browser plugins (such as Flash, Adobe Reader, various ActiveX controls, etc.) that contain vulnerabilities that are exploited (either via JavaScript or by specially crafted media files), and the payload of the exploit (the "shellcode") downloads and executes some Trojan EXE. It has absolutely nothing to do with downloads that are i
Easiest option: (Score:3, Insightful)
How about instead of having some program trying to figure out who's installing a program, how about no program can install another program? Download only, and it sits harmlessly until the user specifically goes, finds it, and runs it. In fact, have at the OS level, a captcha that needs to be filled in before a program installs. How's that? Think that'll stop anything? Probably work better than BLADE any way.
Re: (Score:3, Informative)
Try Comodo Personal Firewall, it already warns when a new program tries to install on your computer, and it's free.
Re: (Score:2)
Or howabout something more simple like sudo?
Re: (Score:2)
how about no program can install another program? Download only, and it sits harmlessly until the user specifically goes, finds it, and runs it.
Because "user...runs it" really means "user runs a program that runs it"; i.e. user runs a program that could have an exploit which fills in the captcha and installs the malware.
I was a bit surprised that the Applications Targeted by Drive-By Exploits graph indicates Java about 25% of the time, roughly half the rate of Internet Explorer. And I dislike Adobe software even more after looking at that graph.
Re:Easiest option: (Score:5, Insightful)
How about instead of having some program trying to figure out who's installing a program, how about no program can install another program? Download only, and it sits harmlessly until the user specifically goes, finds it, and runs it. In fact, have at the OS level, a captcha that needs to be filled in before a program installs. How's that? Think that'll stop anything? Probably work better than BLADE any way.
If I understand you correctly, you're talking about removing the ability to shell out another executable from within an executable. After all, what, exactly, is the difference between an installation app and a regular app?
They both have the ability to modify the Windows registry, output arbitrary data to arbitrary locations, etc - how do you think MS Paint saves that picture file your 3-year-old made by facerolling the keyboard and beating the family dog with the mouse?
"Fine," you state, "just disable the ability for an executable to start another executable, then."
Unfortunately, killing the methods of shelling out to an app would destroy most operating systems' functionality - after all, the kernel is an executable that runs other executables (such as the graphical shell you think is your OS), directly or indirectly.
"Sure," you say, "we can just make it so the kernel can do it, but nothing else."
Ok, now what do you do when *you* want to launch an executable, say by clicking a representation of its logical address located in that previously-mentioned graphical shell (ie, your desktop)?
"Well, we can just let the kernel and the rest of the OS do its thing, then," you respond.
Where do you draw the line?
Photoshop executes a dozen processes when it starts up.
Hitting a flash-enabled website in your browser can launch dozens of processes.
Javascript is "executable code".
A slightly looser definition of "executable code" could include HTML.
In short, this is not the correct direction to be looking for an answer in; your post getting a "+5, Insightful" amazes and bewilders me.
Mod Parent Up (Score:2)
Mod Parent Up Too (Score:2)
This is exactly the problem.
Mod parent up. He is correct to point out that the parent should be modded up, because it is indeed the problem.
Seriously, either mod it up yourself or move along. Posts saying "mod up" are pointless.
Queue someone not getting the point and calling me a hypocrite.
Re: (Score:2)
Re: (Score:2)
your post getting a "+5, Insightful" amazes and bewilders me.
You've been here longer than me - these things should no longer surprise you.
Re: (Score:2)
I'd go further and completely throw out the idea that an EXE inherits the permissions of the user running it. Each EXE should have its own set of permissions as if it were a user itself. Think how facebook or smartphone apps when initiated request permission to "look at your personal data" etc. Like that but simplified:
"Modify system files"
"Modify system configuration"
"Read personal files"
"Modify personal files"
"Talk to the LAN"
"Talk to the internet"
I'm fairly certain this can be gotten down to just a few o
Is this another Windows-only problem? (Score:4, Interesting)
Are there any other OS vulnerable to drive-by downloads? Funny how they rarely mention which OS are affected.
