The problem with relying on software tools to keep you safe is that a user with administrative privileges and a little knowledge (which, as everyone knows, is a dangerous thing) can defeat or disable those tools. Two examples of this phenomenon appeared this week.
As I’ve mentioned before, I currently am using Microsoft Windows OneCare Live, an all-in-one security suite that’s in beta release right now. On several occasions, I’ve disabled the firewall to troubleshoot problems with my network connection. Whenever I do that, OneCare prompts me to send a quick note to Microsoft explaining why I turned off this essential protection.
Apparently, lots of people have been dutifully filling in that form. Over at the Windows OneCare Team Blog, Microsoft summarizes the results from those submissions:
Based on our investigation, there are four primary reasons people are turning off their firewall.
- Do not think a software firewall is necessary
- Do not like the (sometimes incessant) pop-up dialogs
- An application failed to install with firewall turned on
- An application fails to work with firewall turned on
The entire discussion is worth reading, along with the comments. This is one case where I think “nag” dialogs are essential. In fact, I think one commenter’s suggestion of an option to temporarily disable the firewall for a specified period of time (automatically re-enabling it after the time is up) is a good one.
Example #2 comes from George Ou, who reports that Skype 2.0 looks like a virus. The problem? A bug in the latest version of Skype triggers a Data Execution Prevention warning. The most likely reason is that a chunk of memory that contains executable code isn’t properly marked. In that situation, DEP (which uses a setting in the OS in combination with the CPU itself) views this as a potential attack and blocks execution of the code.
DEP is an excellent first line of defense against buffer overflow attacks and other security vulnerabilities. But in this case what’s likely to happen is that the user, because they want Skype to work right now, is going to configure the program as an exception and turn off the warnings. In fact, that’s exactly what Skype recommends on its support pages.
If that happens often enough, it leaves a gaping security hole. The better approach? Skype users should insist that the company fix its code so that it doesn’t load executable code in segments marked as data only.
Those warnings exist for a reason. Turning off the alarm bell doesn’t make the problem go away.