Have we lost the battle for desktop security?

We hear the warnings everywhere these days. Don't click on links from unknown sources, don't open attachments unless you know their contents, don't friend strangers on Facebook, and so many more. It's safe to say that the average Internet user is more aware of the dangers they face online than they were 10 years ago. But is user education going to be enough?

Threatpost reports that Jeremiah Grossman, CTO of Whitehat Security, believes that we have indeed lost the war for desktop security. Citing a policy that many large-scale and high profile companies are implementing, that every PC should and will be considered compromised, he infers that "the good guys have ceded victory in the desktop security battle." Considering the breadth and scope of the Internet, a statement like that can't be taken lightly. 

It isn't just infected PCs that cause Grossman to throw in the digital towel. He points to a new class of malware that is slowly but surely becoming popular as the real impetus of his statements.

"Botnets are starting to target and infect routers and DSL modems. Scary, and a possible trend. Think about what this could mean. Should this problem become pervasive, it won’t matter if PCs are disinfected, swapped out, or replaced with iPads, the bad guys are still control because they own the network below. They’ll own DNS, the routers in between, and so on. There is effectively little defensive countermeasures to protect home routers and DSL modems, which are not exactly secure to begin with, or detect if they’ve been compromised."

 

Report a problem with article
Previous Story

Borders' Kobo e-reader launches June 17th for $149

Next Story

Australia should introduce R18+ game classification, says EA president

58 Comments

Commenting is disabled on this article.

this article is like saying the war on crime is lost because every city town and village in every country has people breaking the law in some form or fashion.
it's inflammatory at best.
imho, most malware infection is due to out of date software. why people refuse to update their software that's connected to the net is beyond me. it's so easy my mom can do it.

There will ALWAYS be bad stuff out there. However, we currently have a 3-prong setup to help fight 99% of the problems.

1) professional security people and hackers keep working on fixes. (they're already doing this!)
2) end-users need keep their stuff updated. (uh-oh!)
3) end-users need to "stop being dumb" and quit doing bad stuff. (whoops!)

Is the problem the fact that bad stuff exists? NO. "No", because it will ALWAYS be there, so *YOU* have to plan around it. Just like rain will always be wet and fire will always be hot, the Internet will always have a destructive, chaotic force that you need to be aware of.

That why some users almost NEVER have problems with malware or viruses (they know what they are doing), and some users ALWAYS have problems with malware or viruses (they don't understand what they are doing, they are being careless, etc).

With "#1" on the list, there will always be people there to help us (smart people fixing stuff). It is up to the END-USER on whether or not THEY get infected then. Bad computing habits lead to trouble. That is how you "lose" the battle with desktop security.
Security exists. You just have to know how to use it.

News sites love to report how things are getting worse and worse. Worse for who? No me. Not any of my friends. Windows is more secure than ever. We have more GREAT anti-malware tools than ever (Malwarebytes, AVG, Avast, MSE, etc), and our Routers have the best firmware/OS choices ever (Tomato, DD-WRT).

Most of the time, it is simply end-user ignorance or laziness that will get you infected.

What annoys me is… those security issues, they don't appear magically. There's too many people around, looking for issues and possible hacks and they put them to execution. Why!? Why is there so many people out there with bad intentions !?

We haven't lost the battle, I'm going to move to Mac desktops, Mac laptops, Apple portable devices, and Apple routers and switches..... all connected by AppleWiFi and Apple Cat6 cable..... Apple told me this is safe, so I am going to do it! </sarcasim>

Apples are the least secure compared to windows and linux and worst thing about apple is they showcase as if they are most secure, the only security comes to osx is because of base unix system and there is hardly any added major security to it. Generally a mac can be hacked within 2mins as seen in hacking competitions from last 3 years.

I generally hate microsoft products but I admit Windows 7 is really worth the price, its speedier then ubuntu.

Shishant said,
Apples are the least secure compared to windows and linux and worst thing about apple is they showcase as if they are most secure, the only security comes to osx is because of base unix system and there is hardly any added major security to it. Generally a mac can be hacked within 2mins as seen in hacking competitions from last 3 years.

I generally hate microsoft products but I admit Windows 7 is really worth the price, its speedier then ubuntu.

That is pure nonsense. Windows has 1 billion viruses listed and every day there are 70,000 new ones written. Mac has 100 viruses and Linux only 5. So, which one is more secure in reality ?

ilev said,

That is pure nonsense. Windows has 1 billion viruses listed and every day there are 70,000 new ones written. Mac has 100 viruses and Linux only 5. So, which one is more secure in reality ?

last i heard there were more malware targeting *nix than malware targeting macs in the wild.

where did you get your numbers from?

ilev said,

That is pure nonsense. Windows has 1 billion viruses listed and every day there are 70,000 new ones written. Mac has 100 viruses and Linux only 5. So, which one is more secure in reality ?

Billion? More like they jus reached one million last year..... 70,000 a day new? psh please, get some facts first just last year only about 50,000 viruses where found in one year! not day! there is about 700 viruses for Mac, key note these viruses I am listing are not specifically OS viruses, but ANY virus that can run on that specific platform..... right now there is over 1,000 linux viruses.....

