Parasitic Paranoia

Discussion in 'other security issues & news' started by John Bull, Aug 20, 2010.

Thread Status:
Not open for further replies.
  1. John Bull

    John Bull Registered Member

    Joined:
    Nov 22, 2009
    Posts:
    904
    Location:
    London UK
    In this world of hyper-paranoia with regard to that astronomic but fictitious army of baddies who threaten our very existence with their mischief every day, I ask you, is it real or just a figment of the fertile geek imagination ?

    In my 6 years of Internet experience, keeping up with the national and local news together with knowing my own neighbourhood, I have only heard of ONE case where money was stolen from an Internet account by a Far Eastern source. The threat is negligible to Mr. and Mrs. John Doe who plonk on regardless with their mundane Internet chores day in and day out without any problems using their honky-tonk security boxes.

    Taking part in Wilders, one would get the impression that there are massive hordes of baddies just waiting for each one of us to logon so they can steal our fortunes and personal data. RUBBISH, it amounts to paranoia and an obsessive manifestation of impractical exaggeration.

    Virus`s, malware etc. - they are just part of everyday life, akin to getting a flat tyre or engine problem in a car. All they do is give a headache to the person involved - no financial loss occurs, just a pain in the butt.

    Infections are a superb discussion point for a Forum, but tend to generate an atmosphere of competition to come up with totally uneconomic solutions of ridiculous over-kill security set ups. Nobody in their right minds wants to win the "Golden Gloves" of Internet Security Award for reasons of technical vanity, just to enjoy this wonderful facility in the manner it was designed for.

    My conclusion - Super security - RUBBISH and completely unnecessary. Enjoy the Internet for what it is and what you personally get out of it.
    Compromise is the lubricant of civilisation.

    The Internet is not an exclusive arena for the Baddies and the Goodies to compete in mortal combat for a World security title. Just for the tens of millions of ordinary people to enjoy and use it the way they wish.

    QUESTION 1 : - Do you really think that the Internet is an impenetrable minefield of imminent disaster ?
    QUESTION 2 :- How many people do YOU know who have lost money through Internet criminal activity relative to the millions of users ?
    Don`t forget the "relative" bit.

    My answer :- Paranoia.

    John Bull
     
  2. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    Why do you ask?
     
  3. John Bull

    John Bull Registered Member

    Joined:
    Nov 22, 2009
    Posts:
    904
    Location:
    London UK
    Because the answer dictates the emphasis applied to the topic. It is an over-kill subject discussed at great length to the point of boredom and my post tries to explain the difference between the practicality of millions of ordinary users and the technical vanity of experts.

    The immortal law of Diminishing Returns.

    John B
     
  4. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    Maybe it's bad luck to mention, but since I got my first computer in 1997 I have had 2 viruses hit both because I was surfing the dark side, and that was in the first few years when I was ignorant. My AV and AS scans never turn up anything. :ninja:
     
  5. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    So you created a thread to discuss it some more.
     
  6. wearetheborg

    wearetheborg Registered Member

    Joined:
    Nov 14, 2009
    Posts:
    667

    Then you really havent been paying attention.

    Yes, the discussions can get very technical about all sorts of attack scenarios; but the SOLUTION is usually very SIMPLE (and free, or low cost). Once the solution is in place, the user can pretty much forget about the technicalities.

    Experts do NOT favor overly complex solutions.

    And regarding the internet threat, again, you havent been paying attention. My credit cards have been compromised several times, even though I use linux (and I believe the compromise was not from my internet end). Many people have had their Paypal accounts hacked. Many people have had their email accounts hacked, with spam sent from their accounts, and contact lists sold to spammers leading to embarassment. Many people have had their paypal/email accounts LOCKED.

    And there is the danger of identity theft. It is a big big big deal. It can, and has affected users for years; with them not being able to buy houses at decent rates, or get credit cards because some crook ruined their credit history. There are blogs on internet about user experiences.

    Last but not least, I view it my responsibility to keep my computer secure, to prevent botnets from using it to attack companies and websites. I do not wish my belongings to be used for crime.

