The world's savviest hackers are on to the "real-time Web" and using it to devilish effect. The real-time Web is the fire hose of information coming from services like Twitter. The latest generation of Trojans - nasty little programs that hacking gangs use to burrow onto your computer - sends a Twitter-like stream of updates about everything you do back to their controllers, many of whom, researchers say, are in Eastern Europe. Trojans used to just accumulate secret diaries of your Web surfing and periodically sent the results on to the hacker.
The security world first spotted these new attacks last year. I ran into it again while reporting an article in Thursday's Times about a lawsuit meant to help track down the perpetrators of these attacks.
By going real time, hackers now can get around some of the roadblocks that companies have put in their way. Most significantly, they are now undeterred by systems that create temporary passwords, such as RSA's SecurID system, which involves a small gadget that displays a six-digit number that changes every minute based on a complex formula.
If you computer is infected, the Trojan zaps your temporary password back to the waiting hacker who immediately uses it to log onto your account. Sometimes, the hacker logs on from his own computer, probably using tricks to hide its location. Other times, the Trojan allows the hacker to control your computer, opening a browser session that you can't see.
And isn't it great that few - if any - of these news articles mention that almost all (or all?) of these threats are Windows based?
Is it about time that every single news article on Internet/Computer security threats has a disclaimer along the lines of:
"If you want to avoid 95% of the threats to your computer, don't use Windows and Internet Explorer"
-- Regards, David.
David Clayton Melbourne, Victoria, Australia. Knowledge is a measure of how many answers you have, intelligence is a measure of how many questions you have.
***** Moderator's Note *****
A disclaimer almost identical to that has been routine for years, and I'm surpris ... oh, wait, you're using a Windows OS. Never mind.
Hackers focus on those platforms because they are the majority in use. If another platform replaced them, that platform would be the target.
In my humble opinion, the highly automated start features of today's platforms make it easy for these viruses to do their work. The above article mentioned, "the Trojan allows the hacker to control your computer, opening a browser session that you can't see". Why should a browser session be _automatically_ opened, and why couldn't it be seen?
Is it so onerous for a user to manually open up his own windows? To have all sessions visible?
Another issue that needs discussion is the wide open connections to eastern Europe, where apparently a great deal of trouble originates.
***** Moderator's Note *****
Lisa, I'm not sure you're able to have a humble opinion. ;-)
Seriously, I think the reporter was probably using "browser session" as a metaphor for the various rootkits that hackers like to use. Although Windows 2000 and later version are capable of supporting a web server, it's much easier to hack a machine with a rootkit which can be remotely controlled via custom software instead of via a web browser.
BTW, the user can't see the "browser session" because that's what rootkits are for: to hide administrator-level access from the user, from AV software, and from the rest of the OS. It's not something a user can control once the machine is infected, onerous though it may be.
As for Eastern Europe, the very first Internet hacker, Marcus Hess, the antagonist of Cliff Stoll's famous book "The Cuckoo's Egg", was operating from Bremen in Germany.
Maybe, but they also focus on them because they are far (FAR) more vulnerable to attacks because of deliberate design features that make things "user friendly" by allowing the user to be bypassed in too many critical areas.
Having an environment marketed to computer illiterate people where code can be installed and run either without user knowledge or by just prompting with a "I'm a nice, fluffy ActiveX application, click OK to install me" is not just negligent, it is borderline criminal.
-- Regards, David.
David Clayton Melbourne, Victoria, Australia. Knowledge is a measure of how many answers you have, intelligence is a measure of how many questions you have.
***** Moderator's Note *****
"Never attribute to malice that which is adequately explained by stupidity" (Richard Feynman)
Computers had to be simple before they could be sold. Americans aren't really very technical, and we always demand simplicity and ease of use from any inventor: anti-virus and anti-spyware programs came later because viruses and spyware came later.
The first and most important survival trait of any business is the ability to generate the cash flow essential to growth. To do that, Microsoft concentrated on "Wow!" and told the security weenies that they had to wait. Once on that road, of course, they couldn't turn back, or even slow down: "market share" has always been the yardstick by which software firms are measured, and Microsoft is too busy trying to stay in front to worry about what is, in their mind, a public-relations matter.
It appears Macs have attracted the criminals' interest -- the new Snow Leopard release from Apple this coming Friday (Aug. 28) will have anti-virus/-malware software built in. Screen shot here:
FWIW, IE is the most non-compliant and buggy browser in existence today, even the latest IE8 passes only 20% of the Web Standards browser suite.
Two compliant and good browsers for use on Windows systems are Opera and Apple's Safari, both of which 100% pass the Web Standards suite:
Download: Download:
Add Vietnam, South Korea and China to the list. Note, however, that many of the newer IFRAME exploits (really, really nasty on infected web sites) which appear to originate from China are, in fact, sites of the Russian Business Network (a criminal hacker group) in the Russian Federation and in Latvia.
It's really about time that people proposing this concept just stop a second and think before putting ink to paper. Or electrons to a screen.
By this rationale, no one with an Audi should be able to find parts for their car.
Somewhere between 5 and 10 percent of computers hooked up to the internet are Apples. Just about none of them have any sort of third party anti virus protection running.
That's a pretty decent number of completely vulnerable systems, eh?
On the other hand, perhaps two thirds of Windows based systems hooked up to the internet have some added protection of this sort. (Keep in mind that the situation is so bad that... many internet providers include these features as part of their internet connectivity suite of programs).
This raises the proportion of "vulnerable", so to speak, computers on the Apple side quite a bit. And with such a virgin target, lots of Bad FOlk should be trying to exploit them.
