Slashdot Mirror
The Psychology of Virus Writers
securitas writes "BBC Technology reports on the psychology of virus writers and the work of security researcher Sarah Gordon, who has been studying this area for 20 years. ''The stereotype that virus writers are all young teenage boys with no social life, hiding in their basement is not accurate,' she said. In contrast, she said, most virus creators are typical for their age, are on good terms with friends and family and are often contributors to their local community.' The story is an interesting contrast to a previous BBC report about why people write viruses."
Do virus writers really go to virus conventions? I'd think you'd find people like Ms Gordon, undercover FBI, wannabe 133t teenagers, and maybe a couple former virus writers out of jail and trying to find admiration.
Do you even lift?
These aren't the 'roids you're looking for.
How about running a similar investigation on /. folk?
The owls are not what they seem
"The stereotype that virus writers are all young teenage boys with no social life, hiding in their basement is not accurate" It is quite normal for teenage boys with no social life(something they have no control over) to hide in their basement. I believe it was Linus Torvalds who said that we could alll breathe easier if all these poor people could just get some dates. (someone will probably redirect this to the NYT magazine interview)
10 Bits= $.25
100 Bits= $.50
110 Bits= $.75
1000 Bits= 1 byte
Because it's good business, when you're being paid by spammers to create huge networks of compliant computers.
The kids who learnt how to do this 5-10 years ago are now living off it. For the really good virus writers, it's become a career.
Ceci n'est pas une signature
"Mua ha ha."
The coolest voice ever.
Many of the people writing newer viruses (those that relate to spam) are of a different breed entirely. I personally believe the people responsible for modern Internet spamming worms are more malicious than teenage hackers would ever want to be. These menaces to society consider themselves businessmen. You wish we were dealing with teenage hackers. Read up on Internet spam and viruses, and see this less technical article along the same lines.
they are more and more likely to be working with spammers and hackers, says Paul Wood, chief security analyst at MessageLabs.
"When you see a complex virus," she said, "it's come out of the hacking community."
And these are fucking experts? They don't even know the difference between hacker & cracker?
I hate it when people like that give the word hacker a bad name.
For your average email virus, slap on a SMTP engine, a searcher to grab email addresses, and a semi-interesting email so people will run the program, and bam, you're got yourself an email virus, preying upon people's stupidity.
/. lawyers and people who play one: virus writing is illegal, I know, but is writing a trojan illegal? And if it is, how do you define a trojan?
On the other hand, things that attack vulnerabilities such as buffer overruns, etc are harder because you actually have to do some research.
A question for
Stereotype is a word that seems thrown around an awful lot these days, and it's often used in a negative context. But aren't stereotypes a logical and efficient way of group things (in this case people)?
I'm not saying that every stereotype is right all the time, and some are downright wrong, and have been perpetuated, not out of a means of mentally sorting and grouping, but out of hate or fear.
Anyway, I'm gonna go hang out in the backyard of my white Protestant family's backyard and talk about golf while barbecuing.
Cloud City Digital: DVD Production at its cheapest/finest
Perfectly normal. You suave motherfucker, I like
your style.
I can dig it.
The article says Ms. Gordon has been studying this for 20 years. I think she is the one that needs to have a social life.
Chaos will always win out over order because chaos is more organized
Sure hackers write viruses. The quote actually makes sense or are you claiming that hackers can't write viruses.
Crackers are mostly a subset of hackers.
Bush and Blair ate my sig!
You made me close my account you fucker. You should get IP banned.
i mean, really really sure?
"contrast, she said, most virus creators are typical for their age, are on good terms with friends and family and are often contributors to their local community"
Except, you know, when they wreck other people's property (their computers).
It seems to me that virus writers in general are advanced pyros. I could easily see some guy in his basement loosing a new virus on the wild muttering,"Burn, baby, burn!!!"
Or the next Matrix movie could have Neo fighting a computer virus!
I have never used antivirus program for the last 4 or 5 years and my computer has never be infected with a virus. Actually it is a mistery for me why people execute apparently infected file on their computers and then blame others for their stupidity.
I remember the times when viruses spread around with floppies. It got written into boot sector and loaded into memory when floppy was inserted into drive. Then antivirus programms were necessary. Nowadays, however, it is not a technical issue to write a virus but purely human engineering. Those virus writters have better understanding of average human psychology than I have and they know that average Joe will download untrusted file, or will run the attachment, regardless how suspicious it may look.
Why care about virus writers? They will always be arrond like those who draw grafiti on walls which is a nuisance but not something that any sane man would seriously believe to. Better educate people how to use their computers and whom to trust online.
"The stereotype that virus writers are all young teenage boys with no social life, hiding in their basement is not accurate," she said.
/. posters.
The same could be said about
What exactly does Sarah Gordon claim to be the psychology of a virus writer?
In the older BBC article the first paragraph has her saying that virus writers differ 'in age, income, location, social/peer interaction, educational level, likes, dislikes and communication style', whereas the newer article has her saying that 'most virus creators are typical for their age'.
Has Sarah Gordon changed her mind between articles? (And if yes, should that be pointed out?) Or is the Beeb misquoting her? Or is she refering to 'virus-hackers' in the first article but 'non-hacker virus writers' in the second?!?
People can be typical. And they can be non-typical. But they can typically not be typical and non-typical concerning the same issue at the same time. Or is it just that in the first article she means that virus writers differ from each other? Or what?
The liver is evil and must be punished.
you did it yourself. there is no spoo^H^H^H^Hme.
A "typical" virus writer...
