Slashdot Mirror
NYT Reports Porn Spam Hijacking Network
twitter writes "This NYT story describes how thousands of PCs have been used as porn spambots and reverse proxy servers, and mentions that they could be used for kiddie porn. Finally, though Microsoft is not mentioned, people might start to understand what a monoculture of poor quality software enables."
Now I've got a great new excuse when the wife stumbles onto things...
Stop by my site where I write about ERP systems & more
I guess that's pretty authoritarian, and there are better ways to beat spam. Still... the elimination of the luser is a shining grail for us all, no? ;)
Finally, though Microsoft is not mentioned, people might start to understand what a monoculture of poor quality software enables."
Umm, no they won't. First of all, very few people would notice the article in the first place. Second, people who did notice wouldn't know what to do to protect themselves (not supporting MS isn't an option for 90% of the computer users in the world). Third, was the comment necessary?
"The rogue program does not affect the Apple Macintosh line of computers or computers running variants of the Unix operating system."
so um, not to Microsoft bash or anything, but what OS does this 'sploit attack then?
That's gotta be one of the most FUDaliscious articles I have ever wasted my time on.
"Some random guy says grillions of computers are infected with an undetectable virus and is going to distribute kiddie porn!!"
Please.
P.S. I'm not saying it's not possible, but for fuck's sake, get a few details before bothering to blather on about it for pages at a time.
Try this link
Well, there's spam egg sausage and spam, that's not got much spam in it.
Why do the Slash Editors(ha!) put this drivel up? We can bash Microsoft enough in the comments without the extra crap in the article itself.
An optimist believes we live in the best world possible; a pessimist fears this is true.
"...though Microsoft is not mentioned, people might start to understand what a monoculture of poor quality software enables."
Shouldnt that read:
"... though Microsoft is not mentioned, we thought we might use this as an excuse to attack them anyway."
I mean I understand MS doesnt exactly have a large fanbase here but that is frankly ridiculous.
<fnord>OBEY</fnord>
here you go
There is no god
Whatever. That won't happen anytime soon.
Just as an example, we brought a remote user's laptop into the shop the other day to update it and found over 250 infected files. Even though we provide the option everytime he logs in to update the virus identites, they hadn't been updated in over a year.
To many people, a computer is like a screwdriver. They could care less about it, they just want to pick it up, make it work, and toss it aside when they are done with it. It's unfortunate, yes, but that's just the way it is.
Ryan O'Rourke
IT must be microsoft's fault no other OS has ever had a problem and I am not responsible for what I do on a computer...
You hit the nail on the head. I stopped using Windows because I felt like I was not responsible for what I did on my computer. I feel like Windows is constantly changing things, and automagically configuring things for me, without asking. I dont want to install things and have them break other things. That means you're doing something I dont want you to do. I hate that. I hate that it has no security, and all the bitching about anti-microsoft editorials is so ridiculous. Accept the fact that your OS has issues, complain to the company, and then maybe Microsoft will fix things.
Having worked the abuse@ email address for a DSL provider, I've been seeing this for a couple of years. It's interesting that the mainstream news is finally giving lip service to the problem, though. I heard a commentator on the ABC radio network mention open relays on mail servers the other day during morning rush hour.
Someone (by someone, I mean companies that put out SMTP servers with a large share of the market) should strike while the iron is hot and take it a step further by airing some simple PSA's during a small assortment of shows. Maybe some must see TV "The More You Know" type thing...
I had a sucky sig.
Finally, though Microsoft is not mentioned,
Oh, but we'll take care of that.
The coolest voice ever.
Why not blame the rain on Microsoft, even though the weather report didn't mention them? They probably use MS to generate their forcasts.
Translation:
I needed a new place to store/share mp3s.
All Troll + "offtopic" mods are meta moderated as "Unfair", because you abused the system.
Pete Townsend could have used this article a few months ago.
Not to mention the obviousness of using such a widespread and vulnerable platform. I think this is what everyone's getting at.
And to think of how many NT4 machines are out there with a root RPC vulnerability that MS refuses to fix. If someone's running NT4, I don't know how likely it is they are going to apply anti-virus patches. I think MS leaves footprints of vulnerabilities for this sort of problem for years after releasing products, regardless of actions others take to try to help.
The only thing more dangerous than a file named -rf is renaming it -rf\ /
In my experience, end-users who are not tech-savvy have little real understanding of online security practices: they tend to ignore basic things such as updating antivirus dat files because they don't know or don't understand. And from my own experience, I know that broadband providers are more interested in pitching all their cool features than they are in educating users how to be safe. Seriously, how hard would it have been for my ISP to have included a Sygate or ZoneAlarm trial on the install CD they had to send out anyway?
What kills me is that it's in the ISP's best interests to encourage safe computer habits, and they don't really emphasize that.
