- Aug 30, 2012
- 6,598
There is a joke when the kid approaches the policeman eating his donuts. The kid asked him how many donuts did he eat on empty stomach. The policeman answered "I dunno, didn't count, probably 5..." No no, the little kid replied, you ate only the first one on the empty stomach, the rest of the donuts weren't eaten on empty stomach. The policeman, depressed, goes to his station, and started crying. "Ah, we are so stupid!" he yelled. His chief, also eating donuts, asked him what's wrong.
- Why are you crying and saying that we are stupid?!
- OK boss, how many donuts did you eat on the empty stomach from this morning?
- I dunno, maybe 8
- Damn! If you had said 5 then I could prove it to you!
Prologue
I used this joke as an allegory to a zero-day attack. What is a zero-day? In my opinion, and nowadays, it's an absolute term. With everything connected through the cloud, and network corporations constantly monitor the traffic anomalies, the zero-day attack could happen to you, but if it happens to another person/computer at the approximately same time is it still a zero-day? What if I take ThisIsNotVirus.exe and execute it, like a normal person with its normal unsustainable urge to click, give it admin rights (no! of course, I disabled UAC when my supergeek friend reinstalled my Windows because there were some unexplainable popups pop-upping everywhere from my browser to my media player.), so it already has an admin rights to do whatever it wants.
Chapter I
What is the point of the AV if I click ThisIsNotVirus.exe today, and VirusTotal shows 0/56, my system is ruined, and tomorrow VirusTotal shows 55/56 (sorry ClamAV, you didn't catch it). So tomorrow, everyone who also clicked on that legitimate innocent file was protected, and I paid the collective price for everyone.
Because you are uneducated to use your computer properly I say. In this case, it's your fault.
Chapter II
You take an undiscovered Windows vulnerability. Yet undiscovered. Some bad people use it to create an exploit that can do numerous of things from monitoring what do you do, to stealing your data, your passwords, your naked photos with rum and cheesecake in your bathtub. use your machine as a hostage, demand a ransom from a damage caused to you.
Luckily, you are not the main protagonist of this story, when either the actual malware is used, security hole for a breach, injector, or an imitator. Yes, deal with it, you are not important enough for a hacker to steal something from you. Except :
That security hole will always remain unpatched. Yes, you are careless enough for people to trick you, again, uneducated to use your computer properly.
Chapter III
Ringing...
- Yes, here is Pete, how can I help you?
- I am infected with a nasty virus, please help!
- OK, calm down, and tell me what OS you are using?
- Windows XP Pro Super 10 Edition, downloaded from reliable warez source ...
-
- Hello, Pete? Are you there?!
So, don't use any combination of outdated software, especially if your defenses are layered. It's like you are going into war with full equipment, futuristic lasers and guns, but naked. No security company will take you seriously if you didn't use all the latest patches and your problem is directly caused by not having them.
So, again, it is your fault. You were uneducated enough to go into a war naked and now you are crying because someone shot you.
Chapter IV
There are just too many memes for this and about this theme.
Our malware removal expert TwinHeadedEagle, once said that most infections he deals with are the fault of the end-user. Most infections came from cracks, patches, and keygens,... torrents. It could also be applied when you are installing software carelessly:
"This will install 100 add-ons that program you downloaded doesn't need to function, but it would be awesome if you click..."
YES! I AGREE! Come on, I want to see how this new baby looks! WOW! They changed the UI! It's much better now! Functionalities improved? "some minor bugs fixed".
OK, I admit, I was infected once with some stupid worm, that created shortcuts for almost every file I had...everywhere! It was when I bought my computer (11 years ago), I didn't know that Updating Windows is a good thing, I used AVG and updated it offline (through offline signature pack). We didn't have the internet. (crying like the policeman in the beginning of this story).
When, you might ask?
I was trying to crack Nero Burning ROM. (a relief)
I had nothing to lose back then. Was it my fault? Yes, I was uneducated enough to use a computer.
Chapter V
Long story short. Your brain.exe is your main Antivirus, main Anti-Exe, HIPS, Firewall, Sandbox, Virtualization. If that component malfunction, nothing can help.
When isn't it your fault?
When you are aware of everything that can happen to you, you are aware that there is so much that it isn't yet discovered for you to know, you took all security and prevention measures, covered all the major attack vectors but... ...you were that first donut that policeman ate. You simply didn't have luck.