Someone who wants fame... so, therefore, I would opine that they have low self-esteem, be in a job that doesn't get many rewards (apart from income), seeks personal satisfaction, possibly high IQ, possibly asking themselves the question of the meaning of life
Or, revenge seekers, or just misguided in their zealous attempt to defend a view they passionately believe in....
It's true, I'm on the second floor not in the basement.
-Tim Louden
"In contrast, she said, most virus creators are typical for their age, are on good terms with friends and family and are often contributors to their local community"
Couldn't the same be said for most crimminals?
For corporations, all it takes is one guy with a laptop to get infected and bypass the firewalls. You might not be affected, but IT depts are.
Do you even lift?
These aren't the 'roids you're looking for.
And let's not forget about the glorious hardware hackers, hacking their TiVos to have ethernet cards and whatnot.
How do you know you've not got a malicious programme running if you never check? It's not like viruses randomly start games of casino with the stake being your HD any more...
I remember Sarah from Fidonet -- sheesh we must both be getting very old. She was famous in those days for saying "Information is Free", and for being penpals with various Bulgarian virus writers (like the guy who wrote the "mutation engine"). I do believe that she has met more virus writers than virtually anyone else. You will find teasing tributes to her in some of the viruses from the 1980's and 1990's. Word up SaraH; remember me? The guy who sent you the dolphin shirt? G
"Wayne, did you ever think Bugs Bunny was attractive when he put on a dress and played a girl bunny?"
"No! Hahahahahahahahahahahahahahahahahahahahahahaha! No, why?"
"I-I was just wondering..."
make great employees for Symantec and McAfee....
what, you didn't hear?
they make the viruses and the weapons to fight it!
If I had some mod points, you'd get Insightful easy.
(start rant)
Fact is, people, most users are idiots. People run attachments and expect geeks to fix it, all the time blaming someone else for their stupidity.. Seriously, you will not believe the number of times I have been called over by a computer illiterate person, asking whether the Windows prompt boxes on their screens are real (it's really the web page ads that masquerade as prompt boxes). I wish there was some kind of mandatory license to use the Internet; if you know what the hell you're doing, fine, you get to use the internet with no restrictions. But if you fail, a Special Ops Geek Force will invade your home, and lockdown your computers (e.g. firewall, popup blockers, antivirus, etc, that all work automatically). And maybe we can have some fun educating some chicks about computers.
I think ethics should be in the school curriculum, but not just with respect to computers. There are far too many self centred people coming out of schools. And by ethics I do not mean religious dogma; I mean an honest, frank, and thoughtfull discussion of consequential and deontological ethics, without reference to religion.
I'd also like to see First-aid and basic emergency procedures a required part of the curriculum... it really sucks to be the only one at an accident scene who knows first aid when you're one of the casualties.
Firstly, virus writers are people who find challenges in their work; they do it for fun or money; rarely if ever is there a hacker who was motivated to gain their knowledge from feelings of intense hate or greed. It takes a lot of time, talent, and work to learn to hack, and usually somewhere along the line you get a political and social education that, due to the inherently high intellegence you recive, learn to cherish and use.
Case in point, why hasn't the doomsday virus been released? Think blaster accept it turns your computer into a spam machine and deletes everything accept windows and the virus, for example. Any hacker with sufficient knowledge of how to do this also knows that we live 3 meals from anarchy; if the accounting and shipping systems of a major food chain go down because of your virus and can't be brought back up again, the food won't get delivered. What happens to the inner cities and suburbs? The farms? Other countries?
They know if they do this that they are indirectly fucking themselves, and many infact fear other hackers doing this. This is the reason for blaster; to show everyone how insecure the system is and all it takes is one person with sufficient knowledge to start ww3.
Additionally, hackers are extremly social beings. They all come from varied backround but almost all have 2 things in common; they faced conflict at a young age that they overcame, and that they overcame our school system dumbing down intact enough that they still have a love for learning and playing. They love to be social, infact, some 2600 meetings involve people bringing their boxen, and trying to hack eachother to kingdom com, this is the basis of social virus writing she is talking about although some groups may be more militant than others. Some hacker cons also feature this but wherever there's a major con, there is also feds and police but the smaller meetings are unpoliced and patrons (such as stores, becuase face it, they don't hold these at houses that often) usually welcome the groups as they bring buisness. The more friendly groups welcome newbies to learn so long as they don't come too often (even the best of us will go on a homicidal rampage if people ask questions too often, too repeditvly).
What bothers me is how she ends the article "There are much better ways to use your time online." which shows she knows nothing about the subject she's writing about. Do what else online? But crap? Play games? Watch pr0n and jack off, pirate music and movies, get angry about stuff help political movements? Join a irc group circle jerk where everyone else calls everyone else l33t?
Writing viruses is a crucial part of our society, if it weren't for these smaller groups we wouldn't know how insecure everything is and if we didn't know how insecure everything is, we wouldn't be trying to secure it. Take Independance Day (Yea, the movie with all those aliens and ships nuking us). Why did we win? Because the aliens had bad computer security, that's why. People call me nuts, but when it boils down to it, do you want to be safe from the pain or do you want to take the pain full on and if you survive it, will you then learn?
I also had a big problem with this part;
"I believe that with correctly designed curriculum, talking about ethics can really reduce these behaviours," she said, "they need to learn from the first time they use a computer what is appropriate and what is not." .
Oh, so it's wrong for me to figure out what's wrong with a computer and fix it, but it's right for microsoft to lie to millions of people and advertise their OS as secure then bribe judges to be nice to them? This bitch has no idea what she's talking about and BBC by publishing her bullshit has further done damage to the reputation of hackers everywhere.
