Slashdot Mirror
Viruses: More Hype than Danger?
blankmange writes "CNN is carrying a story on how the big virus scares within the last year or so have been just that: scares, usually hyped by the media with software companies standing by to reap the profits. 'The market for computer security is booming as PC users become more aware of the need to protect themselves from worms and viruses.
"Code Red" hit the headlines in July last year, with dire predictions that the PC worm would cripple the Internet. Yet in the end, Code Red didn't even make the year's virus Top 10.' PDAs are the next marketing target, along with cellphones."
My mom always said to take things with a grain of salt - and always question the reputation of the source.
When I was a kid Number One and Number Two was never something you wanted to be.
People should be glad the vulnerabilities were not exploited to a greater extent and keep on working to keep things secure.
If people broke into my house one night and left after defacing my home, but didn't take or destroy anything - I'd still be pretty upset. And if it was because I'd left the front door open- I would really think about closing it and installing a lock (or locking it if there was already one that I had just left unlocked).
.
It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
Probably still the most damaging as far as I have experienced... the majority of problems with viruses i see are users passing on pretty obvious viruses.. maybe the answer is in the education rather than the protection
the day i get a virus on my cell phone or pda is the day i throw said cell phone or pda into the windshield of whatever SUV it was that beamed it to me accidently whilst turning around to hit their children.
slashdot: where everyone yells sarcastic metaphors to themselves to understand the issue
yah without consulting the list of the "top ten" virii, i would say the ones that get passed by floppy and email via word and excel documents are probably actually the most common ones...
not the ones that have been hyped.
i remember the ones that used to be really ubiquitous in the DOS/win3.1 days were the boot sector virii... those things were everywhere! and they could be passed on by floppy
It's just like the local weatherman.
They are the first to predict 18 inches of snow for a storm that produces only six. News sources love reporting gloom, doom and disaster, for it increases viewership/readership.
No one cares to hear "Nothing to see here, movealong".
If I weren't nailed to the penis, I'd be pushing up the daisies!
But without the hype there would be more people without anti-virus software. We don't see a LOT of viruses hit our mail server, but we do see a few every day. If one of those got in and a user ran it, we'd be in trouble.
Better safe than sorry....
It's a good thing that Code Red was such a flop. Considering the # of hits my apache server gets every day from CR/nimda, I'd hate to see what would happen if it were still around.
jred
I'm not a mechanic but I play one in my garage...
Without the hype, nobody would take care about using any antivirus software and the virusses could course great problems. Now the hype makes sure people are (more or less) protected.
Of course the security companies are going to strongly emphasize the risk of viruses, it should be expected-- it's what they do!
For news sites... they make everything overly dramatic. Maybe that's the problem.
What this article is really addressing IMO is the fact that news sites like to exploit people's fears in order to increase readership/viewership. That's an across-the-board news problem, not a virus problem.
mark
If you want to make an apple pie from scratch, you must first create the universe. -- Carl Sagan
As I hold a delicious red caffienated beverage in my hand, I can't honestly say that the Code Red scare was all bad. :)
Cynicism, like dogmatism, can be an excuse for intellectual laziness. - Susan Shirk
The "Top 10 for 2001" they are referring to are listed here.
En español aquí.
Funny, they all seem to have something in common...
eWeek has an article about how Microsoft Windows Update has actually removed hot fixes, causing a site to be re-hit by Nimda.
And poof... There goes loads of old work, and here comes lots of fixes. There is a developer I work with that continually infects the network with viruses because he refuses to run antivirus software. Unfortunately he's got seniority so I just have to clean up his mess. Pathetic really.
...at }.,mbnvnfc`
or
(b) sex with a mareSee where that got you now!
Where were you when this was happening. These viruses affected me and i don't run windows. I'm still getting hits on my webserver. I think the viruses last year showed just how bad things have gotten.
I'm a firm believer in revoking i-net privledges to employees who are stupid enough to send much less open attachments of the exe or macro variety.
The hype around viruses are by far the largest problem to me, and to many of my fellow tech savy coworkers. Most of us run home web servers, and when Code Red came out our ISP's premptively closed port 80 on all of it's customers to "prevent Code Red from damaging our ability to run a personal web server", wait a minute here... you're shutting down our web servers... so that Code Red can't shut down our web servers... good job guys. That totally ignores the fact that I run Apache too... oh well, cloaked redirection for me.
Really though, I serve as a virus debunker for many of my less than computer literate friends, but it would be nice if there was a public site for this sort of thing, that picked up e-mail hoaxes and displayed them for what they are, meanwhile addressing real problems and how to fix them. There are a couple for the more technologically gifted (such as Norton's anti-viral research labs) but there really needs to be a good "for the average user" site.
It's marketing. That's all.
Look at your Best Buy [boycott!] ad next time it comes. You always see rebates for *NEW!!* AV software and Peter Norton's products.
They never work with the older versions of Windows - and these companies always make a fortune off of new releases of that OS.
So why buy stock in Microsoft when you should be buying it in McAfee and Symantec.
Get your Unix fortune now!
Well, Code Red like exploits are still floating around looking for hosts.
They ought to be considered more like parasites than viruses. But I guess the analogies to biological organisms make for more sensational news.
If you were warned of the Ebola virus on one hand and the dangers of ghiardia in drinking water on the other hand, which would you get more excited about?
I can see the headlines now:
"Provided by the management for your protection."
What did you expected from this superious Computer Ecosystem from Microsoft...
[My english is better than most other people's Turkish, so please point out mistakes politely. Thank you.]
I had and all i got was this stupid T-Shirt
Sigs are bad
I guess then CNN can produce an article about how it wasn't really hype after all and then, after everyone has forgotten about viruses, they can start hyping virus stories again. Then they can have a story about how much they are hyped. And then they can have a story about how there used to be stories about viruses and how they died down and now they've come back.
Endless stories without having to research anything. It must be fun working in media.
-- SIGFPE
I keep the virus software on my machines up to date and have never had any problems. What I find the most annoying is all the "There is a new virus that you need to know about... pass this along to everyone you know" emails. When a new virus hits CNN, there are more of these messages in my inbox than there is spam. On the other hand I've never had a virus emailed to me so maybe my informing these people of the need to use common sense and good virus software has helped :)
------
Objects in Mirror are Losing!
At least this ensures that poor security gets bad press, and forces vendors insecure vendors to clean up their act.
I've been having unprotected internet communication since I was 13 or so. I have never received a virus, not from email, not from programs.....nothing.
So I do, in fact, consider it to be hype. You either get a virus if (a) you are stupid, or (b)you are unlucky.
CNN fails to see the real impact of these viruses. sure they are not messing up users computers, deleting files, etc... but they are a burden most on the poor sysadmins who have to reboot mail servers because the logs fill up or because sendmail simply clogs with the extreme volume of outgoing mail that some viruses/worms generate. the regular consumer is not affected by the problem directly. they are merely a carrier of the virus. they are indirectly effected with mail server outtages, but they usually blame the ISP for poor protection, rather than having virus protection software installed in the first place.
This guy has made a whole website about the "myths" of viruses
http://www.vMyths.com
Something smells fishy if a billion dollar business depends on these creations, and who knows more about them and how they work and how to create them than anyone else ?,
consipracy or our friends and saviours ?
Which top 10 list are we talking about here? The top ten Outlook worms? Top 10 viruses stopped by antivirus programs? Top 10 trojans?
Code Red (and derivitaves) were a major pain in the ass. My servers don't run any MS software, but Code Red still affected me. It kept hitting my ports, over and over and over again. That sounds like a minor annoyance, until you are using more than eth0. Think virtual hosting.
I also was lucky enough to have a number of clients that were using Cisco 678 DSL modems. Anyone remember that? Code Red locked them up. Until a patch was applied, they locked up every time they got a Code Red request. I knew of some people that would go and reset the Cisco, and be down again before they got back to their desk.
It may not have been the typical user spread virus, but it made my #1 last year, because I'm not stupid enough to use Outlook.
If people are more aware of the potential damage such things can do, they are more likely to be able to avoid it. Just about everyone knows someone who's gotten hit by a virus and lost work because of it. Also, virus-checking and firewall technologies have made their way to the masses in the last year or two. How many PC's do you know of that DON'T have a virus scanner? Most new machines come with at least a virus scanner and often a firewall/IDS. Joe User doesn't have to know he needs one and go get it, it's already there.
"This message is composed of 100% recycled electrons."
Disclaimer: I worked for a company that produced anti-virus software in the early 90s that was sold to Symantec.
Strange women lying in ponds distributing swords is no basis for a system of government.
The comment says that Nimda didn't make the top 10.
While true, the reason why it didn't is easy to find. It is _not_ because it was less virulent than the other viruses, but just because the target were hit by milder viruses beforehand and thus increased their level of protection. If Nimda had hit first, not only it would have been No 1 in the chart but it would be it by _far_, and also the internet _would_ have been cripled. After all, no connected Windows computer running IIS or outlook or file sharing would have been spared.
Artaxerxes
Yep.. There was this awful thing called "Code Red" which was crippling the WHOLE Internet, but luckily Microsoft released a patch which administrators need to install on their computers which will make them secure against this menace. Even the normally sane'ish CBC was towing this line. No mention of the fact that not everybody runs windows on their computers, that Macintosh users were completely immune, that Linux/BSD/Anything but Microsoft(tm) was completely immune to this IIS exploit.
The "experts" completely forgot to mention that the well-known nature of the problem, or that these issues are common in Microsoft software, or that Microsoft is not the only producer of web server software so that people who chose not to use Microsoft's products are not affected. It was as though the "experts" had no conception of the possibility that people might not be running Microsoft this and that.
The day Code Red became public should have been a public relations problem for Microsoft. It was a problem with THEIR CODE. Instead, they were portrayed as the Saviors of the Internet, as shining beacons of good corporate citizenship.
Money can't buy everything, but it can sure buy the media.
Back before the Internet, email virus dispatching, viruses would travel undetected, from PC to PC via shareware floppies.
We've got WAY more unexperienced users out there, so in theory we should have a big virus problem.
In the last few years, most virii have been clones of Word Macros and Outlook worms. We don't have as many 'real' virii walking the streets, that can do real damage like nuking hard drives and causing subtle changes in files.
When I worked at Best Buy a few years back, I remember people losing their MP3's to a few virii, but thats really it. Nothing like the Cookie and Stoned! trips of the 80's and 90's.
The most annoying ones are those IIS worms that infest my DSL provider's network and fill up my Apache logs with crap. Anyone had any luck with Code Red Vigilante or anything similar?
is that most of the uneducated masses are quick to blame any quirky behavior on their machine as a virus.
I get at least 3 calls a week from people who swear they have a virus, but in reality just have a setting wrong.
This all still goes back to the problem that there is not sufficient computer education for the average person.
Tim
I think it's a good sign that a story like this gets printed, instead of the usual stories intended to make computer users panic.
I mean, a good percentage of the spam mail I get is "beware of xxx virus, it's gonna do bad things to you", etc. Well, instead of spreading around that spam, users should make sure they are up to date. Don't use Outlook Express, get the latest security fixes for the Internet programs you use, and use a virus scanner.
Thankfully, the mail server I use (a university mail server) keeps an eye on what the current trends are and blocks out common viri. I know that some other ISPs do this as well. Hopefully, email viri will soon be a thing of the past. My grandparents need all the help they can get resisting the opening of attachments...
Hey, I plugged that code into Kid Icarus and it gave me all the items! THanks man, that's a hard game.
So does this mean that we've now got to wonder if we should go out and buy the latest and greatest version of Norton if they have a big press release on the most recent virus?? Heh...time be afraid of the FUD!
PC users become more aware of the need to protect themselves from worms and viruses.
Awareness is rising? This is news to me -- also news to my webserver, which has taken 9000+ Nimda hits in the last three months.
Awareness of viruses may be rising, but awareness of how to secure one's own system from them is not.
--saint
What is a "PC" virus? These are virii that affect Microsoft platforms. They should be labeled "Microsoft Virus."
Ok, so Code Red clogged up a few computers, but didn't do anything really nasty to the victims. Most of the viruses have been pretty well behaved as far as reformatting drives and so forth.
