So much of the protection from this sort of attack has to do with user training (or the lack thereof). We need the same sort of PR campaign / public service messages that aim to reduce drunk driving, lack of seat belts, etc.
And before you scoff at that, think of the economic cost of letting folks get "trojan'd" -- this helps build botnets, which have a measurable negative social impact on the Internet -- more spam, financial fraud, DDoS attacks, etc. Obviously not as severe as drunk driving deaths, but worthy of prevention nonetheless.
I know I'm trained -- I look at that "OK" button on the install dialog and my stomach churns. But others don't have this geek instinct, and that should be corrected.
What exactly would you train them to do? It has to be comprehensible by laypeople and distilled down to a single mantra.
So many security related interactions have backfired already, like this one. Is there one simple, straightforward principle that users could follow that will always work, and will keep working long into the future? I doubt it.
It would be even worse if the malicious site was an exact copy of the true Firefox block page. So, when the user clicked on "Get me out of here!" it would prompt to install the rogue AV.
That's what you get when your WARNING screen looks exactly the same as a screen that a website or app can cause you to display.
I have always wondered how the Mac OS password screen works (you know, the one where you are supposed to enter your system password). What if an app spoofs it? How would the user know the difference visually?
I don't know. The first thing that occurred to me on viewing the warning is that Firefox is working as expected -- it is warning me about a malicious site. So why is it asking me to download updates when it appears to be working correctly? It's a contradiction. But maybe that's just me.
What the typical victim thinks is probably something along the lines of "I'm already in trouble, I better just do what the authorities tell me to do before I make it any worse."
Most people (still!) don't question authority and there is a picture of a policeman right on the page, for gosh sakes!
The problem with making users afraid is that attackers will find a way to use that fear against them. You can't scare people into thinking critically.
This attack would screw only Opera users. It would not work for users of IE and Firefox and Chrome, who at least know to look for the signature checking, because all such browsers will flag the downloaded executable such that Windows will check its signature before running it.
This is smart but nothing new in the sense that people have used fake antivirus warnings, fake windows error messages, etc for years now to push you to click on some sort of buttons which would then lead you to a binary install with spyware.
Yes and no. Mozilla's a bit screwed on this front, because they use XUL to render their interface - and, critically, the browser can render XUL pages. I don't have FF installed on this machine, but you should still be able to check it out at http://www.faser.net/mab/remote.cfm to see a demo of the feature.
It's a pretty cool feature, but it means that on Firefox, attackers should be able to emulate basically any chrome they want to.
And before you scoff at that, think of the economic cost of letting folks get "trojan'd" -- this helps build botnets, which have a measurable negative social impact on the Internet -- more spam, financial fraud, DDoS attacks, etc. Obviously not as severe as drunk driving deaths, but worthy of prevention nonetheless.
I know I'm trained -- I look at that "OK" button on the install dialog and my stomach churns. But others don't have this geek instinct, and that should be corrected.