Dan Geer On Trusting PCs In Botnets

walk*bound writes "In an essay published by ZDNet, security scientist Dan Geer has an interesting proposal for e-commerce sites to evaluate the trustworthiness of clients that try to connect. Assume that end users either always say 'Yes' or always say 'No' to security dialog boxes. Then make the decision one of two ways: 'When the user connects, ask whether they would like to use your extra special secure connection. If they say "Yes," then you presume that they always say "Yes" and thus they are so likely to be infected that you must not shake hands with them without some latex between you and them. In other words, you should immediately 0wn their machine for the duration of the transaction — by, say, stealing their keyboard away from their OS and attaching it to a special encrypting network stack all of which you make possible by sending a small, use-once rootkit down the wire at login time, just after they say "Yes."'"

Re:I hate niggers

          TTTTTTTTTTTTTTTTTTTTTTTTTT
          T                        T
          X  I Like Ponies!!!111!  X
          X                ,       X
          X               })`-=--. X
          X              }/  ._.-' X
          X     _.-=-...-'  /      X
          X  {{|   ,       |       X
   ______ X  {{\    |  \  /_       X
  /   O O\   }} \ ,'---'\___\      X
/        \                         X
/ _    \   \ LLLLLLLLLLLLLLLLLLLLLLL
  I\____\   \        TT
  I I I I\__/        II
   \I_I_I/_         _II
           \ _ _ _ i IIo
            \----- i_IIO
             \       LL

Please control the human population, have sex with ponies!

01001000 01100101 01101100 01110000 01100011 01101111 01101110 01110100 01110010 01101111 01101100 01110100 01101000 01100101 01101000 01110101 01101101 01100001 01101110 01110000 01101111 01110000 01110101 01101100 01100001 01110100 01101001 01101111 01101110 00101100 01101000 01100001 01110110 01100101 01110011 01100101 01111000 01110111 01101001 01110100 01101000 01100001 01110000 01101111 01101110 01111001 00100001

Dumb.

[WK2]

When the user connects, ask whether they would like to use your extra special secure connection. If they say "Yes," then you presume that they always say "Yes"

I thought this was a misquote. I checked TFA, and this is exactly what it says. This guy thinks someone who prefers secure connections is more likely to be pwned.

Re:Yes, another kdawson masterpiece.

[thatskinnyguy]

You can edit your preferences to not include kdawson in the stories you get. He does have a terrible track record as far as quality goes. I wouldn't be surprised if kdawson was just a common login name at /. that the admins use just to get our goats.

It's a joke.

[Erris]

When you pull your head out of M$ propaganda you will understand what the author is saying. You don't get the joke because you are a victim of double think and believe things that glaringly contradict each other.

The author is responding to hate mail he got for challenging the M$ party line that only idiots get 0wned.

A little over a year ago, I wrote an editorial where in back-of-the-envelope style (.pdf) I estimated that perhaps 15-30% of all privately owned computers were no longer under the sole control of their owner. In the intervening months, I received a certain amount of hate mail but in those intervening months Vint Cert guessed 20-40%, Microsoft said 2/3rds, and IDC suggested 3/4ths.

He parodies the party line brilliantly by saying:

This parallels the real world where people who get venereal diseases tend to get more than one. The reason is simple, the infections computer or cellular are side effects of behavior and consistent behavior tends toward consistent results.

and then suggesting that vendors instantly 0wn anyone who says they want a secure connection. This is not a serious suggestion, it simply point out the absurdity of blaming the user for something others so easily and frequently do. Vendors are screwed and he knows it.

The author is also pointing out how insulting it is for M$ to continue to blame the user for M$ security problems. If M$ really believes this, they must also believe that 2/3rd of their customers are idiots who and have VD. Is there any other vendor on the planet that so casually insults their customers?

Amazingly enough, the general population still believes the M$ party line. I had this argument with a co-worker the other day. He so strongly believed that it's the user's fault that he could not accept estimates by Vint Cerf or Michael Dell as accurate. Stories of corporate network dissaster are similarly dissmissed as the fault of idiots at work. More amazing than the man's inability to take in new information was the temper tantrum he threw when calmly questioned and confronted with facts. M$'s own estimates will also bounce off his otherwise bright head because it would force him to conclude that there's either a 2/3rd chance that he's an idiot or worse - he's been wrong headed and vocal for years, which is the definition of an idiot. How does M$ build such loyalty while being so abusive? Windoze security is a oxymoron and it's time the public at large understood that.

Re:It's a joke.

[Erris]

The easiest way to shut you up is to ask you to prove one of your outrageous lies.

What, like Vint Cerf and Michael Dell saying between 20 and 40% of Windoze machines are part of a botnet?, M$'s assertion of 2/3rds? Such outrageous lies. Take it back to Redmond, AC, your talking points don't work anymore.

Re:It's a joke.

[willyhill]

The reality is that even though Microsoft (or "M$" as you call them) are guilty of some really dumb security fuckups in the past, the numbers simply don't back up your angry assertions. The latest four or five botnet infection waves have spread through email attachments that require significant user interaction to take over a machine.

It doesn't really matter how many safeguards you build into the system, ignorant users will do dumb things. And when you're talking about a universe of almost a billion PCs, the odds are against everyone. What people like you always fail to mention is that a botnet does not have to be massive to do damage. Botnets usually range in the tens of thousands of machines, which is a relative drop in the bucket compared to the overall number of "Windoze" machines out there. If "M$ Windoze" was to blame, there would be half a billion machines in those botnets, and they would get 0wned the moment they were turned on. That's simply not the case.

Anyway, I was wondering about the tone and demeanor of this post and then I realized this account is actually a sock puppet of the infamous twitter. I guess it's late and I'm not thinking straight....

Re:Fool!

[zippthorne]

As far as I can tell, from my admittedly user point of view, the task manager doesn't actually kill processes. It sends them exit signals. As evidenced by the fact that, unlike every Linux distribution I've ever used, "end task" doesn't result in the immediate disappearance of any windows related to the process and the process name's removal from the process list. Only after a period of unresponsiveness does it drop ceremony and outright end the process.

In normal circumstances this is a good thing as it would allow applications to run their exit routines, saving settings, recovery files, and whatnot. But it would certainly be unwise to give malicious code the opportunity to run yet more code once you've decided to terminate it.

Are process explorer and pskill available from Microsoft (either as part of the install or as a download from microsoft's official site?) Otherwise you still run into some trust issues just to get that instant-kill functionality. Obviously, if you're running windows, you trust microsoft.

Re:That worked so well

[jonadab]

> If the person accepts it, then they're an idiot and the plugin
> battens down the OS for the duration of the transaction so that
> all the other spyware can't get at it.

That was my understanding of what the article was saying. Problem is, it's not even theoretically possible to do. If the OS is already infected, nothing you can do can, short of wiping the drive and reinstalling from scratch, can give you a clean system. You could do your transaction in a VM, but nothing stops the host system from spying on the VM.