Beware of the dancing bunnies.

re: Beware of the dancing bunnies.

Stephen — Wed, 13 Jul 2005 10:01:14 GMT

So where can I see the dancing bunnies?

re: Beware of the dancing bunnies.

mirobin — Wed, 13 Jul 2005 10:08:49 GMT

I don't know where you can see dancing bunnies, but I know where you can go to see squirrel fishing:

http://www.utacm.org/gallery/?pid=3946&cid=176

:)

re: Beware of the dancing bunnies.

Dana Epp — Wed, 13 Jul 2005 10:17:37 GMT

Larry, I don't completely disagree with your assertions, but I don't completely agree either.

From an information security perspective, antivirus is REACTIVE in nature to an existing KNOWN threat in which a signature has been built. Antivirus is a poor substitution for security best practices that can significantly reduce and mitigate risks to UNKNOWN attack vectors. AV definitely plays a part in a defense in depth posture, but if an attacker wants to make dancing bunnies do the mambo on a victim's host, they are going to continue to find ways to do so while we rely on reactive technical safeguards like antivirus and antispyware.

And as you point out, education isn't going to solve it entirely either. The weakest link in security is the human factor, and if someone wants to watch a bunnie dance... they will figure a way to do so.

So what IS the right answer? Wish it were cut and dry. Least privilege can play a part here. As could virtualization and application containment. However, in the end a well designed mandatory access control system COULD indeed make for a safer computing environment that wouldn't need antivirus or antispyware. Unfortunately, the desktop landscape is not willing to be confined in such a manner. Hopefully the changing security landscape being introduced through things like LUA and application containment in Longhorn will be able to assist us here. We will have to wait and see.

re: Beware of the dancing bunnies.

Dean Harding — Wed, 13 Jul 2005 10:25:03 GMT

I remember reading that comment, too. I think it was on (surprise, surprise) slashdot, in response to that article about the Channel9 interview with Steve Ballmer.

re: Beware of the dancing bunnies.

Centaur — Wed, 13 Jul 2005 10:27:53 GMT

Dancing bunnies, huh. 300% scale wooden horses, huh. A jedi seeks not these things. A properly designed system includes a user who sees right through the dancing bunny, recognizes the Greek warriors inside, and deletes the email from the server without even downloading it.

Unfortunately, such a user is rarely seen using a modern consumer OS.

re: Beware of the dancing bunnies.

Cheong — Wed, 13 Jul 2005 10:32:31 GMT

Will people be able to see dancing bunnies on dumb terminals where only programs chosen by the admins are allowed to run(by registry settings)?

re: Beware of the dancing bunnies.

Stuart Dootson — Wed, 13 Jul 2005 10:45:42 GMT

So....a properly design system AND a properly designed user? :-)

Personally, I don't have any anti-anything software on my laptop. Hardware firewalls, text-only mail interface and I run with LUA. So far, so good...

I don't want no steenking dancing bunnies!

re: Beware of the dancing bunnies.

Cheong — Wed, 13 Jul 2005 11:03:08 GMT

Back in the days where no embedding scripting is there the only way to be infected is by running the executables. (I know there's more kinds of infection strategies nowadays, but this remain the most commonly seen "technique".)

It makes me think that "lack of automation" can sooner or later be advertised as software "feature" as well. :)

re: Beware of the dancing bunnies.

bryan — Wed, 13 Jul 2005 11:48:29 GMT

although I agree that there will always be a need for tools to clean up after a system compromise, the need would be greatly mitigated by use of a capability based security model in addition to an accessibilty model. Perhaps this is what is meant by a properly designed system.

re: Beware of the dancing bunnies.

JamesW — Wed, 13 Jul 2005 13:23:00 GMT

skaro:~ james$ touch dancingbunnies
skaro:~ james$ chmod +e dancingbunnies
chmod: Invalid file mode: +e
skaro:~ james$ ./dancingbunnies
-bash: ./dancingbunnies: Permission denied

Behold OSX's superior dancingbunnies protection ;)

Dancing Pigs (Schneier)

anonymous — Wed, 13 Jul 2005 13:51:34 GMT

http://en.wikipedia.org/wiki/Dancing_pigs

Oh, and 'Secrets & Lies' is a fantastic book. Regardless of whether one agrees with the author or not, it should be read by anyone doing any security-related work in I.T.

re: Beware of the dancing bunnies.

