Infected PCs for Rent

prostoalex writes "UK authorities are raising concerns about entire networks of infected and compromised PCs (BotNets) being available for sale or rent to the highest bidder. The Register quotes a detective from Hi-Tech Crime Unit saying 'The trade of BotNets of compromised machines is becoming an industry in itself. Organised crime is making use of this industry.'"

I'm going to rent a bunch of these

Install distcc, and install Gentoo in record time.

Re:I'm going to rent a bunch of these

[irokitt]

On the same note, SETI@home is also interested.

Re:I'm going to rent a bunch of these

[Lord_Slepnir]

you mean in under 8 hours???

Re:I'm going to rent a bunch of these

Stage 2? That's cheating. :) Stage 1 or nothing!

Gives a whole new meaning

[overshoot]

to "on-demand computing."

Kinda sad to see IBM, HP, and others lagging so badly in commercializing this important new technology.

Shouldn't the vice department handle this?

[AtariAmarok]

This is exactly the same sort of problem that happens in the world of prostitution: pay your "rent", get a disease.

Re:Shouldn't the vice department handle this?

Not that any of us Slashdotters would know anything about prostitutes... hahaha.... hahaa... ha.

Re:Shouldn't the vice department handle this?

[Penguuu]

I don't think this is same sort of problem, because with prostitute, you know (or you should know) the risks yourself, and it is your own choice. When your computer is compromised, and part of botnet which is sold to some evil people, who want to take servers down, you probably don't even know about it yourself. Of course, you should take care of security (anti-virus, firewalls etc.) but most people sadly don't know or don't care about. Biggest loser in this are those poor guys, who are going to be targetted by attacks.

The real culprits...

[D-Cypell]

Good to see big industry players using their expertise and experience to enable new market creation.

Re:The real culprits...

[D-Cypell]

Just incase it wasnt clear...

What ever could I mean by big industry players?

Damn

[Beer_Smurf]

Damn, one more thing I can't do with my mac.

Blessing in disguise?

[Dachannien]

If you can sell it, you can get stung selling it. This may be the sort of thing that law enforcement agencies need in order to start busting people.

Re:Blessing in disguise?

[shadowbearer]

Also, anyone who "purchases" this and starts using the network is likely to get caught up in the sweep. Not that I'd feel all that sorry for them...

SB

Re:Blessing in disguise?

[pavon]

Only if the machines were hijacked illegally. I wonder how the court would rule if the distributed service running on the machine was a spyware program that technically told the user what it was doing (because none reads software licence agreements) and which the user agreed to install.

Now if these machines were being used to do something illegal then the buyers of the service could be held accountable, and the money trail makes it trivial to track down.

Re:Blessing in disguise?

[maximilln]

This has been the crux of my argument against EULAs from the outset. A good programmer should not be held accountable if some blackhat exploits a hardware bug througha software availability. However, EULAs ensure that crappy programmers aren't held responsible for profiting from code that they know places the user at risk.

The courts answer has been to hold the end user accountable for everything. You were hacked? It's your own fault? Your computer was used as a kiddie pr0n relay? It's your own fault.

I guess it makes money for the court system but it doesn't do much for society.

Re:Blessing in disguise?

[StormReaver]

"If you can sell it, you can get stung selling it."

Bingo, and the reason that this will be a problem, at most, for a [subjective term]short[/subjective term] period of time.

I haven't gotten a single spam message since the two recent spam ring busts. Now that law enforcement sees these things as problems, and has a little experience handling them, I don't think this "problem" is going to amount to anything significant.

Terrorism?

[MrChuck]

So how long before companies/gov't are taken "hostage" by rented DOS machines?

Now, if we just BLOCK connections from windows boxes to our machines except for (say) WWW or DNS, then our lives are better. pf (in openbsd and now freebsd 5) can do it.

Me? I'm pulling IPv4 stakes up. Only been spammed once by someone with an IPv6 address.

Re:Terrorism?

[irokitt]

"I'm pulling IPv4 stakes up."

Just curious, what do you mean by that?

Re:Terrorism?

[nil5]

Me? I'm pulling IPv4 stakes up. Only been spammed once by someone with an IPv6 address.


Looks like the only person using IPv6 is a spammer!

Re:Terrorism?

[nacturation]

How can you determine what kind of machine a TCP/IP packet is sent from? Is it not possible to spoof this also? Also, allowing anything but www/dns traffic does nothing for a denial of service attack which targets a website... sort of like the ultimate slashdotting.

Re:Terrorism?

[PurpleFloyd]

So how long before companies/gov't are taken "hostage" by rented DOS machines?

