Slashdot Mirror
Google Highlights Trouble In Detecting Malware
JohnBert writes "Google issued a new study (PDF) on Wednesday detailing how it is becoming more difficult to identify malicious websites and attacks, with antivirus software proving to be an ineffective defense against new ones. The company's engineers analyzed four years worth of data comprising 8 million websites and 160 million web pages from its Safe Browsing service, which is an API that feeds data into Google's Chrome browser and Firefox and warns users when they hit a website loaded with malware. Google said it displays 3 million warnings of unsafe websites to 400 million users a day."
About the same time I saw any meaningful web development targeting that tool.
"Here Lies Philip J. Fry, named for his uncle, to carry on his spirit"
And that's even before you escalate UAC rights, I find software like Sandboxie works far better to protect my computer than any antivirus out there.
Yet another story hinting at the huge lie that is perpetrated on the world in the form of antivirus "protection". Like I've always said, these tools do more to undermine my PC than malware ever has. A good "secure-by-default" installation and a decent understanding of responsible Internet use is all you need. Instead, most people deal with significantly slower performance, and borderline criminal subscription tactics. Protection from new and future threats has always been and will always be a fantasy.
"Here Lies Philip J. Fry, named for his uncle, to carry on his spirit"
A good "secure-by-default" installation
One fundamental problem in home computer security is that vendors disagree on how to define "good 'secure-by-default' installation". For example, does it involve establishing a policy of trusting a third party to determine whether each program is safe and enforcing this policy with no way for the end user to override it? Apple (iOS), Microsoft (Xbox 360 and Windows Phone 7), Nintendo, and Sony seem to think so.
Javascript really is the source of the most recent problems because it can allow entry into systems and activation of malware remotely. This is why ActiveX is also bad. Developers rush into this kind of technology thinking of the payoff but not the cost.
Really though, JS is totally unnecessary so I run noscript and I don't visit sites that have a zillion JS calls to different sites. I probably could turn antivirus off and still be okay.
The dangers of knowledge trigger emotional distress in human beings.
browse in Lynx.
When was the last time you saw malware for it?
When was the last time you saw anything other than text in a BIG font? ;)
Yours sincerely,
A Lynx user.
I rarely respond to comments. Also, don't ask for clarifications: a brain and Google are faster, believe me!
Why not have the browser have some kind of globally coordinated download queue that queues the download until someone can scan it. If it's (by URL) already been scanned, then let it download, then verify the MD5 sum of the downloaded vs scanned content. If it matches, then all is good. If not delete it. I don't define "scanned" because it could be a virus scan, or an automated install to a virtual machine, which reports back any opened ports or initiated connections for further review.
This would be a pain for developers and IT, so have a way to disable it, but for most people telling them "we don't know if this download is safe" "We'll download it when we know more" would go a long way to stopping malware. And it has the peripheral effect of slowing up malware people too.
Slashdot's rate-of-post filter: Preventing you from posting too many great ideas at once.
What malware should I be worried about on my Samsung Chromebook?
* Carthago Delenda Est *
displays 3 million warnings of unsafe websites to 400 million users a day
I didn't RTFA, but doesn't that look like it doesn't add up? 400 million users are displayed 3 million warnings? I guess it means 400M users are warned from 3M identified sites?
Fear is the mind killer.
For years, I have had machines on the net that never used any antivirus. And so far, no virus on them either. Nice to have a system that is designed not to be vulnerable. (There is the occational software security error, but they usually get fixed before anyone have time to exploit them.)
If you care about security, don't bother with windows - or any system that need third-party security add-ons to work reliably. Windows has a series of design errors, in addition to the occational programming errors. Running everything with admin privileges, automatically running code embedded in email and documents, automatically running code off the web (activex) and so on. And who knows what new sillinesses they have, now that these things are slowly getting fixed.
Oh yeah? Stupid easy - ok. Compromise my machine then. Windows 7 64 bit, I've been lazy about patching it, haven't done so for about a month. My IP address is 24.107.113.55, and I've set my pc as the DMZ for all inbound traffic. I'll be at work for about 8 hours, I'll leave it running. Good luck.
mov ah, 4ch
int 21h
1and1 has been a host for me for some time.
Then I got flagged by Google as having malware and I was like... wtf... I don't even actively use
those sites. So, I FTP'd in and downloaded some files, there was an injection of code in all of
my index.htm(l) and default.htm(l) files.
