Slashdot Mirror

Similar? Shoddy and incompetent investigation by the fired employee's superiors.

The whole vmyths.com site is extremely interesting. Funny too. I highly recommend it.

Similar? Shoddy and incompetent investigation by the fired employee's superiors.

The whole vmyths.com site is extremely interesting. Funny too. I highly recommend it.

Virus Myths by Rob

This website talks about hype on the Internet and the worst of the fear mongers.

That was, reportedly, reduced by allowing a contraban printer to "slip through" blockades on goods to Iraq. The printer had a virus that spread through the air defense network.

This hoary April Fool's joke lurches into the sunlight again, thanks to GMontag. Go back to sleep, and shame on whoever moderated this up.

VMyths rantings often discuss this fellow.

So what was so great about Clarke? goombah99 says Clarke made "blunt staements on the to the need to avoid erosion of privacy rights" and that's all fine and good, I suppose.

However, everyone here seems entirely unaware that Clarke is the same dumbass that tried to warn everyone of the prospect of a digital Perl Harbor. In this keynote adddress, Clarke exploits the 9/11 tragedy to stir up peoples' fears by saying that the U.S. is vulnerable to the "functional [electronic or Internet based] equivalent of four 767s crashing into buildings, not the little car bomb." To me, he just seems like a big time fearmonger.

Apparently, the only kind of statement Clarke knows how to make is the blunt kind. I'm not surprised he's leaving.

Gibson is an uneducated, non technical, hype obsessed idiot. Check out grcsucks.com for more.

As much as I hate being in the position of having to defend Steve Gibson, here I am. From the URL you referred to, we get this:

We value your help and like it when you refer other poeple to this site, but please do not link to this site and brand Mr. Gibson as a scam, he is not (per se).

I've been all over grc.com. I've read some of the stuff that's there, and I've used some of the programs. Based on all of that, here is my opinion of Steve Gibson:
He is a good programmer, by which I mean to say, he can produce programs that look good and actually work as advertised. That's cool.
He has a strange obession with coding things in all-assembly. He points out that the benifit is that the program takes "not one byte more than necessary." He glosses over the fact that this chains his programs into the Win32 world very strongly.
He has an ego problem. Also, he seems to think that it's his right and obligation to try and help people by telling them how the Internet is an unsafe place and raw sockets are totally evil and dangerous.

I'm not sure if that was clear or not. What I'm trying to say: I think Steve Gibson has contributed a few quite useful programs and services to the web. (I've used his remote port scanner thing many times.) However, it seems he's got the all-to-frequent paranoia problems and maybe a messiah complex. Oh well. As long as you don't actually believe anything on grc.com, it's all good. :-)

I believe this page does a good job of explaining the workings of Steve Gibson. (But then, I've never met the man, so I could be totally wrong.)

Gibson is an uneducated, non technical, hype obsessed idiot. Check out grcsucks.com for more.

As much as I hate being in the position of having to defend Steve Gibson, here I am. From the URL you referred to, we get this:

We value your help and like it when you refer other poeple to this site, but please do not link to this site and brand Mr. Gibson as a scam, he is not (per se).

I've been all over grc.com. I've read some of the stuff that's there, and I've used some of the programs. Based on all of that, here is my opinion of Steve Gibson:
He is a good programmer, by which I mean to say, he can produce programs that look good and actually work as advertised. That's cool.
He has a strange obession with coding things in all-assembly. He points out that the benifit is that the program takes "not one byte more than necessary." He glosses over the fact that this chains his programs into the Win32 world very strongly.
He has an ego problem. Also, he seems to think that it's his right and obligation to try and help people by telling them how the Internet is an unsafe place and raw sockets are totally evil and dangerous.

I'm not sure if that was clear or not. What I'm trying to say: I think Steve Gibson has contributed a few quite useful programs and services to the web. (I've used his remote port scanner thing many times.) However, it seems he's got the all-to-frequent paranoia problems and maybe a messiah complex. Oh well. As long as you don't actually believe anything on grc.com, it's all good. :-)

I believe this page does a good job of explaining the workings of Steve Gibson. (But then, I've never met the man, so I could be totally wrong.)

(moderator note: no, this comment isn't redundant--the article posted was that bad.)