HOWEVER, this doesn't mean that just because the virus writers of last year are nice enough not to kill your computer, that the virus writers of tomorrow won't. If you can write a virus, you can certainly write a bit of code to fubar someone's computer.
With that said, I'm reminded of my teenage years with an old 8088. I thought it would be so cool to write a virus -- not that I would have done anything destructive, mind you -- but never really had the resources to write one (knowledge, time, etc). In college, you have the ability to write such things, but by this time, most of us are mature enough *not* to, or at least not to bithcslap someone's computer.
Today its a different story. With viruses written in VB/VBscript and so forth, any 12 year old can modify them, even a little bit, and unleash a new (or rather, modified) virus.
The big problem with writing destructive viruses is that, once you kill your host computer, you can't keep infecting other computers. This is obvious. So, seeing that the goal of viruses is to spread as far as possible, killing your host is not very appealing. Unless you're a rage filled 15 year old who can't get a date for the prom...
So, I guess to sum it up, viruses are available that are easy to modify by teenagers with a minimum amount of knowledge, and minimum amount of restraint.
Selling virus checkers for a platform with no verified viruses is perhaps a little premature, though what happens when the first appears if no-one's written a checker or has one installed? After all, people know what's possible in principle...
;-) and that we don't just download from some random warez site. OK, maybe worrying end users about Code Red isn't the best policy, but they needed to know about SirCam, for example.
Anyway. Get hit by one, _then_ say that. Someone at my office managed to sneak Klez round the side of a virus checker and we were cleaning that up for a good little while. Not only did it kill our AV software but it blocked it from being reinstalled. Nasty. Not that bright, either - far more sensible to let it get installed but transparently cripple it, so the user thinks they're fine...
Or the time when my Dad got hit by Kak, and the fun we had ripping that out of the registry manually because it had mucked up Norton. Or the many non-PC literate subscribers on a mailinglist I like who get hit by viruses and inadvertently post them to the list every few months on average.
Getting the average user educated about viruses and certain that they need good, up-to-date protection is essential. OK, so _we_ don't often come across them - but we know that some e-mails are intrinsically dodgy (well, many of us don't run Outlook in the first place
I honestly don't see a problem with the current level of virus news and would suggest that CNN's Kristie Lu Stout doesn't know what she's talking about and has never personally got a virus.
Greg
(Inside a nuclear plant)
Aaaarrrggh! Run! The canary has mutated!
On July 19, 2001 more than 359,000 computers were infected with the Code-Red (CRv2) worm in less than 14 hours. At the peak of the infection frenzy, more than 2,000 new hosts were infected each minute.
That was "over-hyped?" what would it take for it to be "valid concern?" Yes, Code-Red didn't do the damage it intended to...but it still did a heck of a lot of damage. Claiming that some anti-virus nonsense "top 10" has any bearing on the actual amount of damage done is just stupid.
Viruses aren't scary because we haven't put essential resources on the public network yet. Wait until your home security system is IP addressable, or any other of the countless "essentials" people plan to wire up.
I thought it was pretty bad. It turned off my gas and my electricity after it had fun with my unpatched IIS server.
becuase then you could get some
~transmition blocked~
all your base are belong to us
~transmition unblocked~
viruses.
Someone should write a virus that uses people's modem to make phone calls to Cambodia.
It would be interesting to see if the author makes any changes to his article after he gets hit with a $2000 phone bill.
Enquiring minds want to know.
Because paranoid consumers demand security.
:p
But, in all honesty, it's all hype. Actually, despite the lackluster achievements of Code Red, I noticed that one hitting my Apache server several times an hour for quite a few *months*.
The only other virus I've ever had sent to me was SirCam. Which I opened and responded to, considering I was in Pine. *snicker* Poor lady never wrote back, I nicely and in basic terms warned her that she'd been infected.
..Aside from Code Red and SirCam, I've yet to ever encounter any virus at all, in years of browsing the web and clicking on things I shouldn't (Like gimmick programs from unknown sites). And no, I don't use an anti-virus program.
Although, I must say, one year I was pretty worried about the annual Internet shutdown, where the entire 'net gets cleaned.
I would have to agree that most virus stories were overblown at best, but at least it gives Joe Consumer the Head's up when it comes to viruses. Unfortunatly no one seems to listen to them.
For Example, I work at a university, and we have been recently blocking LAN ports form students that we find to be transmitting a virus. I have already had a loveletter and a klez come in today, and have had 22 nimda viruses come in over the past month. Im sure that theres more out on our network but we dont find out until their machine attempts to infect the server.
Most of the machines have had either Norton on it but not updated to the latest defs, Mcafee activeshield, which is basicially useless, or Mcafee Virusscan that was either not updated becasue no one wants to fill out the 1 page form for it, or is version 4.0 or earlier, which has no def updates.
Lately we've been pointing people to http://www.grisoft.com to get AVG for free from their site, and it helps, but im still getting machines in at a steady pace.
Frankly, I dont think anybody cares if they get a virus until it forces them to format and reinstall, then it gets their attention.
In Soviet Russia, Trojan exploits YOU!
The is the Really Dangerous Linux Virus. Your system has been attacked.
This virus works on the honour system.
Please send a copy of it to all of your friends and then delete all of the files on your computer.
Well, I'm out of work now, but when I was working I had to deal with several virus outbreaks. It wasn't pretty or fun either. Usually it would happen like this.
I would get into work in the morning, read the latest advisory about some new virus. I would send out an e-mail to my users, "DONT OPEN ANY ATTATCHMENTS!" After which I would promptly apply fixes to the mail server.
My CIO would be reading her hotmail or yahoo mail, whatever. Point is it was a mail service outside of my control. She would see the subject, "I love you" and thinking it was a date, she would open it, from which it would spread like mad cow diesease. The rest of my day would be spent cleaning out her crap.
Wasn't this way at just one company, it was this way at every company I have ever worked at. No matter how much you try and warn these people they just don't listen. They have the attention span of a gerbil and it shows. And everytime it would happen I would always get the same answer from them, "But I swear I didn't open that attatchment" To which I would reply, "The computer must have MAGICALLY sprouted hands and fingers and opened the attatchment itself, oh don't forget it also typed in your webmail username and password for you too"
I dunno, being jobless all this time has made me realize a few things. There's no enjoyment in a job where you have to put out fires for 200+ people a day because they're too fucking stupid to figure out simple shit for themselves. They won't ever listen to your warnings, they don't seem to care that you have to spend several hours fixing their machines. They have an obvious lack of understanding that you have to actually concentrate to fix their problems, and this is made apparent by the 15 minute head pops they do into your cubicle, "Is it fixed yet? I have a really important blah blah blah for VIP blah blah blah."
I don't think CNN has any concept of what it's really like out there. The amount of single celled organisms in a corporation is astounding.
I have no idea what a lot of you are talking about, looking over my apache logs I still get tons and tons of requests for cmd.exe? and all the others from the IIS virii that were ubiquitous over the last year. I probably get three or four an hour, I wonder if my IP is somehow early in the cycle of IP's to scan? (not that I'm worried)
anime+manga together at last.. in real time.
root# rm -R *
Mmmmmmmkay
A caveman dreams of being us, the incalculable power and riches. We dream of being Q, then what?
Code Red didn't even make the year's virus Top 10
...maybe because Code Red was a worm?
Not every IT Dept. is perfect- Lord knows ours isn't, and at least 3 virii have made it through in the past 12 months, causing a complete shutdown of the email system here for a total of 7 working days. Since there is tangible damage, and tons of lost time and money are spent fixing it, it no longer is a "scare." It's the real thing.
It's funny that this just comes out. I've rebuilt three machines in the past week due to Klez.x and Magistr.x viruses on 98 and 95 boxes. All three users had virus protection but had let the subscription lapse. Nice profit for me, too bad for them.
We block about 4-5 viruses a week at the firewall and a few more at the smtp gateway, and usually none inbound at the outlook level. WIthout AV protection we'd be sitting ducks...
This story is false.
fslg503-985-8686503-985-8686503-985-8686503-985-8
It has crippled my workplace because it was not a "high-profile" virus and Norton did not ship defs for it early enough.
Comparing it to Windows will be a moot point, since El Dorado is going to have a 40% larger code base than XP.
I've been having unprotected sexual relations since I was 13 or so. I have never received a virus, not from traditional style sex, not from [censored :-)] .....nothing.
So I do, in fact, consider it to be hype. You either get a virus if (a) you are stupid, or (b)you are unlucky.
I've noticed that lots of people seem paranoid about viruses, but I've never gotten one on my computer, and all the people I know who had one got it from running programs they got in email.
Assuming a windows computer with dsl or cable without any servers running, filesharing disabled or password protected, and no Outlook, would it be possible to get a virus?
If the media didn't hype the virus issue to people who normally wouldn't know any different, then the problem would probably have been much much greater.
Think of Y2K: a big deal, yes, and plenty of people were saying right up through January 1999 that something had to be done, and soon, because thousands if not millions of computers and software programs were affected. Eventually, they all got on it. The problem was licked, and virtually no major Y2K issues were still existing by the time the date actually arrived.
Sure, some people overreacted by building underground computer-free bunkers and stocking up on gasoline and bottled water -- but then, there are always people who overreact. Y2K probably wouldn't have caused the end of the world, but it would have been a pretty big nuisance if the media didn't get the word out so that normal people knew to upgrade their products and pressure companies to produce the upgrades for them.
You can't over-hype virus issues. You can lie and say a problem exists that doesn't, but you can't stop stressing that antivirus software and common sense when opening attachments and securing connections is important. There's always someone new to the computing world, or someone who introduces a new attack strategy, which necessitates restating all the rules.
Bottom line: everybody with a computer needs some sort of antivirus protection, even if it's just common sense. Everybody with an Windows PC on the Internet ought to have antivirus software as well, and keep it up-to-date, just because that OS is so susceptible to new attacks.
I think the last time I got a real virus (as opposed to a worm or trojan) was
a "stoned" variant on DOS when I was in high school.
Nowdays when "virus" means "Outlook scripting exploit" the best protection is
just not using it.
Who needs virus scanners?
So what happens when the virus creators release one that can communicate effectively with other peers and use that virus/bot network to update the virus with the latest exploits by sharing them with other peers? A creator could place into this system the newest exploit/means of attack and essentially get a little ahead of the AV software writers without revealing their location. The creator would have to have a way to sign code and allow the virus to only run said signed code but it could be defeated. BUT this would throw a kink into current AV thinking. Viruses like Nimbda could mutate to use the latest and greatest quicker, start targeting hosts differently, change signatures, etc.
Obviously the same method used to mutate/update the virus could be used to defeat it but it makes it much more dificult to track down the culprit and eradicate all the infected hosts. Hell they could even tap into some of the more complicated means of mutation using techniques alread pioneered by Genetic Alg and Complex Adaptive systems.
The mainstream viruses (!virii) are using pretty simple techniques to spread. But thats not always gonna be the case. And as it gets more complex we'll need software to identify these threats. Using good, updated AV software isn't really crying wolf, it's just being safe. But the hype is just gonna cause disinterest among users.
Everyone's always banging on about viruses (virii)... Why?
:-)
My Beowulf cluster hasn't been infected!
The first time an email worm hit my company was HELL. I had to shut down the email server and delete a few mailboxes. Every available pair of hands was walking around with an AV CDROM, scanning and cleaning all day long. The network was basically dead, flooded to destruction. Nobody got anything done for hours and hours. For days after that, people were afraid to check their email - nobody wanted to be the one who "started it" the next time.
That cost us in time, money, and training. After that, we got serious. Amavis + Sophos on the email server, virus scan installed locally on some of the PCs, and just recently I added a procmail recipe to drop anything that windows might execute.
Again, the company "loses" money by having to pay for all of this (my time, Sophos licensing, new beefed up email server) but that's better than standing idly by, paying people to sit there paralyzed in fear in the face of Outlook.
The threat to business from virii is very real, but once your defenses are in place you can usually kick back and relax. That is, after you've deleted all the P2P apps, chat programs, instant messangers, and other CRAP that they really shouldn't have brought to work.
