Most Web Users Unable to Spot Spyware
Ben writes "According to a Spyware Quiz conducted by McAfee SiteAdvisor , a staggering 97% of Internet users are just one click away from infecting their PCs with spyware. One interesting conclusion from this study showed that even users with a high "Spyware IQ" have a nearly 100% chance of visiting a dangerous site during 30 days of typical online searching and browsing activity."
McAfee will sell me the software to help save me.
But Mac and Linux users comprise more than 3% of Internet users!
The quiz in question has you choose which of two sites, based on screenshots, has spyware. The sites were all for things like screen savers, song lyrics, and free game downloads. That is a terrible, terrible way to judge a users capability to determine if something has spyware.
One interesting conclusion from this study showed that even users with a high "Spyware IQ" have a nearly 100% chance of visiting a dangerous site during 30 days of typical online searching and browsing activity.
Sure, we like to visit places like http://www.cracks.am, who actually write their own spyware. But I am not so sure that qualifies me as ever installing any of their garbage.
"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
The correct way to look at it is to say that it only takes a split second of distraction to get a machine infected.
This is just like a "spot the phishing email" quiz I saw. Just looking at a picture gives you no context. Did you get the link from a reliable source? What OS/browser are you running. (I'm definitely more willing to check out something suspicious in Safari than Internet Explorer.) Are you dumb enough to download and run something from the site.
It contains no technical information or interactivity whatsoever. No status bar information, no ability to view page source, just screen grabs of random web sites.
This is a completely invalid, unsound test, as there is no technical way to determine the presence of malicious software simply by looking at a page as it initially loads in the absence of any ability to interact with it or at the very freaking least scroll up or down or hover a mouse... sheesh...
It's like blindfolding someone and then blaming them for not being able to catch a baseball pitch, facing away from the thrower, with their bare hands. Of course they won't be able to, if you take away every single useful tool for them to accomplish the task.
STOP . AMERICA . NOW
This quiz doesn't measure anything. Where's the option for "Both of these look suspicious and I wouldn't go near either of them"?
The quiz (http://www.siteadvisor.com/quizzes/spyware_0306.h tml) asks questions like "Which of these smiley download sites is safe?" The answer I'd pick is "I don't care which one is safe, I wouldn't ever download something so pointless and high risk to begin with", but that option isn't available.
Most www users are not geeks and cannot tell the boundary between their computer and the internet, let alone know how to drive a hosts file etc. Any advice of this form is completely useless to most www users. If the computer says "click on this" they will. Don't expect them to tell the difference between something from MS or the OS and a phishing scheme or other attack.
It is also not reasonable to say that people should know this stuff to use the www. Nonsense! Do you need to know the difference between a knit and purl stich to wear a sweater? Do you need to know what advance and retard are to drive a car? Why the hell should you know what a hosts file is to use the www?
Engineering is the art of compromise.
I took my usual paranoid route. For the first four questions, I didn't select either site (which, as it asks which site you trust, seems to me to implicitly state that I don't trust either site). For the last four sites, I specified that all of them potentially had spyware.
My result? Well, acccording to this "survey" I only scored 3 out of 8, as my not trusting sites which didn't have spyware (as they could find) counted against me, and I distrusted one site which the survey claims has no spyware. So apparantly, because I don't trust ANY of the 8 sites referenced in the survey, I'm "At Risk", and my "...answers would have infected your PC with adware and spyware many times over.".
Uh huh. Not trusting any of the 8 sites is putting me at risk? Spyware and adware many times over? Let's ignore for a moment that I'm running Mac OS X, and that I wouldn't visit any of those sites in the first place, and don't download screensavers, wallpapers, or smilies, but apparantly according to SiteAdvisor my distrust of all their sites puts me at risk.
And that right there is enough to tell you the quality of this so called "survey".
Yaz.
A sibling to this post points out it only takes a split second of carelessness. This is literally true.
The combination of
- Internet Explorer and several silent install vulnerabilities (are you sure they're all gone? Is everybody's IE up to date?)