Finally, to end this on a constructive note, If you want to have a good understanding of hackers and their nature, listen to radio freek america. They do all sorts of hacking on air th
Candy-Coated Knowledge
So true :(
Oh, I forgot:
(end rant)
(begin spelling nazi rant)
mystery - spelled as mistery
(end spelling nazi rant)
Sorry, when I see mistery I keep on thinking mistress or Myst
"For the really good virus writers, it's become a career."
The really good ones work for the government.
I think some distinction must be drawn here between a virus and a worm. It's not difficult to write worms which exploit "features" of Outlook Express. This is NOT a virus. Viruses duplicate via files or disks. Worms duplicate over a network. How hard is it to write a polymorphic VBS worm? Takes about an hour and a half. The Chernobyl virus? Much longer. I also see Blaster as a relatively worthwile piece of code. Exploiting a buffer overflow may be overdone, but it did prove a point... patch or die.
I mod down pyramid schemes in sigs.
I think the error already was made when someone tried looking for a reason. Reasons are conscious acts, the people doing this are not even aware of why they are doing this, even though they "think" they are. This is about natural competitive instincts, but in a different environment. It's a way of expressing yourself, and it will continue as long as these people receive feedback, which is what this article and many others provide.
if by 1 word you mean 3 words, and that's if you consider "Mua" a word, otherwise 2 words. you're wrong either way
It's good to see Sarah still around after all these years. She's smart and definitely had/has her finger on the pulse of the virii community. I'm guessing she doesnt hang out on the AIS BBS anymore?
I'd vouch that some of the best code in existance resides in the internals of ancient virii.
For example I recently read an article describing how to write an exploit to avoid an IDS pattern recognition routine by peppering a NOP Slide with nonsense code. This has been done years ago in several virii.
If I had mod points I'd mod you down as off-topic for all your lame thinkgeek.com links. Did you get paid to post those?
Do what else online? But crap?
write a webpage, setup ftp, http, mail, etc. servers, write a program, improve a program, read slashdot, be an editor for the open directory project, and there's a lot more after that.
Any hacker with sufficient knowledge of how to do this also knows that we live 3 meals from anarchy; if the accounting and shipping systems of a major food chain go down because of your virus and can't be brought back up again, the food won't get delivered. What happens to the inner cities and suburbs? The farms? Other countries?
Kid, critical shit isn't connected to the Internet. It's just not. Web servers don't count as mission critical. I don't think that anybody died because of "Blaster". Hackers are *not* that important.
They all come from varied backround but almost all have 2 things in common; they faced conflict at a young age that they overcame, and that they overcame our school system dumbing down intact enough that they still have a love for learning and playing.
Yeah, you're describing dorks in school that got beat up. Boo-fuckin'-hoo. If you read the article you'd realize that she said that this is NOT the stereotypical virus writer.
Writing viruses is a crucial part of our society, if it weren't for these smaller groups we wouldn't know how insecure everything is and if we didn't know how insecure everything is, we wouldn't be trying to secure it
Insecure from what? Oh yeah, script kiddies telling us how insecure our boxes are. It's a vicious cycle. Security wouldn't be a problem if not for these little spoiled shits with too much time on their hands.
Take Independance Day (Yea, the movie with all those aliens and ships nuking us). Why did we win? Because the aliens had bad computer security, that's why.
That was the most ridiculous movie I've ever seen. That doesn't prove anything. And yes, you are nuts. Fucking nuts if you think that the movie "Independence Day" proves anything.
Oh, so it's wrong for me to figure out what's wrong with a computer and fix it, but it's right for microsoft to lie to millions of people and advertise their OS as secure then bribe judges to be nice to them?
Last I checked, virus writers aren't fixing anything.
Kid, you're delusional. Get a job. Get a life. Get laid.
"Virus writing is not rocket science," she said, "it's undesirable and irresponsible behaviour."
Whatever else you might claim about computer viruses, they sure haven't led to as many deaths as rocket science has.
they now hack FOR the gibson?
People write viruses because they are assholes.
I don't need a Phd to figure that one out.
Anyway, I'm gonna go hang out in the backyard of my white Protestant family's backyard and talk about golf while barbecuing.
1) Your backyard has a backyard? Cool!
2) Golf while barbecuing? Do you have a grill hitched to the back of the golf cart? 'Cause that would be neat, but the greenskeeper might get mad. Oh, you meant ((talk about golf) while barbecuing), not (talk about (golf while barbecuing)). Gotcha.
Bet you thought these would be at least somewhat relevant questions about stereotypes. In the words of Dark Helmet: "Fooled you!"
I want to drag this out as long as possible. Bring me my protractor.
"She is writing about computer issues without knowing the difference between a hacker and a cracker."
There is no difference. To the general public, non-computer-science academics and writers (read: people who define what english words mean) there isn't a difference. Hackers are people who can make computers do interesting, and sometimes destructive things, and crackers are a salty snack food or an ignorant redneck. Sorry, but using "cracker" in the sense of "one who breaks into computer systems" is like "GNU/Linux" it's never going to catch on outside the Slashdot geek audience.
The article was so general! Anyone could have made those statements.
If you know the culture of American women, this is typical. Ms. Gordon uses words like hacker that have no clear definition. This is just someone pretending to be logical and scientific. She is not actually logical. It's like a supermodel wearing sailor suit. The supermodel is not actually a sailor, she is just trying to be cute.
