Slashdot Mirror
The Virus Squad
dncsky1530 writes "Sydney Morning Herald - The Virus Squad - 'A new species has been discovered. So new, it's still unnamed, but researchers are racing to tag it - before it spreads around the world. For the next 10 to 30 minutes, the computer virus or worm is dissected, analysed and identified... "On the day we detected MyDoom, we did another 18 viruses," says Paul Ducklin, Sophos's head of technology for the Asia-Pacific. "There are about 800 new viruses a month. And the unglamorous bit of our work is often the other 798."'"
Maybe a lot of /. readers are too young to remember real viruses, or to have played around/collected them, but its been a decade since a real infectuous virus has gone around.
If it can't infect any arbitrary EXE file, its not a virus, its a trojan or a worm, depending on wether or not its a moronic user or a security hole that allows it to enter the system.
Well, I have to wonder how well the whole antivirus industry is handling the problem; why release virus signatures instead of just changing the entire underlying security system in the operating system? It's things like viruses that make SELinux seem like a very good idea to me.
It's things like SELinux that make the status quo seem like a very good idea to the antivirus industry.
Forget thrust, drag, lift and weight. Airplanes fly because of money.
"There's still a big perception out there that only broadband users need one," Lee says. "Everyone needs a firewall, along with antivirus."
This rings all too true. If forwarding ports for certain applications wasn't such a pain in the ass, I would say make ISPs require firewalls or find a way to have some sort of personal firewall for their connection that they can access from the internet and change the settings on. Just a thought.
This would bring up other problems, but it'd at least stop a lot of problems with trojans and open relays.
How does that go?
"I AM PR3PAr3D T0 0ff3R TH3 2um 0F tHR33 BaGz 0f Ch33zY P00fS 4 a 3l33T P2Ych0!og!st!!!"
"While you clearly have abandonment issues, the practice has been hard up for money lately. Very well, I accept. But first, tell me about your mother."
Look, it doesn't take a psychologist to explain that when you sit the average person in front of a computer, they become a mouse-clicking fool. No amount of emergency IT sessions with the staff explaining precautionary tactics involving attachments is going to change that, and if any psychologist recruitment is necessary it's to explain why the average person keeps clicking attachments to messages in obviously broken English.
That's why blaming software vendors like Microsoft is stupid. Will four ARE YOU SURE YOU WANT TO RUN THIS warnings before allowing the execution of an attachment do any more than three?
...the only people other than criminals who profit from viruses have a stash of 87000 of the little blighters and clearly a lot of knowledge, i feel a conspiracy coming on...
hmmm.
My isp has NO business controlling my own hardware.
The ONLY thing they should be able to do is shut me off totally.
---- Booth was a patriot ----
But how often do you run across a computer you have to service with expired virus subscriptions? It seems to happen to me quite a bit. I suppose M$'s virus scanner mentioned earlier on /. might help, but that reeks even more of conspiracy than the current "protection money" setup does.
Rather than bundling a questionably legal virus scanner into their next service pack, Microsoft should perhaps add a tool that helps to lock down permissions on NTFS volumes, creates unpriveleged accounts for users and various services, etc. Even with the multitude of security holes, Windows can be made a lot harder to mess with, if you put a little work into. The key here is privelege seperation.
"There are about 800 new viruses a month. And the unglamorous bit of our work is often the other 798."
Anti-virus vendors that consider a mass outbreak of a worm to be 'glamorous', compared to the 'unglamorous' stuff that doesn't get as much publicity? It might sound daft, but consider that they (should) put the same amount of work into each and every virus - i.e. preventing it - there shouldn't really be an issue with how glamorous something bad is.
Analyse it, deal with it, out the door, next virus is how it should be. I'd hate to think how they'd deal with biological virus outbreaks...
Right, no one would ever write code for the joy of writing it. That's why this OSS fad will never take off...oh wait.
The Tao that can be spoken is not the one eternal Tao
I used to love AVG's offering and had it installed everywhere...until I upgraded to Win2k. They didn't support Win2k, because it was considered a "business" product. I was a home user, using a "business" prodcut...thought it was a little silly.
Sig it.
Your other suggestions are sound, as far as they go, but unfortunately most people will deliberately run with administrator privilege if they can, and there is still the fundamental problem that the OS does not run if system files are write protected. OK they can be protected from regular users, and it helps, but is not sufficient. But, I think you are saying that it should default to the most secure settings out of the box, instead of the opposite. People like us have been saying that for years, to no effect. It will only change if the Monopoly gets new and technically competent management, which up till now they have never had.
1) Virus initially comes in as an attachment - user opens attachment (relies on non tech-savy people).
When the virus sends itself out, have it send an email containing a simulated conversation between two college students planning a weekend out. Have the conversation end with the comment of sending the pics of the weekend as a slide show or something. Have one of the email addresses (visible in half the replies) be one character off the target email address.
So now our victim sees a conversation between two college students plannig a weekend out and sees reference to attached pictures in a slightly odd format. Follow up immediately with another email in a paniced tone explaining that the pictures were sent to the victim in error due to a typo in the email address and please delete them as they contain some embarrasing half/fully naked pictures.
Now that's a virus that'd spread.
Feel the fear and do it anyway.
Open Safari. Go to /.
Virus story. Yawn.
Wonder how people can still defend Windows with that "it does what I want" or "it gets the job done" excuse.
Scroll.
Get on with doing what I want and getting the job done.
(posting no bonus. mod off topic if you must. just an aside.)
- I am made of meat.
They will see no benefit.
Say there are only 5 AV companies.
That's 5 * 800 = 4000 names/variants per month. That's good scaremongering, and more likely to get them a sale by increasing the whole market. Gran doesn't know the two viruses on the news are the same?
Also it would probably take longer to agree on a name than dissect the virus, where the valuable minutes mean money. Companies will go to the fastest response time and spend their money there.
The benefit of a standard name is so small it won't be economically possible in the current marketplace.