Online THREATS



Dave
07-09-2005, 11:48 PM
Windows have asked me to put my beef on the discussion groups.
i didn't know ot would take half hour of mucking about.
SELF EXPLAINATORY... WHY DON'T "Fixes" from Microsoft and other Firms Work
Properly ?
Dear Anti Virus Firms.
1. On my computer, I have loaded Symantec. Norton AV 2004, which , after
Scanning , has told me , for about 2 weeks, that I have 25 at Risk Files on
my Computer -- Adware/Spyware/Malware. BUT will NOT delete any of them.
The ONLY option is Manual Deletion.

2, Earlier this Week, my "Guru" installed the Trial version of microsoft
AntiSpyware.
It removed 8 , leaving me with 17 Threats.

3. Yesterday, Panda offered me a trial of Truprevent automatic protection.
This removed 14 Threats -- leaving me with 3.

4. Running Norton AV , again, these 3 ALL Prove to be the same Adeare
"Adware.BetterInternet" BUT there is a REMOVAL TOOL.
I ran this TWICE , on each occassion, it finally told me I did NOT have
Adware.BetterInternet on my computer.

5. Ran Norton AGAIN --- still there....

IF ALL YOU FIRMS GOT TOGETHER AND POOLED YOUR INFORMATION, YOU MAY BE ABLE
TO PRODUCE A HALF REASONABLE PROGRAMME.
To Remove 24 threats, I would have to outlay WELL OVER $100 AUD, and still
NOT have complete protection for my computer.

WHEN can Computer Users, find GOOD PROGRAMMES, Which are FOOLPROOF, at a
Reasonable Cost?

IF, I purchase ANY, which is worthwhile ? NONE at the Moment .
Can you PLEASE INFORM COMPUTER OWNERS, When you have programmes on which
they can really rely?
Dave.


--
Dave.

Mike Hall \(MS-MVP\)
07-09-2005, 11:48 PM
Dave

All of the programmes are free, and some do specific tasks.. also, some of
the 'threats' are only tracking cookies..

--
Mike Hall
MVP - Windows Shell/User
http://dts-l.org/goodpost.htm





"Dave" <Dave@ bigpond.com> wrote in message
news:E06D18C2-7C44-4D14-8A5B-37C617E92BCD@microsoft.com...
> Windows have asked me to put my beef on the discussion groups.
> i didn't know ot would take half hour of mucking about.
> SELF EXPLAINATORY... WHY DON'T "Fixes" from Microsoft and other Firms
> Work
> Properly ?
> Dear Anti Virus Firms.
> 1. On my computer, I have loaded Symantec. Norton AV 2004, which , after
> Scanning , has told me , for about 2 weeks, that I have 25 at Risk Files
> on
> my Computer -- Adware/Spyware/Malware. BUT will NOT delete any of them.
> The ONLY option is Manual Deletion.
>
> 2, Earlier this Week, my "Guru" installed the Trial version of microsoft
> AntiSpyware.
> It removed 8 , leaving me with 17 Threats.
>
> 3. Yesterday, Panda offered me a trial of Truprevent automatic
> protection.
> This removed 14 Threats -- leaving me with 3.
>
> 4. Running Norton AV , again, these 3 ALL Prove to be the same Adeare
> "Adware.BetterInternet" BUT there is a REMOVAL TOOL.
> I ran this TWICE , on each occassion, it finally told me I did NOT have
> Adware.BetterInternet on my computer.
>
> 5. Ran Norton AGAIN --- still there....
>
> IF ALL YOU FIRMS GOT TOGETHER AND POOLED YOUR INFORMATION, YOU MAY BE ABLE
> TO PRODUCE A HALF REASONABLE PROGRAMME.
> To Remove 24 threats, I would have to outlay WELL OVER $100 AUD, and still
> NOT have complete protection for my computer.
>
> WHEN can Computer Users, find GOOD PROGRAMMES, Which are FOOLPROOF, at a
> Reasonable Cost?
>
> IF, I purchase ANY, which is worthwhile ? NONE at the Moment .
> Can you PLEASE INFORM COMPUTER OWNERS, When you have programmes on which
> they can really rely?
> Dave.
>
>
> --
> Dave.