It would be an interesting social investigation to try to discover why Ms. Gordon works for Symantec. Does she have duties in which she is actually useful? Any method of educating virus writers not to be anti-social would reduce Symantec's income. Knowing Symantec, I doubt there is any intention of being altruistic. Why does Ms. Gordon work there? Did someone think she is attractive? Did someone at Symantec hire her in a flight of fantasy?
Ms. Gordon is not a programmer. She has never written a virus. It is safe to say she knows very little about what actually happens inside a programmer's mind, other than what is obvious to anyone who questions.
You know, I was always under the opinion that all the Slashdot operations required two clicks, and checked host-referer so that nobody could simply link to a nasty GET operation.
'course, neither am I going to click and find out (and I don't care enough to make up a test account), but if this works, it's definitely a Slashcode bug.
May we never see th
"In her experience many malicious hackers have a borderline criminal view of the world and do not share mainstream ethical norms....Their judgement processes might be different... as well as their perception of risk and reward."
Well great, more POP psychology to brand us as evil if we demonstrate different "judgement processes", don't share "mainstream ethical norms" or maintream reward systems.
Who do you think built the Internet in the first place, and launched all this disruptive technology that's changing the world? Don't we have enough ignorant techophobes in the way of progress already?
So does that mean that I'm really normal?
Or will I never be able to get my stupid program to work?
Please get over this. I know that there are "white hat" "hackers" out there who want the meaning of hacker to be something different, but you lost that battle a LONG time ago. Ask anyone on the street these days, and they'll tell you a hacker is someone who maliciously breaks into people's computers. You can't change that, just come up with a different name to call yourself or live with the reaction most people will have when you tell them you are a hacker.
"White hat" + "hacker" = Whacker
Read about Scott Atran's Paper on the psychology of suicide bombers.
Unless we take the time to understand and remove preconceived moral notions we put ourselves at a disadvantage vis a vis solving the problem by fixing the underlaying issues
Help fight continental drift.
"They said that true pyrotechnicalmaniac's(the ones with the "brain disorder" which IMO is probably just an excuse to have fun) like to see things explode and burn, not to cause danger or damage, but just because it looks cool. "
Well I guess that explains the Slashdot effect.
So tell me now how Ethics comes from religion? Ethics does not mean blindly following your leaders. You must examine the issues for yourself. A secular ethics curriculum gives you the tools to do that. It does not require you to give up your faith.
Most virus writers are serial killers?
That sounds like the description of a lot of serial killers.
I don't agree with her assesment
In her experience many malicious hackers have a borderline criminal view of the world and do not share mainstream ethical norms.
That's what I'd expect someone from Symantic to say. Because Symantic makes it's money protecting and promoting Microsoft junk, this lady is far from impartial. Good virus writers may be hackers, but blaming hackers for viruses is like blaming people for murder.
Her view of script kiddies is also simplistic and patronizing. I'd wager that most script kiddies' outside the "mainstream ethical" norm's thought process has more coherence and depth to it than her blather.
While I don't write viruses and I don't think they are a reasonable form of protest - the moral standpoint is correct. Microsoft is an evil company that produces and forces shoddy, invasive software on the world. They have screwed their business partners, employees, shareholders and customers. Their vision of computing makes TIAA look small and well behaved. Virus writers realize thses things and point them out to people . They exploit holes in Microsoft software to mail out personal information, drive people nuts with adverts and do other things that Microsoft does themselves. They seek to make the public aware of these practices and flaws and have to shout out and make the user notice. They, as most of us here, believe that the world would be better off without Microsoft. People are better off with free software that protects their privacy and control of their machine than they are with Microsoft. Virus writers are pointing out the flaws directly. In deed, these people go out of their way to do it and have no prospect of rewared other than a job well done. Criminal? Perhaps, but so is Microsoft, the convicted anti-trust and IP violator. Condeming the virus writer as criminal and unethical shows a poor understanding of the class.
Friends don't help friends install M$ junk.
2. Deliberately create and enforce the use of shoddy OS software vulnerable to virus attacks.
3. Deliberately allow the water to boil until the public is going out of their tiny minds. .
4. Quietly start introducing draconian controls to the web. People, if not begging for them, will at the very least be more likely to tolerate such measures. (And, yes, that would be, 'Profit!')
It's getting close, kids. Cuz, you know, Terrorism, blah blah blah.
-FL
That pal you refered to was nick-named "Dark Avenger". I think he quit communicating with Ms. Gordon when she became Mrs. Gordon.
Please, clues rock, look into some.
She's afraid of losing her job so she needs to produce some human interest/tech/psychology story for the human interest/tech/psychology niche in today's conventional publishing business which is under a lot of strain.
:)
So she don't mind totally contradicting herself if the editors don't mind. It keeps the ink , eh electrons, rolling.
Or she's even more feeble minded than one would expect and changes opinions and well studied ("for over 20 years") conclusions easily.
Considering that she works for Symantec all of the above could be true. WTF cares. This is non news by non journalists about non people doing non science. Mkay?
If she did the research that was claimed, wouldn't she know the difference between crackers and hackers?
You know, some of us "chicks" are geeks too.
Lose the attitude and develop some interests outside computers. Chicks dig that.
PS: I would never date anyone who "needed" me to fix their technical and/or life problems. Why would you?
'She said: "There are much better ways to use your time online."'
What she's really saying is that she's into pr0n and downloading music.
why is everybody bashing this Gordon lady, when in actuality it's probably a case of bad reporting? reporters constantly turn peoples words around to get a more interesting "scoop."
at least some people have to good sense to read critically, but you shouldn't assume it's the interviewee's fault.
Sir Arthur C. Clarke once said that the definition of the word "pseudointellectual" is 'someone who would use that word'.
