#271114 - 03/12/2005 19:37
Re: I can't get rid of this!
[Re: CrackersMcCheese]
|
carpal tunnel
Registered: 13/02/2002
Posts: 3212
Loc: Portland, OR
|
As long as you're re-installing... is there anything you really, really, really need Windows for? If you're starting over, now's a good time to reconsider your choices. One of the guys at work just went through the same issue with a non-removable virus. He installed SuSE 10, instead, and said that aside from needing to download a bit of extra stuff for playing videos (i.e. mplayer, and libdecss), it's done everything he needs right out of the box. The few Windows-only things he's needed have run a treat under Wine.
|
Top
|
|
|
|
#271115 - 08/12/2005 01:33
Re: I can't get rid of this!
[Re: loren]
|
pooh-bah
Registered: 19/09/2002
Posts: 2494
Loc: East Coast, USA
|
Quote: There must be MILLIONS of infected computers out there that people just deal with.
There ARE millions of infected comps out there, if the numbers reported by botnet researchers can be trusted (100k to 400k compromised in a botnet, typically).
Here's how people deal with it:
Home User: "My 6 month old computer is really slow. Must be time for a new one."
Computer Store Guy: "Your gigaflops and megajerks aren't good enough. Buy THIS one (with a 6 year extended warranty)."
Seriously though, there MUST be silver bullet to stop spyware from coming in. This spyware preventing software must be doing things that we can do ourselves. If I had a second life time, I would figure this out myself.
Some hypothesis:
Use Local or Group Policy to force AutoUpdates to download and patch every night, setting missed patchings to run at next login (with no ability to stop forced reboot? is that an option, i forget.)
In the registry, deny every user and system account write/modify permissions to the typical startup keys and spyware hiding places (even services?).
In the registry, deny all permissions to IE security (and other) settings so they can't get hijacked.
Deny every user and system account write/modify permissions to startup folders.
Write protect the host file and maybe even the local DNS cache....?
These are pretty restrictive. ie: you can't install or change anything while they're in place. So, write software that's a "switch", turning these features off for a few minutes (forcing the security back on after that time) when you need to install something or apply patches (so it'd need to play nice with AutoUpdates?).
So it's a pipe dream, but maybe not. There must be an elegant solution to stopping spyware; one that can be simplified to a "push this button to allow system modification" for every user on the internet. Maybe I should quit my life and create this.
Unfortunatly, social engineering can crush this instantly. One e-mail saying "Helo, pres unsecure button than clik attach picture. Its fun! Thanking you." and thousands of untrained users will get nailed. That's where heavy handed ISPs are needed. There must be a way for them to to block ports to all residential users unless they complete a simple online request. At least, couldn't they somehow deny SMTP outgoing (and secure variants) to block compromised spam sending machines? But... hm... then desktop e-mail clients couldn't send to their local servers... Regardless, it would require costly heavy hardware and would turn users away.
Alas, the only solution is, and always will be, cutting our collective ethernet cables.
_________________________
- FireFox31 110gig MKIIa (30+80), Eutronix lights, 32 meg stacked RAM, Filener orange gel lens, Greenlights Lit Buttons green set
|
Top
|
|
|
|
#271116 - 08/12/2005 05:15
Re: I can't get rid of this!
[Re: FireFox31]
|
carpal tunnel
Registered: 08/06/1999
Posts: 7868
|
Quote: In the registry, deny every user and system account write/modify permissions to the typical startup keys and spyware hiding places (even services?). Deny every user and system account write/modify permissions to startup folders. Write protect the host file and maybe even the local DNS cache....?
The problem still always comes down to the fact that people on Windows machines are logged in with the second highest privileged account possible, with only "SYSTEM" having more power.
Fixing it is as simple as not logging in as an administrator. The problem is that this isn't the default like it should be (and aparently will be finally in Longhorn). If your not logged in as an admin, everything above in the quote is addressed. As far as IE, well, it needs to just be scrapped period. No web page should ever be able to try and set itsself as a home page, no web page should download a plugin first, then ask if it needs to be installed, and so on.
Beyond that, it's just a matter of teaching people to not type in their password when prompted by the system if they didn't do anything that should have. My grandmother for example understands that she should only type in her password if the system has the specific system update program running. Other then that, she knows to click cancel. While no malware exists in the wild for OS X, she is ready if any ever does come out, since it will trip the system password prompt to do anything damaging.
|
Top
|
|
|
|
#271117 - 08/12/2005 05:53
Re: I can't get rid of this!