Nothing is impossible. Remember that.
Thank you for reading!
- Why are you crying and saying that we are stupid?!
- OK boss, how many donuts did you eat on the empty stomach from this morning?
- I dunno, maybe 8
- Damn! If you had said 5 then I could prove it to you!
______________________________________________________________________________________
Prologue
I used this joke as an allegory to a zero-day attack. What is a zero-day? In my opinion, and nowadays, it's an absolute term. With everything connected through the cloud, and network corporations constantly monitor the traffic anomalies, the zero-day attack could happen to you, but if it happens to another person/computer at the approximately same time is it still a zero-day? What if I take ThisIsNotVirus.exe and execute it, like a normal person with its normal unsustainable urge to click, give it admin rights (no! of course, I disabled UAC when my supergeek friend reinstalled my Windows because there were some unexplainable popups pop-upping everywhere from my browser to my media player.), so it already has an admin rights to do whatever it wants.
Chapter I
What is the point of the AV if I click ThisIsNotVirus.exe today, and VirusTotal shows 0/56, my system is ruined, and tomorrow VirusTotal shows 55/56 (sorry ClamAV, you didn't catch it). So tomorrow, everyone who also clicked on that legitimate innocent file was protected, and I paid the collective price for everyone.
Because you are uneducated to use your computer properly I say. In this case, it's your fault.
________________________________________________________________________________
Chapter II
You take an undiscovered Windows vulnerability. Yet undiscovered. Some bad people use it to create an exploit that can do numerous of things from monitoring what do you do, to stealing your data, your passwords, your naked photos with rum and cheesecake in your bathtub. use your machine as a hostage, demand a ransom from a damage caused to you.
Luckily, you are not the main protagonist of this story, when either the actual malware is used, security hole for a breach, injector, or an imitator. Yes, deal with it, you are not important enough for a hacker to steal something from you. Except :
That security hole will always remain unpatched. Yes, you are careless enough for people to trick you, again, uneducated to use your computer properly.
________________________________________________________________________________
Chapter III
Ringing...
- Yes, here is Pete, how can I help you?
- I am infected with a nasty virus, please help!
- OK, calm down, and tell me what OS you are using?
- Windows XP Pro Super 10 Edition, downloaded from reliable warez source ...
-
- Hello, Pete? Are you there?!
So, don't use any combination of outdated software, especially if your defenses are layered. It's like you are going into war with full equipment, futuristic lasers and guns, but naked. No security company will take you seriously if you didn't use all the latest patches and your problem is directly caused by not having them.
So, again, it is your fault. You were uneducated enough to go into a war naked and now you are crying because someone shot you.
______________________________________________________________________________________
Chapter IV
There are just too many memes for this and about this theme.
Our malware removal expert TwinHeadedEagle, once said that most infections he deals with are the fault of the end-user. Most infections came from cracks, patches, and keygens,... torrents. It could also be applied when you are installing software carelessly:
"This will install 100 add-ons that program you downloaded doesn't need to function, but it would be awesome if you click..."
YES! I AGREE! Come on, I want to see how this new baby looks! WOW! They changed the UI! It's much better now! Functionalities improved? "some minor bugs fixed".
OK, I admit, I was infected once with some stupid worm, that created shortcuts for almost every file I had...everywhere! It was when I bought my computer (11 years ago), I didn't know that Updating Windows is a good thing, I used AVG and updated it offline (through offline signature pack). We didn't have the internet. (crying like the policeman in the beginning of this story).
When, you might ask?
I was trying to crack Nero Burning ROM. (a relief)
I had nothing to lose back then. Was it my fault? Yes, I was uneducated enough to use a computer.
______________________________________________________________________________________
Chapter V
Long story short. Your brain.exe is your main Antivirus, main Anti-Exe, HIPS, Firewall, Sandbox, Virtualization. If that component malfunction, nothing can help.
When isn't it your fault?
When you are aware of everything that can happen to you, you are aware that there is so much that it isn't yet discovered for you to know, you took all security and prevention measures, covered all the major attack vectors but... ...you were that first donut that policeman ate. You simply didn't have luck.
Nothing is impossible. Remember that.
Thank you for reading!