How many people would still write viruses and worms if nearly all computors ran open source OSes?
There would still be some. How many?
I emailed Sarah godron for a article she wrote entitled Don't let your kids grow up to be hackers. I directed her to numurous url's with that more then explain the difference between a hacker a cracker and a virus wrtie. She basicly told me it was some one else's article. And the media twisted the articles word around. Then she also told me that consumers do not know the difference so they make the article as scary and apealing to the idiotic mind as they can.
/crackers and such, Every single one of them told me They did not write the original article it was the works of some one else basicly just using there name. And every single one of them also told me It's what the people want to here.
But my main point is here, Every single reporter that I have emailed about making false claims about hackers
So don't take these articles for what they are the media twists them and re writes them all to make them apear sexier, And non of the so claimed authors are truely the real author.
Yes, a virus writter is just a coder that is bored and wants to try something new. Hey if your system is vulnerable, it aint his fault. This is like saying "the inventors of powder are criminals". ;)
Besides they give job to all thouse nice antivirus companies.
http://securityportal.com.ar
put that in your archur c. clarke pipe and smoke it ya fucking turdgerbil.
...allowing their name to be attached as an endorsement. It's the thin end of the wedge; how many of your principles would something you "said" have to break before you walked?
Ph-nglui mglw'nafh Gates M'dna wgah'nagl fhtagn.
She is probably a psycologist by trainning.
So she may know for what she speaks in a general sense.
BUT... why hire her?
Quite simple even from the early days of anti-virus companys a certan amount of hype was needed to keep in business.
Macafie's early virus infection stats were so inflated some in the field were very scepitcal.
Unix experts were quick to point out that ANY secure operating system would resist virus infection and blamed viruses on Dos having primitive multitasking with out the precaution of security to prevent abuse.
It is possable some Mac users may have repeated this sentiment before the Macintosh had multitasking support of it's own is so it was incommen enough that I never heard of it. But with presure from the compeating Windows GUI the Mac added multitasking and not much later the first Mac virus was born.
Soon after antivirus companys leapped to clame this disproved the Mac clame that viruses were a Dos phonominon and that this proves that ALL systems may be infected.
However the long winded Unix rant on the subject did predict that other operating systems will fall to the same fate IF they folow Microsofts example. Apple did.
In short anti-virus companys used FUD to counter the clame that good os design would thwart viruses.
Years later....
A very dumb design flaw in an obscure Linux graphics libary encuraged users to disable the security of Linux to play games.
Repeating the Unix clame.. "Any SECURE operating system" Not any Unix.. not any good.. The key word is SECURE. With this bug Linux users were disabling the security of Linux just to play games.
A short time later a virus is born.
What happened here is simple. Like MacOs Linux folowed Microsofts example. Only this time Linux removed a feature instead of adding one but it's all to the same results.
Once the virus was discovered it took no time for the PR machine of anti-virus companys to jump on the bandwagon. They declaired the "No Unix virus myth" to be dead and prommised a line of anti-virus software for Linux to be available shortly.
Linux users no matter how stupid do learn. There were no more reports of infection and no anti-virus software was made avaiable.
Both cases prove the original Unix rant yet anti-virus companys chouse to see it diffrently.
Every so often anti-virus companys put out new press releaces clamming a "New Linux virus" when all that has been created was an opinion paper that can be summerised "I think Linux viruses are possable" usually assuming Linux is a Windows 95 clone.
However I think we've seen the last of those articals as sombody pointed out that viruses are obsolete and worms are the future. He has a point.
This makes the virus companys jobs even harder as Microsoft has started taking the issue reasonably sereously.
(They've taken it sereously back when Windows 95 was created. Sereously in the fact that they needed to con the public into believing Windows wasn't a security risk but not enough to actually make 95 not a security risk)
While viruses work fine on a typical insecure system with no actual defects to exploit worms can't infect with out a defect.
But worms spread faster and by the time antivirus software can do anything your already infected.
All antivirus companys can do is provide disinfection software however (ahem HINT HINT) open source software could easly do the same job.
Also worms need to attack a server with a defect so the flaw is not found in Windows itself but an application in most cases one included in the Windows install CD.
If the typical user would remove applications they were NOT using and install updates and keep an eye on the services they were using there wouldn't be an issue.
But as the typical Windows user dosn't do any of that worms are going to have plenty of opratunitys to attack and there isn't a single thing Microsoft can do about it.
Many users eather don't know or don't care. Those that do
I don't actually exist.
Social Examples:
The college student who placed various 'bad' things on two planes
perhaps the leaked diebold memo's
maybe human shields in iraq?
[Fuck Beta]
o0t!
Fact is, people, most users are idiots. People run attachments and expect geeks to fix it, all the time blaming someone else for their stupidity
That is not entirely true. Viruses can enter through JavaScript, Flash, and active-X holes. I have also downloaded some shareware that happened to be infected, probably because the hoster didn't bother to scan their copies of it. And, sometimes the antivirus programs simply miss some lessor-known variants.
Table-ized A.I.
Wasn't the reasoning behind criminal acts such as these discussed in Michael Crichton's The Great Train Robbery? ...just for the thrill of it...
What about doing a story on the "Psychology of people who develop and sell unprotected operating systems".
the psychology of virus writers and Sarah Gordon,who has been studying this area for 20 years.
Talk about people with no life!!
It's funny how people get angry when they see some article about a person doing research about something related to virii/hack/crack, but... why?, does this affect any of us?, i don't think so, and even if someone here is a 'virus writer'... let's code instead of making critics about some field we don't have 20 years studying as psychologists... and i'm not saying she's right, because i really can't say as a fact, just my opinion...
