Slashdot Mirror
Virus Writers - The Enemy Within
Slob Nerd writes "An interesting read from todays Observer "He's 21, he's got dreadlocks, likes punk bands... and his hobby could wreck your computer in seconds. Clive Thompson infiltrates the secret world of the virus writers who see their work as art - while others fear that it is cyber-terrorism.""
I think this is the third time this story has been posted.
Googled version to NY Times story
Of course, does it really count if the same story appears on a *different* page? Or a different website.
Maybe it's time that slashdot subscribers get a cached version of the story hosted on slashdot. That way, when an editor is about to submit a duplicate story, it'll check for similar articles cached on the site. That way this kind of thing doesn't keep happening. Hell... Slashdot editors won't even have to read slashdot anymore!
Thank you CmdrTaco for rejecting the story I just submitted in favor of this one. And I *know* the story I submitted wasn't a duplicate, or else my web server would have felt it. ;)
You really are my hero.
/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
Virus writers, while technically skilled, are complete dumb butts for using their skills in ways that are harmful to society and businesses, even if it's not their fault that it is easy to do thanks to Microsoft. They'd be better off using their skills for something more productive.
thisnukes4u.net
Then you do not work at MS huh?
And the technical side of the article is a pile of shit as well. Virii don't "reprogram parts of your computer". Script kiddies generally don't download virii, but trojan clients.
End - Breeding
It's where the family tree doesn't spread out,
but the ends of the branches meet up.
Think that's code for "From the >/dev/null dept."?
Whenever I disassembled viruses or worms, I had to scream. Even in the good old DOS-times and even with bootsector viruses, where size was an important factor, they were simply horrible written. (i.e. unnecassary bloated)
While some may imply in their posts, that virus writers are technically skilled, I've yet to see a single example of beeing better than the avarage bad programmer...
It's not like I don't have appreciation for the fine arts, but this is taking it too far, it is almost to the extent of patronizing virus writers.
Ok fine, what if someday, a student doing research in microbiology decides, just for the sake or fine arts, I'll release a mutant plague bacteria...
I guess my initial reaction was fsck 'em. Fsck 'em all. However, it could be suggested that they have made corporations and governments aware of many intrinsic insecurities in certain popular operating systems which may have prevented some larger potential catastrophe. The problem for these guys, is that we will never know and they will continue to be reviled and hated as losers. (That is unless they are talented enough to score a job with Symantec, the NSA or some other organization dealing with comp. security.)
(karma whoring is nice?)
This space is intentionally staring blankly at you
With quotes like this: 'This guy,' he proclaimed, 'is the best at Visual Basic.' I really understand the level of these guys... Show me an 1 k, auto-replicating, ASM-written worm spreading like the lightening through an undocumented hole and I'll be impressed. These are nothing more than wannebe punks.
And here I was, with my coffee and breakfast all ready to read /. till lunch :(
Next story please!
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
Maybe if the government or anti virus companys made like an online virtual internet for young people to upload there virus into this "virtual internet" to watch it spread and make a game like point scheme or something along the lines there wouldnt be much havoc online , I think it is mostly boredom that virus creaters do this for!
Yes, users bear some responsibility for viruses' spread. Yes, I'm all for education of users. I work in tech support, believe me I'd love more educated users. Usually, I'm the one giving the basic lessons in the difference between a hard disk and a CD-ROM drive.
But the lion's share of the blame has to rest on the virus writers' collective shoulders. The vast majority have no pretensions of "educating the masses," or "simple curiosity." No, most of them just want to either a) screw people over for the hell of it, or b) get their (hopefully anonymous) 15 minutes of fame. These are the same types of people who will eventually be hired to write adware, spyware, and spamming apps. They are not heros. They are not admirable. They are degenerates and sociopaths, and they gives nerds and hackers horrible images with the very same "stupid users" that we have to interact with (and often get paid by) every day of our lives.
Xbox reviews.. We think they're funny.
To play Devil's Advocate isn't there something good arising from virus writers? If there were no major viruses out there, I guarantee you most users wouldn't have anti-virus software and wouldn't know not to click on email attachments from unknown sources. Then, if someone really did want to cause major havoc, it would be even worse than it is now. I don't know if this is true, but I think it's possible. If no one ever expected a virus/worm, how long would it take to actually get the virus/worm off of every user's computer. It's rather quick now because most people have anti-virus software that can be updated really quickly.
