Rubénerd!

Speak of the devil, security research firm Sophos performed a study on fifty USB keys they purchansed from a New South Wales RailCorp lost property auction. Personally, I didn't find the results too shocking.

(Starting in 2009 I got into the habit of always taking tech hardware photos with Yuki in them. This time I tried to use really harsh light to make her look sinister, did it work?)

Report rhymes with... port. That was inspired.

From the report on Sophos Naked Security, a must read blog that you must read.

Lost USB keys have 66% chance of malware
by Paul Ducklin on December 7, 2011

We ended up with Lots 671, 672 and 674: bags containing a motley assortment of 20, 21 and 16 keys respectively. For this rag-tag collection of 57 USB sticks, we paid $409.96 once the auctioneer's 16.5% fee was added in. We could have bought brand-new for slightly less than half that price.

The data on drives are more valuable than the drives themselves now. Not surprising.

Five of the keys were broken, including the two novelty items in the set (a car and a Lego-like block). Two of the rest were unreliable, so we excluded them, although one gave up just enough data to reveal an Autorun worm but little else.

That left a conveniently-round number of 50 devices in the test.

The study revealed that two-thirds were infected with malware, and quickly uncovered information about many of the former owners of the devices, their family, friends and colleagues.

Disturbingly, none of the owners had used any sort of encryption to secure their files against unauthorised snoopers.

In perhaps a socioligically optimistic way, the Sophos team in Sydney were "surprised" at the prevelence of malware. To be honest, I would have been more surprised if fewer of the memory keys contained malware.

Professor Mal Ware of some dodgy uni thing

As I've reiterated here many times, Windows itself can be a usable operating system provided it's thoroughly patched and well maintained. Unfortunately, for most people the chore of doing so is simply still too great, and those who think otherwise are kidding themselves. Nerds are not typical users.

These findings can also be seen as further proof that despite the increased prevalence of network attacks, sneakernet infections are still alive and well. I can still remember the first time I brought home an infected floppy disk from school and our McAfee AntiVirus for Windows 95 had a fit. Chernobyl W32, I'm looking at you. Hey, that rhymed.

Pointless nostalgia aside though, the prevelence of these worms on memory keys only adds further evidence for their effectiveness as an attack vector. Stuxnet is but one contemporary example of malware using this system, which conveniently avoids firewalls and other such network intrusion detection.

He would be Professor Person Aldata

As for the personal data they contain, it's also no surprise to me people are so cavalier, and don't use encryption of any sort. I use TrueCrypt and/or GnuPG on my memory keys and external hard drives I intend to use for anything other than media transfer (ahem), but again I'm not a typical use case, and assuming you're reading my blog, you're probably not either.

Either everyone becomes more adept at understanding the need for encryption and how to use it, or people stop losing things, or encryption software becomes easier/more transparent for users. I can predict which of the three already is more feasible, but will it happen?

Finally, it appears we can also draw some other conclusions. Those who take public transport in New South Wales — trains in particular — lose infested memory keys on a regular basis. Is it the fact they take train that's the cause of them having malware on their memory keys? I report, you decide!

Another afternoon, another person appeals to me for help with their Windows laptop. Regardless of whether its a Windows XP, Vista or 7 machine, the problem is always exactly the same: viruses and spyware.

Steals some of his old man's blood pressure pills

Since I was a kid I've been the go-to guy in our circle of friends and family for fixing computers, and I've done my fair share of them. Anecdotal evidence should always be taken with a grain of salt, but in my case the problem has been near universal. People treat their computers as appliances, download material without knowing what it is or where it came from, and treat the subsequent slowdowns as a fact of life. Almost every machine I've looked at has been riddled with spyware or viruses, and the problem simply isn't going away.

To quote my sister Elke who was a casual Windows user until 2008: "They're just used to it, its not unusual!".

Forgive any undue disrespect if you're a Microsoft guy or girl, but we've been hearing from many of you how secure Windows is now and how 7 is the greatest OS of all time. While I'm sure technical users have no problem keeping their systems running well, they're completely deluded if they think they're a typical use case.

Did I mention it's fact?

