Slashdot Mirror
Virus Writers - The Enemy Within
Slob Nerd writes "An interesting read from todays Observer "He's 21, he's got dreadlocks, likes punk bands... and his hobby could wreck your computer in seconds. Clive Thompson infiltrates the secret world of the virus writers who see their work as art - while others fear that it is cyber-terrorism.""
Guys like me warned anyone who would listen. Most operating systems in use today by home PC users are utter crap. I always love speaking about computer security because it's just so fucking important.
But I can't help but feel helpless. Virus writers will get bored again and write another killer virus. These fucking viruses can easily invade Windows PCs and then use them to attack other machines. I don't blame the virus writers -- it's just a hobby. I blame people who LOAD the viruses!
We need firewall education. We need anti-virus education. We need fucking stricter email controls.
I hate myself for saying this, but let's stop being so fucking naive. Windows is a security nightmare and it practically invites viruses in. But most people use Windows, even though there are two families of computers that are much safer -- Apple's OS 10 and the many types of Linux machines. Microsoft has a grip on the PC market by the balls that even the government can't shake loose, and so, like the family that's stuck with an unwanted brother-in-law, we're stuck with Microsoft's Windows and its many frailties.
So stop blaming the virus writers. It's not their fault. It's YOUR fault. By that I mean your friends and family and co-workers need to be education -- and by YOU if no one else will do it. Tell them Windows is a piece of fucking shit, but also SHOW THEM how to avoid viruses. You can't just talk crap and then do nothing. It's more effective to suggest alternatives and best-practices(TM).
Computer security is in a poor state of affairs, but (relative) geniuses like us can help things. We really can. Just put Linux down for a fucking second (yes, it's better than Windows) and show your mom how to avoid catching viruses.
Reply or e-mail; don't vaguely moderate. Ex-O'Reilly/MIT employee, now a full-time Google employee.
Virus writers, while technically skilled, are complete dumb butts for using their skills in ways that are harmful to society and businesses, even if it's not their fault that it is easy to do thanks to Microsoft. They'd be better off using their skills for something more productive.
thisnukes4u.net
And the technical side of the article is a pile of shit as well. Virii don't "reprogram parts of your computer". Script kiddies generally don't download virii, but trojan clients.
With quotes like this: 'This guy,' he proclaimed, 'is the best at Visual Basic.' I really understand the level of these guys... Show me an 1 k, auto-replicating, ASM-written worm spreading like the lightening through an undocumented hole and I'll be impressed. These are nothing more than wannebe punks.
Yes, users bear some responsibility for viruses' spread. Yes, I'm all for education of users. I work in tech support, believe me I'd love more educated users. Usually, I'm the one giving the basic lessons in the difference between a hard disk and a CD-ROM drive.
But the lion's share of the blame has to rest on the virus writers' collective shoulders. The vast majority have no pretensions of "educating the masses," or "simple curiosity." No, most of them just want to either a) screw people over for the hell of it, or b) get their (hopefully anonymous) 15 minutes of fame. These are the same types of people who will eventually be hired to write adware, spyware, and spamming apps. They are not heros. They are not admirable. They are degenerates and sociopaths, and they gives nerds and hackers horrible images with the very same "stupid users" that we have to interact with (and often get paid by) every day of our lives.
Xbox reviews.. We think they're funny.
I guess it's the same joy some brainless, euh, "people" get from beating up weaker people or defenseless animals. Or vandalising someones car or something.
There's no risk in it and they get to feel so tough. Those people simply need a proverbial kick in the ass.
Sorry, no, all my computers run Linux, FreeBSD and Mac OS X.
I wish that, just for once, articles aimed at the public would be a little more accurate."
"He's 21, he's got dreadlocks, likes punk bands... and if you use Microsoft software, his hobby could wreck your computer in seconds"
Not to mention that people do not understand that they should not run arbitrary email attachments. Every few weeks we have a major worm outbreak because millions of people happily run every piece of malicious code they find.
As for "real" worms that don't require a collaborative user to spread, it can hardly get worse than it is now, with all the knowledge and awareness we have. The really ugly ones spread in minutes, faster than anyone can react. (Also, they never seem to die, Nimda for example is still active.)
Programming can be fun again. Film at 11.
I think the government's time and money would be best spent elsewhere. That would be a major, and largely pointless, undertaking. And even if for some godawful reason a "virtual internet" was created to be the punishment-free testbed for young virus writers, with their egos, they would never be satisfied until they got on the "real" internet and messed with "real" people.
Xbox reviews.. We think they're funny.
Does everything include nothing?
Cracks are not.
It's easier to destroy than to create.
Why did GEAR crush RDP?
