Slashdot Mirror
Unprecedented level of Virus Alerts
arpy writes "iTnews reports that according to Trend Micro (makers of PC-cillin), there was a record-breaking level of virus alerts in the first quarter of 2004. In Q1 2003, Trend issued 35 virus warnings. During the same period this year, it issued 232. According to the company's annual virus round-up and forecast (PDF), the number of alerts was pretty much steady for 2001-2003. Particularly noteworthy is that so many of the viruses are variants, not original. Trend's April 2 Weekly Virus Report reveals that of the "Top 10 most prevalent global malware", the top five are all variations of Worm_NETSKY. This would seem to confirm Virus creators are sharing more code."
Especially on IRC. Quite a few IE/mIRC trojans/viruses. Too bad so many users are so clueless and will click anything that looks like it might be porn.
Its reactionary, they cant predict what people will code. Its sad that they give people a false sense of security.
This would seem to confirm Virus creators are sharing more code.
So, do they prefer GPL or BSD license?
A quote from a journal entry from last September:
And so we come to the nightmare scenario. A relatively benign
parasite has infiltrated the general population and suddenly a very
"hot" parasite discovers how to piggy-back that infection. In the
blink of an eye - a day, an hour - 50% of Windows PCs around the
world are destroyed. It can happen, and therefore, it most probably
will.
Ceci n'est pas une signature
Clueless people deserve it.
that there are lots of pissed off wanna be script kiddies, who are not happy with the way the world is heading, and see it as their duty to try and throw a spanner in the works.
I just block everything that isn't a document of some sort. Haven't had any problems at my company since.
It's a viral license, remember?
the first of April? After all, that would be SO original...
Well, there are even program's that can "make" a virus for you. So it is not strange you get more and more every day. I see it also on my box. How many times i have seen "Netski"... But it's good that the virusses aren't getting any "better". Like screwing up your bios or something like that.
don't many of these viruses use the same vulnerabilities? if that's the case, doesn't that mean a statistic like this should be pointed to not as an indicator of rising numbers of viruses, but as an indicator of the lack of response from the applications being exploited?
:)
i'm not certain that these viruses use the same vulnerabilities, so my second question is pretty heavily weighted on the first
A record number of viruses, and yet I've had no trouble with any viruses on my main machine (FreeBSD), my laptop (Debian) or the family computer (Redhat).
455fe10422ca29c4933f95052b792ab2
The Windows Virus License, of course, since they're all Windows viruses, of course! ;)
...
Windows Virus End User License Agreement
Licensor, Skrip T. Kidie hereby licenses to you, the licensee, the ability to be infected on a single machine with not more than eight (8) processors by this Windows Virus (hereafter "the Virus").
By reading this, you agree to allow your machine to become infected. We reserve any and all rights without limitation, while you disclaim any purported rights you might have so much as thought you had, including "fair use" rights, and agree to hold licensor harmless for the inevitable destruction of your PC.
In the event you are found in possession of more copies of the Virus than you have license for, you will owe us $699 per violation. Furthermore,
(10 more pages of legalese here)
I wonder what the numbers will be for the second quater. :)
You are not the customer.
Of course, we've still managed to get viruses through, both from not having the latest update (one Bagle variant got through), and from people not running the virus scanner - on Monday someone who had his/her portable at home at the weekend connected to the office network with NetSky-Q loaded.
When you have 232 virus warnings in a year, you have a wee bit of a problem. When you have 232 alerts in a fourth of a year, you have an industry gone markebonkers. Thats 2 and a half alerts per day. Is it any wonder Joe Average isn't paying attention any more and is getting fried? 232 virus warnings doesn't say to me that there is a problem with viruses, it tells me that there is a problem with whomever is issueing them. They need to re-evaluate what constitutes a warning, and what doesn't. Does BobWanky'sWhoopieWorm_A, BobWanky'sWhoopieWorm_B, and BobWanky'sWhoopieWorm_C, all need separate alerts? Its doubtful. We need to reign in these virus companies, who appear to have gone quite literally bananas, and give them a good smiting.
Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
I'm not horribly surprised by the number of viruses and worms flying around right now... and I do see quite a few of them as a Systems Admin for a wholesale ISP.
What does surprise me is WHY these spread. I thought we had taught people time and time again, over and over, "don't open non-document attachments"... "keep your antivirus software updated"... "if you're ever in doubt, call us". Our advice is taken in and actually used once in a while, but it always seems to be thrown aside and forgotten.
I'm still on the search for that magic bullet that won't involve horribly restrictive mail filters or a lobotomy to remove the "OPEN EVERY EMAIL ATTACHMENT I RECEIVE" lobe...
AV software seems to do a lot of scanning in a minimum amount of time. Considering the thousands upon thousands of viruses running around the wild, how is AV software able to scan each file so quickly, even if it only looks for specific signatures, it seems that each file would take an inordinate amount of time to scan. However it doesn't.
Can someone give a brief explanation of how anti-virus software is able to scan so many files so quickly?
I have been pwned because my
Amidst all this, anyone know how clam AV (open source virus scanning engine, and 3rd fastest updater) is holding up?
-- http://www.criticalassets.com
It also indicates a couple of other things:
- Outlook/Outlook Express need to die (or at the very least patched properly)
- Internet Explorer suffers the above affliction (and by implication, so does Windows as a whole)
- People never patch their boxes, even when patches are released
Since I am the "nerd" of the family, I get to make regular house calls to cleanse this shit from people's computers. I gotta say, the article is absolutely right. The number of worms, viruses, etc is insane this year.It's only a matter of time until one of these is truly destructive... Perhaps a fortunate side-effect would be the world waking up to why Microsoft software is so horrible.
bash: rtfm: command not found
There are few large virus threats in the past few years. Most of the stuff we see every day is technicall a worm.
Why are we married to calling everything virus related when it is actually the flash-spread of worms that pose the most risk?
The Morris worm was a wakeup call. It was the first large worm, and simultaneously the first Warhol attack. Today, the 'growing threat' is the idea of Warhol-type worms, even though the first such attack was back in the 1980s.
The future of security is probably in the department of protecting against blended threats. AntiVirus software that only deals with stuff on your disk isn't enough anymore. You need, in order of importance:
1. to adopt safer computing practices.