Yet again, it's funny to see how people take this kind of articles in a very personal way, are you a virus writer and you think she's wrong?, ok, so?, what the hell do you care about?, go code something.
PS: virus writing is not easy as some people thinks so, at least when you DO know how to code them in a good way... shall i say: 29a?
blah, Greets.
If not you can't even begin to know how they think without lots of study.
How do you know you haven't been infected if you don't use a virus scanner? It sounds like you're simply assuming that your system is clean. Well-written viruses may not be immediately obvious, especially if they're a trojaned inside a legitimate program.
It is a mystery to you why people execute apparently infected files? Well, it is a mystery to me how you can instantly tell the clean files apart from the infected ones without a virus scanner or a lot of computer training, especially if you download executables instead of going through source code. Not all viruses come from untrusted sources or dumb email attachments. What if a trusted source gets infected? How would you even be able to establish what is a trusted source and what is not if you can't verify the integrity of their files in the first place? Or what if a virus is planted after a successful hack?
And viruses have the potential to do a lot more damage than graffiti does. If a wall gets covered with graffiti, just clean it off or paint over it. Viruses, on the other hand, can bring down entire computer networks, or even large parts of the Internet in the case of email worms, doing damage to businesses if nothing else. And that's just with the public computers. What happens if, say, a military network gets infected? They better be able to detect it and deal with it and not just continue to assume that their system is clean because it appears so.
The best viruses use both the manipulation of human pscyhology AND technical know-how, which is hopefully what the virus scanners will stop. It's not enough to just avoid the obvious-looking ones.
This may be a little OT, but I'm seeing the Taxonomy Kings (and I speak as one myself, who has basically had to learn to get over it for the most part) going off about the difference between hackers and crackers.
Words are not defined by fiat, they are defined by usage. Also, different words have different meanings to different audiences in different contexts ("Fish" means very different things to an oceanographer and a chef; for a chef, it includes shellfish and crustaceans, for instance). I realise it can make debate difficult when the meaning of terms is not correctly understood, and needs to be precise, but sometimes you just need to let go and realise that a word is irrevocably lost to your ability to control its meaning. Even precise technical terms suffer shifts in meaning over time, and adjustments need to be made.
Since ordinary people have a clear idea of what is meant by hacker, and you clearly knew what was meant by it, since you all protested against it, maybe we should accept that the meaning of the word in common parlance has changed from what some nerd said it was 20 years ago.
Perhaps we should take the advice of the much quoted Mr. Montoya - "You keep-a using that word - I do not-a think it-a means what-a you think it means"
SofaMan -- Occasionally Battling Evil With His Mighty Powers Of Indolence.
IMO, the problem is not the virus nor the virus
writer no matter it's psychological profile. There is a natural tendency of humans to form
communities with special practices, sort of religion. It happens that their actions hurt
the interests of a larger community, this is
a statistical problem, it comes from the monopolistic practices that tend to homogenize computing systems. Under these
circumstances when a virus is introduced it
spreads rapidly like a human epidemy. Solution:
diversity of OS and applications.
I remember the times when viruses spread around with floppies. It got written into boot sector and loaded into memory when floppy was inserted into drive. Then antivirus programms were necessary. :) Viruses were loaded into memory only when you rebooted the machine with the infected floppy still inserted. You could very well manage without an antivirus program then if you know not to do such a stupid thing. :)
You should write "vaguely remember", because obviously you were quite young and inexperienced then.
Future Wiki -- If you don't think about the future, you cannot have one.
So, the article was specifically about virus writers as compared to the authors of worms, trojans, backdoors, etc.?
Hardly.
As Slashdot has commented before, the spam industry is probably the main commercial force behind the latest viruses/trojans/worms, not to mention large-scale and sophisticated DDOS attacks on anti-spam vendors.
You are part of the AV industry? And you think you're facing a bunch of teenage script kiddies? God help us all, we're in for real trouble then.
Ceci n'est pas une signature
It is this type of arrogant, self-importance that makes people despise "geeks".
Not everyone is interested in becoming a computer specialist -in fact many people have no clue how the things actually work. This does not make them less worthy of accessing the Internet or using networks to send and recieve e-mails.
It is comments like yours from the oh-so-superior geekdom that makes geeks look like freaks.
Accept the fact that every person has their own talents and abilities - diverse and interesting if you would bother to look up from your keyboard once in a while. Get over yourself already and see that there are better ways to help people learn how to use their computers than by mocking them by treating them as sub-human because they do not share your passion of bits and bytes.
Slashdot readers never cease to amaze me, before attacking an author and downplaying their work with comments like "silly woman" you should actually take a look at the 20 years of continual involvement she has had with the anti-virus community. Sarah is so respected within the anti-virus community that companies feel the need to post a press release just to announce that they snagged her. (http://www.symantec.com/press/2001/n010103a.html) Most of her work on the psychology of virus writers was performed at IBM's Thomas Watson research center. For an in-depth analysis of the research that went into some of her statements check out the following links to articles and award winning conference papers written by her on the subject:
P apers/Go rdon/GenericVirusWriter.html
r s/Go rdon/GVWII.html
i Papers/Go rdon/Avenger.html
s .html
/ SciPapers/VB 2000SG.htm
t xt
The Generic Virus Writer
http://www.research.ibm.com/antivirus/Sci
The Generic Virus Writer II
http://www.research.ibm.com/antivirus/SciPape
Inside the Mind of Dark Avenger
http://www.research.ibm.com/antivirus/Sc
Who Writes This Stuff
http://www.commandsoftware.com/virus/write
Virus Writers: The End of The Innocence?
http://www.research.ibm.com/antivirus
Faces Behind the Masks
http://members.chello.at/erikajo/lminterv.