Dave
07-09-2005, 11:48 PM
--
Dave.


"Mike Hall (MS-MVP)" wrote:

> Dave
>
> All of the programmes are free, and some do specific tasks.. also, some of
> the 'threats' are only tracking cookies..
>
> --
> Mike Hall
> MVP - Windows Shell/User
> http://dts-l.org/goodpost.htm
>
>
>
>
>
> "Dave" <Dave@ bigpond.com> wrote in message
> news:E06D18C2-7C44-4D14-8A5B-37C617E92BCD@microsoft.com...
> > Windows have asked me to put my beef on the discussion groups.
> > i didn't know ot would take half hour of mucking about.
> > SELF EXPLAINATORY... WHY DON'T "Fixes" from Microsoft and other Firms
> > Work
> > Properly ?
> > Dear Anti Virus Firms.
> > 1. On my computer, I have loaded Symantec. Norton AV 2004, which , after
> > Scanning , has told me , for about 2 weeks, that I have 25 at Risk Files
> > on
> > my Computer -- Adware/Spyware/Malware. BUT will NOT delete any of them.
> > The ONLY option is Manual Deletion.
> >
> > 2, Earlier this Week, my "Guru" installed the Trial version of microsoft
> > AntiSpyware.
> > It removed 8 , leaving me with 17 Threats.
> >
> > 3. Yesterday, Panda offered me a trial of Truprevent automatic
> > protection.
> > This removed 14 Threats -- leaving me with 3.
> >
> > 4. Running Norton AV , again, these 3 ALL Prove to be the same Adeare
> > "Adware.BetterInternet" BUT there is a REMOVAL TOOL.
> > I ran this TWICE , on each occassion, it finally told me I did NOT have
> > Adware.BetterInternet on my computer.
> >
> > 5. Ran Norton AGAIN --- still there....
> >
> > IF ALL YOU FIRMS GOT TOGETHER AND POOLED YOUR INFORMATION, YOU MAY BE ABLE
> > TO PRODUCE A HALF REASONABLE PROGRAMME.
> > To Remove 24 threats, I would have to outlay WELL OVER $100 AUD, and still
> > NOT have complete protection for my computer.
> >
> > WHEN can Computer Users, find GOOD PROGRAMMES, Which are FOOLPROOF, at a
> > Reasonable Cost?
> >
> > IF, I purchase ANY, which is worthwhile ? NONE at the Moment .
> > Can you PLEASE INFORM COMPUTER OWNERS, When you have programmes on which
> > they can really rely?
> > Dave.
> >
> >
> > --
> > Dave.
>
>
>

Dave
07-09-2005, 11:48 PM
Mike.
the Microsost is a Trialware- 60 days.. The Panda is Trial- 30 Days.
A REMINDER keeps popping up on the Screet, from both firms asking me if i
wish to Purchase. in US$ , naturally, which is MUCH higher in $AUD.
And, as I originally State, neither one does the job properly.
Symantec State that benet IS dangerous-- not just a cookie.
--
Dave.


"Mike Hall (MS-MVP)" wrote:

