Upload
issa-la
View
39
Download
2
Tags:
Embed Size (px)
Citation preview
From companies that make education solutions
From researchers that have noticed the problem
Because everyone knows users are the weakest link
Because you can’t patch stupid.
But there is a better reason to focus on user education…many better reasons
What assets they are protecting?
What threatens those assets?
What measures can be taken against those threats?
How can they tell that they are compromised?
How can they tell that they are protected?
How long will any prescription be valid?
In fact, where users are concerned…
The following slides were written fifteen years ago for a presentation at EICAR 2001, they accompany my paper on virus misinformation disinformation and myth
The same is true today, maybe even more so, as today’s, more complex world proves even harder to describe
Today’s users face more threats, more dangeous ones, and have even less understanding of the world around them
The Other Virus
There is another virus that was not written in visual basic, assembler or even C.
This virus does not operate on any hardware or software platform developed in this century.
This virus has no limits to it’s infectious perfidy, and it’s payloads are capable of anything!
Is the imaginary virus worth examining?
Not just hoaxes, but three categories of error
Misinformation
(Getting it wrong, plain and simple)
Disinformation
(Lies, exaggeration and practical jokes)
Myth
(The oral tradition meets the silicon wave)
The Canon of Misinformation:“Everyone Knows”
Viruses destroy hardware.
Viruses are written by: Antivirus companies.
Thirteen year olds.
Spies and agents provocateur.
All system crashes, data loss and mysterious behavior are caused by viruses.
And. And. And.
The Canon of Disinformation“I heard it through the grapevine”
Urban Legends: Once a strictly oral tradition are now made both global and nearly instantaneousby the addition of internetworked personal computers.
Who creates virus hoaxes?
Who hypes viruses to the press?
How far do these memes reach?
The damage done by bad semantics (jargon and restricted use)
The confusion of map and territory
(damage equals virus, action equals virus)
Associative confusion
As biological viruses are associated with greater danger (AIDS, Ebola) computer viruses in general take on the cachet of that danger.
Extensional relation (actions guided by language)
The Canon of Myth
Popular fiction, movies and television all portray viruses with a decidedly different twist.
The malware of today is still sometimes a virus, sometimes a worm, frequently a trojan horse
But the meanings of these terms is still generally misunderstood by the general public, and still by at least one person in this hall
So in interest of that person, we will stop and do a basic taxonomy of malware
'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. It can take the form of executable code, scripts, active content, and other software. Malware is often disguised as, or embedded in, non-malicious files. As of 2011 the majority of active malware threats were worms or Trojans rather than viruses. (Wikipedia)
The term ‘malware’ was first coined in July,1990 by Yisrael Radai—it means all malicious or unwanted software.
Although we already had the terms virus Trojan and worm at the time (along with others) the word Malware has come to include all other forms.
The most basic of taxonomy follows, along with the sources of the names and what they imply.
6/20/2015
18Classification
We are not emotionally prepared to handle the constant rate of technological change
New technologies require new ways of thinking
A new tool can extend our reach in many ways
Sometimes, new technologies have negative effects mixed in with their blessings
6/20/2015 22Classificati
on
A Trojan is a program that hides under a false pretense Or
A Trojan is a non replicating malware Or
A Trojan is a back door to the system
Even Inside this field of study—the word has three different meanings
6/20/2015 23Classificati
on
The expert; This particular piece of malwareis a password stealing trojan, delivered by a downloader connected via a multiple web redirect using iframe and (ad infinitum)
End user hears: blah blah blah blah blah
End user says: What does this mean? What is the purpose of this malware?
The expert hears: I am a dummy, ignore me.
6/20/2015 26Classificati
on
The original computer virus was not located on a pc
It was not on an apple
It was not on a mini or mainframe
It was not located on computer hardware or software of any kind
6/20/2015 29Classificati
on
Elk Cloner: The program with a personality It will get on all
your disks It will infiltrate your chips
Yes it's Cloner! It will stick to you like glue
It will modify RAM too
Send in the Cloner!
Written by a 9th grader, named RICH SKRENTA
6/20/2015 32Classificati
on
Sometimes getting too close to an object obscures It’s place in the greater scheme…
6/20/2015 33Classificati
on
How does it get on to the victim’s computer? (method of access)
What unwanted activities does it perform on the victim’s computer? (economic purpose)
How does it technically accomplish its purpose? (method of accomplishment)
How does it protect itself from being detected, blocked or removed? (self-defense)
6/20/2015 34Classificati
on
Is this already too complicated for the end user to understand?
Can we fix that?
Do we want to?
To the end user, the computer is a single, homogenized unit that is used to connect to the internet, which is a homogonized place.
To the expert, a computer is a vast galaxy of hardware, firmware, operating system, drivers, applications, browser, web apps, scripts BHO’s and any variety of cloud based computing and storage elements, a galaxy with as many as a trillion distinct elements.
Far too complex to describe to anyone in any depth.
The Advanced Persistent Threat is not some new kind of malware
It is an extended attack that might include all manner of malware, other hacking skills and possibly the infiltration of your network by rogue insiders
It is a term we take from the intelligence community, and it names any attack that goes on for a long time with varying techniques
The Value of data and the possible repercussions of insecurity
The nature of internet bad actors and how you might be a target for many reasons
The nature of vulnerabilities, rather than the “starring vulnerability” of marketing
The difference between vulnerability, exploit, and attack—and so many other things
The basics of protection and the need for continuous education