It's already happening. Plenty of online casinos have been the victims of blackmail from DDoS attackers - basically, the DDoS'ers are running a protection racket. I've heard that the Russian organized crime syndicates may be involved; obviously, this is only speculation by myself and others.

Re:Terrorism?

[Rich0]

There are fingerprinting techniques based on things like sequence numbers which can identify some specific OS's. However, it is possible to spoof - but only if you are generting raw TCP packets. I'm not sure if windows supports this. Normally you just make an OS call to open a connection and give it the data to relay.

Re:Terrorism?

[dustmite]

Distributed DDOS on an organization's servers IS NOT TERRORISM already (unless explicitly accompanied by physical violence or threats of physical violence). Sheesh, have we all been that brainwashed already by Bush and things like Patriot Act?

If DDOSing some servers is "terrorism", then so is almost every single crime in the book.

Re:Terrorism?

[irc.goatse.cx+troll]

"Now, if we just BLOCK connections from windows boxes to our machines except for (say) WWW or DNS, then our lives are better. pf (in openbsd and now freebsd 5) can do it."

At what cost? Maybe your 500mhz k6-2 can block your sister and moms wintendo box from accessing kazaa, or even route all windows wifi users to a page that autoexploits all ie versions, but what kind of cpu power do you think it will take for an entire ISP to start routing tens of thousands of hosts based on OS version? I'll give you a hint: theres a reason it hasn't happened yet.

Re:Terrorism?

[BandwidthHog]

Would that be the dreaded Raw Sockets support that Steve Gibson got himself so apoplectic over a while back?

If so, then yes, it would seem Windows can do that now.

And apparently Mr. Gibson doesn't think that's such a great idea, or something.

Re:Terrorism?

[PurpleFloyd]

"Speculation is worth nothing"

Jeez, you must be really new here, huh?

Re:Terrorism?

[Glamdrlng]

Distributed DDOS on an organization's servers IS NOT TERRORISM already

But that nice man Mr. Ashcroft already told me that selling the pot was domestic terrorism...

Actually, what I'm waiting for is not only for DDOS attacks to count as cyberterrorism, but for downloading pr0n to be considered "moral terrorism".

One add-on though, I would assert that cracking or DDOSing that results in intentional harm to someone (bringing a 911 center down or targeting a hospital network, for example) can pretty easily be considered terrorism. Blackmailing an online casino? Not so much.

Re:Terrorism?

[MrChuck]

Not ISPs. Not them. You! Just each of us personally. Of course this is slashdot. Where most of y'all are running Windows. (Me? I count 12 working boxes in sight, with 4 Intel now (none 4 years ago). And no MS software in the house.)

Mom? Bro? MacOS thank you. OSX means I can fix mom's machine from 3000 miles away.

So yeah, my boxes that serve and relay mail (80% spam) can just block SMTP connections with Windows fingerprints. Perhaps just bump it up to port 26 and a listener with much more rigourous anti-spam.

Nah, just segregate the dangerous windows folks off. Like to AOL or CompuServe. I'll never get back the happy days when you had to be tall enough to be on the Internet.

And yeah, 2 people on IPv6. Heard about the same thing in 1990 about the Internet. Just a couple geeks. Nobody over here. You guys just stay on your boxes and keep your CompuServe accounts and stay on IPv4.

RE: terrorism
When important services are brought down by DDOS and viruses (east coast blackouts anyone?), it's terrorism. The U.S.A.P.A.T.R.I.O.T. act notwithstanding, being able to buy and run hundreds of thousands of compromised Windows machines (and cable/DSL providers and MS stand by with no action) means that we ain't seen the least of it.

Re:Terrorism?

[SacredNaCl]

So how long before companies/gov't are taken "hostage" by rented DOS machines?

That kind of thing already happens. A friend of mine does administration for a couple small and medium size ecommerce sites. The calling card is typically a 30 minute DDoS attack followed by an email and/or phone call saying "we can make this problem go away if you pay us".

If you don't pay them they DDoS you a few more times. If you pay them, they DDoS you a few more times and demand more money. Only option is to go to the Feds with it and hope they use attacks your upstream provider can help filter.

Re:Terrorism?

this is Vladimir Borshevski
we have noted your slashdot identification number
if you do not stop suggesting in your slashdot posts that legitimate russian business men are involved is such illigitimate adtivities then we will be forced to post a link to your personal homepage on slashdot front webpage (we own taco). you can avoid such unplesantness by sending me check for 200 american dollars.
Vladimir

Re:Terrorism?