Now, I've had 1and1, since they came to the US. I had a plan back then that had all the goodies,
ssh access to my shell for my sites, so it was easy to administer.
Well, "because of new policies" my old service I had was changed to another... like the cell
companies moving you around on new plans. My new plan, has no ssh access.
What's worse, 1and1, refused to give me shell access so I could take care of all of those
malware files.
Let me repeat... A HOSTING PROVIDER REFUSED TO GIVE ME ACCESS TO MY OWN SITE
TO CORRECT A MALWARE ISSUE!
Nice huh?
So, like I said, since I don't really use those sites, I just deleted them all via FTP and told
1and1 to go fuck themselves. I put up what I needed that was important (after cleaning) on
an EC2 "free" instance.
-AI
For me, it is far better to grasp the Universe as it really is than to persist in delusion
Strangely enough, I just got my first ever warning from the safe browsing service about 10 minutes ago. Visiting a website that I go to regularly... I'm glad they caught that one site getting compromised at least as I place very little confidence in AV software nowadays.
http://tech.slashdot.org/story/11/08/16/200209/IE-9-Beats-Other-Browsers-at-Blocking-Malicious-Content
Google: "But it's hard!"
That said, I'm not particularly thrilled with a browser feature that tells you where not to go on the internet. I'd rather be able to go there and not get infected by browser exploits. Drive-by downloads I'm not worried about. Embedded PDFs I'm not worried about. (I uninstalled the Adobe plugin. Any PDFs are downloaded rather than opened.) That pretty much just leaves the browser, Flash, and Java. And even Java should warn me before starting an applet.
1. use a more secure OS (meaning anything other than MS-Windows) a Linux distro or one of the flavors of BSD
.. and if any of those unknown websites wants you to download something or run a plugin within the browser DO NOT LET IT...
2. keep two webbrowsers = one with plugins and goodies for websites you know are known safe like slashdot, youtube, & etc... but never use that fancy browser with the plugins for general purpose webbrowsing
3. for general purpose webbrowsing and looking in to unknown websites use a locked down and secured webbrowser that does not even have any plugins and with javascript disabled,
i know this is just elementary & incomplete but it is a good start...
Politics is Treachery, Religion is Brainwashing
Gladly, but first you need to prove that the IP of your home machine is what you say it is.
Surprisingly enough it's in one of RoadRunner's residential IP blocks ("Allocations for this OrgID serve Road Runner residential customers out of the Austin, TX and Tampa Bay, FL RDCs").
He should have at least made it interesting, like 209.251.178.99.
You are missing the point, and are not the OP.
mov ah, 4ch
int 21h
That's not what the web works like. The people endangered by malware are your neighbors (particularly your male neighbor because he's watching porn all day, and we all know women don't watch porn). Your neighbors are people who hardly know what "Browser" means, have once heard about this "Microsoft Linux" thing and will buy a new PC when their current one gets slow. This is the majority of the society, and you can't fix it by adding more instructions and manuals to every piece of software.
Last person I met who actually used Lynx for day to day browsing did so on a braille terminal. So, the last time he saw anything was probably quite a long time ago, if ever...
I am TheRaven on Soylent News
I got into your computer and turned it off, it's inappropriate to waste energy like that. Think of the environment!
Why is that surprising? This just in: someone's home computer will be using an IP within a residential block of their ISP! STOP THE PRESSES!!!
Except that anything I post you will attempt to claim doesn't prove anything and you'll slink away like a chickenshit. You either are going to have to believe me or not. I don't really care.
I got into your computer and turned it off, it's inappropriate to waste energy like that. Think of the environment!
And to teach him a lesson I downloaded Glitter.
I'm fairly sure that a simple web-page or telnet reply saying "This is HarrySquatter (1698416), tukang (1209392) please come in for /. story 1328237" would've been sufficient.
But that doesn't prove anything. Could I not just as easily be at someone else's computer doing that? Once again, nothing I can do or so is going to be something irrefutable so he's either going to have to man up and just prove himself or slink off like a chickenshit. I honestly don't give a flying fuck.
The surprising part is that you posted your real IP address. The one I posted is what resolved for fbi.gov (I know, I'm not terribly creative).
Could I not just as easily be at someone else's computer doing that?