First time from wired... it's a story.
Second time on NYT... it's a dupe.
Third time on the observer... it's a trupe?
-Colin
I guess it's the same joy some brainless, euh, "people" get from beating up weaker people or defenseless animals. Or vandalising someones car or something.
There's no risk in it and they get to feel so tough. Those people simply need a proverbial kick in the ass.
Boy, I'd love to be the author of that article. He just keeps making money selling it over and over again. In addition the paper's owners must take note of his name when it draws a metric herd of slashdotters.
::Walks off to write an article about virii::
-Colin
Sorry, no, all my computers run Linux, FreeBSD and Mac OS X.
I wish that, just for once, articles aimed at the public would be a little more accurate."
"He's 21, he's got dreadlocks, likes punk bands... and if you use Microsoft software, his hobby could wreck your computer in seconds"
Umm. Slight absence of any mention of virus writing for profit: there's enough evidence that a number of recent virii were mainly about installing SMTP Relays on infected machines to propogate spam, or leaving a backdoor open so that this could later be done.
4 23258&mode=nested
0 51056136
Or else installing DDOS software aimed at Spamhaus servers, or leaving backdoors open for same.
So. Art: Check. Vandalism: Check. Profit Motive: Check. Insubstantial "infiltration" by journalist: Check.
Ferinstance
http://yro.slashdot.org/article.pl?sid=03/12/03/1
- Oops. There goes Spamhaus
http://securityresponse.symantec.com/
- most of this week's crop install backdoors.
http://www.groklaw.net/article.php?story=20040221
- Your IP Addy for sale to a spam-merchant near you...
Well, actually terrorism is using threats and violence to force someone to think or behave as you want.
Common virus-writers are more like random violence, they do not use to pursue economical or political agendas, more usually want recognition inside their own community.
I, for one, am fed up with this ciber-terrorists media propaganda.
DON'T PANIC
Not to mention that people do not understand that they should not run arbitrary email attachments. Every few weeks we have a major worm outbreak because millions of people happily run every piece of malicious code they find.
As for "real" worms that don't require a collaborative user to spread, it can hardly get worse than it is now, with all the knowledge and awareness we have. The really ugly ones spread in minutes, faster than anyone can react. (Also, they never seem to die, Nimda for example is still active.)
Programming can be fun again. Film at 11.
Stop clicking on email attachments and the problem almost completely goes away.
Virus writers prey on the stupid. Harsh, but absolutely true.
Since when is Iron Maden considered punk? Geesh, pansy...
---- Booth was a patriot ----
As someone else pointed out, we wouldn't need the virus protection without the viruses. Also, I don't know if you've caught the numbers for each major "11:00 News" virus attack, but people aren't really learning their lesson this way. Sad but true.
Xbox reviews.. We think they're funny.
Geez. they're galled adverbs
What does a part of the liver have to do with being a spelling/grammar nazi? I assume it's not a typographical error.
I am one of many. My idea is not unique, nor do I expect my voice alone to sway you. I speak in a chorus of opinion.
Then come over and install your friendly little programs on my PC. You can do so for free! No more annoying "distribution" anymore, you just come here, install your friendly little program and leave*, that is all. Sounds like a deal? Tell me in advance, because I might need to buy some essentials** for your visit.
* Might or might not involve a hearse.
** Like a toe tag and body bag.
Hate me!
That's usually the case with any subject! Every movie, documentary, or article that I've seen or read and have had personal experience with has been a load of bunk. I've been interviewed for numerous newspaper and magazine articles and they very rarely use any of my quotes in context. They'll usually intentionally remove the context to twist words to mean whatever agenda they're trying to push.
My personal experiences with the media have basically ruined my ability to enjoy anything anymore. Since I know for a fact that virtually every story I've contributed to has been embellished by the authors to increase its entertainment value, I assume that any story that's been done about a subject I'm not personally familiar with has been tainted as well. And, most of the time, I'm correct. A simple five minute Google or encyclopedic search on the subject gives me more accurate data than the story that I'm following up on.
