Slashdot Mirror
Netsky Worm Variant Attacks P2P Services
ee_moss points out this Washington Post article (via Yahoo!), excerpting "The latest variant of the Netsky worm directing infected computers to launch Web-based attacks against music- and file-trading Web services such as Kazaa, taking down at least one company's Web sites in the process. The worm, the 19th version of a bug that made its debut in February, is also targeting some Web sites that offer computer programs designed to illegally break or bypass copyright controls on software programs."
Anyway, I know this sounds painfully obvious, but why don't folks take the simple step of running an antivirus program? I have McAfee VirusScan and I also have AdWatch running full time. Between the two, I feel fairly well protected from viruses and adware/spyware.
And then you have folks that click on just about any attachment - from the article:
The experts advised people not to click on strange attachments in e-mail, which can activate the worm, and to update their antivirus software frequently to ward off new threats.
I have an agreement with family and friends to embedd a codeword in any document that contains a file attachment. It is usually a fairly esoteric work not likely to come up in casual conversation. However, I have damn near been fooled by a few emails because they seemd very legitimate. Oh, well.
Anyway, I am preaching to the choir....and ranting a bit.
Happy Trails!
Erick
http://www.busyweather.com/
Another virus. Run in circle. Shout. Panic.
HAHA!
The experts advised people not to click on strange attachments in e-mail, which can activate the worm...
Of course, until you can teach people to be intelligent, these types of viruses will continue to circulate through the net.
Wireless News www.DailyWireless
I have a couple relatives who are extremely nontechnical. Their windows installation has already been plagued by 2 worm viruses this year. When they think virus in windows, they think virus in computers. Basically these viruses are giving computers in general a bad reputation.
I have suggested they try linux. But they are nearly at the point of no return. They fear computer, they fear the hassle, virus scans, repair etc. What's the world coming to.
The post doesn't say it, but it definitely insinuates that the nefarious RIAA and possibly the BSA is behind this latest worm. Unfortunately, that kind of knee-jerk reaction is counterproductive to finding the real virus spreaders.
Someone is obviously trying to implicate the content monopolists in this by targetting the sharing networks. It is highly unlikely that the monopolists are doing this themselves because they have too much to lose by carrying out such an attack.
Someone in the computer community is doing this and is hurting everyone in the process. Sometimes the geek community is its own worst enemy.
I have been pwned because my
Darl McBride seems to have made some stuff up about the Linus Torvalds is behind this attack! Of course we all know it's RIAA.
I've noticed more and more windows users, have to install nearly 1/2 a dozen or so programs th protect thier pc's. Between Ad-aware, Spybot S&D, Norton/AVG/McAfee and a host of others, I ask... Why Bother? It's the reason I went 100% linux at home, no worries about such crap.
Ubuntu- Linux for human beings.
Come on people! Read between the lines. The MPAA and the RIAA are being just as bad criminals as the people they seek.
1wrong + 1wrong != 1right
The aforementioned entities have had a hard time already being the moral side, this just makes it worse.
main(0)
Was the worm written by...
A: The RIAA, to try to take down the P2P services.
B: A disgruntled artist, who blames the P2P apps for why they can't get paid.
C: The owner of unaffected P2P app trying to take down the competition.
D: A random hacker, who doesn't have any interest in the music industry, but just wants to ruin people's fun.
E: SCO. Because they're associated with anything Slashdot hates.
F: Microsoft. Because they're associated with anything Slashdot hates.
G: CowboyNeal, because he's a suspect on all Slashdot polls.
I don't really understand this virus, or more precisely, the people who wrote it. Although I can not speak from experience, I would have to imagine that spreading virii over P2P networks is like shooting fish in a barrel (hotpr0n.mpg.exe would probably take down half the computers on kazaa). So why are they trying to spread it through e-mail? I would think that since there is no challenge involved in spreading it that they would be moralists (like the people who disguise a program that reports people's ip address as warez) but they are not doing it over the networks themselves so they would have a potential for "collateral damage". Is the writer just a random skript kiddie or am I missing something?
_____
Thank you.
first of all: duh! virus writers not having high morals is a given. get over it.
second: obviously if the virus writers, who USUALLY say "I did it! I dit it! Hey look at me!" say "nope, sorry. wrong guy" then it seems that the obvious answer is that it isn't them. The simplest answer is usually the right one.
I'm sure everyone else will speculate as to who it was that crafted this offshoot, and they're probably closer to an answer than the author.
Soulseek's been down all day, for example, even though I haven't seen any information specifically saying that this new Netsky targets said network (Kazaa and Edonkey are the two that I frequently see cited, as in the linked article). It's an odd choice of target--it's far smaller than Kazaa/FastTrack--but then again, Edonkey's not too high on the usual radar, either. Some bittorrent sites are also especially wobbly today, but that could be coincidence.
.pif" strategy, but someone must be clicking on these things (verizon seems particularly affected, as every other Netsky spam I get seems to be from that domain).
Fascinatingly, I've also been getting absolute tons of emails infected with this variant of Netsky, many of which pretend to have been scanned for viruses and are "clean." This seems particularly lame as an "innovative" get-the-dupes-to-click-on-"document.doc
Ahh well. Hopefully, this particularly-obnoxious variant will be short lived (so we can, of course, begin the cycle anew in a few weeks' time with a new SoBig or...heck, I dunno, Klez? What letter are they up to there?)
Just what we need . . . A 21st century cybervigilante working for the RIAA . . .