    A little time spent on Wilders, and I can (and have) found out simple solutions to acheive my security objectives. It has been made possible by people who really understand security, why something works, and why something not, who have aspired to and then made easy to use security tools and distributed them free of cost.

    And THAT, sir, is the real value of Wilders and its participants who you have deemed to be paranoid. It is THEY who have been coming up with (near) bulletproof easy to use solutions, arising out of the "paranoid" dicussions. :thumb:
     
  7. John Bull

    John Bull Registered Member

    Joined:
    Nov 22, 2009
    Posts:
    904
    Location:
    London UK
    Yep - why not ? It is a subject that takes up a lot of time and it would be lovely to see the difference between surfing of the masses and the paranoia of experts adequately discussed.

    Are you not interested in practical and clinical comparison ?

    John B
     
  8. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    Well said :thumb:
    Could I add "and freely distribute expertise" here and elsewhere..

    @John Bull:
    Of course I have been hijacked; it's what led me to Wilders way back then.
    Nothing like seeing those hundreds of pop-ups/unders/overs appearing.. :cool:

    Id theft, credit card rorts, phishin, hijacks, latest exploits...databases hacked on a regular basis.
    We will likely never really know exactly what has happened when and to whom.

    Just last week I noticed that overnight my partners CC ws used in Dublin Ireland to buy plane tickets..while we were watching TV in Sydney Oz. !!
    WTF !!
    We have had no issues for >10yrs and then this. :mad:
    Heh: I'm responsible for our local security. :rolleyes:
    We are as a rule very careful.
    Bank refund:no problem. Bank -LOL- security system algorithm failed to detect any abnormality ...not so unusual or unexpected methinks.
    Cancel card: reissue, reorganise routine payments with new card: did it hurt us financially No, was it a pitfa: yes.

    There is realistically no way to stop this type of theft.

    A friend works at American Express: publicly all the issuers say "Big problem; we have elaborate systems in place... blah blah blah."
    Reality is: they really dont care..they regard those low level threats and theft as "pocket change" and do nothing.
    My friend suggested that the total annual theft with Am Ex cards was equivalent to less than ONE DAY of total cash flow pa for AmEx.
    Why would they care?

    @John: do you really believe the elaborate infrastructure devoted to web security is a conspiracy of some sort ??

    Do you not think that the proposition that 90%+ of e-mail being spam is evidence of the hijack of the www ??

    Do you not see the plethora of Rogue AVs as evidence of systematic extortion?

    Do you truly not believe that highly organised and creative criminal enterprises are not working angles to rort the wwweb?

    I understand u want to start a discussion, but from my perspective, your postulate reeks of hyperbole, your reasoning is specious and disingenuous, your conclusion is flawed.
    To the contrary, Mr&Mrs Doe are most at risk.

    You broached the car analogy: Think of a car accident: millions drive and never get in an accident: but making the wrong choices can be catastrophic for friends, family and innocent parties.

    You may be correct: the real pain may not be felt at individuals level ie me and my partner. The greatest damage is likely done at corporate level.

    You think you're not paying for that: think again: in the event of corporate loss who do you think will end up footing the bill ??
    Not likely to be the CEO :rolleyes:
    End users....that's You and ME.

    Dont be absurd, but, the www can be an extremely dangerous environment at many levels.

    Who gives a toss about "the relative bit" if it's their bank account. You imply you're happy to pay some sort of tithe. !!
    Which law of physics is that.
    How about:
    "The price of freedom is eternal vigilance."
    Or
    "Never seek to know for whom the bell tolls, It tolls for thee."
    or
    "No man is an island..."

    Why do you think you can live within your security bubble??
    How about : because thousands of individuals have worked hard to make it so. ??
    You've obviously had some benefit from being a member here: I'll give you one example just for the record:
    https://www.wilderssecurity.com/showthread.php?t=252951
    Do you really think Blue wrote this because of paranoia ??
    (apologies to BlueZ if I have invoked that thread inappropriately: it seemed apposite)

    We;ll have to agree to disagree on this one.

    Oh: PS here's something to have a little chew on:
    http://www.verizonbusiness.com/resources/reports/rp_2010-DBIR-combined-reports_en_xg.pdf
    Sleep well.
     
