F-Secure: User education no security solution
Published: 12 Oct 2007 16:15 BST
Education is not a viable solution for preventing security issues, according to Patrik Runald, F-Secure's senior security specialist.
Runald said systems are often compromised in spite of the user practising safe computing.
"Even if the user is doing all the right things — making sure the page is encrypted, not opening attachments, for example — they [still] get infected. Education can only go so far," Runald noted.
Runald said the rising occurrence of "drive-by" downloads is "most worrying", referring to the situation whereby a Trojan, embedded in a website, surreptitiously downloads itself onto a user's system when the page is visited.
"It doesn't have to be a dodgy site. It could be anywhere. You visit the site — bang — you get hit," said Runald.
A Trojan could be sitting undetected in a user's system until it gets activated, for example when a user logs into a banking website.
The only solution, the security expert said, is vigilance in ensuring all security software is constantly updated, so that the user can be protected from threats they do not see.
"Even if people have been educated on safe surfing, they either forget or don't care," Runald said.
Mobile security
Runald also noted that the technology is available to cause serious damage on mobile devices.
"All the pieces are in place for a mobile malware outbreak," said Runald.
According to the security expert, 99 percent of mobile malware is targeted at the Symbian operating system (OS) because it is the market leader and its source code is open, making it easier to examine the OS for vulnerabilities.
Malware can also be spread quickly via Bluetooth or MMS (multimedia messaging service), making its proliferation easier, Runald said.
Read this
Q&A: Be alert to booby-trapped web pages
Trend Micro chief technology officer Raimund Genes warns that online life is about to get much hairier...
But closed operating systems are not necessarily safer. Referring to Apple's iPhone, Runald said: "In theory, by having a closed OS, it should be safer. But remember that it didn't take long after its release for people to crack it and run third-party applications. Its file system was also made accessible through cracking, and this opened the system [to] a lot of danger."
Offering an explanation as to why a mobile malware pandemic has not yet occurred, Runald said there has not been a concerted effort by mobile virus coders because they tend to be "kids" who are interested in "a bit of fame and mischief", rather than being motivated by profit like those who code for PCs.
However, Runald cautioned that this does not rule out the possibility of a mobile malware outbreak. "The end game is money. Phones have a built-in billing system by being connected to a user's account. We're certain something will eventually happen," he said.
Did you find this article useful?
4 out of 4 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