This is a crock of shit. People, even teenagers, need to be responsible for their actions. Being mad because you can't get a date isn't an excuse to go write a virus any more than it is an excuse to go beat someone up. Now I'm nto saying throw a 15 year old kid in prison for 10 years because they write a virus, but they DO need to face legal repercussions and face consequences for their actions. "But I was frustrated and filled with angst" does not cut it. That line of crap could be given by many criminals, including violent ones.
Now I agree with trying harder to teach kinds social skills. While it is something that mostly has to be learned through growing up in society, a class couldn't hurt, espically for the overly intellictual types. I would definatly support a class or two like this in high school that just helps give kids tips and explains that feeling scared of rejection is normal, etc.
However it isn't scoiety's responsibity to try and force people to date geeks. I speak as a geek who hasn't had a whole lot of dates in my life. However that is my choice, and it isn't up to society to try and find women for me.
Also blaming the companies is trendy, but stupid for many reasons. First, no complex product will have perfect security. Linux is a great example. Quite often a venurability comes out for one of the popular services that needs to be fixed. This, despite them being open source and subject to peer review. Second, a company cannot place security above all other concerns. Often making things secure and easy to use can be mutually contradictory. Yes, it would be secure if all computers shipped with everything locked down and required the user to manually activate anything. However this would piss your average not savvy user off and they'd not be able to use it. Remember, not everyone can be an expert in everything. We don't require people to know how assemble an engine to drive a car, we shouldn't require people to know how to configure a system from scratch to use it.
And finally, my facourite, because we don't require the same of other companies. Before you start arguing, listen to my favourite example: Physical home security.
I can just about gaurentee that your house, like most of them in this nation, has abysmal security. One of the biggest flaws is the lock. The little tumbler POS's from Kwikset that most houses have are nothing. My friend, a skilled locksmith, says he can generally pick those in under 15 minutes, using easily concealable tools. Windows are another huge security hole. A brick is generally all it takes to get through those. Plus, most homes don't even have an alarm system, so the attacker need not even override that at all (and most aren't hard to get around).
Well why? A house is a MUCH more expensive thing than computer software. I mean they generally cost in excess of $100,000 here and I live in a cheap city. Why then, is a few thousand not MANDIDATED to be put towards better security? I mean you can easily get better locks that are very difficult to pick (like Medeco high security locks) even if you stay with tumbler locks. For real security the lock should take a key and a PIN. Then there's those pesky windows. It's not like we don't have bullet resistant glass. Why isn't it used? Put some bars on those suckers too, just incase they have something good enough to defeat the glass. Or again, how about manditory alarms, with alarm circuts back to a monitoring company?
Well why not? Because it's expensive, inconvienent, or frequently both. I have a Medeco lock, since I don't want my roomates giving out copies of their keys. However it also means that I can't either, at least not easily. I have to go to the shop I purchased it at, present ID, and get a key made which takes awhile (it's not quick like those normal auto cutters) and costs me like $15. Or the glass, it's not only costly but very heavy too. Sucks for sliding glass doors.
So, we accept that this is ok. If we want greater security, we can have it, but we don't blame
I'm nowhere near being a biologist but, when we are born our immune systems need to be built up and the more bacteria and such that we are exposed to early on the stonger our bodies ability to fight off infection and sickness becomes. Something as simple as the common cold is a fatal epidemic to a people group that havent beed exposed to it before.
It seems to me that if virus writters hadent been challenging the security of the internet, we would be in a MUCH more vulnerable position that we are today. Therefore the importance of hackers, virus writters, teenage boys with agnst, whathaveyou, to continue working on allowing the internet to develope a stonger immunity to devistating epidemics seems necessary.
As I've said in a previous post. Do really believe that the hundreds of new viruses that get released every month is because of some bored hackers who have nothing better to do? There are many stories of "Men-in-Black" style approaches to out-of-work developers in countries with a large high tech community. Someone shows up at your door with a big bag of money and no identity and asks you to write a particular type of virus, you might be inclined to take the money and not ask too many questions. It's called "Creating the Market".
> Unless we take the time to understand and remove preconceived
/crazy/, etc". I've even seen the word 'brainwashed', in its hollywoodian acception, used to refer to them. What a cosy little way to think about it.
> moral notions
Would be nice, but it won't happen.
Thinking about suicide bombers as crazy fucks is just -WAY- too intellectually comfortable. "They're not like us, son, they're
The truth, which I long suspected and which your link confirms (many thanks for posting it!!) is that they're just poor fucks who are made to feel a strong, emotional sense of kindred with an underlying group/cause, and made to hold that cause above themselves and everything else (with the tacit assumption that the 'cause' makes them better than the rest of the world, you'll note). People -are- willing to believe very strongly in anything, you know, provided that it makes themselves feel that they are 'better'. "-We- will go to Heaven," "-We- are the freest country in the world", etc, etc.
Now I see those of you who think fast begin to twitch. Yep, the above definition applies exactly (and I do mean 'exactly', not 'almost' or 'fairly well') to would-be patriots. They just die and kill a little less (or a little more, I'm not entirely sure), although for the same reasons.
People are born with little gears in their head, you see, that work the same in Miami and in Tehran. You can make this little experiment for yourself: pick someone at random, determine which group they belong to (religious, nation, etc...), and then tell them something like, "I think that <group>'s quality of life is not as good..." or anything like that, as long as it's 1) a personal opinion that 2) goes against the aforementionned sense that their group is 'better'. There are three major ways people can react:
- The wise way is not to give a damn what you think, frankly, since it's just your idea and you thinking so doesn't make it true.