What would that accomplish? So somebody else's Windows computer could be hacked.
Anyway, your Slashdot user ID number is stored in plain readable text in the cookies.sqlite file, which would be the most obvious way to determine if you'd got into the right computer. If you wanted to, I mean...
Granted, that same cookie could probably be used to access your Slashdot account, but I'm confident he'd never do that...
You misunderstand. I don't give a flying fuck if tukang does or doesn't believe me or does or doesn't attack my computer because my point is that if the original poster wants to prove his laughable statement that he has my information to do so. Most likely he won't because he's wrong and is most likely a chickenshit the same as tukang.
My point is that any evidence I can give can easily be faked. Nothing I can do or say is 100% irrefutable evidence. Hell I could be posting from my friend's computer that is running Slackware instead of Windows and we could be doing nothing but laughing at tukang. He's never going to know if that's true or not despite what I can say to the contrary.
No doubt. But the overall point was that Windows is "stupidly easy" to compromise, and if that's true it presumably wouldn't be that hard to determine that the computer at that IP wasn't even running Windows. Anyway, I still think you should have posted the IP address for the FBI or CIA or some other spook agency on the outside chance that he'd really try to break in.
I just hacked in and checked your browser history. Good God, man! Don't you know just thinking about that shit is illegal in all but like 3 countries??
The soylentnews experiment has been a dismal failure.
It can't be. That's my IP address
Oh noes! My entire life is going to fall apart because an AC on slashdot has called me a jackass. Oh wait, I already know I'm a jackass and don't really care.
I'm not afraid of little script kiddy boy. If someone wants to try their hand, they are more than welcome.
I got into your computer and turned it off, it's inappropriate to waste energy like that. Think of the environment!
I can't tell whether this is a joke or not. THE GP's IP is not responding to ping and nmap reports the host is down (I know that these don't mean anything on its own, but deep down, I so wish parent isn't joking!)
Google used to have a problem with malware and phishing sites being hosted on their own Google Sites. Once they plugged that hole, the malware moved to Google Spreadsheets. Because you can put HTML in Google's spreadsheets, it can be used as a free hosting service. Google hadn't anticipated this, and their abuse operation couldn't handle it.
Google seems to have plugged the spreadsheet hole now. I noticed recently that Google has disappeared from our major domains being exploited by active phishing scams. There were pages hosted by Google which were in Google's own "this site may harm your computer" blacklist. So their hostile-site detection wasn't coupled to their abuse department. That was kind of embarrassing, but until we publicized it, it didn't get fixed.
Basic truth - run a free hosting service, a free "forms" service, a free "poll" service, or a free URL direction service, and you will end up hosting phishing sites and related annoyances. If you run a free service, you must have an automatic check against the major phishing blacklists, or you will be pwned. This week's big sites being abused by phishers are "piczo.com" (social networking for teenage girls), "webs.com" and "moonfruit.com" (free hosting), and "t35.com" (which, the last time we contacted them, has one poor abuse guy trying to deal with a daily tide of phishing pages by hand).
Those sites are used by the bottom-feeders of the malware/phishing world. The big guys buy hosting with stolen credit card numbers, use botnets, and contract with "bullet-proof hosting services.
There is progress. "Open redirectors" are more or less gone from major sites. Over the last three years, MSN, Yahoo, eBay, and Facebook have all had open redirectors. Publicity and nagging put a stop to that. Slowly, too slowly, IE6 is dying out.
And to teach him a lesson I downloaded Glitter.
Totally disproportionate actions like this are the reason hackers are classified as terrorists.
Experience (do not install any softwares without making a diff of you registry before and after) and sensible software configuration (like no script in wmv, no script in pdf,..., no script in any kind of document except a web page with everything from the adds servers around the world blacklisted) works even better but is it less convenient.
Jehovah be praised, Oracle was not selected
The surprising part is that you posted your real IP address. The one I posted is what resolved for fbi.gov (I know, I'm not terribly creative).
LMAO creative indeed.
"We are just a war away from Amerikastan. When god vs god the undoing of man." Dave Mustaine
hey, that's the combination to my luggage!
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
Don't worry, I'm ok. I do use the Windows fw, which blocks ICMP.
mov ah, 4ch
int 21h
Wrong! It's 12345.
Sorry, but gray text on gray background is making my eyes bleed.
You killed my brother.
I mean, my computer.