LarryOsterman — Wed, 13 Jul 2005 16:20:47 GMT

Anonymous: Ok, that's it - dancing pigs... This is what happens when you post late at night...

Dana, you may very well be right. There are some interesting things being done in this space, however :).

I also forgot to mention that separation and sandboxing DO work on servers - because administrators are less likely to fall prey to the dancing pigs problem.

I'm going to keep the post as bunnies even though it's the wrong term of art.

re: Beware of the dancing bunnies.

Chris — Wed, 13 Jul 2005 16:34:55 GMT

So won't the user just disable the anti-virus software to see the dancing bunnies? It seems like just one more technical hurdle.

re: Beware of the dancing bunnies.

Ben Bryant — Wed, 13 Jul 2005 20:38:08 GMT

If the operative word is NEED, then I would disagree with you Larry. "a properly designed system didn't NEED any anti-virus or anti-spyware software". Like the other person pointed out, the anti-virus software is just another technical hurdle for the person who wants to see the bunnies. But the issue should be, if I am a responsible user, I should not HAVE TO get anti-virus and anti-spyware software. In that case I completely agree with the statement you find laughable.

re: Beware of the dancing bunnies.

vince — Wed, 13 Jul 2005 20:43:49 GMT

I think you are mixing up the concept of a "virus" and just a malicious executable. Is your anti-virus program going to scan for _any_ malicious program? Is it going to detect somehow the difference of bunnies.exe erasing a temp file versus erasing an imortant word document? Will it monitor all COM calls to make sure it isn't subtlely communicating with other processes and doing sly things?

Any well written malicious program will be able to change and mutate, and having a virus-checker isn't going to help much.

And in any case, I've known people who have had, say, MS Powerpoint or Word do more damage to their files by crashing at inopportune times than any virus has ever harmed them. Should MS Office be flagged as malicious software by anti-virus software?

Anti-virus and anti-spyware software can be used as a last resort to try to cover-up for a poorly designed OS.. but it should be that, a last resort. The fact that it is needed at all speaks volumes about the quality of the Microsoft operating environment.

re: Beware of the dancing bunnies.

LarryOsterman — Wed, 13 Jul 2005 20:54:20 GMT

Vince, as long as users are allowed to add code to the machine, then you're going to need anti-virus and/or anti-spyware.

There is no PC operating system currently available that can protect users from malicious content that they download. You can lock a machine down to the point where users can't install executable content (on Windows, OSX and *nix), but then the machine isn't a PC anymore, it's a computing resource 100% managed by an IT department.

If users can download and run executable content, then malicious software will continue to exist.

I'm not saying that virus scanners aren't another hurdle. But they are a necessary hurdle. So is running with restricted rights, and proper admin/user privilege separation, and sandboxing, and...

re: Beware of the dancing bunnies.

Universalis — Wed, 13 Jul 2005 21:25:22 GMT

" but then the machine isn't a PC anymore, it's a computing resource 100% managed by an IT department."

On this definition most people who have PCs don't need PCs. Many of us would happily accept the occasional visit from (or to) the computer therapist if that meant we were proof against viruses or anything else that makes the system bagadap.

re: Beware of the dancing bunnies.

Ben Bryant — Wed, 13 Jul 2005 21:38:39 GMT

Larry, anti-V and anti-S cannot protect against or repair all of the ills caused by any executable you put on your machine. You are avoiding the real issue which is that the OS network services and common applications like Outlook are the entry points for malicious things that get in despite normal responsible use. No one expects someone to repair or protect against the most overt dancing bunny example, they simply want a system that does not usher the bad guys in through the back door.

re: Beware of the dancing bunnies.

vince — Wed, 13 Jul 2005 21:39:13 GMT

I still think you are misusing the term "virus". Viruses are self-propogating, and in general don't involve users intentionally downloading and executing code.

The users I have to support who run windows (mainly my family members) in general _don't_ download random EXE files off the internet, nor save them from e-mail. Yet they do need to run anti-viruses and anti-spyware programs. Why? Mainly due to Internet Exploer bugs.

