Slashdot Mirror
Virus Writers - The Enemy Within
Slob Nerd writes "An interesting read from todays Observer "He's 21, he's got dreadlocks, likes punk bands... and his hobby could wreck your computer in seconds. Clive Thompson infiltrates the secret world of the virus writers who see their work as art - while others fear that it is cyber-terrorism.""
I think this is the third time this story has been posted.
Googled version to NY Times story
Of course, does it really count if the same story appears on a *different* page? Or a different website.
Maybe it's time that slashdot subscribers get a cached version of the story hosted on slashdot. That way, when an editor is about to submit a duplicate story, it'll check for similar articles cached on the site. That way this kind of thing doesn't keep happening. Hell... Slashdot editors won't even have to read slashdot anymore!
Thank you CmdrTaco for rejecting the story I just submitted in favor of this one. And I *know* the story I submitted wasn't a duplicate, or else my web server would have felt it. ;)
You really are my hero.
/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
I've never understood the joy in writing viruses and wreaking havoc.
Xbox reviews.. We think they're funny.
Guys like me warned anyone who would listen. Most operating systems in use today by home PC users are utter crap. I always love speaking about computer security because it's just so fucking important.
But I can't help but feel helpless. Virus writers will get bored again and write another killer virus. These fucking viruses can easily invade Windows PCs and then use them to attack other machines. I don't blame the virus writers -- it's just a hobby. I blame people who LOAD the viruses!
We need firewall education. We need anti-virus education. We need fucking stricter email controls.
I hate myself for saying this, but let's stop being so fucking naive. Windows is a security nightmare and it practically invites viruses in. But most people use Windows, even though there are two families of computers that are much safer -- Apple's OS 10 and the many types of Linux machines. Microsoft has a grip on the PC market by the balls that even the government can't shake loose, and so, like the family that's stuck with an unwanted brother-in-law, we're stuck with Microsoft's Windows and its many frailties.
So stop blaming the virus writers. It's not their fault. It's YOUR fault. By that I mean your friends and family and co-workers need to be education -- and by YOU if no one else will do it. Tell them Windows is a piece of fucking shit, but also SHOW THEM how to avoid viruses. You can't just talk crap and then do nothing. It's more effective to suggest alternatives and best-practices(TM).
Computer security is in a poor state of affairs, but (relative) geniuses like us can help things. We really can. Just put Linux down for a fucking second (yes, it's better than Windows) and show your mom how to avoid catching viruses.
Reply or e-mail; don't vaguely moderate. Ex-O'Reilly/MIT employee, now a full-time Google employee.
Virus writers, while technically skilled, are complete dumb butts for using their skills in ways that are harmful to society and businesses, even if it's not their fault that it is easy to do thanks to Microsoft. They'd be better off using their skills for something more productive.
thisnukes4u.net
"a dangerous thinning of the internet's gene pool" well i guess that sums it up pretty well about microsoft. Using microsoft is like inbreading.
30% Troll, 50% Underrated, 10% Interesting
Score:5, Troll
And the technical side of the article is a pile of shit as well. Virii don't "reprogram parts of your computer". Script kiddies generally don't download virii, but trojan clients.
End - Breeding
It's where the family tree doesn't spread out,
but the ends of the branches meet up.
Think that's code for "From the >/dev/null dept."?
Whenever I disassembled viruses or worms, I had to scream. Even in the good old DOS-times and even with bootsector viruses, where size was an important factor, they were simply horrible written. (i.e. unnecassary bloated)
While some may imply in their posts, that virus writers are technically skilled, I've yet to see a single example of beeing better than the avarage bad programmer...
Maybe you like to think that guy is "in" you, but believe me he is not in me, and never will be!!
It's not like I don't have appreciation for the fine arts, but this is taking it too far, it is almost to the extent of patronizing virus writers.
Ok fine, what if someday, a student doing research in microbiology decides, just for the sake or fine arts, I'll release a mutant plague bacteria...
I guess my initial reaction was fsck 'em. Fsck 'em all. However, it could be suggested that they have made corporations and governments aware of many intrinsic insecurities in certain popular operating systems which may have prevented some larger potential catastrophe. The problem for these guys, is that we will never know and they will continue to be reviled and hated as losers. (That is unless they are talented enough to score a job with Symantec, the NSA or some other organization dealing with comp. security.)
(karma whoring is nice?)
