Categories

BitTorrent
Conferences
Direct Revenue
Julie Amero
Myspace
Podcasts
Postbag
The Big Ones
The Fourth Wall
Yapbrowser
Zango

Creative Commons License
All articles licensed
under a Creative
Commons License.  








Home | About me | Press | The Fourth Wall | Links

Thursday, November 23, 2006

Paperghost Postbag: Your questions answered

You've got questions? Well, I've got answers, though none of them might actually make any sense. I think I got everything this time round, apart from a question from Random / Random regarding process filtering which I'll be looking at in-depth in the near future. For now, let's get this trainwreck moving...

What's the deal with YapBrowser? I read your last articles in the Archives? Has YapBrowser stopped?

Greg

Ah, Yapbrowser. As far as I'm aware, it's as dead as a dodo. Unless there's a mad crazy rush for child pr0n web-browsers sometime soon I can't see it making a comeback.

Should we all switch to the Opera browser with recent rumors/news of a zero-day exploit in Firefox and cross-domain hijacking in IE6&7? Or am I just being paranoid?

Kimson

To be honest, I'd just keep using whatever you're using on the basis that if someone suddenly finds a hot new exploit in Opera, are you gonna' jump back to Firefox? All you can do is use common sense and keep yourself patched - if someone still nails you after that, chalk it up to bad luck. Then hunt the perpetrator down and nail his face to his feet.

Do you think that the Adware Situation will get worse or better in the next 5 years will Adware win and run Rampant all over the Web or do you think that people like you can win ...

milligansghost

It's already getting better - relatively speaking. Adware vendors are increasingly resorting to spinning their way out of tough situations, or at least hoping they'll go away if people say nothing. The downside is that you'll never see them hold their hands up and say, hey, you know what, we really suck sometimes. Sorry about that. The upside, is that for all the claims of legitimacy you will see over the coming 12 months (as bodies like the FTC and the CDT lay the smackdown), it'll all just go completely tits up for them as researchers continue to find evidence of their web-based stupidity. In five years time, I will have uploaded my brain into a hard drive and placed it into a gigantic Mecha-Droid battle suit and will simply resort to trampling the offices of non-legit Adware vendors. Sure, it's a little more messy than the current procedure but it'll look awesome on your 32 inch HDTV.

Do all adware companies suck?

sayitaintso,moe!

....nice follow up. I'd say 99% of Adware companies do indeed "suck". I like to think of my site as a nice, crude barometer of the current trends. If you're continually showing up here, then you're obviously doing something wrong. If I never mention you, then you've nothing to worry about, right? If you keep showing up here four or five times a day then I'll likely dedicate an entire Subdomain to your idiocy and make your life a living Hell. I'm nice like that.

 Have you seen Borat yet?

 Sister of Paperghost

No.

Do you have any sort of Social Life do you go out to clubs or pubs and meet people ? Im not talking about the types at Antimalware conferences they dont count as people :-P

kaleidoscope eyes

But *I* go to conferences! At any rate, I do plenty of things besides making life a misery for Spy/Ad/Malware guys, but then it depends on your definition of "social life". Do martial arts, movies, painting pictures and writing orchestral scores count as a social life? No? Whaddya' MEAN, no?!? Kicking people in the ribs in Kung Fu is entirely sociable!

Oh well. I have been known to hit the town and paint it red or whatever. Sometimes I like to tap people on the shoulder and look the other way, too. Oh, what jolly japes we have! But only when they let me out of this accursed cage. Curse it! Curse the damn cage.

Which is better, cheetahs or leopards? Discuss. Also, what is the best flavor of ice cream.

mechBgon

Whatever the chick from Thundercats was, is what I'm picking. Also, my ice cream has got to be as sickly, and as packed with chocolate stuff, with crunchy bits, and maybe a dollop of caramel, as possible. If it isn't going to make you cry like a big sissy girl after one mouthful then it's not worth bothering with. I'm a man's man dammit, and I demand mountain climbing with no wires, skiing with no skis and action films with lines like "Let off some steam, Bennett". If my ice cream doesn't match up to that criteria, then it's INTO THE DITCH YOU GO, LITTLE BOY.