2. Have some type of firewall that limits external access to services you don't actively use.
3. A behavior based IDS (or similar technology)
4. Disk and memory AV (eg, a typical antivirus program)
5. Signature based IDS.
Signature based IDS is least important, especially if you have the firewall in slot 2 that negates most of the use of an IDS. Disk and memory AV is important, but since 99% of all user-originated content comes over the wire these days, the smart money is on 1, 2, and 3.
I suppose step 6 should be "Demand accurate coverage from technically competent news professionals that know the difference between the various threats". If your local anchorman said "Earthquake warning!" and it turns out it was a flood emergency, would you find that acceptable?
The worst part is some people are so out of it they don't even know they are infected and their system is being used to send out the same thing that infected it everytime they go online.
On the plus side, we can hope that if The Machines ever get away from us, we can get Jeff or Data or NEO or Ahhnold to load a virus and save us. On the minus side, one of these days someone is going to write something really nasty, and even those of us who don't use Windows will be affected, either through the drag in traffic, bringing down nodes, or the phone calls and other messages.
It would be great to have a system that looks for changes and reports them...oh wait, I already have that.
-cp-
Alaska Bugs Sweat Gold Nuggets
Does anyone suppose there are links to organized cyberterrorism at play?
...the data regarding AntiVirus software purchases, firewall purchases, patch downloads, etc for the same period?
Since there was an unusually high number of viruses and alerts, it would be nice to see just how it's being handled on the user end. Were there spikes in Norton Anti-Virus purchases? Or are people getting nailed with virus after virus ( a big clue is that it's mostly just a slightly altered form of the virus ) because they're being typical Joe User and not trying to guard themselves?
Slashdot sucks
And writing them for the same reason for the same people. Money from spammers. Look how many of those new viruses open back doors for proxies and steal email addresses. I don't think that it is so the virus writers can send love notes anonymously.
Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
Viruses reply on several points of entry, and now use specialised code with predictable behaviour, that cause measurable damage to systems and networks.
One thing, the companies who make money off this certainly do not want this to stop. This isn't a put a tin foil hat on message. Just correlate the line, viruses and profit for these companies. Now, of course, chicken and egg.
Security is going nowhere, patching holes isn't going to save a sinking ship, and myself, I do not want to let the 'everybody else' flaot the security boat for too long now, else they will have enough power just to pay their own people to write the next netsky.
What do you think can be done to remove the threat of viruses trojans and worms in the near future?
Something simple, like an email client that runs with no provileges, in a sandbox, unable to harm the host computer.
Or idiotic employees working *in* a sandbox, with no network connection, and a fisherprice computer.
Yeah, that'd be more useful.
Lets just all keep in our minds these people *profit* from this, and we cannot altogether trust anything they say.
*puts on tin foil hat* erm.
Oh the point, yeah, maybe anti-virus writers should SHARE CODE.
I run a website called politrix of which is my own Sun machine. I recently received the following email and am confused of what to doCan someone please link a book on common sense so I can buy it to figure out why I am suspending my own account. Please hurry! Currently I am writing to this poor man in Africa who's promising me a couple of cool millions, so when I become rich, I will reward you handsomely.
MoFscker
time passes, records break.
imagine that!
What else, a lot of software engineers and students are without a job. What else but to look at another virus and improve it. Who knows, maybe all those bored Indian programers are writing the virii in India and release it to the world.
See? Open source works. :/
You should have at least suggested a nix box instead of the silly apple :)
FROGGYJ
http://www.BackupYourPC.com
In a way, the antivirus industry always reminds me of the nobel profession of arms dealing. On the table you provide your clients weapens to "defend" themselves and to archieve and maintain peace. Off the table you know the business only flourishes when there is a war. Of course there is always a war, but your interest is in an all-out war. So what do you do if there is no such an all-out war going on? Don't panic, you simply make your clients believe there is one indeed. As soon as they believe you, you win.
If you don't know what I'm talking about, you shoudl read Vmyths more often.
I, for one, welcome our Virus creators, as long as they Open Source and GPL.
Word.
pi
Not everyone needs to make that distinction. Miss Suzy Q. User doesn't care or need to know if it's a virus, worm, or trojan. It's all malware. As unfortunate as it is that "virus" got chosen as the catch-all term, there's just no compelling reason to differentiate.
Plus, this way people like yourself get to feel smart pointing out which ones aren't actually viruses.
--
the strongest word is still the word "free"
A lot /. readers are not familiar with Windows and may ask what "virus" means in computer science. So in order to better understand this article, here's a short presentation.
:
Virus are popular peer-to-peer sharing systems designed and optimized for Windows platforms.
Great features of these systems over other P2P systems
- It's free software, although the license is often missing.
- They are very well maintained. New versions are released almost every day.
- They are easy to use : no need for a GUI, no need for a CLI, everything is fully automated.
- Updates are also automatic.
- No need to tweak your firewall, popular viruses can work on port 25 using a SMTP-like protocol.
In order to join this community, you just have to run an installer called "outlook.exe". To improve your experience, the "internet explorer" add-on is also recommended.
And how handy, the installer and its add-on are part of the vanilla "Windows" installation CD set. No need to download anything and no registration is required. Very convenient.
Once the installer ("outlook.exe") has been started, an Evolution-like interface pops up. This is bloat, it can be safely ignored. Directly go to the "add contact" panel and fill in email addresses of friends you want to share executable with. Wait a few minutes (check the internet link is ok) et voila, viruses are automatically downloaded, installed and configured.
You know understand why this p2p system is so popular in the Windows world : easy to install, easy to use, and the operating system keeps a lot of unfixed security holes in order to avoid breaking backward-compatibility with older viruses.
{{.sig}}
I work in the 'PC Repair' industry, so this article really is of no news to me, as 90% of my business is pulling this garbage, and SPYWARE out of people's systems. I ask you, slashdot, are virus writers slowly getting in bed with these spyware writing scum suckers? More and more I see systems infested with a few nice worms, especially stuff along the lines of "Trojan.Startpage", the usually nastiness (B(e)agle, Netsky,) and TONS of spyware. Is this a sign that the two are going hand-in-hand, or just a giant example of the general idiocy of users. (I'm betting on both) Spybot/Ad-Aware/AVG only go so far. How are the tech-savvy supposed to protect these people? I've even had people try to claim that ad-aware or AVG INFECTED them a second time, because it wasnt there before, and they're system was working fine aside from mass mailing their friends viruses and throwing popups in their faces.