1. Cooking*
2. Cars
3. Boats
4. Trains
5. Swords
6. Guns
Just because you do them, doesn't mean you test them out on innocent people. How are these virus writers any different?
*Applies to slashdot readers, only.
This wasn't some third rate tabloid, it was a newspaper famous for its supposed high-minded liberalism and commitment to truth - it was an article in The Observer that lead to the founding of Amnesty International, another that lead to Britain's withdrawl from Suez.
Do I take seriously an article published in it about virus writers? You bet I don't. I don't think anyone in their right mind can take that newspaper seriously.
You cite two massive successes of the Observer, as opposed to one massive mistake they have made.
And on that basis, you deduce that they lack all credibility?
So one misguided campaign against child porn not only trumps one major international charity campaigning for human rights and the end of one pointless war, but utterly cancels them out, tramples them into the ground, and renders them completely meaningless?
Don't you think maybe you're over-reacting slightly?
Actually, I think that's a terribly wrong-headed attitude. While we might *have* to encourage users to think, we *should* be encouraging developers to produce better code.
We should be striving to create systems that just do what the users needs them to do without requiring the user to jump through hoops or take a course entitled "Best Practices in Computer Security". I don't need to be a mechanic to drive a car, I don't need to be an astronomer or astrophysicist to look through a telescope, and I shouldn't have to be a network security expert just to surf the web and send & receive email.
It is very definitely Microsoft at fault here and not the 'less than expert computer users'. After all, if they made the product to suit those users instead of just to sell well to them, the rest of the world would have far fewer issues.
Anyway, anybody who thinks this qualifies as elite virus writing needs their head examined. There is really nothing elite about a script file. Not to mention that it should be apparent in this day and age that trashing other people's computers is not only very uncool but incredibly likely to get you thrown in federal pound-me-in-the-ass prison.
Here is a fantastic new concept: how about people submit ORIGINAL stories to slashdot, not just pointers to stories published elsewhere on the web? Citing references to support your points is fine, but how about /.ers creating some original content for a change?
"Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves
Sholdn't be there Karma penalty for posting dup...triplicate article ? Isn't it amount to trolling ?
If you have any evidence, or anything beyond "it all fits" type speculation, then you've got a huge story there. If you don't, then your tinfoil hat is showing.
Anyone who loves or hates any language, platform, or manufacturer, doesn't know what they're talking about.
He wasn't talking about mpegs infecting computers, he mentioned files that _appear to be mpegs_ infecting computers. Typically by renaming them and then attaching with a different mime type, or simply by appending a second extension to the end which "usefully" doesn't get displayed by the recipient's mail reader. It's been done a hundred times, and will be done a hundred times more.
It's your comprehension skills that are called into question the most here.
Because that wasn't your only mistake.
Nowhere does it call Iron Maiden a punk band. The young one who lived at home with his parents was listening to Maiden. The 21-year old VB-er was the one who was into punk.
Engage brain before posting, please.
YAW.
Your head of state is a corrupt weasel, I hope you're happy.
Outlook Express automatically blocks any attachments which could potentially be viruses. But then the users get annoyed and uncheck it.
Crushing dreams at the speed of sarcasm
And Europeans, maybe eight percent of the world's population, consume at least another third, so get off your high horse. The fact is that anybody in the developed Western world uses resources at a far greater rate than a Third World peasant. Self-righteous moral preening about how your car gets five miles per gallon more than mine is of little meaning in the great scheme of things.
Much of that consumption is used in building things that end up in other countries anyway. If America builds a machine tool or sewage treatment plant or airplane that ends up in some third-world Ickystan, have we really taken anything away from the Ickystanian man, or have we actually done him a favor?
Plague of locusts indeed. If you subscribe to such idiocy, at least recognize that you are one too.
-ccm
Too much Law; not enough Order.
There are Indeed some Reasons why critical systems should be isolated.
Sounds like we now know who to send the mobs with torches and pickforks after.
I'm an American. I love this country and the freedoms that we used to have.
"Mission Accomplished" -- George W. Bush May 1, 2003
your typical attention seeking morons.
I mean, come on, VB for gods sake ?
Does anyone remember why BASIC was called BASIC ?
It's BEGINNERS all symbolic instruction code. Like it says, it's for beginners and no-hopers that will never be able to write good OO or structured code, or for people who don't yet grasp that the computer stores data as a series of 1's and 0's.
There is nothing smart about a keystroke grabber. Hell, we were doing this 15 years ago on dumb terminals connected to Vax's via terminal servers, and in those days it was trivial too.
These kids don't do anything positive because they can't. They wrap themselves with other gloating morons ("this guy is the best at VB") - helluva compliment I'd never like to get.
And how the fuck does this virus sit in your registry after it just formatted C: ?
