Slashdot Mirror
Virus Writers - The Enemy Within
Slob Nerd writes "An interesting read from todays Observer "He's 21, he's got dreadlocks, likes punk bands... and his hobby could wreck your computer in seconds. Clive Thompson infiltrates the secret world of the virus writers who see their work as art - while others fear that it is cyber-terrorism.""
Virus writers, while technically skilled, are complete dumb butts for using their skills in ways that are harmful to society and businesses, even if it's not their fault that it is easy to do thanks to Microsoft. They'd be better off using their skills for something more productive.
thisnukes4u.net
And the technical side of the article is a pile of shit as well. Virii don't "reprogram parts of your computer". Script kiddies generally don't download virii, but trojan clients.
With quotes like this: 'This guy,' he proclaimed, 'is the best at Visual Basic.' I really understand the level of these guys... Show me an 1 k, auto-replicating, ASM-written worm spreading like the lightening through an undocumented hole and I'll be impressed. These are nothing more than wannebe punks.
Yes, users bear some responsibility for viruses' spread. Yes, I'm all for education of users. I work in tech support, believe me I'd love more educated users. Usually, I'm the one giving the basic lessons in the difference between a hard disk and a CD-ROM drive.
But the lion's share of the blame has to rest on the virus writers' collective shoulders. The vast majority have no pretensions of "educating the masses," or "simple curiosity." No, most of them just want to either a) screw people over for the hell of it, or b) get their (hopefully anonymous) 15 minutes of fame. These are the same types of people who will eventually be hired to write adware, spyware, and spamming apps. They are not heros. They are not admirable. They are degenerates and sociopaths, and they gives nerds and hackers horrible images with the very same "stupid users" that we have to interact with (and often get paid by) every day of our lives.
Xbox reviews.. We think they're funny.
I guess it's the same joy some brainless, euh, "people" get from beating up weaker people or defenseless animals. Or vandalising someones car or something.
There's no risk in it and they get to feel so tough. Those people simply need a proverbial kick in the ass.
Sorry, no, all my computers run Linux, FreeBSD and Mac OS X.
I wish that, just for once, articles aimed at the public would be a little more accurate."
"He's 21, he's got dreadlocks, likes punk bands... and if you use Microsoft software, his hobby could wreck your computer in seconds"
Not to mention that people do not understand that they should not run arbitrary email attachments. Every few weeks we have a major worm outbreak because millions of people happily run every piece of malicious code they find.
As for "real" worms that don't require a collaborative user to spread, it can hardly get worse than it is now, with all the knowledge and awareness we have. The really ugly ones spread in minutes, faster than anyone can react. (Also, they never seem to die, Nimda for example is still active.)
Programming can be fun again. Film at 11.
I think the government's time and money would be best spent elsewhere. That would be a major, and largely pointless, undertaking. And even if for some godawful reason a "virtual internet" was created to be the punishment-free testbed for young virus writers, with their egos, they would never be satisfied until they got on the "real" internet and messed with "real" people.
Xbox reviews.. We think they're funny.
Does everything include nothing?
Cracks are not.
It's easier to destroy than to create.
Why did GEAR crush RDP?
1. Cooking*
2. Cars
3. Boats
4. Trains
5. Swords
6. Guns
Just because you do them, doesn't mean you test them out on innocent people. How are these virus writers any different?
*Applies to slashdot readers, only.
Actually, I think that's a terribly wrong-headed attitude. While we might *have* to encourage users to think, we *should* be encouraging developers to produce better code.
We should be striving to create systems that just do what the users needs them to do without requiring the user to jump through hoops or take a course entitled "Best Practices in Computer Security". I don't need to be a mechanic to drive a car, I don't need to be an astronomer or astrophysicist to look through a telescope, and I shouldn't have to be a network security expert just to surf the web and send & receive email.
It is very definitely Microsoft at fault here and not the 'less than expert computer users'. After all, if they made the product to suit those users instead of just to sell well to them, the rest of the world would have far fewer issues.
Anyway, anybody who thinks this qualifies as elite virus writing needs their head examined. There is really nothing elite about a script file. Not to mention that it should be apparent in this day and age that trashing other people's computers is not only very uncool but incredibly likely to get you thrown in federal pound-me-in-the-ass prison.
Here is a fantastic new concept: how about people submit ORIGINAL stories to slashdot, not just pointers to stories published elsewhere on the web? Citing references to support your points is fine, but how about /.ers creating some original content for a change?
"Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves
Sholdn't be there Karma penalty for posting dup...triplicate article ? Isn't it amount to trolling ?
If you have any evidence, or anything beyond "it all fits" type speculation, then you've got a huge story there. If you don't, then your tinfoil hat is showing.
Anyone who loves or hates any language, platform, or manufacturer, doesn't know what they're talking about.
He wasn't talking about mpegs infecting computers, he mentioned files that _appear to be mpegs_ infecting computers. Typically by renaming them and then attaching with a different mime type, or simply by appending a second extension to the end which "usefully" doesn't get displayed by the recipient's mail reader. It's been done a hundred times, and will be done a hundred times more.
It's your comprehension skills that are called into question the most here.
Because that wasn't your only mistake.
Nowhere does it call Iron Maiden a punk band. The young one who lived at home with his parents was listening to Maiden. The 21-year old VB-er was the one who was into punk.
Engage brain before posting, please.
YAW.
