Discussion on:

Expert: IT industry has failed in desktop security

"There are a bunch of programs that ship with all major operating systems--including Linux, Mac OS and Windows--that can format your hard drive"

Incorrect. When was the last time you heard of a non-root user on Linux (or other free unices) that could format the hard drive? He's somewhere outside the ballpark -- not just in left field.

He seems to be completely unaware of the separation of user privileges between root and non-root users. His comments about MS Windows applications are on the money, though.

not in is knowledge of Linux, which as you said appears to be lacking. But overall, why can't the computer industry ship a PC that your grandma could use, browse major websites including myspace, yootube and any media sites, without fear of getting adware, spyware, destructoware, and getting her credit cards or login info stolen.

And it shouldn't be so easy for hackers to get into biz files or servers either.

And frankly, since we know (siteadvisor, google both monitoring spyware sites), why are they still up? If we can't turn them off it would be feasible technically to block them right at the ISP's internet connection so no-one else on the web could get to them.

And why aren't we using mass reporting systems where all PCs contribute to detecting spyware sites?

Ok, my random thoughts on this.

Formatting a drive can be done from a Linux Live cd, no need for root permissions

Ok, on to other things (told you, random thoughts). SW should be more secure, especially internet related, but how many people turn off Java when they are told that it causes a threat. Not many as it would keep them from getting the 'full experience' of the web. Well, that experience comes with a price...

And please do not get me started on having everybodys PC call an outside company to report things. I would be against that unless it was an option to tick on or off, with the default being off.

Personally, I believe that this issue will never go away. Someone will always try to break boundries because its human nature. The most logical way to combat adware, spyware, virus's etc. is not to restric a persons use but to teach them or give guide lines on how to use a computer with respect to avoid getting issues in the first place.

I think you do need to educate users
but would you bet the health of your company's network on someone at min wage who doesn't care?

you need to lock down your system too.

and I'd like to block the 5 bad ISPs that stopbadware.org says host bulk of malware sites. That seems like a positive step. Others have posted that you can put these into your hosts.deny file on Unix like systems, or use something ghostwall free firewall for windoze.

Why should I have to make an entry when ISPs that connect me to the internet could and should block them, if they are not responsible enuf netizens to get rid of criminal sites on their servers. Grandma driving her honda at 37mph to the church on sunny sundays will not know how to do modify her local PC, so industry has failed end users.

here's the article

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9018820

Why does drive by installation of malicious files work.
So drive by install of non malicious files works.
With out the backstops in my set up I'd get caught out on occasion. I'm meant to have some sort of vague clue about what's going on as well.

Remember the sony root kit ?

How would education solve that one?

Education would solve that by educating people about choosing a better OS platform, I guess.

The security of a computer system affects everybody who owns or operates one. Microsoft spends millions on ad campaigns claiming to be the computer owner's best friend. Who has offered to spend even one dollar to inform the public that all is not what it seems? People don't trust 'word of mouth' statements anymore. If someone important looking doesn't tell them on the TV then there is no basis for belief. The first two computer systems I became familiar with, Atari and Commodore, I just trusted, whether it was from their reputation or just plain ignorance of what could be done. New users just naturally want to trust Microsoft also. By the time they find out Microsoft is less than trustworthy, they're in so deep financially, with antivirus, malware, firewalls, and who knows what they'll be spewing out next year, that they think it's cheaper to just update and bear with it. The answer? YOU SHOULD BE ABLE TO TRUST THE OS AND THE COMPANY THAT DESIGNED IT IMPLICITLY!! Where have we lost the guts to demand a good product?? Everybody in this thread who says Vista is ok is at the top of that list. What do you mean Vista is a great OS?? Because nobody has taken control away from you yet? Security has been the largest issue put on Microsoft for a few years now. Security SHOULD have been the top issue dealt with in the designing of a new OS. It's obvious it wasn't. WHY??? People demanded it, when Vista didn't deliver, people just rolled over and said, "It's perty and golly, I don't see nothin wrong with it, course I just use it to count my herd of sheep". And thats the word that gets out top the public, it's perty and new. And Microsoft skates for a few more years, even though they didn't do anything except make it prettier with a few bells and whistles. I guess those of us who see past the bells and whistles don't count because security was not dealt with, only switched around to a different hole in the swiss cheese. Don't say it's good if you don't believe it yourself, or you're not computer literate enough to see below the surface, because that's where the problem lies. You get a feeling somebody's sneaking just by some of the commands, (mutex, install silently, logon anonymously, secondary logon,succeed silently, etc.) I'm sure you can add some more, but my point is, they didn't even have enough respect for us to hide those commands, so we've become accustomed to seeing them (or should I say 'conditioned') that we hardly notice another slipped in occasionally. I'll only use the first word as an example, mutex, to me, sounds like something that has changed and is no longer working for the good of the whole, but working under it's own agenda. Whether that is true or not is irrelevant, the idea gets planted in our subconscious anyway. After a while, we see things like that and don't think anything about it. That's when we lose the battle for dominance over our small domain. Sight is one of our oldest and most reliable senses. Microsoft conditions us to ignore the visual alarms that those commands raise, and we're lost. Just my humble opinion.....

except for silent installs and drive bys.
If you buy your new piece of kit from sony to run under Ubuntu or Vista and it asks for root/admin elevation....

But for the back door, they would have probably got away with it.

Mass reporting = big brother. The only one who could enforce mass reporting would be a government (and which government would you propose handle this?) and people are adamantly against mandatory reporting to the government for anything.

My mom has a problem using a VCR. Personally I want my computer to do more than a VCR can.

Do you understand all the different technologies that go into sites like myspace, and yootube (and in my opinion these are some of the sites that should be blocked)? Heck just look a picture formats. There are literally hundreds of different standards. The reason that computers are vulnerable is that people want flexibility and with flexibility comes complexity. The more complex an item is the less likely it will be perfect. Look at the Hubble space telescope. All they had to do was make a perfectly flat mirror, which they did, but they made it to the wrong specification. These are some of the top paid engineers working on a fairly simple concept. Now I am not saying what they did was easy. Making a mirror that perfect is difficult, but how many times do you think the specification was checked? And then they didn't find out until it was in space and everything was fuzzy. You think they would run some tests on it before they launched it into space.

As for shutting down spy ware sites, one of the problems is tracking them to a physical location and then, when you do, what country are they in? What law enforcement agency do you contact? What legal process is in place to force them to shut down? Is what they are doing illegal in that country?

Bill

I was thinking of mass reporting to private industry consortiums. you couuld subscribe or not. these would log spyware sites.

and I was talking about blocking them effectively thru the mass communications. If they could never or rarely infect a system, who cares about tracking them down? they'd shut themselves down thru lack of 'customers'

In fact this would save legal authorities ALOT of money as very few cases would ever get to them if they could be effectively blocked to the world almost the instant they did something nasty like infecting a PC.

Since the multi-billion dollar industry of anti-spyware/virus/adware is an artificially created entity, all the above will NEVER go away, even if the hindrances to evolution of the computer were all to be found and dealt with, rather than wither and die like REAL industries do when they are no longer necessary, this industry will, and probably already does create their own to keep sales percentages up. An example is a select few virus' that just popped up and only one antivirus knew how to deal with it. Sorta made me think the virus author wrote the fix for it also. And most sheep just said, "Oh, OK, thanks for the fix" and didn't think any deeper than that. There isn't any antivirus vendor who has that much of an edge over their competitors. So, while the rest are scrambling to find a solution, and one already had it, I'd say they had it when the virus was unleashed. If consumers keep buying new products just because someone says they need it to be protected, the industry will keep growing. The salesman's job is to convince you that you need his(her) product, regardless of whether you really do need it or not. How far could the computer revolution be now if half the programmers didn't need to spend their time writing protection programs, to guard against the programs the other half of the programmers were writing. We'd probably have systems that were powerful enough to send us to our favorite star system on a beam of light generated by an array of super computers. Instead, we're fighting with Microsoft to make an Operating System that isn't compromised within twenty minutes of the first internet access. I'm not familiar with the major differences between phone service and internet service, but aside from the NSA's latest invasions and cell phones, go ahead and try tapping into someone's phone line, without physically accessing their line running into their building. And, except for wireless, which I'll never trust anyway, internet access uses the same phone line and nobody in this world has been able to secure it since the internet came online. Somethings fishy in Denmark, sorry Denmark, just a figure of speech, but I'll say it again, if the internet becomes secure by some fluke of nature, it'll crash a whole industry, even though that industry could be looked at as a tapeworm feeding off the internet. Just my humble opinion.....

warhippy: in general good concept thinking but your "proposed solution" is fundamentally flawed; packet switched networks are architecturally inherently different from circuit switched networks (conventional telephones)...circuit switching cannot do "internet"

Is the article saying that Minesweeper can format your drive?

Odd

The problem it's bringing up isn't the idea that Minesweeper has built-in drive formatting capabilities -- it's that Minesweeper has access to the system that would allow it to format the drive if such capabilities were programmed into the game. That means that, for instance, it's conceivable (if highly unlikely) that an "infected" form of Minesweeper might format your drive.

Let normal users format drives either (at least not NTFS in XP, guess I didn't try FAT32, or Win98, maybe they are more common than I think.

I think that what he was getting at is that in all current-day OSes, any program that a user runs has permission to do anything that that user is authorized to do. That's what he meant about Minesweeper having ability to write to or format a drive.

What he is suggesting is that OSes should be designed so that programs only have authority to do what they need to do, so that Minesweeper, for instance, would only be able to read mouse and/or keyboard input and output to the screen, and possibly write to a scorekeeping or config file. Anything else, like being able to call a program that could format or delete would be forbidden by the security model.

It's a very foreign concept, since it's totally different than everything we've dealt with so far, so it may be a bit hard for some people to grasp, but it makes a lot of sense.

An analogy would be like security in a company. People that have to have access to everything, like the security people, would have a key that would open everything, or a set of keys that will open everything. Others would only get keys to open doors that they have a need to enter an no others.

So in our theoretical OS, a Minesweeper program would never get access to the network or most areas of disk. The browser would not be given access to call a format or file delete program or function.

I don't know exactly how that would be built, but it would take the concept of least privilege and apply it not only to the user, but also to the programs, if not the OS itself. So I can see where Ivan is coming from, and I don't think it's a matter of his lack of knowledge of OSes, but rather that he is proposing a new concept of security.

But
If a programmer writes a program to do something malicious, then they will code for that as well, giving the program elevated permissions.

Although a new OS model may be able to capture this better, it will always remain a problem. SW has bugs, and an exploit may be able to pass the security of the program to elevate permissions.

In Windows, a program can be set to run as 'System'. I always thought that this was a bad idea, but it does allow for things to run with nobody logged on. If a program is either coded for this ability, or altered and given this ability, then there is a security hole. Within this hole, the entire OS is at the programs will, and anything can be done.

In the Minesweeper case, I think you are right. Most programs should be written for the least permissions needed to function properly.

I just objected to the guy's lack of understanding of how certain OSes work. He came right out and stated without equivocation that certain things could be accomplished with normal, unprivileged user access on certain systems where that was simply not the case.

"That's what he meant about Minesweeper having ability to write to or format a drive."

I understood that -- and he had a point. The same point doesn't apply to (most?) modern non-Microsoft OSes.

"What he is suggesting is that OSes should be designed so that programs only have authority to do what they need to do"

That's why free unices like Linux distributions and *BSDs allow you to run applications and services under the authority of specifically limited user accounts. For instance, it is standard on most free unices to run Apache as an "apache" user.

"Anything else, like being able to call a program that could format or delete would be forbidden by the security model."

Unless I specifically provide that capability for an unprivileged user account to do that, nobody but root can create or destroy a standard filesystem on my FreeBSD machines. That's default behavior for FreeBSD. The same applies to most, if not all, other *BSD OSes and Linux distributions (though the Ubuntu family of Linux distributions is one case where they're pushing the envelope of Microsoft-like standard user account privileges).

"It's a very foreign concept, since it's totally different than everything we've dealt with so far, so it may be a bit hard for some people to grasp, but it makes a lot of sense."

Judging by what I know of you from past experience here at TR and reading your TR profile, I would expect you to know better than that.

"The browser would not be given access to call a [. . .] file delete program or function."