This space is intentionally staring blankly at you
With quotes like this: 'This guy,' he proclaimed, 'is the best at Visual Basic.' I really understand the level of these guys... Show me an 1 k, auto-replicating, ASM-written worm spreading like the lightening through an undocumented hole and I'll be impressed. These are nothing more than wannebe punks.
And here I was, with my coffee and breakfast all ready to read /. till lunch :(
Next story please!
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
Maybe if the government or anti virus companys made like an online virtual internet for young people to upload there virus into this "virtual internet" to watch it spread and make a game like point scheme or something along the lines there wouldnt be much havoc online , I think it is mostly boredom that virus creaters do this for!
Yes, users bear some responsibility for viruses' spread. Yes, I'm all for education of users. I work in tech support, believe me I'd love more educated users. Usually, I'm the one giving the basic lessons in the difference between a hard disk and a CD-ROM drive.
But the lion's share of the blame has to rest on the virus writers' collective shoulders. The vast majority have no pretensions of "educating the masses," or "simple curiosity." No, most of them just want to either a) screw people over for the hell of it, or b) get their (hopefully anonymous) 15 minutes of fame. These are the same types of people who will eventually be hired to write adware, spyware, and spamming apps. They are not heros. They are not admirable. They are degenerates and sociopaths, and they gives nerds and hackers horrible images with the very same "stupid users" that we have to interact with (and often get paid by) every day of our lives.
Xbox reviews.. We think they're funny.
First time from wired... it's a story.
Second time on NYT... it's a dupe.
Third time on the observer... it's a trupe?
-Colin
Isn't it amazing! Everytime Amsterdam Vallon posts, two minutes later some AC posts a "MOD PARENT +1 INSIGHTFUL" add-on. It's uncanny!
Boy, I'd love to be the author of that article. He just keeps making money selling it over and over again. In addition the paper's owners must take note of his name when it draws a metric herd of slashdotters.
::Walks off to write an article about virii::
-Colin
Geez. they're galled adverbs...
"horrible written" -> "horribly written"
"good written" -> "well written"
"unecessary [sic] bloated" -> "unnecessarily bloated"
---- It puts the lotion on its skin or else it gets the hose again. It does this whenever it's told.
Sorry, no, all my computers run Linux, FreeBSD and Mac OS X.
I wish that, just for once, articles aimed at the public would be a little more accurate."
"He's 21, he's got dreadlocks, likes punk bands... and if you use Microsoft software, his hobby could wreck your computer in seconds"
that would be the felonious payper liesense softwar gangster stock markup fraud hostage ransom execrable aka unprecedented evile et AL. there is is butt won ?cure? for it?
consult with/trust in yOUR creators.... get ready to see the light.
Umm. Slight absence of any mention of virus writing for profit: there's enough evidence that a number of recent virii were mainly about installing SMTP Relays on infected machines to propogate spam, or leaving a backdoor open so that this could later be done.
4 23258&mode=nested
0 51056136
Or else installing DDOS software aimed at Spamhaus servers, or leaving backdoors open for same.
So. Art: Check. Vandalism: Check. Profit Motive: Check. Insubstantial "infiltration" by journalist: Check.
Ferinstance
http://yro.slashdot.org/article.pl?sid=03/12/03/1
- Oops. There goes Spamhaus
http://securityresponse.symantec.com/
- most of this week's crop install backdoors.
http://www.groklaw.net/article.php?story=20040221
- Your IP Addy for sale to a spam-merchant near you...
Well, actually terrorism is using threats and violence to force someone to think or behave as you want.
Common virus-writers are more like random violence, they do not use to pursue economical or political agendas, more usually want recognition inside their own community.
I, for one, am fed up with this ciber-terrorists media propaganda.
DON'T PANIC
Stop clicking on email attachments and the problem almost completely goes away.
Virus writers prey on the stupid. Harsh, but absolutely true.
Since when is Iron Maden considered punk? Geesh, pansy...
---- Booth was a patriot ----
Then come over and install your friendly little programs on my PC. You can do so for free! No more annoying "distribution" anymore, you just come here, install your friendly little program and leave*, that is all. Sounds like a deal? Tell me in advance, because I might need to buy some essentials** for your visit.
* Might or might not involve a hearse.
** Like a toe tag and body bag.
Hate me!