It can't be long before e-mail becomes so suspect that self-mailing viruses simply won't spread because everybody is so afraid of their inbox. It will be interesting to see where viruses go then. IM would be my first bet, as well as P2P networks, vulnerabilities in certain *cough* OSes we've already seen, and network shares but there has got to be other methods I'm not thinking of. This could be really interesting to watch. I've never taken the hard line view towards viruses that I see here, I see them as massive experiments with data and as kind of a spectator sport. Of course that could be because I've never really had a problem with them...
This one was probably sent out by the RIAA, or Orin Hatch himself.
I switched P2P networks long ago. I have no silly business of fake files, or dial tones in my songs. There are viruses, but they are fairly obvious as they are often disguised as keymakers. The only thing I have to worry about is french movies not being labeled properly. At least they are the right movie. If only I could translate french on the fly...
Only grandmothers and 10-year olds use KazAA. The unkempt geeks switched networks a while back.
Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
An antivirus program only finds known viruses, or variants of known viruses that trigger some common rule. They are useless against new viruses, particularly rapidly spreading new viruses.
Eventually 0-day linux hacks will get this publicity once linux hits the desktop in a big way. Virii writers will exist and software will evolve. No big deal.
So, when the virus attacked SCO, all the reporters gleefully reported that it was probably an attack from "the Linux Community." What are the odds that those reporters will automatically jump to the conclusion that the RIAA wrote this virus, and then publish that opinion.
My guess, is that these writers won't be quite so eager to jump to conclusions this time. But it might be worthwhile for those of us who were annoyed by those writers to point that fact out to them.
Remember how quick the media was to turn on the linux community when a worm appeared to be targeted at SCO.
Let's show we are a couple notches above the media here and give this some time, maybe we can take this thing apart and make sure of it's TRUE intended victim. Not to say I'd put it past the RIAA, but we should make sure before flinging accusations.
Kiddies these days. On one had, Kazaa claims "no disruptive effect" while eDonkey complains about two web sites temporarily knocked out.
Hey, you young punks, in my day we had guys like Robert Morris who was stud enough to make it work on Sun 3's and VAX systems.
Oh and hey, they're still trying to figure out what went down at AT&T on Martin Luther King's b'day back on 1990.
I mean, c'mon, attacking a p2p via Windows that barely crashes 2 websites?
Buy Steampunk Clothing Online!
something wrong going after something else wrong... it's like the government going after microsoft!
Probably why it was setup as such, whoever wrote it was hoping the **AA cartels would be blamed.
Now If I run Kazaa on an infected Windows system, I'll get a message saying "Illegal Operation" as it quits out on me!
"Anyone who quotes me in their
OSS has nothing to do with this...
Little programs, like worms, can be analyzed at the most basic level (asm code) by a competent programmer with some common tools. What they do can then be changed by adding or replacing code.
This doesn't work for huge, complicated programs, but it certainly does for things like viruses and worms.
DJ kRYPT's Free MP3s!
I don't understand what you mean.
How are viruses and OSS even remotely related?
I'm not trying to be a dick or anything, I just truly don't understand your comment.
Have you tried Linux yet?
Any ideas which 'programs used to break copyright controls' this variant will be spread in? *whistle*
As soon as I saw the headline to this news item, I was reminded of the interview with the "genious" in the Princess Bride. With the double-psychology and the hired kidnapping plot to begin with. Pretty much every line of that scene could apply, or is in danger of having a geeky rewrite.
[
My feeling is that this won't stop until the virus creators actually start causing damage to individual user's computers, not just the bandwidth hogging and (D)DOS variety of the current crop. When getting hit with one of these bugs means that Joe Luser's stuff gets deleted and his system won't let him logon, you can be sure he will raise a ruckus wherever he can. Turning his box into a spam relay or a DDOS zombie doesn't cause nearly as much visible damage to the computer, other than it being a bit slower to use, another condition with which the average computer user has become too comfortable.
The nagging question in my mind isn't "When will this happen?", it's "Why hasn't it happened yet?" Or possibly, "Will it ever happen?" And that last one makes me very sad.
Well what can I say. More viruses going around more happy I'm. It creates jobs. More computers I have to clean more money I'll make.
What exactly is the difference between a worm and a virus? (In the comments I have heard this being described as both a worm and a virus.)
Thanks to anyone who can clear this up for me!
Anyone recall when the RIAA was threatening to DOS the computers of people who trade music files ?
GoatPigSheep, the 3 most important food groups
You say this, mr relative.. If you choose to run
windows I am unable and unwilling to support you. If you would like to run linux then I am more than willing to support you.
Got Code?
Is it sooo improbable that this was somehow sponsored by the RIAA ? (or similar)
...
On one hand i dont see it as too likely, on the other, lately my capacity for surprise has been worn down by strange lawsuits and laws (Can-Spam).
and RIAA was, after all, seeking to make their hacking P2P-ers legal
I think things would only change if default setups of Windows were secure against this sort of thing.
I don't even *do* any of the stuff the worm is targeting, and I'm *still* disgusted. Personal policy time: I've used free software for enough years to forget anything else or even have meaningful memories of anything else. I also pay for the tickets to see local groups and Broadway/classical. No, I don't do P2P. Nor do I buy CD's or DVD's, etc. Haven't done so at all, in fact. Instead, I actually buy the tickets and go to the show.
C|N>K
I keep wondering if there's more to all of this than merely a set of isolated viruses released into the wild.