Will we reach a point when the constant pushing of garbage in users faces will make the internet worthless to the common man?
SPAMMERS...
The worm/virus explosion is because RBLs are WORKING, and spammers are finding less IP space they can operate from. Their only alternative is to infect client PCs and turn them into proxies. Any mail admin can tell you this is what's happening. RBLs are working. Now if we can get the ISPs to enforce their Terms of Service and shut down compromised PCs, along with the authorities who may at some point get off their lazy asses and start putting some of these spammers in jail, we'd have 99% less virus/worm propagation. Occam would agree. Lobby your District Attorneys to stop prosecuting Tommy Chongs and do something in the public interest and the world will be a better place.
How do Microsoft keep people from thinking Microsoft == Massive Virus attacks?
/rant
Because people think Microsoft == Computers, Computers == Viruses.
They assume they shoud live with this. Plus Joe nobody gets a kick out of not working for a day because his computer is shot. He misses d/l the pr0n though. Poor joe.
The biggest worry is, when people do make the change, how many viruses will make it to Linux, because all linux software is written by people who know about mime-types, executables and user privileges.
Lets assume mr maliscious virus will not got root access on machine, which is highly plausible and a great achievement for the OS, but still, Joe Nobody stuck everything he ever worked on in ~/joes-stuff and now it is all gone.
Of I forgot, they put you in charge, the mail server strips executables and nightly backups are in a fireproof safe...
Hang on! Joe Nobody brings in his l33t UessB stick from home. somehow he edits the fstab and mounts the media, hurray, well done joe.
Well, not even Joe is gonna be that stupid, is he?
I agree, stop AV companies executing alerts, less alerts means less notoriety for the gimps who write this junk. There is one thing to write an exploit to demonstrate a security flaw, and also write the patch (an exploit without a patch, that always gets me) that is good. Writing piggy back script kiddie code, and emailing it to your schoolfriends, that is bad.
As more people get broadband, it makes sense for spammers to pay someone to write viruses/worms so that more spam can be sent via the infected computers with fat pipes. It's harder to close down the offenders as there are so many, and difficult to trace back to the culprit. As a bonus they can use the zombies to initiate DDoS attacks against anti-spam sites.
The program I wrote and use (see sig) treats all email file attachments as 'text files'.
This renders malware safe to handle and/or delete.
For the 'zipped up' malware, one could patch the filename in the zip file to something harmless then extract it.
However, this approach hinges on the requirement that the registry setting for text file processing (.txt) remains uncompromised. Unfortunately, there is one known malware that 'hijacks' that setting when it runs....
On top of that, one must have some sort of firewall program running at all times.
About a week ago or so, my firewall program detected some intrusion attempts from some rather eye opening IP addresses!
Hardly. This is just blaming the victim. A poor policy.
Relying on education and technological cures assumes that malware is a static target, but it's not. If you rely on improving people's understanding of viruses, you simply get viruses that act smarter and look like official emails. If you improve technology, you get viruses that actively target that technology itself (look at the BlackIce incident).
Technological solutions just create an arms race, and we've seen how well that works. Look at your inbox... the grim rise of noisemail is hardly a sign of success.
The solution is to acknowledge the nature of the problem: it follows the same laws as those of organic parasites, and the same solutions may be the only ones that work: perpetual change for the sake of change; trading of resistance; variety in place of standardization.
Ceci n'est pas une signature
I am running Fedora Core 1 w/ kernel 2.6.4 ... There have been these forrester research findings that linux distributions have about the same amount of dangerous vulnerabilities as Windows. When I took a peek at linuxsecurity.com all I found were vulnerabilities in server services like Open SSL, Squid and etc. Though I know those services are important to Linux's current most successful market (Enterprise Server Market). As a user running Fedora and runing services like: X server, cups, vmware and not having any other users but myself. Do I even need to patch? I mean, like X-server has been around for 20 yrs, can't I assume that it pretty much is safe from an external network attack?
DO NOT USE WinXP and IE6 TO VIEW THIS - YOU HAVE BEEN WARNED!
.CHM exploit to run win code in the local zone. MS SHOULD HAVE FIXED THIS THE OTHER TIMES hh.exe was COMPROMISED!
www.18to21sex.com/main.htm
IT SILENTLY INSTALLS A HARVESTER THAT LOOKS FOR CCs, SSNs, NAMES, ADDYS, PHONE NUMBERS. IT WILL NOT SHOW UP AS A PROCESS.
It then starts a server, and also posts the info to www.soviet-tanks.com DO NOT THINK I'M JOKING.
This can infect WinXP-current, even with updated AV, the only thing that will save you is a firewall that looks for outgoing connections.
This page uses a
If you want to run this fucker, use a fresh (from a new partition) install on a test machine, because the RUSSIAN who wrote this thing is pretty damn good (meaning BAD).
I'm AC because this machine will not know my name. Let me know what you find.
One (unfortunate) solution to spam from compromised workstations is for mail servers to refuse to accept SMTP messages from hosts in dialup and DHCP address ranges.
For this I use the Pan-Am Dynamic List (PDL).
I do not deploy Linux. Ever.
My fault, I suppose, for leaving it the demilitarized zone. I'm just so used to Linux though -- the idea that a modern OS would permit such a thing to happen is ridiculous.
I use Becky! and have never got a virus. However, as for the others in the office, even the engineers, at least 50% use Outlook, and judging by the icons I see in their icon bars, half of them have pending (pending for how long?) MS Windows Updates. It's a miracle there aren't more breakouts, quite frankly.
Reports lots of virii. Film at, meh.
If you were blocking sigs, you wouldn't have to read this.
The good thing is that, compared to rtm, your average script kiddie is not as well versed in the programming arts. Most of the virii/worms that we see rely on simple user stupidity and that bane of all computing, Outlook.
So I guess Step 7 is "fix Outlook or find something better". And perhaps step 8 should be "start shooting stupid people"...