That's usually the case with any subject! Every movie, documentary, or article that I've seen or read and have had personal experience with has been a load of bunk. I've been interviewed for numerous newspaper and magazine articles and they very rarely use any of my quotes in context. They'll usually intentionally remove the context to twist words to mean whatever agenda they're trying to push.
My personal experiences with the media have basically ruined my ability to enjoy anything anymore. Since I know for a fact that virtually every story I've contributed to has been embellished by the authors to increase its entertainment value, I assume that any story that's been done about a subject I'm not personally familiar with has been tainted as well. And, most of the time, I'm correct. A simple five minute Google or encyclopedic search on the subject gives me more accurate data than the story that I'm following up on.
PepperHacks - Hacking the Pepper Pad
http://www.spth.de.vu/
- bram
It appears to me that overcoming human nature requires more than education.
You're assuming they see society and businesses as good things. Americans, five percent of the world's population consume a third of the world's resources. I mean, you define yourselves as consumers, plagues of locusts do little but consume and replicate. Maybe these guys are the good guys and you're the bad guy for supporting a parasitic society.
Government of the people, by corporate executives, for corporate profits.
Here's a link to the first paragraph.
Is this a copyright violation ?
-- You see, there would be these conclusions that you could jump to
Hey, wouldn't you rather write spamware, adware or whatnot for profit than be out of a job cause your last one was offshored? I sure as hell would. I'd still prefer writing Unix server code, but hey, these are hard times and you take what you can get...
Does everything include nothing?
way to name names in the article.. quick google search on them and you only get about 40000 worthwhile virus writing sites.... well, at least as worth while as they could possibly be i suppose.
guess they were just dying for the publicity...
I did find it funny how those guys were so hep to VB, i mean, i know its like totally sweet and stuff, but jeez, you'd think one of them had just like totally flipped out and killed somebody, for no reason, just because...
When Mario is bored, he likes to sit at his laptop and create computer viruses and worms. Online, he goes by the name Second Part to Hell.
I suggest a new handle for Mario - Two Sandwiches Short of a Picnic
In this world nothing is certain but death, taxes and flawed car analogies.
Cracks are not.
It's easier to destroy than to create.
Why did GEAR crush RDP?
On the whole, a very interesting article on a social level. But on the technical level? complete BS. mpegs infecting computers? Although I suppose it could be done, not by the kinds of programers the author is talking about. Some of these sites should hire /.ers as editors. It'd help keep articles accurate from a technical point of view, and keep readers informed correctly.
(and maybe people would point out that Iron Maiden isn't punk.)
Skill is successfully walking a tightrope over Niagara Falls. Intelligence is not trying. -- Anonymous
Lets face it, without viruses alot of the flaws in our operating systems would still be open today, then hackers would have free reign into your system without your knowledge. More and more people wouldn't be using firewalls, more people wouldn't be using anti-virus software. Lets face it, the internet is still very fragile, remember way back in 1988 when one worm took down the internet, that can still happen today sad to say, but we are more knowledgible of how viruses use our software to do moreso now than anytime before. Microsoft is trying to change to that operating system where everything has to use their new .NET infrastructure so security will be tigher, not just in their operating system, but also in the applications third parties write. However, I know from past experience with Microsoft, they will end up trying to be backwards compatible and end up inheriting all those problems from before. But perhaps this time they will use their new purchase of Virtual PC to implement those backward compatibility environments totally away from their new operating system. But somehow I think Microsoft will end up even implementing that badly, because they want to give their users so much ease of use and cool features they end up shooting themselves in the foot, allowing people to use their own gullibility to weaking Microsoft's operating system. This same thing can be said about alot of operating systems out there trying to mimic them to some degree.
Microsoft markets its products to less expert computer users, cultivating the sort of gullible victims who click on disguised virus attachments.
Woefully accurate, if the users I've admin'd for are anything to go by. We need to encourage people to think about what they do when they use computers, not oversimplify.
Ph-nglui mglw'nafh Gates M'dna wgah'nagl fhtagn.
Re: AIDS
I doubt people are getting less educated about it over time.
DEVELOPED WORLD CENTRIC COMMENT FOLLOWS
They are, because the sexually active teens of today missed the hype in the eighties. The potentially infected population has become less educated.
1. Cooking*
2. Cars
3. Boats
4. Trains
5. Swords
6. Guns
Just because you do them, doesn't mean you test them out on innocent people. How are these virus writers any different?
