While We Were Busy Patting Ourselves On The Back For Beating Viruses, Somebody Stole All Our Passwords

from the try-again dept

While the folks at Kaspersky are celebrating their supposed triumph over "virus" authors, the rest of the world is still dealing with all the other security headaches malware authors are creating. The company's claim that viruses are dying out rings a little bit hollow when you consider malware authors and hackers are just spending their time on other things these days, meaning there's still plenty of places where security firms have their work cut out for them. Case in point? Browser-based vulnerabilities such as phishing and password theft. A new study says that anti-phishing toolbars don't do a great job, while separately, a researcher says that new versions of Internet Explorer and Firefox are vulnerable to fake site login forms that could allow hackers to surreptitiously steal users' passwords. There's little point in trying to claim a security triumph when the threat and benchmarks are constantly moving, and acting as if people face a reduced threat today is little more than disingenuous. The threat hasn't reduced, it's just changed -- and if a security company can't recognize that, they're what's going to disappear, not the security problems.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    PhysicsGuy, 22 Nov 2006 @ 2:18pm

    Browser-based vulnerabilities such as phishing and password theft

    shouldn't that be considered inept user vulnerabilities?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 22 Nov 2006 @ 2:45pm

    The technology exists to prevent infection from most modern forms of malware. The problem is mostly the ignorant idiots behind the monitors letting the stuff in. The real challenge is not developing new technology to try and save people from themselves, but rather to educate these people on how to utilize existing technologies to protect themselves.

    I haven't had a single piece of malware infest my PC in over 2 years at least, because I don't download stupid software and open spam and whatnot. Oh, and I run Firefox too, which makes a HUGE difference in overall web security. I do have to switch to IE for compatibility with certain things, but when I do I make sure it's a safe website first. I rarely even run spyware scanners anymore, because they drain resources on my computer and they never find anything to remove. I do still run some basic antivirus software, which I think is still essential, but beyond that, it's all pretty much all about your level of intelligence.

    reply to this | link to this | view in chronology ]

  • identicon
    Whatnot, 22 Nov 2006 @ 3:52pm

    You sure sound confident, and you may be correct, but I've found that even being as net-saavy as I think I am (and I'm a back end developer and name server tech, for what its worth) I still manage to get infested with bits of mal-riffic crap. Granted, its usually only cookies and browser hijack tricks (yes, even FireFox, run Hijack This and see what you don't know) but the occasional evil ActiveX widget manages to still get through, I'd guess at the rate of one or two a month with heavy surfing. I would be very surprised if you really don't have any bits of that crap in your rig at all.

    reply to this | link to this | view in chronology ]

  • identicon
    Diogenes, 22 Nov 2006 @ 3:58pm

    preaching to the choir

    I agree with you AC, it takes at most 30mins to explain some simple tips to prevent 90% of the adware/malware programs from being downloaded.

    A company could prevent a lot of the downtime caused by this kind of stuff, if they had their employees take a class or watch a presentation about it.

    reply to this | link to this | view in chronology ]

  • identicon
    lil'bit, 1 Dec 2006 @ 6:26pm

    from what our tech guys tell me, you can explain and send warning emails, everything short of holding their hands all day, and you still have idiots opening up attachments, downloading from unsafe sites.

    The idiots in question are, for the most part, extremely educated - most of them (~98%) are attorneys, no longer practicing law. (which in my book makes them smarter than those JDs that do still practice law)

    reply to this | link to this | view in chronology ]

  • identicon
    Rob, 22 Dec 2006 @ 5:06am

    If you actually read the original article posted on "The Register", Kaspersky indicates that the current "stalemate" situation between virus writers and antivirus companies is a temporary thing. Kaspersky predicts that thing will change in the next couple of months and also notes that new vulnerabilities have been discovered but not yet exploited in the wild.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: I Invented Email
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.