14 DAY TRIAL // Unlike the UNIX based Mac OS X and the open source Linux operating systems, the Windows platform is far from the perception or the reality of a secure by default product. While neither Mac OS X nor Linux are panaceas for security issues, in the same manner as Windows Vista, Microsoft's long advertised most secure operating system to date, is not a silver bullet solution, Windows is the undisputed underdog in the race for delivering user protection. Code quality and the actual security mitigations and boundaries implemented into the fabric of the product are only an aspect of the problem. Windows also has to face a mature threat environment, evolving at a fast pace, because of its ubiquity.
In this context, antivirus programs become an inherent aspect of Windows, and even with Vista, Microsoft emphasized the need to run security solutions on top of the operating system in order to keep users safe. But there is also a downside to security offerings, one exemplified by Kevin Savage, Symantec Security Researcher. But while the code and the design process can be minutely scrutinized in order to reduce the volume of critical vulnerabilities to a minimum, no software developer can patch human nature. And this is where social engineering schemes come in, promising the world in order to transform unsuspecting users into victims.
"In the ever-expanding world of misleading applications, you might wonder how each new application can stand out from the crowd and get itself noticed. Browsing the Web sites of some of these applications shows that most employ some form of social engineering to persuade potential customers to purchase their products. This social engineering ranges from the subtle language of persuasion to bold warnings concerning your personal and online safety. The most common social engineering used on these Web sites tells us that just about every online activity is certain to bring spyware and other unwanted pests to your door. Downloading music from the web seems to be the biggest culprit in this area", Savage explained.
Savage revealed a close connection between Internet pornography and security solutions, both free, and both interconnected in providing vessels for infecting computers with malware. Tactics vary from scaring users into thinking that they are monitored, or that spyware has compromised their system to offering bogus online scanners designed to alert of the presence of a series of threats.
"Another tool we've seen used is pop-up windows that appear when you visit certain Web sites. Clicking "OK" on these pop-ups usually redirects the user to the purchase page of some rogue product. The following example displays some convincing information on the "W32.Myzor.FK@yf" virus. The pop-up doesn't claim you are infected with this virus, but the impressive technical details are probably enough to get some users to bite", Savage added.