3. From companies that make education solutions
From researchers that have noticed the
problem
Because everyone knows users are the weakest
link
Because you can’t patch stupid.
But there is a better reason to focus on user
education…many better reasons
4. What assets they are protecting?
What threatens those assets?
What measures can be taken against those
threats?
How can they tell that they are compromised?
How can they tell that they are protected?
How long will any prescription be valid?
In fact, where users are concerned…
5. The following slides were written fifteen years
ago for a presentation at EICAR 2001, they
accompany my paper on virus misinformation
disinformation and myth
The same is true today, maybe even more so, as
today’s, more complex world proves even
harder to describe
Today’s users face more threats, more
dangeous ones, and have even less
understanding of the world around them
6. The Other Virus
There is another virus that was not written in
visual basic, assembler or even C.
This virus does not operate on any hardware or
software platform developed in this century.
This virus has no limits to it’s infectious perfidy,
and it’s payloads are capable of anything!
8. Is the imaginary virus worth
examining?
Not just hoaxes, but three categories of error
Misinformation
(Getting it wrong, plain and simple)
Disinformation
(Lies, exaggeration and practical jokes)
Myth
(The oral tradition meets the silicon wave)
9. The Canon of Misinformation:
“Everyone Knows”
Viruses destroy hardware.
Viruses are written by:
Antivirus companies.
Thirteen year olds.
Spies and agents provocateur.
All system crashes, data loss and mysterious
behavior are caused by viruses.
And. And. And.
10. The Canon of Disinformation
“I heard it through the grapevine”
Urban Legends: Once a strictly oral tradition are
now made both global and nearly instantaneous
by the addition of internetworked personal
computers.
Who creates virus hoaxes?
Who hypes viruses to the press?
How far do these memes reach?
11. The damage done by bad
semantics (jargon and
restricted use)
The confusion of map and territory
(damage equals virus, action equals virus)
Associative confusion
As biological viruses are associated with greater
danger (AIDS, Ebola) computer viruses in general take
on the cachet of that danger.
Extensional relation (actions guided by
language)
12. The Canon of Myth
Popular fiction, movies and television all
portray viruses with a decidedly different
twist.
15. The malware of today is still sometimes a virus,
sometimes a worm, frequently a trojan horse
But the meanings of these terms is still
generally misunderstood by the general public,
and still by at least one person in this hall
So in interest of that person, we will stop and
do a basic taxonomy of malware
16. 'Malware' is an umbrella term used to refer to a
variety of forms of hostile or intrusive
software, including computer viruses, worms,
Trojan horses, ransomware, spyware, adware,
scareware, and other malicious programs. It
can take the form of executable code, scripts,
active content, and other software. Malware is
often disguised as, or embedded in, non-
malicious files. As of 2011 the majority of active
malware threats were worms or Trojans rather
than viruses. (Wikipedia)
17. The term ‘malware’ was first coined in
July,1990 by Yisrael Radai—it means all
malicious or unwanted software.
Although we already had the terms virus
Trojan and worm at the time (along with
others) the word Malware has come to include
all other forms.
The most basic of taxonomy follows, along
with the sources of the names and what they
imply.
18. 6/20/201
5
18Classification
We are not emotionally
prepared to handle the
constant rate of
technological change
New technologies
require new ways of
thinking
A new tool can extend
our reach in many ways
Sometimes, new
technologies have
negative effects mixed
in with their blessings
22. 6/20/2015 22
Classificati
on
A Trojan is a program that hides under a false
pretense
Or
A Trojan is a non replicating malware
Or
A Trojan is a back door to the system
Even Inside this field of study—the word has
three different meanings
23. 6/20/2015 23
Classificati
on
The expert; This particular piece of malware
is a password stealing trojan, delivered by a
downloader connected via a multiple web
redirect using iframe and (ad infinitum)
End user hears: blah blah blah blah blah
End user says: What does this mean? What is
the purpose of this malware?
The expert hears: I am a dummy, ignore me.
26. 6/20/2015 26
Classificati
on
The original computer virus was not located on
a pc
It was not on an apple
It was not on a mini or mainframe
It was not located on computer hardware or
software of any kind
29. 6/20/2015 29
Classificati
on
Elk Cloner: The program with a personality It will get on all
your disks
It will infiltrate your chips
Yes it's Cloner!
It will stick to you like glue
It will modify RAM too
Send in the Cloner!
Written by a 9th grader, named RICH SKRENTA
33. 6/20/2015 33
Classificati
on
How does it get on to the victim’s
computer? (method of access)
What unwanted activities does it perform
on the victim’s computer? (economic
purpose)
How does it technically accomplish its
purpose? (method of accomplishment)
How does it protect itself from being
detected, blocked or removed? (self-
defense)
35. To the end user, the computer is a single,
homogenized unit that is used to connect to the
internet, which is a homogonized place.
To the expert, a computer is a vast galaxy of
hardware, firmware, operating system, drivers,
applications, browser, web apps, scripts BHO’s
and any variety of cloud based computing and
storage elements, a galaxy with as many as a
trillion distinct elements.
Far too complex to describe to anyone in any
depth.
36. The Advanced Persistent Threat is not some
new kind of malware
It is an extended attack that might include all
manner of malware, other hacking skills and
possibly the infiltration of your network by
rogue insiders
It is a term we take from the intelligence
community, and it names any attack that goes
on for a long time with varying techniques
37. The Value of data and the possible
repercussions of insecurity
The nature of internet bad actors and how you
might be a target for many reasons
The nature of vulnerabilities, rather than the
“starring vulnerability” of marketing
The difference between vulnerability, exploit,
and attack—and so many other things
The basics of protection and the need for
continuous education
38. And that, dear listener, is the beginning of
wisdom.