I think it is perfectly reasonable to make it _extremely_ difficult to install executable programs as a user. Yes, people will complain, but then let them enable it and face the risk. Just because a minority likes to complain is not a good reason to put _all_ users at risk out of the box.

Relying on anti-virus software to protect you from malicious binaries is just a losing proposition.

re: Beware of the dancing bunnies.

denis — Wed, 13 Jul 2005 23:04:41 GMT

"I saw a post the other day (I'm not sure where, otherwise I'd cite it) that proclaimed that a properly designed system didn't need any anti-virus or anti-spyware software."

This is correct. Windows is not correctly designed. Neither is Unix, nor Apples.

A correct design exists and is practical, but it's fundamentally different from everything we know in practice, and people aren't very good at thinking that far outside of the box.

re: Beware of the dancing bunnies.

vince — Wed, 13 Jul 2005 23:52:03 GMT

Unrelated to the previous posts, but why do you list "no properly designed computer should require a fan" as an unintelligent comment?

I consider one of the biggest failings of modern desktops is the fact that they waste so much energy that they require fans.

Hopefully we will soon move back to a world w/o fans. In fact I think computers should have _no_ moving parts. Much higher reliability. Thankfully the vast majority of computers int the world today don't have fans, only desktops and servers do, so there is hope.

re: Beware of the dancing bunnies.

Brooks Moses — Thu, 14 Jul 2005 00:00:32 GMT

One of the problems with more intelligent users is that they merely fall prey to cleverer bunnies.

Recently, I happened to get a PayPal scam email while I was bored, and opened it (in my text-mode email program), and couldn't see an obvious scam about it -- it was a "You just paid $650 for this vulgar thing, here's your receipt", with no obvious "click here if this is a mistake" link. This raised my curiousity, and so I saved the source of the email to a file, and pawed through it, and discovered that all the usual "About paypal" and such links in it were fake. Hmm. Wonder what they've got at the back end of those, then? So I went to the root of the site, first, and discovered an apparently legitimate orthopedic shoe company. The actual link involved very odd subdirectories, though -- I'm guessing the shoe company's server had been hacked -- so then I tried the actual link, to see what it was, and how plausible a fake it was. It came up blank.

And my anti-virus program popped up to say, "This file that just got dumped in your browser's file cache? It's got this exploit in it...."

Oops.

Luckily it was an exploit for a different browser than the one I use, but still. A dancing bunny, disguised in plain obvious sight. And I fell for it.

(And, Larry, I have to say that I like the term "dancing bunny" a lot better, so I'm glad you kept it.)

re: Beware of the dancing bunnies.

LarryOsterman — Thu, 14 Jul 2005 00:20:55 GMT

Vince, I was hoping someone would notice that one :)

It comes from an industry luminary who designed a computer with this design philosophy. Unfortunately, the tolerances for this computer were such that putting a piece of paper on top of the computer would cause it to melt down.

Low power consumption and low heat are wonderful goals. But to say that a computer is flawed because it has a fan...

re: Beware of the dancing bunnies.

Rob — Thu, 14 Jul 2005 01:05:12 GMT

Larry, your post is crazy. Why should code being executed by the web browser (or a process spawned by the web browser) such as in your example be allowed to write to the registry or to the hard drive?
If the user wants something to affect the state of their computer then it's perfectly fine to get the user to do one step of extra work (i.e. browse to the folder where the executable was downloaded to and run it) as it is not something very often.
The user has every right to expect the code to show the dancing bunnies, but not to overwrite random files on their hard drive.

re: Beware of the dancing bunnies.

vince — Thu, 14 Jul 2005 01:48:01 GMT

LarryOsterman said: Low power consumption and low heat are wonderful goals. But to say that a computer is flawed because it has a fan...

Very strange example. I agree that a proeprly designed machine should not burn up if thermal constraints are over-loaded, but how does this in anyway say that machines must have fans? I agree with the luminary. Any machine with a continuously operating fan is poorly designed.