Raa said,
Routers and modems becoming infected eh? Aren't we over-reacting a little bit?

i think i agree. i know there was a security issue in DD-WRT (3rd party firmware for your router which i got on all my routers) a while ago BUT it was patched pretty quickly AND it could only potentially infect you if you enabled controlling the router from the internet which is OFF by default (and i never had enabled as it just seems like a potential security risk).

so basically... i am not worried about my routers at all.

as far as my DSL Modem... i ain't no security expert but it would seem unlikely they could infect that since you can't actually tell the modem to execute shady code FROM the internet side of things, right?

We lost the battle because with the techniques we rely on we consider every PC as compromised. That is the key point of this article to which I agree.

This could be easily circumvented by making it a must to establish an encrypted VPN between the Service provider and the end user. I agree, bandwidth might shoot up, but for the moment, its a working and easier approach.

It's a constant battle, but we only lose when we stop caring. Just like in the real world, you can never let your guard down. But with all the warnings and threats, we learn more about how to better protect ourselves in the future. "What doesn't kill you makes you stronger". We'll just have to adapt and adjust accordingly until the next threat comes along.

Blackhat = they guy that attack your system.
Whitehat = they guy that extort you for protect your net.

And sometimes some whitehat guys are also blackhat guys, for example, some antivirus companies are involved in the creation and propagation of some virus.

Thing is, there are hundreds of different models of routers and modems made by dozens of manufacturers. If a vulnerability is found in one particular device, it will only apply to a small percentage of the home networking equipment market. The only way this concept can be real is if someone finds venerabilities for every major brand/model of router/modem there is, which can take months or years to discover all those flaws. Furthermore, modems and routers can be updated (some automatically), so as long as manufacturers keep their devices up to date, I see no real threat here.

Joey H said,
Thing is, there are hundreds of different models of routers and modems made by dozens of manufacturers. If a vulnerability is found in one particular device, it will only apply to a small percentage of the home networking equipment market. The only way this concept can be real is if someone finds venerabilities for every major brand/model of router/modem there is, which can take months or years to discover all those flaws. Furthermore, modems and routers can be updated (some automatically), so as long as manufacturers keep their devices up to date, I see no real threat here.


"there are hundreds of different models of routers" and all are running firmware based on Linux so finding a security hole is child's play.

ilev said,


"there are hundreds of different models of routers" and all are running firmware based on Linux so finding a security hole is child's play.

Not all of them, there are several other operating systems, such as VxWorks that are used. And those that do use Linux are still usually modified pretty heavily, so a flaw in one does not necessarily mean there's a flaw in all.

I dont think we've lost the battle, most security advice is pretty much just common sense.

infecting rounters, is just the next step in the game.

considering computers to be already infected is pretty silly tbh

Colin-uk said,
I dont think we've lost the battle, most security advice is pretty much just common sense.

infecting rounters, is just the next step in the game.

considering computers to be already infected is pretty silly tbh

If the router or switch those computers are connected to is compromised, then that particular set of assets is also likely either compromised or in serious trouble. And with the increase of intelligent router and switch deployments (from the enterprise to the residence), it's a target-rich environment.

Colin-uk said,
I dont think we've lost the battle, most security advice is pretty much just common sense.

infecting rounters, is just the next step in the game.

considering computers to be already infected is pretty silly tbh

Have you read the latest virus report from Microsoft ? 70% of all windows PCs are / were infected.

ilev said,

Have you read the latest virus report from Microsoft ? 70% of all windows PCs are / were infected.

Link? Because I couldn't find any such report.

ilev said,

Ok that is far too long to read through LOL but I did a google search for SIR report breakdown and found this:

Running updated software decreases the attack surface and increases general robustness. The report shows that attackers target Internet Explorer 6 (IE 6) up to four times more often than the newer version IE 7 (pg.33). Statistics on the OS level reveal that the newer versions of Windows are less likely to be infected by malware -- Windows XP SP3 is more than five times better than the original Windows XP, and Windows 7 is another three times better than XP SP3 (pg. 85). In addition, 64-bit implementations add another layer of robustness.

Application attacks continue to increase. Adobe Reader attacks were used in 44 percent of the investigated cases, followed by an attack on a recent Internet Explorer vulnerability with 16 percent. The remaining 40 percent are divided by attacks on the OS and a variety of different software packages, including RealPlayer, Apple QuickTime, and AOL software (pg.26).

Attacks against Microsoft Office make use of older vulnerabilities and can easily be avoided by keeping the software suite up to date. By applying the respective service packs, users can avoid the majority of Office file format attacks (pg. 43).

While Windows 7 (and Vista SP2) are clearly much better than the older versions of Windows, there has been an uptake in the infection rate. Attackers are starting to focus their attention on Windows 7 as it become wider deployed and it will be interesting to see how its performance develops.

Main thing, keep your software upto date and stop using Adobe reader. LOL

We need to turn it off. No internet for me. Goodnight everybody.

Wait... this article is mostly FUD. Never mind. It does cite a reasonable concern, but it is not lights out. Routers and modem makers will have to up their game and provide a path for existing customers to secure their products.

Citing a policy that many large-scale and high profile companies are implementing, that every PC should and will be considered compromised, he infers that "the good guys have ceded victory in the desktop security battle."

Somebody set up us the bomb.

lordcanti86 said,

You have no chance to survive

NESTRAPEZ said,

Please make your time.

Take off every Zig!

Edited by pasty2k2, May 10 2010, 6:16am :