*Applies to slashdot readers, only.
Actually, I think that's a terribly wrong-headed attitude. While we might *have* to encourage users to think, we *should* be encouraging developers to produce better code.
We should be striving to create systems that just do what the users needs them to do without requiring the user to jump through hoops or take a course entitled "Best Practices in Computer Security". I don't need to be a mechanic to drive a car, I don't need to be an astronomer or astrophysicist to look through a telescope, and I shouldn't have to be a network security expert just to surf the web and send & receive email.
It is very definitely Microsoft at fault here and not the 'less than expert computer users'. After all, if they made the product to suit those users instead of just to sell well to them, the rest of the world would have far fewer issues.
...virus writers get chicks
punk music is a virus.
fact: microsoft > linux
Since when were the Deftones punk? If the media were actually accurate in its statements, there wouldn't be half as many misconceptions in ths world.
They're not even skilled in doing harm. I mean, look at the payload of recent viruses - yawn.
How about something with a little bit more social impact, like grepping the hd for pron-related keywords. Oh, and mailing the file list to Outlooks adressbook, of course. Stand back and watch the country go up in flames...
This exact same story has been posted many many many times before... He's not a virus writer for crying out loud...
integrity has to be earned and maintained continuously.
If you think teenage punks are the ones writing all the virus you're in for a surprise.
Someone needs to do some serious research and see how many came out of Norton Lab.
It's easy to blame some kid playing a guitar in his bedroom. It's another thing to hire a lawyer and blame virus scan companies.
Sholdn't be there Karma penalty for posting dup...triplicate article ? Isn't it amount to trolling ?
Thanks.
What about the software coders fault? Nah. The truth is that it's a combination of all these 3 combined. The solution? Make secure software, inform and teach new and not so new users. We've known that for years. It's like safe sex. Everyone knows about it, but some people just don't worry.
We should have been
So much more by now
Too dead inside
To even know the guilt
Guess that means Im perfectly safe to have around.
- evil grin -
This is the third time this article has been posted as noted by previous posters. We're techies, I'm sure there's a solution to eliminating dupes. One suggestion: Keep a database or the title, author and URL (and maybe other unique info). Whenever a new article is to be posted, check to see if it has already been posted.
-----------------------------------------------
Unix _is_ user friendly, it's just particular about who its friends
Linux is a hobbyist system, impossible for the vast majority of users to safely configure and operate.
The Apple products are excellent, though fantastically overpriced. When my Compaq laptop died last month, I thought about spending money on one of the new Apple laptops (my current Apple laptop is quite slow) but quickly found the new eMachines with the mobile 64-bit Athlon chip plus a Radeon 9600 card for less than half of what a similar Apple would have cost me. It's not reasonable to tell people they need to spend twice as much money when they could largely solve the malware problem by running a viris scanner and using alternatives to IE and Outlook.
The New York Times Magazine a little while ago had a slightly more insightful article which also interviewed the dreadlocked guy and Phil3t0aster and stuff, additionally taking a peek into the culture of virus writers and script kiddies. I don't know if they put their magazine stuff online, but it was a good article.
"All it takes to fly is to hurl yourself at the ground... and miss." - Douglas Adams
I'd describe this article as glamorizing virus writes rather than patronizing them. If I was 15 years old and didn't have any friends that article would have been highly motivating.
I'd really rather see the New York Times Magazine cover an open source project. Mplayer would be a good one if they absolutely couldn't avoid a little controversy.
Let look at a lot of these exploits, they generally are .scr, .vbs, .bat, etc files. By blocking these attachments by default you're going to avoid most attempts at compromising your machine.
.exe to zip it because your mailer doesn't support executable extensions. If you get a bounce back or a message saying "I didnt send you an .exe" then you can safely assume the file is no good and just delete it or set your mailer to auto-delete.
Sure, this is old hat to slashdotters, but I think it would behoove all email client writers to do this by default as MS does now. Now, that leaves us with macro word/excel viruses, other exploits, and the zip files themselves. The first two can be taken care of by a competent virus scanner or system patching and the latter forces the user to open the zip archive thus revealing the true extension (most compression utilities do this) and copies the file(s) to some location thus giving the virus scanner more of a chance to check the thing for viruses.