My primary machine is a G3 600MHz iBook running Linux. Except in _extreme_ cases (ambient room temperature above 90 degrees and running cpu-intesive task) the fan in it does not come on. The machine is completely silent except for the hard-drive noise. It is great. Contrast that to most of the windows machines I've had the misfortune of using; often even when idle the fans on them are so loud you have to crank up the soundcard volume if you want to listen to music. Poor design.

re: Beware of the dancing bunnies.

LarryOsterman — Thu, 14 Jul 2005 02:15:36 GMT

But your ibook has a fan. In the eyes of that luminary, it's a flawed design. It should be able to handle all normal use without it.

Rob: Who said anyting about the web browser? The user received an email that said: Save this java file on your hard disk and run it. When the security popup comes up, be sure to click "yes" or you won't see the bunny. On some machines, you'll need to disable the firewall, to do that, you do this.

And they quite happily do that, and install the root kit.

re: Beware of the dancing bunnies.

vince — Thu, 14 Jul 2005 02:59:49 GMT

Dear Reader of this Blog:

To see dancing bunnies, go to Home Depot and buy a sledgehammer. First smash your computer case with the hammer a few times, then smash yourself on the head with it. If you do it properly, you'll see dancing bunnies!

re: Beware of the dancing bunnies.

vince — Thu, 14 Jul 2005 03:10:23 GMT

Now you are just being rediculous. If apple wanted, they could have created my iBook without a fan, and had it do CPU throttling or some other heat mitigation measure. It was probably a bit more cost effective to have an emergency fan. You are quoting this visionary out of context. Was s/he against the noise of the fan? Against moving parts? Did it look ugly in a clear case?

I also too think it is a bit of a failure that my iBook has to have a fan, but am willing to live with the fact because I need it so rarely.

Just because something is not easy with current technology does not make it laughably rediculous to call for its elimination.

If I really must have fan-free computing I'll fire up my Apple IIe or my old Cyrix 486 box which both survive just fine with passive cooling.

re: Beware of the dancing bunnies.

LarryOsterman — Thu, 14 Jul 2005 03:12:34 GMT

Roger, read this script. Look what it says. It says, "Rabbit gets klunked, rabbit sees *stars*." Not birds, STARS.

It's not dancing bunnies, it's dancing STARS.

It's my understanding that the visionary in question believed that passive cooling should be sufficient for all computers.

re: Beware of the dancing bunnies.

Amit Joshi — Thu, 14 Jul 2005 03:31:12 GMT

Here's a free version of a software product for end users using Windows Desktops that uses virtualization to solve end user problem of dancing bunnies

http://www.greenborder.com/downloads/tdThankyou.html

re: Beware of the dancing bunnies.

Dean Harding — Thu, 14 Jul 2005 03:35:59 GMT

> Why should code being executed by the web browser (or a process spawned by
> the web browser) such as in your example be allowed to write to the registry
> or to the hard drive? If the user wants something to affect the state of
> their computer then it's perfectly fine to get the user to do one step of extra work

But that's actually the point. It doesn't matter if the browser executed the code directly, or whether the user's gone through 100 steps to get the code to execute: if the you *can* go through (any number of) steps to execute code, then the possibility of malicious code will always be there.

Now, obviously Anti-virus software is just another step (I mean after all, the email could say "to see the dancing bunnies, turn off your anti-virus, use the password 'showmethebunnies' to unzip the attachment, and run 'sucker.exe'" and you'd *still* get people infected.) But the point is that anti-virus software is not a sign of a badly-designed operating system. It's just another line of defense, another hurdle, that malicious software developers have to jump over.

The problem is somewhat confounded by the number of legitimate software installers which tell you to "disable your anti-virus software" to install the product. All you're doing there is conditioning your users to disable their AV whenever they install something...

re: Beware of the dancing bunnies.

msemack — Thu, 14 Jul 2005 04:42:29 GMT

Ben Bryant,

"You are avoiding the real issue which is that the OS network services and common applications like Outlook are the entry points for malicious things that get in despite normal responsible use."

You're going to have to clarify that statement a bit more. What "normal responisble" use of Outlook causes a machine to get infected?

You don't get infected with an e-mail virus unless you actually run the infected attachment. Outlook doesn't run it for you. You have to do that yourself.

