Malware

Can we protect everyone from the World Wide Web?

Despite two decades of evolution, we are still vulnerable to all kinds of malicious attacks by people who want to extort money from us or who have sheer malice as their motivation, but the news isn't all bad; the World wide Web, the cause of much malice, is also the solution.

Today, I came home to find my wife struggling with a piece of ransomware, "System Security 2008." She had been fooled by the urgent nature of the message and had got herself caught in the loop and finally realized that she had been the victim of a hoax attack.

-------------------------------------------------------------------------------------------------------------------

This would not be a problem on a well-run corporate network; system security would have protected against it. However, many of us work with home users, and it occurred to me that people who do not have specialist knowledge are easy prey to these bloodsuckers. She realized what had happened and waited for me to come home and sort it out. I have Spybot S&D and the latest version of AVG running on all our home PCs, and these tools were more than a match for this malware.

The incident was soon resolved, but it got me thinking: PCs running Windows in its many guises are ubiquitous across the entire globe yet they are still unable to cope with such simple attacks unless the user has a modicum of technical knowledge. There are millions of "ordinary" home users who want to use PCs, like my wife does, for general Web browsing and shopping without the fear of clicking on the wrong link and infecting themselves with these nasty applications, though if someone could come up with a system to stop her shopping online on her days off, I would be most grateful and considerably richer.

The PC will never be truly user friendly until all these kinds of attacks are a thing of the past. The very nature of the World Wide Web means that anyone, anywhere can use it, and this means that there will always be the same balance of good guys and bad guys as you would find in any walk of life. It is easy to pretend to be someone else on the Net. I personally have adopted the guise of an overweight, bald, middle-aged Englishman while in reality I am a twenty-five-year-old, six-foot Adonis from Sweden. These people who try to extort money from unwary users are playing a role in just the same way, pretending to be helpful when all they are doing is getting their hands on your money.

Fortunately, for every one of the bad guys, there are many more good ones who fight a constant battle against such abuses. They work out solutions and post them for anyone to use. The Web will truly come of age when society itself does, when we can trust our fellow humans and share what we know in an atmosphere of openness and trust.

The Internet has gone a long way, in my view, to bringing this day nearer. Yes, we are all bombarded daily with rubbish and ridiculous requests for assistance in emptying secret bank accounts in Nigeria, and some might say that anyone daft enough to fall for such a scam deserves all they get, but with cooperation and education we can build a world that leaves such people with nowhere to hide.

TechRepublic's User Support newsletter, delivered Tuesday and Friday, features blogs, tips, and white papers designed for IT support pros. Automatically sign up today!

26 comments
Joe_R
Joe_R

I don't see anything change, at least not in the near future. I do think that people will get smarter as time goes on, and learn to recognize such things. Good article.

boxfiddler
boxfiddler

educate themselves in proper use of those things. They need to educate themselves in proper use of a computer, just as they do their chainsaw, tiller, lawnmower, washer and dryer. If they won't educate themselves, they need to pay the price for their irresponsibility, just as they would with their other things. Which unfortunately means that I do, too. Which means that, at every opportunity, I educate new users. It is still up to the user to put that education into practice, as with the chainsaw... eut

Lovs2look
Lovs2look

Yes! Education is the key. Just as you need to be tested before you can drive on the roads, so should there be a computer drivers license that trains users in what to look out for on the net, netiquette, basic troubleshooting, and basic operation of a PC. If I were that tester, I could "fail" some users daily! Ignorance is no excuse - if you don't know...find out.

santeewelding
santeewelding

Am not a user of chainsaws. Those things scare the bejesus out of me. Then, so do computers.

boxfiddler
boxfiddler

messing with a variety of welding torches, smithying tools, electrical current, and a little blue light that could blind you? Fear is one of the most remarkable things.

LarryD4
LarryD4

I can only protect, educate, and support the users I know. But their will always be the un-educated user who needs our help. If their weren't any we would be out of a job! :)

Sensor Guy
Sensor Guy

Good advice There's an old Spanish saying that goes something like this: "La pena is la hermana de jodete" In essence it means that acting on pity and going beyond your boundaries and capabilities will ensure your own personal destruction. One person or even a country will never be able to fix mankind's ills. Dirty Harry once said: "Every man has got to know his limitations"

Tink!
Tink!