> Dave
>
> All of the programmes are free, and some do specific tasks.. also, some of
> the 'threats' are only tracking cookies..
>
> --
> Mike Hall
> MVP - Windows Shell/User
> http://dts-l.org/goodpost.htm
>
>
>
>
>
> "Dave" <Dave@ bigpond.com> wrote in message
> news:E06D18C2-7C44-4D14-8A5B-37C617E92BCD@microsoft.com...
> > Windows have asked me to put my beef on the discussion groups.
> > i didn't know ot would take half hour of mucking about.
> > SELF EXPLAINATORY... WHY DON'T "Fixes" from Microsoft and other Firms
> > Work
> > Properly ?
> > Dear Anti Virus Firms.
> > 1. On my computer, I have loaded Symantec. Norton AV 2004, which , after
> > Scanning , has told me , for about 2 weeks, that I have 25 at Risk Files
> > on
> > my Computer -- Adware/Spyware/Malware. BUT will NOT delete any of them.
> > The ONLY option is Manual Deletion.
> >
> > 2, Earlier this Week, my "Guru" installed the Trial version of microsoft
> > AntiSpyware.
> > It removed 8 , leaving me with 17 Threats.
> >
> > 3. Yesterday, Panda offered me a trial of Truprevent automatic
> > protection.
> > This removed 14 Threats -- leaving me with 3.
> >
> > 4. Running Norton AV , again, these 3 ALL Prove to be the same Adeare
> > "Adware.BetterInternet" BUT there is a REMOVAL TOOL.
> > I ran this TWICE , on each occassion, it finally told me I did NOT have
> > Adware.BetterInternet on my computer.
> >
> > 5. Ran Norton AGAIN --- still there....
> >
> > IF ALL YOU FIRMS GOT TOGETHER AND POOLED YOUR INFORMATION, YOU MAY BE ABLE
> > TO PRODUCE A HALF REASONABLE PROGRAMME.
> > To Remove 24 threats, I would have to outlay WELL OVER $100 AUD, and still
> > NOT have complete protection for my computer.
> >
> > WHEN can Computer Users, find GOOD PROGRAMMES, Which are FOOLPROOF, at a
> > Reasonable Cost?
> >
> > IF, I purchase ANY, which is worthwhile ? NONE at the Moment .
> > Can you PLEASE INFORM COMPUTER OWNERS, When you have programmes on which
> > they can really rely?
> > Dave.
> >
> >
> > --
> > Dave.
>
>
>

MAP
07-09-2005, 11:48 PM
This is whay happends when someone uses an anti-virus program to remove
malware,use a malware removal program insted.
Betterinternet is a BHO (browser helper object).try this one
BHO Demon - http://www.majorgeeks.com/download3550.html
Each program does something a little different in an ever changing world.

Sometimes,when you remove malware it will stop your TCP/IP
stack from working (Internet connection).
Winsock or LSP-fix will correct the problem,Download first.
Note to anyone using NOD32 Anti-Virus software,Do Not delete the
"imon.dll" this fix reports,This is your internet /e-mail scanning engine.

YES-You need more than 1 malware program,the one's below are all free
and work well.
LSP-fix- http://www.cexx.org/lspfix.htm
Spybot S&D - http://www.safer-networking.org/en/index.html
CWS Smart Killer- http://www.safer-networking.org/minifiles.html
About Buster- http://www.spychecker.com/program/aboutbuster.html
Ad-Aware SE - http://www.lavasoftusa.com/software/adaware/
MS Antispyware:
http://www.microsoft.com/athome/security/spyware/software/default.mspx
CWShredder - http://www.majorgeeks.com/download4086.html
Hijack this - http://www.majorgeeks.com/download3155.html\
Hijackthis tutorial -
http://forums.maddoktor2.com/index.php?showtopic=165
SpywareBlaster - http://www.javacoolsoftware.com/spywareblaster.html
SpywareGuard - http://www.javacoolsoftware.com/spywareguard.html
WinPatrol - http://winpatrol.com
BHO Demon - http://www.majorgeeks.com/download3550.html
asquared2 "Trojan Remover" - http://www.emsisoft.com/en/
Socklock- http://nsclean.com/socklock.html
A nice site -
http://groups.msn.com/TeMercInternetSecuritySite/malwarecountermeasures.msnw
NOD32Anti-Virus Free 30 day trial
http://nod32.com/download/trial.htm
Process Guard-
http://www.diamondcs.com.au/processguard/index.php?page=download
A link for free online virus and trojan scanners.
http://virusall.com/downscan.html

--
Mike Pawlak

Bruce Chambers
07-09-2005, 11:48 PM
Dave wrote:
> Windows have asked me to put my beef on the discussion groups.
> i didn't know ot would take half hour of mucking about.
> SELF EXPLAINATORY... WHY DON'T "Fixes" from Microsoft and other Firms Work
> Properly ?