    Last edited: Aug 20, 2010
  9. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,050
    Location:
    USA
    This is Wilders Security Forums, right!? You thought there was another purpose for its existence? :D
     
  10. wearetheborg

    wearetheborg Registered Member

    Joined:
    Nov 14, 2009
    Posts:
    667
    Isnt the sole purpose of Wilders Security Forums the security of Mr Paul Wilders?:blink:
     
  11. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I can't add much more than that, John. You know me, I'm not one to shake in a corner at the thought of super duper malware hitting me. But, there's a difference in not believing that every bad guy is out to get you and logging on to your computer is sufficient enough to get you slammed. But, as stated in Longboard's post, there is a real, massive problem out there, and current laws are not able to deal with it yet. That doesn't mean you are going to be hit by any of it (though what was said about corporate losses being handed down to customers is quite true), but not getting hit doesn't mean it doesn't exist.
     
  12. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,050
    Location:
    USA
    It must be, and I'd say it's working. I'm sure the bad guys have no idea where he is hiding. ;)

    But seriously, paranoia sells. And as long as companies the size of Symantec (and others, not just picking on them) can make a regular income of it, they have no intention of seeing it stop any time soon. If they ever released a product the solved the problem, it would be the last thing they did. o_O
     
  13. ABee

    ABee Registered Member

    Joined:
    Jun 2, 2010
    Posts:
    330
    And how do we "adequately discuss" that particular topic, I wonder?

    Would it be similar to an 'adequate discussion' of the difference between an accountant or schoolteacher choosing a car at the local new car dealership lot, and a NASCAR driver's "paranoia" of slamming into the wall at Indy doing 200 mph?
     
  14. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    One cannot deny that unscrupulous people, also known as thieves, are always looking for their next mark. How they get their payload is unimportant. They will use the internet to do so if they can. It is not something one should doubt, because plain and simple if there is a way to profit, it will be exploited.

    With such undeniable truths like that, it warrants that someone who uses the computer also have a measure of wisdom and caution to do so. You would not give a hitch-hiker your credit card number, so why would you give it to some website that you don't know or trust. If you want to give your credit card number, you should be the one asking for services, not them contacting you out of the blue asking for it. This is common sense obviously. Still, the same as you lock your car and house to prevent theft, the computer is no different. How many times have you been robbed at home? None? Me too. But that does not change the fact that a thief would not do so if it was desirable to him.

    While relatively few people of the total population using the internet will be stolen from, what is more likely to happen that also requires some wisdom and caution is inconvenience. We naturally don't want keyloggers or trojans trying to take our personal data or PIN numbers, but we probably stand more risk of contracting some virus/malware that is meant to do nothing but cause problems. These aren't the thieves, they are the bullies of the world. The trouble makers who cause trouble for no reason other than they can and you can't do nothing to stop them.

    Most people here I will imagine are more interested in not being inconvenienced with a virus/malware that disrupts what they do and causes many of them to have reinstall or pay someone to fix thier machine. Learning about security is a weapon that you can use against the bullies and thieves, the same as owning a gun, a watchdog, a security system, etc.

    It seems to be natural, once you start educating yourself, to find that there are more holes in your defense than you first thought. It moves beyond just putting a lock on the door, because you learn about all the windows and faulty locks that exist, with more added to the list everyday. Becoming 'paranoid' is a very easy thing to do.

    There are real risks, real people out there who want to benefit from you, illegally. Simply gaining the knowledge about the most common methods used against you drastically reduces their chances. Staying alert is needed, and it also can cause you to become too alert - paranoia. It is a sign that you are on the watch. At some point you let your guard down, because you tire of being in the paranoid state after some time, at least most people do. And what I think typically happens after you relax a little is that you will no longer fall for the easy tricks, even when relaxed. You become more secure simply because you have knowledge. You might eventually be stolen from, but the odds are against it.