In fact, by default, Outlook will block most "dangerous" attachment types such as EXEs.

re: Beware of the dancing bunnies.

Matt — Thu, 14 Jul 2005 05:39:25 GMT

I've read all those posts suggesting that the solution to the malware problem is to add hurdles so the user cannot run the malware without confirming they want to in any number of ways. You've all absolutely missed the reason that antivirus software is a better solution than anything you've suggested.
The "solutions" suggested here all pose hurdles to the user for legitimate use as well as when malware is involved. Those hurdles are likely to cause:
a) first frustration
b) second an automatic, undiscerning, mechanical response after the hurdle is seen a few times - eventually offering no protection at all
Antivirus software is superior. It offers little interference during legitimate use. The user is more likely to be surprised and take notice of warnings when they occur. The warnings can be worded in a very strong way because they're only displayed when it is incredibly likely that malware is involved. The user is usually not presented with any way to bypass the protection because it is almost certain that malware is present.

re: Beware of the dancing bunnies.

Norman Diamond — Thu, 14 Jul 2005 05:50:20 GMT

> What's the dancing bunnies problem?
> It's a description of what happens when a
> user receives an email message that says
> "click here to see the dancing bunnies".

That is indeed a big problem. But an equally big problem is when a user receives an email message that tells Outlook Express "automatically click here without waiting for the user" and Outlook Express obeys. Or Internet Explorer, or whoever.

Wednesday, July 13, 2005 1:43 PM by vince
> And in any case, I've known people who have
> had, say, MS Powerpoint or Word do more
> damage to their files by crashing at
> inopportune times than any virus has ever
> harmed them.

Yup. And even Windows 95 without crashing, and Windows 2000 during boot, and most likely Windows 2003 during boot but fortunately I caught that one just in time. Even a former employer who granted ownership of every Word document in the company to Ethan Fromme lost fewer files than that.

Wednesday, July 13, 2005 8:31 PM by Amit Joshi
> Here's a free version of a software product
> for end users using Windows Desktops that
> uses virtualization to solve end user
> problem of dancing bunnies

That page doesn't mention anything being free for end users, and they do demand (maybe not enforce, I didn't try it, but they do demand) a business e-mail address not a personal e-mail address.

By the way, do you know if their product is really so effective that every Windows Update will be disabled? They see to be promising that, but I don't have a chance to check.

By the way, speaking of Windows Update, there's another reason why users have been trained to click for dancing bunnies.

re: Beware of the dancing bunnies.

Cheong — Thu, 14 Jul 2005 07:17:11 GMT

[quoted]
http://www.greenborder.com/downloads/tdThankyou.html
[/quoted]

I viewed the page with lynx and didn't found anything interesting. But the idea of disabling DEP troubles me. :P

Good security related programs should be designed to work with (at least with those that do not offer the same functions) other security related software so as to add additional protection against attacks.

What the web site suggest sounds analogical to me as being told to go naked on a street by a stranger. :)

re: Beware of the dancing bunnies.

Rob — Thu, 14 Jul 2005 09:37:24 GMT

Larry Osterman said:
> Who said anyting about the web browser? The user received an email that said: Save this java file on your hard disk and run it. When the security popup comes up, be sure to click "yes" or you won't see the bunny. On some machines, you'll need to disable the firewall, to do that, you do this.

There has to become a point where the user realises that they are having to jump through too many hoops and what they are doing is wrong. Maybe I'm being too optimistic and there will be a day of carnage when someone spams these types of people saying "flicking the voltage level switch on the back of your computer will double its performance." Maybe evolution taking effect to remove these people from the computer equivalent of the gene pool?

I still hold that any child processes of an internet application (web browser, email client, news reader, whatever) should be run with reduced privileges.

re: Beware of the dancing bunnies.

AndyC — Thu, 14 Jul 2005 12:13:59 GMT

"There has to become a point where the user realises that they are having to jump through too many hoops and what they are doing is wrong"

Not if every time they install anything they have to jump through those same hoops.

This is why virus scanners work so well, they only put an obstacle in the way when something is wrong. This greatly increases the chances that the dialog will make the user stop and think. Combined with a general awareness that computer viruses exist and are a bad thing, it's a very effective technique.