Other OSs are by no means perfect, but despite their own specific limitations Macs or Linux boxes[1] I've looked at simply don't have these issues. Full stop. This isn't a case of unbridled fanboyism, its cold hard fact, and I wish Windows fans would simply admit it, just as a Mac user[2] I admit I pay a huge premium for hardware, or that my Linux boxes[2] have less (or far more complex) hardware support.

We can debate the reasons why (some of which aren't Microsoft's fault), but it's undeniable fact that in the hands of a non-technically proficient user Windows rapidly attracts junk and slows down like no other OS.

As a consumer operating system, the other issue is Windows is being pushed into places where it simply doesn't belong and is dangerous, such as ATMs, hospitals and critical process control systems, but that's for another rant post.

*calms down* *drinks tea*.

Footnotes

[1] Linux (or GNU/Linux, etc) is typically installed by a technically competent friend or family member, and I'm surprised by the number of them I'm encountering these days. It also lends a little credence to the notion that Windows market share is inflated, given that these machines were OEM-d with Redmond's OS and are counted as such. That's a topic for another post too.

[2] I grew on DOS and Windows machines right up to XP, but made the switch to Mac in 2001 and didn't look back. I also maintain several PCs running Arch and Fedora Linux, and my file and media servers run FreeBSD.

[3] Nanami Madobe is adorable, as too is the new mascot for Azure. We need some official OS-tans for Mac OS X, Linux and BSD. We already have a platypus, a penguin and a daemon, but a team of *nix bishōjo characters shouldn't be too hard!

Logging onto one of the shared computers at the UniSA Mawson Lakes campus this morning I got this error message. Again.

The virus definition file is more than 7 days old. Updating to a new virus definition file will help catch the most recent viruses.

Also, I like grilled cheese sandwiches. Put one in my CD-ROM tray.

Remember back in the day when having month old definitions was still cutting edge? Now Windows users are considered vulnerable if definitions are 7 days old. Is that why despite being version 6.1 the called it Windows 7?

What's more worrying is shared UniSA computers use a system that wipes them and reimages a clean install of Windows and custom software onto them over the network; it combines the negative insecurity and heavy hardware requirements of a thick client with the bandwidth problems of thin clients while delivering the benefits of neither -- genius! But we're getting sidekicked sidetracked: this system means each shared computer across the university would have these old definitions.

Even though my notebooks run FreeBSD, Linux and/or OS X, I think I'll be using Hotspot VPN or GoToMyPC more often when I'm on campus.

For some reason this evening while searching for information about how to grate cheese using only rubber bands MacGyver style (or maybe while I was searching for SQlite information for Ruby, I don't remember) a random message box popped up:

Given I'm on FreeBSD (they didn't even check whether their victim was running Windows?!), just for a laugh I decided to click OK and see what they showed!

I was expecting the usual silly looking website with affiliate links for piles of overpriced and unnecessary security software, but instead a new fake web software screen appeared, complete with animated progress bars and an evolving list of "infections" that the "software" had "detected". When it was done another fake message appeared which linked to an executable file to download, presumably containing spyware or a virus. Taking a look at the source on the page itself, each button triggered the same JavaScript download function.

ASIDE: The JavaScript code took up more space than any of the HTML. I've never seen that before, quite eye opening. Scams like this need more 1337 programming skills than I thought. And all the more reason to disable JavaScript except for trusted sites!

I must say, despite the fact the Windows logo is different in four different places and the grammar is terrible, the animations and fake scan results are pretty well done. For most savvy and intermediate computer users the flaws would be pretty obvious and they'd probably laugh them off, but the scary thing is I'm sure there are plenty of people who would find this whole shameless charade convincing. Just like all these hoaxes, they seem to target this group; heck if they can net one person out of a few thousand, the whole exercise has been... how does Richard Quest put it... profitable.

Malware distributor, I stick my tongue out at thee!

For what it's worth though, and on the bright side, it was really hilarious seeing this whole thing act itself out... in KDE on a FreeBSD machine where the windows look completely different, the colours don't match, the fonts aren't even the same and the .exe file it tried to download to the machine wouldn't have been able to run itself even if it did make it to the hard drive to start off with!

Sorry guys, there's no Microsoft Windows code to exploit on this machine!