I'm guessing Mac OS X and Linux are both better protected since the OS can't initiate a program installation and then run it without the user permission.
Re: (Score:2)
I would have figured Macs to be a hotbed of virus activity, but there just aren't that many viruses that target Macs, because PCs are just too big of a market share. My reasoning is because Macs 'just work' which means that it should be a lot easier for that virus to 'just wok' with little-to-no user interaction. Of course, there are/were plenty of ways to install something without the user knowing on Windows.
It used to be so bad that simply connecting a bare vanilla Windows XP machine to the network and
Re: (Score:3, Informative)
Macs "just work" once you tell sudo your password. If I see the sudo box when I'm not expecting it, hitting the cancel button is much easier than typing in my 15 character password.
Re: (Score:2)
I'd give the credit to OS X for helping here. OS 9 and previous had more than their share of viruses for them.
OS X is not significantly more secure [1] than other commercial UNIXes (like AIX, Solaris, and Linux), but that the UNIX architecture is a great improvement over the days of having your application calling WaitNextEvent() unless you wanted to hang the box.
[1]: It does have some good security features built in. The SELinux-like mandatory access control functionality is a definite step in the right
Re: (Score:3, Insightful)
Re: (Score:3, Interesting)
They are poorly written because their roots go back to when the MS OS didnt have any concept of a limited user or a security model at all.
That isn't the answer. Windows NT introduced the idea of user permissios back in July 1993. If you wanted to be able to use the official "Written for Windows" certification (or whatever it was called at the time) then your software had to work as a limited user. If developers adhered to Microsoft's programming guidelines they would have got rid of the full-access assumption years ago.
And if developers had done this, then we would have all been running as standard users long before Vista. Even then, they onl
Re: (Score:2)
Although I understand and mostly agree with the point you are making, I think it is worth noting that Microsoft operating systems do share a large chunk of the blame.
Microsoft operating systems have never been easy for a home user to use when logged in as a non-Administrator. (I single out home users since I believe they are the majority of drive-by-download victims.) They all h
Great Idea (Score:2)
I'm not trusting something government funded.... (Score:4, Insightful)
Why should anybody?
Re: (Score:2)
stop visiting NAFLA sites.
Backronym (Score:3, Funny)
Firefox Addons should be in all browsers... (Score:2)
Re: (Score:3, Insightful)
As a fan of NoScript (the only plugin that *really* keeps me with firefox), I can tell you this: it's too hard to use for normal users.
Yeah, because Joe User can't be bothered to learn the following sequence:
1: Notice that an element of the page isn't "working as intended".
2: Click the little "S" icon in the bottom-right-hand corner of the browser.
3: (this is the one causing the most issues with NoScript usage, IMHO) select only the bare minimum of sites to allow scripting from (typically the one in the address bar, duh)
4: Profit! (view your youtube videos without most of the additional crap/ads/whatever)
Unfortunately, my experience is tha
Re: (Score:2)
(Obligatory bash: bash.org?149815 [bash.org])
Re: (Score:2)
Sometimes they try and make it hard on you, though.
I'm STILL trying to figure out the magic combination of sites that will let Zero Punctuation and Unskippable work without using "temporarily allow all"...
Re: (Score:2)
As a fan of NoScript (the only plugin that *really* keeps me with firefox), I can tell you this: it's too hard to use for normal users.
Yeah, because Joe User can't be bothered to learn the following sequence:
1: Notice that an element of the page isn't "working as intended". 2: Click the little "S" icon in the bottom-right-hand corner of the browser. 3: (this is the one causing the most issues with NoScript usage, IMHO) select only the bare minimum of sites to allow scripting from (typically the one in the address bar, duh) 4: Profit! (view your youtube videos without most of the additional crap/ads/whatever)
Unfortunately, my experience is that the typical response to "my youtube is broken!" is to either "allow all this page" or close FF and use IE...