[sgifford]

It depends on whose computers they are. 18 USC 2332 (b), as modified by the Patriot act, defines terrorism as:

(5) the term ''Federal crime of terrorism'' means an offense that -

(A) is calculated to influence or affect the conduct of government by intimidation or coercion, or to retaliate against government conduct; and

(B) is a violation of ... 1030(a)(1) (relating to protection of computers), 1030(a)(5)(A)(i) resulting in damage as defined in
1030(a)(5)(B)(ii) through (v) (relating to protection of computers),

18 USC 1030a refines this:

(5)(A)(i) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;

(ii) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or

(iii) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage; ...
(B) by conduct described in clause (i), (ii), or (iii) of subparagraph (A), caused (or, in the case of an attempted offense, would, if completed, have caused) -

(i) loss to 1 or more persons during any 1-year period (and, for purposes of an investigation, prosecution, or other proceeding brought by the United States only, loss resulting from a related course of conduct affecting 1 or more other protected computers) aggregating at least $5,000 in value;

The courts have been very liberal in how they define damages to computers; shutting down a government department for a few hours would easily meet this criteria.

So if they're the government's and you say "do this thing or else I'll DDOS your computers", it's definitely terrorism.

The interesting question is, under this law, would it be terrorism for me to say "Senator Levin (our excellent senator from Michigan), if you don't vote against DMCA II, I'm going to have all of my friends email your office" if doing that results in crashing their mail server, forcing them to buy a new one for more than $5K? I guess ambiguities like that are what you end up with when you write a several hundred page law in a few days, as the Patriot act was written.

Re:Terrorism?

[Feztaa]

It means he's ditching IPv4 altogether and going exclusively with IPv6. I think.

Re:Terrorism?

[kubrick]

Distributed DDOS on an organization's servers IS NOT TERRORISM already (unless explicitly accompanied by physical violence or threats of physical violence).

Shouldn't terrorism imply political ends as well? Mafia standover men aren't 'terrorists', for all that they use terror as an extortion tactic.

Re:Terrorism?

[JDWTopGuy]

Actually, he's a bookie and he's upping the odds of getting attacked over IPv4. :D

Re:Terrorism?

[msim]

"I guess ambiguities like that are what you end up with when you write a several hundred page law in a few days, as the Patriot act was written."

I always imagined that the Patriot act was sitting on someones desk gathering dust waiting for an event like this so they could crack it out and morally ass fuck the lot of you.

Re:Terrorism?

[Hoch]

The only problem is that there is noone behind it anymore. I fear that the computers have gained sentience and are creating a cashflow for themselves. It is just a matter of time. Skynet is here!!!!!! Run for your lives!

I for one welcome our Casino-extorting, computer overlords.

Re:Terrorism?

[ezh]

well. sorry about being rude in my earlier post. i've been living abroad for quite a while now, but each time hearing something 'those evil russians again' based (mostly) on old cold-war superstitions insults me deeply. not that i don't mind /. subjective opinions on subjective opinions of others. in any case, i meant no disrespect to you. once again, sorry for being impatient and rude.

A preview for Grid Computing?

[datastalker]

While it is deplorable that it takes criminal action (or porn) to move technologies to the forefront, it does happen. This, to me, seems like the famed "Grid Computing", and whilst stopping criminals, I hope law enforcement learns enough to pass the knowledge on so that others can use it for legitimate computing.

Re:A preview for Grid Computing?

[Abcd1234]

Bah, this is definitely *not* grid computing. Grid computing is sorta like clustered computing, but not quite, where it's possible to purchase CPU cycles from the grid for use in high-performance computing applications. Think a beowulf-for-hire, only the nodes aren't necessarily commodity hardware (for example, here in Western Canada, there's a project to build a grid connecting various academic supercomputing resources).

These zombie-nets, OTOH, are simply large networks of computers that can be asked to do the same thing on a large scale. BFD. Hell, I wrote some Perl code to do just this for administration of a testbed during one of my previous jobs. It's nothing new, and most definitely not an advancement of technology.

Re:A preview for Grid Computing?

[gregfortune]

Sorry, but no. Very little "computing" would be taking place as the basic function of the zombies is to send large amounts of data to unrelated hosts. It's not as if the controlling computer is asking for computed results...

Re:A preview for Grid Computing?

[Paul+Townend]

I think that's a really dodgy view of Grid computing. Grid computing is essentially resource/service sharing across heterogeneous nodes (i.e. different types of machines - macs/pcs/microscopes/etc). To do that, the Global Grid Forum are developing a load of standard protocols and methods for getting everything to inter-communicate.

As far as I'm aware, there is currently no standard way of purchasing CPU cycles or similar, although there are a number of working groups whose remit probably covers this.

The beauty of the Grid is more in being able to seamlessly connect to pretty much any hardware resource you want - I suspect that in reality, the actual economics will be dictated more by existing commercial agreements more than anything else.

Re:A preview for Grid Computing?

[walt-sjc]

Where grid starts taking off is in corporate (or educational) environments where you have tons of hardware on desktops all over the place that spend 99% of the time doing nothing.

I really don't see it as a "public" resource kinda thing where you sell your bit of CPU for a couple bucks.

Re:A preview for Grid Computing?

[gnu-generation-one]

"Where grid starts taking off is in corporate (or educational) environments where you have tons of hardware on desktops all over the place that spend 99% of the time doing nothing."

University computers: queues for PCs at any hour of the day or night, and 80% CPU when they're being used because they're 500MHz pentiums running Windows.

Normal corporate computers: okay, these aren't being used at night, but remember they're being maintained by petty little people whose ideal day at work involves imposing a coffee-machine policy: don't be surprised if they're all powered-down at night to save electricity.

Corporate development machines: Rather better specified (racks of dual 3GHz machines), but again being used day and night, almost continously compiling, running, or testing something, and at night (when the developers leave at midnight), they're either left compiling something that takes all night, or left downloading ISOs that would take too much bandwidth in daytime.

Grannys' home computers: turned on when needed. Arguably it's mostly idle, but the owner will complain like buggery if it's ever slow to respond, plus it's internet connection is a 56K phone line once every 3 days.

Slashdotters' home computers: Constantly on, and constantly in use. How many people are going to put up with Tribes running slowly because their "idle" computer is being used to fold proteins? And how many people want their pr0n to download slower because they're DDoSing some public target?

So where are all these PCs running at 1% CPU continuously?

Re:A preview for Grid Computing?

[xdroop]

The problem is, the term 'grid computing' has been hyped into meaningless.

CPUs on demand? Clusters? Beowulf? Supercomputers? They all use the term 'grid' to describe themselves, even though they all are different things.

Re:A preview for Grid Computing?

[Abcd1234]

Which doesn't change my point that zombie-nets are pretty far removed from "grid computing", and definitely do *not* represent a big leap forward in the concept, at least, IMHO. :)

Re:A preview for Grid Computing?

[dknj]

University computers: queues for PCs at any hour of the day or night, and 80% CPU when they're being used because they're 500MHz pentiums running Windows.

Maybe a community college, but our department (computer science) just ordered 150 3.0ghz (HT enabled) machines. They will all be idle between 2am and 6am everyday with maybe an average of 15% cpu usage over the entire day. More computers have been ordered for the rest of our campus which will undoubtly be doing the same thing. You underestimate the funding of higher education institutions.

-dk

Immense power.

[nil5]

With the number of known vulnerabilities in Microsoft operating systems, (not to mention the ones we don't even know about) it is really not hard to imagine these botnets being frighteningly large. I read one article that estimated the current number at something like 100,000! I'm doubt it's enough to bring down the entire Internet, but this could still be capable of providing some crushing DoS attacks, a la SCO.

Gives some merit to distributed hosting companies like akamai, etc.

Re:Immense power.

[walt-sjc]

My guess by looking at the reject logs of my mail server is that it is at least an order of magnitude larger. These machines are not "owned" by all the same hackers / spammers though, so the impact that one hacker has is not as large as you would think.

Re:Immense power.

[Glamdrlng]

You speak the truth. Consider the existence of trojans like phatbot, which spread by exploiting poor administration practices (weak admin account passwords, weak MS-SQL sa account passwords, etc), the back doors opened by netsky, bagle, and mydoom, as wells as every major windows vulnerability announced in the last two years.

Blaster brought networks to a standstill by exploiting one vulnerability. This thing has the potential to wreak some serious havoc. In fact, imo if so many admins hadn't gotten burned by blaster, this worm's impact would have been much worse. Regardless, this trojan and its variants could easily be modified to become worms (such build in an algorithm to self-propagate and voila) and could bring every network running windows machines to a standstill.

Learn to swim.

Kiss Me, I'm Redundant

I'm sure this will be redundant by the time it's posted, but at the bottom of the article:

The new Microsoft Partner Programme is here. Bringing all the advantages of previous programmes into a single framework, we've made it easier than ever for Partners to engage with Microsoft.

With three levels to choose from, you can select the one that works best for your organisation.

Become a Registered Member today. No fee. No obligation. Just clear business benefits, including:

Free business-critical telephone support (charged at national rate)

Free online technical support

Online sales and marketing resources

Sales and technical training

For more information, please visit: www.microsoft.com/uk/partner/programme

How is that possible?