----------
Something cleverThere is no reason to break copyright law and repost this article. This is an example of irresponsible internet behavior at its worst - there is no justification for such action - this is not 'fair use'--it's just lazyness.
Here's the thing though, with StarBand, they have an auto-imposed limit of around 500mb/week upload, and if you go over it, you are automagically shut off for a few days. The problem with this, and I have seen it happen, is that the Spam/Pornbots can infect a Starband Customers computer, and easilly make them go over their weekly 500mb upload limit. Thus causing them to lose their internet connection.
This poses a real problem, not only for the end user (The people I deal with are all in the far reaches of Northern Minnesota where Satellite Internet is the ONLY broadband option) but also for the ISP's. Its viruses/bots like this that make it even more necessary for legislation to fight spam.
The writers of the Bots would be the spammers, not the owners of the infected systems. Just because I borrow your car to deliver the paper, does that mean that in reality, you delivered the paper because it was YOUR car?
-I may not me amish, but I am a geek!-
To many people, a computer is like a screwdriver. They could care less about it, they just want to pick it up, make it work, and toss it aside when they are done with it. It's unfortunate, yes, but that's just the way it is.
Why is this unfortunate? Do you want to know every nuance of the car you drive, just to get to work? How about when you watch TV? Do you really need to know about NTSC vs PAL? No, you want to watch TV.
Computers should be no different. People just want to send grandma some pictures, surf the web, type a paper, whatever... Not spend forever updating their AV package, SP updates, etc.
A computer is a tool. It is merely a means to an end.
There are three types of people:
(1) Those that recognize Microsoft's influence and approve of it.
(2) Those that recognize Microsoft's influence and disapprove of it.
(3) Those that are oblivious to Microsoft's influence and wouldn't care even if someone told them.
Groups 1 and 2 are not going to have very many people switching from one to the other. Group 3 is going to have even fewer people leaving it. So the whole "people might start to understand" bit is, quite simply, B.S. It reflects the submitter's membership in Group 2 more than anything else.
The coolest voice ever.
Hardly a fair question, and I'll use your car safety requirement example to demonstrate.
Back before there were seatbelt laws, many cars simply did not have them. So once those laws were put into place, would it be fair to expect older cars to pass the seatbelt test?
Now if this minimum security law you suggest were to become a reality, it would be Microsoft's responsibility to make sure that future operating systems pass the security test. But you cannot hold them to a standard that does not currently exist.
"Ask not what your country can do for you." --John F. Kennedy
A properly configured NT/2000/XP systems with the correct security settings and policies in place wouldn't have any problem preventing virii from doing anything.
If Linux were in the mainstream, everyone and their mom would be logged in as root, like Windows users are with administrative accounts anyway. So why even pretend that Linux, should it ever become as mainstream as Windows, would be inherently more secure? The issue here is educating the users who open "FREE COLLEGE WEBCAM HOTTIES.EXE" rather than improving the quality of the software.
So you're saying all I have to do is install one of those screensavers shrouded in four web-site redirections and I can sit back and wait for some pirate in The Phillipines to jack all the 1337 w4r3z and pr0n for me?
Dude! This is better than PointCast **AND** Kazaa -- The stuff just shows up! It's like subscribing to the FBI files-you-shouldn't-have mailing list!
Spyware and viruses r0ck!
"Lawyers are for sucks."
- Doug McKenzie
There is a technical writeup here:
http://www.lurhq.com/migmaf.html
Mirror: http://www.joestewart.org/migmaf.html
This is terrible.
They put all that porn on my computer, and I don't even get to see it?
Ooh, a sarcasm detector. Oh, that's a real useful invention.
The rogue program does not affect the Apple Macintosh line of computers or computers running variants of the Unix operating system.
;)
What is it with the mass media not wanting to say that a given worm or trojan affects only systems running Microsoft Windows?
In fact, the statement is wildly inaccurate. It doesn't affect VAX computers running VMS. It doesn't affect computers running AmigaOS. It doesn't affect IBM AS/400s running OS/400. It doesn't affect computers running OS/2. It doesn't affect computers running BeOS. It doesn't affect computers running MS-DOS.
I mean, it's patently ridiculous, quite honestly. None of those OSes are Apple Macintoshes nor are they UNIX variants. Actually, for that matter neither is Linux, technically. It's an original from the ground up POSIX-compliant OS (unless you believe SCO
My journal has hot
What is it with the mass media not wanting to say that a given worm or trojan affects only systems running Microsoft Windows?
Well, this explains the NYT article (they don't want to piss off Gates), and I suppose you could assume something similar for the other media outlets.
Why is this unfortunate? Do you want to know every nuance of the car you drive, just to get to work? How about when you watch TV? Do you really need to know about NTSC vs PAL? No, you want to watch TV.