If you want to destabilize an economy, say the West, then go after the computer networks that bind it together and which make it both different, free, and vulnerable.
There are lots of bits and pieces being assembled. What if this is part of something larger and we're only seeing the perfection of the pieces and a bit of guiding of the immune system toward another goal?
Yeah, maybe I'm not wearing my tin hat, but some things seem to be acting too well...or too badly.
Previous versions of NetSky copies itself to any folder containing the word "shared" in it. As in "My Shared Folder." To spread itself via Kazaa and other file sharing programs.
Worm Triggers Attacks on File-Trading Services
Sat Apr 10,10:23 AM ET
By Mike Musgrove, Washington Post Staff Writer
The latest variant of the Netsky worm is directing infected computers to launch Web-based attacks against music- and file-trading Web services such as Kazaa, taking down at least one company's Web sites in the process.
The worm, the 19th version of a bug that made its debut in February, is also targeting some Web sites that offer computer programs designed to illegally break or bypass copyright controls on software programs.
Sharman Networks, owner and distributor of Kazaa software, said in a statement that the attack had "no disruptive effect" on its site.
But Jed McCaleb, lead programmer for eDonkey file-sharing software, said the worm temporarily knocked out the company's two main Web sites. A third site run by the company remained up and all were working late yesterday.
McCaleb said does not know why his sites were attacked. "It's strange to me that these people are virus writers and pointing their fingers at others," he said in a phone interview yesterday. "Obviously they don't have the highest morals if they are hurting people's computers."
McCaleb said that the three-year-old service has 5 million users worldwide.
Antivirus experts said they were unsure whether the author of the 19th version of the Netsky worm is the same as the author of previous versions. A 20th version of the worm that has been circulating on the Web is scheduled to attack a similar group of file-sharing sites between April 14 and April 23.
The experts advised people not to click on strange attachments in e-mail, which can activate the worm, and to update their antivirus software frequently to ward off new threats.
I cant tell you how many computers I've cleaned when people get PIF email attachments and open them thinking they were PDF's.
They will pay me to remove the virus, but they wont buy a email scanning antivirus program, or even figure out that if the icon is the windows logo (double meaning here) Its probably not a good thing!!
Back to the article, With all of the spyware, IE plugins, and other memory hogging garbage associated with these P2P programs, alot of users wont even notice a few extra viri thrown into the mix, they'll just run to techies faster.
MOVE!!! (shameless Nick Burns Reference)
...probably a line in most virus payloads.
Funny thing is, McAfee and Norton on Windows is a bad stack.
After install you have a broken OS.
Expect your computer to crawl like a baby and/or crash often.
Actually, it would be better to do without said crapware and enjoy better performance with your spyware/virus.
... to just millions of people, a computer is just a TV set with a lot of on demand "channels". That is exactly how they treat it, and why security isn't anything they should do, the "computer" should do it.. and really, it mostly SHOULD "do that".
And there's no reason anymore for new computers to go out the door in any shop without those types of programs installed if they are going to use MS.
shame on MS and shame on the box vendors
And there's even less reason to let MS skate on this issue. They should have been class actioned all the way to the supreme court long ago on useability and security and internet interoperability issues.
That EULA is an abomination. Maybe 20 years ago when desktop computing was really getting going they needed some time to get up to speed on coding, but not today, nope, EULAs that absolve the *seller* of all normal consumer warranty and protection should be stricken down. once and for all.
If ACME front door and lock company made a product that consistantly over the years was shown to A not open or shut correctly and could be counted on to fall off the hinges and needed to be re hung every 6 months, B-which had no credible locking mechanism, and C-caused the purchasers to be invaded in their homes and robbed and inconvenienced for years and years because of A and B, they would have been put out of business.
It's time to REALLY consider this EULA get out of any responsibility card they are allowed to use and profit from. It's absurd.
Methinks a lot more proactive coding on their part over the years might have cost them X-billions more, but they got 50 bill in the bank now, they could have most likely made it a lot more secure and functional and still had many many billions in the bank. There's no excuse anymore beyond pure GREED on their part. I would agree with the assessment nothing can be coded perfect, but really.. there's ways to go about this, they just never did it,not near enough, they were AWARE of the issues just they didn't CARE about the issues enough because it would have cut into "profits". Not eliminate them, it just would have reduced them some. Big deal. they profit, everyone else has to jump through hoops and suffer over their inaction.
They could have had BOTH, profitability plus more secure and functional design, they chose NOT TO. It was high level executive decision making that caused that, it was done on purpose. It wasn't that important to them as long as they could bully their way into mass acceptance and get away with it.
Class action suit, I am surprised it has never happened yet.
...is just someone wanting to take advantage of the millions of people who trade files all day and night on Kazaa.
I've gotten one before myself, for a keygen ("Simcity 4 keygen.exe", yes I own the product but didn't feel like fishing out the case that night to enter the code, so I downloaded a quick keygen).
Surely they understand that they're alienating any base of support they may have... If they're writing these worms for bragging rights, none of their peers will have anything to do with them. With this in mind, perhaps the release of the worm could somehow be traced back to companies with a manifested interest in shutting down P2P?
automatic virus creating "tools" that are available from some open source places for "academic and security studying", etc.
Name them (the ones you are aware of) with the referenced articles. I think it's a good idea to hold their feet to the probability "whodunnit" fire..
Probably why it was setup as such, whoever wrote it was hoping the **AA cartels would be blamed.
All of this rational and logical thinking is starting to make me worry about the direction that Slashdot is headed.