I suspect these kids are just piss poor script kiddies that have all chipped in the pocket money to get a 384k DSL and invited the local rag round to watch them gloat, get drunk on a can of cider and agressively smoke (and them presumably puke everywhere)
Not that I'm a fan of Microsoft or anything, they should tighten up the code (the worst is yet to come - source in the wild), but these kids are not "dangerous" but just a minor irritation, a boil on the ass of civilization if you please.
I can sympathize with anyone working in IT when a worm or email virus starts mass propagating. It's no doubt a pain in the ass to deal with when your network is getting hammered. In that sense, I can understand why someone would want to see the writers of these programs flogged, imprisoned, gangraped, and so forth.
Personally, I'd rather see just one vicious email virus rip through the mass of click-happy idiots that cause these epidemics. Every major case thus far has been, at most, a minor inconvenience at the enduser level.
After losing their entire system to one of these viruses, something tells me the number of people that go about clicking every attachment they receive would significantly decrease.
Before anyone bleats about the innocent suffering: too bad. Do children ever listen when they're told not to touch boiling water? No, they only learn it the hard way. But the one advantage is that it's a lesson not soon forgotten.
Blaming is more fun, of course.
Fixing the problem requires stepping back and noticing some root causes.
WHY do we have a situation where a quick double-click can destroy a software installation or transfer ownership of the computer to a spammer?
Imagine a comparable situation in meatspace. Imagine a chemical plant with a big red button on the main floor which would set the plant on fire and release poison gas in the nearby city.
Management might try educating the workers, putting up signs saying "don't push the big red button", disciplining workers who bump it accidentally, and so on. The fix is not to have the stupid button in the first place.
Our situation on computers is even worse. People have to double-click attachments all day to get their jobs done. It's as though the big red button were small, green, necessary, and only destroyed the plant one time out of a thousand.
The most solid fix is to run MUA's chrooted or under systrace jails. The next best is sensible defaults that don't allow executing candy from strangers.
>Windows is a security nightmare and it practically invites viruses in.
There are probably installations out there that still execute active content in the Preview pane, allowing things like Klez to spread without any user action other than looking at email. Trying to compensate for that with user education is, well, ambitious.
Your post was modded "troll" because it was blatant FUD. Pro-unix FUD, perhaps, but FUD nonetheless. You assert that Unix is superior to Windows because most viruses only run on Windows. The simple fact of the matter is that most viruses run on Windows because Windows has nearly 100% market share of people who aren't computer saavy. A worm for Linux would never work because Linux users know better than to run untrusted executables, and Linux users usually patch OpenSSH right away when a remote root exploit is found. The number of Linux machines left open to attack is so small that a virus or worm simply would not be able to propogate. Meanwhile, there are hundreds of millions of Windows users just waiting to open any e-mail attachment you send them, and who haven't ever heard of Windows Update.
Unix is not inherently less vulnerable to viruses than Windows is. No, user/root separation does not hinder e-mail viruses designed to DDoS web sites. Yes, there is software running on your Unix box right now that has buffer overrun vulnerabilities.
Also, while my box may well have overrun vulnerabilities (doubtless true), I disagree completely with your statement that if *NIX machines had the marketshare there would be as many virus for them. I think you are vastly underestimating the user/root separation. At the very least it prevents a single user infection from affecting the entire machine. Yes, a single user could infect his own home directory tree and of course this could be used to DDoS someone. However, there would not be a situation similar to the Outlook/Outlook Express situation where simply recieving a viral mail would infect the system; *NIX apps aren't designed that stupidly.
I have no doubt that if/when *NIX becomes more common there will be more *NIX virus, but to say that its "just as bad" is to buy into MS's own FUD.
My case in point here is Mac OS X, it has a fairly large userbase, and most of that userbase is not computer expert (one of the Mac selling points is that it is (theoretically) simpler to use than Windows). Yet there has not been a significant number of Mac OS X virus (virus for older Mac OSes are more common by far). Why? Because Mac OSX is mostly BSD UNIX.
"Mission Accomplished" -- George W. Bush May 1, 2003
If you spray paint your crap over my building, you are a vandal. I don't care if you have the skill of Michelangelo, Da Vinci, and Rembrandt combined, you don't have the right to paint on things that belong to other people. If you do, you are a vandal. Period.
True artists can find legitimate outlets - they even get paid. Graffit art is done by gang members and other scum. Virus writers are simiply their online equivilent.
That's your own narrow little opinion.
Good graffiti art brightens the urban landscape. Thankfully the morons in the cities that used to remove it from trains finally acquired a clue and made the trains available for painting by artists of demonstrable ability. No more ugly urban trains.
These guys who do graffiti are exactly what art is about, not some commercialised nonsense.