Its far from a perfect solution, but it will make people sensitive to file extensions and file types. It will also save disk space and bandwidth by compressing attachments (or even the message itself). Added functionality can be added like signed zip archives, AV hooks into zip programs, etc. Heck, the zip format already provides a cross-platform encryption scheme. Sure its not 3DES/RSA or anything, but it sure beats nothing (especially for those worried about sniffing).
This is essentially the setup many of the companies I work with have. You get your pdf, doc, xls, etc but anything executable is either deleted or quarantined. I don't see why email clients written for residential customers can't do the same.
Data loss isn't even an issue, the worst case scenario is asking the guy who sent you that
This can be done in three steps:
1. Implement auto-zipping. Geeks and security sensitive people will probably enable this by default. Or it should be default with newer version of mailers.
2. Once a significant amount of traffic is in the zip format set your mailer to reject all executables. It also could auto-remail the person sending you executables. (this may be exploited by spammers looking for live email addresses).
3. Watch zip vendors work closer with AV vendors to provide better protection from viruses in zip archives.
A Good laugh, i reccomend giving this a read.
Highlights include:
His friends finally arrived with a fresh case of beer and his blue eyes lit up. He flicked open a bottle using the edge of his cigarette lighter and toasted the others. A tall blond friend in a jacket festooned with anti-Nike logos put his arm around Philet0ast3r and beamed.
'This guy,' he proclaimed, 'is the best at Visual Basic.'
This is another case of an idiot reporter meeting an idiot kid with vague knowledge of virus, vague reporter fearing that he will get 'hacked' and writing it up..
I'll have some sugar and cinnamon on mine!
Why don't mailers just forbid executables by default?
Not by looking at extensions, but by looking at the header.
Who ever needs to send executables by mail?
Not the millions that do get infected by viruses now.
I don't see the need to zip them. Just reject them.
Maybe setup some new service for "shared data" on Internet (has existed before) where you can put the executables that you would have otherwise mailed. Of course, virus-scanned.
"Linux is a hobbyist system, impossible for the vast majority of users to safely configure and operate. " Yes, we all know how hard it is to stick the "Live Eval" cd into the drive, then reboot and be in a fully working linux system... must be terrible for most users to try this... Not happy with live eval that auto-detects and would do email and internet virus free? Fine. Stick in a copy of Suse, or Mandrake. Reboot. If the average user cant follow along with clicking "Next" and what software you want by checking the box next to the catagory (games, internet, advanced, multimedia, security, science)... then the average user doesnt belong using the computer in a first place because their a moron.
~~ Please keep your arms, legs, and outright stupidity inside the ride at all times. Thank You ~~
How many more times does that article have to appear in newspapers before it's considered a virus? ;)
Some of these kids are quite smart and would have a bright future if they stayed on the rails. Prison will not correct them. Shame and pain will.
Therefore, I propose we whip them bloody in the public square, then let them go.
-ccm
Too much Law; not enough Order.
Are you kidding me? Say I get bored and decide to learn to be a sharp-shooter. Who do you blame if I decide to go out and practice on live moving targets in crowded areas? By your logic, you blame the people I take out for not wearing bullet-proof vests. Just because I got bored and decided to shoot people doesn't mean that I'm in the right because they didn't protect themselves. If these virus writers release their virii for the sake of "testing" them out, then I say they're lazy and don't feel like coding a proper testing environment to simulate infection. It'd be a hell of a lot harder than just posting their code to a newsgroup or something.
Saw a girl at school the other day wearing a good charlotte t-shirt and a clash wristband *(insert rant about hot topic here)* i wanted to club her in the head with something and demand she name 3 clash songs besides should i stay or should i go.
"Sic Semper Tyrannosaurus Rex."
The PACS system (digital X-ray reading monitors) at the hospital where I work caught Code Red last year, and was down for a day or two. X-rays were being read on printed films just like the old days. Slowed everything down significantly. I don't know that it directly affected any patient's health, but it certainly could have.
-ccm
Too much Law; not enough Order.
I have no "l33t sk1||z", I only can write assembler code, and recognize badly written one.
(And while I often could not stand the temptation
to make things 'better', non of it ever left my
sandbox machine, and never will...)
BTW still any adverbs missing?
We already saw this exact article two weeks ago.
Score: -1, Troll
He calls VB a computer language.
He's using Geocities as his web host! What a 1337 h@xx0r!!!!