Well, the same could easily be said about 'repurposing' crowbars to break into homes. Most tools can be used for evil to some degree. Unless I'm missing your point.
The Hoax:-
Dear Sirs:
It is possible that a VIRUS could be sent to you because you were registered in our Outlook's directory.
This VIRUS sends itself to all addresses registered in your Outlook's Address Book (happens also with other e-mailing programs). If you find it please resend this email to all your email addresses.
How to erase it:
This virus is not found neither by Mc Afee, Norton, or any other AntiVirus programs.
How to erase it:
1) In the Start Menu go to "Search Files", then search for jdbgmgr.exe or j*.exe
2) the Virus programs has a Teddy Bear as the Icon.
3) Once you found it, erase it.
4) go to the windows' trash can and empty it or at least open it and then erase the file with the teddy bear icon.
5) resend this email to everybody on your mailing lists.
BYE, AND SHAME ON THE VIRUS DEVELOPERS! THEY HURT ALL BUSINESS, PEOPLE, AND OTHERS.
Well you would have a hard time doing much on my own personal system unless you were root. Seeing as I am behind a seperate firewall and have no remote access running for you to try and exploit that leaves only me, something you might try to get me to do or, you actually getting in here and breaking a pretty long alpha numeric string. You might try finding some way to escalate your way into being able to install something or run a script to get your worm (this isn't a virus) installed if you could gain phyical access. The worst you might do is hose up some world writeable data files. It isn't going to be worth the script kiddie/spam peddlers time to try and own this box.
Plus If I found you in my house I'd just shoot your worthless ass. Being in the country/state/county/town I live in I would probably get away with it too.
Linux isn't usually insecure by design (Lindows shipped with the user as root for a while I heard.) With current distros you really have to try and make it insecure enough to exploit. A user could just be a total dipshit and break all the embeded security or rules that as a Linux or Unix user you should follow but I don't see many doing that.
So the "for now" part is a farking dream by someone who doesn't know crap about Linux or Unix but what they think they know something about it IMHO. Unlike a very popular commercial operating System and software package Linux and Unix are not insecure by design.
If you don't like what I write don't be a CS and mod it down. Refute it.
Yea I can't spell. So what is your point?
I'm all for a resistance to things like the RIAA, companys that abuse copyright law, and absurd notions of what constitutes intellectual property.
However I feel that when people use P2P networks as the only way to fight back, but don't use things like creative commons or the the GNU than they are really hurting the resistance movement that people have created to fight back aginst abuse copyright laws, and absurd notions of intellecutal property.
IMO There has to be more reason to use P2P than "I don't have to pay for it," there has to be the desire to make a political or philosophical statement.
Anyway, I'm just preaching to the converted here...
Note: this has been posted by r.future (a person who spends way to much time on the internet!)
It makes a mockery of my experience and qualifications, but much of my work these days consists of clearing viruses and malware, spyware, adware, whateverthefuckware off of computers. And it's not just the PCs of morons who visit pr0n and w4r3z sites either, it's _everybody_.
It's no longer about being "careful" or "sensible": you are careless and not sensible if you AREN'T running apps like Ad-aware and anti-virus: for every person who manages to avoid infection, there are literally thousands who don't, and they aren't all stupid, as much as it might please you to believe otherwise.
This shit is a fact of life for anybody connected to the Internet now. Disparaging others because you've managed to stay clean doesn't help.
I spent a 24 hour block at work on Thursday fighting an undetectable to McAfee/Norton/Trend version of Polybot/Gaobot/SDBot.
...it'll also stop you from fixing anything remotely too.
The *bot line of worms spreads two ways. It uses both the RPC exploit (patched last year) and by using a laundry list of username/password combinations. While I'll be the first to admit that a STRONG local administrative password and 100% patched boxes would have evaded *this* worm, it won't be a defense against the next one that targets RPC-like-flaw-v2.0 or that includes our "strong" local administrative password in its list of passwords to try.
The *bot series of worms is also pretty "neat" in that it immediately updates the HOSTS. file of infected machines to redirect all major AV update sites to 127.0.0.1, and it spawns a double-process that each iteration of itself checks constantly to ensure that the other instance of itself is still running, and that all of its restart values are still in place. Tricky indeed.
Sure, lock the HOSTS. file too you say, but we've got more than one VPN solution in-house that changes HOSTS. when executing.
Use VNC on our desktops? As soon as it includes domain authentication instead of weak passwords stored plaintext in the registry. (Yes, there are updated versions, yes the source is available, but "use VNC" isn't as simple as it sounds. -- From a security standpoint, VNC just isn't "secure.")
Up-to-date AV? Useless against new threats.
Turn off the SERVER service you say! That'll fix 'em...
Anyway, rambling aside, we deployed a fix (with a tool that, ironicly would be caught by many AV programs as "dangerous" and blocked -- since our fix included a copy of PSKILL) to our machines through our automated software deployment agent, and we'll be cleaning up HOSTS. files later this week.
There is no "do this and you will be protected" blanket statement. If there was, I'd be out of a job.
It's a comment that adds nothing to the discussion and just goes to insult the community in some fashion.
how many people have jobs because of spammers and computer infections?
The Kruger Dunning explains most post on
Is it so unbelievable that the RIAA would take action against these services which they can't legally do anything about (at least not easily?), if they are capable of fining little kids thousands of dollars for downloading the latest britney song do you not think that perhaps they are capable of procuring the know-how needed to run dos attacks on things like kazaa... its scary but the RIAA could be running a virtual guerilla war. also, jfk isnt dead, he is living with osama on mars, thats why the landers keep getting broken so they don't find his little martian sanctuary.