- The user, and thus IE, running as Administrator (OR any priv. escalation exploit), and
- bots that register typo-domains en masse
adds up to a situation where a single innocuous typo in your Location bar could trigger a rootkit install.For this reason, I consider IE mortally dangerous, and until we go for some period of years without seeing a silent install vulnerability, I won't lift this assessment. This has nothing to do with hating Microsoft, and shouldn't be dismissed as such; I think it's a perfectly rational assessment of the situation. I think the only thing stopping more people from seeing it this way is the fact that most people are dependent on Microsoft and simply don't want to see something that means they are going to have to do a lot of work to switch.
I don't think Firefox has had a "silent install" vulnerability yet. Corrections welcome. It's just too darned easy to get infected, and all the anti-virus software, software firewalls, and spyware detection software is just closing the barn door after the animals escaped, especially as the rootkits are passing the point where you can even pretend to remove them without a full re-load of the OS from the bottom. (And it's only a matter of time before the rootkits go back to the old trick of infecting all executables like the viruses of the olden days, so you have to completely rebuild the machine from scratch...)
(I remember there was some changes made to the extension download process to make it harder to mindlessly click through, but I'm not counting that. I would consider a silent extension install to be a silent install vulnerability, because extensions get full access to the machine. The same for an install process that isn't "silent", but isn't able to be stopped short of cutting power to the machine; ISTR an ActiveX vuln that had the behavior of installing even if you said "no" to the trust dialog.)
Using host files to avoid certain sites is a kludge.
... better solution designed for the purpose of filtering (if one exists).
While it may be simple and effective, the hosts file is not the right place to block access to certain sites.
Blocking should be done by the browser itself or by a firewall, proxy, or some other software gatekeeper expressly designed for the purpose. Such an agent is theoretically able to perform a multitude of functions related to site blocking, such as temporary unblocking, content filtering (ie allow the HTML through but nothing else, or strip out javascript, or whatever), authentication for unblocking, management of blocked groups (eg separate black lists for porn, spyware, anti-chinese-government content).
Hosts files don't allow any of these functions, and are easy to bypass by using an ip address instead of a domain name. By skewing their function into a server filter, you are more likely to run into problems and frustrations, esp when you also want to use the hosts file for its intended purpose - to map names to ip addresses. It's going to be pretty annoying when someone makes a typo in the hosts list and you can no longer get to some site because the "connection was refused".
In short... Hosts file as a filter is an effective kludge for now, but a better solution is to use a
The only other thing I'd add to your comments is that the presence of a forum seems more likely to indicate safety. Most of the "safe" sites had a forum section, most of the "unsafe" sites don't. Obviously this isn't a hard and fast rule, but a forum where people can complain about the spyware they just downloaded would tend to scare prospective victims away.
This "loopback evil sites host file" is fine as far as it goes, and I've recommended this as part of a prevention strategy for clients before.
However, the notion of "trusted web sites" is bogus and dangerous (e.g. in web site security, "evil sites are not to be trusted" may be true, but the converse is not necessarily true -- web sites that are not known to be inherently evil are also not "trusted". Companies that build them and run them and put them on the internet for you to puruse don't even trust them. They put them on "sacrificial hosts" in a "DMZ". The *owners* of these web sites don't trust them. Why should anyone else?
The notion of the "trusted web site" is dead. Stone cold it's not pining for the fjords because if it hadn't been nailed there it would be pushing up the daisies, dead.
If you mod me down, I shall become more powerful than you could possibly imagine.
The reason is simple. The test is loaded.
You are asked to choose between various free sites and have to judge just buy a screenshot wich one is save. That of course is very hard to do. Worse is that you can't choose the answer "none of the above" wich I think is the only real answer.
Frankly I wouldn't trust any screensaver or smiley site. Period full stop end of story.
Oh and as for people using virus scanners. Well yeah. Because others have hit them over the head and tied them to a chair and then installed the virus scanner for them and then trained them with a cattle prod not to remove it. They still go out of their way to make live hard for the virus scanners and still basically just get it.
Virus scanner == safety belt. Wearing a safety belt doesn't make you a safe driver.
It only takes common sense to keep your machine clean. Right the same common sense that tells you to limit your speed in dangerous road conditions?
Common sense is a misnomer because whatever it is it sure as hell ain't common.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.