To educate everyone on how to properly use the Internet is a never-ending task. For every one thing that we may manage to teach the general public, another new thing will popup and the process begins again. For as long as there are humans using the internet, there will be humans taking advantage of the human gullibility factor. There is no way to eradicate this without removing all humans. If anyone in the near future suggests making implants that would allow humans to patch directly into the internet without a computer, phone, PDA or other external device - shoot them please.

Sensor Guy
Sensor Guy

There are implants in humans in production using the Internet to transmit continuous medical data from live human beings. There are also medical alert devices that use VoIP to get emergency conversations to emergency technicians. The cat's outta the bag. You'll need a WMD rather then a gun.

Tink!
Tink!

Good uses like that are the first step on the stairway to absolute usage. Sure it might be a long way off, probably not in our lifetime, but once we start making progress in that direction it is almost inevitable where it will end up. Hopefully there will be enough smart people in power to realize that it's a very bad idea since there is no way to guarantee absolute security. Especially when we can see we can't keep people secure from the Internet now, or ever. P.S. I love how this discussion shows up on the front page "Can we protect everyone from the World". It sums up the whole discussion right there.

Tink!
Tink!

That sort of thing I can see as more beneficial than worrisome. It's the ones that will auto-connect or be constantly connected to the web (or any network for that matter) and access personal data that concern me.

Dumphrey
Dumphrey

how quickly people forget that freedom is responsibility. In order to protect everyone on the internet, it would have to be locked down, and every action accountable. Part of the original draw of the web was the freedom of information, which lead to the p2p revolution. Sharing copywrite material is just a sign of peoples shifting view towards information and data, and ownership thereof. And just as we should have the freedom to share said files, companies have the freedom to investigate and prosecute. Just as we have the freedom to send email, other have the freedom to send virus and trojans. Should this be legal? I think not. But I do not see it as the governments place to protect us from this, and most definitely not the place of big business to "protect us". We have a responsibility to protect our selves, and to help others protect them selves. One day, the net may be treated more as a "virtual country" with codified laws and customs, but even then, it should not be the government of a country that regulates and sets those laws.

lastchip
lastchip

Freedom does indeed require responsibility and unless you all want the equivalent of the Great Chinese Firewall, be very careful how you tread.

albert001
albert001

And when Microsoft releases a new version of Windows protecting users from themsleves everyone will complain about it and look for ways to turn it off. Let the flaming commence.

Sensor Guy
Sensor Guy

the more we realize the road to complete success will take more and more to complete. A clasic description of a successful, vibrant market hungry for innovation and ready to cast off its restrictive legacy. The good news is that wherever crooks and malfeance abound there is value and opportunity. That means the Internet has value and still creates opportunity. As the old 1920's famous gangster and premier bank robber Dillinger once said "I rob banks because that's where the money is" the modern crook and attention seeking vandal is on the Internet because they know that there is growing value in the Internet. The bad news is that the Internet must evolve from its roots as an engineering and scientific endeavor to that of a consumer environment. Even the term web is obsolete and creates an aura of complexity which must be hidden if we are to have the Internet succeed. I believe the current problems of security on the internet originate from 2 sources: The first is that many of the foundations of the internet such as DNS, although marvelous engineering and logic feats, were basically built and released without extensive testing. In the days of my technological youth, "just in time if not sooner and just enough to have it work" were the mantras of development and now we need to adjust to a new level of developmental audit, test and scrutiny on the Internet. This of course, must be tempered with continuing the Internet's "wild west" feeling of entrepreneurship. The other problem is that many very prevalent and successful tools of the Internet are devices or logic that have been stretched out beyond their original design point and the wildest dreams of its designs. We need to go back and rather than enhance, consider a radical view. For example, Windows has been stretched way beyond its design points. The designers of the cell phone have also taken that concept way beyond its planned design points as well. Linux, despite its flexibility and success is adaptability may also have reached its limits as well. Security issues will plague us until a whole new set of base design criteria that will abandon the past and espouse a new unknown future creates a as yet undefined family of products and markets for the connected lifestyle we are now beginning to appreciate. Just like the PC changed IT forever and wrested the crown jewels away from the mainframe, we need a new device that will finally free us from the PC as well. It may very well be that the incoming tsunami of sensors and actuators into the Internet turn the world upside down and finally push some entrpreneur to abandon the past and urge to support compatibility and drive us into new vistas of possibilities, free from the security issues of today.