- The intelligent way is to express curiosity about what you're basing your statement on, in case there might be some truth to it.
- The emotional way is to immediately try to disprove your statement without considering it.
Try it out for yourself, and see which way most people react.
Strong, emotional sense of kindred with a group/cause, etc. It works frighteningly well.
No, really, anyone with a bit of wisdom will go back to thinking that suicide bombers are crazy, brainwashed, whatever, but just inherently different from you and I. The other option is just too uncomfortable.
-- B.
This sig does in fact not have the property it claims not to have.
The BBC jouranlist should have done a little more homework and written a story rather than quoting this Symantic employee straight. All the makings of a good story are there, a repeated pattern, many people harmed, a few benifit, and a money trail a mile wide. Blaming "hackers" is lame. Wondering "what kind of person does this kind of thing" is second rate next to finding out who did it. The truth is out there, it just has to be found.
Friends don't help friends install M$ junk.
How's this different from Gator and other malware? How about some of Microsoft's practices, like keeping a database of all the movies and songs you use and selling space on "their" desktop to third parties that spam you later? All spam is evil, using proxies is just a new twist.
In any case, the evil would die out if Microsoft did not make a crapy OS that any 17 year old could break. Give credit where credit is due. All of these problems are Microsoft problems. Everyone told them not to do the things they do and everyone told them this would happen.
Friends don't help friends install M$ junk.
This pisses the hell out of me, the media never uses the correct terminology, a hacker is someone who enjoys working with computers and is good at it. A cracker is one who breaks into computers and screws with stuff. By the CORRECT definition almost all /ers can be considered hackers, with emphasis on the fact that most have not broken into any sort of server without prior permission.
I am a part of a local hacking society, not one of the members has EVER broken into a server illegally or written a virus to harm innocent computer users, and the fact that the media is using the term "hacker" for every script kiddies that does something against the law has imposed a fake genre on all the legitimate people who call themselves hackers. People hear that I am part of a hacking society and automatically call me names in the hallways and bitch about the latest computer virus at me. This is only compounded when I join a chat room on yahoo labeled "Hackers Lounge" and am confronted by a greeting "where the 133t meet" and everyone immediately sends messages to me starting with "how do I hack", to which I usually reply with a similar message as you are reading now. I am writing this in the hope that at least one person will realize what I am trying to say here and stop the madness.
The parent post is not well written, but it does answer the question posed by the grandparent post.
Basically, he says that virus software is closely related to fraud, or is fraud itself. His argument is that there are 4 kinds of users:
- Those who are technically knowledgeable and care about their systems.
On windows, I use the ZoneAlarm firewall to supplement my hardware firewall. I
keep my system updated. I know that a new virus won't be detected by
anti-virus software, because to detect a new virus, there must be a new virus
definition, and that won't be available in the first few days. I don't click
on spam attachments. I don't use Outlook Express.
- Those who are technically knowledgeable and don't care. A friend of mine
said, "Install anything you like on that test system, I restore from a backup
every week.
- Those who are not technically knowledgeable and don't care about their
systems. These people just reformat their hard drives and reload their one or
two programs whenever they have problems.
- Those who are not technically knowledgeable and care about their systems.
This group includes technically knowledgeable people who have users in their
family, for example, who are not technically knowledgeable.
Anti-virus software manufacturers sell only to this last group. The people in the last group don't realize that anti-virus software that runs when starting the computer slows a system. Running the software just after a virus definition update provides some protection without slowing the system. However, the best protection is updating the Windows system, running a firewall, and educating the users. That's because anti-virus software cannot detect a virus if it doesn't have a virus definition, so there is the possibility of being infected by a new virus, even if you are running anti-virus software continuously.So, the parent poster says, hiring someone who may or may not be a psychologist is a public relations move to try to convince the people in group 4 to buy anti-virus software. For that purpose, it doesn't matter if the psychologist actually knows anything, because the lack of knowledge would not be detected by the user.
My experience has been that even poor quality articles show some evidence of the depth of thought of the researcher. Going by that indication, the Symantec researcher knows nothing useful.
It is interesting to note that the grandparent post was modded up to 5 and then back down to 1.
How do you know you've not got a malicious programme running if you never check?
Because you don't do stupid things like click on attachments that you weren't expecting. Not running Microsoft software helps.
That pal you refered to was nick-named "Dark Avenger". I think he quit communicating with Ms. Gordon when she became Mrs. Gordon.
Actually, it was when she became Mr Gordon
http://jesus.everdense.com/
Viruses can spread in other ways. Reputable download sites and/or official mirrors can get infected (e.g. TeamSpeak had this happen recently). The Linux kernel's BK repository was recently compromised (by that I mean the code was compromised at some point and got into the BK repository) and a priv elevation "feature" was inserted for a day or so. There are still users out there running old, vulnerable versions of Outlook/OE, although this most likely doesn't apply to the grandparent (? I lost track). Also witness the recent worms which didn't require user interaction to spread.
Oh, and I use Linux exclusively, I'm just pointing out that you can't be too careful.
I'm no fan of Microsoft and dubious about any attempt to coerce a large block of people into a sigle pigeonhole - that doesn't mean I'm going to buy the "robin hood" stoy over the "criminal scum". In fact, after the recent slowdowns due to worms and the relentless increase in spam, I'm tending rather strongly toward the latter
Don't let THEM immanentize the Eschaton!