What specific fix did not work properly?


> Dear Anti Virus Firms.
> 1. On my computer, I have loaded Symantec. Norton AV 2004, which , after
> Scanning , has told me , for about 2 weeks, that I have 25 at Risk Files on
> my Computer -- Adware/Spyware/Malware. BUT will NOT delete any of them.
> The ONLY option is Manual Deletion.
>


What has this to do with Windows? Anyway, most antivirus applications
do not scan for or protect you from adware/spyware at all, because,
after all, you've installed them yourself, so you must want
them there, right?

Neither adware nor spyware, collectively known as scumware,
magically install themselves on anyone's computer. They are almost
always deliberately installed by the computer's user, as part of some
allegedly "free" service or product.

While there are some unscrupulous malware distributors out there,
who do attempt to install and exploit malware without consent, the
majority of them simply rely upon the intellectual laziness and
gullibility of the average consumer, counting on them to quickly click
past the EULA in his/her haste to get the latest in "free" cutesy
cursors, screensavers, "utilities," and/or wallpapers.

If you were to read the EULAs that accompany, and to which the
computer user must agree before the download/installation of the
"screensaver" continues, most adware and spyware, you'll find that
they _do_ have the consumer's permission to do exactly what they're
doing. In the overwhelming majority of cases, computer users have no
one to blame but themselves.


> 2, Earlier this Week, my "Guru" installed the Trial version of microsoft
> AntiSpyware.
> It removed 8 , leaving me with 17 Threats.
>

First of all, Microsoft Anti-Spyware is a beta product, so it can
hardly be expected to be completely affective. Secondly, who in the
world would go to a "guru" (some sort of spiritual guide/adviser?) for
help with a purely technical issue?



> 3. Yesterday, Panda offered me a trial of Truprevent automatic protection.
> This removed 14 Threats -- leaving me with 3.
>

Again, what has this to do with Windows?


> 4. Running Norton AV , again, these 3 ALL Prove to be the same Adeare
> "Adware.BetterInternet" BUT there is a REMOVAL TOOL.
> I ran this TWICE , on each occassion, it finally told me I did NOT have
> Adware.BetterInternet on my computer.
>
> 5. Ran Norton AGAIN --- still there....
>

You know, I once saw a bumper sticker that read "Insanity is doing the
same thing over and over again, and expecting different results each
time." Seems to apply. Why repeat an action that you already know
won't work?


> IF ALL YOU FIRMS GOT TOGETHER AND POOLED YOUR INFORMATION, YOU MAY BE ABLE
> TO PRODUCE A HALF REASONABLE PROGRAMME.


You do realize, don't you, that by posting to a news group you're not
addressing *any* of the firms with which you imagine you have a grievance?


> To Remove 24 threats, I would have to outlay WELL OVER $100 AUD, and still
> NOT have complete protection for my computer.
>

Then you need to learn how to perform simple Internet searches. (And
replace your apparently clueless "guru.") You could easily have found
free solutions, had you looked. Or, better yet, if you had taken the
time to learn to safely use your own computer, none of this would have
been necessary.


> WHEN can Computer Users, find GOOD PROGRAMMES, Which are FOOLPROOF, at a
> Reasonable Cost?
>


Just as soon as those computer users accept responsibility for the
consequences of their own actions. Just as soon as computer users stop
expecting a computer to be no more complicated to use than a toaster
oven. But, as for "foolproof?" Never - fools are so damned ingenious;
they're always finding new ways to screw up.


> IF, I purchase ANY, which is worthwhile ? NONE at the Moment .
> Can you PLEASE INFORM COMPUTER OWNERS, When you have programmes on which
> they can really rely?
> Dave.
>
>


There are several essential components to computer security: a
knowledgeable and pro-active user, a properly configured firewall,
reliable and up-to-date antivirus software, and the prompt repair (via
patches, hotfixes, or service packs) of any known vulnerabilities.

