Slashdot Mirror
The Virus Squad
dncsky1530 writes "Sydney Morning Herald - The Virus Squad - 'A new species has been discovered. So new, it's still unnamed, but researchers are racing to tag it - before it spreads around the world. For the next 10 to 30 minutes, the computer virus or worm is dissected, analysed and identified... "On the day we detected MyDoom, we did another 18 viruses," says Paul Ducklin, Sophos's head of technology for the Asia-Pacific. "There are about 800 new viruses a month. And the unglamorous bit of our work is often the other 798."'"
Maybe a lot of /. readers are too young to remember real viruses, or to have played around/collected them, but its been a decade since a real infectuous virus has gone around.
If it can't infect any arbitrary EXE file, its not a virus, its a trojan or a worm, depending on wether or not its a moronic user or a security hole that allows it to enter the system.
Well, I have to wonder how well the whole antivirus industry is handling the problem; why release virus signatures instead of just changing the entire underlying security system in the operating system? It's things like viruses that make SELinux seem like a very good idea to me.
It's things like SELinux that make the status quo seem like a very good idea to the antivirus industry.
Forget thrust, drag, lift and weight. Airplanes fly because of money.
"There's still a big perception out there that only broadband users need one," Lee says. "Everyone needs a firewall, along with antivirus."
This rings all too true. If forwarding ports for certain applications wasn't such a pain in the ass, I would say make ISPs require firewalls or find a way to have some sort of personal firewall for their connection that they can access from the internet and change the settings on. Just a thought.
This would bring up other problems, but it'd at least stop a lot of problems with trojans and open relays.
How does that go?
"I AM PR3PAr3D T0 0ff3R TH3 2um 0F tHR33 BaGz 0f Ch33zY P00fS 4 a 3l33T P2Ych0!og!st!!!"
"While you clearly have abandonment issues, the practice has been hard up for money lately. Very well, I accept. But first, tell me about your mother."
Look, it doesn't take a psychologist to explain that when you sit the average person in front of a computer, they become a mouse-clicking fool. No amount of emergency IT sessions with the staff explaining precautionary tactics involving attachments is going to change that, and if any psychologist recruitment is necessary it's to explain why the average person keeps clicking attachments to messages in obviously broken English.
That's why blaming software vendors like Microsoft is stupid. Will four ARE YOU SURE YOU WANT TO RUN THIS warnings before allowing the execution of an attachment do any more than three?
Old viruses don't die, it seems, they just run out of potential targets as software choices change and security holes are patched. ... we still occasionally see viruses from 1995," Ducklin says.
"You might think that there are some that will almost certainly never be seen again but it is surprising
There's a reason enough to be on your toes and patch your new install as soon as possible.
I have been working as a consultant for small office and home office users since being laid of from Intel in 2002. The view from the small office and home office is very different from the view from within the IT industry. I've been working to educate my clients on the importance of regular backups, anti-viral protection and firewall protection. I spent the last two weekends removing viruses from computers that were on cable modem connections with no ant-viral software installed and no firewall installed.
I am starting to think that I need to help my clients to protect their data and make their systems hard targets. I'd like to think that the virus problem will be addressed by operating system changes. However, the reality in the small office and home office is that operating system upgrades are almost always tied to the purchase of a new computer. Third party security products will continue to be important as long as users stick with what works for them today without worrying about what might be available tomorrow.
...safe in the knowledge that the VIRUS SQUAD are dissecting viruses for me AS WE SPEAK!
ACTIVATE TEAM VIRUS SQUAD! GO FOR GLORY!
But how often do you run across a computer you have to service with expired virus subscriptions? It seems to happen to me quite a bit. I suppose M$'s virus scanner mentioned earlier on /. might help, but that reeks even more of conspiracy than the current "protection money" setup does.
Rather than bundling a questionably legal virus scanner into their next service pack, Microsoft should perhaps add a tool that helps to lock down permissions on NTFS volumes, creates unpriveleged accounts for users and various services, etc. Even with the multitude of security holes, Windows can be made a lot harder to mess with, if you put a little work into. The key here is privelege seperation.
Some security companies do give back to the community. GRISOFT offers a free version of AVG Anti-Virus 6.0 for single home users. Zone Labs offers a free version of the Zone Alarm firewall.
Do you know of any other companies that offer free anti-viral or firewall software?
"There are about 800 new viruses a month. And the unglamorous bit of our work is often the other 798."
Anti-virus vendors that consider a mass outbreak of a worm to be 'glamorous', compared to the 'unglamorous' stuff that doesn't get as much publicity? It might sound daft, but consider that they (should) put the same amount of work into each and every virus - i.e. preventing it - there shouldn't really be an issue with how glamorous something bad is.
Analyse it, deal with it, out the door, next virus is how it should be. I'd hate to think how they'd deal with biological virus outbreaks...
Well, the article hints at some sort of collusion between spammers and the author of MyDoom, but it seems like this would be the exception, even if it's true. The virus writers are in it for the fun, of course (not to mention revenge).