Before everyone goes out to destroy the evil, ugly, insidious worms skulking in cyberspace waiting for the time when the stars are right to destroy us all, please go here.

I used to get a lot of these. First find a case of that letter on a anti hoax site saying that it is a hoax. Reply and tell them they have been hoaxed. If they are forwarding it to a lot of people then forward the anti-hoax information as well. Having backup from a anti-hoax site reinforces your statement and they will look like an ass and think twice before sending such letters again.

Some Anti-hoax sites
Hoax Busters
Virus Myths
Just search on google for urban legends and you will get more sites.

You mean for once the Antivirus companies are going to HELP us?

Big difference from selling virus code to China.

Someone here has alluded that you can't scan for this malicious file. I'm curious why not?

Vmyths ought to steer this OP right.
Mr. Gibson does about as much good for computers, as Symantec Antivirus does for JokeADay.com.

This is wrong...you don't need the source to a program to alter the binary. The only difference between altering the source code and infecting a binary is that the binary is always some "magic code" that has to be trusted...think of it, a trojan that isn't "in the wild" could be inserted into any of your favorite closed-source programs and the only way you'd find out is if it was malicious or someone happened to find out. This is how many viruses like Michelangelo propagate...no one knows about it till it's too late...your anti-virus software can't protect you against viruses/trojans that it doesn't know exist...

With Open Source, this kind of stuff isn't as easy to pass off...there ARE ppl that frequently review the code (yea, not every day)...but I'ld be supprised if anything like this lasted for much longer than a week or 2...OpenSSH's FTP source was only infected for 1-2 days...

As I said before, a "very destructive trojan" was inserted onto the main distro site of PKzip.

I completely agree that Internet terrorism is a myth. We also need fewer regulations based solely on the Internet, and more enforcement of the laws we already have in place. Fraud for example is in existence in the real world too, so fraud on the Internet should be dealt with the same as a mail fraud would be.
People who want to hear some straight talk on Internet security, and the bumbling NIPC that has taken on the responsibility for it, should visit Vmyths.com There are great articles there to dispell virus myths, and also documentation of the FBI gaffes from over the years. If e-terrorism were possible, it would have made the news by now, in more than just a "science-fiction" light.

Countdown until Rob Rosenberger has a nervous breakdown begun... 10 ... 9 ... 8 ... 7 ...

Here's a good piece on Vmyths about mi2g. They're full of it. I wouldn't be surprised if the entire "report" was based on a sample of two machines. On a home network. With an inquisitive teenager around :)

For more on exactly this topic, see Vmyths.com. It's over the top at times, but there is some interesting speculation, rumor, and commentary there. The delivery to China of a cache of viruses by the anti-virus industry is a particulary interesting and some other established media outlets are picking up the story as well. Not affiliated, yada, yada.

For more on exactly this topic, see Vmyths.com. It's over the top at times, but there is some interesting speculation, rumor, and commentary there. The delivery to China of a cache of viruses by the anti-virus industry is a particulary interesting and some other established media outlets are picking up the story as well. Not affiliated, yada, yada.

It's been more-or-less common knowledge that McAfee has done this since the Michelangelo scare in 1993.

I recommend going to vmyths.com to read their "rantings" section.

Let me predict that about 50% of the replies in this thread will consist of arguments like "Well even if we did get rid of MSFT products we'd still have a virus problem: look at staoG or Bliss or Ramen or the '88 Internet worm."

Those replies are guilty of a flaw called The Excluded Middle where one argues that a situation that in reality has a spectrum of situations only has the 2 extreme cases. In this case the replies will say that even Linux has viruses and worms (true and probably inescapable for a Turing-complete computer) so doing away with the source of 99.44% of viruses and worms won't solve the problem.

Of course this is crap. I'm still getting hits from Code Red I v2 nearly 10 months after it was released. When was the last time you got a sadmind/IIS hit? The problem isn't to eliminate 100% of all worms chainmails and viruses the problem is to keep worms chainmails and viruses from ramping up the exponential part of the logistics curve.

Reading through the story, I couldn't help but be reminded of all the reports about how the Pentagon had disabled Iraq's air defense during the '91 Gulf War network by installing a virus-launching chip in a printer that was being shipped to Iraq. Got a lot of serious play from the mainstream media back then, and still pops up from time to time.