"I still hold that any child processes of an internet application (web browser, email client, news reader, whatever) should be run with reduced privileges."

Where does that end though? The user will just be given instructions to save the file to disk and double click it (or whatever your favourite OS metaphor is.) If they think they want to run it, nothing is going to stop them trying. The only cure is to educate people not to want to run things and that's the hardest problem to solve.

Next step down this path...

J.J. — Thu, 14 Jul 2005 16:27:01 GMT

I'm a security geek. I spend a lot of my time educating administrators and developers on the "dancing bunnies" problem: a bad guy will always execute arbitrary code on a box inside the enclave. Period, done, dot, no questions, always.

I'm glad you get it.

But what about the next step down that path, Larry? Consider the sysadmin of a large corporation, whose networks contain data sensitive enough to warrant an intelligent, determined attacker. Banks, credit card companies, governments, etc. There's no virus signature or spyware definition for his code. What is he to do?

Yes - there are tons of technologies to help further harden the network and make the job more difficult. But the bottom line remains: some bad guy has a rootkit running on my network, I don't know about it, and there are no real tools to find it. Heaven help me if the use had admin access and the rootkit is taking active hiding measures vice the passive, plain-sight techniques popular with spyware.

We need a serious culture change in the security technologies we provide to the sysadmins. Those guys have no chance, and once a bad guy has got his bunnies in the door, he's not coming out.

J.J.

The basic rule of idiot-proofing software:

JB — Thu, 14 Jul 2005 17:48:18 GMT

Never underestimate the ingenuity of complete fools.

re: Beware of the dancing bunnies.

Matt — Fri, 15 Jul 2005 15:28:52 GMT

"Consider the sysadmin of a large corporation, whose networks contain data sensitive enough to warrant an intelligent, determined attacker. Banks, credit card companies, governments, etc. There's no virus signature or spyware definition for his code. What is he to do?"
a) lock down workstation configuration (including Software Restriction Policies)
b) use Windows DRM
It's really not that hard (especially with MS software)

re: Beware of the dancing bunnies.

Dentaku — Fri, 15 Jul 2005 16:16:49 GMT

What annoys me is when people get all flustered when an Anti-Virus program finds something. All I can say is "Aren't you glad it found it before it could do any damage?".
But they don't see it that way. To them, the message is a frightening annoyance.

BTW: I've never had a virus since XP came out and I have no clue where most of the spyware comes from that I have to clean off people's systems.

I guess it wouldn't be a good marketing move for MS to say "Look, we never get this junk on OUR computers and we're using the same OS as you. I guess the problem must be you, not the OS".

THAT would go over well ;)

re: Beware of the dancing bunnies.

Edward — Sat, 16 Jul 2005 02:15:42 GMT

Except they do get it on their computers.
http://www.proudlyserving.com/archives/2004/11/all_my_base_are.html

re: Beware of the dancing bunnies.

bryan — Sat, 16 Jul 2005 10:43:04 GMT

the argument I'm hearing here is that the only security vulnerabilty that Outlook, and by extension I suppose Outlook express, has is that users open attatchments. This is so obviously not true that I am worried that the people making it are on Microsoft supplied drugs. This is the implication of the blog post, but it also a statement made by various commenters. This is so much bull, do I actually have to compile a list of links here to various Outlook vulnerabilities over the years that did not require anyone to open any attachment?

re: Beware of the dancing bunnies.

bryan — Sat, 16 Jul 2005 10:48:30 GMT

how about this list, boy so many vulnerabilities.

http://www.google.com/search?hl=en&lr=&c2coff=1&q=outlook+vulnerability++site%3Akb.cert.org&btnG=Search

re: Beware of the dancing bunnies.

David Candy — Sun, 17 Jul 2005 03:45:54 GMT

Vince,
As regards CPU fans, intel didn't trust OEMs to calculate the correct heatsink so they supplied fans with the CPUs so it didn't matter.

re: Next step down this path...