If my answers frighten you, stop asking scary questions.
On OpenBSD and other Unix-like operating systems there is the free Systrace.
Windows and Solaris users can pay Cisco around $800 per server for "Cisco Security Agent" (Formerly Okena), which does the same thing as systrace, but with a nicer GUI and some packet filtering (I do not work for Cisco, I do not sell software.)
Workstation licenses were around $35 per seat.
When I tried to convince a Fortune 500 corporation of the value of deploying this type of security, the answer I received was "But this doesn't protect against SQL injection or Cross Site Scripting!"
So yes, Clueless people deserve it...
I do not deploy Linux. Ever.
Just more proof that terrorists are stupid in the head. A persistent and maintained DDoS over a few weeks could hurt the US a lot more in the long run than any foolishness involving airplanes.
virus companies, who appear to have gone quite literally bananas
So have they turned into bananas, or have they just gone to banana rich lands? Sorry, but I can't see how one can literally go bananas.
-Colin
First from a place near me a small town in South Dakota. Then from some shitty ISP in Texas, and now one originating from the UK. Every time I laugh and look at the .exe file thinking, yeah let me just load up wine and run that right away. Shit, like I use wine. Pffft. Send it to someone who runs an MS based system. I'd love to know how they got my email, I don't even give it to my family.
The "saving grace" of unpopular Unix operating systems is not so much the small installed base (the Microsoft claim) as it is the fact that generally these systems are installed by users with half a clue.
In the case of MacOS, it doesn't hurt that the default OS X installation has no remotely accessible listening ports.
If you have network services visible to the Internet (listening ports not behind a strong firewall and/or filter policy) you need to patch.If you run clients (web browser,mail reader, ftp, etc) that communicate out to the Internet, you need to patch.
Lastly, you will want to stay up-to-date with patches for vulnerabilities in the kernel (particularly the IP stack) as well as the most common libraries (OpenSSL, etc).
No.You'd want to take all possible steps to protect your X services from external attack. This includes not only keeping updated on patches, but also potentially taking steps to ensure that the server is only accessible (only ever accessed) through an encrypted tunnel.
If that tunnel is ssh (the most common method for X forwarding) then you'd also need to stay up to date on client and server vulnerabilities in both SSH and the underlying SSL libraries.
For a MS-Windows users, this is as simple as clicking "Windows Update" and hitting "Accept" a few times. I'm not sure if any of the Linux distros have gotten the process simplified to that extent?
I do not deploy Linux. Ever.
Just use Linux... and hope to God the virus community doesn't turn an eye toward it.
Better yet, just run OpenBSD in console mode without any binary emulation or compilers. Then you can say you're glad you were running Open when the big Linux worm hits.
I'm currently running Windows XP because I knew no better when I bought my PC... but I've also downloaded Spybot, Ad-Aware and AVG to sweep for any crap getting onto my drive, plus Firefox, Thunderbird and ZoneAlarm to stop it getting in in the first place. All of this stuff is available free, it works, and it's easy to use. Why don't PC retailers aiming at the home market just bundle all of the above with every one they sell? Better yet, how about bundling the above with a manual explaining how to use them? People complain about Linux documentation all the time, and they're right to do so, but more often than not Joe Public walks away with even less with their Wintel box, and they're the ones spammers and worm-writers target.
Out of curiousity, and because my karma sux, would anybody like to discuss why 'Nix users don't like Apple? Of course, guess it's a generalisation, but ever 'nix user I come across never suggests Apple as an alternative. But isn't Apple also pretty secure? Plus Mac OS X's kernel.....
My Favourite Meme
If this is such a problem, why has there been such little effort to actually fix it. There have been reactionary measures (patches, anti-virus), and overkill security that's years away (security at the hardware level). A HUGE chunk of viruses could be wiped out if
a) no more html email. Period. There's no reason for it other than making email look pretty. I've never run into a situtation where an informational email couldn't live without html.
b) No more attachments. Email isn't a file transfer protocol. There are many many many other safe ways to send files. Email was never meant to send binary attachments anyway. The RFC doesn't allow it. To comply, a dirty hack was created in which binary data is turned into plain text. But it's obvious email wasn't meant to be used in that fashion.
c) no more IE. No other piece of software has enabled so many viruses, adware, spyware, and shitware. IE is the malware enabler. I don't care if you use Opera, Mozilla, whatever, because pretty much everything is better than IE.
d) quit blaming the damn users. MS has designed an operating system to be used by the simpliest people on earth. Those whom have absolutly no computer experience at all. How can you blame them then when they open viruses? If you are going to design an operating system to be used by the masses, then you must implement security measures as if the user is clueless, because usually they are. Because you can open a virus without a warning, yet you can't modify your "Windows" directory without a myriad of warnings, makes me wonder how high a priority security really is to MS.
On the one hand, what I see is a 'cool' new trend in virus writing; "Wow! Cool! Like, I can re-script a code which will secure me lots of slave machines! Excellllllent. I want to play, too!"
On the other hand, it also strikes me as very convenient that the web should be pummeled right now when there is such a push to massively control EVERYTHING and EVERYONE on the planet. --How easy would it be for the fine people in black-ops-secret-shmecret-government to release a few hundred viruses into the wild?
Pretty damned easy, I'd say. But to what end?
Simple. Everybody is getting fed up. "Oh, please install new laws which allow us to punish spammers. Oh, please, mighty government, do SOMETHING to control the web so that I can get my email!"
The internet, at the moment, is THE prime source of real information and world-wide communication. You can say here, out in the open, "BUSH IS A LIAR AND A CRIMINAL" And link to a hundred sites which explain -with detailed evidence- exactly why this is so.
Fascist governments don't appreciate this. Machiavelli recommended the swift destruction of dissidents who speak such things, in order to control a kingdom.
230 new script kiddies a month releasing malignant code into the wild, or a handful of unimaginative agents bent on pissing everybody off so much that they start begging for leashes?
I don't know. But it wouldn't surprise me in the slightest to find out that the assholes -once again- are in charge.
-FL
Anti Virus makers are among the more profitable companies around, sure that they want to make it look like this is a gigantic threat.
...