Have anti-virus software installed that checks avery 2 or 3 hours for updates.

OK, so how long before you recommend to admins that they update every hour? Or require continuous persistent updating?

Not only is there not enough bandwidth at an admin's site to handle the anti-virus updates alone (never mind vendor patches), the anti-virus firms don't have enough bandwidth to service all those admins all at once.

I think Rob Rosenberger described it best.

We give away (computer) viruses to China all the time:
http://vmyths.com/rant.cfm?id=316&page=4
http://vmyths.com/resource.cfm?id=49&page=1

Maybe someone should tell the CIA?

We give away (computer) viruses to China all the time:
http://vmyths.com/rant.cfm?id=316&page=4
http://vmyths.com/resource.cfm?id=49&page=1

Maybe someone should tell the CIA?

We give away (computer) viruses to China all the time:
http://vmyths.com/rant.cfm?id=316&page=4
http://vmyths.com/resource.cfm?id=49&page=1

Maybe someone should tell the CIA?

But there is! Virus Myths

The "A-V" people deny this sort of theory with perhaps a bit too much vigor. See The Virus Creation Labs by George Smith.

Also, the "A-V" people really do depend on a constant stream of new viruses, trojans, worms, chainmails, etc. They've got a distinct conflict of interest going on.

Really though, I serve as a virus debunker for many of my less than computer literate friends, but it would be nice if there was a public site for this sort of thing, that picked up e-mail hoaxes and displayed them for what they are, meanwhile addressing real problems and how to fix them.

There you go.

Agreeing with many posters here on the 'importance' of tech in the 'war on terrorism', here are a couple of mirrors of a story that first appeared in The Weekly Standard.

maxwell.af.mil
Geocities
a canned Google search

And while we're at it, have a look at Osama bin Virus.

apparently this editorial about Trustworthy Computing was missed.

Ages ago, there was something of a scandal in the news when a prominent anti-virus company CEO warned of a doomsday of a new virus or worm making the rounds. Of course, sheep bought the software, but nothing much materialized and the CEO resigned in disgrace after being accused of trying to create a market by scaring people, some people went so far as to suggest the particular company was actually the orgin of virii and worms. Wish I could remember who that was, maybe this is article alludes to it (the Michelangelo virus)

See here for the kind of stuff this guy's going to be working on.

I read a good article about this written by a phd in microbiology. It contains many more facts that I haven't discussed. You can read it here [villagevoice.com].

The author, George C Smith, has other techy-related achievements more relevant to many Slashdotters than "a phd in microbiology" -- author of The Virus Creation Labs, compiler of The Crypt Newsletter, frequent contributor to the Virus Myths stupidity-debunking site vmyths.com...

And he's dead funny, too.

BTW, "virus" throughout the above links refers to our old friend, malicious code, and not some new terror attack. (And anthrax ain't viral).

vymths.com typically has debunkings of numbers like this.

It's definitely recommended reading for any geek. The introductory section is here.

I don't buy these numbers. These exorbitant figures are created from generous estimates of downtime, repair costs, and so forth. In addition, they take into consideration elements only tangentially related; I think that anybody with their Michael Shermer hat on can tell that a more serious inquiry than this is required.

(But, then again, this would be good fodder for anti-Microsoft arguments. Now how ethically responsible would that be?)

vymths.com typically has debunkings of numbers like this.

It's definitely recommended reading for any geek. The introductory section is here.

I don't buy these numbers. These exorbitant figures are created from generous estimates of downtime, repair costs, and so forth. In addition, they take into consideration elements only tangentially related; I think that anybody with their Michael Shermer hat on can tell that a more serious inquiry than this is required.

(But, then again, this would be good fodder for anti-Microsoft arguments. Now how ethically responsible would that be?)

I'm surprised the contributor didn't mention Rob Rosenberger who more or less coined the phrase and whose site has been devoted to fighting it for ten years now. Or maybe someone farther down the line has already mentioned this? Whatever. Check out http://vmyths.com for a look at FAS at the source.

I never reply until I've researched the hoax and/or truth and proven to myself, at least two different ways.

The best way to ruin my credibility is to send out ONE wrong email.

I sign everything I send, including my phone number. If I'm not willing to have my full contact information forwarded to someone else along with my conclusions, it needs more research.

When I don't know the answer, I tell them so. And I recommend they just ignore it.

When I find it's a hoax, I ask them NOT to forward this conclusion until they've done the same research, and are willing to append their own conclusions. The propagation method of all hoaxes is thoughtless, research-free forwarded email.

If it turns out to be true, I make a point of including links to whatever authority I can find.

If it turns out to be false, I include links to at least two web sites that debunk the hoax/myth.

Finally, I almost always recommend that they take a minute to browse the Kumite Virus Hoaxes and Myths web site (seems to be down at the moment but it's a good review of quite a few common hoaxes).

Code Red I: 1.2 billion dollars
Code Red II: > 1.2 billion dollars (presumably, since it's badder than the original)
Being a trolling AC on Slashdot: priceless

There are some things that money can't buy. For everything else, there's Micro$oft.

No, he's a proponent of promoting Steve Gibson. One year it might be polymorphic viruses are going to kill all our computers, the next Linux is going to kill the internet.

No, he's a proponent of promoting Steve Gibson. One year it might be polymorphic viruses are going to kill all our computers, the next Linux is going to kill the internet.

Here's a few, mostly virus-related links (some are a little outdated):

www.quackwatch.com
hoaxbusters.ciac.org
urbanlegends.miningco.com/library/blhoax.htm
korova.com/virus/hoax_index.htm
www.vmyths.com

... Rob Rosenberger. He is the owner of Vmyths.com, the site about computer virus hoaxes and myths. He's been dealing for years with stories about threats or outbursts of viruses. Maybe he has insights on the alleged cost of these attacks.

Nobody actually knows how much viri cost, because nobody records any data about the viri or their activities. (See this article at VMyths.com for a good discussion.) All these numbers are estimated from anecdotal evidence; a lot of the damage comes from "preventative measures" (like shutting down your entire email server for two days so some virus doesn't come along and shut down your email server); and a good chunk of these numbers come from other press reports, which get them from other press reports, which get them from people who were "estimating" (read: making them up) on the spot.

-Erf C.

Nobody actually knows how much viri cost, because nobody records any data about the viri or their activities. (See this article at VMyths.com for a good discussion.) All these numbers are estimated from anecdotal evidence; a lot of the damage comes from "preventative measures" (like shutting down your entire email server for two days so some virus doesn't come along and shut down your email server); and a good chunk of these numbers come from other press reports, which get them from other press reports, which get them from people who were "estimating" (read: making them up) on the spot.

-Erf C.

Case in point, back during the Michelangelo fiasco in 1992, John McAfee claimed that "5 million computers were infected, which was nothing but hype on his part, especially as he later contradicted himself (on March 6th, 1992) by saing that only 10,000 machines had been hit.

</rant>

--

Does a company who cares so very little about security belong in your server room?

And I thought Linux fanatics were beyond FUD.

Stop blaming Microsoft for your virus woes. If ILoveYou came into your computer and trashed it - too bad, that's not M$'s fault.

And billions were not lost to ILoveYou or any other program like it.

The only reason this hasn't yet happened with Linux desktops is, well, there aren't nearly as many Linux desktops because there's no standardized desktop distro (see prior post) and no common e-mail software for any desktop environment. OK, Netscape 4.7 maybe. But the guys at DigiCrime could show you how to do these things to Netscape and maybe write a Javascript trojan, and even circumvent the "sandbox".

Does a company who cares so very little about security belong in your server room?

And I thought Linux fanatics were beyond FUD.

Stop blaming Microsoft for your virus woes. If ILoveYou came into your computer and trashed it - too bad, that's not M$'s fault.

And billions were not lost to ILoveYou or any other program like it.

The only reason this hasn't yet happened with Linux desktops is, well, there aren't nearly as many Linux desktops because there's no standardized desktop distro (see prior post) and no common e-mail software for any desktop environment. OK, Netscape 4.7 maybe. But the guys at DigiCrime could show you how to do these things to Netscape and maybe write a Javascript trojan, and even circumvent the "sandbox".