...but these days, computer users should have some basic training on "what attachments are likely to contain pictures from grandma - and what aren't!". Otherwise they might end up hosting some illegal warez server in their own house - without their knowledge.
I agree with the general line of your reasoning, but please observe that the examples you mention do not necessarily support your own thesis. First: if you don't know NOTHING about "NTSC vs PAL", you might quite soon end up with an unpleasant surprise buying video tapes abroad. Say, you might be an American on a trip to Amsterdam, taking advantage on their, uh-huh, liberal law regarding the pr0n. Ditto for European in Tokio.
With the car, it's even worse. You can't drive a car without valid license. The authorities consider untrained drivers too much of a threat for the public (and the drivers themselves). And it becomes more and more obvious that the Internet is also a very dangerous place for untrained computer users. You can damage yourself (sometimes just opening an email attachment) and cause damage to the others. You are absolutely right saying:
People just want to send grandma some pictures, surf the web, type a paper, whatever... Not spend forever updating their AV package, SP updates, etc.
A computer is a tool, but it is a complicated Swiss Army Knife tool that will slice your fingers off an puncture your chest if you're an idiot and don't know how to use it. Chainsaws are just tools but the hire shop will require you to be trained to use one, and for a very good reason. Idiots are already slicing their hands off with circular saws every day.
Should granny be able to hire a chainsaw and swing it around her head? Probably not. Should idiots be given a computer and be allowed to connect it to the internet without the proper precuations in place? They should be forced on them if they won't listen, just as a hire shop may refuse to hire you a chainsaw.
I'm all for making computers as easy to use as possible (Very commited, in fact), but you can't expect to make them idiot proof. At some point you have to accept that some things cannot and should not be attempted by an untrained person, and work that into the design.
Interesting thing is, though, that it occurred in the UK, not the US. In the US, he would have been guilty because the child porn statutes are strict-liability offenses, meaning that possession of child porn, even if unintentional, is still a crime.
Yeah, it's a messed up law, but it's not the first one...
The society for a thought-free internet welcomes you.
If you actually read the article, you read:
The rogue program does not affect the Apple Macintosh line of computers or computers running variants of the Unix operating system.
OK, so that leaves what? Windows, OS/2, and a few oddities. And the only likely one of those, the only possible one is Windows.
So, Windows is there, but the NYT went out of their way to *avoid* mentioning it.
Yeah really, laugh. From the article:
"The rogue program does not affect the Apple Macintosh line of computers or computers running variants of the Unix operating system."
Let's see, it doesn't affect Mac's or *nixes, what else is there? Why didn't they just say that it affected Windows systems only? The average person probably wouldn't put that together. It reminds me of that scene from the new austin powers movie when Dr. evil indirectly tells mini-me to go by telling everybody to get out, but then telling everybody but mini-me they can stay.
Really, I've never seen this before. Usually you report which systems were affected rather than the systems that weren't. What reason, other than ignorance, would the reporter have not to mention windows?
Why, o why must the sky fall when I've learned to fly?
But is it worth giving up Linux to run Windows so you can claim to have been vulnerable?
I just got a new Nigerian Porn Dialer that offers a 1.5% cash back bonus and a higher credit limit, why would I want to give that up?
A computer once beat me at chess, but it was no match for me at kick boxing -- Emo Phillips
So instead of their normal scare-mongering by involving terrorism in any way possible, they are now suddenly switching into scaring everyone by mentioning kiddie porn instead? Wow, such diversity! Next thing you know NYT actually becomes a good source of news with facts and interesting content without a "we will spam your ass off" scheme! Maybe right after DNF is released...
Hate me!
Of course sendmail's old open relays, wide open proxy servers on linux boxes, owned linux DNS servers which play redirection games and so on don't contribute to spam. No siree, because they're on linux, and everyone knows linux has no problems what so ever.
The article makes a good point about unwitting hosts participating in world-wide spamming. A host that is insecure can become compromised by an automated worm or mailicous attacker and then configured to relay junk mail.
As a system administrator this worries me. Typically we use blocklists for netblocks that are known to be sources of spam. But when a random internet host is compromised and used as a mail relay, this slips past our blocklists (for a while).
The moral of the story is that computer security and spam fighting go together. Though average users don't get the point, it is every internet user's responsibility to keep their host secure both for their own good, and to be a good neighbour.
you should still know how to change a flat, add oil and wiper fluid, and know where the gas tank is.
hell, even I know that stuff.
computers should be like as cars, your right. you need to know basic maintinence and care and know that if you don't, it's gonna get messed up real quick. if the oil light comes on, stop the car immediately. know that you shouldn't pour sugar in your gas tank or drive into trees. know basic stuff. don't ever open, reply to or send spam- just delete it. update your virus software often. fairly straight forward stuff.
Perhaps someone should make a list of basic do's and don't with your computer and post it somewhere. actually, I think I might do that later.