Companies that
* Use a firewall
* Enforce the use of "RunAs" for all critical operations
* Dont use Outlook
Avoids 99.999999 % of all of viruses
.better scanning of mail on mail servers combined with better tools for doing that scanning (systems that send "you have a virus" crap are almost as bad as the viruses themselves)
hooks built into windows to detect "potentially nasty" behaviour (for example, modifying a system file, modifying winsock settings, changing the hosts file, making something start at startup, changing the IE homepage etc). When detected, one of 3 things will happen:
1.the action will be completly blocked (if its on a network with central policies and has this blocked)
2.it will ask you for the administrator password (if you are not an administrator or if the system has been set up to ask you even if you are admin)
or 3.it will pop up a nice warning to warn you that what this program wants to do could be bad.
Then, you can either allow it or deny it, depending on the settings.
If you deny it, windows would return an error to whatever program wanted to do it (e.g. if the program called RegCreateKey to create a key, it would return "cant create key" or if you called CreateFileEx to open the file, it would return "cant open file")
Plus, ideally, you would be able to add (but not remove the built in ones) new folders, files and registry keys to the "warnings" list. So for example you could have a writable file share on your system but if someone wanted to write to it, it would ask you first. Or on a network, the admin could block changing the desktop background.
Also, you would (ideally) be able to specify which events to block completly and which events to just warn for.
This alone would be a great help at stopping viruses and spyware.
Also, ISPs should firewall ports used by viruses at the ISP level (this includes ports like SMTP ports used by spam trojan zombies). If you do need one of those ports for legitimate use, they can unblock it. That would help stop trojans and zombies taking up valuable bandwidth (both the users Bandwidth and the ISPs Bandwidth)
Plus, email clients should be modified to not run scripts (better yet, get rid of HTML email completly, its mostly used for SPAM, viruses, scams and crap anyway plus it guzzles more bandwidth than regular text)
These things would:
1.make it harder for spyware/viruses to run automaticly
2.make it harder for spyware/viruses to do nasty things without your concent
3.make it harder for viruses to carry out their payloads (e.g. sending SPAM, DDOS attack etc)
4.make it harder for viruses to get into the inboxes of the cluless n00bs in the first place. And since they dont get notified about the removed virus, they never even know they recieved one.
Also, another (more drastic) step that would work for networks like corporate networks, university networks and such would be to lock anyone who has a virus or whatever out of the network untill they have cleaned their machine. Having a central copy of a toolkit of programs (such as Norton System Works and mabie others) and making them available to people locked out of the network would be a good thing to go with this point (so that when someone goes to central IT and says "my computer says I have been locked out of the network because I have a virus", central IT can hand them a CD with the latest most up-to-date recovery tools on it (anti-virus etc) and a simple set of instructions on how to clean their machine with it.
In the last month and a half, I've literally received about 2 gigabytes of virus/worm mail in my UNIX-based mailbox. (Actually, it's an AIX box at my ISP.)
Anyway, I noticed that most of these come from a rather small set of "From:" addresses, and my (now cancelled) email address, im14u2c@primenet.com, was one of them. Did any of you receive large quantities of email wastage with that forged "From:" address?
Here's a short list of forged From: addresses I saw repeatedly on these virus/worm spam, in decreasing order of occurrence:
I noticed sis.com.tw got hit pretty hard, as did Jeff Garzik! I think they must've scraped these out of the SiS900 driver in the Linux kernel.
I'm regretting that suggestion I made to Ollie on how to speed up his CRC routine.
--JoeProgram Intellivision!
people expect support. It's much cheaper to have their support reps say:
"I'm sorry, we don't support spyware removal, but if you'll just contact Microsoft/Norton/Somebody Else they can help you out"
People don't read manuals. They call support and get angry when it's not free. OEM's take the Aikido approach to tech support. Deflect you're customer's anger at somebody else. But the customer's are to blame too. They want world class tech support for free.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
If only some of the successful worms would do something malicius like erasing the HD or frying the bios. Then and only then would MS take notice and securing their software.
HTTP/1.1 400
Can anyone recommend a free virus scanner for use on Linux? I'd like to scan incoming and outgoing mail on my sendmail server.
Don't make fun of my friend "Particularly Noteworth". Or of my friend "Biggus Dickus".
Yes, OS X, BSD, and the various Linux distributions (i.e. Debian, Mandrake, SUSE, or RedHat ). All easy to install, all easy to maintain, all easy to use. OS X comes pre-installed by the OEM and an increasing number of Linux distros are, too.
Furthermore, the layered structure of the OSes and separation of privileges means that these are resistent to future viruses as well as immune to those available today. Yes, apologists and astroturfers like to ignore that as well as blame users. But even if, and that's a big if, market share has more effect than design flaws, it will take quite some time for the virus activity to shift and during that time, businesses and users have come out ahead. Right now, die hard ideologs who refuse to drop a defective product are costing billions of dollars per quarter, a not insignificant number when you think how many jobs could be kept rather than downsized or outsourced in these increasingly bad economic times for the U.S.
How about a little focus? The title should have been "An Unprecedented level of MS Virus Alerts" and steer users off of the hamster wheel. From easy to hard, these are just a few of the many options:
1. Use WordPerfect, StarOffice or OpenOffice instead. 2a. Use Eudora, Evolution, or Pine instead. 2b. Use Mozilla, Firebird, or Opera instead. 3. Use one of the above resistent / immune OSes instead.Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
Here's a new anti-virus idea I came up with just now, I'm not sure if anybody else has thought of this before or not but here goes:
.vcf files for the initial distribution to users. It would protect even against new and undetected viruses, would work *immediately* to prevent an outbreak from spreading, and would be next to impossible for virus writers to circumvent; a dictionary-based algorithm for generating random addresses/names could make it nearly impossible for a virus to skip the poison address, and no amount of clever social engineering or code morphing or hacking around a corporate e-mail filter would do any good.
Network admins and ISP's would basically add a "poison e-mail address" to a user's address book (and possibly spoof a few old/sent messages with this address as the sender/recipient). Every user's poison address would be unique, and it would only be used for this virus-prevention system. The name/address/other fields would be populated with random data and the user would be told not to delete this entry from their address book for any reason.