J.J. — Sun, 17 Jul 2005 17:15:50 GMT

"a) lock down workstation configuration (including Software Restriction Policies)
b) use Windows DRM
It's really not that hard (especially with MS software)"

Have you actually deployed either of those two technologies in a production environment, larger than your testing lab? The technology isn't ready yet and the industry isn't supporting them. Token effort, with no follow through.

JJ

re: Beware of the dancing bunnies.

Moz — Wed, 20 Jul 2005 05:38:34 GMT

Secrets and Lies... interesting title. There's another book called that by some guy Schneier as well. I prefer the first one (see URL)

re: Beware of the dancing bunnies.

Jeff Parker — Fri, 22 Jul 2005 04:58:13 GMT

Late Reply larry but you I was thinking about this and you know really there are other Dancing bunny's that do not even require code to run. Heck the user can be dumb enough to damage themselves. For example the jdbgmgr.exe Email hoax. This still continues to circulate the internet, it circumvents all virus software, requires no code to run.
http://www.sarc.com/avcenter/venc/data/jdbgmgr.exe.file.hoax.html

I think I have said before I work at a large Fortune 500 company and you know it seems every month some email hoax runs through and we get users calling the help desk. We even had one call one time while I was in the help desk area talking to a tech support guy telling him how to fix a problem. The problem was one user wanted to know why on the intranet I developed he was getting pop up adds for porn. I was walking him through trying to find the spyware this user somehow got installed. Any I over heard another help desk person telling someone that called "No Bill Gates does not have an email tracking program and he is not reading your email, and no I wouldn't count on him sending you a check later on." So yes while antivirus can help, locking down a PC can help, I am so thankful somedays that a vast majority of my apps are all server based. I do really love the days when I get to create windows services that run on servers even the Domain Admins can't mess them up.

re: Beware of the dancing bunnies.

bariswheel — Tue, 20 Sep 2005 12:57:53 GMT

Damn this is so well said. This article was called the stupidest ideas in computer security. I cannot believe the nerve in people trying to marginalize antivirus utilities...they must never have worked at a helpesk before.

The Dancing Bunnies problem and the need for application-level security

The Audio Fool — Sat, 19 Aug 2006 01:59:59 GMT

Raymond today has a discussion up about the folly of trying to set security with a granularity of per-DLL.&nbsp;...

Windows Security Blogs » Blog Archive » Beware of the dancing bunnies.

Windows Security Blogs » Blog Archive » Beware of the dancing bunnies. — Wed, 14 Mar 2007 02:36:59 GMT

PingBack from http://winblogs.security-feed.com/2005/07/13/beware-of-the-dancing-bunnies/

So why dancingbunnies? « dancing bunnies!

So why dancingbunnies? « dancing bunnies! — Tue, 06 May 2008 21:00:11 GMT

PingBack from http://dancingbunnies.wordpress.com/2008/05/06/so-why-dancingbunnies/

Secure System, Secure User - Code of Contact

Secure System, Secure User - Code of Contact — Wed, 12 Nov 2008 18:21:45 GMT

PingBack from http://blog.radvision.com/codeofcontact/2008/11/12/secure-system-secure-user/

Larry Osterman s WebLog Beware of the dancing bunnies | bird baths

Larry Osterman s WebLog Beware of the dancing bunnies | bird baths — Sun, 14 Jun 2009 17:50:33 GMT

PingBack from http://cutebirdbaths.info/story.php?id=561

Larry Osterman s WebLog Beware of the dancing bunnies | fix my credit

Larry Osterman s WebLog Beware of the dancing bunnies | fix my credit — Wed, 17 Jun 2009 04:56:26 GMT

PingBack from http://fixmycrediteasily.info/story.php?id=1977

Larry Osterman s WebLog Beware of the dancing bunnies | garden decor

Larry Osterman s WebLog Beware of the dancing bunnies | garden decor — Fri, 19 Jun 2009 10:18:07 GMT

PingBack from http://gardendecordesign.info/story.php?id=4295

Larry Osterman s WebLog Beware of the dancing bunnies | debt consolidator

Larry Osterman s WebLog Beware of the dancing bunnies | debt consolidator — Fri, 19 Jun 2009 18:04:17 GMT

PingBack from http://mydebtconsolidator.info/story.php?id=22971