Trivia Tuesday: Security Nightmares

There's nothing worse than malware, whether it's a virus, a trojan, or just a misbehaving cookie. Yet with all the carnage they've caused, there was a time when most of your worst security nightmares were science fiction, the domain of theoretical science, or just a harmless prank from AOL. Boy, have things changed...

Phishing scams: Phishing is one of the oldest and simplest tricks in the book. It’s also one of the most effective, since it doesn’t depend on any fancy coding tricks to burrow into your OS, or even getting you to install malicious software. Anyone who’s spent 15 minutes online has seen it – cybercriminals ‘baiting’ their prey with everything from poorly worded spam emails to spoofed websites that could fool a pro, hoping to steal as much information as they can, or just earn a quick buck.

The Nigerian 419 scam is older than Nigeria itself. Actually, it's been around since the 19th century (the 1588 date given by some sources is probably poppycock), when scammers posed as political prisoners of Spain in an attempt to separate their would-be victims from their hard earned cash

Phishing is probably as old as the internet itself, and even older if you count its spiritual predecessors. Like almost any crime, it’s a little hard to trace it down to its origins, but phishing probably started out as a fairly benign prank, a trend you’ll start to notice is pretty common in the cybersecurity field. Regardless, it’s been pretty successful at its malevolent task, and at being a real PITA for the rest of us.

Viral Shock: Believe it or not, for the first 30 or 40 years of computing, viruses were strictly the domain of science fiction (the term supposedly originates from David Gerrold’s When HARLIE Was One). The first computer virus to attack outside of a controlled environment was a fairly harmless little program (there’s that trend again) called Elk Cloner (the program with a personality!) that infected Apple II computers through infected floppy disks - this was in 1982, by the way, so it was pretty cutting edge. Lots of folks were still using cassettes in those days.

If you think DRM is bad, be glad that you (hopefully) weren't around for (C)Brain, a DOS virus written by two Pakistani developers to punish anyone dumb enough to pirate their software

The real nightmare started in the ‘90s. As you can imagine, the damage caused by viruses that relied on floppies for transmission was fairly minimal, but the internet opened the floodgates on an unsuspecting world. Some of the most horrifying threats turned out to be a lot of hot air (cough Michelangelo cough), while others, like CIH, turned thousands of computers into coffee tables. And it wasn’t just Windows PCs that were hit; viruses like INIT 1984 and SevenDust hit Macs, while Bliss and Staog took Linux head on.

Trustworthy Computing:  In 2002, seeing the damage that was being done to their users and to their brand, Microsoft decided that it was time to strike back against the bad guys. Famously, Bill Gates sent out his Trustworthy Computing memo, urging Microsoft to build an operating system who's security was 'as reliable as the electricity that powers our homes and businesses today.' Some of the goals outlined in that memo were achieved right away, while they're still working on others to this day. Regardless of their strides in OS security over the last ten years, Microsoft's security practices have still been blasted by their, ahem, competitors.

Microsoft has tried some interesting tactics to try and keep PCs secure, including offering the BlueHat Prize to reward innovative security ideas

The Future: Technology tends to get more sophisticated with time (even if it gets simpler on the surface), and security threats are no different. The trojans, worms, and viruses of today are a lot more complicated than the trojans, worms, and viruses of 10 years ago, but so are the programs that guard against them. Thanks to a lot of hard work, computers are a lot more secure than they used to be, but the battle is far from won. Over the next 10 years, don’t be surprised to see cyberwar get even more heated, and keep an eye on your mobile devices, too. Security experts have been sending dire warnings of the impending mobile apocalypse for the last few years now, and they might even eventually get it right.

Android might be the most visible target for mobile malware these days, but Symbian was once a favorite punching-bag for hackers

Images via Apple II History, IPKonfig, and MicrosoftO
Username and Password Image by Shutterstock

Previous Trivia Tuesday articles
Got ideas for future Trivia Tuesday articles? Let us know in the comments section below!

Report a problem with article
Previous Story

Image reveals Nokia 'Atlas' for Verizon - is this the Lumia 822?

Next Story

More detailed iPad Mini images appear online

7 Comments

Commenting is disabled on this article.

At this point, the weakest link is the user and that will probably never change (until we get an AI OS). Windows is fairly hardened against 0-days, the two main automated ways to get into the the OS, which is typically done through the browser and browser plug-ins, is to insert code and execute it, which is blocked with DEP, and to disable DEP then do as previously mentioned, which is blocked by ASLR. Previously, IE could still be vulnerable if malware requested that it load a .DLL which did not use ASLR, but in Windows 8 (and there is an update for Windows 7, coming or already released, I'm not certain.), ASLR is forced on for every library IE loads. IE is also sandboxed and the sandbox can be made even more hardened by enabling IE10's enhanced protected mode, so even if malware bypasses DEP and ASLR, which is rare and difficult, but not unheard of, it faces another very hard to cross barrier. Malware stranded in IE's regular sandbox can read the user account and user registry, but can not write to it, so it can still steal data, but malware stranded in IE10's enhanced protected mode can not even read anything. Chrome is also sandboxed better than IE's protected mode, but not as good as IE10's enhanced protected mode, but FF is not, though it and any other program can be sandboxed with 3rd party tools like sandboxie and chml.

So, basically, the big worry is what the user is tricked into downloading and running, and unfortunately there is little that can fix this. But this is one reason why I think metro apps are a great thing, they are strictly sandboxed, and controlled. It's unlikely malware will get into the app store, and if it does, it will not be able to read or write to the user data areas. While a lot of apps can not be metro-fied, many simple utilities like email checkers, and calendars, and so on can be, which means users can get them and run them securely, versus fetching apps from random web sources where there is no security. This could potentially greatly increase productivity for people who do so, since they should have fewer security issues.

Nobody can tell what the future holds, but perhaps things are falling into place to put malware in check, and allow average newb-ish users to not live in fear and misery just because they want to use their computers.

I still find the whole android thing hard to believe. We battled this on windows, on android its even easier to see what permissions an app runs and decide whether its safe or not. Though, i think theres a simple fix, google with their vast riches could start an app review process, not the automated one, a one by one by hand inspection.

Beyond Godlike said,
I still find the whole android thing hard to believe. We battled this on windows, on android its even easier to see what permissions an app runs and decide whether its safe or not. Though, i think theres a simple fix, google with their vast riches could start an app review process, not the automated one, a one by one by hand inspection.

Might be easier to see, you know what it means.
You think your mom, grandpa, other relatives or computer illiterate people in your surrounding even bother reading it or caring what it requests?
Have you even paid attention into how much malware even made it into the Google Play store and some even stayed there for days if not weeks?

Google could copy Microsoft, its approval system for WinRT/WP8 is a great tool which will take out most issues and problems since the WinRT system/platform is build around the security, and not vice-verse as it is with pretty much everything else.

I always find the Trivia Tuesdays interesting, but I wish this article covered more highlights - like "Melissa" and "I love you", but still, this was a good read.

Pwrmad said,
I always find the Trivia Tuesdays interesting, but I wish this article covered more highlights - like "Melissa" and "I love you", but still, this was a good read.

Sometimes there's just too much ground to cover But I'll definitely see what I can do.