PepperHacks - Hacking the Pepper Pad
http://www.spth.de.vu/
- bram
Yep, same with murderers. If there weren't any murders people wouldn't be as prepared to defend themselves, and they'd be more vulnerable to any murderers that came along.
It appears to me that overcoming human nature requires more than education.
Here's a link to the first paragraph.
Is this a copyright violation ?
-- You see, there would be these conclusions that you could jump to
Does everything include nothing?
Pardon me. I suppose I should have said I can't empathize with them.
Xbox reviews.. We think they're funny.
way to name names in the article.. quick google search on them and you only get about 40000 worthwhile virus writing sites.... well, at least as worth while as they could possibly be i suppose.
guess they were just dying for the publicity...
I did find it funny how those guys were so hep to VB, i mean, i know its like totally sweet and stuff, but jeez, you'd think one of them had just like totally flipped out and killed somebody, for no reason, just because...
When Mario is bored, he likes to sit at his laptop and create computer viruses and worms. Online, he goes by the name Second Part to Hell.
I suggest a new handle for Mario - Two Sandwiches Short of a Picnic
In this world nothing is certain but death, taxes and flawed car analogies.
Oh dear, this thread really exposes the state of the Slashdot community: Grand-grandparent can't use adverbs properly, grandparent makes a typo, while correcting someone's grammer and finally the parent:
:-)
I assume it's not a typographical error.
shows that he has little clue about the fact, that typography is about designing thing containg text in such a way, that makes them aesthetically pleasing.
The question now is, of course, what have I screwed up?
Cracks are not.
It's easier to destroy than to create.
Why did GEAR crush RDP?
On the whole, a very interesting article on a social level. But on the technical level? complete BS. mpegs infecting computers? Although I suppose it could be done, not by the kinds of programers the author is talking about. Some of these sites should hire /.ers as editors. It'd help keep articles accurate from a technical point of view, and keep readers informed correctly.
(and maybe people would point out that Iron Maiden isn't punk.)
Skill is successfully walking a tightrope over Niagara Falls. Intelligence is not trying. -- Anonymous
The question now is, of course, what have I screwed up? :-)
while correcting someone's grammer
That's "grammar."
Lets face it, without viruses alot of the flaws in our operating systems would still be open today, then hackers would have free reign into your system without your knowledge. More and more people wouldn't be using firewalls, more people wouldn't be using anti-virus software. Lets face it, the internet is still very fragile, remember way back in 1988 when one worm took down the internet, that can still happen today sad to say, but we are more knowledgible of how viruses use our software to do moreso now than anytime before. Microsoft is trying to change to that operating system where everything has to use their new .NET infrastructure so security will be tigher, not just in their operating system, but also in the applications third parties write. However, I know from past experience with Microsoft, they will end up trying to be backwards compatible and end up inheriting all those problems from before. But perhaps this time they will use their new purchase of Virtual PC to implement those backward compatibility environments totally away from their new operating system. But somehow I think Microsoft will end up even implementing that badly, because they want to give their users so much ease of use and cool features they end up shooting themselves in the foot, allowing people to use their own gullibility to weaking Microsoft's operating system. This same thing can be said about alot of operating systems out there trying to mimic them to some degree.
Microsoft markets its products to less expert computer users, cultivating the sort of gullible victims who click on disguised virus attachments.
Woefully accurate, if the users I've admin'd for are anything to go by. We need to encourage people to think about what they do when they use computers, not oversimplify.
Ph-nglui mglw'nafh Gates M'dna wgah'nagl fhtagn.
Well, how about the entire second half of your post? :-)
"Typo" is short for "typographical error." And strictly speaking, typography is not necessarily concerned with being aesthetically pleasing. It's simply the use of type.
irb(main):001:0>
"while correcting someone's grammer"
Also, one generally capitalises "English" as in the title.
1. Cooking*
2. Cars
3. Boats
4. Trains
5. Swords
6. Guns
Just because you do them, doesn't mean you test them out on innocent people. How are these virus writers any different?
*Applies to slashdot readers, only.
You misspelled "grammar".
Furry cows moo and decompress.
Actually, I think that's a terribly wrong-headed attitude. While we might *have* to encourage users to think, we *should* be encouraging developers to produce better code.