Whenever an e-mail was sent to that poison address, the network administrator (and possibly the user as well) would receive a plaintext, PGP-signed e-mail (with a plaintext URL that they could visit to further authenticate it) informing them that they had a virus; better yet, they could temporarily be disconnected from the network altogether.
Implementing this system would be very easy, a little bit of extra code on an e-mail server and automatically-generated
Am I missing something or would this make a major dent in the e-mail virus problem?
Last night I finally got around to unpacking Trend Micro PC-Cillin. During the installation, alarms went off in my head as it started asking me about my age, income, and a host of additional personal information, as I recall. Then I read their privacy policy on the registration page (this was the German Version) and it seemed to indicate they would share this information with their sales partners. I thought I bought this product to avoid this kind of thing. Doing some web research, however, I didn't really see many people complaing about this. Do others have concerns about this product/company? I ended up installing Symatec instead.
Unless they are working for the Government in some capacity. Viruses are created by clueless, zit-faced teenage virgins in an attempt to impress Britney Spears and the 1337 h4x0rs on some dork IRC channel. They use virus-by-numbers toolkits, and have NO idea as to how the retarded shit they kludge together even works.
Welcome to our Brave New World.
Isn't there something about this in Revelations? I'm sure that Nostradamus must also have had some inkling that this was going to happen.
Stick Men
...that they are clueless as much as they are often content to stay that way.
"Did he pick it up?"
"He may have. He also may not. I don't know... I'll go check."
The correct form of that verb for your intent is "one would think Taco might pick it up." This sentence means that in such situations one would expect him to be to pick it up.
You can also use "one might hope that Taco would pick such things up" to express a desire that he do it... but it would be better to replace that with "Taco should pick things like this up" or at least "Taco should be able to find these problems." There's no need to talk about this in a speculative third person... we know who wants him to notice. You want him to notice. Take some linguistic responsibility for your opinions.
If you're not sure whether he should catch the error or not, say "Maybe Taco should be catching these things."
The interesting thing is how seldom anyone feels a need to read the attachment, even, or especially when the body of the email contains only "please see attached Word document".
Holding the attachments at the perimeter (just dropped into a directory) wil usually avoid the race condition between virus creation/liberation and antivirus creation and distribution.
Comment removed based on user account deletion
Too many MTAs are configured to truncate large messages or their attachments. Likewise, various mail filters sometimes cut all attachements.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
..why 'Nix users don't like Apple?
Because of the fanboys, expensive hardware and general non-Unixness of Apple. Oh and we'll never, ever forgive them for the one mouse button.
Plus Mac OS X's kernel.....
Were you going to finish that sentance with "Is crap."? I seriously hope you're not trying to start a "Mach microkernels are so great" wank-a-thon.
In his last years - he died in 1996 - Timothy Leary (the "turn on, tune in, drop out" guy from the 1960s and, latterly, drug-addled Gen-X elder statesman) took to saying "if you want to immortalise, digitise". As I recall, this was vaguely connected to some sort of Neuromancer-style "preserving-my-essence-through-the-creation-of-a-d igital-facsimile-of-myself" effort, but I don't know enough about the guy to say for sure.
Bearing that in mind, I have to say that the idea of a digital Margaret Thatcher, immortal and bent on causing trouble (as any Thatcher clone undoubtedly would be) has just ruined my day completely.
I've noticed a horrible uptick in completely non-technical folk who insist on talking about viruses in completely unrelated forums.
Because, you know, it is just vital that they thunder at each other the importance of running commercial virus scanners, and that they loudly, publicly misunderstand the FROM header ...
I occasionally mention that they need to stop clicking 'OK' and generally being idiots, but somehow they do not appreciate my free advice ... ;)
232 alerts in 91 days...
And how often does your antivirus vendor update its patterns?
Therein lies the reason why antivirus software is so ineffective.
Thank god for ClamAV on our email gateway.
So far today, 28% (936 out of 3260) of our incoming emails have had viruses in them.
Scary!
Phil
Are sharing code, then it stands to reason that keeping your system proactively patched protects you from more and more virii.
It's getting to the point at the office that all new virii noise on the IDS box is laptops coming in from the VPN. I can see a spike in traffic from one laptop, which gets reported to the Help Desk for cleaning, and the net result to the rest of the (properly patched) network sees NO negative result.
"Draco dormiens nunquam titillandus."
Holy crap!
Monospaced cyan text on a black background.
I have turned blinking text off, but it wouldn't surprise me if you had that, too.
Plus, I have to scroll horizontally to read it.
Horrible, horrible.
I use Outlook Express on MS-Windows 95, and have never been infected.
Why?
1. ALL scripting is turned off.
2. I never open attachments.
That's all that is necessary to prevent infection by email.
Can we really blame Microsoft for this one? Or even ther user?
Your new here aren't you?
'By the pricking of my thumbs, something wicked this way comes'
I admit, I use Windows, but I'm migrating to Mandrake, so lighten up here if this sounds like the typical "pissed-off ex-Windows user."
If you're a tech, and you do work on people's PCs, tell them about these. There is no excuse not to have these measures implemented on each and every PC in the world.
1: Routers. If you have a broadband connection and _any_ box, be it Windows or Linux, there is no damn reason _not_ to have a router with the newest firmware revisions and a _changed_ administrative password (not admin/admin like on so many Linksys WLANs I've found on my PubTrans rides home). It will stop about ninety-nine percent of outside attacks at that level.
Even a cheap-ass Linksys BEFSR41v3 will do wonders to stop outside attacks ($50 at Fry's, by the way). I know; I'm running one of those on my home LAN.
2: Remove IE/OE or keep them from integrating into the kernel in any way, shape, or form. As is, they're too tightly twined with explorer.exe and as such, that open the door for a _world_ of pain (CoolWebSearch, anyone?).
Recommended alternatives: Firefox (though it has issues with PDFs in Windows), K-Meleon, Opera, Firebird, Mozilla, Eudora (light mode _ONLY_ unless you're going to pay for it; it included Cydoor spyware in earlier versions), Thunderbird, et cetera.
3: Get a decent antivirus program and software firewall in addition to your external measures. Grisoft's AVG is free and it updates on pretty much a daily basis, and ZoneAlarm is free if they don't want something better (like a spare AIX UNIX box between their machines and the Internet).
