PEBKAC – It’s Not Always So

We have all met people who really have no clue about using a PC. They find they can do things and just repeat even if they are risky operations like downloading and executing random software from the web. However, some believe using that other OS is perfectly safe if there is no Problem Existing Between Keyboard And Chair. That’s not always true.

That other OS of M$’s has repeatedly been attacked by malware during perfectly innocent operations:

I read this today, “My opinion is that employees *can* and *should* be trusted. Those that abuse the trust need to dealt with in an agreed upon way by HR and upper management. For example, a user that gets a virus on their computer would be required to talk with their manager about “safe downloading” practices. If they have another violation, some of *that user’s* rights should be restricted. If it happens again, HR should become involved, because they are obviously not competent enough to do their job.”

That’s clearly wrong but the authour supposedly is out there running IT systems…

I have even read in comments to my blog that such and such a user has never had malware on his/her system simply because they are smart and only visit “good” sites. Well, how is a normal user to know whether some normally “good” site has been hacked and a trojan/backdoor has been dropped off. Is the normal user to go by instinct?

Last year, I worked at a place that was plagued by malware. It was a lot of work just to keep machines running. I know that people were not browsing to naughty sites, because I could see the sites visited in the log of the web-cache and I could see the occasional malware detected at the firewall. Very little, if any, of the malware was a result of users’ actions. It was totally innocent use of the web for professional and educational reasons and thousands of new malwares daily that don’t get blocked automatically by filters.

People can be problems but getting them to use IT was a much bigger problem than using it badly/recklessly. I put malware in its place by installing Debian GNU/Linux system wide. Same users, no problem.

About Robert Pogson

I am a retired teacher in Canada. I taught in the subject areas where I have worked for almost forty years: maths, physics, chemistry and computers. I love hunting, fishing, picking berries and mushrooms, too.
This entry was posted in technology. Bookmark the permalink.

8 Responses to PEBKAC – It’s Not Always So

  1. Ray says:

    In the sources you gave me, it gave me a quote from Trend Micro Blog, who based it on “Trend Micro World Virus Tracking Center”, which is based on Trend Micro Housecall, where people who knew they had an infection go.

  2. oiaohm says:

    D-G twitter really did not find the best.

    http://www.microsoft.com/industry/government/solutions/cofee/default.aspx

    Then wake up cofee has leaked to the open hacker world.

    Really Google Toolbar and Google Chrome don’t report very much. Most it is a unique id when you use google so they can what options you select.

    Now this http://en.wikipedia.org/wiki/Index.dat is evil. You delete all cookies history and everything using IE interface. Yep Index.dat still has a list of every cookie ever created with the matching site. Reason why IE slows down with age.

    This is one of many logging files inside windows that there is no way to clear by Microsoft provided GUI. So yes I know Microsoft is spying on people. Yes I know that information is being extracted. Yes a good look where cofee hits leads you to lots of these hidden log files.

    Issue is if the information is extractable by police its also extractable by criminals to use against you.

  3. D-G says:

    Holy conspiracy theory, Batman! You are truly dumb, Twit. Accusing Microsoft of “spying” when Google does the very same through Google Chrome and Google Toolbar. Are you really dumb enough to believe that Google isn’t “spying” on its users, too? Not only that — you’re also making it sound as if Microsoft is running a keylogger in the background. Which isn’t the case. Isn’t the word for that — FUD? You’ve also ignored any dissenting voices in the comments to the second link you posted.

    You fail at everything, especially at providing proof. All you can offer is biased belief.

  4. twitter says:

    I offered no citation for what should be common knowledge by now. There are multiple sources for a 50% infection rate but reality is closer to 100%. We also know that Microsoft spies on user keystrokes. You should approach a Windows machine knowing that you have no privacy on it and that there’s a 50% chance it will be used to rob you or for some other criminal purpose without you knowledge or consent.

  5. Ray says:

    Ummmm… twitter, the data you used for 50% infection rates turns out to be biases for people who already know that they have an infection.

  6. twitter says:

    Microsoft blames users for Microsoft problems and perversely uses this to gain more power over people. Their software is screwed up because it is directed against users, not external threats. The worse it gets, the more propaganda the company dumps to make people hate the people they are paid to serve.

    You give the company far too much credit for having fixed things. Windows is the only OS that I know of that must be protected by a hardware “firewall” running another OS and a software “firewall” that turns off ports that should not have been open in the first place. File extensions, privilege separation and media mixed with program instructions are still a mess and the company insists on those idiotic practices as features despite everyone having told them they were wrong. Microsoft’s browsers are the end product of anti-competitive campaigns to destroy Netscape, eliminate Sun and now to kill Google. Their anti-standards are both over complex and ever shifting, which is why companies still suffer with IE6, activeX and other crawling horrors. No web site is safe for Microsoft, ever, because spammers and other criminals use advertisements to drill through otherwise reasonable sites like newspapers. Everytime you see the infection numbers broken down by Windows version, they roughly follow the installed base because no version is better than another. Just about every Fortune 500 network shows botnet activity and the overall rate of infection is more than 50%.

    Blaming the user for this plague just adds insult to injury but Windows idiots use it to gain more power and control over users. Long ago, I once had some kind of net nasty jump out of my company issued Outlook preview pane. It opened a cascade of browser windows displaying porn as the hard drive churned. Of course, I had not done anything and I pulled the plug out of the wall to keep it from finishing what it was doing. When I called the help desk, they insisted what I saw was impossible and menacingly told me that I should not worry about them reporting me for browsing porn. They had called the first time while I was away and had repeated my actions remotely and confidently told me that nothing had happened. I was horrified because I realized the idiot had let things run to completion. They again told me that no such thing was possible and offered to show me as I watched. Their remote software was so slow that this took a long time to do but finally they clicked on the same message that I had the day before and said, “See there, nothing happened. You must have clicked on something.” I told them to be patient because things were so slow and sure enough, everything happened as I said it would. Needless to say, the jerk on the other end of the phone would write a report blaming me for everything and another case of Windows PEBAK was solved.

  7. Running that other OS, even a diligent employee can have malware take over a PC. It can happen even if the user does not click on anything. It can happen on a white-listed site or passively over the network.

  8. Contrarian says:

    “That’s clearly wrong but the authour supposedly is out there running IT systems…”

    Certainly employees cannot be trusted, #pogson. The only way to run a successful business is to keep the screws turned down tightly lest they deviate from their duties and web surf or smoke pot in the men’s room or other reprehensible behavior. Keep their noses to the grindstone!

    They are in the workplace, not on vacation.

Leave a Reply