Monday, July 18, 2005

Scary New Dangers in Cyberspace

I sometimes watch TV, and I happened to catch a story on ABC World News Tonight called "Your Computer's Stealth Identity Thief." I listened carefully and learned about something scary called a "keylogger." I even saw some cool shots of Symantec's cyber ninjas tapping away on their uber-31337 keyboards. I really paid attention to the tips to help protect [my]self against key logging, spyware, and other computer viruses like "Do not click OK on pop-up windows without first reading them thoroughly." The next time I see a pop-up that says "It's ok, I won't 0wn j00," I'll feel better!

Obviously I am jaded by stories about old technology. For pete's sake, Bugbear from mid-2003 had a keylogger built in. I'm sure there are even older examples out there.

Worse, none of the "tips" mention the steps that would really make a difference, in order of least to most impact on change of user habits:

  • Patch your system.

  • Don't browse the Web or read email as administrator or root.

  • Use an alternative Web browser and mail client.

  • Don't run Windows.


Instead we're told to " Use a firewall to help prevent any unauthorized computer activity." Good grief.

10 comments:

Scott said...

I think all these shows recycle the basic content, shame it was all written in 1993, huh? :)

Joao Barros said...

Richard,

Out of curiosity, what OS/desktop do you use on your working computer?
I am tied to Windows for Outlook (mainly calendar support) and Visio. Oh and Trillian, can't seem to find any good (as in good as) OSS IM.

Keydet89 said...

I think you're missing a very important distinction...those shows aren't meant for you. They're meant for the rest of the masses out there, the vast majority of folks who've never heard of keyloggers...or did at one point, but it really never meant anything to them at the time.

There are admins out there who lump keyloggers in with viruses, worms, and rootkits...something they know about, but don't really understand the effect that it could have one them, personally or professionally.

The thing is, you and I can look at those shows and scoff, but they're really important for reaching the masses. I find that when I sit down w/ family and friends, and confirm/validate what they heard on those shows, it has an effect...one that wouldn't be there if it were just me saying it.

H. Carvey
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com

chuck said...

Richard,

Love the review. You mean a firewall won't protect me from all those things mentioned on the show?? just kidding..

Chuck

Scott said...

No good IM in open source? Tried GAIM...i use it under windows and Linux and LOVE it.

Scott

Joao Barros said...

Scott,

I really meant "not as good as" Trillian.
When I boot FreeBSD and KDE on my laptop I use Gaim, but it is not yet smooth as it should (could) be.

Scott said...

Hmm has all the basic functionality and then some. Not as pretty as Trillian, but I like having things like the GAIM encryption plugin.

Richard Bejtlich said...

Joao Barros,

I use a five year old Thinkpad a20p. My primary OS is FreeBSD 5.4. I dual-boot Windows 2000 Professional to use Microsoft Office and a few other Windows-only apps.

Anonymous said...

I agree with keydet89. IA professionals can't expect "the masses" to comprehend the internal workings of computer networking. Hell, most friends and family who call me with their computer problems think that AV is for business computers and not home users. Dooh!

The masses don't care about security. They just want to turn the computer on and get online without any interruptions. When there are interruptions or sluggish performance, they call some poor sap like me to fix it. It's a vicious cycle.

Joao Barros said...

Like many here I too am called to the rescue by friends and family.
For old computers I'm recommending: Ubuntu Linux
For new computers where no gaming is required, mainly Internet and "homework": get a Mac mini

The common computer user doesn't care about AV, firewall, popups, patches, etc. The system has to be ahead of the user, if the user doesn't know, don't allow it by default: like Richard said ditch Windows.