In a blog written by Anup Ghosh, founder and chief scientist at Invincea, Inc., he suggests that in order to protect the network, security decisions should be taken out of the hands of the user, making their mistakes irrelevant to the overall security footing. With fake
anti virus relying on panic to get the user to run the software, malware can spread without requiring a vulnerability on the user’s system. Fake A/V is a class of malware that actually claims to provide malware protection by displaying a warning that the system is infected , spurring users to click on the box which in turn downloads and runs the malware.
“We should all know what to do – stop trusting the user to make good security decisions. They aren’t security professionals – and despite our annual or semi-annual attempts at training them – they never will be. Given the sophistication, sheer volume and rapid evolution of malware, user training is not a realistic solution to keeping malware at bay. We need to introduce and embrace innovative new solutions – a new defense in depth – that starts with a better model for protecting the user. We need to protect the network from the user and the user from him or herself. Take security decisions out of the hands of the user…make their mistakes irrelevant to your overall security footing.”