Yet we still don't see a single mass attack virus [a] against them.
Why? Because there's no there, there. The operating systems and the various built-in designs make it a lot harder to take over.
[a] that's not to say it's completely impossible, but it takes active confirmation, including entering the system password, before an outside program can do anything really ugly to a Mac. Yes, you can go to a web page that will try dl'ing something extremely nasty, but yo've got to then approve its actions before anything ugly will happen.
As an analogy it's as if someone mailed out diskettes to a thousand people and attached a cover letter telling them it was a brand new way to Make Money Fast.
Ninety nine percent would throw it out. Yes, a small number, though, would run it.
So yes, you can have a Mac virus. But it ain't going to go very far.
OK, let's think about it: the same decision is made by people other than malware writers every day, and the "concept" that you seem to be trying to discredit is a very good predictor of outcome! For example, a former employer sold software that interfaced with only one word processor which at the time held dominating market share. When developers asked if he was interested in integrating with another word processor with only niche market share, he declined to make the investment. As market positions reversed, so did word processor support. At no time was porting to the Mac or anything UNIX-ish even discussed because their market share among prospective clients was extremely low. Lots of software is prodiced for Windows only because people act in accordance with the "concept."
Of course, not every developer writes exclusively (or at all) for Windows, but if you want to know why malware authors never seem to choose anything else you can't simply jump to the conclusion that the one and only reason is the other platform's superior resistance. If someone writes a utility useful for desktop publishing, they may choose to write it for the Mac because the DTP market is reputed to have plenty of Macs... but, again, that goes back to market share, doesn't it? Do any such factors carry weight (or value) for malware writers? Well, maybe one: Mac owners may have more money to steal, making it a more attractive platform for online banking password theft...
... except that a significant number of people paid a premium price (compared to, say, a Honda Civic or entry level Chevrolet) to own that car and will pay a good price to have it repaired - and wouldn't buy the car at all if there were no parts to repair it. Unless and until the criminals who operate botnets, steal banking passwords, etc. discover that an infected Mac is somehow worth more to them than an infected PC, they'll choose two (or three, or four) infected PCs over one infected Mac every time.
A "decent" number, yes. But still 1/10th to 1/20th the number of systems you can target for a similar effort by choosing Windows over Mac. Even taking into account your assertion that two thirds have some kind of protection against malware and completely neglecting the fact that signature-based malware recognition is dependent on updates so that a small change in your code can bypass recognition (and discounting that update subscriptions may expire and some of those Apples might still be PowerPC-based or running OS 9), you're still facing a 30% of vulnerable systems out there are Windows vs. 5-10% Mac OS.
If the effect is 3-6 times as much with Windows malware, even if there were a difference in development effort, the cost/'benefit' balance is still heavily in favour of trying to infect a PC. However, if you think about the process of malware spreading, the imbalance is actually much higher... but more about that later.
Now let's think about that statement now that you've put electrons to screen! Even given that it is more challenging to exploit a Mac, if it uses an as-yet unpatched vulnerability it can still infect 100% of the Macs out there!
However, we could (and should) also consider how malware spreads: if Mac malware must find (connect to, email to, etc.) another Mac to spread and only 5-10% of computers on the Internet are Macs, consider:
Mac told ten friends, who told ten friends, who told ten friends... PC told thirty friends, who told thirty friends, who told thirty friends...
If your goal is to infect as many devices as possible (or, alternately, to infect a given number as quickly as possible), then you just can't dismiss market share as a driver of what platform the malware targets!
I believe this can be considered an application of Metcalfe's Law.
The other issue that we should discuss (from an end-user's point of view) is specifically why and how Windows is supposedly more vulnerable than Macs. What features and applications are automated in Windows that are manual in Macs and thus not vulnerable?
What Windows applications would become dysfuctional if vulnerable traits were closed up?
In other discussions, some suggested that far too many applications uilize these automated features; that eliminating them would cripple computer use. Is that true?
[Moderator snip]
(I still think 'virus' is a bad label; it is 'sabotage')
A niggle (but not a trivial niggle): The EULA (and other similar documents) may be intended to prevent (or at least inhibit) legal actions by others; but they may or may not actually do so. "Anyone can sue", as the old saying goes; and an aggressive and well publicized attempt to sue can be as effective as actually winning such as suit.
First thing is dump the whole notion of allowing a visual basic script embedded into a word processing document or spreadsheet to run external applications.
That would break a HUGE number of big corporate applications. It would also be a phenomenal improvement in system security.
It's possible. It would have been better not to have put them there in the first place, but if you don't design security into a product it turns out to be very difficult to retrofit it after the fact.
Microsoft offers a number of different levels of security to this problem. You can set the macro security of the application to be various levels. High means only files [which have been] signed with a recognized digitial certificate, somewhat similar to the SSL used in https pages by your bank, will be executed. Office 2003 came with high security enabled by default, as have newer versions of Office.
Now it had its quirks as [does] any V1.0 feature. However that's over six years ago now.
In the current out of box security settings Microsoft Office now refuses to run any code whatsoever. You, or your system administrators have to override that.
Setting your macro security to low means anything goes which is how it used to be before Office 2003.
Sementic quibble. It is not a Visual Basic Script that is part of Word, Excel, PPT or Access but Visual Basic for Applications. The term script can be seen as rather negative such as "script kiddies"
Hindsight is perfect, now isn't it?
Tony (Microsoft Access developer since about 1993. Microsoft Access MVP since
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.