Ethical_Loner
Ethical_Loner

And in this brave new world you espouse do you not consider that all that "opportunity and value in this "vibrant market hungry for innovation" might lead the malware crowd to greater heights of achievement as well? It'll be a catch 22 forever my friend. Everything technological will advance at more or less the same rate. Face it, without the thieves and malware writers a vast number of people would be out of jobs. It is in their own best interests to not create too perfect a solution that will put them in the unemployment lines.

Sensor Guy
Sensor Guy

The original article is the tale of woe about PC's web browsers and how they are insecure. "How do we fix this?" they ask.. The fact is that they are insecure by design, and this cannot be changed. It can't be fixed. Only a technological forklift upgrade that abandons the last 38 years of IT "progression" can "fix" it for the end user. So the answer is simple. To fix the security problem, eliminate PC architectures and go to unprogrammable consumer appliances. If the appliance can't store data or be modified, security in the device is fixed. If the concept is spread into the network, the problem is fixed there. Note I didn't say it was fixed everywhere. That is impossible. You'll just be passing and concentrating the problem in the "cloud" and it'll be someone else's cross to bear. Justifying jobs for security people in the PC era is a piece of social engineering I am not qualified to answer and don't care to answer. However, I'll venture to say that in 5-10 years they'll be as valuable and with the same career options as tape and printer operators have today. Will there be new opportunities for crooks? You betcha! Moving storage and data to the cloud will give those types of people new vistas for even greater malfeance.

Ethical_Loner
Ethical_Loner

How can we ever hope to protect EVERYONE from the web when we can't protect ANYONE from the web? Or from themselves for that matter. This is altruistic rubbish. The ONLY way is to protect yourself and if you get to be the home network guru then it will fall to you to TRY to protect the rest of your gang. There will ALWAYS be predators out there, in every walk of life. They're not just on Wall Street or in back alleys. Anybody who can get into your pocket either by you letting them in or them forcing their way in will do just that. Human nature, at least one aspect of it, and it is not about to go away - place to hide or not. We, most of us, might wish that things were not so, but we must play with the cards we have been dealt. And warm and fuzzy doesn't cut it nowadays. "When the power of love overcomes the love of power, the world will know peace"

Sensor Guy
Sensor Guy

A lofty goal, but not a definable objective. The other problem is that it takes some time for all the problems in the security and safety arena to come out to the light of day. The argument karks back to the "Spy vs Spy" cartoon scenarios. For every implementation of a safety feature, there'll be a new way created for crooks and miscreants to circumvent it. Reminds me of when interstates were first introduced a whole new set of law enforcement issues came out, many of them spurring even new governmental entities like the FBI. What took years to figure out is that interstates are one of the cornerstones and top tools of successful serial killers. Without interstates, one could not flee easily across the country....and then came the airplane!

flausher
flausher

Urmm...Is it just me, or is anyone else worried about the amount spam they receive concerning viagra? It's just, doesnt this suggest worryingly high level's of impotence? Moving on.. Personally, I think governments and so on should be doing more to clamp down on people creating malicous software of any kind. it's fine for people like us with the know-how to avoid getting these virus' and so on, but for the average joe user, it's becoming almost impossible for them to escape spyware, adware, and all the other threats out there. My parents for example, bless 'em, haven't a clue about computers, and last time i helped out with a problem on their comp, found 10 trojans just sitting there that they swore blind didn't have a clue how they got there... but of course, whoever made those stupid trojans has probably got away scott free, and my focus was more on removing the trojans. but once that's done, surely the culprits should be tracked down and brought to justice?

Jeff Dray
Jeff Dray

If I took up all the offers of 'enlargement' offered by the spammers in recent years I have calculated that I could probably bridge the gap between Britain and Europe in a totally novel way ;-)

LarryD4
LarryD4

Ironically, I have heard this disturbing news, more than once. People are buying and using Viagra as a enhancement to sex, even when one is not needed. And apparently it is enjoyed by both sexes. Hence the aggressive nature of the spam..

Tony Hopkinson
Tony Hopkinson

You must be young.... We are already in a tip, last thing we need is that lot getting involved. Apart from straight cracking most of the malicious stuff, abuses consent. How do you with a piece of software tell the difference between marketing mail shot for a useful medicinal product and spam? Did you tick the box, did you not untick it, did you read that little writing at the bottom where you agreed to recieve mailings from affilated organisations? Waste of effort, if I don't know them it gets binned or junked and then binned. It's the only solution unless it all gets killed, which is not going to happen....

CharlieSpencer
CharlieSpencer

I wish you well, but of all the things I with the US government would work on, malware is pretty low on the list.