Many of my friends think that I lean towards a “scare them to death” philosophy, when it comes to the Internet. I often get badgered with “friendly” questions such as – “Don’t you ever see anything good about the Internet?” Or, “Don’t you get tired of scaring people with all your talk of the dangers on the Internet?”
Frankly, I find it enormously depressing writing on malware, scareware, Browser exploits, and all the other exploits that continue to threaten our enjoyment of the Internet. Testing and recommending new software, is much more appealing.
But, when all is said and done, I’m left with this question – if I don’t educate my friends, and by extension, my readers, who will?
Just to be clear – there is no doubt that the Internet can provide a rich educational and cultural experience, at a minimum, but at the same time, it is virtually impossible for users not to be exposed to the underbelly of the Internet.
The sad reality is, the majority of computer users are undereducated when it comes to recognizing the dangers, and threats, that the Internet poses to their computers and to their personal privacy. This is a case where, what you don’t know can hurt you – big time!
For this article, rather than me get up on my “the Internet can be a dangerous place” soapbox, one more time, let me offer you two edited comments from readers following recent articles.
The question that arises from both these comments might be – if a technically sophisticated computer user finds navigating the Internet hazardous then, is an average user now essentially at the mercy of cybercriminals?
The first comment is from Mark Schneider, a high level “super user”, who occasionally guest writes on this Blog.
I agree with you about personal responsibility being paramount; even the careful user can get into trouble. My daughter borrowed my old ThinkPad recently – she needed it for doing research for the colleges she’s applying to. Everything seemed fine when I used the machine again.
I did a routine scan and MalwareBytes found 15 Trojans and at least one rootkit. I was not amused, and when I checked the browsing history, virtually every site (she visited), had been an .edu site. I looked into it and found out many .gov and .edu sites have been compromised.
I’ve gone to using “No-scripts” extension with Firefox as well as the usual tools. And frankly, outside an enterprise firewall I’m beginning to question running XP at all anymore. Many applications don’t work well when running as a limited user so, you end up running as admin.
With the number zero day exploits these days, and the state of the Internet, (with the use of JavaScript everywhere), it’s getting tough to stay safe even when following decent security protocols.
I’ve begun test running Open Solaris, in a virtual machine, to do online banking and going to my eBay account. I don’t want to sound paranoid but, Windows users are at risk every time they go online. I think Vista and Windows 7 are more secure than XP if you turn the (much hated) User Account Control to maximum protection, but then people complain about convenience.
Unfortunately convenience and security are two diametrically opposite realities – it’s very difficult to have both while running Windows online in 2009.
Sorry about the rant but I guess I’m a little frustrated as well.
The second comment is from reader RHH who occasionally comments here.
As a recent victim of an infected link on Goggle, and having previously installed the new Panda Cloud anti-malware service, I wonder why Panda could not stop the auto loader malware as the malware certainly was in circulation longer than the 6 minutes Panda touts as their ability to mark a malware and neutralize it. I would add that not even the WOT had marked the infected link as unsafe.
Also, I hope Firefox can give us a way to selectively stop the browser from restoring a session and restarting an infected web site after having shut down a computer.
I also wonder why Goggle cannot get the links in their system screened to prevent, or at least minimize, malware from being passed forward to the users. If Cyveillance Blog can screen and find 250,000+ problem sites, cannot Google do the same and counter attack somehow?
It honestly seems like major players like Google, and others, also have a stake and responsibility to work at getting the malware out of their links before we run into them – no matter how hard we work at avoiding problems.
So what do you think? Has the Internet now reached a critical mass in terms of cybercrime?
If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.
Bill Mullins' Weblog - Tech Thoughts 
Hi Bill,
In answer to your question “Has the Internet now reached a critical mass in terms of cybercrime?” I’d have to say yes, the other comment you used in the article about infected Google links is a great example of how the unsuspecting user can get trapped, without doing anything wrong or stupid ie surfing porn or using file sharing to steal content.