As a user of noscript: yes, it is too hard for Joe User. When friends and family use my laptop I usually turn off noscript for them first. Or... wait until they fill a huge form with 27 fields and find out that it doesn't work because of noscript, click on the little S button, the page gets reloaded and the form gets reset... noscript is great but it's not for everyone.
Re: (Score:2)
It's really not that difficult, like you say, but it *is* annoying. I stopped using noscript because every page has so much stuff, running off of so many different servers, that I spent more time figuring out which scripts to allow than actually browsing. No "regular" user would put up with it for even the time it takes to get one site set up smoothly with it. I think you give Joe User *way* too much credit :)
Adblock with aggressive settings and updated subscriptions is fine for most sites, and is hassle-fr
Use Sandboxie to Virtualize Browser in Windows (Score:5, Informative)
http://www.sandboxie.com/ [sandboxie.com]
In addition, I also recommend installing FireFox with NoScript, AdBlock Plus, and Certificate Patrol addons on all platforms (Windows, MacOSX, Linux, *BSD, etc.) in order to minimize attack and spoofing vectors, which are typically JavaScript & Flash based.
Using SandBoxie, Firebox, and the above mentioned addons seems to be a just as good, if not a better solution, that the tool mentioned in the article. And they are all available now for free!
Re: (Score:2)
To avoid using a good tool, simply because no one has written a Free alternative, is myopic. Can you give a Free alternative?
ROFL (Score:4, Insightful)
Clicked the link to "interesting display of the infection rate of different browsers", and got
Hi. Javascript is turned off in your web browser. Good for you!
Ironically, to view our analysis results you do need to enable Javascript.
We promise not to bite.
Aside from the question of why I would need to enable Javascript to view their results, I found it highly amusing... and disturbing.
Kinda gave me the feeling of
"We're not doing anything evil, we promise! Oh, and we need you to let us inside your system's security before we'll give you any information".
Not exactly inspiring any confidence, here.
For instance, why isn't your page dynamically generated server-side, if you're trying to promote safe browsing practices? Oh, right, because you're not; you want me to buy your software...
I think I'll stick with NoScript and AdBlockPlus, thanks - they don't cost anything.
Re: (Score:2)
Also, I find it interesting that Chrome isn't listed in their statistics (after I hit the link with a snapshotted VM's browser) - despite that I have seen systems with apparent drive-by infections with no IE link on the desktop, quicklaunch, or start menu, no firefox installed, and a shortcut to chrome on the desktop labelled "Internet". Maybe the user was lying as to the source of infection.
Yeah, No Chrome.... (Score:2)
No Public Release (Score:2)
The reason this application has not been circumvented yet is because there has been no public release as of yet. Once the "bad guys" have the application to test against, they will find a way around it.
Re: (Score:2, Insightful)
Make Microsoft Windows ILLEGAL and we'll have taken care of 99.9% of the bullshit that happens on the internet.
Sorry, but how does that stop people from giving their credit card number to a purple hippopotamus or from buying whatever spam advertises?
Re:Which OS? (Score:4, Interesting)
That's like saying we shouldn't remove deadly exploding cars from the roads because 5% of the drivers are too stupid to drive. There's no link between the two. We can fix the Windows problem by removing it from the internet. Fixing users is done via education.
Right. But the percentages are wrong... the original asserted that removing windows would fix 99.9% of the bullshit on the internet. The parent correctly pointed out that it would do no such thing. "user" issues account for far more than 0.01% of the problem. Removing the Windows "exploding cars" might not even make a dent.
That's not to say we shouldn't remove the exploding cars, but we shouldn't justify it by claiming its going to fix the internet in any meaningful way.
Moreover, the windows as exploding car metaphor is flawed, because the OSX and Linux cars are not really inherently that much more secure in the hands of lowest common denominator users. If you pull the exploding windows cars off the internet within a few months you'll have exploding osx and linux cars to contend with.
