Don't forget our inquirer.rss file is available
|
|
|
Mikko Hypponen: Ban admin rights for all online users
IF HE COULD CHANGE one thing about the design of the world's computer systems, says Mikko Hypponen, chief research officer for Helsinki-based F-Secure, "I would take away administrative rights from all online users." Most wouldn't notice (although those who did would be incandescent with annoyance) and most malware would be stopped from functioning. "It should have been done already."
Hypponen agrees, however, that there would be a price to pay: where would tomorrow's clever programmers come from? He himself got his start alongside his two siblings - "We were all nerds" - by being obsessed with computer games as a teenager, tinkering with the code to make them run faster on his Commodore 64. He still loves games and collects and restores old coin-operated video arcade games as a hobby.
F-Secure is as old as the Internet; Hypponen has been with the company since 1991. He got noticed by the wider world in the early 2000s when he led the team that stopped the Sobig.F worm, and issued early warnings about the Sasser and Storm worms. In 2007, PC World named him one of the 50 most important people on the Web. None of that stopped Twitter from briefly banning him late last year for posting a warning that contained a malware link. The irony: he had actually helped the company secure itself against worms.
The idea of removing administrator rights has, in a sense, already been tried and proven: just look at mobile phones, which Hypponen estimates have been hit by only about 500 virus attacks.
"There are two main reasons why the problems of phones aren't bigger yet," he says. "One, criminals have no reason to invest in porting their attack software to new platforms." They make plenty of money focusing on Windows XP. Once that installed base starts to shrink and they have to port their software, some will likely target mobile phones while others pick later versions of Windows.
"Two, phones have a completely different security model." Manufacturers like Apple, Sony, and Symbian all manage a signing framework; without permission your software won't run. In contrast, anyone can add new software to the Internet at any time - good for tinkerers, bad for making consumers malware targets.
Hypponen believes that malware attacks will increasingly be directed at social networks. Many people think there's nothing of value to steal in their Twitter or Facebook account, but criminals can take advantage of the chains of trust these networks rely on.
"Malware still works best when you combine it with the social aspect and misuse trust," Hypponen says. A web link that leads to an infected site will get a lot more clicks when it's apparently been posted by someone you know and trust. The bigger risk if someone infiltrates your Facebook account, therefore, is that they can impersonate you and destroy your reputation. "These attacks will continue. The amount of users makes them a prime target," he says.
In the physical world, criminals were sometimes caught because they were stupid about spending the proceeds of their crimes. The analogy in cyberspace is the difficulty criminals have in converting stolen credit card numbers into cash.
"It's fascinating to watch how creative the current online criminals are in trying to reroute their money," he says. Lately he's noted a weird merger of auction fraud and credit card fraud, in which the fraudster posts expensive goods for auction - say a brand new laptop. When the auction ends the criminal uses the stolen credit card to buy the laptop as a "gift", and gets the winning bidder to pay him in Western Union, web money, or egold - any more or less anonymous cash mechanism. It never crosses the buyers' minds that they are laundering; they just think they got a really good deal.
"They say if something's too good to be true it usually isn't - on the Internet it never is."
Except for the crooks: online crime pays better and carries far less risk of getting caught and/or punished than its real-world counterpart. International law enforcement was designed for a small number of million-dollar drug deals, not thousands of thousand-dollar deals.
This relative safety from prosecution worries Hypponen: "It's sending a message to potential new online criminals that you're safe, you won't get caught. That's what we're doing by not fighting these criminals." But even if law enforcement had enough resources, "Of the cases we see every single day there's only a fraction of a percent where even we know which continent the attacker is coming from."
Plus, we are vulnerable because our ideas haven't changed fast enough. "The Internet revolution is not that old. Our sense of risk and crime has all grown up in the real world." Someone who steals your car probably lives within 100 miles of you; someone who hits you with a drive-by download from an infected Web site and raids your bank account could be anywhere. "You don't normally have to worry about the criminals in Argentina." Besides, in poorer countries, stealing from stupid, rich, arrogant Westerners may be seen as heroic, like Robin Hood. "It's as if the Internet had given them free plane tickets to anywhere in the world." µ
Share this:
Share
Removing admin rights from internet use is correct in theory, fact and in use. However, most of the so called security industry have avoided making this stick, because they can sell vaslty larger sums when things are_insecure.