Looking for Book Reviews? Check out Literary Escapism.
Finally, though Microsoft is not mentioned, people might start to understand what a monoculture of poor quality software enables.
I blame K & R for writing such a fundamentially broken language in the first place.
DrLunch.com The site that tells you what's for lunch!
So if someone is caught with p0rn on their PC (ie: kiddie porn), does this mean that the virus could *potentially* provide a "reasonable doubt" about that person's guilt? Sure seems like it could...
Items like this seem to be happening more and more frequently (spyware, viruses, etc) and I am wondering what the impact will be on the legalities involved. I mean, in the old days, I controlled EVERYTHING that came into and out of my PC -- now, that has changed and there may well be things hiding on my PC that I am not aware of. I do my best to administrate properly but I don't know everything and I am certain that Joe Sixpack knows even less than me about his machines.
Food for thought...
Beware of the tool talk. A computer is a device, and as this article already illustrates, this DEVICE can perform actions without you knowing. It will continue to perform these actions when you are not using/operating it.
Tools such as a pen or a screw driver work ONLY when you are using it. A screw driver does not screw a screw and cannot stab someone without a person operating it (and hence a TOOL).
The point is devices are inherently more dangerous than tools. One has moral agency over tools (again: stab or screw, its all up to the operator), one has much less control over a device. Which is EXACTLY why people should be educated on how to use and control these devices. While not having moral agency over a device, one most definitely carry partial responsibility for activating a device.
They probably use MS to generate their forcasts.
Nope, the NOAA is smarter than that, they use Linux
Good people do not need laws to tell them to act responsibly, while bad people will find a way around the laws-Plato
It seems obvious that to the reporter, and probably to most of his readers, computers==Windows systems. It's sad (and bad reporting) that Windows isn't even mentioned.
Flame on if you like, but it is quite common for these sorts of things to happen on Windows boxes, and not on Linux boxes, due precisely to the monoculture and the flawed default security model of Windows (actually a number of different flawed models in Windows OS and apps).
Perhaps you could clarify how the comment in this instance was not appropriate. The GNU/Linux default security model that my family run all their machines on does not run arbitrary software with elevated privileges as Microsoft does. It never has. And it is not such a monoculture, resulting in being less susceptible to attack.
These are attacks I have never had to worry about. A neighbor, who typically runs Linux with no breaches of security, tried putting up an IIS server just once to see how it compared, and it was owned by hackers within 15 minutes.
Sure there could be an increase in real security incidents some day with Linux, but not before there are far worse problems with existing Windows platforms (until there is much change to Windows).
Perhaps there just needs to be a windows-only section of Slashdot, so that Windows users can discuss these problems which are less relevant to the rest of us without feeling continuously picked on due to the technical problems with their choice of an OS.
Good responses, I think, but....
Does the average American have to worry about NTSC v PAL when they go Blockbuster? No. I have to worry about when I want to order the DVD of last year's World Rally Championship season, but I'm buying it from a bloke in England....
Good point about the driver's license. But doing things safely on your computer is more akin to manufacturers making the cars safer rather than the driver knowing their car better. I may know how to service my brakes, but if the design is poor, there's little I can do about it.
If you're designing an operating system for grandma to send email, then it should be completely locked down. Even the default email client should be configured so that it doesn't automatically open attachments. It shouldn't follow the unix "enough rope to hang yourself" maxim...
Whereof we cannot speak, thereof we must be silent. --Ludwig Wittgenstein
......but these days, computer users should have some basic training on "what attachments are likely to contain pictures from grandma - and what aren't!". Otherwise they might end up hosting some illegal warez server in their own house - without their knowledge...
Training is a good idea, but unfortunately it doesn't always work. I have a l-user here at work that has been trained on how to use email securely. Then everyday, I get phone calls about pr0n email that she has received. She takes great delight in explicitlly describing the contents of the message, and then pretending to be offended. Then I get the "Why don't you do something about this" statement. I do have filters on the email server, but unfortunately they only pickup about 85% of the spam. The other 15% get sent to the users and then opened. Luckly I have AV pushed to everyone and configured it so that it can not be turned off or messed with, and every one gets updated nightly. Just based on the AV logs, I can tell you exactly which l-users do not apply the security training.
It's simply inaccurate as well, since I'm sure OS/2, VMS, and OS/400 systems are also not affected.
Gamingmuseum.com: Give your 3D accelerator a rest.
You're right, the submitter of the article took a little shot at Microsoft, and the editor didn't have to choose that story submission, but it's not as if the comment is completely without merit. The article states, "The rogue program does not affect the Apple Macintosh line of computers or computers running variants of the Unix operating system." That pretty much leaves...Windows. And the submitter's comment was right that the Windows monopoly makes these types of abuses more likely, and the poor design of Windows makes them harder to stop, track, and remove.
