Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Desktop Security Battle May Be Lost

Posted by kdawson on from the deploy-the-tinfoil-hats dept.

Trailrunner7 writes in with a Threatpost.com article that begins: "For years, security experts, analysts and even users have been lamenting the state of desktop security. Viruses, spam, Trojans and rootkits have added up to create an ugly picture. But, the good news is that the desktop security battle may be over. The less-than-good news, however, is that we may have lost it. Jeremiah Grossman, CTO of WhiteHat Security, said Thursday that many organizations, particularly in the financial services industry, have gotten to the point of assuming that their customers' desktops are compromised. And moving forward from that assumption, things don't get much prettier." It goes on to speculate about home routers being targeted and infected.

9 of 389 comments (clear)

  1. Though the Times They May Look Grim ... by eldavojohn · · Score: 5, Funny

    The Desktop Security Battle May Be Lost

    No, you must have hope! We just need to hold them off a little longer until Gandalf the White Hat shows up on Shadowfax Machine.

    --
    My work here is dung.
    1. Re:Though the Times They May Look Grim ... by Z00L00K · · Score: 5, Interesting

      The major problem we actually are suffering from is that the world depends way too much on a single environment. And that environment is a kludge.

      I'm not saying that Linux is much better - just somewhat better since it isn't as integrated as Windows.

      As for losing the battle - this is a battle you only lose when you give up. As long as you persist you won't lose. You may get some beating now and then, but that's not a big issue since you can come back.

      --
      If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
    2. Re:Though the Times They May Look Grim ... by jemtallon · · Score: 5, Informative

      If you'd have read the article, you'd know that home networks are the new frontier for hackers and a big reason why security experts are giving up the desktop fight to focus on the network instead. From the article: "... it won’t matter if PCs are disinfected, swapped out, or replaced with iPads, the bad guys are still control because they own the network below." So the old Blame Windows standard won't work in this case.

    3. Re:Though the Times They May Look Grim ... by Anonymous Coward · · Score: 5, Insightful

      teach them not to click yes blindly to every pop-up box without reading it, teach them not to fall for every phishing attempt under the sun

      You cannot teach them something they do not want to learn. Users don't want to think about the pop-up box they just want it out of the way. Unnecessary dialogs have trained them to just click Yes or OK and get on with what they were doing. Horridly lengthy and unreadable EULA's have trained them to just scroll down and click Accept. Installers with too many pages have trained them to just keep clicking next till it says it's installed (something those insidious toolbars that are checked on by default take full advantage of).

    4. Re:Though the Times They May Look Grim ... by Dorkmaster+Flek · · Score: 5, Informative

      Telus gave us this really crappy DSL/Wireless router. I never changed the admin password (admin/telus) on it, but I put a wireless password on it.

      To quote the Mythbusters, "Well there's your problem!"

      --
      I like to think of online DRM as something akin to a college -- you pay for lessons until you learn something.
    5. Re:Though the Times They May Look Grim ... by apparently · · Score: 5, Informative

      ^that looks to me more like wondering about a "what if?" hypothetical scenario, not something which actually takes the blame from Windows just yet...

      The article states "These are all reasonable assumptions based on real-world attacks that have been going on for some time now. Attackers have been targeting home networking equipment for a couple of years, using a combination of vulnerabilities in the firmware and hardware to get control of home users' outbound Internet traffic". Links within the original blog post discuss botnets that are already attacking Linux-based routers

      There's nothing "hypothetical" about this threat.

    6. Re:Though the Times They May Look Grim ... by magus_melchior · · Score: 5, Insightful

      A and B were a little pissed because they were without internet, and without their computers for a little while (which just made me upset because I didn't start the problem, but I had to fix it).

      Welcome to the world of IT, where people don't care about you until something breaks, then it's your fault until it's fixed.

      --
      "We are Microsoft. You shall be assimilated. Competition is futile."
  2. Re:And this is why... by Hizonner · · Score: 5, Insightful

    The fundamental security model of Linux is no better than that of Windows. The main reason Windows gets nailed is that it's more profitable to write malware for Windows than for anything else. If Linux had the market share of Windows, it would have as much, or nearly as much, malware.

    In either Linux or Windows, being able to run any code at all gives you essentially complete access to the user's data, plus almost unlimited access to system resources, plus the ability to talk to the network. Who cares if you're not running as root if everything interesting is owned by the user's account?

    There are ways to make systems more secure, starting with strong containment. How strong? Strong enough that your program can't even express the desire to, say, open a file that the user hasn't given it a capability for. Strong enough that the user has to jump through hoops to give certain programs access to certain data. Especially programs with network access... which need to be only the programs that actually need it. Strong enough to subdivide lots of functions that people are used to putting together in the same process. Strong enough that you can forget about most of the APIs you're used to coding with. And, if you're going to run apps out on the network, that whole system has to extend out into the network as well.

    On top of that, people ought to be using tools that make it a lot harder to express common security bugs, and that help you to notice when you've created others.

    If this is to be fixed, users and programmers are going to have to change the ways they do things. I'm not super optimistic.

    Linux helps not at all. Even OpenBSD wouldn't help much.

  3. Assign responsibility to those who can do.... by wowbagger · · Score: 5, Insightful

    We need to assign responsibility to those who can do something about it.

    Every day, my firewall emails me a list of port scans against it, sorted by IP address. Most days that list is just under 100 different IP addresses scanning me, some days it is in the thousands of IP addresses - from all over the Internet (i.e. not just local addresses). This is on a residential DSL connection that offers no services to the world, isn't linked to by any web sites, and does not respond to any unsolicited traffic.

    It seems reasonable to assume that most if not all of those IP addresses represent infected machines. Were there some way to get them shut down, imagine how much cleaner the Internet would be. However, there IS no way to do so: the ISPs hosting those machines don't provide any meaningful or automated way to report them, there is no way to contact the owner of those machines, so they just keep on spewing and infecting the rest of the system.

    Nor will ISPs ever provide an automated way of reporting such machines as things stand now: a reporting mechanism is an internalized cost, and there is no reason for an ISP to internalize that cost when they can externalize it to the rest of the Internet.

    This is one of those rare cases where "there ought to be a law" is a reasonable response: were ISPs required by law to investigate abuse reports and disconnect infected clients until those clients are cleaned up, the number of infected machines on the Internet would be reduced, the profit margins of the bot-herders and spammers wiped out, and the system would clean itself up. However, such a law would be fought most vigorously by all ISPs precisely because it would be internalizing a currently externalized cost, and it would be worth vastly more to ISPs to prevent such a law than the cost of lobbying against it.

    (NB: "repeatedly submitting false abuse reports" is itself abuse, and should also result in the source of the false reports being shut down).

    "Trojan/Worm/Virus" credits, anyone?

    --
    www.eFax.com are spammers