The security industry in MS terms should lobby MS to provide a framework that limits some APIs or other structures so they cannot run at elevated rights. Either that or provide a framework where AV software can lock certain processes into a none elevated process.
End users can partially do this today by making a none admin account, and then right clicking on the programs and use 'run as' - and select the none elevated account (its dirty and has limits, but its something the vendors should provide in a more robust way)
But in the end, this chap is correct. People have been running windows as admin forever, and that has been against best practice for years
Like, the system is more secure if Joe User can't install or create executable code, is very strictly prevented from doing so.
However, we can anticipate that leaks will still exist, as they do now, of privilege escalation. And of course there needs to BE an admin who CAN install new software (if you want to), and install patches, etc - unless you trust the system to do that, and software products themselves, or to do it when Joe User says yes as the sole case where he can. In related news, UAC ain't a bad idea.
For instance: if Joe User runs, oh, Adobe Reader, and Adobe Reader installs a software update to itself, does that amount to a security hole?
trust the self professed "expert" who posts on news articles since it's obvious the other one is probably pushing his own agenda for big business. yup. :P
besides, what does it hurt to steal credit card info, if you didn't use it, it's just the credit card companies that lose out cuz if it goes to court andyou prove the info was stolen, it was obviously the credit card companies fault for not having proper security in place AND credit card companies are bigger thieves than the 3rd world county thieves anyways so way to be 3rd world for going after those thieving credit card companies. you are the robin hoods. :) .... ummm, i should mention i don't have any credit cards because they are evil.
if you were actually an expert, you'd see in the description of all those windows patches something to the effect of "users not logged in with elevated privileges are less affected by this vulnerability." so mikko is still right.
and who are people really going to trust, a world-renowned expert on computer security, or a self-professed "expert" who posts on news articles?
Vista/w7 has the move against everything having root, but lo and behold every month a load of fixes that describe 'a flaw was found that allows anybody to elevate rights', and that's just the core of windows, many plugins also have such flaws, so no mikko, if you had any expertise you would know that doesn't work on windows, so go and share your nonsense on youtube or something.
Just another one of the these Grossman post-CIX "Whaa whaa I was on the internet before you" elitist non-articles.
The guy didn't really say what Grossman has spun his words into saying and, quite obviously, malware does not have a simple, "proven on mobile platform" quick "remove admin from the proles" fix.
Sadly Grossman, like many who sneer at new things becaues they think they've seen it all is just out of touch.
"Hypponen agrees, however, that there would be a price to pay: where would tomorrow's clever programmers come from?"
Umm, that's not exactly a small price to pay. Then there's the gobs of legitimate software that comes from one or two person 'shops'--probably the majority of all software made, in fact. Are you *sure* you want to buy all of your software from the likes of Microsoft? You can be sure it'll get a whole lot more expensive.
Unplugging the internet might be just as practical, in the long run.
Great post.
Perhaps I can just add to this that the best way to guard against being ripped off by online sales or auctions of any kind, Craigslist and eBay included—and whether seller or buyer—is to use a *bona fide* online escrow company. Especially for pricier items like antiques, jewelry and autos. Although it does add some cost, it takes the uncertainty out of the transaction, and that’s a small price to pay for peace of mind.
For my money, the best bona fide online escrow (and there seems to be ten fraudulent escrow sites for every bona fide one) is probably Escrow.com (http://escrow.com). In fact, it’s the only one that eBay recommends, and is the only online escrow company that is licensed to provide escrow services all across the United States.
Take care,
Ulf Wolf
figure out how to make a new "user" that only uses the questionable program.
I think the real point of attack for an effective Linux rootkit(or whatever you call it) would be to compromise one or more package manager servers, then you'd have some true fireworks. Not sure how we'd defend against that.
Bookmarked in case I don't know something.
While I'd like to agree with luddite, I don't think he's being fair to Windows users. I've seen far more Mac users "drive-by download" because they've been told by Apple that their computer is virus-proof.
I think a big distinctions with the Linux users are that their OS was designed with security in mind and that (in general) Linux users are more computer savvy.
Seemed to have a good idea, but he never quite connects the M$ monoculture to the "drive-by download" problem. (Give me a Linux example, please?) I think it's true that nearly all the "click on anything" gullible types use Windows and Internet Explorer. The foul culture of M$ promotes both predators and prey.