    The risks are real, but over-stated. Doing nothing is not good. Doing too much, is it good? It depends on whether you learn anything or not. It can be or it can become something that spins out of control. The people who would make money to stop the thieves would have you be paranoid forever, because it drives their profits. It is a carefully balanced game, the thieves on one side hoping you don't wise up, the businesses on the other hoping you will remain scared. The media in the middle loving the attention it gains by exploiting your fear. Sites like this, where you can actually learn how to defend yourself, sometimes without the use of a paid for tool, is what I am sure none of them like, and also what is best for you.

    Some people (maybe someone who is reading this ;) ) find that they like the guns and watchdogs and alarm systems. They go beyond needing to use them, and become fascinated with the myriad of ways one might use anything, even a piece of wood, to defend themselves. They constantly play and experiment, simply because they enjoy it. Are they paranoid still? lol, probably not, they just like the security gizmos.

    Sul.
     
  15. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,877
    Location:
    New England
    I'm going to add a more generic reply regarding "people getting their systems infected" in general, not focusing on how seriously. They may be as light as merely getting some unexpected popups, to as heavy as keyloggers resulting in lost CC numbers, bank account exploitation and so on.

    Let's look at some malware cleanup forums and their stats:

    Bleeping Computer - over 120,000 infection topics, spread over two help sub-forums.

    GeekToGo - over 100,000 infection cleanup threads in their top forum section.

    SpywareInfo - over 60,000 infection topics.

    These are just a few of our friends forums, and they are not massive websites. There are a huge number of such forums on the web, containing countless millions of "help me, I'm infected" threads. Infections are very real and happen everyday to all kinds of people.

    I'm not saying this is exactly what John is talking about above, but, sometimes people post here that infections are not really happening and that it's hype from the security industry. They quote how they've actually tried to get infected and can't. But, as forums like those above show, these things really happen. And, think about this... those are just people who are trying to clean their computers and doing it themselves. We all know there are large numbers of home PCs taken over as part of botnets, (a critical Internet issue because of DDoS which are very real), or for sending bulk spam, and the PC owner doesn't even realize it! Also, there are those who would never try to clean it themselves, but who take their PC to computer shops for repairs. That is a huge business. It wouldn't be if this wasn't a serious problem.
     
  16. chrisretusn

    chrisretusn Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    1,322
    Location:
    Philippines
    QUESTION 1 : - Do you really think that the Internet is an impenetrable minefield of imminent disaster ?
    No.

    QUESTION 2 :- How many people do YOU know who have lost money through Internet criminal activity relative to the millions of users ?
    No one personally.
     
  17. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    It is an economic principle, best explained

    Horse = 1BHP
    T-ford = 16 BHP (or 4 times the price of a horse gives me 16x the output great, so the leverage factor = 4)
    Modern average car = 100 BHP for 15 times the price of a horse = 100/15 = leverage 6.6
    Modern top brand car with 170BHP for the price of 30 horses = leverage 5.6
    Modern luxury premium brand car with 200 BHP for the price of 40 horses = leverage 5
    Ferrari 2010 version with 500 BHP for the price of 200 horses = leverage 2.5

    In ICT there is another law, stating that roughly every two year the performance doubles, while price drops 50%
    Just have a look at GPU and CPU performance versus pricing. In the example above the Ferrari 2012 woud provide 1000 BHP against the price of 100 horses, giving a leverage of 10. As shown with the example this has awkard effects on law of deminishing returns.

    In security you can get a lot of stuff for free which was paid say 5 years ago. Zero-ing out of the price makes the law of deminishing returns even stranger: 16BHP devided by zero = infinitive, 100BHP devided by zero = infinitive also
     
    Last edited: Aug 21, 2010
  18. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Regarding the part about Computer Infections: they result from two broad attack vectors,

    • Remote Code Execution - driveby downloads, etc
    • User installs "rubbish" (term courtesy of MrBrian)
    I haven't perused the hijack forums in a long time that LowWaterMark refers to, but in years past, the super-majority of infections fell into the second category. This is supported by bloggers at f-secure and Prevx, for example, who stress that the social engineering exploits are the most prevelant.

    Such as this post by Marco almost two years ago:

    http://www.prevx.com/blog/109/The-goal-of-antimalware-products.html
    December 16th, 2008
    Posted by: Marco Giuliani
     
  19. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,029
    Location:
    Lloegyr
    I think some paranoia can pay off.

