Friday, November 6, 2009

A Video Game that Deletes Your Home Directory Files

Created as an art project, Lose/Lose is a Macintosh game that looks a bit like that 80's classic Space Invaders. The difference is, as is warned explicitly on the author's home page, each alien you kill will delete a file in your home directory.

The story made its way to AppleInsider.

I've already railed on users not bothering to read directions or popups and warnings. This program is clearly a joke on people who don't bother to do so.

However a second twist came up in that several antivirus firms are classifying it as malware and a trojan. They claim that other people may take the program and repackage it without the warnings of dire consquences so that people will delete their files

First, this is silly. The vast majority of malware authors out there are working to make money now. They do it by taking over the machines in order to blackmail other users (give us money or your drive is encrypted), commandeer user's computers to remote control them in order to blackmail other users (give us money or you will suffer a denial of service attack), and commandeer user's computers to remote control them in order to overwhelm anti-spam efforts (turn computers into zombies that send spam). Oh, and I'd be remiss if I didn't mention the take over the computer to record files and keystrokes so they get your login information to banks and corporate sites.

Overall, the key to malware authors getting profits from ignorant users is to not get caught on the computer. If you disable the computer, they can't get money. They can't resend spam. They lose a zombie on their network of controlled machines. So unless it's a targeted attack, repackaging something that deletes home directory files is nothing more than digital vandalism (or a serious middle finger of misplaced anger at ignorant users to teach them a lesson).

In other words, it's a waste of time for malware authors.

On the other hand antivirus authors love this crap. "It's evil!" they laugh. "It'll destroy your computer! Plus it adds another signature to our database to increase the number we can post on our site so we look better than our competitors...

They know damn well it's not a serious threat.

Ken Thompson (if you don't know the name you're obviously not a computer person...just saying...) wrote a wonderful paper called Reflections on Trusting Trust wherein he described a compiler that was altered so it added a back door to the Unix Login program. He said that people normally audit the human-written source code to programs and trust the compiler, the program used to turn that source code into machine code. His alteration added a back door to the Login program and also had the ability to recognize when it was compiling a new version of the compiler, adding that backdoor-compilation-code to the new compiler as well.

In other words, this program questions trust. In order to install a program on the Mac (or Linux or Windows now) you have to authenticate as an administrative user. "Yes, I want to do this."

The problem is that you're normally installing programs from people you never met. You didn't write it. You didn't audit it. What's to stop the new trial software you downloaded from the webbertubes from uploading your financial information in the background while you're playing? If you granted it administrative access when installing the program, absolutely nothing will stop it.

Users simply trust that there's no chance (or a very slim chance) of that happening. They trust the authority of Those That Know More About This Shit Than I Do(tm).

Classifying Lose/Lose as malware (or potential malware) is silly and a waste of time. Any jackass that is worth their programming salt would come up with a better version than some retro 80's video game to attract more users rather than spend the time reverse engineering this little game, and even if they didn't, the time invested in removing the warnings would still probably not take much more to alter the compiled program so that it won't trip the signatures in the antivirus programs.

Hell...I could email a script to someone telling them to execute it and all it does is "rm -fr /". Got a signature for that, vendors?

The fact is that uneducated and ignorant users will always be a weakness in the system. There is no bringing them up to speed because they're not interested. See the number of cars that are on the streets in the US? How many of them don't know how to change a tire? Which, arguably, is one of the simplest tasks for car owners yet a rather important thing to know when they have a flat and are on their way somewhere. Lots of people have computers, they're ubiquitous, many people have come to rely on them for various tasks in their lives...yet they sure aren't flocking to the computer section of Barnes and Noble to learn how to properly maintain their system. Most of the time I'm lucky to find a user that even runs Windows Updates on their system.

So what's the summary here?
A) Users won't read warnings.
B) Antivirus vendors will do anything to look good.
C) If I can get you to install a program on your computer, you're not secure. You're probably fine. But you're not secure.

No comments:

Post a Comment