[Re: FireFox31]
|
pooh-bah
Registered: 09/08/2000
Posts: 2091
Loc: Edinburgh, Scotland
|
There is a silver bullet - but it is aimed at the users:)
As Drakino pointed out, a lot of it comes from the way users of MS Windows have not been educated - yes, computing has been brought to the masses, but there has been little sign of the teaching of sensible practices.
If home users are going to run windows PCs, they should at a minimum install straight from XP Service Pack 2, not install XP then download the SP, as they are likely to be compromised before they get it.
They should have a hardware firewall as well as a good software firewall (not XP's own thing - bleh)
They should create an admin account at startup, and leave it well alone - using only user level accounts for everything.
Jeez - there is a wee list of technical things that can help, but really - it is mostly a user education problem...which means it will never be fixed.
_________________________
Rory MkIIa, blue lit buttons, memory upgrade, 1Tb in Subaru Forester STi MkII, 240Gb in Mark Lord dock MkII, 80Gb SSD in dock
|
Top
|
|
|
|
#271118 - 10/12/2005 02:33
Re: I can't get rid of this!
[Re: frog51]
|
pooh-bah
Registered: 19/09/2002
Posts: 2494
Loc: East Coast, USA
|
Some parts of user education are tough; notably, viewing malicious websites. All Windows web browsers have vulnerabilities and websites posing as legitimate, even innocent, will compromise them. Google spamming sucks in users like a bug zapper. It takes a whole new level of education to teach users to avoid these websites without even visiting them.
I constantly try to share my URL and domain name paranoia with my coworkers so they can avoid unsavory sites. Avoid domain names with: More than one dash Stupid letter replacement (z for s, 1 for l, etc) Overly long Random characters Prefix or suffix on a popular domain name (ie: linksysinfo.com) Wrong top level domain, and NEVER .biz or .info etc etc
And teaching them to preview the two line Google page excerpt. Avoid: Keyword repeated 6 times among random words. "Best deals on ____. Find all your ____." "Coming Soon", "This Domain is available", etc. etc etc
This leads back to my "trusted sites" idea. Just like the pre-search-engine days when people posted link directories, there should be directories of trusted sites. Maybe a web of trust, tightly controlled by the members of the web (not infinitely expanding like the PGP key model). Display only known legitimate sites, accept link requests from the outside, post those links after through review, swiftly remove sites turned bad.
Think of how easy it would be to find trustworthy product reviews, legitimate online retailers, non-popup'ed lyrics sites, REAL information. Yes, it's labor intensive, but that's how I do things. Maybe there's a way to make this work.
_________________________
- FireFox31 110gig MKIIa (30+80), Eutronix lights, 32 meg stacked RAM, Filener orange gel lens, Greenlights Lit Buttons green set
|
Top
|
|
|
|
#271119 - 10/12/2005 10:51
Re: I can't get rid of this!
[Re: FireFox31]
|
old hand
Registered: 07/01/2005
Posts: 893
Loc: Sector ZZ9pZa
|
Quote: This leads back to my "trusted sites" idea. Just like the pre-search-engine days when people posted link directories, there should be directories of trusted sites. Maybe a web of trust, tightly controlled by the members of the web (not infinitely expanding like the PGP key model). Display only known legitimate sites, accept link requests from the outside, post those links after through review, swiftly remove sites turned bad.
Think of how easy it would be to find trustworthy product reviews, legitimate online retailers, non-popup'ed lyrics sites, REAL information. Yes, it's labor intensive, but that's how I do things. Maybe there's a way to make this work.
Reminds me of the Open Directory Project.
Really though, I'm not sure about the future of that system. For example, search for empeg on Dmoz, and boom... 3 results. Its not exactly comprehensive, and the sheer manpower required to make it so just blows my mind.
On the flipside, I'm getting into del.icio.us. Search for empeg on that, and you get good results, you can quickly see whats popular and there is no junk. Its also good to see whats related by following people's tags. A nice side-effect to social bookmarking.
Edited by sein (10/12/2005 16:38)
|
Top
|
|
|
|
|
|