Microsoft report: Users responsible for half of all infections

Discussion in 'other software & services' started by newbino, Oct 15, 2011.

Thread Status:
Not open for further replies.
  1. newbino

    newbino Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    377
    www.h-online.com
     
  2. wat0114

    wat0114 Guest

    This doesn't surprise me at all.
     
  3. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Not suprised at all,Many happy clickers out there.
     
  4. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,030
    Location:
    Lloegyr
    WYCIWYG (What You Click Is What You Get)? Personally, I would have thought compromised flash adverts &/or drive-bys were the most common means of infection.
     
  5. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,248
    Location:
    Chaotic Land
    The click happy clan lol
     
  6. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Whether it's user initiated or not it's still entirely Microsofts fault.
     
  7. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    I'll be brave and suggest that users are responsible for 99+% of infections.

    The conficker worm is a good example:

    • Infected Users didn't install the patch (MS08-067) which had been released a couple of months before Conficker emerged on the scene

    • Infected Users on networks used silly passwords such as "qwerty" and "password" and common sequences of numbers/letters. The reason we know this is because Conficker contained a hardcoded list of such passwords with which it brute forced its way down the network chain.

    • Infected Users didn't properly configure Autorun (dangers of which have been known since Win9x days)

    • Infected Users didn't have proper protection in place to prevent unauthorized executables from installing.

    Some of the most common drive-by attacks involve JAVA, FLASH, and PDF exploits:

    • Infected Users didn't have the software up to date

    • Infected Users didn't have the browser properly configured to prevent such exploits from automatically running

    • Infected Users didn't have proper protection in place to prevent unauthorized executables from installing

    Don't you think these remote code execution (drive-by) exploits are really the easiest to protect against? (I think the social engineering tricks are much more problematical to deal with.)

    The big problem, of course, is that most users have not been educated about securely protecting against such drive-by exploits.

    Whether or not this is really a user or vendor responsibility can be debated for ever. All software is potentially vulnerable. Didn't some Apple mobile device recently patch 100 vulnerabilities?

    Nonetheless -- severe as it may seem to say -- don't users do have a responsibility to become informed about the risks involved with any product they purchase?

    That's not easy to do, I'll admit, but when all is said and done, "Ignorance of the Law Is No Excuse" (as motorists are told as they pay their fine).

    regards,

    -rich
     
  8. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,422
    Location:
    New Mexico, USA
    I don't know the percent, but I can speak for several people. My wife and two neighbors.

    If something pops up, they panic and immediately allow it without even considering. No matter what you tell them or try to show them, it's a panic reaction.

    My wife and I have computers about 10 feet apart. The last time she was infected, something popped up. She jumped and instantly allowed it, and THEN asked me about it. The warning was gone and whatever it was was doing it's thing.

    I don't know if this kind of thing can be fixed.
     
  9. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    One thing that works is to set up the system either with a policy or product that blocks installation of unauthorized executables.

    If they are tricked into clicking, if the installation of some malware attempts, a message will appear, such as this by Software Restriction Policies:

    [​IMG]

    If they understand that nothing should install unless they have specifically looked for it, they won't allow it. This is better than just hoping they won't panic and click.

    regards,

    -rich
     
  10. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I gotta disagree here. Yeah, MS designed a rather poor system from a security standpoint, but still, there are enough reports, articles and so on explaining simple ways to keep safe, and most still ignore it. MS can't force you to use your head, Hungry. However, again, the design of Windows indeed did enable these "happy clickers".

    I said it in the other thread regarding zero days, at some point users have to stop passing the buck on to others and accept responsibility too.
     
  11. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    They should not force anyone to use their head. The head should not even come into play here.

    Security falls onto the operating system and NOT the user.
     
  12. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    So when numbnut clicks on a blinking ad because he wanted a free iPhone, MS is at fault? Yes Hungry, I know numbnut got pwnt because of a hole, but should numbnut have known better than to click on it? Me thinks yes :D Believe me, I think they did a poor job of designing the thing. All these services running or even existing, rights elevations, programs having to need admin privileges to install (this is a problem with software devs though, they still insist on admin rights when they don't really need it).

    But, users don't have any choice but to use their head. This "Let someone else deal with it" mentality is causing a lot more problems than it needs to.
     
  13. cozumel

    cozumel Registered Member

    Joined:
    May 23, 2009
    Posts:
    260
    Location:
    London, UK
    I don't think that is what the average user want from their OS. They just want to point, click and the OS to do the rest. Is that MS's fault? Probably. They created over a period of time, an OS that gradually dumbed down everything, that requires little thought from the user and now we have a vicious cycle.
     
  14. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Absolutely.

    Microsoft knows that social engineering is a huge issue. They should deal with it accordingly.

    Integrity levels are a great start but they really need something more powerful. When I install something like CoreTemp it's basically given access to touch any part of my computer during installation, which is ridiculous. Something like Java has to run at medium integrity, which is partly on Oracle, but Microsoft shouldn't have an all or nothing system. I should be able to stop Java from accessing my folder full of personal emails for example but I can't prevent read access to Java for a specific path. That's a tool that should be built in.

    Of course there are some things policy can't defend against. You can write a simple script that'll ask for a users credit card etc and you can sandbox it all you like they might still enter it in. For this you need something like heuristics, which can be incredibly effective like in spam filters. The current problem with heuristics is that:
    1) It doesn't do well with image recognition
    2) It's being applied to all malware and malware at the moment is very much like a legitimate installer.

    If you have proper policies heuristics can then be implemented much better and #2 is solved.

    At the moment users need to be educated. That's a huge failure on MS's part. There ARE steps that can be taken to protect a user from socially engineered malware and even 0day vulnerabilities. They just don't take them. Instead they use really gimmicky ideas like app-reputation, which I'm sure will be turned off by most and circumvented by malware in the end.
     
  15. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Oh and then there are issues with the certificate system. Again, an all or nothing system. Something is either trusted or untrusted. This doesn't work. Certificates should have levels as well.
     
  16. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,030
    Location:
    Lloegyr
    ROTFL! God save us from numbnut!

    Unfortunately, many average users have very little knowledge of computers & aren't members of forums like this one. Most people I speak to think that merely by having an AV they are immune to any virus. Most also think my seeming preoccupation with computer security is bordering on the obssesive or paranoid. At best it is seen as a bit 'anorak'.
     
  17. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,030
    Location:
    Lloegyr
    I think that eloquently sums it all up. ;)
     
  18. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Socially engineered malware is so prevalent because malware creators know that users can't make proper decisions.

    For some reason Microsoft looks at this data and thinks "Ok, users are installing malware. Let's give them more decisions to make!"

    Microsoft should always assume that the user will make the wrong decision. That's how proper policy gets put in place.
     
  19. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,856
    Yeah and in other news the grass is green. :D
     
  20. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Congradulations! you one a Free Laptop Click Here to claim your prize. I wonder how many clcik away,I bet a lot do.
     
  21. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,248
    Location:
    Chaotic Land
    Don't forget the sky is blue, I think :D

    Oooh a free laptop, I want one. Click, ooops. :D
     
  22. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Whats to good to be true usually is and people know this, yet they still click.Who was it that said numbnut.
     
  23. guest

    guest Guest

    If Microsoft force people, people complain. If Microsoft doesn't force people, people still complain.

    ROFL! Care for you, try to forget the others a little (sometimes).

    Microsoft is doing all it can to balance things up, adding MSE, Secure Boot, SmartScreen, Reputation filters, ASLR, DEP, UAC, Patch Guard, Windows Firewall, Protected Mode, Windows Backup, Action Center, this, that, etc etc.
     
  24. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Less than half? I thought it's far more.
     
  25. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,007
    a windows app store will solve some of the problems let me explain.
    what I ve learned about my customers is that they normally do windows update but dont do third party updates. if flash player,java,quicktime,vlc,itunes etc could all be updated from one interface most users would update third party software as well as windows itself.
    blaming microsoft for users getting infected is like blaming ford for a ford driver crashing in to someone. is someone gonna say its the manufacturers fault if you pour boiling water from a kettle on to your hand?
    if someone doesnt apply the updates microsoft provides to secure the os its the users fault if they get infected by an exploit. IMHO people need to take responsibility for their own actions.
     
    Last edited: Oct 16, 2011
Loading...
Thread Status:
Not open for further replies.