A Revolution is the Solution
It's the same. The same companies have kept the same practices. The FTC is still levying the same, inadequate fines, and people are still screaming.
The bad guys are, technologically two steps ahead of the good guys and we're all still REACTING to what they do. People have yet to find a decent proactive way to combat any of our current fun, fun, friends.
The good news, is that it seems as if people are becoming more aware. Even the least tech savvy person I know, understands that things on the web exist that they don't want. And that they need to do...something, lest they their computer be invaded.
Things have to change, there's no doubt about it. The question still remains, how do we change them and still remain within the confines of lawfully pursuing wrong doers?
I for one think the battle is ever so slowly beginning to shift towards the better for users.
Meaning they are less at risk than in previuos years. There are very few raging-round-the-globe type of infections anymore. Yes, partially because malware authors have changed their modui operandi, but I thnk this is as much a result of them looking to remain under the radar as it is from the chance of them being found out sooner is greater.
With all the amount of publicity these scumbags get, and as quickly as they get it thru blogs, websites, security vendors and mainstream media they need to always be changing and evolving. I feel this is because they know as soon as they slow for a second, the sec com will be all over their asses.
The more people we have like PG and others the better.
Education by saturation. Post the info in enough places, everyone will get it.
If we're discussing adware and spyware, then I don't agree with this:
"People have yet to find a decent proactive way to combat any of our current fun, fun, friends."
A non-Admin user account is a practical, proactive way to prevent unwanted software. On WinXP Professional Edition, you can also add a Software Restriction Policy set to Disallowed-by-default mode for further protection.
Low-rights accounts are effective against spyware/adware, there's no performance hit, they don't rely on signature updates, and they've been around since WindowsNT days, so it's not as if this is some new revelation. Look no further than Windows Vista's low-rights approach for evidence that this best practice's time has come for mainstream adoption.
Naturally, it's still smart to use a layered defense that includes fully-enabled Data Execution Prevention, current-generation antivirus software, a firewall, patching ALL installed software, user education, and avoiding risk as much as practical.
I agree it is! Problem is, that few run with such rights enabled. Worse yet? Several software programs require administrator access to the system to function properly.
While there ARE ways around even these limitations, it is putting more requirements on end user knowledge and that means that this is STILL not an effective way to combat most malware.
And even if all systems (as Mac and Unix wisely do) come with accounts set to a lower level of security...we're still faced with many, many, many people who just (happily) click every prompt they're presented with.
While I believe that this year has been a big step up for people understanding that threats exist and that they need to do SOMETHING, solutions that rely on and require the end user to make the correct choices is still flawed, why? Because of the still existing lack of end user knowledge on the latest threats and how they disguise/present themselves.
Will 2007 be worse Re Pc security I’m sorry to say Yes it will,
Despite the Massive efforts of PG and his friends the increase in Computer Use in the 3’d world will spawn 1000’s items of new Malware and a Upsurge in the level of the older infections this will cause internet Nodes to Collapse,
This plus the Number of Terrorist Hacker Crews, in some cases Government Sponsored which will start what in effect be a Internet War Between Clashing Cultures, the Net is fast becoming a New war zone and this will continue …
Personally I would have say it is the same/worse and this wont change for a long time.
The problem is the end user, mr joe average doesnt care about security, doesnt read blogs, websites or news about IT security.
They dont understand that having to log out and back in as another user to install programs is a good idea, they just see it as a hassle.
They dont read warning messages that popup, thewy just click the first thing that allows them to get what they were after.
Until there is a massive change in an end users perception of IT and the security of IT, I dont think we will ever get past the problem of malware infected PC's.
The Problem with End users is that PC Training is Spotty at best Missing at worse, And a lot of people dont even bother with Simple precautions I spoke to an American on a Chatroom 2 days ago who was Complaining about his PC and the Virus/hacking problems he had, When i asked about his Firewall He Said Why would i need one of those im on XP PRO!!!!
I think end user involvement got better actually. There were more and more companies, ISPs, and individuals that took it upon themselves to take the message to the end user.
It's just the nature of the beast that the security industry will always fall behind the hackers, the only real way to make a dent in this is to have an educated public. I think more and more people are beginning to see that.
I think alot of things happened in the hacker arena in 2006 that will force changes in the security space as far detection methods, suites being sold, etc. Alot of incidents had security companies stepping back and saying "Whoa, OK this wont work anymore, time to rethink our approach".
06 was a banner year for finally seeing legal action being taken against malware companies.
Commenting by HaloScan