The weakest link in this "equation" is, of course, the computer
user. No software manufacturer can -- nor should they be expected
to -- protect the computer user from him/herself. All too many people
have bought into the various PC/software manufacturers marketing
claims of easy computing. They believe that their computer should be
no harder to use than a toaster oven; they have neither the
inclination or desire to learn how to safely use their computer. All
too few people keep their antivirus software current, install patches
in a timely manner, or stop to really think about that cutesy link
they're about to click. These people are a danger to themselves and others.

Firewalls and anti-virus applications, which should always be used
and should always be running, are important components of "safe hex,"
but they cannot, and should not be expected to, protect the computer
user from him/herself. Ultimately, it is incumbent upon each and
every computer user to learn how to secure his/her own computer.

To learn more about practicing "safe hex," start with these links:

Protect Your PC
http://www.microsoft.com/security/protect/default.asp

Home Computer Security
http://www.cert.org/homeusers/HomeComputerSecurity/

List of Antivirus Software Vendors
http://support.microsoft.com/default.aspx?scid=kb;en-us;49500

Home PC Firewall Guide
http://www.firewallguide.com/

Scumware.com
http://www.scumware.com/



--

Bruce Chambers

Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH

cquirke (MVP Windows shell/user)
07-09-2005, 11:48 PM
On Fri, 27 May 2005 21:15:24 -0700, "Dave" <Dave@ bigpond.com> wrote:

>Windows have asked me to put my beef on the discussion groups.

"Windows" says that?

>1. On my computer, I have loaded Symantec. Norton AV 2004, which , after
>Scanning , has told me , for about 2 weeks, that I have 25 at Risk Files on
>my Computer -- Adware/Spyware/Malware. BUT will NOT delete any of them.
>The ONLY option is Manual Deletion.

You are scanning for malware while the malware is active. Is it
surprising the malware wins?

>2, Earlier this Week, my "Guru" installed the Trial version of microsoft
>AntiSpyware.
>It removed 8 , leaving me with 17 Threats.

OK

>3. Yesterday, Panda offered me a trial of Truprevent automatic protection.
>This removed 14 Threats -- leaving me with 3.

OK

>4. Running Norton AV , again, these 3 ALL Prove to be the same Adeare
>"Adware.BetterInternet" BUT there is a REMOVAL TOOL.
>I ran this TWICE , on each occassion, it finally told me I did NOT have
>Adware.BetterInternet on my computer.

>5. Ran Norton AGAIN --- still there....

OK - that looks like either a false positive (or residues) if the
removal tool is right, and a new varient unknown to the removal tool
if NAV is right. Residues is likely, i.e. where the malware's ability
to operate is destroyed by punching it out, but leftover malware
content is left lying around for other scanners to alert on.

>IF ALL YOU FIRMS GOT TOGETHER AND POOLED YOUR INFORMATION, YOU MAY BE ABLE
>TO PRODUCE A HALF REASONABLE PROGRAMME.

We already have helf reasonable programs, and that is as good as it's
likely to get, for as long as MS fails to improve maintainability
(e.g. a malware-safe Safe Mode plus a maintenance OS) so that when
(not if) the bad guy owns your system, you can get it back.

>To Remove 24 threats, I would have to outlay WELL OVER $100 AUD, and still
>NOT have complete protection for my computer.

What did you spend AU$100 on? Norton? The other tools you mentioned
(AdAware, MSAS Beta) are free, as are Avast and AVG that you could
have used instead of knee-jerk Norton.

>WHEN can Computer Users, find GOOD PROGRAMMES, Which are FOOLPROOF, at a
>Reasonable Cost?

When the OS is structured to facilitate recovery from malware
ownership. Until then, the only maintenance OS in town is a volunteer
effort from Bart's that is at risk of being litigated off the map by
MS at any time. Needless to say, that makes it a very high risk for
av vendors to invest in (i.e. develop for).