Crushing dreams at the speed of sarcasm
Outlook Express automatically blocks any attachments which could potentially be viruses. But then the users get annoyed and uncheck it.
Crushing dreams at the speed of sarcasm
Iron Maiden is not punk.
The pix with the yellow background. Fits the topic. Yellow journalism.
Looks like a real gomer. These folks are not living on this planet. I mean the one's who write this tripe.
Welcome back, sweetie. I missed you sooooooooooo much!!!!!!!!!
Quit using MS Outlook. It's address book is a well written virus cannon capable of well-aimed bursts or scatter shot that can cover the globe in days. Outlook Express is no different. It may be a crippled version of Outlook but we all know it's cannon functions exactly the same way. ;-)
Linux with kernel panic...
MadPenguin.org
but what do i know, i'm just a model.
fuck you
Why should you? They have shown over and over again that they can do it if the OS is silly enough. The trick is to encourage them to write them, just like they think the to trick to releasing is to post it on some bbs and hope somebody else sets it of.
Really they only need to encourage and give some praise to the ones that do something that is good for av companies.
The only reason these kids create virusses is because they are rewarded to do so. Reward them with praise and some admiration and presto: another virus writer born.
This space is intentionally staring blankly at you
While this article is dated today (2/22/04) in the guardian, it appeared at least a couple of other places a couple of weeks earlier:
The Impact Lab Some place called "sofa. rites de passage"And in the NY Times 2/8/04 ($ required):
The Virus UndergroundMark
I find it interesting to note that all these worms are recognized as malware only because they cause a massive amount of traffic from their replication. If someone were to write a worm that spread through email, but rather than mass-mailing at an enormous pace, sent one email every hour or so, I wonder how long it would take the computer security industry to recognize it for what it is and fix it.
There are Indeed some Reasons why critical systems should be isolated.
That will happen if you skip step 1.
Not to mention the zip program can just download md5 sums and check for known popular viruses without all the overhead of actually scanning, repairing, etc that AV software has to do.
And we can give it a catchy slogan, "Don't click unless its a zip!"
the rewriting of the harddrive is easy (look a one-liner)..it's the installation part that is kinda tricky
Sounds like we now know who to send the mobs with torches and pickforks after.
I'm an American. I love this country and the freedoms that we used to have.
He hangs around with Scooby-Doo now.
Online, he goes by the name Second Part to Hell
That's not a valid nickname on DALNet
'This guy,' he proclaimed, 'is the best at Visual Basic.'
now i'd take that would be a damn insult.
'Best At VB' = 'Best at Reading Books For Under 10s'
WTF did microsoft think they were doing tooling a programming language for the feeble minded with such power. VB should be left at what its best at, database access and crappy UIs
I don't get why are such activities called "cyberterorism". It doesn't directly hurt or kill anoyone at all, except machines. "Cybervandalism" sounds less hysterical and is more to the point. Anyway, root of all evil is Microsoft's low-end software (e.g Windows, Office, IE).
I'm not insane. My mother had me tested.
your typical attention seeking morons.
I mean, come on, VB for gods sake ?
Does anyone remember why BASIC was called BASIC ?
It's BEGINNERS all symbolic instruction code. Like it says, it's for beginners and no-hopers that will never be able to write good OO or structured code, or for people who don't yet grasp that the computer stores data as a series of 1's and 0's.
There is nothing smart about a keystroke grabber. Hell, we were doing this 15 years ago on dumb terminals connected to Vax's via terminal servers, and in those days it was trivial too.
These kids don't do anything positive because they can't. They wrap themselves with other gloating morons ("this guy is the best at VB") - helluva compliment I'd never like to get.
And how the fuck does this virus sit in your registry after it just formatted C: ?
I suspect these kids are just piss poor script kiddies that have all chipped in the pocket money to get a 384k DSL and invited the local rag round to watch them gloat, get drunk on a can of cider and agressively smoke (and them presumably puke everywhere)
Not that I'm a fan of Microsoft or anything, they should tighten up the code (the worst is yet to come - source in the wild), but these kids are not "dangerous" but just a minor irritation, a boil on the ass of civilization if you please.
IIRC posting, writing, or keeping copies of instructions for making bombs is illegal in the US. Why? Because bombs harm many people and do lots of damage. Viruses should fall under the same catagory.
Yes, virus writers are rather skilled compared to their counterparts script kiddies (and even worse click kiddies). I don't care how skilled they are, they can put their talent to other things.