    I got interested in security when I realised that my Norton AV (with my ISP) was not performing its quick scan properly. After some conversations on Symantec's boards about Norton's 'CARNY_RIDE' quick scan bug I decided to download SUPERAntiSpyware. I think I downloaded SpywareBlaster & Spybot at about the same time.

    One day while I was surfing Russian journals utilising SeaMonkey's (Google) translator, Google informed me that my computer had been compromised with malware. I had no adblocker in SeaMonkey at that time (I should have used K-Meleon's translator) & I'm pretty sure this contributed to my getting infected.

    Anyway, SAS found a trojan that Norton & Spybot missed. I think I joined Wilders at about that time.

    It was just ignorance that got me infected, ignorance of how badly many Eastern European sites suffer from malware & basic security ignorance. I thought I was safe with Norton & as I don't bit torrent or download from crack sites I should be OK.

    My set-up is simple but effective now, Hard & software firewalls (router/hub & WF), an AV (MSE), SAS & SpywareBlaster. Browser security ~ WOT, NoScript, JS white-listing (Chrome), ABP, Ghostery.

    And a large slice of common-sense.
     
  20. ABee

    ABee Registered Member

    Joined:
    Jun 2, 2010
    Posts:
    330
    How about this:
    Plenty of infections actually do happen, AND the security/AV industry hypes things to the max.

    No less a luminary than Vint Cerf once stated that a full 25% of all computers are part of a bot. Sorry, but that simply doesn't pass the 'smell test'.
    Yet plenty of machines are in fact infected, and some of those machine are also part of a bot network.

    I've never heard a single reasonable person claim that "infections are not really happening". Ever.
    On the other hand, it's in the AV industry's best interests to over-estimate the level, probability, and possibility of infection. A user living in high fear of being infected is going to spend a lot more money on security products than a user with a low fear of being infected.
    Most certainly the AV/security industry is aware of that.
     
  21. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    That logic just doesn't wash. Think about it, let's just change what we're "counting": How many people do YOU know who have been murdered relative to millions of people in the population?

    See? I personally don't know anybody who has lost their life to a killer. But, that doesn't mean murder is not a possibility, and reading the news, a crime that is one of those "surely it won't happen to me" kind of things. It happens and because of it, we lock our doors, some carry concealed weapons w/permit, etc.
     
  22. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    Your comments got me to thinking. After only 10 minutes, I have come up with 4 people I know who have been murdered (in unrelated cases). I also know 3 people who have killed someone, and I'm not talking in military situations. If I spent more time pondering, I could probably double those figures easily. And I bet there are even more cases where people I know got murdered (or were murderers), but I don't know about it.

    Likewise, I also know people who have had their identities stolen and people who have had sums of money stolen via the internet (scams and fraud).

    As for the thread topic concerning paranoia, I think it goes without saying that it is healthy to be aware. There is no doubt in my mind that there are a great many individuals who will try to take what isn't theirs, be it a life, or a bank account, or ownership of an operating system.

    The operative word being try, it naturally pays to take steps to protect yourself, and it is kind of fun, too... as I slide three shells into the 12 gauge, pat Big Dog on his head, and manually update the AV. ;)
     
  23. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    Someone from San Francisco may be able to confirm whether the event alluded to by the top hits from a search done on "tara +dell +mumbai" actually happened or whether it's just urban legend.

    Though I'm in the city of Mumbai, I can't confirm or deny one side of the story :oops: .
     
  24. korben

    korben Registered Member

    Joined:
    Nov 5, 2009
    Posts:
    740
    I thought I was getting paranoid-android syndrome but then cam Nov 2009 and my fear of being watched and stolen from grew substentially lol

    But with great fear great tools to fight it came...

    with you, lil helpers too, cause your role cannot go unnoticed
     
  25. ABee

    ABee Registered Member

    Joined:
    Jun 2, 2010
    Posts:
    330
    Guarantee it that one's true. Too weird not to be.

    'Truth is stranger than fiction', as they say.
     
Thread Status:
Not open for further replies.