So you have three approaches from the av industry:
- hope the problem will go away / pretend what we have works
- develop for Bart, but charge a fortune to recover costs quickly
- build a mOS from scratch, which costs effort and therefore money

MS themselves fall into the first category, maintaining (in the face
of all evidence to the contrary) that XP on NTFS is sooo secure that
it will never be malware-owned, so need for recovery does not arise.

Avast have stepped up to the plate in the first category, building
exactly the siort of thing we all need; an av scanner written
specifically for Bart's PE, and bundled with it, that does the job.
Alas, it costs a lot more than AU$100 to buy it in a form that
freelance techs could use in the field to clean your system. It's
only cheaper if crippled to work within one domain only (fine for
corporate sysadmins, to hell with anyone else) or if it's crippled
further so that it works only on one PC.

Kaspersky's taken the third approach, as far as I know, by using a
bootable Linux CD to host their recovery (post-infection) scanner. As
Linux can't safely write to NTFS, I presume this is a "look, don't
touch" scanner that hopefully informs how to proceed thereafter.

Kaspersky AV doesn't fall out of the sky for free, either.

>IF, I purchase ANY, which is worthwhile ? NONE at the Moment .
>Can you PLEASE INFORM COMPUTER OWNERS, When you
>ave programmes on which they can really rely?

Firstly, when it comes to commercial malware in particular, it may be
a judgement call as to whether you wish to be rid of the "threat" or
not. That may be why you see "X threats found, Y threats removed".

For example, if I look in your medicine cupboard and find rat poison,
LSD and Insulin, I'd likely destroy only the rat poison. All three
might kill you if taken in excess, but you may choose to run the risk
of taking LSD in small doses for recreation, and you may need to take
Insulin to survive. And for that matter, you might shout at me for
killing the rat poison if you were planning on killing some rats.


Secondly, this is MALicous softWARE we are talking about here, i.e. it
is *designed* to be unco-operative and beastly. Is it really
surprising that detecting and removing this will be tricky?


Thirdly, a basic rule of combat is that whoever owns the air, wins.
If you are taxiing to take off and I'm over you dropping bombs, who is
likely to win? If the malware code is running and you try to start up
a defence tool, which is likely to win?

You'd only place bets on the second if the first was really useless,
i.e. a bomber who can't shoot straight, or a malware that ignores the
opportunity to defend itself or react punitively.

Right now, folks are flapping their arms and jumping up and down
because malware has started to take this opportunity, in the shape of
"root kits". A root kit is simply a malware that hides itself, by
tapping into all OS functionalities that might reveal its presence,
and thus censor the information flow to hide itself from view.

It's like phoning home to see if your family is OK, and one of the
home invaders picks up and (mimicing your wife's voice) says "Ah yes,
all's well, no balaclava-clad gun-toting rapists here, see you later".


The obvious thing to do is not rely on a word from iside the ?owned
house, but to check it out yourself. That means not running the
infected code (i.e. using a mOS) and then checking the code to see if
there are any known bad guys (blacklisting) and that only approved
code is in place in unaltered form (whitelisting).

Because of the constant code creep from patches, whitelisting is
difficult. What you you compare the code with, a data list on the
same ?infected HD? So you detect that info has been tampered with;
now what? You've just been DoS'd out of recovery, unless you have
something that will replace all known code. Where is that magical,
uninfected set of up-to-date code going to come from?

Let's assume you've verified the core code is OK. Now we can run the
OS in Safe Mode, but that's only malware-safe if two other conditions
are met; that the OS processes NO integration points whatsoever, so no
3rd-party code gets to run (integration by design), and that the OS
does not handle any material on the HD so as to expose an exploitable
risk surface (integration by code exploit).

Notice that the above applies whether you choose to clean malware, or
backup data and wipe the system. Unless you know what the malware
was, you have no confidence that re-infection won't recur (as has
already happened once). Without a firm difference between data and
code, you can't be sure your backed-up data is safe to restore.