"The stupider people think you are, the more surprised they will be when you kill them..."
"Online did it and I want hims to stops it."
If you don't like what I write don't be a CS and mod it down. Refute it.
Yea I can't spell. So what is your point?
What a world we live in -- viewing gay porn is an issue, but punching holes in other people's communication systems isn't something to bat an eye about.
You consider virus writers to be part of the "computer community"? Like rapist are part of the "dating community" and burglars are part of the "domestic community"?
Ceci n'est pas une signature
One thing I've noticed is that as you get further up the distribution line for warez (no moralising replies, I've heard it all, thanks) is that the people become more and more snobbish and elitist. Your average IRC leecher mocks the people on kazaa, but the people in siterings actively despise them (for no apparent reason, except possibly to distance themselves from such a "n00b" crowd). I wouldn't be surprised if this were just written by someone who particularly dislikes kazaa simply to get some laughs out of the newbs' suffering.
Because someone who didn't know better opened the attachment.
I've been getting delivery failure e-mails over the last few days because my e-mail addy is in their address book. And believe you me, I checked every conceivable virus scanner on the web.
The specific worm in question is Worm.SomeFool.Gen-2 , according to the last dozen or so messages.
Just because you can mod me down, doesn't mean you're right. Shoes for industry!
You just need to upgrade your scanner. Unfortunately, I am not aware of technology like this for individuals, only for bussineses. Still, don't think that signature virus scanning is all that is out there.
I've been running Windows for 10+ years. I've had 1 virus in that whole time, and that was my fault because I didnt bother to update my version properly.
"Joe looks like with have an ID10T on our hands"
Hello,
My question is, does BSA and majors create this virus?
AV is essential on a Winbox - but that doesn't mean that it should make the machine run like a dog! And these are pretty damn fast machines we're talking here. The difference (with/without) is pronounced.
At the risk of being pedantic, Mr. "Evil Viper,"
IT'S "VIRUSES."
Not "viri," "virii," "viriii," or "viriosi." In this house we respect the rules of English pluralization. I'm not even aware of a Latin plural of the form "virii."
"and there doesn't seem to be anything in any Unix system that makes it inherently immune to viri [sic]..."
Except fundamentally good design decisions and a willingness to CHANGE the architecture if a flaw is discovered. Do you have any idea how many thousands of viruSES would be eliminated if MS decided to tighten things up a little?
+4 Insightful, my ass.
There have been some pretty bad remote-root Linux holes. If 90% of the world's desktops had been running Linux, you can bet there would be worms exploiting them. In fact, back when the internet was mostly Unix, this very thing happened with the Morris worm.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
I hate Norton and Mcafee because they each run like 6 different processes when the system boots up. Who needs a virus when they have an anti-virus utility that causes more load and overhead than everything else combined. Not to mention their scare tactics to get people to spend more money. I think AVG and AVPE are fine solutions, just most people don't know they exist.
Saying Java is nice because it works on all OS's is like saying that anal sex is nice because it works on all genders.
What truely surprises me is the fact that this is the 19th incarnation of the Netsky virus, and the can be really quite revealing about how much "Joe and Jane Blow" really try to protect their computer, even after all the repeated assaults from multiple virii in recent times. I am sure some blinded, elitist geeks out there will point out that 'Joe and Jane Blow are too stupid so they get loads of virii instead of moving to Linux' before moving to the next discussion whih can sprout a pro-Linux, anti-Microsoft thread. Believe me, I do know a lot of Joe and Jane Blows, and if you do not then simply forget about your elitist argument, because for the most part they are not simple or stupid. They want to surf the Internet, check their e-mail, play some games and perhaps download music -- they do not want to program a database engine, do not own a Linux box for a hobby, do not start counting lists from '0' and think anyone who thinks learning Pi should perhaps see a doctor.
So, they ask you for help because they think they have a virus or are feeling a slowdown. You do everything they should have done, that is install Ad-Aware, update it, scan for spyware -- and find some truckload of the bloatware eating up disk and registry space (and I'm not going to start on the RAM). That done, you download AVG Grisoft, update it, scan for virii -- and find several hundred files contaminated by virii, and that is quite a lot to clean up. Finally, you install a firewall -- preferably ZoneAlarm or Kerio Personal Firewall -- and set it up for them, so no more Blasters et al sneaking through some obscure system ports. The best option, on the long term at least, is to be sure to install a firewall with preconfigured program access rights (and I think Kerio Personal Firewall has this feature), and I shall tell you why: it may seem simple for any of us to simply check a checkbox for the firewall to remember to allow Half-Life Launcher to attack the Internet, and I truely thought this was the case for anybody -- after all, all the firewall does is ask a simple question, at least what seems like a simple question for most of us. Then, my grandma, who has barely touched a computer all her life, tried the new one she had bought to have a pastime during her six weeks' inability to walk. And the result was pretty surprising, to say the least. A new icon on the desktop, or even a pop-up, can get her panicking. So can you imagine this kind of non-techie, new user getting a firewall pop-up every minute for every program this user launches? This is why a preconfigured program access rights list is something good to have.
Of course, anyone can go without an antivirus by simply installing a firewall and knowing what comes in their e-mail -- or, for those who grasp the technology a bit more, just block the ports manually; but Joe and Jane Blow have much more simple needs and don't want to have to learn loads of techniques simply to avoid virii and spyware, malware which they do not notice most of the time. In my opinion, the best way to prepare Mr. and Mrs. Blow against all this malware is to set up their software so at best, they can surf around and write emails totally unconscious of this protection, since in this case the software updates itself and does its job automatically. You can also give the user further tools against malware, such as replacing their browser and e-mail clients with Mozilla/Firefox and Eudora or Thunderbird. You should also set them simple guidelines, such as to always refuse anything whatsoever from a source they do not trust. Try and get them to buy commercial software (Norton Internet Security or McAfee Internet Security) as in general it offers better protection and a bit more tools that shall make everyone a happy bunny. Joe and Jane Blow want to know that they are protected against virii and spyware, but do not want to know how, and you'd be rather stubborn to get, what in their opinion is an extra worry, on the
"Really, I'm not out to destroy Microsoft. That will just be a completely unintentional side effect" -- Linus Torval
That's a very interesting piece of news. Do you have a source for this figure of 7? Imagine... you could instantly multiply the capacity of hard discs by 128x!?
err, if you want to use the computer that you just bought (the one with Windows installed on it because they refuse to sell Windows to naughty resellers who try to install anything else on *any* computers they sell), you have to agree to the EULA. I'd say that's pretty conclusive coercion.
That is my question and one have to answer that before one start bashing clueless users. In my opinion every OS out there should be as secure as possible out of the box. I dont like how windows has every feature known to man on by default as little as i like how linux dists keep having deamons started by default. The OS should be locked down and demand user intervention to be opened up. Not that it should be difficult to start things, thats not the goal. The goal should be that the user is not supposed to secure the machine they use, it should be secure by default and then opened up by the user if that is demanded.
As linux becomes more used by newbs who hasnd any interest in locking it down it should be as secure as possible by default. That way if the box get hacked because of bad settings you can atleast put the blame on the one unsecuring it. Blaming a user who just installed it and never secured it is impossible and doesnt fly, thats why i dont listen to the people who say "they should have installed whatnot". Thats what the OS should do, provide basic services like security etc. If an OS demand an antivirus addon and adaware and things, maybe something is wrong in the OS?
I hope linux gets proactive and riddens itself of the same bad decisions as MS have done. Dont trust the user to secure things bacause we have seen in the case of MS Windows that thats not going to happen.
HTTP/1.1 400
Maybe it's the best approach.
I mean turning Linux into functional, but "idiot-proof" workstation. Increase number of runlevels and make each of them somehow limited. It could be a boost towards popularizing Linux desktop.
Powerful idea IMHO.
Somebody had a webpage in australia that told of all the jumping through hoops he had to do to get his M$ refund. And newer laptops had a "if you TURN THE MACHINE ON you agree to the EULA" clause, so that the next poor sod can't even boot with a linux CD and wipe it clean before booting into Windows.
Currently there isn't enough awareness of viruses because they don't do that much harm to the people who get infected. The network admins know about it, of course, and they go around lecturing and threatening people, but it's all way too abstract.
In order to show people the problem, I propose a vaccine virus:
It would spread using many different methods, but in the quietest way possible. Use e-mail attachments, buffer overflow exploits, everything that's being done, but keep it quiet. Don't scan a thousand machines a minute, or send out millions of e-mails. Make the e-mails look like other virus e-mails, scan slowly, etc. The idea is to get onto as many machines as possible before triggering. Once it triggers, wreak as much havoc as possible on the infected machines. Delete files, overwrite them to be sure. Target document files before OS files. Hit network shares. Wipe out partition maps. Trash the BIOS if you can.
It would be a pretty terrible virus, but I bet people would get serious about prevention after the dust settled. But is the cure worse than the disease?
(Disclaimer: I'm not actually advocating this! Please don't take me to jail. It's just some food for thought.)
Mod down posts with a "Free Mac Mini/iPod" sig, they're spam!
"Antivirus software has become so beloated these days. I run Norton Antivirus on my Windows machine and it turns it into a lag terminal."
....and no, I have no affiliation with AntiVir, I just think it's the best and least bloated antivirus app out there (and it happens to be free which is a great bonus!)
Norton certainly behaves this way. when I visit a client that has Norton on their machine, I recommend that to speed up their machine, they uninstall Norton and install the freeware antivirus checker called AntiVir:
www.free-av.com
They are always amazed at how getting rid of Norton Antivirus suddenly speeds up their system about 200%.
NAV used to be really good back in '99 or so, but recent versions have been bloatware hogs like nothing else I've ever seen!
Give AntiVir a try - you may be similarly amazed!!
Visceral Psyche Films
Vote with your wallet by enrolling in a few computer education classes and a few rounds of beers at the local LUG meeting. The $ per hour you'll get from these guys makes a spotty-faced MCSE with six months experience look like lawyer's fees.
You either give enough of a shit about your security to run a secure, free operating system and invest time in learning it, or you give enough of a shit to pay hundreds of dollars for security suites to tack onto the side of an OS you already paid hundreds of dollars for. Or, the third option, you don't give anmy shit about whether your box and your data is safe, whether your home computer is being used as a spam relay, a child porn warehouse and an irc relay for al-Qaeda.
If you want to own a computer, them's your choices. No matter what they say, you always have choices.
You, and my mother (who now thinks of KDE as home), and my friend whose win2k box I locked down yesterday, and my employer who won't upgrade from win98 to 2k "because it's not as stable" and my grandmother may not think that owning a computer requires any degree of responsibility - but it does. The biggest of all of Microsoft's evils, in my opinion, is the propagation of this lax attitude towards computer security - the attitude that you shouldn't HAVE to worry about it. It'll take years, maybe decades to breed out of the computer-using populace.
L
Great explanation of just how irresponsible certain software manfacturers are being.
Are lot of the reply's you're getting are in the vein of:
"But you don't have to agree to the EULA"
and "What about OSS"
Okay guys, here's the difference:
A MS EULA is like me going out, buying a house, and after closing on the house I come home to find a big sticker on the door that says,
"by breaking this seal you agree to the following terms:
-You do not really own this house, you're actually leasing it from us.
-We are not responsible if this house turns out to have numerous major problems that we didn't tell you about.
-You may only use this house for purposes X, Y and Z, any other use is strictly prohibited.
-etc, etc, etc
It's clearly stupid and not a legally binding contract. I can rip that sticker of my door without a worry in the world. The same needs to be true for software.
A good example is disclaiming any and all warranty:
This needs to be done BEFORE I give you my money.
It's like a car manufacturer trying to sell a new car with absolutely no warranty by sticking a note in the glovebox when you're driving it off the lot.
The deal is already done. The note means nothing. The manufacturer is still responsible for all normal, implied warranties.
Now what about OSS?
First off, I'm going to talk only about the GPL. (Other liscenses are typically very similar.)
Now the key thing is that there are some very big differences with GPL'ed software:
1) It's free. Free things are typically not legally required or assumed to carry warranties. There also don't seem to be many laws about disclaiming liability when I give you something for free. There's nothing that says the item must be provided in any form other than "as-is", unlike commercial/retail sales. I can give you a car with rusted out brakes for free and not have to fix them for you. If I was a car dealer, charging you money, I might have to fix those brakes (unless there was some agreement made about them at time of sale).
2) The GPL is not a EULA. You do not have to agree to the GPL to use a GPL'ed program. A lot of people have trouble understanding this one. There are even programmers who make the GPL pop up when you run their program and force you the check "I agree". These people are all wrong. The GPL only governs redistribution. As such, it's not trying to get rid of any rights that you would normally have. In order to gain a right that you wouldn't normally have (redistribution of someone else's copyrighted work), you must agree that this new right is subject to a set of conditions. If you do not agree, you do not get those rights, not because to GPL says you don't, but because copyright law says you may not redistribute other's work without their permission.
Life is too short to proofread.
Where is the BBC story about how RIAA is dangerous and obviously behind this "new" attack ? The mainstream media is a joke, they mostly just repeat each other, except when the BBC gets creative. Don't know if I should approve or not, but it does spice things up a little when they out and out make stuff up.
...I swear I haven't been to any porn sites...
Wal-Mart, McDonalds, Microsoft
We all know they sell crap. Lots of people make better products, yet they are number 1. The fact is most people must not care or they wouldn't be where they are. It's cheap and easy, and easy to make due.
In regards to Microsoft when they finally were forced to start trying to make a secure product they were forced to push back the release date for years and finally cut back the feature list. We'll see what they finally come up with. Things are gradually getting better, but only because competitors are forcing them. It makes sense that they would improve at the slowest rate possible.
If people really cared, they would pay for QNX or something similar instead of Linux.
In the end it may be like cars. It took over 50 years before seat belts became widely available, and even longer before they were required. I don't know how long it will take before computers are regulated like that, but I think it will happen eventually. Once todays kids grow up and everyone has lived with computers as part of their life.
where if I buy a house from anyone else, all of the major retailers won't sell me plumbing, fixtures, or even dishes and none of the handymen know how to fix anything.
Yeah, sure, the EULA is a contract I chose to sign. As opposed to all of the other choices I have out there.
In fact, this is getting fixed. For many advanced users, Linux is perfectly capable of providing anything they need. But someone shouldn't be forced to "sign" a crazy contract because they're not a computer expert.
That's ignoring the fact that there are legal restrictions on what rights you can sign away in a contract.
And also ignoring the fact that a EULA ISN'T A CONTRACT. I didn't sign anything - I clicked a button after I already bought a non-refundable item. Some choice.
... with other products that are sold, they can not make you agree to a license that absolves them of suitability for purpose or that has serious defects that cause harm. These are normal product consumer warranties. Apply the same laws to them as apply to vacuum cleaners, cars, blenders or whatnot. Even if you AGREE to giving the manufactuer a free pass, it's still not legal. See my latest post on the CEOs and security article.
I'll pre answer the argument that they always use, that it's an "intangible" that it doesn't really "exist" in the normal way of thinking. Swell, let them accept MY intangible "money", I'll email them a jpeg of a stack of cash for their "product" then.. Swell
Where I work we have had three computers wiped out by virii in the last few months. Of course, every one of those was in Sales or Marketing. Those of us in the technical and productions sides know better than to open every email and open attachments directly. In fact, before a new employee is allowed to use a computer, they are trained on saving the attachments and virus-scanning them. Yet, somehow, these individuals still manage to infect their computers. How? Stupidity ranks 1st place (as two were knowingly opened by people who "thought it might be a virus, but wanted to check to be sure". The third was Microsoft's idiocy with OE defaults -- preview panes that open attachments automatically and display full HTML on received messages. Such a helpful "feature" for those who want to spread virii quickly.
