Presentation is loading. Please wait.

Presentation is loading. Please wait.

Closing Panel: End Users & Cybercrime Joe St Sauver, Ph.D. MAAWG Senior Technical Advisor Grand Ballroom, 1530-1700 hrs, June 11th, 2009.

Published byDamon Barton Modified over 8 years ago

Similar presentations

Presentation on theme: "Closing Panel: End Users & Cybercrime Joe St Sauver, Ph.D. MAAWG Senior Technical Advisor Grand Ballroom, 1530-1700 hrs, June 11th, 2009."— Presentation transcript:

1 Closing Panel: End Users & Cybercrime Joe St Sauver, Ph.D. (joe@uoregon.edu) MAAWG Senior Technical Advisor Grand Ballroom, 1530-1700 hrs, June 11th, 2009 Grand Hotel Krasnapolsky, Amsterdam http://www.uoregon.edu/~joe/end-users/ Disclaimer: All opinions expressed are solely those of the author.

2 2 Our Topic Today "How do we force/encourage/cajole users into cleaning up their systems? What do our users expect from us?" I'd like to start by sharing a few brief thoughts, or "propositions" if you will…

3 3 Proposition #1: "At Root, ISPs *Can* Simply Turn Off Infected Systems, But Customers Have Countervailing Powers of Their Own…" Assuming suitable terms of service (TOS) and acceptable use policy (AUP) terms, ISPs come to the table with a huge hammer: If you want to be connected via our network, your system cannot misbehave (spamming, scanning, packet flooding, hosting malware, etc.). If your system does do these things, we'll turn off your connection. On the other hand, customers are not completely without offsetting substantial powers of their own: If you treat me harshly or unfairly, I can and will take my business elsewhere. Or at least this is the unspoken underlying ultimatum.

4 4 Proposition #2: "If I Tell You That Your System Must Get Cleaned Up, I May Reasonably Be Expected To Help With That Sisyphean Task" Online tools and resources may sometimes be enough to help users get cleaned up, but what if more than that's required? In highly competitive markets with thin margins, it doesn't take long for intensive customer support costs to eliminate any profitability associated with perpetually-infested customer accounts. Are there some perpetually-infested and expensive-to-service customers a smart ISP simply doesn't want to have? "In your case, we strongly recommend you try our competitors."

5 5 Proposition #3: "Even If Users Wanted to Clean Up Their Systems, They Often Can't." Most can't self-clean because they lack the requisite tools and training to remove all but the most trivial of malware themselves Nor can they hire someone to clean up their old clunker system, because that may end up costing nearly as much (or more!) than simply buying a new one. A new "name brand" desktop with a Core 2 Duo, 3GB, 500 GB disk and a 21.5 LCD=$439; a new "name brand" laptop with a Pentium Dual Core T3400, 3GB, 250 GB disk, 15.6" display, webcam, DVD burner and more=$449 (and let's assume pretty much any running old system can be sold for at least $100). Users can't "nuke-and-pave" because they have no backups, they can't find their original media for their installed software, they have little hope of recreating all their customizations, etc.

6 6 Sidenote: So What Does Eventually Happen? Let's Spin The "Wheel of Possibilities"… The malware gets silently removed by Microsoft's Malicious Software Removal Tool when it gets downloaded and run each month The user's own antivirus software does finally catch up with the infection (once it has bedeviled a large enough number of users) Some other bit of malware consolidates its own position by removing "competing malware" The user just turns off the infected system The user replaces the infected system, potentially selling or "gifting" the still-infected system to some new owner (surprise!) A computer-savy friend or relative get's invited over (but should your core line of business depend on an informal network of amateur clean up specialists having dinner?)

7 7 Proposition #4: "Users May Not Want To Clean Up Their Still-Usable Systems Anyway… Historically, users wanted malware off their system because being infested made the system unstable, further-slowed already painfully slow network connections, and generally acted like an ill-behaved uninvited guest. Today, however: -- malware "quality control" is improving -- end user systems have faster processors (with dual or even quad cores!) plus gigs of memory and fast connections, and -- malware has learned to stay low profile. Thus malware infections may "fly under the radar" and be less of a concern to the end user. If end users can't even tell that they have a "problem," how motivated will they be to "fix" it?

8 8 Proposition #5: "Our Users Aren't Your Real Problem" (aka "Just Six Countries Account for Half the Spam Zombies on the CBL Blocklist") http://cbl.abuseat.org/country.html (Wed, 10 Jun 2009) Total: 8,758,560 listed compromised hosts Country Count Percent Cum Percent Brazil1,313,360 15.00%15.00% India: 880,818 10.06% 25.05% Turkey: 694,111 7.92%32.98% Russia: 684,747 7.82%40.79% Poland: 439,928 5.02% 45.82% Vietnam: 310,939 3.55%49.37%

9 9 Are There Simple Steps We Could Take To Help Address The Problem In Those Countries? For example, if I'm one of 1.3 million Brazilians with an infected system, are there Portuguese language versions of the tools I need to clean up those systems, and are there instructions to help walk me through using them? If I'm an Indian and I speak a South Asian language rather than English, are there tools and information resources to help me? What about those sort of resources in Turkish? Russian? Polish? Vietnamese? If those sort of resources don't exist, might that not be a simple but important deficiency to attack? There's nothing like a week in a foreign country to remind you just how frustrating it can be to be unable to read signs and warnings and instructions written in another language you never bothered to learn!