We should be striving to create systems that just do what the users needs them to do without requiring the user to jump through hoops or take a course entitled "Best Practices in Computer Security". I don't need to be a mechanic to drive a car, I don't need to be an astronomer or astrophysicist to look through a telescope, and I shouldn't have to be a network security expert just to surf the web and send & receive email.
It is very definitely Microsoft at fault here and not the 'less than expert computer users'. After all, if they made the product to suit those users instead of just to sell well to them, the rest of the world would have far fewer issues.
Since when were the Deftones punk? If the media were actually accurate in its statements, there wouldn't be half as many misconceptions in ths world.
integrity has to be earned and maintained continuously.
except possibly after nights of heavy drinking
If you think teenage punks are the ones writing all the virus you're in for a surprise.
Someone needs to do some serious research and see how many came out of Norton Lab.
It's easy to blame some kid playing a guitar in his bedroom. It's another thing to hire a lawyer and blame virus scan companies.
Sholdn't be there Karma penalty for posting dup...triplicate article ? Isn't it amount to trolling ?
Thanks.
Guess that means Im perfectly safe to have around.
- evil grin -
This is the third time this article has been posted as noted by previous posters. We're techies, I'm sure there's a solution to eliminating dupes. One suggestion: Keep a database or the title, author and URL (and maybe other unique info). Whenever a new article is to be posted, check to see if it has already been posted.
-----------------------------------------------
Unix _is_ user friendly, it's just particular about who its friends
Linux is a hobbyist system, impossible for the vast majority of users to safely configure and operate.
The Apple products are excellent, though fantastically overpriced. When my Compaq laptop died last month, I thought about spending money on one of the new Apple laptops (my current Apple laptop is quite slow) but quickly found the new eMachines with the mobile 64-bit Athlon chip plus a Radeon 9600 card for less than half of what a similar Apple would have cost me. It's not reasonable to tell people they need to spend twice as much money when they could largely solve the malware problem by running a viris scanner and using alternatives to IE and Outlook.
The New York Times Magazine a little while ago had a slightly more insightful article which also interviewed the dreadlocked guy and Phil3t0aster and stuff, additionally taking a peek into the culture of virus writers and script kiddies. I don't know if they put their magazine stuff online, but it was a good article.
"All it takes to fly is to hurl yourself at the ground... and miss." - Douglas Adams
I'd describe this article as glamorizing virus writes rather than patronizing them. If I was 15 years old and didn't have any friends that article would have been highly motivating.
I'd really rather see the New York Times Magazine cover an open source project. Mplayer would be a good one if they absolutely couldn't avoid a little controversy.
Let look at a lot of these exploits, they generally are .scr, .vbs, .bat, etc files. By blocking these attachments by default you're going to avoid most attempts at compromising your machine.
.exe to zip it because your mailer doesn't support executable extensions. If you get a bounce back or a message saying "I didnt send you an .exe" then you can safely assume the file is no good and just delete it or set your mailer to auto-delete.
Sure, this is old hat to slashdotters, but I think it would behoove all email client writers to do this by default as MS does now. Now, that leaves us with macro word/excel viruses, other exploits, and the zip files themselves. The first two can be taken care of by a competent virus scanner or system patching and the latter forces the user to open the zip archive thus revealing the true extension (most compression utilities do this) and copies the file(s) to some location thus giving the virus scanner more of a chance to check the thing for viruses.
Its far from a perfect solution, but it will make people sensitive to file extensions and file types. It will also save disk space and bandwidth by compressing attachments (or even the message itself). Added functionality can be added like signed zip archives, AV hooks into zip programs, etc. Heck, the zip format already provides a cross-platform encryption scheme. Sure its not 3DES/RSA or anything, but it sure beats nothing (especially for those worried about sniffing).
This is essentially the setup many of the companies I work with have. You get your pdf, doc, xls, etc but anything executable is either deleted or quarantined. I don't see why email clients written for residential customers can't do the same.
Data loss isn't even an issue, the worst case scenario is asking the guy who sent you that
This can be done in three steps:
1. Implement auto-zipping. Geeks and security sensitive people will probably enable this by default. Or it should be default with newer version of mailers.
