Slashdot Mirror
Microsoft Worms and Global Routing Instability
James Cowie writes: "Fresh analysis here indicates that worm propagation periods correlate very strongly with global BGP routing instability, as measured by sustained exponential increases in the number of prefix announcements and withdrawals seen in BGP message traces."
If you're trying to suggest that the story submission is unfair in alleging that Microsoft worms are causing this instability... well, that's exactly what the paper is saying, eh?
The worms produce just a kind of DDOS and routers are expected to take a hit. If there are a lot of IRCbots attacking randomly, you'll see the same.
¦ ©® ±
Linux == Good
Internet == Good
BGP == Good
Microsoft == Satan
Outlook == Bad
IIS == Bad
IE == Bad
Worms == Bad
Corporations == Bad
Score:5 Informative
That's fine for casual conversation, but professionals and those writing formal papers need to steer clear of this sort of propaganda. I was going to criticize Slashdot for stating it that way, until I realized that the original authors used that same phrase. Calling it a Microsoft worm is really a distortion, and it's the kind of thing that can damage the credibility of the author. If you're preaching to the choir, that's one thing; but if you're trying to produce a study that will actually persuade a 'non-believer,' you need appear as unbiased as possible.
What we are seeing here is evolution happening on the internet. When we (humans) became the dominating species on earth, viruses started spreading amongst us. The same thing is happening among computers now!
We have two choices to fight this problem:
1: We can try to fight it using antivirus-programs, which is equivalent to using medicine to cure our viral diseaces. We already know that this means fighting an uphill-battle, because protection against the unknown is hard, if not impossible.
2: We can try to bring more diversity to the operatingsystems and programs we use. This would automatically decrease the viruspopulation, because a virus designed to infect more than one program/os/specie, would have to be far more advanced, and would thus lower the probability for it's existance. And in the case of computers, the bugs on one platform/program is rarely the same as the bugs on another.
That's fine for casual conversation, but professionals and those writing formal papers need to steer clear of this sort of propaganda.
I completely disagree.
'Cancer', 'Intellectual property destroyer', 'viral like' these (amongst others) are all terms that Microsoft has associated with the GLP and hence linux when communicating with their customers. And look how effective they've been - they have got loads of press coverage about it. And the terms are misleading, and in the case of 'cancer' just downright offensive.
To describe the Nimda virus or the Code Red virus as Microsoft worms is not misleading at all - it is difficult to argue that they are not Microsoft worms, after all.
I think this is a great idea. May I also suggest 'Outlook viruses' as a term we should use to cover Outlook specific email attachment viruses.
Some people refer to them as MSTDs which I think is pretty funny and accurate.
The patches to prevent these worms were out for ages. It's just that system administrators and others never installed them. So Microsoft has quite an out there, and for some reason the businesses that whine about the costs of these worms never seem to be looking to their own admin staff and asking them why the hell those patches were never installed.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
But what is the point? Anyone with an internet connection will have no doubt experienced the instability. ... so I'm a bit unclear on why this study was called for
It's an analytical tool called a scientific proof. Believe it or not, anecdotal evidence (like you suggested) is not enough to prove your intuition that IIS worms influence global routing stability. You need scientific evidence to prove a hyptothesis such as this.
- j
I just had a brilliant idea!!!! If the MS worms are indeed proved to be causing the routing problems, then the big network companies and all their customers can then legitimately launch a real, valid class-action product liability lawsuit against MS for MS's products causing them tangible harm and then seek a legal remedy.
Calling it a Microsoft worm is really a distortion, and it's the kind of thing that can damage the credibility of the author.
And what is being distorted ? Truth ?
Until worms start to propagate efficiently on other platforms, this problem is strictly limited to Microsoft products and calling it "Microsoft worm" is a reflection of reality.
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
Isn't that a little like calling a forkbomb "a humble process"?
The "cue the foo posts in 3, 2, 1..." posts will commence with no subsequent foo posts in 3, 2, 1...
Nope, sorry a tabbaco virus is a tobbaco virus because it destroys tobbaco crops. These worms are MS worms because they destroy MS boxes which then attempt to destroy everything. It's time the world knew about it.
You won't hear the popular press refering to "another MS worm", however. They would not risk losing their piece of the $1,000,000 advert budget MS has for XP. As you see, "professionals", and those writing formal papers are free to call the thing what it is and should. The popular press will get it sooner or later.
You and I should not censor our own speech for MS and their sloppy wares.
Friends don't help friends install M$ junk.
Okay, I just put the subject to troll for readership... Hehehe.
Actually, though there may be a direct connection between routing problems and Code Red/Nimda activities, it's still a routing problem and to my regret, I can't lay any direct blame on Microsoft for this one.
Okay, it only runs on Microsoft platforms... That's not enough. If the probes/propogation (as opposed to sheer traffic) are responsible for this then it's an issue that should be addressed with the router people. Clearly their firmware isn't written well enough and should be patched to handle this problem.
Additionally, ISPs should start cutting off infected users without hesitation now. The attacks are now more than simply annoying in the way it fills up my logs. They are now affecting the whole damned internet. This affects just every commercial interest and should be motivation enough I think... (complaints of the people are never enough, but start playing with or threatening money and you will get someone's attention eh?)
What are the positives surrounding Code Red/Nimda? Well, though they have managed to keep their sunglasses on it's still a black eye for Microsoft. And while the argument has been made that patches have been available long before this mess has started, blame can be placed on Microsoft for a different reason.
It's not the presence of patching that is at issue. Rather, it's about default configuration(s) at install time and Microsoft's neglect over issues of reasonable expectation that its users are smart enough to to know how to turn things off or even know they are running.
Microsoft's users, as Microsoft is aware, tend to install "everything" when installing their OS. Why? A number of reasons -- because they don't want to miss out on any cool toys or because if they need something later, they don't want to be forced to reboot to use it. Microsoft is aware of this.
Microsoft knows that a majority of its usership is not trained to understand the implications or potential problems of running services on the internet. These same users cannot be reasonably expected to understand beyond "if it ain't broke don't fix it." Unpatched, their servers appear to be working JUST FINE don't they? So the infected users probably don't believe they have a problem either because they don't see the symptoms or they don't realize they are running IIS at all.
Microsoft, as a mature and responsible technology company marketting to idiots must share more blame than they have been accepting at this time. This might be seen as Microsoft serving its "MS Coffee" too hot for its customers. (ref: the lawsuit where the woman sued McDonald's for serving coffee that was too hot and was negligent in affixing the lid on the container.) They have overestimated the intelligence of its usership for far too long and now this is the price we all pay.
The point, is clearly stated in the article: Contrary to conventional wisdom, what were thought to be purely traffic-based denials of service in fact are seen to generate widespread end-to-end routing instability originating at the Internet's edge.
Maybe the "highway" analogy works here. Everybody knows that the Internet goes all flaky during worm propagation, but it's been assumed that this is simply due to too much traffic. This report is saying that it's more fundamental than that: during worm propagation, for as yet unknown reasons, many of the direction signs disappear at the intersections! Not only are the roads full, but many of the cars can't find where they're meant to be going...
Very shortly after the beginning of Code Red this ceased to be about server admins. The boxes being infected by these viruses now are home or non-power business users who have IIS enabled by default. Why by default? Because MS doesn't care about security. Why not throw in features most users won't need by default? What's the harm? Oh, we're destroying the stability of global routing? Oopsie.
The majority of the IP addresses spreading these viruses show the default homepage if you go to them. Because the home or casual business users running these boxes DON'T KNOW what IIS is, or that they have it enabled, they DON'T KNOW that they're vulnerable or infected. These are the people that criticalupdate would reach. These are the people that need the patches. By NOT pushing this patch, MS is leaving the situation as it is, and it will never get better. To repeat - security conscious server admins are having their network hammered by this virus not because other server admins are lazy - but because many non server admins have operating systems with IIS enabled by default, and MS is making no attempt at all to reach those people despite the fact that the situation has not improved.