10 10 Proposition 6: "Is The Ultimate "Cure" Really Prevention?" Are we tired enough of this problem that we're willing to step up efforts to prevent customers from getting infected in the first place? Has the time come for us to candidly advise users to consider alternative operating systems? Is this problem serious enough that we're willing to consider discouraging HTML-ified email and the exchange of attachments? Text-based email, after all, has limited infective potential. If so, what are we to do about some key web environments which absolutely require Javascript to be enabled, with all the security implications that can have? (And while NoScript may be great, it isn't the solution for less technical users) Are we willing to make and live with some hard choices?

11 11 Proposition 7: "Does The Government Have A Role As A Provider of Last Resort Assistance?" When a problem is of this breadth and magnitude (including international components and potential national security implications), is there a governmental role that should exist as a provider of last resort cyber assistance? If so, this isn't a law enforcement function, it is more a sort of "cyber welfare," or "national cyber insurance" thing. But if we can't afford the costs of real health care or all the other existing people-centered programs out there, can our government afford to take on new cyber-oriented responsibilities? Who/what agency would offer this sort of service? How would we effectively reach out internationally? Do we really want to ask our governments to take this on? If not, who will step up to handle it instead?

12 12 Thanks For The Chance To Share These Thoughts With You This Afternoon!

Download ppt "Closing Panel: End Users & Cybercrime Joe St Sauver, Ph.D. MAAWG Senior Technical Advisor Grand Ballroom, 1530-1700 hrs, June 11th, 2009."

Similar presentations

Bulk Account Creation Messaging Anti-Abuse Working Group (MAAWG) Meeting Philadelphia, Pennsylvania, October 27th, 2009 Joe St Sauver, Ph.D.

Bulk Account Creation Messaging Anti-Abuse Working Group (MAAWG) Meeting Philadelphia, Pennsylvania, October 27th, 2009 Joe St Sauver, Ph.D.
Customer Service – Dealing With Difficult Customers

Customer Service – Dealing With Difficult Customers
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Managing Incoming Email Chapter 3 Bit Literacy. Terminology Email client – program which retrieves emails from a mail server, lets you read the mails,

Managing Incoming Chapter 3 Bit Literacy. Terminology client – program which retrieves s from a mail server, lets you read the mails,
How NOT to Crash your Computer By: Taylor Helsper.

How NOT to Crash your Computer By: Taylor Helsper.
Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,

Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,
101.  Computers DO NOT think for themselves. For them to do anything they need to be told what to do.  Simply put computer programming is when you tell.

101.  Computers DO NOT think for themselves. For them to do anything they need to be told what to do.  Simply put computer programming is when you tell.
Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?

Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.

Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
IST346: Troubleshooting Problems. Today’s Agenda Debugging Fixing Things Once  Understand the problem you’re trying to fix  Finding the root cause 

IST346: Troubleshooting Problems. Today’s Agenda Debugging Fixing Things Once  Understand the problem you’re trying to fix  Finding the root cause 
SM3121 Software Technology Mark Green School of Creative Media.

SM3121 Software Technology Mark Green School of Creative Media.
New Mexico State University Finding Useful Information The Internet can be Good and Defrag can be Worthless The League of Extraordinary Off-Campus Computer.

New Mexico State University Finding Useful Information The Internet can be Good and Defrag can be Worthless The League of Extraordinary Off-Campus Computer.
 Contents 1.Introduction about operating system. 2. What is 32 bit and 64 bit operating system. 3. File systems. 4. Minimum requirement for Windows 7.

 Contents 1.Introduction about operating system. 2. What is 32 bit and 64 bit operating system. 3. File systems. 4. Minimum requirement for Windows 7.
Teach a man (person) to Phish Recognizing email scams, spams and other personal security attacks July 17 th, 2013 High Tea at IT, Summer, 2013.

Teach a man (person) to Phish Recognizing scams, spams and other personal security attacks July 17 th, 2013 High Tea at IT, Summer, 2013.
Data Protection Campaign At-a-Glance Call Guide 1.Introduction The reason for my call … We are excited that you responded to our email on NetApp data protection.

Data Protection Campaign At-a-Glance Call Guide 1.Introduction The reason for my call … We are excited that you responded to our on NetApp data protection.
1.Make the process for shopping insurance faster and easier for Customers 2.To build valuable relationships between Insurance Agents, local Businesses.

1.Make the process for shopping insurance faster and easier for Customers 2.To build valuable relationships between Insurance Agents, local Businesses.
Using Anti-virus Software A SeniorNet Workshop SeniorNet is a service program of the Lutheran Service Society of Western Pennsylvania.

Using Anti-virus Software A SeniorNet Workshop SeniorNet is a service program of the Lutheran Service Society of Western Pennsylvania.
Debunking the Top 10 Myths of Small Business Server: Using Windows SBS in Larger Environments Abstract: This session will debunk some of the common myths.

Debunking the Top 10 Myths of Small Business Server: Using Windows SBS in Larger Environments Abstract: This session will debunk some of the common myths.
 Norton Antivirus, developed and distributed by Symantec Corporation, provides malware prevention and removal during a subscription period. It uses signatures.

 Norton Antivirus, developed and distributed by Symantec Corporation, provides malware prevention and removal during a subscription period. It uses signatures.
By: Aaron Gustafson Owner Computers N’ Stuff.  Facebook is FREE!!!  Youtube is FREE!!!  Twitter is FREE!!!  Google Plus is FREE!!!  Website hosting.

By: Aaron Gustafson Owner Computers N’ Stuff.  Facebook is FREE!!!  Youtube is FREE!!!  Twitter is FREE!!!  Google Plus is FREE!!!  Website hosting.

Similar presentations

Ads by Google