[TUTORIAL] Basic Computer Security [8]steemCreated with Sketch.

in #technology7 years ago (edited)


PC.png


Let’s continue with the series, so we are now talking about applications and the application space, since we have pretty much covered all other issues in the previous parts.


Read the previous episodes if you have just tuned in:



ransomware-2321665_1280.png

ANTI-VIRUSES

I didn’t want to make this part initially since I thought the answer would be obvious, but it looks like it isn’t to most people. Many people are stuck in a wrong mentality, I even see people taking about what are the best antiviruses on Bitcointalk, as if that would keep their cryptocurrency holdings safe from a sophisticated hacker. Yet nobody asks the fundamental question, is the strategy at all working?

I am talking about this “cat & mouse game”, you have a mouse, you send out a cat to eat it, problem done. Then another mouse appears, so you send out the cat again and again and again. The mouses just keep coming, the house isn’t any clearner, and the cat justifies it’s existence this way.

It’s the same with the “police & criminals game”. You have the police that goes out and catches criminals. The number of criminals doesn’t end, they just keep comin’, and the police has pretty much secured it’s job for eternity.

Same with the antivirus makers, the viruses and exploits keep popping up, they have a great reason to sell their products, but the computer users aren’t any safer, so it becomes a permanent game of “cat & mouse game”, while they make a lot of money. So the computer viruses don’t go away, they just keep comin like mouses in an old house.


The Issue

The real big issue is that the antivirus software has almost omnipotent power over the PC. So it has admin access and it sniffs through the entire computer for potential viruses.

Now this alone should be a red flag. This is a huge privacy concern, especially with closed-source antivirus softwares, like most of them are. I mean sure they keep their source closed so hackers can’t figure out the tactics that the AV uses in order to sneak in a virus exploiting a vulnerability.

But still what if the AV is a spyware? I mean we have dozens of allegations about certain AV products working tightly with Governments to spy on people.

So closed source AV should be off the table, so we are left with a few open source ones, now that eliminates the possibility of being a spyware, but it decreases it’s efficiency as well.

  • 1) So we either have a secretive AV allegedly helping catch viruses, but potentially being a spyware, or even a malware itself.
  • 2) Or we have a transparent AV which will not be a spyware, but will have it’s potential drastically lowered since any hacker can just look into it’s code and find a loophole around it to sneak in their malware in a PC using that AV.

So these are the only options we have, even if you would stick with option 1, and let’s say for the sake of the example that the company that makes it is totally trustworthy, like if your uncle runs it, even then there is still another problem:

  • Any sophisticated malware would target the AV software itself!

I mean think about it, the AV has omnipotent control over the PC, and access to all data on it. What better target there is than the AV software itself. Once a sophisticated hacker has hacked the AV itself, it would literally sneak in it’s dirty malware undetected and the user would have no idea. The user would have a false sense of security that their AV is protecting them, when in fact it might have been hacked and stealthy malware is being injected into the PC.

So even if your AV is effective and trustworthy, it’s not perfect and if a sophisticated hacker can hack it, it would totally compromize the entire computer, without the user’s knowledge. But it's probably neither effective nor trustworthy, so it's even worse.

This also applies to option 2, in fact that AV might even get compromized much easier. I mean at least the closed-source AV software makers at least put some work into obfuscating their code, not just for some additional security but to keep it away from competitors reverse-engineering their product.

So it doesn’t even matter whether it’s open-source or closed-source, the entire strategy stinks.



computer-1446109_1280.jpg


Faulty by Design

It’s faulty by design. The entire strategy stinks. It’s like the example I told above with the cops & criminals. What if the cops become the criminals, who is going to protect people from them?

So you can see the entire concept of policing is faulty. Not just out there, but also in the computer world.

So while the AV manufacturers are making a lot of money, they barely help users with this problem.

Now I am not saying that the AV companies are totally useless, they do other things too, like researching bugs in software, operating system kernels, and most of the time they are reporting most of them. Plus they also provide other services too like firewall tools, routers, access control, and analysis of the PC. So that is useful.

However their AV products are not, in my opinion. It not just that it’s useless, but really offers people a false sense of security and leads them away from actual solutions.


Changing Behavior

Now what would people do if they would find out that their AV software is useless, how they would change their computing behavior?

Well they would be more responsible of course, there is a few things that everyone could do right now, that would already minimize their risk of infection like:

  • Blocking/Filtering Javascript
  • Access control, don’t allow untrusted apps from running
  • Using only open source software, possibly compiled from source
  • Downloading software only from trusted repositories with GPG key verification
  • Strong admin password
  • VM technique described in previous articles
  • Basically following every point that I described in this series, would literally decrease your threat level drastically
  • And other stuff that I will talk about later in this episodes

Just simple things that everyone can do. Just use your brain, it’s just survival instincts, if you are in the woods and you hear a sound, what is your first instinct? Or if you find an unknown berry in the woods, is your first instinct to eat it, or do you think it’s potentially poisonous?

So the same survival instincts should apply in the digital world too, it’s a dangerous world either way, so people have to be smart about their computer security practices.

Don’t rely on others to save you from bad stuff, be prepared by your own, you can only count on your own skills and preparation in the end.


Sources:

Upvote, ReSteem & bluebutton


#security #malware #virus #philosophy
7 years ago in #technology by
$2.58
  • Past Payouts $2.58, 0.00 TRX
  • - Author $2.07, 0.00 TRX
  • - Curators $0.51, 0.00 TRX
34 votes
Reply 1
Sort:  
  • Trending
    • [-]
     7 years ago 

    Congratulations @profitgenerator! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

    You published 4 posts in one day

    Click on any badge to view your own Board of Honor on SteemitBoard.
    For more information about SteemitBoard, click here

    If you no longer want to receive notifications, reply to this comment with the word STOP

    By upvoting this notification, you can help all Steemit users. Learn how here!

    $0.00
      1 vote
      • and 1 more
      Reply

      Coin Marketplace

      STEEM 0.29
      TRX 0.12
      JST 0.032
      BTC 62349.28
      ETH 3026.88
      USDT 1.00
      SBD 3.67