Idiot users will let malware infest their systems regardless of what OS they are given if the malware asks them too. Right now, most malware doesn't work on Windows, but if you banned windows overnight, then a week later the internet would be a crap flood of malware that worked on linux or osx.
(Probably linux, because there is no way people could switch to OSX without buying apple hardware...so it would be a less popular choice.)
Re: (Score:2)
(Probably linux, because there is no way people could switch to OSX without buying apple hardware...so it would be a less popular choice.)
Uhm.. OS X runs on x86, now...
Google "hackintosh" [google.com] for more info, including detailed implementation instructions.
Hey, watch them mod points! I didn't say it was legit!
And, for those who don't want to sort through the links, here's one [lifehacker.com] that seems to do the trick, with no additional hardware required other than a spare thumbdrive. I didn't read through it in its entirety, but it certainly looks good - actually made me consider seeing if my brother-in-law (a mac-head) has some spare installation media... who kn
Re: (Score:2)
Uhm.. OS X runs on x86, now...
Um... so you are advocating that if somehow windows were banned that all those millions of lowest common denominator windows users who couldn't manage to keep their PCs malware free should all hack OSX onto their 2 year old $500 dell, and fiddle with it with no formal support from anyone in the hopes that they manage to get their audio, video, Ethernet card, wifi, sleep, and power management all functioning at the same time... and that it won't crater the first time try run app
Re: (Score:2)
Requiring programs to be exec modded before running
I've downloaded tons of stuff for linux, and I rarely have to make an explicit exec mod before running it.
Not determining file type by extension
And that adds to security how?
Requiring your password to escalate privileges rather than a yes/no dialog
Run windows as a standard user and it requires a password too. (It only prompts for yes/no if you are already logged in as an administrator.) See screenshots here:
http://unixwiz.net/techtips/win7-limited-user.html [unixwiz.net]
Re: (Score:2)
Run windows as a standard user and it requires a password too. (It only prompts for yes/no if you are already logged in as an administrator.) See screenshots here:
http://unixwiz.net/techtips/win7-limited-user.html [unixwiz.net] [unixwiz.net]
Note it is also possible to configure windows to always require the password entry. But I do not think this makes it more secure.
Interesting, this should make privilege escalation exploits much more difficult to pull off than the standard setup where the user is actually an administrator who just gets warnings before performing admin tasks.
Re: (Score:2)
I mean I could start a business selling four fingered gloves. Sure a few freaks can use them but its not going to be worth the effort.
I have four fingers you insensitive clod.
Mod parent Retarded (Score:2)
What is the point of trying to create a virus or exploit for an OS no one uses?
What do you think most servers are running? The servers guarding motherloads of valuable data and resources?
This is like saying there is no point making a lockpick for semi trucks because nobody drives a semi
Re: (Score:2)
It's more like saying removing a specific brand of car that suffers from regular breakdowns from the road would prevent 99.9% of all traffic accidents, despite the fact that the drivers themselves account for a measurable portion (more than 0.01%) of said accidents.
To that end, I think this software is kind of like having a passenger who helps you operate the vehicle more safely by giving you one less thing to worry about. User education is an important part of computer security but it can be discouraging
Re: (Score:2, Insightful)
Re: (Score:2)
What is ironic is that Microsoft is doing exactly just this in Windows 8. Software will come from a store/repository. So, if a user wants a copy of SuperDuperPooperScooper, they will just look it up on the store, have it downloaded and installed. Couple this with signed executables and a big warning before running executables that were obtained from other than that store, and it will help reduce the dancing bunny problem. Not completely eliminate because the pr0n sites with their "pr0n viewer codecs" wi
Re: (Score:2)
Yes, big warnings work really well. Bombard them with a lot of warning, all the time, I'm sure that will really help.