Right now, we do not have a mOS, and the Safe Mode that the OS offers
is far from malware-safe, as it explicitly processes a host of
integrations by design (screensaver, file associations, drivers, BHOs
and shell integrations, even parts of the startup axis Safe used to
claim it did not run in Win9x) and it caresses material on the HD in
ways that are quite likely to be exploitable.

We can use 3rd-party media players, web browsers and email apps, so we
don't really need MS to provide those. We do need MS to provide core
OS value, and this they are failing to do.



>------------------------ ---- --- -- - - - -
Forget http://cquirke.blogspot.com and check out a
better one at http://topicdrift.blogspot.com instead!
>------------------------ ---- --- -- - - - -

cquirke (MVP Windows shell/user)
07-09-2005, 11:48 PM
On Sat, 28 May 2005 08:37:38 -0600, Bruce Chambers

> Neither adware nor spyware, collectively known as scumware,
>magically install themselves on anyone's computer. They are almost
>always deliberately installed by the computer's user, as part of some
>allegedly "free" service or product.

> While there are some unscrupulous malware distributors out there,
>who do attempt to install and exploit malware without consent, the
>majority of them simply rely upon the intellectual laziness and
>gullibility of the average consumer, counting on them to quickly click
>past the EULA in his/her haste to get the latest in "free" cutesy
>cursors, screensavers, "utilities," and/or wallpapers.

You're drifting in the right direction, Bruce - from "Neither adware
nor spyware" through "almost always" to "While there are some" to
"the majority of them". This is better than previous "blame the
victim" posts that failed to acknowledge clickless attack at all.

That commercial malware installs "by user's consent" is the
cornerstone of what makes it commercial; it allows an entity to remain
visible enough to be paid, while being able to plausibly deny that
they are malware vendors and should be shut down.

However, the distinction between commercial and traditional malware is
blurring, for two reasons. Firstly, legal defence of the rights of
users has been so poor, that cm vendors are emboldened to act more
like traditional malware; persistance in Safe Mode, resistance to
detection and removal, and yes, clickless attack. Secondly, some
things that pose as commercial malware may not be, or are hosted by
businesses beyond legal jusrisdiction.

Clickless attack is facilitated by IE, by design. Web-generated
content can spoof system dialog boxes, paint over the status bar or
page content, hook "close window" to actually launch themselves, and
so on. If a cm vendor wants to bypass user control, act against the
user's intent, or misrepresent themselves, IE provides all the tools.

Clickless attack is also facilitated by defect. Commercial malware
regularly exploits known code defects to get traction, such as those
within Java. That such behavior has not led to legal sanction is
proof of my earlier point, that cm vendors are not limited to "nice"
behavior because no-one is legally enforcing this behavior.

>> WHEN can Computer Users, find GOOD PROGRAMMES, Which are FOOLPROOF, at a
>> Reasonable Cost?

> Just as soon as those computer users accept responsibility for the
>consequences of their own actions.

When the system takes risk on behalf of the user, without giving the
user a chance to say no, then the full blame should be borne by the
system. Quick list: BadTrans.B, Kak, Melissa, Lovesan, Sasser,
Sapphire/Slammer, OpaServ... what do these have in common? ALL of
them are clickless attacks, where the only user blame you can
attribute is poor choice of software, and using it in default form.

>Just as soon as computer users stop expecting a computer to be no
>more complicated to use than a toaster oven.

And that will stop when vendors stop creating that expectation.
Windows hides risk info the user needs to see (e.g. file name
extensions) in order to make informed decisions. Then having
(reluctantly) displayed a risk indication such as file type, that the
user sees and consents to, the OS may act beyond that level of risk if
the actual material is at variance with the risk description.

For example, confronted with an .RTF file containing Word macros, the
OS concludes this is simply a benign error made in good faith, and
runs those macros automatically without extra user warnings. It's
like a cop who says "you'll never break into the house that way, just
by fiddling the locks; here, let be force open a window for you".

>But, as for "foolproof?" Never - fools are so damned ingenious;
>they're always finding new ways to screw up.

Yup. And the geniuses who write our OS are so foolish, they keep
offering new opportunities for the bad guys to screw us up.