2. Once a significant amount of traffic is in the zip format set your mailer to reject all executables. It also could auto-remail the person sending you executables. (this may be exploited by spammers looking for live email addresses).
3. Watch zip vendors work closer with AV vendors to provide better protection from viruses in zip archives.
I was never able to find out what [sic] means. Anyone have an idea?
Whenever quoting something that has an error, the author puts in [sic] to indicate "that's how the original author did it."
:)
In this case, the original poster mispelled unnecessary, so tommck put [sic] in there...probably because he was correcting someone's grammar and he'd look kind of silly if he had an error in his reply
Why don't mailers just forbid executables by default?
Not by looking at extensions, but by looking at the header.
Who ever needs to send executables by mail?
Not the millions that do get infected by viruses now.
I don't see the need to zip them. Just reject them.
Maybe setup some new service for "shared data" on Internet (has existed before) where you can put the executables that you would have otherwise mailed. Of course, virus-scanned.
How many more times does that article have to appear in newspapers before it's considered a virus? ;)
Some of these kids are quite smart and would have a bright future if they stayed on the rails. Prison will not correct them. Shame and pain will.
Therefore, I propose we whip them bloody in the public square, then let them go.
-ccm
Too much Law; not enough Order.
Saw a girl at school the other day wearing a good charlotte t-shirt and a clash wristband *(insert rant about hot topic here)* i wanted to club her in the head with something and demand she name 3 clash songs besides should i stay or should i go.
"Sic Semper Tyrannosaurus Rex."
The PACS system (digital X-ray reading monitors) at the hospital where I work caught Code Red last year, and was down for a day or two. X-rays were being read on printed films just like the old days. Slowed everything down significantly. I don't know that it directly affected any patient's health, but it certainly could have.
-ccm
Too much Law; not enough Order.
We already saw this exact article two weeks ago.
Score: -1, Troll
He calls VB a computer language.
He's using Geocities as his web host! What a 1337 h@xx0r!!!!
Crushing dreams at the speed of sarcasm
Outlook Express automatically blocks any attachments which could potentially be viruses. But then the users get annoyed and uncheck it.
Crushing dreams at the speed of sarcasm
It should be 'great grandparent' rather than 'grand-grandparent'.
"This is crazy, you realise we could all go to jail for this?" - my manager, somewhere I used to work.
And Europeans, maybe eight percent of the world's population, consume at least another third, so get off your high horse. The fact is that anybody in the developed Western world uses resources at a far greater rate than a Third World peasant. Self-righteous moral preening about how your car gets five miles per gallon more than mine is of little meaning in the great scheme of things.
Much of that consumption is used in building things that end up in other countries anyway. If America builds a machine tool or sewage treatment plant or airplane that ends up in some third-world Ickystan, have we really taken anything away from the Ickystanian man, or have we actually done him a favor?
Plague of locusts indeed. If you subscribe to such idiocy, at least recognize that you are one too.
-ccm
Too much Law; not enough Order.
[sic] means "Spelling In Context".
C17H21NO4
Actually, that's true.
Didn't you see that episode of The Simpsons where earth abandons violence and destroys all its weapons, so that Kang and Kodos could FINALLY take over earth using their board-with-a-nail-through it SO large, it destroyed the entire planet?!?!?!
Didnt you?
What?
Oh... No, I've only had s-e-e-e-ven cups of coffee today.
I.e. you're entirely full of shit.
Show use the section of slammer which you think could be made 6 bytes shorter then, and don't tell us exactly how to make it shorter. Leave it as a challenge to the rest of us.
But you can't of course. As you're just a puffed-up windbag.
YAW.
Your head of state is a corrupt weasel, I hope you're happy.
Quit using MS Outlook. It's address book is a well written virus cannon capable of well-aimed bursts or scatter shot that can cover the globe in days. Outlook Express is no different. It may be a crippled version of Outlook but we all know it's cannon functions exactly the same way. ;-)
Linux with kernel panic...
MadPenguin.org
but what do i know, i'm just a model.
Why should you? They have shown over and over again that they can do it if the OS is silly enough. The trick is to encourage them to write them, just like they think the to trick to releasing is to post it on some bbs and hope somebody else sets it of.
Really they only need to encourage and give some praise to the ones that do something that is good for av companies.