We know that in the current environment, viruses aren't really all that damaging. Every time a new virus comes along, experts warn everyone that it is the most potentially destructive one ever, and blah blah blah. Then the virus never seems to catch on, the effects are minor, and all is quiet until the next major 'scare'.
The question is, are the experts overhyping the potential dangers, or are the dangers reduced as a result of their making the public aware of the virus and its potential for harm?
-- Adam
Doesn't anyone remember when viruses would actually do something?
Used to be when you got a virus it would munge your bootsector, and as much of the disk as it could after it mailed itself you all your friends.
The viruses these days just seem to be made to propogate as far as possible, or to do something juvenile like deface web sites.
The only reason they are only hype these days is because the payload is (relatively) innoxious. One line of code could make the few hundred thousand of computers infected last year dead, rather than popping up a cute little message.
I'm not sure about the rest of the world, but just viewing my IDS logs for today, Nimda and Code Red are the two biggest problems hitting my network. We get about 800 attempts a day on our firewall from machines that are still infected by those two. I tried helping out the sites infected by attempting to let their admins know their servers were infected but I soon found that roughly 1/3 of my day was spent trying to contact an admin, most of which didn't know how to fix it or didn't care. Now I don't bother unless it's something like what happened two weeks ago where I was hit every three minutes with Code Red attempts for over 48 hours from the same host thereby causing my log files to grow to 180 MB and pissing me off in the process. Contacting their ISP (which is my ISP as well) was a joke. I just got an e-mail from their support this morning asking me to send the log files in an e-mail instead of an attachment because they apparently have problems opening a .txt file. It went away after about a week. Checking the dshield.org website showed that the IP in question was apparently affecting a lot of other sites as well. Anyway, as far as I'm concerned, Nimda and Code Red are still a huge problem.
I would have to disagree with the statement that viruses prey primarily on stupidity. I have many intelligent people working in my company who know nothing about computers. Accountants, Credit Managers, Sales Managers, Location Managers, etc. These people are intelligent and competent in their respective fields. However, many are no doubt "ignorant" regarding anything computer-related.
Instead of revoking access to users we like to label as "stupid", maybe we as IT Managers, Sys Admins, etc. should spend more time training our people rather than browsing Slashdot all day. : )
Just a thought.
I run redundant protection on the network I administer. All mail is processed internally, scanned (virus definitions updated hourly), executables stripped. I have gotten dozens of alerts (not false alarms) this week alone, but all were stopped at the mail server.
If for some reason they get past this (such as one user who decided to check their webmail account), the desktop scanners (which are password protected, and centrally updated hourly) catch it.
All this activity is more than 'just scares'... I've dealt with virus infections twice, losing a full day of work for the entire company between them, due to people feeling that the memos / warnings I send don't apply to them.
If it wasn't for the fact that people who understand the threats are responsible for protecting users from them, the effects would be even more wide spread.
Are they going to bring the internet down? Maybe. If the average user would realise that having an up to date firewall / installing security patches/ keeping virus definitions current were like locking your door, and that not opening unknown attachments / running unknown programs was like not unlocking the door for a stranger, it would be a lot less likely.
Have you read the Moderator Guidelines yet?
Exactly,
:-
:-
DUMB COMPUTER USERS
Fact is, 99% of the world fit that category.
There was an article about designing UI's few days back and all I could think about was my financial partner who has to be told how to minimize a window every time.
The kinda guy that uses a remote email connection to send 10meg word documents to the person in the office next to him, even though all he needs to do is to send locally in 1/100th of the time.
The marketing-type person who leans over your shoulder when your computing and says to a client
"You know, these machines are amazing !"
Yeah - you should see the user jump through hoops of fire !
And we worry about virus problems being over-hyped ?
Screw the viruses,
I can see the headlines now
"Dumb computer users seen as the biggest risk to computer security."
"Symantec announces the anti-dumb-computer-user fix"
A slashdotting - you get the stick first and then the carrot !
Besides, in my experience, those who are not the computer-savvy fittest still have lots of pr0n to share. Gotta keep 'em operational.
Eloi are stupid, throw morlocks at them!
I hold my breath when a new Nimda-class worm starts to spread. It kills Internet performance on my cable modem (operated through Road Runner, yet another AOL Time Warner collective) as many Windows users don't have proper protection set and propagate the virus nastily. I can't be infected; I use Mac OS 9 or X. But it drags network access to the ground and kicks it around for hours.
Fortunately, RR appears to deactivate accounts that are virus-ridden if no action is taken, which reduces the problem. Still, my Mac OS firewall dutifully records Code Red and Nimda attacks as well as the usual crackers trying to crack the very-difficult-to-crack Mac OS.
Thanks, Microsoft, for introducing software that helps inconvenience EVERYONE on the Internet.
Vos teneo officium eram periculosus ut vos recipero is.
Makes you wonder about that super secret underground floor all the big anti-virus companies have in which viruses are written in order to perpetuate the continued existence, need, and financial well-being of said company.
I have to pay for the bandwidth used by my web site. So when thousands of unpatched and infected Windows boxes start hammering my site with virus-du-jour requests, it costs me money directly. Maybe not billions of dollars, but every penny counts when you are barely holding your dot-com finances together.
Anyone who has felt the anguish of lost mail, lost code, damaged servers, running around trying to cauterize machine infections and keep those Outlook users from clicking anything knows how bad a virus problem can be.
I apologize to the media that the internet hasn't imploded spectacularly enough to make a highly-rated special report on CNN, but that does not mean the problem of virus outbreaks isn't real.
And yet my server logs indicate daily that code red is still out there.
I really wish people would get the terminology correct. Spafford posted a good definition over twelve years ago. A quick and dirty definition: Viruses (virii?) generally require human interaction (open an email, click on a link, etc) while worms propagate on their own, exploiting vulnerabilites within an application or operating system.
With that said, it only makes sense that CodeRed (a worm) wouldn't make the top ten list of viruses. I doubt any true worm could ever make some top ten list when compared with large virus infections. Viruses infect workstations (PCs) while worms (generally) infect servers. Last time I checked, there were a whole lot more PCs than servers, thus a much bigger chance of infection. Furthermore, CodeRed's (a worm) impact was limited by that wonderful thing called Open Disclosure. No, M$ will never admit to this, but as a security professional who does network security monitoring, I know my clients would have been severly impacted if signatures hadn't been available for our sensors (insert shameless plug) a month prior to CodeRed (a worm!!) being released. Virus signatures, on the other hand, tend to be created after a virus has been let loose in the wild and has already impacted users.
Bammkkkk
www.sguil.net
The Analyst Console for NSM
How can anyone look at numbers like that and say it's not a problem? I find the numbers absolutely shocking...
Basically if I buy something from a website, I want to make sure it does not run on IIS. In that sense Code Red crippled many sites for me because I am not able to use them anymore.
Yeah -- CNN's right -- there's alot of hype about viruses/worms, but I think that they really miss the bigger picture, which is security in general.
Worms like CodeRed show that a well planned, coded, executed worm attack could bring the whole internet to its knees (or at least jam up big parts of the major backbones -- as well as any network with enough machines running OS/Software X). Imagine what would happen if cretin X wrote a worm to exploit a common Cisco vulnerability.
Now, what the article really misses, is that virus companies can do little to fix these. Of course they're capitalizing on stuff like security worms...but these worms really expolit holes in the OS/Software -- and the reasons that the exist are twofold...
1. Software and OS vendors aren't responding to security issues fast enough.
2. (L)users and admins aren't keeping all of their machines properly updated with the fixes.
The virus app vendors really don't do anything to address these issues. Only the vendors and (l)users can fix these...and when everyone finally gets around to doing it right, a major internet security problem gets a whole lot better.
-Turkey
-Turkey
Symobtec announces the anti-dumb-computer-user fix
:-
April 1 2003
Symantec today announced the release of thier new flagship product aimed at protecting people against themselves.
Symobtec CEO, Dr. I love You, gives us a new angle on the breakthough
"Lets face it, users are dumb, stupid, fuck-wits and always will be, so our product is aimed at eliminating dumb, stupid, fuck-wits from the workplace"
When pressed for further comments, Dr. V.bs excused himself, indicating that he was coming down with a flu or something, possibly caused by his built in PC coffee-cup holder.
A slashdotting - you get the stick first and then the carrot !
Call me M$ paranoid, but this sounds like the type of thing that someone in Redmond would say, "It's no big deal..."
Having said that, let's forget about the MSTDs that prey on simple minded users, and really, you've gotta agree with the article.
At least not in the average small business, and in most homes. Most businesses large enough to have both dedicated system admins and some sort of software management have been able to deal with these problems without impact, but small businesses and homes are getting killed.
Here's just a small example. I work for a smallish insurance company (about 200 users). We run Windows NT as our mainstream desktop, and NT on most of our servers. So we're theoretically ripe for virus/worm problems. However, we have an admin staff (which I run), and we pay NAI a tidy sum for their antivirus suite. We run scanning on all servers, all desktops, and we manage it with EPO (a very slick program for managing their AV, and Norton, too). On our e-mail system we run both their Groupshield for Exchange, and their SMTP scanners, with a ton 'o' filters we've set up to block all sorts of executables. We keep up-to-date on our public servers as far as patches, follow all security guidelines, restrict at the firewall, and we use MS's URLscan to block further.
As a result, we haven't had a virus problem in years. However, over the last six months, our e-mail system has blocked 709 known viruses, and blocked even more that met our filtering criteria.
That's 709 separate potential incidents, with all the havoc and frantic patching/eradicating that would go along with it. This is on top of all the server exploits I see in our logs daily.
Where do these viruses come from? Many of them come from our agents - small mom & pop companies with 5 or so people, some PC's, nobody available with admin skills, and not enough knowledge to stay current. Because antivirus software came with the PC, they think that's the end of the story - nothing further needed.
We also get a lot from other companies in our class that aren't as stringent. That usually only happens once, then they get religion and clamp down on the users. It's be nice if they ran Linux, but nothing they use for their business would work then. And they'd probably all get rooted, anyways.
Finally, our users get infested all the time at home. Which isn't too bad a problem per se, but then they wonder why we're so strict about unauthorized software and such hardasses about it all. They just don't get it.
At work (and this is why I'm posting anonymously), we don't care if your computer isn't "fun" to use, or infinitely customizable, or if you can't have your favorite talking icons from home. We only care that they work, work correctly, and work safely, so you can do the stuff you're being paid to do. And unfortunately, the way the world is nowadays that just doesn't normally include fun anymore. Sorry. But viruses are real, they are all too often destructive, and they will cost our companies serious money if we don't spend time, money, and sweat preventing them.
Hmm, that's pretty funny cause when the worms hit, my IIS 4.0 box was immume and never affected. Since the web server responsibility was MINE, I made sure that IIS was secured... yeah that actually means "securing the box" (i.e., removing all script mappings, modules, etc that were not being actively used, securing the file ACLs, among other configuration changes). Yup, IIS was NEVER affected, therefore we were never hit. It still logs tons of hits per day from servers outside of the network as well.
It's funny that I think of the same thing when I see Apache servers that are running everything up to and including mod_YourMom... people need a lesson in security... it doesn't matter if it's IIS or Apache or NT or Linux or Joe's OS.... it makes no difference. Security holes exist in every OS and configuration... it's just the job of the astute sysadmin to make sure that the holes are plugged before the box goes into production use.
Nothing to see here, movealong
No matter how much you try and warn these people they just don't listen. They have the attention span of a gerbil and it shows. And everytime it would happen I would always get the same answer from them, "But I swear I didn't open that attatchment" To which I would reply, "The computer must have MAGICALLY sprouted hands and fingers and opened the attatchment itself, oh don't forget it also typed in your webmail username and password for you too"
(An open message to all bitter support people, angry at "end users")
(chuckles softly) Ever stop to consider that 99% of the "end users" (they are actually called people, or employees... you know the people we support who do the actual WORK that pays our salaries) out there don't really give a rip about your job frustrations any more than you care about the new IRS guidelines taxing the patience of Phil from accounting... Let's face it, most of what you tell them goes in one ear and out the other. NOT because they have the attention span of gerbils, but because YOU, and so many many like you, have a giant chip on your shoulder. You don't respect the people you work with, you don't appreciate the fact that you have a specialized skill that others don't share. So you talk down to your users, then you talk over their heads, then you talk about things that don't concern them or how they do their job. The signal to noise ratio is such that OF COURSE they won't really listen when you warn about viruses...