For example, I went home to visit my parents one weekend, and my mom asked me to take a look at her computer because she was getting dialog box advertisements on her screen. I took a look, and when we got to her computer she had 5 to 10 queued up formatted advertisements on her screen sent to her using "net send". So I shut down the messenger service and turned on the firewall in XP. Problem solved. But why, on the "home edition" of Windows, is the messenger service running in the first place? Why is there this open port on someone's home machine accepting random text messages from the outside world? It's poor design, and the fact that Windows is a monopoly exaggerates the problem and creates an issue for almost every home computer user in the world.
And don't forget the countless other MS-specific issues. Consider ActiveX controls. A user installs something like Comet Cursor on their machine and ends up polluting their OS with adware and spyware. Do users of non-MS browsers have this issue? No. True, the user clicked Yes, but most people are not in the habit of clicking No to every ActiveX control that tries to install itself. Most are benign (as Comet Cursor would appear to be at first glance), and some are useful or necessary (like Windows Update). But you make a bad decision once, and you pay for it effectively until you get a new machine or re-install the OS. There are tools to remove spyware, but sometimes they don't find everything, and that misses the point anyway. The question is why do I have to solve this problem in the first place? Why can't you, the user, transparently remove software from your machine? Because Windows is designed to be so opaque that it's impossible for anyone to know where everything is and how everything works together.
And of course the vast majority of e-mail worms and viruses only affect users of Windows, and more specifically users of Microsoft mail clients on Windows machines. Users of Outlook Express or Entourage on the Mac are safe.
I find this to be a huge issue in the home PC market. Most people are completely unaware that they should not be dealing with these frustrations, and that there is a better way, simply because Windows is all they know. So in that sense, I think it was fair for the submitter to take a shot at Microsoft for this, and fair for michael to allow it to go through.
Unfortunatelly I tried the do's and don't list here at work. It trully amazes me on how dense people can be. Litterally I had people read the list, sign a document that they read it and understood it, and still I saw mail virii showing up in logs, people having spyware installed, hard drives filling up with crap, etc. You can create all of the lists and provide all of the training in the world, but as long as people think that stupid desktop purple gorilla is cute or they might get to see a pair of t*ts for free, they will ignore everything they have been taught or read.
I worked tech support for an ISP for several years a while ago, and when products like ZoneAlarm started making their way around it was no help.
Even other tech support people came to me everytime a port was scanned, or anything showed up on it. Then those tech support people recommended it to their callers, and the problem got worse.
Of course, 99.9999% of these scans/hits/etc were not attacks and were just routine net traffic. The personal firewalls just builds paranoia of something they don't understand.
no comment
Hackers from the former Soviet Union have been linked to several schemes, including extortion attempts in which they threaten to shut down online casinos through Internet attacks unless the companies pay them off.
\begin{sinister Slavic voice}
You must pay one gazillion dollars to my PayPal account immediately, or I will post a link to your site on Slashdot.
\end{sinister Slavic voice}
P.S. I happen to be a hacker from the former Soviet Union.
One of the sites I created a while back was a mod site for NwN, I had it hosted by a company Called XO Communications since I didn't have a fast connection at my house. After getting a little notice from the NwN community I of course started getting spam - however I also started getting these weird emails from people saying they would sue me for sending them spam. I didn't know what was going on until I got 15 bounced emails from yahoo saying my messages were undeliverable. I hadn't sent the message and I had no idea who the recipients were. I contacted XO and they told me "Yeah this happens occasionally there really isn't anything you can do, but we have proof that it's not from you so don't worry about getting sued."
Well I didn't appreciate that responce so I changed hosts I tried icestorm and I tried globalhost it would be fine for awhile then it would start again - the more traffic I got the more of a pain in the ass it became to explain to people that I was sorry for something I wasn't doing.
In the end I just stopped caring, unless I ever get a fast enough connection at home to host the site myself it looks like this is somethign that will just happen. And as an end-user I have no control over the security of the website since it is my hosting companies responsibility to lock there shit down. And everyone I've tried seems to have the same responce "well its easy to fake where email comes from, sorry your shit out of luck in having people confuse you with ass holes"
Ave Molech Setting
I cannot speak for later versions of Windows since I stopped using them, but I never saw a version of windows that does not force you to completely log off and back on to access privileged functions, encouraging people to run with privileges on all the time, because they cannot just enter the password for privileged activities. Su does not exist, nor does sudo.
Most other modern versions of OS's are significantly better (Lindows early versions were an exception). Just having su and sudo is much better.
OSX has no root enabled by default, and relies on sudo to limit elevated privileges to single operations.
GNU/Linux/XFree86 systems typically give warnings when the user logs in to the window manager as root, give a limited environment with a red background, etc., and on the other hand make it easy for the user to run without elevated privileges most of the time.