The art behind virus writting is make it do good things in a few lines. Put that talent to work on opensource software. Imangine if some of these people got together and worked on the 2.6 kernel for linux. Maybe it would have been out 6 months earlier or it may have some more advanced features.
There are many things they can do, but the fact is they should not write viruses or even post the code/instructions/tools for making viruses anywhere.
IMHO
~ryan
Nevermind the technical errors and undue hype he's trying to promote with this story...
Everyone's missing the point here:
The author called the Deftones a punk band. I move that this man be fired from life.
I can sympathize with anyone working in IT when a worm or email virus starts mass propagating. It's no doubt a pain in the ass to deal with when your network is getting hammered. In that sense, I can understand why someone would want to see the writers of these programs flogged, imprisoned, gangraped, and so forth.
Personally, I'd rather see just one vicious email virus rip through the mass of click-happy idiots that cause these epidemics. Every major case thus far has been, at most, a minor inconvenience at the enduser level.
After losing their entire system to one of these viruses, something tells me the number of people that go about clicking every attachment they receive would significantly decrease.
Before anyone bleats about the innocent suffering: too bad. Do children ever listen when they're told not to touch boiling water? No, they only learn it the hard way. But the one advantage is that it's a lesson not soon forgotten.
WTF has writing a virus got to do with terrorism? This is something I have never understood about the current USA fixation.
I would certainly agree that it is a crime - even an economic crime. It might even be the same sort of crime as Enron and the like. Not quite in their league though...
Certainly the writers of these are dirtbags but I don't se them as the same sort who blow up busses or seek to take away our legal freedoms from illegal police actions.
I'll see your Constitution and raise you a Queen.
I'm sorry, gang.. I thought this was /., where I was kept on the bleeding edge of geek news that was important?
/.?
What's that, you say? It IS
How very peculiar.. because I could have sworn I've seen that story on here before. A different URL, probably - but that's not surprising, as it was a good article.
Rob - if I post a cached copy of the story on my website, will you repost this in about 10 days' time?
(Yes, I'm pissed off - today's postings have been pretty asinine, between this and the H2G2 movie news that wasn't even sourced outside of IMDB.com. Go ahead and demod me, I don't give a fuck today.)
They are, because the sexually active teens of today missed the hype in the eighties. The potentially infected population has become less educated.
No, he's right. They are educated, they just don't care. That's why they're having sex in the first place, because they don't care that adults are telling them that they aren't ready.
Grow weed, it might be less illegal and certainly less destructive.
You really do have an interesting point. If sending a virus to my computer can be called art or intelligence or cleverness, then can kicking in the virus writer's knees be considered art or cleverness? After all, the kicker is just exploiting a the weakness of the kickee, in the same manner that the virus writer is exploiting a weakness of someone else. It would be artistic because it would be sending a message, & it would displaying the human body in a way that isn't usually done. It would certainly get the kickee to think.
testing out my trending skills
Blaming is more fun, of course.
Fixing the problem requires stepping back and noticing some root causes.
WHY do we have a situation where a quick double-click can destroy a software installation or transfer ownership of the computer to a spammer?
Imagine a comparable situation in meatspace. Imagine a chemical plant with a big red button on the main floor which would set the plant on fire and release poison gas in the nearby city.
Management might try educating the workers, putting up signs saying "don't push the big red button", disciplining workers who bump it accidentally, and so on. The fix is not to have the stupid button in the first place.
Our situation on computers is even worse. People have to double-click attachments all day to get their jobs done. It's as though the big red button were small, green, necessary, and only destroyed the plant one time out of a thousand.
The most solid fix is to run MUA's chrooted or under systrace jails. The next best is sensible defaults that don't allow executing candy from strangers.
>Windows is a security nightmare and it practically invites viruses in.
There are probably installations out there that still execute active content in the Preview pane, allowing things like Klez to spread without any user action other than looking at email. Trying to compensate for that with user education is, well, ambitious.
This can already be done in Outlook XP. Save the following to a .reg file :
Windows Registry Editor Version 5.00[HKEY_CURRENT_USER\Software\Microsoft\Office\10.0
"Level1Remove"=""
Intelligence shared is intelligence squared.
That realization eventually dawns on us all. The mass media is a soul-destroying vampire. Great post.
sig under development
has the article author created a worm, making the article spread from paper to paper? If that's the case, then I guess slashdot is the open relay making it possible.