Lighten up a little, learn to see the bigger picture, learn to see your co-workers (once you get a job again) with compassion and not this holier than thou crap and I bet you might start to notice a change.
I would have to say that explosives are the most abused technology in all of history.
The obvious solution is for the Bush Administration to appoint a Computerland Security Advisor and then enact a "Computer Virus Warning System" that uses a different color code to indicate the severity of the computer virus/trojan/worm.
I recommend the following levels:
GREEN: Open any file or email attachment with inpunity
YELLOW: Don't open any attachment that contains a virus
ORANGE: Don't open any email client
RED: Turn off your computer
They can send an email each morning (or whenever the status changes) to all computer users so we know how to gauge the virus threat and take appropriate measures.
Insert simplistic political, ideological, or personal proselytization here.
I'm building a web server where I work, and I've been having trouble with some of the code... I keep "tail -f error.log" active, and I see lots of code red hits on this server daily, mostly from overseas machines... and it's not even a publicly known server, it's just a dev box.
Being a Mac user at home, I haven't had to care about Code Red, but I find it's presence in the world, and it's attempts to access unknown, non-Win machines (especially ones that I'm working on) very disturbing. As I understand it, the hits I get are nothing compared to some servers, so I can only imagine the amount of bandwidth wasted on Code Red and it's kin.
Had more people actually heeded the legitimate virus warnings of the past, this problem might not exist. Hyping the pointless crap got us to this point, and I don't see what's going to fix it in the short term.
-----
Is Darwin an evolutionary OS?
Come to the University of Mars! Classes starting soon!
Computer viruses (including worms, trojans and so on) continue to be a real threat to many users (and yes, I will say especially Windows users). From my point-of-view this article did much more damage than good. It would be like writing a story saying that unprotected sex with strangers is okay because the odds of getting something aren't really all that great.
The fact is that the reason that the threat level from viruses is down is because more people are more aware and are taking preventitive measures. This reduces the spread of viruses in the wild but it does not stop them. I would argue that the fact that the spread of serious attacks being down demonstrates that what is being done is at least partly effective.
I'd also argue that even more still needs to be done. I'd suggest that when a company learns of an exploit involving their software, it is their responsibility to address it sooner rather than later - that by not doing so, they are part of the problem. I'd suggest that companies that allow the use of their resources by whatever means (ie:open relay, unfiltered email, access to systems and etc) also have responsibility. But most of all, I would argue that the vandals that write and knowingly distribute the software should be treated as felons and given appropriate sentences.
Even the aforementioned actions would not eliminate the need for protection in the form of secure systems, antivirus software, and due dilligence on the part of the user. But when all of these things are combined, we can keep the situation tolerable.
After all, the news media focuses on the rapidly spreading viruses, and that is the only kind the anti-virus programs can stop. That stuff is the equivalent of kids spray painting a wall. The whole point of it is to spread itself and make the top 10 list, not do any serious damage. But this same technology could be used to, say, drop a trojan into a competitor, have it ferret out any files marked with "Marketing Plan" or "Project X" or "Financial Results", pop them back out to a waiting black hole, then quietly erase itself after 6-8 weeks. How would a sysadmin even know it happened? By the .00001% increase in net traffic?
I found W32.Badtrans.B@mm on a test box today~
c omQ 12@yahoo.com
A timer is used to examine the currently open window once per second and to check for a window title that contains any of the following as the first three characters:
LOG
PAS
REM
CON
TER
NET
These texts form the start of the words LOGon, PASsword, REMote, CONnection, TERminal, NETwork. If any of these words are found, then the key logging is enabled for 60 seconds. Every 30 seconds, the log file and the cached passwords are sent to one of these addresses or some others which are currently not operational:
ZVDOHYIK@yahoo.com
udtzqccc@yahoo.
DTCELACB@yahoo.com
I1MCH2TH@yahoo.com
WPADJ
smr@eurosport.com
bgnd2@canada.com
and everybody is surprise to see that the article is drivel. Consider the source?
Of course you need some virus protection, but the media will do anything to whip people into a frenzy to increase their ratings. Just remember to be careful and use protection, and you shouldn't get any viruses.
I've been inundated by Sircam and now Klez, two worms that propagate through e-mail adresses found in local files. On top of that, Klez is sending copies of itself with my address in the "From:" field, leading to all sorts of false accusations of infection (as if: OS X here).
My Hotmail account has to be emptied twice daily or else the accretion of Klez debris puts it over quota. I'm starting to think that it's a Microsoft plot to get people to buy their premium Hotmail package.
-=A=-
The viruses that have been widely propagated so far have all been fairly benign - they haven't done that much other than propagate. After all, a virus doesn't spread terribly well if it destroys its host.
Imagine what the impact would be, however, of a virus that spreads as effectively as Code Red, but formats the hard-drive after 48 hours? (Or perhaps after it's infected a certain number of machines?)
There were plenty of IIS machines that were infected for a good deal longer than 48 hours before their owners became aware of it. Hell - my boxes at home still receive hundreds of Code Red probes.
The flow of IIS vulnerabilities doesn't seem to be drying up - it may well only be a matter of time before someone writes something that's really malicious. Growing complacent because the computer press has cried wolf so many times is incredibly dangerous.
Look at the description for it. Nasty. Automatically runs if you have an unpatched windows machine and you preview or view your email. I have been sent several copies of it in the last two days. I am glad I patched my internet explorer, otherwise there would be something nasty on my system.
Everytime I act as semiwilling tech support to my Windoze friends it is because of viruses.
If you need text styles to communicate then you don't have a message.
The reasons that these more damagin virus's didn't take down the net or bring companies to a crawl is the same reason most virus's don't kill you. The more damaging the threat the more quickly and precisly the system's defenses react. For your body that means white blood cells and the other parts of the defense system react more vigorously, for computer viruses it means remediation efforts are put on highest priority and people work to clean them. Just because the defenses worked doesn't mean they aren't needed.
p.s. karma's at 50 don't bother moding up
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Tell it to my server logs. Half the hits are either from systems with a virus that tries the exploits that code red/nimda did, or from a really foolish script-kiddie who wants in and that thinks I'm running Windows and can't be bothered to find out otherwise.
-Sara
the users also feel that it is your job, as IT guru, to fix these issues for them. You rely on them to ensure your paycheck shows up on time with the appropriate amount of taxes and whatever taken out of it. That's their job. Our job is to ensure that they can't hurt themselves electronically. So we set up AV software on mail servers as well as automate AV software (incl. engine upgrades and definition updates) on file servers and their desktops. It would be a beautiful world if they could keep from clicking that pretty shiny .exe file, but they won't.
That's why the role of the SysAdmin is 50% tech, 50% babysitting...
-heathrow - played in corporate sandboxes
Beauty is truth, truth beauty. That is all ye need to know on Earth, besides TCP/IP.
I'm running apache on my webserver that gets almost no legitimate hits a day. I don't advertise it etc.
My error.log file is 50 (Fifty) megs. Since January. 2002.
Lots of entries look like this, with some variations. I also appreciate skript kiddies trying to run root.exe on my box.
[Wed Apr 24 10:44:21 2002] [error] [client 4.35.125.66] File does not exist: *:/****/msadc/..%5c/..%5c/..%5c/..Á/..Á/..Á/win nt/system32/cmd.exe
I'd say that the main problem is not that the virus actually does anything harmful, but that their box is broadcasting to random ip's "hack me" and that person's hdd is shared with full perms and that if a script kiddie wanted to delete all files on the lamer's machine, they probably could, theft of corporate info (i.e. if someone works at home) is also really easy.
1q2w3e4r5t6y7u8i9o0pqawsedrftgthyjukilo;p'azsxdcf
...where are the Palm bashers?
"for Palm there has only been one actual, official virus, period. There's been none for Windows CE yet."
Anyone who thinks that viruses are just hype and don't cause an inordinate amount of suffering and expense for the vast majority of those whose home computers and small office machines get infected needs to socialize beyond their own demographic a bit more.
.doc files being corrupted and no longer loading right. A Word macro virus ate about four months of work for him. The next was about some porn dialog popping up every time he booted his computer. The next was.. I forget, there's been a dozen over the past six or seven years, but in each case I would either have to spend a lot of time on the phone or he'd wind up taking his computer in to a shop and be charged $75 to format his drive.
My father in law is a retired writer. He's not technically sophisticated, he doesn't back up as often as he should, and he doesn't wrinkle his nose and think "What the hell is this?" every time he gets an attachment. The first panicked call we got was a result of all of his
A good friend of mine called me two days ago in a panic about the W32klez virus. Their small office (a non-profit with about 16 computers, Microsoft networking) was thoroughly infected, and some people's home machines - those who check their email from home - were also infected. These are gardeners, not software developers. The fact that executable attachments can be viruses is NOT the first thing in their mind when opening an email. Days of suffering for them, plus weeks of repairing damage to their credibility as a result of all the Klezmer Deep Throating Teens (or whatever the hell subjects it picked) emails sent from their machines.
So, how do so many intelligent people form the opinion that viruses are nothing but hype? That's an easy one: My wife and I are virtually immune to viruses because our file sharing system consists of a Linux box running sendmail and proftp. Our email clients on our satellite win98 boxes are older copies of Eudora, and we're highly suspicious about any attachments. So, it's easy for us to get into the mindset that viruses are a load of hooey and couldn't really do that much damage. They can't... to us. From reading people's posts here, that view seems to work for most Slashdot readers, but it ain't How Things Are for many many others.
Lighten up a little, learn to see the bigger picture, learn to see your co-workers (once you get a job again) with compassion and not this holier than thou crap and I bet you might start to notice a change.
You have no fucking clue...
Most admin's start out with the best of intentions, focus on being nice, focus on teaching your users so they don't rely on you so much. Then when things are gravy you can focus on fun stuff like bringing up new servers or network services.
Reality is just as I stated in my original comment. After 7 years of dealing with really stupid people, I don't have the urge to give them a coke and a smile. I ain't a fucking burger flipper you got that? The last people in the company that should be that stupid are the one's in charge.
By your logic, you're focusing the burden of responsibility to the admin and not the end user. So I guess it's MY fault they opened the attatchment. I guess it's MY fault that I have to order a new laptop everytime this paticular sales lady goes out on travel and returns with a mangled laptop because "It's too much trouble to carry it on" This paticular lady i'm thinking of DESTROYED 9 laptops in 3 months! You would think MAYBE after the first one she would wise up BUT SHE KILLED 8 MORE!
Lighten up my ass, i'm sick of being a sysadmin. Honestly, I don't think i'm ever going back to anything IT realated anymore because it is not me that is the one with the holier than thou attitude, it's them.
You hit the nail on the head! They have enough problems with their own job frustrations.
Every time I hear that AOL commercial and that guy says "no more of that computer mumbo-jumbo" is causes me to shudder - I think "It's not mumbo-jumob, it's easy!" and then I realize to them it is mumbo-jumbo.
So treat is as such. Don't explain to them what viruses do or how they spread, if hotmail is causing problems, I block hotmail. But then again, I can do that. My boss is so comp-illiterate I don't even give him a PC, PDA, terminal - nothing! But when someone complains that they need hotmail, I ask "what business purpose does it serve?" I explain how much a virus outbreak costs the company, and the boss backs me up. End of problem.
"History doesn't repeat itself, but it does rhyme." Mark Twain
I can't believe how clueless people are that think viruses aren't dangerous. True the recent big ones have been annoyware, but it would have been childs play for their author to put in a malicious payload that could have erased everything on everyone's drives. It only takes one bad virus to cause trillions of dollars in damage, real damage. We should be taking these non-destructive ones as warning shots, not passing them off as just pranks.
Travis
Personally, I'm glad an asshole like you is out of his sysadmin job.
Nothing worse than a arrogant know-it-all prick for an admin...I'd rather have someone with no ability but a good attitude.
That's like viruses. We spend millions and billions to prevent all of the viruses except the ones that fuck us up. God laughs at us.