The user makes no pretence of being technical genuises; in fact,
marketing keeps telling them not to worry about all that. It's the
system that beats its chest about how secure it is. So yes, while one
can blame both users and system, the expectations differ.

> Firewalls and anti-virus applications, which should always be used
>and should always be running, are important components of "safe hex,"
>but they cannot, and should not be expected to, protect the computer
>user from him/herself. Ultimately, it is incumbent upon each and
>every computer user to learn how to secure his/her own computer.

I do agree with you there. I see av as the "goalie of last resort",
not a license to be a drooling fool clicking everything in sight and
expecting your ass to be covered.

But a user can practive "safe hex" only if:
- they are asked
- accurate risk info is displayed
- the system acts no further than the risk consented to

If the system takes risk without asking the user (web site active
content, inserted disks, file content not being "opened" but merely
listed, ToolTip'd etc.) then the user cannot be blamed.

If the system provides no risk info at all ("here's an arbitrary file;
do you want to 'open' it?" or "here's an ActiveX control, which could
do absolutely anything; do you want to run it?") then the user has no
choice other than to risk everything, or deny interaction. Given the
Internet is about interacting with strangers, absent risk information
makes it impossible to do anything at all there.

If the system displays a low level of risk, then actually takes a high
level of risk, then once again, it's the system's "fault". If I say
"eat this cake", implying it's edible food, and it acts as a lethal
toxin, have you suicided or been murdered?


A problem is that XP is NT, and NT was designed to be a network client
within professionally-managed corporate installations. Several
ASSumptions flow naturally from that...
- the user's rights are trumped by the system administrator's
- the system administrator controls the PC from the network
- each user has a clearly-defined role
- so each user's login is shrik-wrapped around that role
- risk management is done by system administrator on user's behalf
- the system administrator is trained in the IT security model
- the PC doesn't matter, because all data is on the server

When you take an OS designed for those conditions, and drop it as-is
into consumerland, it's not suprising things don't work, because:
- user's rights are trumped by any notional "system administrator"
- the Internet is treated as just another big network
- so any fake "sysadmin" controls the PC from the Internet
- user may do many different things of varying risk
- so one login role doesn't fit all the things they want to do
- so everyone ends up running as administrator; maximum risk
- the user is not trained in the IT security model
- so user has no idea on how to manage risk
- the PC does matter, because all data is on it alone

If an OS is to be deployed in consumerland, it has to be shaped around
what the user knows and how the user operates. It's useless to expect
the user to behave as if they were an ant within a corporation.

I may start up Windows (why should I "log in", I'm the only user, duh)
and I may do my accounting, buy some stuff online, play a game, and
visit a few arbitrary web sites. The needs of those tasks differ
considerably; one set of access rights applied at logon misses the
spot entirely. I'd want my web browser to have zero access to my data
and zero rights to run stuff on my PC, but I'd want my accounting app
to access my data, and I'd want my game to have fast hardware access
bu no access to the Internet or my data at all.

So at home, LUA isn't about the User, but the application. It's
pathetic to expect me to log in as a notional untrusted user to view
web sites, log out and back in as a trusted user to do my accounting,
and then log out and log in again as administrator in order to run a
game that requires fast access to hardware.

Some of the most dangerous things I may do - quickly visit a web site
while waiting for something - and some of the most data-dengerous
things I may do - quickly look up and edit a client's account in
response to a phone call - I may do while in the middle of other
things that differ in risk profile.

Yes, I *could* pretend to be a bunch of cubicle dwellers, and add an
extra 512M RAM so I can do fast user switching between accounts, but
it's still a clumsy and inappropriate way of doing things. Like
pretending my car is still a horse-drawn cart, and having to get an
annual vetinarian certificate for the "horse".



>------------------------ ---- --- -- - - - -
Forget http://cquirke.blogspot.com and check out a
better one at http://topicdrift.blogspot.com instead!
>------------------------ ---- --- -- - - - -


Online THREATS