And the monoculture is also inherently less even if everyone were to use Linux, because the licensing allows significant derivitive / deviant branches.
Claiming that Linux would be no better if it were as successful as Windows ignores facts.
This is just the tip of the iceberg. I have been on an email team faced with the question, do we allow contents to auto-execute, which actually thought about the problem before blindly implementing it, unlike Microsoft.
Ever hear of load balancing? Microsoft allows users to load balance over many hundreds of machines? Can your precious Linux do that?
Your analogies are false. Before you're permitted to drive a car, you have to go through a training process, learn proper technique, learn the rules of the road, and PROVE YOURSELF COMPETENT in a fairly stressful road test. Many people fail the driver's test a few times before passing (I passed the first time, but then, I trained for the test at an auto school). And, learning about NTSC vs. PAL is more like comparing TCP/IP to the seven-layer OSI stack. Most people, in most applications, won't need to worry about that because they're standardized on TCP/IP. As a television you buy will be standardized for the format your country generally uses. You're building straw men and failing to knock them down.
Another problem with your way of looking at this is, computers were originally scientific instruments for data processing which required a certain level of understanding on the part of the users, who were generally degreed professionals. Computers have been found to be useful for a wide variety of other things, including "sending pictures to grandma" but at their core, they're still pieces of equipment, not toys. When you buy a circular saw or a wood lathe, you read the manual, don't you? And, if you don't read the manual, you fully expect to lose a thumb when you inevitably screw up, right? A computer is much more complicated than a circular saw, so I don't find it unreasonable to require people to actually make an effort and RTFM.
The fact that lazy people *want* it to be a no-brainer toy doesn't actually make it one. The incredible laziness I see in people I meet (and I'm not referring to you, here, just other people I've met) amazes ahd horrifies me. It's like they think picking up a book is going to HURT them...
Farewell! It's been a fine buncha years!
It isn't elitist to say that computers are fairly unique and complex devices. Just because everyone uses one now, improperly for the most part, doesn't mean they should or even can magically becomes television sets with six buttons on the front.
V
What I want to know is what can we do about it aside from choosing another site to get our news from? How can we get our issues to the people they need to. Does CmdrTaco really care if there was MS Flaming in the summary? No, he probably likes it, because guess what, it means more comments. Which in turn means more eyeballs on the ads, which in turn means more money from advertisers.
The quality of this site has been going to hell lately, and everybody bitches and moans about it in the comments, but guess what, NOTHING gets done about it. How can we change that?
Buy Steampunk Clothing Online!
[...] everyday, I get phone calls about pr0n email that she has received. She takes great delight in explicitlly describing the contents of the message, and then pretending to be offended. Then I get the "Why don't you do something about this" statement.
Tell her "Look, lady, I'm sorry if you feel neglected, but I'm sending out as much of it as I can. I'll send you a couple extra tonight when I get home, but after that, I can't make any promises." Then apologize for having misspelled "barnyard" in the subject line.
It isn't elitist to say that computers are fairly unique and complex devices. Just because everyone uses one now, improperly for the most part, doesn't mean they should or even can magically becomes television sets with six buttons on the front.
Good point...but...then they shouldn't be sold as such. If you're going to market your computer/operating system as "easy enough for grandma to use" then it better be easy enough for grandma to use.
Products will have a development cycle that gradually make them more and more user friendly. Remember programming with punchcards? Remember the days before UIs? Computers are very much like cars and toasters and VCRs. All you're showing is an elitist attitude. You are obviously a smart person (and I don't say that sarcastically), and you enjoy having a complex machine to work with. Great. But you make up about 5% of the demographic that most software and hardware companies are designing their products for.
There is a place for complex software...there's also a place for simple software that works as advertised. There _will_ be a computer with six buttons on the front sooner rather than later, because that's what the general population wants. Not everyone is a hacker, and like I said, most companies in the industry aren't getting their profits from hackers like you (or me).
By your logic, a VCR should be just as simple to use a shampoo bottle, and thus, so should computers.
Perhaps a bit of overstatement there, eh? I don't expect my shampoo bottle to safely connect to the internet and send email. But if I purchase an operating system that claims it does that, it should do it. I don't need to understand the engineering behind the top of shampoo bottle to open it. Nor do I need a degree in electrical engineering to play a VHS tape. So why should I have to be hacker to safely send and receive emails?
Whereof we cannot speak, thereof we must be silent. --Ludwig Wittgenstein
Nope. We'd have millions of run-of-the-mill configured-the-same-way insecure-by-default multipurpose Redhat boxes instead. We already have that to some extent now, and have for several years. Yes, the uber *nix geeks and OSS zealots and college students with tons of time on their hands do play around and modify Linux, stripping out unnecessary stuff and making interesting things. However, for the majority of computer users, the computer is a tool. If they're going to run Linux, they're going to toss in a Redhat CD (and that CD could be several years old -- people still run Windows 95, you know), run through the install, most likely pick the "Everything" install option so they don't have to worry about not having something, and then forget about it. Is that bad? Yes and no. That process is only secure if the different consumer-oriented distros make out-of-the-box security priority number one. However, there's nothing inherently wrong with that mode of computer use. Not everybody (ie, almost nobody) wants to spend all of their free time messing around with their computer. They want it to just work.