One way to stay somewhat safe is to use a sandbox, I know you’ve covered Sandboxie it’s a great tool, unfortunately it won’t work with 64 bit Vista or Windows 7. The next step is using a virtual machine, using the excellent free Virtual Box from Sun is one example, but that really is a bit much for the average user to do, and even running Linux or other Unix based systems won’t save you from a well crafted phishing attempt.
I think phishing will always be an issue, I do have hope that someone will develop a anti-virus that uses white listing as a way to lock down a computer. It may be a hassle for small developers but we need a trustworthy method of digitally signing to allow legitimate 3rd party apps to be installed but prevent the bad guys from getting in.
So running in a VM works fine for me the new hardware is so amazing its perfectly capable of handling running a virtual machine in the background. Average users need an easier way to be safe, its not right that the average person needs to become a security expert to run Windows, but I’m afraid its the reality we’re faced with.
As always best wishes.
Mark
Hey Mark,
I agree fully, with all of your remarks.
Some time ago, a reader commented that the average person looks upon a computer as an appliance – no more, no less. We, as computer users, are definitely entitled to view a computer in this way. As you say, “it’s not right that the average person needs to become a security expert to run Windows.” Unfortunately, right or wrong, we, as users, are involved in guerrilla warfare with cybercriminals – and the good guys are losing.
As you suggest, running in a sandbox, or on a virtual machine, offers enormous security benefits. Unfortunately, I agree with you, this may be outside the experience of an average user. I also think you’re point on white listing is well made. Black listing doesn’t work very well, while white listing has been shown to offer a much higher degree of safety.
If we allow these unrelenting cybercriminal attacks to continue, the Internet as we know it now, will simply disappear and be replaced by a tightly controlled shadow of what we once knew. We need a well crafted, and well led “call to action” – before it’s too late.
Thanks for your continuing input.
Bill
Pingback: Internet Dangers – Real Life Stories « Bill Mullins' Weblog – Tech … | Problems Resolved
Pingback: Internet Dangers – Real Life Stories « Bill Mullins' Weblog – Tech …
Pingback: Internet Dangers – Real Life Stories « Bill Mullins' Weblog – Tech … « All About Internet
Pingback: Tweets that mention Internet Dangers – Real Life Stories « Bill Mullins’ Weblog – Tech Thoughts -- Topsy.com
Pingback: Internet Dangers – Real Life Stories « Bill Mullins’ Weblog – Tech … « Daily News
Thanks a million, Dr. Bill, for the tip on Configuration Mania, it is now installed here. And thanks for profiling the issues, hopefully some major players, like Google, will listen if the drum beat gets loud enough.
Did you notice in this week’s (Nov. 23rd) Time Magazizne,” Technology Roundtable”, (pg 95), quotes four “Tech-xperts” about the future of technology. All of the gentlemen quoted mentioned something about internet uses they think are hot and upcoming. But none of them made mention of the quagmire the internet is becoming because of malware. Only one of the four mentioned privacy as a concern. If the “experts” don’t recognize the problem, how bad does it have to get before an internet crisis happens? Guess we’ll see eventually.
I notice that almost all the new computers touted this Thanksgiving week by retailers come with AV trial program kits. I certainly hope that buyers can stay on top of their AV programs successfully. It seems, however, like all I hear/read about is the increases in multiple forms of malware that most average users are clueless about. Once “destroy-ware” invades enough new Win7 units we will no doubt hear about the complaints and endless customer service calls.
And, I wonder why the Win7- OS provided units don’t all come with MS Security Essentials (MSSE) preinstalled or at least recommended ? I think it’s laudable that MS has developed MSSE, and I hope it lives up to it’s promises. I fear it has a high wall to climb just to keep up. But at least MS made a decision to defend their customers with something, which is more than folks at Google and elsewhere have apparently even thought about. Conversely, I wonder if the Google chrome OS is their future answer to keeping a user secure and able to use their services? Or will hackers find a way to attack their cloud, and if so, what’s next?
Oh well, Happy Thanksgiving, and an apple cider toast to the great work you do for all of us out here.
Regards, RHH.
Just in physical world web too has safe neighborhoods and some not so safe ones. But the only difference is that it lacks a government, laws, and a police force. I think our key to our safety lies here.
Samantha