....yep, I feel so strongly about my ice cream that I visualise it as a little boy before I throw it into a ditch. It's just more fun that way. Try it.

Shipping with an activated two-way firewall, Windows Defender, a sandboxed browser, and Automagic Updates enabled (including the Malicious Software Pwnage Tool), will Vista be the bad guys' worst nightmare come to life? If so, will the bad guys try harder somehow (social engineering or whatnot), or will they just keep trying to milk the existing base of previous Windows systems for all they're worth?

mechBgon

Vista will help, but (and I say this as someone who hasn't explored Vista in depth yet, so I reserve the right to be horrendously incorrect) from what I've seen, they've tightened up the code but left the biggest door wide open - the one with "Social Engineers Welcome, bring a bottle" on it. Is my operating system "more secure" if it protects me from some obscure code exploit, but happily lets me click some stupid link and get nailed, or has absolutely no capabilities against a crude phising attack? I say no.

They're maybe saving 10% of people that would have been whacked with a code exploit that did little to no harm, but leaving a sizeable portion of the remaining 90% open to all the attacks that would have sliced them up on XP in the first place. I have to ask, this helps how? Users like yourself don't need protecting from the cheap parlour tricks out there - it's that sizeable lump of people that we all know will happily click something, or accept this, or follow an Email link to that. With that in mind, I say the operating system should treat me like an idiot right out of the box. I demand it smack me round and call me it's bitch. Label everything with baby steps, lock it all down, talk to me like I'm a complete neanderthal and punch me in the face if I happen to disagree with something. If my skill level is even slightly beyond that, no sweat, I can bump things up a few notches. It'll take me what, ten seconds? But the rest can stay with their built in antiphish tools (I'm guessing Vista doesn't actually come with one of those - oh well), their sixteen way firewalls and their red spinny thing that goes boing (I'm guessing it does come with one of these. Hooray).

I've never understood why Windows comes wide open by default, and then it's up to some idiot boy end-user to try and lock the mess down, then fail miserably and wonder why he's offering his friends cut-price rates on C14LI$. Surely common sense says it should go the other way, but oh well. I'm sure Vista will help some, but it won't....oh God, I can feel a cliche coming on.....that is to say, I can't see it.........oh no, I can't stop it........how about we just say that....

....oh to Hell with it, look what you made me do now:

THERE IS NO PATCH FOR HUMAN IGNORANCE.

...................blaaaaaaaaaaargh. Okay, now I feel all dirty. That'll require a shower, so I hope you're happy.

I've often wondered this. What can the average joe who can't program his way out of a paper bag do to help? (Aside from switich all his friends relatives, cats, dogs etc. over to FireFox.)

Drunken Sailor

I'd just set up a blog and start moaning about stuff. Hey, it worked for me and I can't program my way out of a paper bag, either. Sure, I know my technical stuff but I keep all that behind the scenes - you very rarely see in depth technical information here because that's not what the site is about. It's about kicking ass and taking names, baby. And it's my humble opinion that we need more asskicking and more nametaking. You'd be surprised just how far down the line some of these random blog posts go, and you don't need to spend any money on getting the word out either. Just start posting things about stuff, and eventually people will start linking to you and spreading your info still further. Short of telling all and sundry to switch to Firefox, security info blogs are the hot new sex of 2006. Now if I could just transfer that into myself and make ME the hot new sex of 2006, we'd be set.

Do you foresee ISPs taking a more active role in getting infected botnet clients off the Internet, or thwarting them somehow?

mechBgon

They absolutely have to. On the basis that everything begins and ends with your ISP in some way, shape or form, we need to start putting pressure on them to start enforcing their Quality of Service, "walling off" continually infected users and shutting suspect traffic down. Yeah, we can perform takedowns (God, I hate that word), chase these idiots round and round, send blind emails to abuse contacts and all the rest of it. But really, get an ISP to kill their Bot traffic and the problem just dies a miserable death. After all, how can the Botherders herd their bots with no bots to herd? The issue is trying to get these companies to take some responsibility for the lunatics making (bad) use of their bandwidth. While we're on that train of thought, here's the Shadowserver Hall of Fame. A good start, but what we really need, is a Hall of SHAME. I'll likely be addressing this to some degree at the upcoming RSA show next year.