In the end, if Linux were to become dominant over Windows, you're going to end up in the exact same scenario. And the solution to that will be the same as it is today -- user education and better accountability from the software developers. "Switch to Linux!" is not a solution now, and "Switch to <something else>!" is not a solution for the future.
Prove yourself competent? Oh yeah, that's why Americans are such great drivers. In fact, I'm on my PDA on the freeway eating Burger King. I just finished shaving, so I figured I'd flip through slashdot while I drove. Oh, there goes the cell phone. Now I'll have to turn down the volume on Star Wars which is showing on the dashboard of my SUV.
riding round the world on an old motorcycle
I want to drive my car to work, you're right. I shouldn't need to know every single component and how it works. I don't need to know the tire pressure. I don't need to understand what the gas guage is for or what the speedometer indicates. I ignore the little blinking red lights, too.
Oh - wait - no, I don't. A car requires a lot of upkeep if you want it to work properly, just like a computer does. I have to change my oil every three months (patch the OS), fill up my car with gas every week or so (update AV software), and need to get it inspected every year (reinstall Windows :)). I also need to watch for any error lights lighting up on my dash and need to take action based on them. (Answering AV software alerts?) If it breaks down, I take the car into the mechanic. He knows far more about cars than I do and can fix it properly and safely.
Why should a computer be treated any differently from a car? Because people have been told that computers are "smart" and are only slowly beginning to learn the horrible truth - they aren't. Computers are dumb. They do what they're told, even if it's harmful, even if it wasn't what was meant (Do What I Mean!). They require constant checkups to ensure that "what they are told" is as close to "what they are supposed to do" as possible.
Computers require upkeep, just like cars. Just like cars, doing the upkeep prevents your doing what you actually want to do - and just like cars, regularly maintaining your computer helps to ensure smooth operation.
You are in a maze of twisty little relative jumps, all alike.
Perhaps the reporter just wanted to point out Mac and Unix-variants aren't affected? Mentioning them in a positive light can hardly be too bad, can it?
IMO "the average person" is far more likely to know they _don't_ have a Mac, and therefore assume their computer is affected then to believe that because it doesn't say Windows, they're fine.
"The rogue program does not affect the beleaguered Apple Macintosh line of computers or computers running variants of the evil hacker Unix operating system."
I think, ideally, I would block the saving of any file on the hard drive unless it has certain extensions (.doc,
Our local public library has the following blocks in place with Fortres Grand:
- console apps
- saving exe, com, sys, dll, and some other extensions
- running apps from A:
- the Start Menu, except for Shut Down
- MS-DOS Mode
Add a heavy dose of AV automagically updated daily without their knowledge and which cannot be disabled.Block everything they do not need to complete their job. It's possible.
-uso.
Dreams, dreams, don't doubt dreams, dreaming children's dreaming dreams. Sailor Moon SS
Computers, on the other hand, are designed to be in partial to full control of nearly anything. In their desktop and laptop form, they are extremely generalized, and a skilled person can do all manner of tasks on it, up to and including writing their own operating system for it.
The problem, in my opinion, is the marketing not the computer. It is fully possible, and indeed there are examples, to make computers specifically designed to do non-generalized tasks, such as the one you provided at the end, reading and responding to email. It is the responsibility of manufacturers to make and support devices that do this, instead of selling all-in-one-wonder desktops that can do everything from receiving television signals to crunching gigabtyes of data in some rendering farm in Simi Valley, California.
I completely agree with your viewpoint there. Where I do not agree is that the desktop concept should be reduced in complexity to become a lesser all-in-one, just for the sake of easy of use. That is what specific intention devices should be manufactured for. There is a legitimate need for multi-purpose machines that goes beyond just satiating types like ourselves that like to tinker.
Oh, and by the way, I know people who do expect their raspberry mango shampoo bottles to connect to the Internet, people want it everywhere. :)
In summery, I don't think things are as bad as you make it sound. Yes, they are more expensive, but if all you want to do is email and a little word processing now and then, an Apple works just fine, and is enough out of the way or the mainstream to where you do not need to be hyper-paranoid about security. When you use something that is by far the most popular, and hated, operating system, in an interconnected semi-anonymous world, you have to expect a little overhead in keeping things secure. If hypothetical person A does not want to put up with that, there are alternatives that work quite nicely, even in the realm of specialized devices. I saw a little black box with a keyboard that hooks up to Earthlink that allows you to do email, and that is it. Bravo.
