mkraft:
In reference to your statement "How does unauthorized code even get into a financial institution's systems? The banking systems should never be accessible via public networks, only private ones, so this should never have happened."
It, unfortunately, is not that easy. As soon as one computer is connected to another computer (via wireless, wired networks or 'sneaker-net'), problems with security start to cascade. If a computer has a USB port, a CD drive, DVD drive, or a network connection, it is nearly impossible to lock down - malware will find it's way onto the machine.
The U.S. and foreign governments spend a fortune trying to lock down some of their most sophisticated computers and networks and still they leak like a sieve.
Although we may wish that it were otherwise, we can hardly expect for a company whose bottom line is the profit margin, to spend all that it takes to secure even one computer...
Consider the magnitude of the problem:
- Keep the network holes plugged as much as possible
- Keep the operating system patched
- Keep all of the applications (including the off-the-shelf and home-grown applications) patched
- Keep all security software patched and updated
- Most importantly, keep all employees from doing anything remotely silly or risky
Many of the items above, are nearly impossible to do well - for example...if a typical patch for a piece of software arrives ~5 days after the vulnerability is announced, what is the financial institution supposed to do for those 5 days? NOTE: the 5 days is a fictitious number - no one achieves that high a speed in issuing and applying patches...but it illustrates the point...
There is no way for an underpaid, overworked security staff to plug EVERY hole - especially in the world of zero day exploits. The hackers, on the other hand, have automated tools that can plug at the problem 24/7 until they find even one, overlooked hole...
The question raised by LiquidCoooled of whether "thwarting the attack is illegal" is very interesting. Would such activity (i.e. deleting the trojan, altering the trojan's behavior or altering the messages it sends back) be considered something akin to evading arrest or fleeing the scene of a crime?
Other questions that come to mind include:
Will the German government call upon anti-virus makers to allow the Trojans to be inserted onto machines without a red flag being raised?
Will the anti-virus companies go along with such a request?
If some a/v manufacturers go along with it...then how long 'til hackers create/modify/reuse malware that match the government's version and thus slip by, undetected.
This scheme has too many holes in it to fly for long...
tolerate malware as long as it doesn't eat up too much CPU
In real life, most users already do this...albeit unwittingly or because they think they will gain a benefit:
In terms of malware - one of the reasons people find out they have an infected computer is because it stops performing as "quickly" as it used to.
In terms of spyware - people believe that the toolbar gizmo will benefit them...somehow
The problem with proposing the "toleration policy" as a reasonable solution is that it is not reasonable...
If I can define an infection well enough to allow it because it doesn't suck up many CPU cycles...then I should just as easily be able to define it and remove/block it just as I do any other malware infection.
The last part of the article poses a critical question that deals with the fact that our perception of security may not be in sync with the logic of security:
How can security customers make sure they don't make bad security decisions that are based on incorrect perceptions?
Schneier says he doesn't know if you can change brain chemistry for this. "My belief is that making you aware of it goes a long way," he says. "If you can understand you are just reacting from fear, you have a better shot at...understanding these human biases. Hopefully you can short-circuit them and improve on them and make it so we are not slaves to this," he says. "Fear is brain chemistry, but so is reason. We have to figure out how reason can trump fear."
Besides just knowing that this imbalance is present, reliance on:
thorough planning
critical thinking
testing and verification
and
cold hard facts...
all go a long way towards improving the likelihood that we will follow logic and not emotion.
I am in fundamental agreement...Wikipedia AND all other encyclopedias are: * great first steps in the research process * not appropriate sources to cite in research papers
As a teacher, I expect my students to perform their own research or find primary sources as the basis for the ink and dead trees they submit (although...since this is/. I should say.pdfs they submit). When I read their papers, I have to take everything they say, with a grain of salt and an extremely critical eye, because it has gone through the filter of their minds. When we use Wikipedia or Britannica, etc...it increases the number of filters that potentially corrupt or distort the original data.
The same situation occurs here on/. "Read the article (RTA)" (or the more vulgar equivalent) is a common refrain in comments, when someone just reads the summary and then dares to comment on it.