How can the bad guys be shut down more quickly and effectively? Like these fake security-alert sites that just keep getting away with it, month after month.

mechBgon

To be honest, I don't think you can ever really "shut them down". If they're so inclined, they'll just keep coming back again and again until someone beats them up or throws them in the slammer. I think the grassroots efforts mentioned in this post are filling a crucial gap that (currently) the law-type guys can't plug on their own. Having said that, many grassroots groups feed in directly to the boys in blue, so it's not really an "us VS them" thing. That'd be cool though. There's this bit in Batman: Year One where he punches some copper through a wall. Through a wall! Awesome.

Sordid law-enforcement-through-a-wall fantasies aside, the only real solution is to either

a) keep playing an endless game of tag with the takedowns and the chasing or
b) accept that you'll never get rid of them, and simply resolve to hook your claws into every aspect of what these people do instead. Monitor it, monitor them, don't make them move around too much, learn every trick they have and then work to negate it as best you can.

There's also option C, which involves finding out where they all live and punch them in the face until they cry. This one gets my vote, but I'll settle for B at a stretch.

Is there a trend by the adware vendors away from the extra-evil stuff that got DirectRevenue driven into the ground?

mechBgon

I'd say so. However, they're learning to balance out what they do with endless amounts of spin and lies so we need to remain vigilant. Also, in some cases the real threat doesn't come from the actual Adware application anymore, but whatever crap happens to be bundled with it at the time. Yapbrowser immediately leaps into my mind and gouges out my eyeballs as an example of that. It's up to the Adware vendors to make sure they know exactly who they're doing business with, or risk a public face-pounding. If they don't like it, too bad. Don't go partnering with kiddy pr0n pushers and there won't be a problem, will there?

When will security-related sites begin routinely talking about the benefit of a non-Administrator-level user account as a safeguard against unwanted software, and as a limiting factor against successful exploits? If this topic got 1/10th the coverage that the use of alternative browsers gets...

mechBgon

I've no idea, but it should definitely be mentioned more on security forums (for example) where people are being told how to clean up their PCs or whatever. I think the biggest problem is the resistance to actually using a limited account - I'm sick of hearing from people who tell me they binned their limited accounts because it was "too much messing around". I agree that simply doing the browser-dance won't cure all the problems - again, all the added Firefox security in the world won't save some poor fool from downloading (then running) an executable on their Admin-level system. But take that poor fool, stick them on a limited account and let them do their worst (or try to). More often than not, it's a completely different story. At this point, I suppose we should blame Microsoft or at least throw some stuff at them. However, if you'd rather give Big Billy Gates some man-hugs instead that's cool too.

One of my employers believes that botnets could take down google. True or false? Or, how many mega-bots would it take?

He also believes that there are botnets set up that jump IRC servers more or less randomly. He isn't that clever with networking, so I expect he doesn't know quite what he is suggesting, but I wonder if there isn't some work out there that you front-liners are finding that attempts to make it more difficult for you to crack the botnets?

Derrill

Theoretically, anything could be taken down by a big enough Net. In practice, you'll find the big boys have more than enough means to protect themselves against most threats. Also, don't forget a major search engine will likely be scraping information we probably can't even begin to imagine so that would give them a bit of an added edge. Curses.

As for Botnets, there's some really clever stuff out there at the moment but a lot of it is just rehashing old ideas. Making sure people can join channels if they're using a certain IRC client, for example...that's quite popular all of a sudden. Encrypted data, password protecting everything....oldies but goodies. The hottest thing at the moment is trying to remove your Botnet from IRC altogether and make it more difficult for those trying to spot rogue traffic - hence, you get people talking about elusive Skype Botnets, or P2P Botnets, or bad guys using Botnet tactics in other mediums to make some money. Again, I'm going to try and work some of this stuff into the RSA show. Failing that, I'll just do a sexy dance.

Okay, let's end with a big heap of random:

are you for real?

Dazed and confused

....yes, dazzlingly so.

Labels:

posted by paperghost at 9:26 AM | Digg it!

All Content © Vitalsecurity.org 2006. The content of this site is entirely the opinion of Paperghost, and is in no way endorsed by FaceTime Communications. In other words - have a problem, come see me.