The only reason these kids create virusses is because they are rewarded to do so. Reward them with praise and some admiration and presto: another virus writer born.
This space is intentionally staring blankly at you
Much of that consumption is used in building things that end up in other countries anyway.
Ever heard of the trade deficit?
The southwestern US is the only segment that exports more than it imports (and almost all of that is in Southern California). Most of the US is buying stuff up from other countries much faster than they are producing it for them.
Don't you wish your girlfriend was a geek like me?
While this article is dated today (2/22/04) in the guardian, it appeared at least a couple of other places a couple of weeks earlier:
The Impact Lab Some place called "sofa. rites de passage"And in the NY Times 2/8/04 ($ required):
The Virus UndergroundMark
shows that he has little clue about the fact, that typography is about designing thing containg text in such a way, that makes them aesthetically pleasing.
:-)
The question now is, of course, what have I screwed up?
Try...
"shows that he has little clue about the fact that 'typography' is about designing things containing text, in such a way as to make them aesthetically pleasing."
The comma is still awkward, but it's a little better now. The entire sentence should be torn down and rebuilt from scratch, but I'll leave that for someone else.
Don't you wish your girlfriend was a geek like me?
In my experience -- speaking as someone who has managed several thousand desktop machines in a corporate setting -- relying on antivirus software to protect users against previously unknown viruses is a fool's gambit. Generally speaking, AV software only helps prevent new infections from appearing a few weeks after the primary outbreak occurs. It does very little to protect you during the first couple of days.
Patches and sanitization techniques -- making sure potentially malicious code does not reach the user in an easy-to-use form -- are far more effective, in my opinion.
I find it interesting to note that all these worms are recognized as malware only because they cause a massive amount of traffic from their replication. If someone were to write a worm that spread through email, but rather than mass-mailing at an enormous pace, sent one email every hour or so, I wonder how long it would take the computer security industry to recognize it for what it is and fix it.
There are Indeed some Reasons why critical systems should be isolated.
That will happen if you skip step 1.
Not to mention the zip program can just download md5 sums and check for known popular viruses without all the overhead of actually scanning, repairing, etc that AV software has to do.
And we can give it a catchy slogan, "Don't click unless its a zip!"
the rewriting of the harddrive is easy (look a one-liner)..it's the installation part that is kinda tricky
Sounds like we now know who to send the mobs with torches and pickforks after.
I'm an American. I love this country and the freedoms that we used to have.
Online, he goes by the name Second Part to Hell
That's not a valid nickname on DALNet
I don't get why are such activities called "cyberterorism". It doesn't directly hurt or kill anoyone at all, except machines. "Cybervandalism" sounds less hysterical and is more to the point. Anyway, root of all evil is Microsoft's low-end software (e.g Windows, Office, IE).
I'm not insane. My mother had me tested.
your typical attention seeking morons.
I mean, come on, VB for gods sake ?
Does anyone remember why BASIC was called BASIC ?
It's BEGINNERS all symbolic instruction code. Like it says, it's for beginners and no-hopers that will never be able to write good OO or structured code, or for people who don't yet grasp that the computer stores data as a series of 1's and 0's.
There is nothing smart about a keystroke grabber. Hell, we were doing this 15 years ago on dumb terminals connected to Vax's via terminal servers, and in those days it was trivial too.
These kids don't do anything positive because they can't. They wrap themselves with other gloating morons ("this guy is the best at VB") - helluva compliment I'd never like to get.
And how the fuck does this virus sit in your registry after it just formatted C: ?
I suspect these kids are just piss poor script kiddies that have all chipped in the pocket money to get a 384k DSL and invited the local rag round to watch them gloat, get drunk on a can of cider and agressively smoke (and them presumably puke everywhere)
Not that I'm a fan of Microsoft or anything, they should tighten up the code (the worst is yet to come - source in the wild), but these kids are not "dangerous" but just a minor irritation, a boil on the ass of civilization if you please.
IIRC posting, writing, or keeping copies of instructions for making bombs is illegal in the US. Why? Because bombs harm many people and do lots of damage. Viruses should fall under the same catagory.
Yes, virus writers are rather skilled compared to their counterparts script kiddies (and even worse click kiddies). I don't care how skilled they are, they can put their talent to other things.