It also seems possible that the antivirus companies themselves are writing the viruses, then charging to protect users against them, but this also seems unlikely, given the police investigations that inevitably follow major virus outbreaks.
"If you unblocked port 135 [an access point Blaster targeted] you would be found by Blaster," Lee says, adding that it would just be a matter of time.
This happened when I installed a (legal) copy of Windows 2000 on my GFs old machine. Boom! Infected with Blaster on the first five minutes on the net, trying to D/L a firewall. Not to speak of the servicepacks... It happened so fast, I thought there was something wrong with the modem drivers, I downloaded via an iBook. I spent a lot of time getting that machine up. But as the family of the GF saw what happened, three persons became Apple converts that evening.
My GF now has an iBook and is more productive on a computer than ever.
Right, no one would ever write code for the joy of writing it. That's why this OSS fad will never take off...oh wait.
The Tao that can be spoken is not the one eternal Tao
All that effort and the anti virus companies still haven't figured out a way to share their work with a common signature file. No wonder there is so much drugery.
Its quite ironic that over the years ive downloaded a hell of a lotta dodgy programs from dodgy sites and P2P and never used an anti-virus tool and the only trouble ive had (never used outlook) is when i've connected an unpatched windows machine to the net and been infected in 3 minutes.
This comment does not represent the views or opinions of the user.
I was thinking about how to design the "perfect" virus... I'm not a proficient enough programmer to even begin writing a virus - so don't come a knocking. But it's an interesting thought experiment.
.cpp file and randomly changes one digit per file (imagine if your report to the board now says 9 Million rather than 1 Million... or if your for...next loop is waiting for an incorrect value)
:-)
Here's what I've got so far...
1) Virus initially comes in as an attachment - user opens attachment (relies on non tech-savy people).
2) Virus scans through "Sent Items" and sends itself to every address that has been sent an attachment in the past. Uses a subject line like "Updated [whatever]" (Tech-savy folk might forget basic precautions)
3) Virus scans through every Excel / Word /
4) Virus wipes itself out after 6 hours (most people only update their virus checker >= 24hours. Once signs of the virus have gone it will be hard to know if you have been infected and which files have been compromised)
5) FBI come and arrest me
Seriously... one has to admire the "I Love You" virus, if only for getting so many tech-savvy people to click through... But what really worries me is the viruses we haven't discovered. What if, say, Winamp has a logic bomb in it? How would any of us know until all our data was corrupted?
If a square is really a rhombus, why aren't all triangles purple?
There is AntiVir which provides its software free for personal users, however it's in German only. I've used it on my Win2k system for a few years now. As far as I know it doesn't integrate with any e-mail-clients, but it recognized viruses in attachments as soon as I saved them to disk.
It's got auto-updates, Outlook add-on module, etc. All good. They want some info in lieu of registration, but it's non-spammy/invasive
You can download it from here if you're so inclined.
Disclaimer: I have nothing to do with Avast, beyond being a quite satisfied user of their software.
I received a few emails with attachments which just smelled like worms, although neither the AV checker I had on my Linux system nor one of the online AV checkers identified them as infected. Curious about this, I saved them in a directory and rechecked them from time to time. It wasn't until 3 or 4 months later that the AV checkers fingered them as worms, and worms that had been floating around for almost a year. (I assume a virus writer must have tweaked the code on an existing virus just enough to make its signature unidentifiable as the original worm.)
"You mean, there's nearly 800 new viruses a month? Wow! I'm sure glad I have my copy of '_______' to protect me from having to know what's really going on in the dark and chaotic world just beyond my telephone/cable connection! And now those terrorists are recruiting psychologists, too? To know what I think in order to get me to click on the activate-virus button? Oi, Crikey! The FEAR!!!! Somebody should bomb somebody! Somebody should take away my rights! I'm sure glad I live in Australia which has the back-bone to support our two other brothers in the Axis of Assholes; the U.S. and the U.K.!"
I also noted that the article neatly throws the whistle-blower under the umbrella of suspicion;
Marvelous. If this meme gets out, the public will then, not be allowed, to police itself. Who wants to be the target of an anti-terrorist investigation, after all?
Modern Media is a joke. It takes a conscious effort to remain calm and light-humored while reading this kind of garbage.
-FL
Open Safari. Go to /.
Virus story. Yawn.
Wonder how people can still defend Windows with that "it does what I want" or "it gets the job done" excuse.
Scroll.
Get on with doing what I want and getting the job done.
(posting no bonus. mod off topic if you must. just an aside.)
- I am made of meat.
F-Prot antivirus is available for free for home users, and runs on Linux, Windows, BSD, DOS and Solaris. For the Unix-based systems, there is a nice GUI front end called xfprot.
Smoothwall is a "best-of-breed Internet firewall/router, designed to run on commodity hardware, and to give an easy-to-use administration interface to those using it. Built using open source and Free software, it's distributed under the GNU Public License".
Follow me