So much for bookmarks. I guess you don't get to save URLs in your browser interface any longer. Good luck making that idea fly.

"I don't know exactly how that would be built, but it would take the concept of least privilege and apply it not only to the user, but also to the programs, if not the OS itself."

The general Unix security model, as it currently exists, allows for exactly that sort of security. Unfortunately, in order to also allow for everything else you need your OS to do, it needs to provide means of surpassing such limitations. As a result, it's ultimately the applications you use that need to be written to be more secure -- and, that being the case, we need people to pay attention to such needs when writing software. The only way to effectively enforce that sort of security model across all applications is to use open source software, obviously -- but (as I've said elsewhere) it'll take education of users (and developers) to provide the impetus needed to promote this sort of careful, fine-grained security.

The responsibility for security rests with the software developer. If they can't provide needed security for their work, they need to go back to school and finish their education, instead of adding to the security problem. The ultimate answer to the problem is to put the OS back on a ROM chip where it started and where it's safe, instead of making it so accessable by EVERYTHING. Software-based OS's remind me of the experiment station toys like Radio Shack sold. 101 different experiments included in the set. It's hard for an OS to be the backbone of a system if it's so easily manipulated. It should be rock solid, and if a program needs it to change a little, use that programs own software to enact the change. When you are able to change the OS to work with your own little project, you're taking the chance of making it incompatible with everything else that's gotta co-exist. Just my humble opinion.....

The way I see it, if you are going to use a tool, then you had better know what the dangers are. If I go out to build myself a dog house, I should know that my power saw can cut my hand off, and use it properly to prevent that eventuality.
Same thing goes for using a PC. Know where the danger lies and avoid it or protect yourself from it.
Kind of like the whole safe sex thing.
But hey, what do I know anyway?

when you're a teenager getting first car, you don't suspect that if you drive too fast late at nite, and sprinklers are on you might lose control?

I think PCs are kind of like the small reactors on stargate - they can do wonderful things, and they can blow up or overload, taking out your house.

speak for anyone else's kids or parenting skills, but my kids will DAMN sure know the dangers before they ever take a car out by themselves. But then again; I will also teach them how to handle a car a whole lot better than the point and go technique most drivers use these days. I for one, believe in teaching our youth the right way to live their lives instead of the new attitude of most parents these days who just let their kids do whatever without some discipline in the home.
To be quite frank, the way most kids are raised these days scares the crap out of me.

you can teach people to be careful but you can't protect them from all dangers. Just living and sitting in your house you can be in danger.

Naqahdah generators -- that's probably what you mean.

While you may not have known this, I and many others do make the effort to know these things. By the time I left school, there wasn't a single mechanical or electronic device that I couldn't explain in terms of the way it works and the possible danger of it failing.

If you know the first, you can work out the second.

If you chose not to know, you chose to fail. No one else is responsible for what you know but you, and no one else should have to cope with the costs of you not knowing but you.

I can set up windows in a way where it is reasonably secure. My users do not have access to install software, and they do not have admin rights.

Proper knowledge of any OS will allow you to configure it in a way, where the restricted user is not subjected to spyware, etc.

Microsoft and others have continued to try and push forward a highly restrictive, secure OS.

The failure is the massive amount of software produced. Large software companies can and (sometimes) do design software that will run and execute properly with limited user rights.

Many others, such as Palm's Synch software, remain notoriously incompatible in restricted user mode. The program attempts to write to its' own directory rather than designated spots like the USERPROFILE directory, temp, etc.

The Palm software is only example of millions of software apps that will fail to run on a properly secured OS.

Vista has shown that there is still a lack of will (on the part of the broad user community and market) to make software vendors come in line and work with a secured OS.

Until we can come up with some way to force software developers into learning and following proper development standards and designing apps to run with restricted user rights, users will continue to run as administrators, and will be succeptible to malware that uses their credentials and logon to do things they had not intended.

I'd like to see a logo system for restricted user compliance (would need a snazzier name).

Many efforts have come out to address this:
Digital signing
Windows Logo certification
The processor based DEP protection

and they all fail because someone finds (or expects to find) a program that won't work with them, and turns off the protection so they can run everyting.

Until we can come up with a solution to the desire to make "everything" work, we will all keep going in these same circles.