Today every user who has Internet access runs a risk of being attacked or private data disclosure, and depending of his Internet usage pattern, many and many users will become either bot-net part for spammers, or will be attacked by trojans and worms. And unfortunately most of these risks and damages are satellites for everyone. Sure, we are armed with many solutions: spyware and rootkit cleaners, anti-viral software, many protectors and firewalls... but often it cannot help and viral software starts to carry out its destructive mission on your computer. Please, note, I'm not saying these excellent programs cannot do everything to protect your computer from harmful invasion... There is one more factor that should be considered. It is human psychology. The purpose of this article is to show and evolve a new view at the concept of defending viral attacks from the angle of software decisions. Why existing solutions are inefficient: social aspects Yes, I know that each manufacturer of anti-viral software, for example, can describe hundreds of thousands success stories. And I agree with that. Really, it helps if you are already infected. But such products cannot decrease your risks; in fact almost all solutions, which struggle against viral software, imagine that from technical view, not taking into account that viral epidemics roots are social. Yes, excellent engineers work every minute to find new paths of viral software migration and stop it. Each second leading anti-viral and anti-spyware and other "anti-" software vendors provide new and new updates. Thousands and thousands programmers solve security holes continuously. But it will not help you to remove all risks. It will help you to kill viral software from your computer, right? Just take a look on the following example: user John found a certain site www.interested-go.com. He found such description "there is good and free software that helps you to manage your budget!", or "please, download our excellent new game!" or even "download now nice fish aquarium! It is absolutely free!" John visits this site first time; and by default he optimistically trusts to www.interested-go.com. Unfortunately, this site was designed for "crime" activity... or it was hacked and only few links were added with viral content. The description of trojan is so nice and sweet... and John decides to get that fishes (or such PIM, or game). What do you think any "anti" software will stop John? Sure, NO! John will try to download and install that fishes (or game, etc). Anti-viral software will try to block him... and what John will do? Really, he will stop anti-virus and will try again. No, John does not like to re-install Windows; but he wants that program and there are no technical ways to stop him. And it says nothing about John's intellectual qualities... It is just usual human perception of virtual threat. People don't take it so serious often. There is one more important fact in favour of alternative approach to safety providing. Not all users update their antivirus software continuously. Sometimes this action gets the lowest priority for a user and antiviral database stays out of date... Another example is trojan or spyware that use mail contact list and send email with different harmful content. And if you get a letter from a friend what would you do? Even in case it looks little strange and suspicious in 2 cases of 3 you will trust it and open it. Some meticulous will contact a friend with another email and ask: "Hey, Mary, did you really sent me content from Apr, 1?" But it is not usual practice, right? Let's return to John's example. So he receives an e-mail from Mary sent by a trojan program. Again, such "anti-" will rename attachment and produce a lot of warnings... but be sure, it will not stop John. Just because he wants to see the information and trusts Mary. So he will struggle against all barriers made by antiviral software, and as result he wins and looses his' data at one time. Sure, you can remember dozens of similar examples. I also have seen it many times. At technical slang it is named "Mice cries, being pricked, but continues to eat a cactus". Let user decide: bad idea As you can see, ordinary users (not specialized in IT) as John and his friend Mary need some other software, which knows about psychological nuances described. This new-kind software should provide functions like: * Defeating all attacks, * Act without numeric annoying blocker dialogs, * Provide way to "undo" John's rash actions. You can tell me: it is not possible! In technical manner it is crazy, mutual exclusive requirements, right? But it is quite possible. But we need to understand - how to do this. In fact, the psychological aspects prevent technical ways to make a silver bullet; but software vendors are looking for ways to solve these social aspects in technical manner. As every user is much smarter than software, he is able to find a way around and bet his boots. So «anti-» vendors found new way: they decided to acquire user help. The typical ways for this are Windows' Vista firewall, Kerio, Outpost, ZoneAlarm and many others: in case software cannot decide if such action is a crime or not, it interacts with user via annoying blocker dialogs. Good idea... but it is not quite comfortable and doesn't solve the problem yet. Many actions are safe; many are not; all depending of context. If you send a message via email to your friend, and immediately will see "MSMGS.EXE tries to send data to port 25 at address 192.168.100.74; accept or decline?" What will you choose? Why? And if that message will be shown dozen of times five minutes later, which answers will you choose? Technically, it is a beautiful idea, to provide the way when user makes solution himself. But it expects from user a great knowledge and much patience, turning a simple operation as mail sending, to a headache. Social-oriented software: how it works Taking into account all the aspects described above there should be a fundamentally different concept developed. Some vendors make first steps toward this approach. As an example of oncoming tendency WinJail software can be taken. (http://www.winquota.com/wj/winjail_desktop.html) In short, the basic idea of WinJail Desktop is «playing dead». Every mistake of John and Mary is allowed, but only at «virtual space», and this virtual space is isolated at the level of operating system. Any trojan or virus, that attacks the computer, is informed that attack has succeeded. But in reality, all changes are applied not at your system files; they are applied at separate space and your system and other programs remain untouched. According to our example with not advanced user John, who found content at www.interested-go.com, he will ignore all notices about «unknown and possibly dangerous content» and other alerts from anti-viral software. The content that John launched tries to attack John' computer, as usual. But avoiding real damage, all changes are isolated to separate bottle. Voila! In the same manner, Outlook and attachments inside are managed with their own jail; so John is able to run such unknown content, open there dangerous software, and clean it in two clicks if needed. As it is seen from the example the concept of social-oriented software can really be the next step to reincarnation of software- accurate and faceless tool to software that really "understands" user needs and considers user psychology. (c) governmentsecurity.org