The art behind virus writting is make it do good things in a few lines. Put that talent to work on opensource software. Imangine if some of these people got together and worked on the 2.6 kernel for linux. Maybe it would have been out 6 months earlier or it may have some more advanced features.
There are many things they can do, but the fact is they should not write viruses or even post the code/instructions/tools for making viruses anywhere.
IMHO
~ryan
I can sympathize with anyone working in IT when a worm or email virus starts mass propagating. It's no doubt a pain in the ass to deal with when your network is getting hammered. In that sense, I can understand why someone would want to see the writers of these programs flogged, imprisoned, gangraped, and so forth.
Personally, I'd rather see just one vicious email virus rip through the mass of click-happy idiots that cause these epidemics. Every major case thus far has been, at most, a minor inconvenience at the enduser level.
After losing their entire system to one of these viruses, something tells me the number of people that go about clicking every attachment they receive would significantly decrease.
Before anyone bleats about the innocent suffering: too bad. Do children ever listen when they're told not to touch boiling water? No, they only learn it the hard way. But the one advantage is that it's a lesson not soon forgotten.
WTF has writing a virus got to do with terrorism? This is something I have never understood about the current USA fixation.
I would certainly agree that it is a crime - even an economic crime. It might even be the same sort of crime as Enron and the like. Not quite in their league though...
Certainly the writers of these are dirtbags but I don't se them as the same sort who blow up busses or seek to take away our legal freedoms from illegal police actions.
I'll see your Constitution and raise you a Queen.
That's of course very true. Also, if no-one stole anything, we wouldn't need locks. If people weren't violent, we would have no need for police. [/sarcasm]
Seriously, though, wouldn't the whole world work better if people just realised that their actions have a direct result on the quality of everyone's life? People in general don't recognise that society is an unspoken contract: they don't realise that their actions either enrich society, or make it worse. The "What's in it for me" crowd are the ones who make society much much worse for everyone.
Utopia doesn't exist, though, so we all have to do what we can to make our own part of society a better place.
The problem with this though is that if there is no recognised reward for doing the right thing by society, then there will be less inclination to do the right thing. So most people will just do what's right for themselves, contributing that little bit more to the decline...
You really do have an interesting point. If sending a virus to my computer can be called art or intelligence or cleverness, then can kicking in the virus writer's knees be considered art or cleverness? After all, the kicker is just exploiting a the weakness of the kickee, in the same manner that the virus writer is exploiting a weakness of someone else. It would be artistic because it would be sending a message, & it would displaying the human body in a way that isn't usually done. It would certainly get the kickee to think.
testing out my trending skills
Blaming is more fun, of course.
Fixing the problem requires stepping back and noticing some root causes.
WHY do we have a situation where a quick double-click can destroy a software installation or transfer ownership of the computer to a spammer?
Imagine a comparable situation in meatspace. Imagine a chemical plant with a big red button on the main floor which would set the plant on fire and release poison gas in the nearby city.
Management might try educating the workers, putting up signs saying "don't push the big red button", disciplining workers who bump it accidentally, and so on. The fix is not to have the stupid button in the first place.
Our situation on computers is even worse. People have to double-click attachments all day to get their jobs done. It's as though the big red button were small, green, necessary, and only destroyed the plant one time out of a thousand.
The most solid fix is to run MUA's chrooted or under systrace jails. The next best is sensible defaults that don't allow executing candy from strangers.
>Windows is a security nightmare and it practically invites viruses in.
There are probably installations out there that still execute active content in the Preview pane, allowing things like Klez to spread without any user action other than looking at email. Trying to compensate for that with user education is, well, ambitious.
This can already be done in Outlook XP. Save the following to a .reg file :
Windows Registry Editor Version 5.00[HKEY_CURRENT_USER\Software\Microsoft\Office\10.0
"Level1Remove"=""
Intelligence shared is intelligence squared.
That realization eventually dawns on us all. The mass media is a soul-destroying vampire. Great post.
sig under development
has the article author created a worm, making the article spread from paper to paper? If that's the case, then I guess slashdot is the open relay making it possible.