Re: (Score:2)
Suitable warnings are actually a science in how to do it right. Do it wrong, and you end up with what happened with UAC or "firewall" programs, where the user just has their eyes glaze over while they repeatedly twitch the "Allow" key, even if one of the messages was, "Allow malicious.sh to run dd if=/dev/zero of=/dev/hda?"
What is ideal is to try to minimize the warnings, but when it comes time to, have it be something the user is going to stop, read, and maybe ponder for a sec if it might be something the
Couldn't resist... (Score:2)
That's like saying we shouldn't remove deadly exploding cars from the roads...
There are still Ford Pintos [howstuffworks.com] being driven on the road today.
I saw one last week, driven by what appeared to possibly be the original owner. Beautiful condition (the car, not the owner).
Re: (Score:2, Funny)
I call this Gallagher Conditioning.
Re: (Score:2, Insightful)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Track the dialog-boxes that are shown on screen and your mouse clicks from a separate application that is (hopefully) invulnerable to whatever the webpage can do to your browser.
If the standard dialog-box was not shown on screen and the mouse didn't click there, then block the download.
Re: (Score:2)
Why should it? You've established that you want malware, so it lets you have malware.
Re: (Score:2)
Re:Interesting... (Score:5, Insightful)
I'm just waiting for Linux and OS X to inevitably catchup once they become viable targets.
I'd say that Linux is already a pretty juicy target. Sure it isn't running on most users' machines, but it does tend to be running on machines that do fairly important things. It already is a target, it's just that it isn't operated by the typical person that likes to lick digital doorknobs.
Re: (Score:2)
OTOH, those machines that run Linux and do fairly important things are not used for browsing the internet. Linux serves are a target for hackers. Linux desktop isn't.
Re: (Score:2)
Linux handheld increasingly is a target though. Android is I believe the second most popular operating system on phones capable of being used for web browsing behind Blackberry (though IOS has the highest market share of actual browsing sessions), plus there is Palm's WebOS and a few others from other suppliers.
Re: (Score:2)
You have to specify which phones your stuff runs on...
It's a little easier than you make it out to be:
http://developer.android.com/guide/topics/manifest/manifest-intro.html [android.com]
Specifically,
http://developer.android.com/guide/topics/manifest/uses-feature-element.html [android.com]
Re: (Score:2)
You're missing part of the equation. Malware that targets Linux doesn't survive long. We've got historical precedence of malware attacks on Linux. And we have historical precedence of malware that targets smaller target groups. What we also see is that, at this point, targeting Linux gets relatively little bang for the buck.
Re: (Score:2)
Don't forget that Linux programmers and admins don't shit where they sleep unlike Windows ISVs. This isn't MS's fault, but it is because Windows is the "default" computing platform for the mainstream. There is some esprit de corps on Linux, OS, Solaris, and AIX, where admins will work proactively and stop a would be intrusion in its tracks. UNIX users also tend to be in better communication with each other, so the time a sysadmin reads about a security issue, finds an emergency fix or workaround and patc
Re:how about just flipping the damn default? (Score:5, Interesting)
"Drive by download" is just a made up excuse by people who don't want to admit to what they were doing when they installed some malware yet again.
Yeah, like the user moving their mouse out of the way to read the text of an article, and coincidentally mousing over an ad purchased by a malware distributer that *looks* legit, and is on a legit site, but is actually just a method to throw their nasty bot into the download stream.
And before you protest that you've never seen that happen, I would like to inform you that I have - with my own eyes. Anecdotal evidence aside, this is factual to me.
More and more frequently, I'm seeing people saying that Windows is the primary security risk on the internet. Perhaps we should look into that.
Re: (Score:2)
Re: (Score:2)
Unless the malware program actually deletes Spybot as well as AVG and also changes your DNS so it redirects to a phony chinese search site instead of Safer Networking's site. This happened to me not long ago.
For me, SpybotSD has been more of a preventive measure than a fix-it tool. Same for AVG, actually. You're supposed to install them *before* you get infected.