Your head of state is a corrupt weasel, I hope you're happy.
Outlook Express automatically blocks any attachments which could potentially be viruses. But then the users get annoyed and uncheck it.
Crushing dreams at the speed of sarcasm
And Europeans, maybe eight percent of the world's population, consume at least another third, so get off your high horse. The fact is that anybody in the developed Western world uses resources at a far greater rate than a Third World peasant. Self-righteous moral preening about how your car gets five miles per gallon more than mine is of little meaning in the great scheme of things.
Much of that consumption is used in building things that end up in other countries anyway. If America builds a machine tool or sewage treatment plant or airplane that ends up in some third-world Ickystan, have we really taken anything away from the Ickystanian man, or have we actually done him a favor?
Plague of locusts indeed. If you subscribe to such idiocy, at least recognize that you are one too.
-ccm
Too much Law; not enough Order.
There are Indeed some Reasons why critical systems should be isolated.
Sounds like we now know who to send the mobs with torches and pickforks after.
I'm an American. I love this country and the freedoms that we used to have.
"Mission Accomplished" -- George W. Bush May 1, 2003
I can sympathize with anyone working in IT when a worm or email virus starts mass propagating. It's no doubt a pain in the ass to deal with when your network is getting hammered. In that sense, I can understand why someone would want to see the writers of these programs flogged, imprisoned, gangraped, and so forth.
Personally, I'd rather see just one vicious email virus rip through the mass of click-happy idiots that cause these epidemics. Every major case thus far has been, at most, a minor inconvenience at the enduser level.
After losing their entire system to one of these viruses, something tells me the number of people that go about clicking every attachment they receive would significantly decrease.
Before anyone bleats about the innocent suffering: too bad. Do children ever listen when they're told not to touch boiling water? No, they only learn it the hard way. But the one advantage is that it's a lesson not soon forgotten.
Blaming is more fun, of course.
Fixing the problem requires stepping back and noticing some root causes.
WHY do we have a situation where a quick double-click can destroy a software installation or transfer ownership of the computer to a spammer?
Imagine a comparable situation in meatspace. Imagine a chemical plant with a big red button on the main floor which would set the plant on fire and release poison gas in the nearby city.
Management might try educating the workers, putting up signs saying "don't push the big red button", disciplining workers who bump it accidentally, and so on. The fix is not to have the stupid button in the first place.
Our situation on computers is even worse. People have to double-click attachments all day to get their jobs done. It's as though the big red button were small, green, necessary, and only destroyed the plant one time out of a thousand.
The most solid fix is to run MUA's chrooted or under systrace jails. The next best is sensible defaults that don't allow executing candy from strangers.
>Windows is a security nightmare and it practically invites viruses in.
There are probably installations out there that still execute active content in the Preview pane, allowing things like Klez to spread without any user action other than looking at email. Trying to compensate for that with user education is, well, ambitious.
Your post was modded "troll" because it was blatant FUD. Pro-unix FUD, perhaps, but FUD nonetheless. You assert that Unix is superior to Windows because most viruses only run on Windows. The simple fact of the matter is that most viruses run on Windows because Windows has nearly 100% market share of people who aren't computer saavy. A worm for Linux would never work because Linux users know better than to run untrusted executables, and Linux users usually patch OpenSSH right away when a remote root exploit is found. The number of Linux machines left open to attack is so small that a virus or worm simply would not be able to propogate. Meanwhile, there are hundreds of millions of Windows users just waiting to open any e-mail attachment you send them, and who haven't ever heard of Windows Update.
Unix is not inherently less vulnerable to viruses than Windows is. No, user/root separation does not hinder e-mail viruses designed to DDoS web sites. Yes, there is software running on your Unix box right now that has buffer overrun vulnerabilities.
Also, while my box may well have overrun vulnerabilities (doubtless true), I disagree completely with your statement that if *NIX machines had the marketshare there would be as many virus for them. I think you are vastly underestimating the user/root separation. At the very least it prevents a single user infection from affecting the entire machine. Yes, a single user could infect his own home directory tree and of course this could be used to DDoS someone. However, there would not be a situation similar to the Outlook/Outlook Express situation where simply recieving a viral mail would infect the system; *NIX apps aren't designed that stupidly.
I have no doubt that if/when *NIX becomes more common there will be more *NIX virus, but to say that its "just as bad" is to buy into MS's own FUD.
My case in point here is Mac OS X, it has a fairly large userbase, and most of that userbase is not computer expert (one of the Mac selling points is that it is (theoretically) simpler to use than Windows). Yet there has not been a significant number of Mac OS X virus (virus for older Mac OSes are more common by far). Why? Because Mac OSX is mostly BSD UNIX.
"Mission Accomplished" -- George W. Bush May 1, 2003
If you spray paint your crap over my building, you are a vandal. I don't care if you have the skill of Michelangelo, Da Vinci, and Rembrandt combined, you don't have the right to paint on things that belong to other people. If you do, you are a vandal. Period.
True artists can find legitimate outlets - they even get paid. Graffit art is done by gang members and other scum. Virus writers are simiply their online equivilent.
That's your own narrow little opinion.
Good graffiti art brightens the urban landscape. Thankfully the morons in the cities that used to remove it from trains finally acquired a clue and made the trains available for painting by artists of demonstrable ability. No more ugly urban trains.
These guys who do graffiti are exactly what art is about, not some commercialised nonsense.