Hofstadter's Law: It always takes longer than you expect, even if you take into account Hofstadter's Law
just like you are a consumer now (not a customer). it's part of the process of convincing people/marketing to people that businesses are people. that business is part of everyday life and that they can be hurt unjustly just like people. Unfortunately, business rarely die due to terrorism (bankruptcy/insurance anyone), and they dont have to rely on trial lawyers when their rights are infringed. By suggesting that hurting business one is commiting an act of severe violence the media/business community continues to expand the view of businesses as everyday 'people' when in fact they are their own class of immortal citizens (i believe i stole that from chomsky, shrug)
All your preview button are belong to Hello Kitty.
Dead right.
I recently fixed a friends XP box. It was crwling with, literally, hundreds of viruses and worms - his email "victims" were getting seriously pissed-off with him constantly sending them the same crap. Of course, he didn't have a clue what was going on. Yahoo would tell him that this attachment may be dangerous and he would go ahead download it and click it anyway. He just didn't understand. His business associates were phoning hom daily to tell him to stop emailing them but he simply ignored them all. Until his machine just packed-up and died.
Took me 2 days to revive it. (I took him off the net and he doesn't touch the computer anymore. Best thing all round, I think)
sig under development
Virus writers are just bored amateurs by and large. The stuff they put out is so crap it barely works. The only reason it is a threat is because of the attitude of Monopoly$oft & the fools who use their crap. Ahh I feel better now...
[Gentoo is hyped. Modded into the ground to suppress opinion]
Well, I do guess the US aren't forcing other countries to sell them goods? Maybe the US actually pay for the goods they import? We trade on the open market because both parties actually benefit from it.
1) This is irrelevant, since my point in the other post was that no, most of our consumption isn't being bought up by other countries.
2) The trade deficit *does* hurt us, and doesn't always benefit our trade partners. It's a drain on our economy in several ways, mostly because stuff that used to be manufactured here, by Americans, is manufactured overseas where it's cheaper. We lose jobs, people overseas often end up in exploitative work environments, and the only people who benefit are the companies that are making lots of money off the deal.
Don't you wish your girlfriend was a geek like me?
The only interesting thing i found about this article is that I first found it in last week's New york times magazine, and the article this story links to is from UK's Observetr. I really wasn't aware that magazines reprinted each other's material.
You always point your finger at the bad guy, but what if the bad guy points his finger at you?
It appears to me that overcoming human nature requires more than education.
Historically, I believe it has required a gun.
And yes, education rates about AIDS are falling. There is no reason for any educated person out there to get aids through volentary sexual contact. The responsibility for educating citizens falls upon governments, but in my world, everyone is responsible for their own choices.
..don't panic
Actually, I just have a cold! :)
---- It puts the lotion on its skin or else it gets the hose again. It does this whenever it's told.
Seriously, you may not agree with the parent's post, but it's obviously a serious opinion, not a troll or flamebait.
But there is another kind of evil that we must fear most... and that is the indifference of good men.
Why is this better? Because "autozip" leaves you in exactly the same place as non-zipped -- the sheeple simply get conditioned to clicking the ZIP archive and then clicking on the "KEWLSCREENSAVER.EXE" contained within. The system we have here prevents even this level, and stops all "accidental" executables from coming through. If you really really needed to get an executable through, you could of course play a round of "rename-the-file-extensions".
When I first heard of this policy, I thought "that's one of the stupidest decisions they've made in a long time." But, when you look at it from their perspective of the "you may not run unapproved software on company computers" policy, it's not bad. And having lived with it now for several years I can say that I don't find it onerous. I can still email executables if I need to, but the bar is raised so that casual use doesn't let it happen. If I have an executable to send, either I play the rename games or I find an FTP server somewhere. It's worked remarkably well at keeping our windows viral infections low, and keeps the clueless users from hurting themselves.
The brilliance of this system is that even if a virus writer were to attempt to send a suitably tarted-up executable, the chances are excellent that the subset of people who would give up in frustration at being unable to understand renaming the file to .EXE would coincide with the subset of people who wouldn't immediately recognize it as a virus ploy.
It doesn't even take a three step process to implement. Two steps: 1. Set your virus scanner to scrub out absolutely every executable, including those found inside ZIP files. 2. Send out a memo saying, "New corporate anti-virus policy: Effective as of ten minutes ago, there will be no more emailed executables ever."
John