I was taking one day at a time, but then several days got together and ambushed me. (from a Rhymes with Orange comic)
The post doesn't say it, but it definitely insinuates that the nefarious RIAA and possibly the BSA is behind this latest worm. Unfortunately, that kind of knee-jerk reaction is counterproductive to finding the real virus spreaders.
It's not counterproductive. While these orginazations are stampeding over the rights of individuals, they deserve intense scrutiny.
We are one consciousness experiencing itself subjectively. Back to you with the weather, Bob!
Many use heuristic routines to detect new viruses that have not been seen yet.
Cant do much about cleaning them, but they can at least block them and warn you.
---- Booth was a patriot ----
... that's the big difference. OSS "products" are not marketed, they are given away. Closed source and proietary are sold for a profit (usually, generally speaking now).
:
Rule of thumb to my way of thinking is
sold as a "product" = normal consumer warranties required
given away free = a "freepass" EULA type license/contract is acceptable
Perhaps the 'attack' on P2P services is just to divert attention away from the real intent.
Get people looking the wrong direction at the RIAA why they do damage somewhere else...
Also, why cant these people just get a life.. While I've not been infected ever.. i still have to deal with hundreds of email's a day, and constant attacks that are filtered at my router which waste my bandwidth..
Its really getting old.
---- Booth was a patriot ----
... and I hope it does. there's no reason any longer for software that is sold to be treated differently than other product. As opposed to the intangible "art" that is sold as entertainment, software products are rleased because they "do something". They need a warranty if they expect to be paid for them.
My university has been filtering out any and all Windows executables or compressed files from its email system for a couple months now. Even though they sadly missed .scr files last week I think this approach is perfect.
People receiving their email shouldn't expect an executable, the server should have filtered them all out. The upshot to this is that the email server only really has a bandwidth problem on the download side, the uploads should be stripped of unnecessary attachments.
I know there are exploits in these too, but media such as pictures and text documents should be the only thing allowed. Clemson students don't get and image.jpg.pif files anymore. If someone wants to share an executable they put it on their webspace and give to URL to their friends.
Direct away from face when opening.
I get really uneasy when I hear about the built-in firewall in Windows Longhorn. I mean, really all a software firewall does is get in between specified ports on the network and the applications that want to listen to them. And then I think of the programmers at Microsoft, setting up the default install of Longhorn, thinking, "Oh, we can leave this program listening on port X. It might not check its inputs for buffer overflows, but the firewall will take care of that." And then I predict that the default setup for the firewall will block off ports required by Everquest 3, so it will get turned off. And then those vulnerable programs are out there listening on sockets they shouldn't be, all because it was easier to apply a band aid in the form of a firewall than to write secure software instead.
</rant>
--
E_NOSIG
Does anyone else see this as scary?
..or am I watching too much Alias?
Say CEO Craig at Music Supercorporation has the idea to use these "worms" for his own advantage. He tells Lackey Larry to see if he can put a stop to P2P networks, and "Larry, keep this off the books". So Larry digs into the virus community on his own and hires some kid to modify a worm to take down his perceived enemies: the P2P filesharing community and serial-cracking web sites.
It seems like an obvious background story for this worm.
Don't tell people to use Grisoft! The e-mail addy you give them gets on spammers list the very next day. I've tested this 3 times, after getting screwed once by using my yahoo e-mail addy.
Created a new e-mail addy for them, give that to them for registration, and a unique name. You will get spam listed t othat brand new e-mail with subjects showing that unique name.
So this free version is far from free, people will get 100+ spam a day just from these scum bags. I just advise people to get soemthing else. (for me f-prot, $50 for 10 PC's)
The spirit of resistance to government is so valuable on certain occasions that I wish it to be always kept alive
... hey wait a minute, that's not right.
> I've run XP for over a year and every once in a while, just for kicks, I install AVG and AdAware.
>Last time I ran AdAware 6 with the latest definitions, out of 90000+ items scanned, it found ONE registry key.
> And AVG has not once turned up an infection of any kind.
> So I ask the other windows users, what the hell are you doing to require this.
I have similar experiences and similar configurations of Win9x and XP boxen over longer time periods.
We're paranoid. So are "they". The difference is what kind of paranoia we're afflicted with.
You and I appear to be working with the "good paranoia". The IE HTML-rendering engine is terminally buggy and hooked too deep into the OS and other applications - avoid using it. When I first touched XP, I asked "WTF is that listening on ports 445 and 135?" and blocked it (and "WTF is uPNP? I don't have anything that uses this", and shut the offending services down and/or blocked the ports. Etc. etc. etc.
Security is a mindset, not a cookbook. That's "good paranoia".
The people that run six AV scanners (all conflicting with each other :), and think that the seventh (when IE pops up, or an email shows up saying "Security Al3rt! YOUR IP ADDRESS IS EXPOSED! Click YES to insta11 a FR#EE APPL1CATION to PR0TECT your SECUR1TY and PR1VACY!", aren't of the security mindset. They're looking for a magic bullet, and they'll keep buying anything that anyone sells them, as long as they're promised that this one (really, honest) will fix all their problems.
That's "bad paranoia".
By way of analogy.
Good paranoia is spending $100M to reinforce the cockpit doors (or better yet, removing the doors and separating the crew cabin from the passenger cabin entirely) and adding sky marshals to (attempt to) protect the contents of the passenger cabin.
Bad paranoia: Spending $100B for the ability to issue a press release including names, addresses, and favorite sexual positions of all the victims... while the charred bodies are still smoldering in the rubble.
Yeah! (: