While We Were Busy Patting Ourselves On The Back For Beating Viruses, Somebody Stole All Our Passwords
from the try-again dept
While the folks at Kaspersky are celebrating their supposed triumph over “virus” authors, the rest of the world is still dealing with all the other security headaches malware authors are creating. The company’s claim that viruses are dying out rings a little bit hollow when you consider malware authors and hackers are just spending their time on other things these days, meaning there’s still plenty of places where security firms have their work cut out for them. Case in point? Browser-based vulnerabilities such as phishing and password theft. A new study says that anti-phishing toolbars don’t do a great job, while separately, a researcher says that new versions of Internet Explorer and Firefox are vulnerable to fake site login forms that could allow hackers to surreptitiously steal users’ passwords. There’s little point in trying to claim a security triumph when the threat and benchmarks are constantly moving, and acting as if people face a reduced threat today is little more than disingenuous. The threat hasn’t reduced, it’s just changed — and if a security company can’t recognize that, they’re what’s going to disappear, not the security problems.
Comments on “While We Were Busy Patting Ourselves On The Back For Beating Viruses, Somebody Stole All Our Passwords”
Browser-based vulnerabilities such as phishing and password theft
shouldn’t that be considered inept user vulnerabilities?
The technology exists to prevent infection from most modern forms of malware. The problem is mostly the ignorant idiots behind the monitors letting the stuff in. The real challenge is not developing new technology to try and save people from themselves, but rather to educate these people on how to utilize existing technologies to protect themselves.
I haven’t had a single piece of malware infest my PC in over 2 years at least, because I don’t download stupid software and open spam and whatnot. Oh, and I run Firefox too, which makes a HUGE difference in overall web security. I do have to switch to IE for compatibility with certain things, but when I do I make sure it’s a safe website first. I rarely even run spyware scanners anymore, because they drain resources on my computer and they never find anything to remove. I do still run some basic antivirus software, which I think is still essential, but beyond that, it’s all pretty much all about your level of intelligence.
Re: Re:
Holy Crap you took the words right out of my mouth!
You sure sound confident, and you may be correct, but I’ve found that even being as net-saavy as I think I am (and I’m a back end developer and name server tech, for what its worth) I still manage to get infested with bits of mal-riffic crap. Granted, its usually only cookies and browser hijack tricks (yes, even FireFox, run Hijack This and see what you don’t know) but the occasional evil ActiveX widget manages to still get through, I’d guess at the rate of one or two a month with heavy surfing. I would be very surprised if you really don’t have any bits of that crap in your rig at all.
preaching to the choir
I agree with you AC, it takes at most 30mins to explain some simple tips to prevent 90% of the adware/malware programs from being downloaded.
A company could prevent a lot of the downtime caused by this kind of stuff, if they had their employees take a class or watch a presentation about it.
from what our tech guys tell me, you can explain and send warning emails, everything short of holding their hands all day, and you still have idiots opening up attachments, downloading from unsafe sites.
The idiots in question are, for the most part, extremely educated – most of them (~98%) are attorneys, no longer practicing law. (which in my book makes them smarter than those JDs that do still practice law)
If you actually read the original article posted on “The Register”, Kaspersky indicates that the current “stalemate” situation between virus writers and antivirus companies is a temporary thing. Kaspersky predicts that thing will change in the next couple of months and also notes that new vulnerabilities have been discovered but not yet exploited in the wild.