39
By David Perry

Healthcare forum perry-david m-everything you know is wrong!

  • Upload
    issa-la

  • View
    39

  • Download
    2

Embed Size (px)

Citation preview

By David Perry

From companies that make education solutions

From researchers that have noticed the problem

Because everyone knows users are the weakest link

Because you can’t patch stupid.

But there is a better reason to focus on user education…many better reasons

What assets they are protecting?

What threatens those assets?

What measures can be taken against those threats?

How can they tell that they are compromised?

How can they tell that they are protected?

How long will any prescription be valid?

In fact, where users are concerned…

The following slides were written fifteen years ago for a presentation at EICAR 2001, they accompany my paper on virus misinformation disinformation and myth

The same is true today, maybe even more so, as today’s, more complex world proves even harder to describe

Today’s users face more threats, more dangeous ones, and have even less understanding of the world around them

The Other Virus

There is another virus that was not written in visual basic, assembler or even C.

This virus does not operate on any hardware or software platform developed in this century.

This virus has no limits to it’s infectious perfidy, and it’s payloads are capable of anything!

This virus is…..

Is the imaginary virus worth examining?

Not just hoaxes, but three categories of error

Misinformation

(Getting it wrong, plain and simple)

Disinformation

(Lies, exaggeration and practical jokes)

Myth

(The oral tradition meets the silicon wave)

The Canon of Misinformation:“Everyone Knows”

Viruses destroy hardware.

Viruses are written by: Antivirus companies.

Thirteen year olds.

Spies and agents provocateur.

All system crashes, data loss and mysterious behavior are caused by viruses.

And. And. And.

The Canon of Disinformation“I heard it through the grapevine”

Urban Legends: Once a strictly oral tradition are now made both global and nearly instantaneousby the addition of internetworked personal computers.

Who creates virus hoaxes?

Who hypes viruses to the press?

How far do these memes reach?

The damage done by bad semantics (jargon and restricted use)

The confusion of map and territory

(damage equals virus, action equals virus)

Associative confusion

As biological viruses are associated with greater danger (AIDS, Ebola) computer viruses in general take on the cachet of that danger.

Extensional relation (actions guided by language)

The Canon of Myth

Popular fiction, movies and television all portray viruses with a decidedly different twist.

Viruses always have animated GUI’s

Viruses Crash Alien Spacecraft!

The malware of today is still sometimes a virus, sometimes a worm, frequently a trojan horse

But the meanings of these terms is still generally misunderstood by the general public, and still by at least one person in this hall

So in interest of that person, we will stop and do a basic taxonomy of malware

'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. It can take the form of executable code, scripts, active content, and other software. Malware is often disguised as, or embedded in, non-malicious files. As of 2011 the majority of active malware threats were worms or Trojans rather than viruses. (Wikipedia)

The term ‘malware’ was first coined in July,1990 by Yisrael Radai—it means all malicious or unwanted software.

Although we already had the terms virus Trojan and worm at the time (along with others) the word Malware has come to include all other forms.

The most basic of taxonomy follows, along with the sources of the names and what they imply.

6/20/2015

18Classification

We are not emotionally prepared to handle the constant rate of technological change

New technologies require new ways of thinking

A new tool can extend our reach in many ways

Sometimes, new technologies have negative effects mixed in with their blessings

6/20/2015

Patterns and language and perspective=taxonomy

6/20/2015 20Classificati

on

6/20/2015 21Classificati

on

6/20/2015 22Classificati

on

A Trojan is a program that hides under a false pretense Or

A Trojan is a non replicating malware Or

A Trojan is a back door to the system

Even Inside this field of study—the word has three different meanings

6/20/2015 23Classificati

on

The expert; This particular piece of malwareis a password stealing trojan, delivered by a downloader connected via a multiple web redirect using iframe and (ad infinitum)

End user hears: blah blah blah blah blah

End user says: What does this mean? What is the purpose of this malware?

The expert hears: I am a dummy, ignore me.

6/20/2015 24Classificati

on

6/20/2015

An example of teaching the basics...

6/20/2015 26Classificati

on

The original computer virus was not located on a pc

It was not on an apple

It was not on a mini or mainframe

It was not located on computer hardware or software of any kind

6/20/2015

27Classification

It was in a work of fiction!

6/20/2015 28Classificati

on

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

6/20/2015 29Classificati

on

Elk Cloner: The program with a personality It will get on all

your disks It will infiltrate your chips

Yes it's Cloner! It will stick to you like glue

It will modify RAM too

Send in the Cloner!

Written by a 9th grader, named RICH SKRENTA

6/20/2015 30Classificati

on

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

6/20/2015 31Classificati

on

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line

6/20/2015 32Classificati

on

Sometimes getting too close to an object obscures It’s place in the greater scheme…

6/20/2015 33Classificati

on

How does it get on to the victim’s computer? (method of access)

What unwanted activities does it perform on the victim’s computer? (economic purpose)

How does it technically accomplish its purpose? (method of accomplishment)

How does it protect itself from being detected, blocked or removed? (self-defense)

6/20/2015 34Classificati

on

Is this already too complicated for the end user to understand?

Can we fix that?

Do we want to?

To the end user, the computer is a single, homogenized unit that is used to connect to the internet, which is a homogonized place.

To the expert, a computer is a vast galaxy of hardware, firmware, operating system, drivers, applications, browser, web apps, scripts BHO’s and any variety of cloud based computing and storage elements, a galaxy with as many as a trillion distinct elements.

Far too complex to describe to anyone in any depth.

The Advanced Persistent Threat is not some new kind of malware

It is an extended attack that might include all manner of malware, other hacking skills and possibly the infiltration of your network by rogue insiders

It is a term we take from the intelligence community, and it names any attack that goes on for a long time with varying techniques

The Value of data and the possible repercussions of insecurity

The nature of internet bad actors and how you might be a target for many reasons

The nature of vulnerabilities, rather than the “starring vulnerability” of marketing

The difference between vulnerability, exploit, and attack—and so many other things

The basics of protection and the need for continuous education

And that, dear listener, is the beginning of wisdom.

6/20/2015 39Classificati

on