Hofstadter's Law: It always takes longer than you expect, even if you take into account Hofstadter's Law
just like you are a consumer now (not a customer). it's part of the process of convincing people/marketing to people that businesses are people. that business is part of everyday life and that they can be hurt unjustly just like people. Unfortunately, business rarely die due to terrorism (bankruptcy/insurance anyone), and they dont have to rely on trial lawyers when their rights are infringed. By suggesting that hurting business one is commiting an act of severe violence the media/business community continues to expand the view of businesses as everyday 'people' when in fact they are their own class of immortal citizens (i believe i stole that from chomsky, shrug)
All your preview button are belong to Hello Kitty.
Dead right.
I recently fixed a friends XP box. It was crwling with, literally, hundreds of viruses and worms - his email "victims" were getting seriously pissed-off with him constantly sending them the same crap. Of course, he didn't have a clue what was going on. Yahoo would tell him that this attachment may be dangerous and he would go ahead download it and click it anyway. He just didn't understand. His business associates were phoning hom daily to tell him to stop emailing them but he simply ignored them all. Until his machine just packed-up and died.
Took me 2 days to revive it. (I took him off the net and he doesn't touch the computer anymore. Best thing all round, I think)
sig under development
Virus writers are just bored amateurs by and large. The stuff they put out is so crap it barely works. The only reason it is a threat is because of the attitude of Monopoly$oft & the fools who use their crap. Ahh I feel better now...
[Gentoo is hyped. Modded into the ground to suppress opinion]
The only interesting thing i found about this article is that I first found it in last week's New york times magazine, and the article this story links to is from UK's Observetr. I really wasn't aware that magazines reprinted each other's material.
You always point your finger at the bad guy, but what if the bad guy points his finger at you?
It appears to me that overcoming human nature requires more than education.
Historically, I believe it has required a gun.
And yes, education rates about AIDS are falling. There is no reason for any educated person out there to get aids through volentary sexual contact. The responsibility for educating citizens falls upon governments, but in my world, everyone is responsible for their own choices.
..don't panic
'This guy,' he proclaimed, 'is the best at Visual Basic.'
Not exactly the most prestigious skill is it?
"This guy can tie his own shoes like nobody else"
AOL?
Whoever modded that down is an utter fool. That was brilliant.
Actually anti-virus software won't catch stuff until it has a virus definition or it's heuristics detect it.
Whose fault is it if your computer becomes infected from something that doesn't yet have AV definitions, or a patch from microsoft?
I think you are being extreme blaming all of it on the users. Not all worms and viruses travel via email or the browser. Some propogate via services etc. Using Mozilla and Eudora won't help you there.
l8,
AC
Will you mary me?
Seriously, you may not agree with the parent's post, but it's obviously a serious opinion, not a troll or flamebait.
But there is another kind of evil that we must fear most... and that is the indifference of good men.
Why is this better? Because "autozip" leaves you in exactly the same place as non-zipped -- the sheeple simply get conditioned to clicking the ZIP archive and then clicking on the "KEWLSCREENSAVER.EXE" contained within. The system we have here prevents even this level, and stops all "accidental" executables from coming through. If you really really needed to get an executable through, you could of course play a round of "rename-the-file-extensions".
When I first heard of this policy, I thought "that's one of the stupidest decisions they've made in a long time." But, when you look at it from their perspective of the "you may not run unapproved software on company computers" policy, it's not bad. And having lived with it now for several years I can say that I don't find it onerous. I can still email executables if I need to, but the bar is raised so that casual use doesn't let it happen. If I have an executable to send, either I play the rename games or I find an FTP server somewhere. It's worked remarkably well at keeping our windows viral infections low, and keeps the clueless users from hurting themselves.
The brilliance of this system is that even if a virus writer were to attempt to send a suitably tarted-up executable, the chances are excellent that the subset of people who would give up in frustration at being unable to understand renaming the file to .EXE would coincide with the subset of people who wouldn't immediately recognize it as a virus ploy.
It doesn't even take a three step process to implement. Two steps: 1. Set your virus scanner to scrub out absolutely every executable, including those found inside ZIP files. 2. Send out a memo saying, "New corporate anti-virus policy: Effective as of ten minutes ago, there will be no more emailed executables ever."
John