That's enough for the casual home user.
Hell, if you don't protect your PC, you don't deserve to have it.
Striking fear in the authors of godawful fanfiction, I am here, appearing in darkness, Tuxedo Jack!
I got my cure here, http://www.suse.com :)
And all those silly patches they keep emailing me 6-10times a day.
Eh, who needs em?
I mean, like X-server has been around for 20 yrs, can't I assume that it pretty much is safe from an external network attack?
Why do you need to expose it (or cups) to an external network?
What makes you assume it's an external network attack? These days you're likely (if you are not the only computer on the network) to get just as much a barrage of scanning/attacks from the inside as the outside.
It was simply more profitable to sell a program that requires frequent updates for each new threat.
Apart from distinguishing it as something the user installs more unwittingly and later decides is something bad they don't want, a virus isn't much different from any other piece of software.
It's software that, because it is installed, helps the authors obtain something from the user.
Parasites are just a matter of degree. No black and white, Good and Evil, just data on the disk.
If software systems become like biological organisms, it's not beyond the realm of possibility that a sufficiently benign virus that provides enough benefits to outweight its costs might become incorporated into future software systems as a matter of course, much like mitochondrial DNA gets passed on in humans although it is theorized to have originated as a separate organism.
"Provided by the management for your protection."
There is no law against putting false information into online fourms unless you are filling out some type of government fourm that includes a warning.
Unfortunately it's damn hard. No more attachments. Email isn't a file transfer protocol. There are many many many other safe ways to send files. Email was never meant to send binary attachments anyway. The RFC doesn't allow it. To comply, a dirty hack was created in which binary data is turned into plain text. But it's obvious email wasn't meant to be used in that fashion. I'd love a pop3 proxy that I could install on a iptables box to strip 'em. Any suggestions out there?
I subscribe to one major national newspaper. Every time they write about "a virus" I send the writer and the section editor a quick note reminding them that it is "a Windows virus."
Would you believe, most of the reporters at this particular paper no longer make the mistake, i.e., most articles mention at least once that the latest breakout impacts only Microsoft Windows systems.
The next pasture is always greener
These viruses affect the Microsoft Operating system only
Nowhere in this article, or in many other article, is this made plain and clear. For example,
"We're seeing more, more and more viruses -- an average of 15-25 a day,"
Should be something more like
"We're seeing more, more and more viruses on Microsoft systems -- an average of 15-25 a day, while Linux, Mac OS, Solaris and others remain uninfected"
"Computers" != "Microsoft"
Previous posters have mentioned that they are astounded that users of the buggy, unsecure Microsoft Windows operating system actually get infected. Well, what would else would they expect? If this is the level of "Joe Average", surely the news also needs to be more specific about the systems that are infected. Perhaps even pictures of the Microsoft logo associated with virus attacks will help prompt peoples memories about the systems that are in danger.
Word processing documents - randomly deleted words like 'no' and 'not', or flipped words like 'always' and 'never'.
Spreadsheets - zeroed out one or two cells
Presentations - Inserted random obscenities and links to unappetizing images
Imagine what would happen if nobody could trust their computers any more. Microsoft would be sued into oblivion, EULA or no EULA.
To a Lisp hacker, XML is S-expressions in drag.
I was setting up a W2k box once, and in the five minutes between the first boot and the installation of ZoneAlarm, a worm installed itself via NetBIOS.
...directly onto the Internet (and not protected behind a hardware/*nix firewall) is a very, very, VERY moronic thing to do.
My fault, I suppose, for leaving it the demilitarized zone. I'm just so used to Linux though -- the idea that a modern OS would permit such a thing to happen is ridiculous.
I'm a government uhh, shall we say "employee". We know for certain who's behind the virus/trojan/worm storms these past few months. It is a couple groups of islamic extremists whose assignments are to disrupt anything and everything Western they can manage to do, no matter how great or small the deed. Just as long as it causes some degree of harm in the long run. Death by a thousand paper cuts/mosquito bites/whatever. Get the picture? If they can achieve causing the entire West to distrust Internet email enough to quit using it, then they feel they have made a successful assault on us. Their ultimate goal is to see us all dead of course so they can have the whole planet to themselves and return to a lifestyle like 7th century barbarians, but until then, they take pride in hurting us in any way from the littlest annoyances all the way up to mass death and destruction.
... can't you just pre filter all email attachments and run them through your own scanner, deleting the nasties while still delivering the email, perhaps with a message "sorry, had to delete the attachment, it contained the whatever virus"? Is this not an option? And if the email recipient keeps getting infected email from wherever, just blacklisting the sender? As in "tough noogies"?
I agree with another post though, from what I hear in meatworld from people I know who have gotten nailed, it's very casual non-guru users running outlook and downloading songs or warez where most of the problem lies. Well, the problem STARTS with virus and worm authors of course, don't mean to neglect that, I don't want to blame the victim, except to the point to gently nudge them into safe computing practices and choice of software.
It looks like virus writers have switched to an open source model that is quite effective for attacking PCs. Just furthers the proof that open source programming really works. I use a Mac so I haven't had any problems at all. Security through obscurity? Nah- if that was the case then PC hackers would and would be able to make viruses that messed up Macs And linux boxes. And its not that simple to do that given there security minded design. PC users- look at it this way; they are going easy on you, it would be just as easy to design virii that simply deleted all of your files and erased your disks!
411 Y0UR 8453 4R3 8310NG 70 U5!! -NSA
I've noticed that many of the newer virii and worms now have a different purpose than before. Previously many of the virii were written to teach Bill Gates a lesson. Other reasons were curiousity/jackassness. The last smaller percentage was for some type of criminal fraud. It appears that a significate part of the new crop of virii and worms has this criminal fraud aspect to it. Identity theft is on the rise (like up 80% in 2003) and spammers are now hiding their tracks better by zombifying User's PCs. Money is the reason that it increasing.
...is because the virus writers are too scared for being caught. Just take a look at the figures of the most virulent worms of the last 2 years. They did infect a substantialy large part of the open Windows systems in the first 10-15 minutes.
...these "ersatz" virii are BETTER than the "tight," academically-minded virii of yesteryear. It doesn't matter how it's done so much as how it works.
These virii spread much more quickly and do more damage (billions of $ in extra bandwidth). I think you just resent that they are much more adept at social engineering than their predecessors -- so much so that they don't *need* to be "advanced."
If the time between identifying the new viruses and getting the latest definitions from the vendors gets much worse, might I suggest time delayed email then? It still gets sent, just not immediately, let it queue up and re run it after you recheck the latest and baddest new exploit, say 3 or 4 times a day? something like that? Maybe longer if a particular nasty one gets loose.. I know that idea sucks initially, but if it can help stop viruses from propagating as fast, it might be worth it, Especially for business. Extremely important info time-critical to a business decision can still be transmitted using the old fashioned but still reliable "hey earl, check this out..." phone call.
Personally, I more or less stopped using email a coupla years ago, I check mine every other day, that's it. I couldn't get people to stop sending me crap more or less, got sick of it. At this moment I don't have much need for immediate delivery. That might change back, I used to be a fiend on it, newsgroups, lists, etc, but now... got tired of it, that's all. I know, that's just me, everyone else on the planet needs updated email every other nano second...oh well.. And I use text only option, too, just because it makes sense to me.
This would seem to confirm Virus creators are sharing more code.
Open source is going past milestone after milestone.
I wonder: is Netsky GPL?
Today I made a clean reformat of the Windows XP partition after having caught a nasty .ida variant, coming from Outlook Express.
Being curius as to how things, work, I was led to this link:
http://www.codeproject.org/system/hooksys.asp
Anyone with basic programming abilities can hook into the Windows kernel (even on NT!), rename and replace DLLs, intercept message queues, create stubs for system DLLs...even kernel32.dll can be replaced, effectively allowing for every type of worm/trojan possible...and now with a e-mail preview from Outlook Express!!!
The highlight is how to load your own DLL in the address space of any process using 'CreateRemoteThread': You can create a thread in another process using a local procedure, and call 'LoadLibrary' from your own proc in the context of the other process, since the addresses of kernel32.dll are the same for every process!!!
You can even make a hook server and driver to hook the kernel calls!!! The Microsoft linker supports call forwarding, and you can create proxy DLLs with a few clicks!!!
The funny thing is that they present all the above as debugging aid!!! but it is one of the techniques used by many trojans...
I used to defend Windows, even on Slashdot. I can't believe Microsoft has so stupid code, and they even dare to call it "architecture" or "technology", while it is no better than the Unix/Linux hacks available, and certainly not the result of long thinking on security. BillG should pay us millions for lost time (I spend more than 5 hours today re-installing everything). I should know better ? perhaps. I have Linux (Red Hat 9), but I need Windows for games and for my work(VC++...).
For me, IE and Outlook is no more. Mozilla Firefox and Eudora Light version, from now on.
Fair enough. I hate the single mous button meself..
Wow. I guess I keep forgetting that Bush's psychopathic nature is not always commonly recognized. This seems amazing to me, but then I forget sometimes what it is like to be caught within the fog of manufactured reality. That's the nature of the psychopath, after all, but it takes two to tango.
I would strongly encourage you to do some reading and research into the matter. After all, you are the only one there is who can be depended upon to grow your knowledge structure. It would be a good idea to explore beyond old boundaries, especially now when the information is there for the taking. This may soon not be the case!
Good luck to you!
-FL
I love my Mac... *Laughs at Windows users*
However, two of these nearly computer-illiterate people were able to install Windows XP on new hard disks without any of my help (Mom got stuck with her not-included printer driver). They were even able to turn on the built-in firewall and automatic updates with less than 5 minutes of instruction from me.
Pre-installing Linux/BSD distros may help here, giving the person a browser and office quite out-of-the-box. But as soon as they want to install QuickBooks, a mapping program, or to play a new game, the feces will hit the fan. You expect Dad to learn how to use apt-get and understand library dependencies?
Linux is "easy to maintain"? Certainly not in this sense. On a windows box, to install something, they just drop in the CD, and click on the "yes, install it" pop-up (which they can, since they have local admin rights on their Windows box). Completely insecure, and it hides a lot of options and information that an experienced user would want. But it's almost totally Dad-proof.
I'll give you OSX - and it's what I recommend to non-techinical people. (It still has the problem of most users running with root-like power by default, though). But people always seem to go with the "cheaper and I already know Windows" box from Dell just to spite me.
er,
every heard of IM borne viruses? If people were forced to move to FTP to transfer files, you'd get a spate of FTP viruses instead. I can imagine it now, a friendly FTP service from MS. hi I'm clippy, I have received a file from 'john your friend' and it needs extra steps to run would you like to
a> launch the file
b> try to open the file in word
Welcome to your future.
The problem is at the other end of the client (of whatever type), and thus the client program needs to protect the simpliest users (that has a nice ring to it, I know, a typo) by making informed decisions about the content it accepts for them. For example an IM program could refuse connections from unknown people (many do), refuse executable attachments or render them harmless, or an email program could refuse to save executable attachments (not many do unfortunately), disable javascript, refuse remote urls unless the user intervenes, etc etc. Unfortunately not many make the effort.
Your problem isn't with HTML per se, but with the consequences of the interaction of sloppy HTML email clients and the simpliest users. Actually, I think structured markup in emails could be a big plus (for the recipient, not the sender), it's just unfortunate it's being used for 20px red type at the moment. Of course text email will be with us for a long time too, and has its uses, but would you rather read this web-page (for example) as a stream of text or as a marked up set of text? A long email with a report and several quotes in it? Meta-data is not evil, data that executes like code without strict control is evil.
For the record, I wouldn't touch windows or explorer with a barge-pole, and I think we're in agreement on your fourth point, but HTML email and attachments aren't going to go away, because the users want it that way (ie if you try to stop them sending stuff, they will replace them with equally dangerous tools).
They wouldn't have permission to use chmod on a properly set up system.
Not to sound like it's all that and a bag of chips but my company is a reseller and uses the antivirus software from S. Korea called Hauri. It's from a publicaly traded company out there and their software easily repairs these viruses you're mentioning without cleanning utilities or damaging system file integrity. We've introduced it to California State University - Chico because of a virus problem and they're switching to it.