Some filters are porous and allow the data to pass through relatively unscathed, but some filters are so clogged with junk or agenda, that the real meat of the matter is distorted beyond repair.
The general public generally only hears about the viruses that spread quickly and do damage...but the range of exploits is just amazing. One of my favorites is summarized this way, in the article:
"- The biggest snooper. In this case, it was not a difficult choice. WebMic.A is a malicious code that can record sounds and images, using a microphone and WebCam connected to the computer. Of course this is not the sort of uninvited guest you would like to have on your PC."
The average joe really doesn't know how much risk they place themselves in when they connect to the net.
Nor does the average joe take the steps necessary to slow the onslaught:
Slashdot Mirror
It, unfortunately, is not that easy. As soon as one computer is connected to another computer (via wireless, wired networks or 'sneaker-net'), problems with security start to cascade. If a computer has a USB port, a CD drive, DVD drive, or a network connection, it is nearly impossible to lock down - malware will find it's way onto the machine.
The U.S. and foreign governments spend a fortune trying to lock down some of their most sophisticated computers and networks and still they leak like a sieve.
Although we may wish that it were otherwise, we can hardly expect for a company whose bottom line is the profit margin, to spend all that it takes to secure even one computer...
Consider the magnitude of the problem:
- Keep the network holes plugged as much as possible
- Keep the operating system patched
- Keep all of the applications (including the off-the-shelf and home-grown applications) patched - Keep all security software patched and updated
- Most importantly, keep all employees from doing anything remotely silly or risky
Many of the items above, are nearly impossible to do well - for example...if a typical patch for a piece of software arrives ~5 days after the vulnerability is announced, what is the financial institution supposed to do for those 5 days? NOTE: the 5 days is a fictitious number - no one achieves that high a speed in issuing and applying patches...but it illustrates the point...
There is no way for an underpaid, overworked security staff to plug EVERY hole - especially in the world of zero day exploits. The hackers, on the other hand, have automated tools that can plug at the problem 24/7 until they find even one, overlooked hole...
The question raised by LiquidCoooled of whether "thwarting the attack is illegal" is very interesting. Would such activity (i.e. deleting the trojan, altering the trojan's behavior or altering the messages it sends back) be considered something akin to evading arrest or fleeing the scene of a crime?
Other questions that come to mind include:
Will the German government call upon anti-virus makers to allow the Trojans to be inserted onto machines without a red flag being raised?
Will the anti-virus companies go along with such a request?
If some a/v manufacturers go along with it...then how long 'til hackers create/modify/reuse malware that match the government's version and thus slip by, undetected.
This scheme has too many holes in it to fly for long...
- In terms of malware - one of the reasons people find out they have an infected computer is because it stops performing as "quickly" as it used to.
- In terms of spyware - people believe that the toolbar gizmo will benefit them...somehow
The problem with proposing the "toleration policy" as a reasonable solution is that it is not reasonable...If I can define an infection well enough to allow it because it doesn't suck up many CPU cycles...then I should just as easily be able to define it and remove/block it just as I do any other malware infection.
Besides just knowing that this imbalance is present, reliance on:
- thorough planning
- critical thinking
- testing and verification
andall go a long way towards improving the likelihood that we will follow logic and not emotion.
I am in fundamental agreement...Wikipedia AND all other encyclopedias are:
/. I should say .pdfs they submit). When I read their papers, I have to take everything they say, with a grain of salt and an extremely critical eye, because it has gone through the filter of their minds. When we use Wikipedia or Britannica, etc...it increases the number of filters that potentially corrupt or distort the original data.
/. "Read the article (RTA)" (or the more vulgar equivalent) is a common refrain in comments, when someone just reads the summary and then dares to comment on it.
* great first steps in the research process
* not appropriate sources to cite in research papers
As a teacher, I expect my students to perform their own research or find primary sources as the basis for the ink and dead trees they submit (although...since this is
The same situation occurs here on
Some filters are porous and allow the data to pass through relatively unscathed, but some filters are so clogged with junk or agenda, that the real meat of the matter is distorted beyond repair.
Nor does the average joe take the steps necessary to slow the onslaught: