Malicious Software is Coming at us from all Angles...
Here's the article:
Report: Adware supplies one third of all malware
http://news.cnet.com/8301-1009_3-10056912-83.html?tag=mncol;posts
"The goal of these attacks is financial gain."
Just think if all of these malicious users actually tried to improve society, or improve the computer eco-system? I know you've heard this before, but it just continues...
"Panda Security reported that Trojan horses account for almost 60 percent of all malware samples analyzed between July and September."
While "we" are pretty good at realizing these hoaxes and we know how to dismiss these bogus pop-up messages, I'm worried about our children and grandparents. It's the older and younger generations that are being taken advantage of in these scenarios. If you have a "family" computer and you use it for your home finances; and your children use the same computer for games and Internet access, they could easily be fooled into thinking they should "fix" the family computer. One of your children could actually be trying to help, and infect the family computer with malicious software. That's what these malware writers are counting on!
Back in the Windows 95 days it was really tough to totally lock down a computer, but malware wasn't a common occurrence and anti-virus did a very good job of protecting the computer. Once the Internet and Windows XP hit the market, the malware became smarter than our computers and users. Now that we've moved to Windows Vista and UAC, we have been able to take back our computers and make better use of them as a tool.
I know it's harder sometimes to assist our family with software installation, but so many of these malicious pieces of software are trying to take advantage of our families uneducated desire to "always help". I look at the removal of local administrator privileges, or at least using UAC as a way to have a conversation before a piece of software is granted local administrator privileges. If all of a sudden I get a UAC request and I don't know why I'm getting it, that's when I really think about what I'm doing. I know there are conflicting opinions on this, but I want to be able to use my computer for business today and tomorrow. If I'm infected with malware today, too much of my work and information is at risk.
Let's have discussions with our family members that don't have our computer backgrounds so that we can help them understand that social engineer exists in the form of malicious software as well. People, Process and Technology. All three are needed to truly protect our assets and information. I know that sometimes it's hard to educate our family members, and there isn't much "process" that can be defined in a home environment, but we can do things to help technology compensate for our more naive users. They only want to help, and they believe that if the computer says there's a problem, the computer should be able to "fix it". Right? Again, that's what the malware writers are counting on.
Bottom line; let's make sure get our families buy in to allow us to reduce their privileges. If we can educate our family enough to understand that the reduction of privileges will protect them from this malicious software, then they will understand that they can safely use their computers without the risk of infection. Every time I've had an open and honest conversation with a less experienced user about how people / software want to take advantage of them, they are usually happy to commit to a plan to ensure they can use their computers for what they want, without exposing them to excessive risk.
At the end of the day, it's not about permissions, it's about ensuring that the "tool" we call a computer is used the way we want to use it.
Until next time!
Rob