In 2003, the news media reported on the Faux Flu. It was dangerous they said. It would kill old people and children. It would cause everyone else to spends weeks in the hospital. It had all sorts of nasty symptoms, which I won't describe here.
The reporting was hyped all out of proportion. Every hour on the hour there was a public service announcement regarding it. Major troop movements in the Middle East were relegated to the back page in favor of reporting on some kid with a runny nose on page one.
The public went into a panic. People went and got their flu shots. The covered their mouths and noses when the coughed or sneezed. They didn't go into work when they had the sniffles. They stopped french kissing with strangers.
But there was no outbreak. A total of five people died of the Faux Flu. The people blamed the media for inciting panic. Newspaper subscriptions plummeted and Disney Megacorp had to sell off AOL/TW to stay afloat.
Then the Fu Flu hit the next year. No one believed the media. No one took their flu shots. Sneezing in crowded train stations was considered hip and cool, a way of telling the doommongers to bugger off.
And 1.3 billion people died.
A Government Is a Body of People, Usually Notably Ungoverned
Well the article has been /.'d or something, so I can't read it, but is anyone else getting tons of Klez worms on the mail, either directly or as bounces? That's the one that exploits IE's problem with the word 'begin', *AND* forges return addresses from e-mail addresses found on infected computers.
It's very disturbing to get bounces from hotmail because you supposedly sent someone a virus. (No, I don't have it; all my e-mail reading and sending is done from a Linux box and its a Windows/Outlook worm.)
---dragoness
Whew! That's a relief that I'll never have to work with you.
Get a clue...it's not your *fault* that any of that happened, but it is your *job* to fix it. That's why they pay you, remember? The job description didn't say "surf slashdot all day, and be rude to anyone who dares disturb you".
I would have to disagree with most people here in their view of the majority of PC users as dumb. Thats not the case.
Most people are un-aware whats involved when it comes to virii and av software. For the average home user, they'd like to be able to turn on their machine, check email, browse, etc.
When something like a virus comes along, in their email, or what not, they havent had much exposure to that before. Most people will inadvertently open an attachment, or even click on it, which in some cases will start the virus automatically.
Once they get infected, and their normal operations get upset, someone has to fix it. After all the times I have fixed machines for people, almost everyone then understands the implications of getting a virus. They are more knowledgable about the problems that they can cause, and will work hard to keep updated with their av definitions, etc.
It's not that most users are idiots, just the majority of them havent experienced these problems before, and dont have the level of understanding that most of us do.
Once something happens, its less likely to happen again.
--Trying to Defend the Average User
One line of code? With Microsoft Visual Basic .NET you can do it with only half a line! With SOAP compatability.
The media is not step in step with reality...no big news here. The media has never been step in step with reality. The media is going to write about things that fit well within their perception of the world, and will write what sells copies.
The Media reported heavily on the "Big Red" virus because the name had hip appeal...invoking an image of a late night hacker working on excessive doses of Mountain Dew.
Of course, people responding to the hyped viruses probably helped stop less popular but more sinester code. I have no expectation of the media being something different than it is. A hype story every once inwhile can help raise awareness.
A more interesting take on the picture is how certain names lodge themselves onto the media's tongues and get nationwide coverage, while others languish in the backroom. In this regard, you could say the Big Red virus infected the media itself, getting a great deal of mainstream media coverage.
They that can give up essential liberty to obtain a little temporary safety deserve neither safety nor liberty.
Ben
It's just as easy to not open an e-mail attachment as it is to not stick your dick in the shredder. I shudder to think of what would happen if people had a shredder support staff telling them not to stick their dick in there all the time.
Just yesterday I was on the phone with someone who I knew had recieved a virus from the mail logs, and told her "Do NOT open that message with subject..." and she said "What, this one?" and clicked on it, infecting her and her entire office. People are stupid about computers because someone told them it should be hard, and intellegent people will do the stupidist things under those circumstances.
You're the digital information equivalent of a burger flipper, boy.
It's important to the revenue stream of the anti-virus companies that their products not work very well. Note how these things work. They mostly recognize known viruses. They don't generally stop improper behavior by all possibly-hostile content. Hence, constant upgrades are necessary. The initial version is usually free, just like a drug dealer.
It doesn't have to be this way. Suppose, for example, that Mozilla rendered all pages and executed all downloaded content in a "jail" secured by the OS, one that could write to the window, receive input when it has the focus, and talk back to the sending server, but nothing else. This could work under FreeBSD as currently shipping; Linux may get there.
Education is good, but how about educating companies like Microsoft so that we're less vulnerable to such viruses? Why should the users suffer so much when the majority of the blame (IMO) is on companies like Microsoft?
The "OBVIOUS" tag, I mean.
--Blair
They're disguised as the marketese word, "messaging"... that, and telemarketers.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
> they are actually called people, or employees... you know the people we support who do the actual WORK that pays our salaries
Easy to say when you have a good job. I consider them PEOPLE when they HELP ME HELP THEM to solve their problem. When they are lazy ("oh, just send someone up. I don't have time to sit on the phone all day."), unecessarily vague ("Is the Internet down?"), or rude, they are not people. They are lower life forms and deserve to be treated as such.
Oh, you don't give two shits about making my job easier? Good. Don't be surprised when I don't run out my office door to give you a hand when you opened ANOTHER OBVIOUS ATTACHMENT AGAIN that fucked your computer and the rest of the company.
AND FOR GOD'S SAKE, DON'T SAVE YOUR ONLY COPY ON A FLOPPY DISK. HOW MANY FUCKING TIMES DO I HAVE TO TELL YOU? We have a sophisticated network and e-mail system for a reason, dumb ass. Oh, it went in one ear and out the other you say? Sucks for you asshole, because you just lost a lot of work by not listening.
Perhaps I would be so bitter if I didn't spend 4+ fucking years to get a degree only to end up answering the same remedial questions for careless, rude people. My job is about as challenging and fulfilling as monitoring dirt movement. Sadly, there are no other jobs for me and I'm about to get laid off even though I was there longer than my fucking boss who doesn't have a degree. WTF?!
> learn to see the bigger picture
I already do. I regularly promote dangerous behaviors like drunk driving. For every fatal car accident it's one less person I have to compete against in the job market. Booooyah!
Scares? I don't think so. None of these worms has been actually written well, taking into consideration survivability, self presurvation(sic?), or to take advantage of the human nature of things. They where, at best, bad examples.
In a way, I'm glad they where, indeed, POOR examples. They could have done much more damage, by actually taking over the affected systems. Build themselves a happy little distributed distributed network. Talk to eachother. Be silent for a while, allowing itself to propograte, comminucate, and eventually, launch a very deadly payload, all at once.
Last years worms where at best case, ticks or leeches. Easily removed, annoying as hell, but in most cases, for the most case, harmless..
Just wait. Fighting disease could be considered a 'scare'. But I have yet to see an AIDS of the computer world..
-- I'm the root of all that's evil, but you can call me cookie..
The correct URL for the HoneyNet Project is:
http://project.honeynet.org/
Windows may be a different story, but I have been using Macs since the days of the SE-30 and have never once encountered a virus of any sort and I've been far from careful. The vast majority of that time I have not had so-called virus protection software installed because... I certainly have run into problems with virus protection software.
--- What?
Woah, chill out dude!
They don't call "support and repairs" an idiot tax for nothing you know.
Car mechanics have known this forever. Time for computer staff to clue in and realise people will not do what they're told but that's OK because they will pay you BIG $$$ over and over for you to fix it. If they don't pay you the BIG $$$ then you don't fix it and when they _really_ need that report in on time, then they pay you the BIG $$$.
I wrote a paper last year on Code Red and the whole hacking culture, which won its category in my employer's "papers program". Unfortunately the paper isnt available publicly yet, though Im hoping to have it published soon.
/.ers have pointed out.
Anyway, the conclusion was basically this:
There have been several worms in recent times, CodeRed, CodeRed v2, CodeRed II, and Nimda to name the more obvious ones. All of these exploited bugs in IIS that Microsoft knew about in June 1999 but other than a few knowledge base articles with attached patches, they did nothing about it. The same bug was even reported in beta versions of XP, so they didnt even fix their own development code.
We were lucky in that these worms were mostly an annoyance which did little more than deface a web site, and/or replicate themselves. They could have done a lot more damage, as many
What they achieved though is an almost global awareness of the dangers, and potential damage that worms like these can do if they wanted to, while reminding system admins that software should be patched/upgraded regularly - particularly when the bug being exploited had been known about and reported by cert 2 years prior to the worms being created! In this regard, they did us a great service. The media hype and predictions of doom got peoples attention in a way that had not been achieved before.
Microsoft, with its marketing machine, got loads of publicity. I remember seeing Bill Gates on the news, standing at a podium with the FBI at his side saying how Microsoft had reacted quickly and provided patches to defeat the evil hackers (remember that these patches had been available for 2 years - what Microsoft was providing was simply a cumulative bundle of these). The publicity was priceless, touting Microsoft as our saviour, yet I believe it was Microsofts lack of action in fixing the problem and making people aware of it that allowed the worms to be created in the first place.
Its not good enough to simply know about a problem and passively make a patch available for download. Its difficult to keep track of all customers, but I would have thought that if you have a large number of very large corporate customers, you should pro-actively send them updates and advisories, and make it widely known that there is a problem which needs attention. Whatever Microsoft did or didnt do, it wasnt enough (obviously).
I said it so much better in the paper, but basically I believe that the guys that wrote these worms did us a service, and although CNN might think it was a big fuss over nothing, I would disagree. It was certainly the bigest event of its kind in the internets history so far.
"If I could only live my life with my threshold at 4... " -- Wil Wheaton
I guess it's MY fault that I have to order a new laptop everytime this paticular sales lady goes out on travel and returns with a mangled laptop because "It's too much trouble to carry it on" This paticular lady i'm thinking of DESTROYED 9 laptops in 3 months! You would think MAYBE after the first one she would wise up BUT SHE KILLED 8 MORE!
Most places I've worked, the subsequent 8 laptops would have come out of HER paycheck--a great incentive to be more careful with company property. (The insane paperwork to get *anything* ordered at my current workplace is a good incentive not to wreck your current box, too).
Frankly, as long as it's not coming out of YOUR paycheck, why does her idiocy with laptops spin you up so much? They were still paying you for the work involved, right?
You're laid off, and bitter--I can understand that. Been there, done that a few times. Job searching all over and getting nothing for months on end is incredibly demoralizing. However, you might want to learn to relax and enjoy things a bit more, because that bitterness will show in job interviews. Also, if the job situation is that bad locally, why not search elsewhere? The internet is damn useful for that.
---dragoness
So the complaint is that publicity sells more anti-virus software, and the latest viruses aren't doing much damage? This is a bad thing?
The claim "the virus scare is all hooey" is itself all hooey.
"My opinions are my own, and I've got *lots* of them!"
Sounds like one of your 6th grade classes is a little slow today. At least you'll get to go home soon and play Nintendo.
I admit to being a download slut. I have downloaded most days for the last ten years. And I am not too particular about where I download from either. But I never get viruses. Well, I got one on the mac once in 1991. And another on a word document about 1997. But that's it.
When people ask me about viruses, I always tell them to use something besides Outlook and they will be fine. And they are.
For 98% of the people out there, the damn anti-virus software is more of a hassle than the viruses they can't catch. The bloat in security software puts MS to shame. All you need is Norton anti virus to show the kids what a 386 was like. Slooooowwwww.
The only way you can get a virus nowadays, is to start up Outlook. I do not understand why the corporate IT guys, for whom these high-profile worms are a genuine headache, do not sue MS. By pretty well insisting on having scripting 24/7 in all their apps, they have created a royal road into anyone's box. The patches they offer are laughable. The house is on fire, and when a bit of flame shows in the front window, MS generously rushes up with a glass of water.
At least one major automotive company was utterly crippled by Code Red for nearly a week. The systems administration at these plants are a joke, and they're all interconnected on the network.. So everything running IIS (which is just about everything as their standard custom OS install INCLUDES it) was infected.
;)
The servers I have control over in there (which need real web interfaces and therefore ran Apache) were, naturally, immune, but the access logs sometimes showed upwards of 80 hits a second trying to infect them, all from internal addresses. I estimate that over 75% of their systems were infected. Many still are.
Oh, here's the fun part: it cripped them because the attack took out the wireless access points. The access points ran an internal web server for configuration, and it simply locked up the access point with one overlarge packet. Crunch. Eventually they disabled the access points web interfaces.
At one point, as an interim measure, they setup the main routers to block all port 80 traffic. Period. Nothing that had port 80 in it was passed anywhere. This was simply to stop all their servers from crashing at all the plants due to the massive DoS attack caused by the infected boxes trying to infect others.
So excuse me for laughing my arse off when I saw this article...
I don't think there can ever be too big of an emphasis on network security and virus protection. The internet is more fragile than most people realize and networks go down all the time from virus attacks.
FoundNews.com - get paid to blog.,
CODE red.... Big Red is gum
Well, 4 years ago (adjust for inflation), in Louisiana (adjust for lower cost of living/lower pay rates), I worked for a computer consultant who charged $75/hour to people he liked, (i.e. his discount rate) for setting up/fixing Windows computers. He was also a greedy little cheat, too. (Adjust for dishonesty). That's one data point for you. Dunno how it compares.
---dragoness
I've been (ab)using my computer(s) for over a decade (i'm 21)...running pretty much any .exe there is out there, be it downloaded from a website or whatever (except those really standing-out sex.exe and the like). I only got infected once, with a virus that freezes your pc (actually makes it incredibly slow) when you run an infected program. I think it was a side-scroller platform game, ala crystal caves...
;)
Never got the ILOVEYOU virus, never got anything. I think it is location-specific EVEN THO the internet is physical-location-independent...
oh well. Nowadays that i've been using unix (linux) i've pretty much forgotten about crashes/viruses...Also i might try out that debian trick where you NEVER need to reboot
(been a slow day today...not anyone around to talk to...so...heh...thanks for listening...)
Looking for people to chat about multicopters, coding, music. skype: gtsiros
I wouldn't even go as far as to say "ignorant". Getting hit with a virus can happen to anyone under the right circumstances. I goofed the other day and opened a message in Outlook Express (I turned off the preview pane) and almost got hit with a virus. Norton AntiVirus caught it so it didn't do any damage. I'm usually careful about messages from people I don't know and I certainly never click on attachments. It was just that I had a bunch of emails to go through and was careless in opening each one without thinking. I don't think that qualifies me as stupid -- we all have our momentary goofs. Spend enough time on a computer and everyone makes a mistake sooner or later.
I suppose you could argue that because I've set up LiveUpdate! to run on my desktop every damn day that I'm protecting myself but this could have easily happened to a laptop that doesn't run LiveUpdate every day. Or maybe I get hit with a virus the day it hits the web (before my LiveUpdate! runs and I get the virus definition).
GMD
watch this
The big problem with your point-of-view is that by ignoring the SA's warnings they not only make his life miserable but THEIR OWN ALSO. So Phil from accounting not only has new IRS guidelines but is now frantically trying to use his email because he couldn't be bothered to read and remember the warning message he got that morning. Being busy is no excuse, the highways are jammed but that isn't an excuse to slam into other cars constantly. You belong to the pass the buck crowd, "It is ok for me to not think and screw up because someone will clean up after me."
A crisis on your part is not necessarily one on mine.
It is by the juice of the coffee bean that thoughts acquire speed, the teeth acquire stains. The stains become a warning
Woman: "In other news, a lot of stuff happened that doesn't really affect you. In fact, most of it was thousands of miles away. We would tell you about it, but you'd just worry, lose some hair, and die a few days sooner."
Man: "We'll be right back after these messages from our honest sponsors..."
<accurate portrayals of real products>
Man: "...welcome back! And all this time I thought that sports car I drove made me more attractive to women."
Woman: "And I thought men who drove sports cars were better in bed!" (glances at co-anchor)
Man: "Upcoming later this hour, we sensationalize Timmy Smith's scraped knee, after a fall while he was attempting to ride a tricycle!"
Woman: "And we'll inflate claims by virus companies that hackers are out to make your life a living hell."
Man: "But first, let's go to Acton, Massachusetts for live coverage..."
Reporter: "Yes, the trolls are out in force today! It's sensationalism at it's best! Not bothering to read the stories they post on, internet users around the world are honing their reactionary skills to a fine point, putting all logic and reason behind them..."
I think it is all hype anyway. In a big office with a lot of machines running Windows, running Norton Antivirus corporate edition has been the savior many times over. This thing is controlled by a central server, and even if the braindead user opens a file inviting him to chat with naked camel penises, it will automatically catch the virus and not allow it to do further damage. Hundreds of viruses have been caught this way and we don't even bother worrying about the virus problem anymore, the server takes care of everything.
Was that supposed to be funny?
It doesn't even make sense.
I will say that many of the viruses that have been written have been nothing more than a flash in the pan. But Nimda was a different story. My college campus was a worst case scenario of this "bug" and we were offline for upwards of a week and a half. Of course, our network admins let it run unprotected for... 3 days without doing anything, so I guess they got what they deserved.
>>My CIO would be reading her hotmail or yahoo mail, whatever. Point is it was a mail service outside of my control. She would see the subject, "I love you" and thinking it was a date, she would open it, from which it would spread like mad cow diesease. The rest of my day would be spent cleaning out her crap.
Everything on Yahoo! Mail and Hotmail has been virus-scanned at the server (by Symantec and McAfee respectively) for at least 2 years. They're very aggressive about updates. Nobody gets infected via these systems. It's the idiots who are still running Outlook 97 who are causing all the problems
The entire IT industry has a serious attitude problem. Go dig ditches for a while, or pick cotton, or even flip burgers. You guys have one of the highest wage rates on the planet, yet you act like you've been assigned to shovel shit at the zoo.
Every job since the beginning of time had its downsides, and every one but the job of hermitting had to deal with lusers. But only the IT industry takes it personally. I think I could survive a week as a professional sysadmin. Could you survive a week as a professional software engineer?
p.s. Sysadmins are lusers as well. Two months ago I received two emails from IT. The first said "your Solaris machine will be upgraded remotely this Saturday. Please log out at the end of Friday, but do not power off the machine." The second said "the network will be down for maintenance this weekend. Please log off all machines by the end of Friday."
A Government Is a Body of People, Usually Notably Ungoverned
This reminds me a lot of the hype that struck around the time of the Michelangelo virus in March of 1992. Virus experts were throwing out statements about a computer appocalypse that was going to wipe out the computers of millions of computer users. By going on television and being quoted in newspaper articles, companies like McAfee and Symantec basically created an industry for themselves by using fear to sell there product. Michelangelo went off with a whimper in the end, but the antivirus industry has been going strong ever since.
bbh
If someone regularly gets into their car and does things like drive the wrong way down a one way street, he's an idiot. No matter what else he does right, he's an idiot, and will get no respect.
If someone sits down at his desk and regularly does things equivalently stupid, he can be "intelligent and competent in his respective field."
These people aren't just ignorant, they're willfully and proudly ignorant. "Don't bother me with the tedious details, computer monkey, I have real work to do."
It's a cultural problem. It's okay to be completely, harmfully incompetent about computers, so people stay that way. In fact, people are rewarded for it with sympathy.
The proper solution? Well, general ridicule would work, but not from a bunch of smart-alec computer monkeys. Have you ever seen "Nick Burns: Your Company's Computer Guy" on SNL? That is how they see us. It's not that they are insufferably lazy when it comes to learning about computers, regardless of cost or consequence, we are irrationally demanding.
Basically, there's nothing geeks, with low social status, can do to change a harmful cultural value. Just imagine your paycheck stapled to the next idiot's forehead, try not to stress out over the problems they cause, and look for a less idiotic job. Corporate Darwinism will cure it eventually.
Just wait. Fighting disease could be considered a 'scare'. But I have yet to see an AIDS of the computer world. You've never site licensed through Microsoft?
"You're never ready, just less unprepared."
Hi! How are you?
I send you this post in order to have your nostalgia
See you later. Thanks
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
The lost revenue led directly to the layoff of 10% of their work force at my location.
Now I know some new questions to ask prospective employers.
Lighten up my ass, i'm sick of being a sysadmin. Honestly, I don't think i'm ever going back to anything IT realated anymore because it is not me that is the one with the holier than thou attitude, it's them.
You ever see the SNL sketches about "Your Company's Computer Support Guy"? If you haven't maybe you should. While watching it, see if you recognize anyone in the sketch...
I ain't a fucking burger flipper you got that? The last people in the company that should be that stupid are the one's in charge.
I am shocked, just SHOCKED, that you are currently out of work.
I would have to say that explosives are the most abused technology in all of history.
There's an interesting paper on "Warhol Worms" here.
Basically the author predicts that, by using efficient algorithms to search the space of potential victims a worm could infect most of the vulnerable computers in 15 minutes to an hour. Pretty scary when you think of how much damage Code Red variants were doing 3 weeks after the initial hit.
Close it quick, before the morons get here...
A slashdotting - you get the stick first and then the carrot !
"CNN is carrying a story on how the big virus scares within the last year or so have been just that: scares, usually hyped by the media..."
So CNN are now running a Dramatic Exposé (TM) on how they ran Dramatic Exposés (TM) on non-news stories...
I am a Karma Library.
Janitor: Please don't throw cigs and gumwrappers on the ground, I just have to clean them up!
....
Employee: Fuck you -- don't look at me funny or I'll get you fired.
Computer Janitor: Please don't open viruses. I just have to clean them up!
Employee: Fuck you
The key to sysadmin work is to get promoted way out of the way of any ordinary users and spend your time lurking around a datacenter. Even then it sucks though because its the same boring shit day in and day out.
Hmmm, you have a point, but I'm not receiving much money from these users. I'm getting layed off in a month and I have been searching for the last 6 months for an alternate job.
Where do you get the big money from?
That'd be more of a mental disorder then a virus.. 8-P
-- I'm the root of all that's evil, but you can call me cookie..
I can't help it, I just love people like this! They're so full of themselves that they don't realize what kind of impression their actions make on other people :-)
We shouldn't underestimate the destructive power of viruses. Nimda took at least one Department's network down for several days in the State of Washington. I have been harping for years that my Department's network security is almost non-existent but to little avail.
Network security, if done right, is a fulltime job. Small businesses and small Government Departments just don't have the staff to keep up with it. So we're caught in a situation where we have to assess the risk of infection and the probable consequences of an infection. If the risks are great enough and the consequences bad enough we apply a patch. If not we don't and pray that we don't get hit. We just don't have the resources to apply every patch.
We do run McAfee virus scan on every computer and NetShield on all of our servers but I remember a while back when McAfee put out a new virus definition file that was bad (It didn't work with older virus scanning engines) and it brought our network down. That required a visit to about two hundred PCs to correct the problem. The anti-virus companies are working like hell to keep up. But what can they do? If they push the virus definition files out the door too fast then quality control is lowered but if they take the time for quality control then their customer's get hit with the new virus.
I just hope that when the shit really hits the fan that it is pointed to one of the most guilty parties: Microsoft. Yes Microsoft for putting out products that are making all of their customers vulnerable.
My solution is to dump the entire Microsoft line and go with Linux. But that isn't well received because of the huge investment in the Microsoft products. We just keep throwing good money after bad.
The race isn't always to the swift... but that's the way to bet!
If virus'es are only scary, it's because the virus writes are amateurs.
Vira could be a lot more smart:
1. multiple targets/entry points
- exploit varying holes in a heterogene environment
2. morphing
- Using nondeterministic compilation you could create vira that would be virtually impossible for scanners to identify -- shape-shifting for every infected computer/file.
3. incubation time
- Vira which we have seen recently don't have much of an incubation time
4. Social engineering
- Look at the "SULFNBK.EXE" (non)vira. Vira that infects this file will probably be a lot more likely to survive for at least a few years.
5. Centralization/automation
- As we adopt digital signatures and auto-updates of programs and operating systems, we are creating the perferct transfer media for vira.
6. All the stuff i didn't think of in 10 mins.
Fortunatly, it seem it's mostly intellectually inept people who make vira (YES, I mean that - if some "real" people did it it would be MUCH! more dangerous).
SLOGEN [ http://ungdomshus.nu : Sebastian cover music]
It takes an actual (not threatened) disaster for people to actually care about disaster preparation.
.exe and subsequently infected all of our computers. It took me all day to fix the carnage left by Nimda.
Among the many other hats I wear, I'm the antivirus/worm/trojan/etc. person at my work.
About a month before Nimda hit last year, I'd written strict guidelines to how our company should safeguard itself against viruses. The president, who needed to approve the document before I sent it out, stated that the rules were too strict (don't open attachments you're not expecting/from people you don't know, etc.) and that since he wouldn't follow them, nobody else should either. He ordered me to edit the document so that it was more "friendly" and so I reluctantly rewrote it, and then emailed it out.
Lo and behold, Nimda hits the following month, and it's all over the media by the time I get to work. We were immediately infected with this thing before I even got to work (along with two major clients), all due to the lax guidelines I released the month before. Ironically, our president himself was the one to clicked on the Nimda
After I was done cleaning up Nimda's mess, I dusted off the strict version of my virus guidelines, and demanded that it be implemented immediately. It was made policy, and since Nimda, we have thwarted every other virus attack that has knocked on our door.
Unfortunately, I derived very little satisfaction from saying "I told you so" and smiling smugly into our president's humiliated face.
My comments here are my own; I do not speak for my employer.
Of course, things are different now. In the DOS heydey (including Windows pre-95), most viruses we re textbook viruses. Today, more of them should be defined as trojans and worms. There's no worm that you can see and say "well isn't that cute" as they all are quite damaging in terms of bandwith utilization. But there were/are many true viruses that are not damaging... or not damaging if caught in time. We all like fire, but nobody likes getting burned.
Now, back to the subject. Michaelangelo. Back when it was news some ten (egads!) years ago, McAffe was warning everyone of the impending doom. That year there were many people who lost data, but nowhere near as large as some people had believed. To be fair to the AV experts at the time, most of them gave a range from the small to the abnormally large- but guess which figure reporters used to sell papers?
So, life went on, and nobody was afraid about Michaelangelo anymore. Well, this poor sap was hit by it the *second* time it delivered it's payload (March 6th 1993). I lost of a lot of data that day, and boy was I surprised. Ironically, the data I miss the most is a copy of the virus itself. We all love fire, but we don't love getting burned.
Studying the interesting viruses was, and is, a really educational and enjoyable thing to do. I do not encourage people to distribute viruses. It's a dick thing to do. But there are plenty out there, and they'll forever live in databases like VSUM and whatnot. The game of virus authors versus AV authors is largely over; but it's still neat to see how different viruses copied themselves, and even more interesting the cryptic lines of text that can so often be found in infected executables.
Call me a hopeless virus romantic (not the VD kind), but I still think that's cool.
And holy crap, I just realized that the slashdot blackout already started. I apologize, didn't realize this before I typed this all up.
-bugg
Monday I ran into W32/Klez.h@MM which was no big deal by itself, but the W95/Elkern.cav.c nailed two computers so bad that they needed to be reinstalled.
So far at work we have been lucky and never gotten any of the "Hyped" viruses, just all the hoaxex; however, we tend to get the viruses that are not hyped and make small messes.
I wish that in this case that Klez was all hyped up since then McAfee would have released the DAT file that would detect Elkern. McAfee's website says that DAT 4198 will detect the virus, but they have only released 4198 today!
[End of diatribe. We now return you to your regularly scheduled programming...] - Larry Wall in Configure from the perl
A lot of people in the IT industry have this problem you describe. It comes from being an expert at something most people don't know a thing about. One of the responses to your comment claims "I'm not a burger flipper".
Well, sorry, you are. Stupid people are stupid people. I HAVE worked in both fast food and IT, and let me tell you, they have the same problems!
IT people call them "end users", fast food calls them "customers". They are the reason you have a job, and thier job is to try to get every advantage out of you that they can. After cleaning up a virus infestation a few times, they learn that it's your job, and your problem. They treat it that way.
I'm sorry that the world isn't perfect for you and that even in your nice "computers" job you have to deal with customers. The rest of the world deals with these same people doing similar stuff and doesn't whine about it nearly as much.
You trust Outlook's uninstaller?
--- What?
Don't even start that crap with me today when I've spent all day working on a professor's laptop that has a virus that required a complete reinstall because, for some mysterious reason, he had shut off his anti-virus software. If he had had it running it would have saved about a days worth of my time, which is far more than the cost of the antivirus software in the first place.
Virii are a big deal and any Windows user without protection is an idiot plain and simple. Antivirus companies make money because their products work pretty well most of the time. Why argue with their ability to make a profit? It's not like they're a monopoly, as there are numerous anti-virus vendors out there.
I guarantee, too, once Linux/BSD virii become more prevalent, that many of you will be purchasing antivirus software from your vendors. And don't give me this "But I can't get infected because I only run my stuff as a regular user..." blah blah blah. Every bit of software you run probably has an exploit in it. Just wait... the script kiddies just haven't been that creative yet.
My sister-in-law is the perfect target for a virus. She emails file after file and I'm sure she opens them without thinking when they first come to her. I mentioned that she is aching to get hit, and she just says we have virus protection. I'm thinking she might not get the update in time for what's around the corner. A little training might help, but there is no compensating for lack of common sense.
Heroscape, it's like legos combined with anachronistic wargames.
Viruses: More Hype than Danger?
I have a feeling whoever submitted this has never had their personal files emailed to everyone they know. I just recieved a file from my sister who did not keep up with the Microsoft Updates. She got the Klez virus, which is activated when you VIEW your mail in Outlook; you don't have to click on any attachments. All the lectures I gave her about not clicking on attachments useless...
And what about viruses that delete files, erase hard drives, etc?
You can't tell me that somebody working at MacAfee or Norton hasn't toyed around with the idea of creating some bad ass virus and unleashing it. Isn't it a little bit odd how quickly they have a fix to it?
With the media the way it is reacting over these viruses, it won't be belong before upstarts will come along, deciminate a virus, then hold a great number of computer users hostage for the price of their software. There was so much publicity in the tracking down of the people who wrote the Melissa virus and the arrest of them, but has there been such a publicized search for NIMBDA? Red Alert? Perhaps the companies are covering their tracks all too well.
this is so cool
This is very cool
And for a nominal price of $200+ called Windows XP.
Is it time already for me to launch winblows.exe already?
Causing Chaos Everywhere,
Nik J.
The strange world of a loner, in a populous city, drowning in society
In an ideal world, at least, EVERY person in the company is a required piece without whom the machine does not function. Naturally, some cogs are more easily replaced than others, of course.
Some people are hard to replace. Exchange admins are not one of them; But real system admins are. In addition, the entire company is screwed without them. They are, in fact, one of the master mechanisms.
There are definitely other people in the company whose departure would have a greater impact than the sysadmin. There are other people a company cannot really afford to lose who have a lesser impact than the systems admin. But ALL of the people in the upper echelon of importance should be listened to carefully by EVERYONE in the company, and ESPECIALLY the other important people in the company.
You can see the sysadmin's position as being highly analogous to HR; They do things which let other people do their jobs and not worry about some kind of infrastructure. Without them, the machine does not get oiled, whether we're talking payroll, or the file server. Making their job harder makes EVERYONE suffer, so there should be an immense incentive to pay attention to both people. In addition, both of them require a great deal of specialized knowledge about the field AND about the site.
So why is it that the HR person is more respected (or I should probably say feared) than the systems admin? Who knows. But great benefits, like not losing all your data, which is ostensibly important to you, can spring from paying attention to the systems admin, so people really should pay attention to them.
Not to mention... everyone knows that the sysadmin hates talking to the unwashed masses of ignorant employees, so if they bother to do so, you can be sure that it is important. So WTF? PAY ATTENTION TO THE SYSTEMS ADMIN. OTHERWISE YOU MIGHT LOSE ALL YOUR DATA. THAT WOULD BE BAD. THE SYSADMIN IS IMPORTANT. THE COMPUTER IS YOUR FRIEND. HAPPINESS IS MANDAT-
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
it only makes sense. sales are slowing at mcaffee, lets write a new one and release it from that machine in portugal we compromised last weekend. Some punk kid who has it coming will get the blame and we'll sell lots of software.
by reading this you have been added to their list of possible patsys.
We need to thank the virus authors that they didn't put serious payloads on Nimda or Code Red or I luv you. Thank them while they are in their jail cell of course, but thank them non the less.
As it was they were an annoyance to most, not fatal. They did get the message through to businesses that anti-virus security was serious business. I am sure that we are not the only organization that implemented a comprehensive anti-virus system last year.
It wasn't until we had to spend real man-hours fixing damage done by viruses that the threat was taken seriously and the ROI of the system justifiable by management. It took the potential risk out the equation and made it a simple "duh" cost cutting manuver.
There are two classes of malevolent viruses: nuisance viruses, which do nothing more than cause senseless destruction and "make a name" for the author, and voodoo viruses, those looking to use computing resources on a distributed level.
The first class of virus is only useful when it can attach itself to a a wide area of the population, which is why they're always prevalent in "best of breed" software. Windows, Office, IIS and Outlook are arguably easy to write viruses for, but i content that a lot of the shareware and even open source apps out there are just as easy. Hell, my news reader crashes every time i get a connection to my mail port; it'll probably never be fixed because it's just one guy writing it. But the ease of writing isn't the point -- the point is that these software packages are used by many, many people and even a difficult to exploit bug will have far reaching consequences.
For the voodoo writer, it's not the number of machines so much as the class of machine that's important. You want fast computers with fast connections (dumbass site admins help too). This means you want a critical bug with lots of power.
Neither of these class of author will ever write a pda or cell phone virus. Why? Because there are so many different implementations, each markedly different from the others, that an exploit would only apply to a specific phone on a specific provider. I mean, come on! There's not even a unified protocol for ring tones!
Not to mention that everything is processed by a proxy server before it even hits the phone. Result? A few complaints, and then the proxy is updated to save the phone.
I love FUD.
Hey freaks: now you're ju
A couple of high-profile viruses made my
life miserable in different ways for several
months. I'm somewhat embarrassed to admit that
it took so long to recognize that a virus was
involved at all - but there was no complete
system failure, simply degraded performance and
flaky behaviour.
I have no problem with anti-virus companies making
lots of noise about the dangers involved. If
Microsoft were truly serious about security they
would include a subscription to McAffee or Norton
in every copy of Windows.
Don't worry about me being paranoiac, I know I am but...
When I was working at another company few years ago, my president was very fiendly and was enjoying teaching us "marketing" strategies. I found it interesting because it teached me at what levels big corporation are willing to brainwash you. One thing he explained me one day was that a common strategy was to "create the need". Well, we all know this strategy, but he explain me to what extend this could go sometimes. Some company would litteraly "create" you problems to further feed you with their main product. So, my point is this one:
We know that AntiVirus company make a lot of advertisment for their product, they are big selling software and seems to be a lucrative market. Am I the only thinking that they may feed the market themself? It's so easy to put virus in circulation, anyone can... Would it not be tempting to them to "inject" a few once in a while and release a "security alert"? Then, letting the media go, the hype boosts itself and scares people enough to boost sales? I'm sure it happens...
I shouldn't skip my medication anymore...
I'd rather be sailing...
--
"Extra Anus Kills Four-Legged Chick" -- Headline
I would have readily agreed that viruses were overhyped - 'til I got Nimda on a home PC after wandering onto an infected website with IE 5.x.
Since I didn't manage to fully disinfect the first time, I ended up rebuilding the entire system from scratch 2x at the cost of at least 10-15 hours of precious weekend labor and much irritation.
But because of the hype I have no-one to blame but myself (and the webmaster who left his site infected months after a Nimda was known, and of course the Nimda author... but we'll leave them out of this!)
Seriously, people who surf w/o virus software are like people who smoke despite the surgeon general's warning: we all know it's dangerous because of the hype. I know I'm unlikely to fuss about overblown warnings for quite some time!
" Perhaps I would be so bitter if I didn't spend 4+ fucking years to get a degree only to end up answering the same remedial questions for careless, rude people. My job is about as challenging and fulfilling as monitoring dirt movement."
Maybe you picked the wrong major.
Or maybe you're just insufficiently motivated to get where you want to be with your current education.
Sorry, but sometimes the truth hurts.
why are people still paying for Antivirus software??? there are several top end proggies out there
I turned off my antivirus software 9 months ago, I use my windows partition daily.
I just ran it again, and suprizingly I don't have a virus.
I have no respect for people who are too stupid to avoid getting a virus, it just takes a half an ounce of prudence.
I live in a giant bucket.
People think about things differently. Really. Sometimes it's hard to understand at how basic a level they think differently.
... well, he may just not have understood you, because you didn't speak his language.
Different ways of thinking are better at different kinds of jobs. You *will not* get a marketer who's both good at convincing a client and good at understanding software. Those are different skills. (What you may get is a model builder who can explain his models to both the programmer and the marketer.)
The four basic skills, as I see them, are:
1) Formal reasoning
2) Model building
3) Preference ranking
4) Goal envisioning
Everybody is best at one of these. Being best at that, means being worst at a predictable other one.
So someone who is best at Preference Ranking will be good at marketing, but lousy at following detailed instructions. And someone who is great at Model building will be lousy at Goal envisioning. (These are the pairs that I find predictable.)
Likewise everyone as a second best skill (which, of course, implies which skill is third best). So some programmers can read a flow chart easily, and other programmers can envision where their code is heading. And these aren't usually the same people (though some people seem to sort of balance on the cusp there).
So Joe in sales doesn't follow your directions not because he's angry at you, and not because he's a real doofus, and not because
As a general rule I find that the non-technical people I deal with don't understand my natural way of speaking. I need to make a model or explain how it fits into their goals to really catch their attention. About 1/4 of the people will just understand the instructions. For about another half you'll need to catch their attention somehow, and then they'll be able to follow the instructions (somehow because two different approaches are needed here).
For the remaining 1/4, following detailed instructions is a real problem. Because that's not the way they think. Best if you can fold everything into a file that you can tell them "Just run this". If that's really impossible, then try to both make a model of what needs to be done (that the instructions fit into naturally) and explain how it fits into their goals. (I always find this so difficult that I generally do the last few people myself.)
But just imagine that you had to spend your time schmoozing... and choosing which people to pay attention to, which to ignore, etc. (I can't explain it correctly, because I don't understand it myself. But I've seen those skilled in the art in action, and I know when something is totally beyond me.)
I think we've pushed this "anyone can grow up to be president" thing too far.
Training? Some of them are trainable. But only some.
Being intelligent is in no way the same as being able to understand computers. That's one kind of intelligence. Some people just don't have that kind. Because a kind of intelligence that confilicts with that is associated with successful manipulation of people, many of them are managers, public relations people, marketers, salesmen, etc.
I'm not saying they aren't intelligent. I couldn't learn to do what they do, and they couldn't learn to do what I do. Our intelligences are different. But they are sufficiently different that attempts to train them in computer understanding (rather then simple manipulation) are destined for failure.
At least that's the way I see it.
I think we've pushed this "anyone can grow up to be president" thing too far.
..last week saw my work being bombarded by that annoying Outlook exploit and automated warning messages that were being sent to the wrong person because the From: line is taken from the infected person's contact list. And our student labs pick up at least a dozen viruses every day (usually about 3 or 4 different ones). Yeah, it's hype.
There have only ever been a handful of Macintosh viruses, excluding Word Macro Viruses. (Which are entirely due to M$'s incompentance.) Yes, I have a virus scanner, but I've only EVER found one infected file in the 17 years I've used Macs.
Dog is my co-pilot.
No, of course not. Real network admins know everything about their networks by watching the link lights on their switches. Since they can see the contents of the packets that are being sent and recieved, all they need to do is decode the packet in real time. Junior admins occassionally have problems mastering the ip checksum algorithms, but well-practiced senior net admins can track thousands of concurrent TCP connections. It's a simple matter to determine what the network is being used for just by watching the blinking lights.
And you thought those light were just to look pretty. Ha!
Now that they can claim it's all hype they don't have to make secure software anymore.
The later versions of MS-DOS came with MSAV, and Windows 3.x came with MWAV.
MSAV - MicroSoft AntiVirus
MWAV Microsoft Windows AntiVirus
Thing is, they sucked, and I had no idea where to get updates, or even if they were updatable at all, whereas I had a fresh evaluation floppy of McAffee every month for free!
I have no idea why they canned their anti-virus.It would be very useful to most windows lusers to have an anti-virus installed by default on their boxen. It would sure save me a lot of trouble... and probably put a stop to the ever-growing email worm epidemic.Just have it auto-update itself like the rest of XP and you're home free.
Ha. Actually, Counterpane, Bruce Schneier's company, offers realtime live security monitoring by humans; I presume even they view the traffic in some interpreted, filtered state.
I meant merely that hopefully a Net Admin has a faster, more comprehensive, reliable and detailed source than CNN, such as CERT, some other mailing lists, or their AV vendor.
While they may not cripple the internet, virii cost corporations ALOT OF MONEY. I work in the service industry, and EVERY DAY I am at some company to clean virii off of machines. These aren't large companies with IT people, these are the small business where every machine gets decimated by virii that can't be cleaned with wiping the system, and if they are cleanable, the files are OFTEN corrupted and of no use. Of course, these are also small business that never thought of backup. Virii might be good for my business, but when these companies are paying me $65 an hour (or my boss) to clean them when they get them every time (because that handy antivirus we put on their machines last time hasn't been updated since we left), it gets expensive.
Obviously the guy is pissed..and frustrated. The point here is that the work they do is enabled by the tools they use which is in our care. If you rented a room in a non-smoking house and smoked all the time you'd get kicked out eventually. Your reasons for doing this: whether, stupidity, assumption of intellectual superiority, addiction, etc..is not the issue. There should be consequences for fouling up the works. If managment cannot control the situation it is unfair to assume that the SA can do any better. As far as talking down to users... There are some users who will browbeat, circumlocute and sneak their way into trouble consistently. If managment will not act then as self defense I tend to treat them like shit. I can empathize with the guy to some degree: If you are willing to take home a paycheck you should be willing to obey all the rules set out by IT staff towards enabling and keeping your environment working. Without this the end user and policy is the problem and the SA attitude is a natural outgrowth of the situation. A strong, policied and enforced environment is productive and secure, a loose "do what you want" environment is recipe for disaster unless everyone has the technical acumen of the SA.
But yeah, I've never bothered with AV software (or security beyond the LAN being firewalled) and the extend of damage viruses have caused me is the inconvenience of no longer wanting to leave drives shared-writable
Ahh those were days... you could leave your front door unlocked and just copy anything to your computer from anywhere transparently.
If the past year's viruses were all hype, I have to wonder how serious a virus has to be before they actually claim them as dangerous.
Thanks to SirCam, I personally received two documents from Fortune 500 companies (which were infected) with draft proposals for new products and the markets they were targetted for. I get to know the plans of a big company even before their CEO does.
Thanks to CR/Nimda, I get to see at least 100 probes a day trying to get to my personal web server. On more active days, that number is more like 500. And this is now, over 8 months after the virus was at its peak.
I know of at least a few administrators (that work at various companies) that had to put in about a week to get the "I love you" virus under control. And that virus didn't even have a nasty payload.
Mind you, they could have been much worse. The simple fact is that most of these viruses were born from stupid bugs (which in most cases were simply overlooked) and hence were somewhat easier to fix.
As of about a month ago, I was able to take advantage of the fact that CodeRed is still out there wasting bandwidth. I benefitted from it because it's continually trying to spread itself, which generates zillions of unanswered ARP requests.
I was looking for an unused IP address to *borrow* (for use on a non-DHCP-enabled laptop), so I started a packet sniffer and waited for an unanswered ARP to go by -- in less than a minute, I had my new IP address.
Thanks CodeRed!
400th comment!! Viruses!!! LINUX!!
In the 9 years I've been playing around with computers, I haven't gotten a single virus. This despite the fact that I've been running Windows and Outlook for years.
Really, it's not that hard... don't open attachments unless you're expecting 'em, don't enable VBScript... no real need for it anyways!
I have been downloading innumerable Terabytes of various software since 1993 when the Mosaic browser was around. I have never had a virus infection on my computer. And, still, I have mostly used DOS/Win computers until the last few years when I switched to Linux.
;)
I know, I am not statistically significant, but still...
By your logic, you're focusing the burden of responsibility to the admin and not the end user. So I guess it's MY fault they opened the attatchment. I guess it's MY fault that I have to order a new laptop everytime this paticular sales lady goes out on travel and returns with a mangled laptop because "It's too much trouble to carry it on" This paticular lady i'm thinking of DESTROYED 9 laptops in 3 months! You would think MAYBE after the first one she would wise up BUT SHE KILLED 8 MORE.
Often, as in this example it's the same end (l)users who do stupid things time and time again. But typically the sysadmin isn't in a position to say "you break it, then fixing it is at the bottom of the priority list".
Easy to say when you have a good job. I consider them PEOPLE when they HELP ME HELP THEM to solve their problem. When they are lazy ("oh, just send someone up. I don't have time to sit on the phone all day."), unecessarily vague ("Is the Internet down?"), or rude, they are not people.
There is the all time classic "dosn't work". Including in cases where the computer is working perfectly, just that GIGO applies.
Do your job properly and stiop whinging.
Tom.
Oh arse
hey,
it was very neccesary to do Y2K updates in a lot of cases. maybe the world wouldn't have crawled to a halt but there would've been a *lot* of people complaining because they weren't born, didn't need to receive a paycheck, etc "because the computer says so". those problems needed fixes, be it before or after 1-1-2000.
the fact that the IT industry earned plenty money because of the Y2K problem might be a ground to distrust some of the stories on Y2K but it *was* neccesary to fix Y2K!
But typically the sysadmin isn't in a position to say "you break it, then fixing it is at the bottom of the priority list".
YES!! Exactly! If you spend %15 of your time on one user in a month because they constantly are breaking something, other people get jaded that they are not recieving enough attention. Collecting all the parts, getting the shipping, calling the vendor for a RMA#, shipping the thing back and imaging the software back onto the machine when the machine comes back takes TIME. Time that has to be balanced out or otherwise it just put's the admin in a position where he/she might be taking precious IT resources away from other departments. If you cannot balance yourself out between all the departments in a company because of one person, i'm sorry but they're an asshole for not being consciences. They're not thinking about the time it takes me to replace the equipment, the cost to the company, the CEO's and salespeoples time for making the money to pay for the damn equipment in the first place.
This buffer is for notes you don't want to save, and for Lisp evaluation.
If you want to create a file, visit that file with C-x C-f,
then enter the text in that file's own buffer.
aoeu aoeu aoeu aoe uaoe uao u aoeu aoeu ao aoeuaoeuaoe ua oeu aoeu
aoeu aoeu aoeu aoeu aoeu aoeu aoeu aoeu aoeu aoeu aoeu aoeu aoeu aoeu
aoeu aoeu aoeu aoeu aoeu aoeu aoeu aoeu aoeu aoeu aeou aoe uaoe uaoe
uaoeu aeo aoeu aoe uaoeu aoeu aueo
aoeu
aoeu
(autoload 'wrap-mode "~/wrap-mode.el" "Toggle wrapping." t)
aoeu ao aoeuaoeuaoe aoeu aoeu aoeu aoeu aoeu aoeu aoeu aoeu aoeu aoeu
aoeu aoeu aoeu aoeu aoeu aoeu aoeu aoeu aoeu aoeu aoeu aoeu aoeu aoeu
aoeu aeou aoe uaoe uaoe uaoeu aeo aoeu aoe uaoeu aoeu aueo
aoeu ao aoeuaoeuaoe ua oeu aoeu
aoeu aoeu aoeu aoeu aoeu aoeu aoeu aoeu aoeu aoeu aoeu aoeu aoeu aoeu
aoeu aoeu aoeu aoeu aoeu aoeu aoeu aoeu aoeu aoeu aeou aoe uaoe uaoe
uaoeu aeo aoeu aoe uaoeu aoeu aueo