If only dangerous sites came with warning signs
Contents
- The Internet is Lawless
- DNS is Dumb
- Don't go to a Third Party
- Wrap Up
Yesterday, one of my aunts asked me a question regarding updating her Adobe Reader. She had been cautioned by one of her friends, via Facebook, that she needed to be careful where she got her update from. Here's her exact warning:
" Here's an advanced warning: if you have to update your Adobe Reader DON'T get it from GetAdobeFlash.com. The page redirects to a malicious page that invites users to install Flash Player 10 - which instead installs a dangerous rootkit. It will lead you to Sirefef (ZeroAccess aka Max++), probably the nastiest piece of malware circulating on the 'net right now."
A rootkit is a piece of malware that will give someone root level access to your computer. If you think about your computer in terms of the government, root is the president. With root access, someone can view your every move you make on a computer, steal any information they want, and, just for fun, slow your computer to a crawl.
Obviously, this is no good. But how can the internet allow such a terrible thing to happen? I mean, getadobeflash.com looks like it'd be a legitimate place to update flash. There are a few things about the internet that are important to know in this situation. First, the internet is lawless, like the old west. Second, the DNS that is used to help you get to the sites you want is stupid; it has no intelligence built into it. Lastly, this doesn't deal with the nefarious nature of the internet, but reputable software companies wouldn't have an update at a third party site.
The Internet is Lawless
People tend to think of the internet as if it were a well structured, organized and regulated entity. That isn't really the truth; the internet is the old west. The internet is too big to regulate and provide standards and practices for. The internet is that bad neighborhood where the Post Office refuses to deliver to. The internet is just a loose collection of networked computers. As it continues to grow, there is more and more complexity added, but it is still that military experiment from the 60's and 70's; it's just much bigger. To survive on the internet, you have to think every site is out to get you. I know paranoia is usually not a good thing, but it's just good common sense online. Predators feed on naivety online.
When you visit a site, there is no standard body that says it's content has to conform to a certain set of guidelines. Heck, there's nothing that says a site has to do anything actually. A site can, and believe me they do, try to install a virus the moment you enter it's doors. I'm not going to go through all of the ways to stay safe online, but that article will get you up to speed. If you need further proof that the internet is a dangerous place, check out my article about internet scams to look out for.
DNS is Dumb
This may sound like hyperbole, but it really isn't. The DNS does not "think" or use any kind of logic. The Domain Name System, or DNS, is a system that converts your nice and pretty URL; like www.nerdywerds.com; into an IP address. An IP address is a numeric address of a resource on the internet. A computer has no idea what to do with "nerdywerds.com". But the DNS helps your computer out by deciphering our human language into a computer friendly resource address. The DNS is essentially a glorified translator. But without it, you'd have to know an IP address for each site, like "74.125.65.147". That's an IP address for google.com by the way.
So why is this bad, you might ask. The DNS just links URLs with IP addresses. So if a site sets up shop at www.cutecats.com, the DNS would have no problem with that. It will gladly link that URL with an IP and start sending people that way. Because the DNS is dumb, and the internet is lawless, cutecats.com does not have to feature cats, cute or otherwise. It can be a pornographic site, a virus breeding ground, a technology store or anything else. The DNS is very trusting, it works under the assumption that people know the content of the site they are about to visit. So from the message at the top, the DNS assumes you know what www.getadobeflash.com is all about.
The DNS also doesn't differentiate between nearly alike spellings. It will not hesitate to send you to www.bancofamerica.com or bankofamerican.com. The DNS will be quite happy to oblige your requests. These sites may even look exactly like the real Bank of America site too. But when you put in your login information, instead of accessing your account, you'll need to call the fraud department. There are no rules in the DNS about similar sounding domain names. To avoid failing into this trap, know that reputable sites will have SSL certificates, and you'll see “https” in the address bar. Disreputable sites avoid this added expense.
DNS scams are some of the more insidious ones on the internet. Because they take advantage of the trusting nature of people. So good, well-intentioned people go to that site looking to update Flash, and leave with a rootkit. Or people think their finding pictures of cute cats, but instead find some unsavory pictures. The DNS is great because it allows us to remember a simple phrase instead of an IP address, but it does come with some drawbacks.
Don't go to a Third Party
In our scenario above, about updating Adobe, there are a few simple ways to avoid this scam. First of all, Adobe would not send you to a third party site to upgrade your software. Your Adobe software checks to see if there is a new version every so often. If there is, it will pop up a window on your desktop with a button to install the update. They would not send you elsewhere. Most reputable software providers give you messages within the application that needs updating. Secondly, if Adobe were to make you go to a website to upgrade, it'd be www.adobe.com/ something. They wouldn't buy a domain especially for updating. I don't trust any site that isn't part of the companies main domain for upgrades, and you shouldn't either.