Once the problem with getting good alternatives to the generalized super-machine is overcome, then you really only have the newness of the tech to get over. Computers are a vast thing. Even the most hardcore geek could not claim to have significant knowledge in more than a few branches (or meta-branches,) and there are thousands of branches -- all weaved in such a way to create potentially millions of pseudo-branches through combination. The fact that we have gotten computers to the point that we have, where a vendor like Apple and even some PC vendors, can send out a machine and have a complete novice checking email a few hours later, is pretty impressive (and I am not even going to try and fix that run-on sentence, I get tired just looking at it.)
Anyway, sorry about the glib response earlier, I just get tired of the car and VCR analogies, because a turn signal stick does one thing, it operates a blinking light -- whereas a computer has to have the hypothetical turn signal programmed, and the same physical material that allows the turn signal software to work can be wiped clean and turned into a SETI number cruncher by somebody else. A powerful ability that implies the potential for powerful mistakes. :)
V
Can't I moderate the submission as flamebait?
Is the problem just one of your e-mail being harvested off the webpage(s)? If so, try this:
<script language="JavaScript">
function writeAddress(name, domain, msg) {
document.write('<a href="mailto:' + name + '@' + domain + '">');
document.write(msg);
document.writeln('</a>');
}
</script>
Blah blah blah
<script language="JavaScript">
writeAddress('mymail', 'nospam.com', 'E-mail me!');
</script>
Now you've produced a document which displays links to e-mail addresses, without specifying any easily-harvested e-mail addresses in the source of the document.
!#@%*)anks for hanging up the phone, dear.
Fair enough.
But the real problem from the spam point of view is the negligence of consumer broadband ISPs.
Dialup pools block outbound port 25. Why can't attbi.com, comcast.com, and rr.com get their acts together too?
At present, 12.0.0.0/8, 66.0.0.0/8 (fuggit, I'm lazy!) and 24.0.0.0/8 produce nothing but spam, and I block 'em wholesale.
You wanna run an MTA? Fine - smarthost. The 90% of Windoze luzers with SoBig.* and 9% of 0wn3d Linux boxen don't belong on the 'net, and IMO the ISPs where these boxen reside are criminally negligent in not blocking outbound port 25 traffic to anything other than the ISP's outbound mail server.
Back in '97 I worked for a now non-existant dot com. Back in those days I was a pretty hard core MS evangelist (hallalugha i've seen the linux light now)
/dummies. So whenever we logged into the sun we would be chrooted to /dummies and had no idea that we had been hacked. In the folder level above /dummies was his pr0n ftp site. It took the dev weeks to figure out that one. He would log in, try and try to make changes to the /dummies/etc directory which wouldn't stick because it wasn't the real /etc directory.
/etc directory, but by that time the damage had been done. Our T1 and sun had sent out over a million spams and served over 20 gigs of porn. Our company got owned.
I really wanted to implement some sort of firewall at my work, MS proxy server. Most of our executive and administrative staff was on windows, but our developers were all mac people, and they resisted hard..
One paticular dev was a mac/sun junkie. He went around like a drone (well, I was a MS drone so I guess it's like the pot calling the kettle black) telling everyone that my MS proxy plan was evil and how it would interfere with product development. Eventually he got my plan to implement MS proxy shot down, so there we were on a nice fat n juicy T1 line with absolutely no firewall or protection of any kind.
What goes around, comes around.
We started getting calls and e-mails complaining about us sending out pr0n spam. Turned out someone had been using the open relay on this dev's sparc II to send out his e-mail. Worse yet this hacker had somehow managed to root the box and in addition to using it as a spam relay, he had used it as a FTP site for his porn. The root account was renamed, and our entire directory structure had been copied to a subfolder under
Everything was fixed by dropping into single user mode and fixing the real
The executive team realized that the dev team would never let me implement anything. So they hired another admin with more of a unix background and he put in those little red fireboxes at each of our locations. After that we never had a problem again.
We expect our cars to "just work" but at the same time one has to have some understanding of the need to change the oil, and that the squeak coming from the brakes means that it is time to replace the pads.
There is a lot of maintenance work that requires driver attention and knowledge.
It is much the same with a computer. You may not have to know the internals of fixing it, but you should know enough to recognize that it needs servicing, and know who to take it to when those symptoms appear.
"Cars are nothing like computers." Now he tells me. Does anyone know how to remove a quart of 10W30 from a CPU? The fan was a bit noisy, so I thought I'd oil it.
Pete Carr Owner Chatmag.com
Someone else has provide technical details. This is not run of the mill.
exploit a common hole in Windows, but to indicate that this is a symptom of Windows insecurity with insufficent evidence is unethical.
You can say that wihout laughing? I love you too!
Friends don't help friends install M$ junk.