Microsoft report: Users responsible for half of all infections

www.h-online.com

 

This doesn't surprise me at all.

 

Not suprised at all,Many happy clickers out there.

 

WYCIWYG (What You Click Is What You Get)? Personally, I would have thought compromised flash adverts &/or drive-bys were the most common means of infection.

 

The click happy clan lol

 

Whether it's user initiated or not it's still entirely Microsofts fault.

 

I'll be brave and suggest that users are responsible for 99+% of infections.

The conficker worm is a good example:

• Infected Users didn't install the patch (MS08-067) which had been released a couple of months before Conficker emerged on the scene
  
  
• Infected Users on networks used silly passwords such as "qwerty" and "password" and common sequences of numbers/letters. The reason we know this is because Conficker contained a hardcoded list of such passwords with which it brute forced its way down the network chain.
  
  
• Infected Users didn't properly configure Autorun (dangers of which have been known since Win9x days)
  
  
• Infected Users didn't have proper protection in place to prevent unauthorized executables from installing.

Some of the most common drive-by attacks involve JAVA, FLASH, and PDF exploits:

• Infected Users didn't have the software up to date
  
  
• Infected Users didn't have the browser properly configured to prevent such exploits from automatically running
  
  
• Infected Users didn't have proper protection in place to prevent unauthorized executables from installing

Don't you think these remote code execution (drive-by) exploits are really the easiest to protect against? (I think the social engineering tricks are much more problematical to deal with.)

The big problem, of course, is that most users have not been educated about securely protecting against such drive-by exploits.

Whether or not this is really a user or vendor responsibility can be debated for ever. All software is potentially vulnerable. Didn't some Apple mobile device recently patch 100 vulnerabilities?

Nonetheless -- severe as it may seem to say -- don't users do have a responsibility to become informed about the risks involved with any product they purchase?

That's not easy to do, I'll admit, but when all is said and done, "Ignorance of the Law Is No Excuse" (as motorists are told as they pay their fine).

regards,

-rich

 

I don't know the percent, but I can speak for several people. My wife and two neighbors.

If something pops up, they panic and immediately allow it without even considering. No matter what you tell them or try to show them, it's a panic reaction.

My wife and I have computers about 10 feet apart. The last time she was infected, something popped up. She jumped and instantly allowed it, and THEN asked me about it. The warning was gone and whatever it was was doing it's thing.

I don't know if this kind of thing can be fixed.

 

One thing that works is to set up the system either with a policy or product that blocks installation of unauthorized executables.

If they are tricked into clicking, if the installation of some malware attempts, a message will appear, such as this by Software Restriction Policies:



If they understand that nothing should install unless they have specifically looked for it, they won't allow it. This is better than just hoping they won't panic and click.

regards,

-rich

 

I gotta disagree here. Yeah, MS designed a rather poor system from a security standpoint, but still, there are enough reports, articles and so on explaining simple ways to keep safe, and most still ignore it. MS can't force you to use your head, Hungry. However, again, the design of Windows indeed did enable these "happy clickers".

I said it in the other thread regarding zero days, at some point users have to stop passing the buck on to others and accept responsibility too.

 

They should not force anyone to use their head. The head should not even come into play here.

Security falls onto the operating system and NOT the user.

 

So when numbnut clicks on a blinking ad because he wanted a free iPhone, MS is at fault? Yes Hungry, I know numbnut got pwnt because of a hole, but should numbnut have known better than to click on it? Me thinks yes Believe me, I think they did a poor job of designing the thing. All these services running or even existing, rights elevations, programs having to need admin privileges to install (this is a problem with software devs though, they still insist on admin rights when they don't really need it).

But, users don't have any choice but to use their head. This "Let someone else deal with it" mentality is causing a lot more problems than it needs to.

 

I don't think that is what the average user want from their OS. They just want to point, click and the OS to do the rest. Is that MS's fault? Probably. They created over a period of time, an OS that gradually dumbed down everything, that requires little thought from the user and now we have a vicious cycle.

 

Absolutely.

Microsoft knows that social engineering is a huge issue. They should deal with it accordingly.

Integrity levels are a great start but they really need something more powerful. When I install something like CoreTemp it's basically given access to touch any part of my computer during installation, which is ridiculous. Something like Java has to run at medium integrity, which is partly on Oracle, but Microsoft shouldn't have an all or nothing system. I should be able to stop Java from accessing my folder full of personal emails for example but I can't prevent read access to Java for a specific path. That's a tool that should be built in.

Of course there are some things policy can't defend against. You can write a simple script that'll ask for a users credit card etc and you can sandbox it all you like they might still enter it in. For this you need something like heuristics, which can be incredibly effective like in spam filters. The current problem with heuristics is that:
1) It doesn't do well with image recognition
2) It's being applied to all malware and malware at the moment is very much like a legitimate installer.

If you have proper policies heuristics can then be implemented much better and #2 is solved.

At the moment users need to be educated. That's a huge failure on MS's part. There ARE steps that can be taken to protect a user from socially engineered malware and even 0day vulnerabilities. They just don't take them. Instead they use really gimmicky ideas like app-reputation, which I'm sure will be turned off by most and circumvented by malware in the end.

 

Oh and then there are issues with the certificate system. Again, an all or nothing system. Something is either trusted or untrusted. This doesn't work. Certificates should have levels as well.

 

ROTFL! God save us from numbnut!

Unfortunately, many average users have very little knowledge of computers & aren't members of forums like this one. Most people I speak to think that merely by having an AV they are immune to any virus. Most also think my seeming preoccupation with computer security is bordering on the obssesive or paranoid. At best it is seen as a bit 'anorak'.

 

I think that eloquently sums it all up.

 

Socially engineered malware is so prevalent because malware creators know that users can't make proper decisions.

For some reason Microsoft looks at this data and thinks "Ok, users are installing malware. Let's give them more decisions to make!"

Microsoft should always assume that the user will make the wrong decision. That's how proper policy gets put in place.

 

Yeah and in other news the grass is green.

 

Congradulations! you one a Free Laptop Click Here to claim your prize. I wonder how many clcik away,I bet a lot do.

 

Don't forget the sky is blue, I think

Oooh a free laptop, I want one. Click, ooops.

 

Whats to good to be true usually is and people know this, yet they still click.Who was it that said numbnut.

 

If Microsoft force people, people complain. If Microsoft doesn't force people, people still complain.

ROFL! Care for you, try to forget the others a little (sometimes).

Microsoft is doing all it can to balance things up, adding MSE, Secure Boot, SmartScreen, Reputation filters, ASLR, DEP, UAC, Patch Guard, Windows Firewall, Protected Mode, Windows Backup, Action Center, this, that, etc etc.

 

Less than half? I thought it's far more.

 

a windows app store will solve some of the problems let me explain.
what I ve learned about my customers is that they normally do windows update but dont do third party updates. if flash player,java,quicktime,vlc,itunes etc could all be updated from one interface most users would update third party software as well as windows itself.
blaming microsoft for users getting infected is like blaming ford for a ford driver crashing in to someone. is someone gonna say its the manufacturers fault if you pour boiling water from a kettle on to your hand?
if someone doesnt apply the updates microsoft provides to secure the os its the users fault if they get infected by an exploit. IMHO people need to take responsibility for their own actions.