[Mr.+Arbusto]

'The trade of BotNets of compromised machines is becoming an industry in itself. Organised crime is making use of this industry.'

How? Am I confused by think of organised crime like the New York or Russian Maffia.

Re:How is that possible?

[Carnildo]

Think "protection racket":

"Nice e-business you've got there. Be a shame if it got DDoS'd into oblivion by some unscrupulous types, wouldn't it? We'll protect you against that, for only $50,000 a month! How about it?"

Re:How is that possible?

[nametaken]

I'm definately still more worried about someone showing up at the storefront with six thugs behind him saying they have my girl in the trunk of their cadillac.

Re:How is that possible?

[shadowbearer]

That'll be SCO's next business venture...after all, they're already experienced, neh?

SB

Re:How is that possible?

[FATRanger]

The problem with this racket is that it offers no more protection than not paying them. If this was a physical case, and you pay protection money to your local crime syndicate, should some other criminals try to get protection money from you the guys you are already paying off will protect you, so that he can protect his income (and territory). When online there is nothing stop you getting DDoS'd by a different group every month. The group you are already paying off have no means of stopping the others, otherwise the government (to whom we pay for protection in the form of taxes) would be cracking down with that method already.

Re:How is that possible?

[Beryllium+Sphere(tm)]

Rumor has it, in fact, that some banks have paid blackmail money to gangs in Russia only to discover that blackmail gangs in Russia share lists of suckers.

The banks would get a message like "we've found $HUMILIATING_SECURITY_BREACH but for $25,000 we won't tell the press". Then they'd pay, and in a week would get a bunch more messages from other places making the same threat and demand.

Different kind of threat, but the same underlying problem.

destructive worm

what we need is a good destructive worm to take care of these. "sorry, you're too stupid to use the internet, deleting harddrive."

Re:destructive worm

[jrockway]

I would flash the BIOS, myself. Then they're *REALLY* fucked. Wipe the FAT (or whatever the new windows FS is) for good measure as well. Maybe that "HEY EVERYONE, IM LOOKING AT GAY PORNO" every other reboot would be good as well (if you don't feel like flashing the BIOS).

These days I don't even understand why viruses are illegal. You have to type in a *password* in order to be infected (the file is encrypted to avoid scanners). That sounds like consent to run to me (bye BIOS).

Re:destructive worm

[mcpkaaos]

That was a rather impressive "rah rah" way to not make any point whatsoever. Congrats.

Re:destructive worm

[Flyboy+Connor]

Why not destroy TCP/IP drivers only? The user will still be able to use his computer, but would be unable to connect to the Internet. And knowing this user (and believe me, I know him), his only solution to his connection problem will be formatting the hardrive and reinstalling everything.

Sorry Kids.

[platypibri]

You cannot rent these to get those outrageous URT2K4 frame rates you all crave so much. However, it does make me think about writing a "bail me out" script to log some of these machines on a game server as my "back up". Hmmm....

Despite all this ...

In Soviet Russia computers rent you.

Re:Despite all this ...

[mooniejohnson]

In Soviet Russia, bat beat Anonymous Cowards on the head... uh... you.

Sorry, had to be done.

Seriously guys. . .

[UFNinja]

We need to start beating the living crap out of people who mess with our stuff. Spammers, malware writers, black hats, you wouldn't put up with the neighborhood kid stealing your bike would you? No. You'd go kick his ass and take back your back. It's time to start kicking ass and taking back our Internet.

Awesome

[shadowmatter]

Whole warehouses of infected PCs for sale? Sweet. I think I'm gonna hit up this place right after I swing by the used syringe lot.

- sm

Infected PC's for Sale???

[WwWonka]

I find this article on infected PC's/networks for rent so full of sh..#$.\10# \AE \3H......

Welcome!

This PC is for rent.
Please contact us at

www.Claria.com

Distributed Malware.

[Leonig+Mig]

The scope of this is huge - true - I'm no industry player or top level developer - but still - we can all see the scope of this.

distributed applications are the killer app of the internet - XAML, .net, Java - all buzzwords. Grid computing - thanks to Oracle - The Internet - so much scope it created the biggest financial bubble in the history of capitalism.

Now - the corporates (MS?) are getting so inept that criminal gangs are stealing our future off us. Please - let's start stopping them.

please infect a PMG5 and sell it to me cheap!!

[bennomatic]

Absolutely! Boot to a CD, do a low-level format, or install a new hard drive, and that great deal you got is really truly a great deal! I wish that someone would sell me an infected dual 1.5GHz PowerMac G5 for cheap. Unfortunately, these sorts of infections--while not impossible on the Mac platform--are far less common, so I doubt that'll happen. *Sigh*.

Re:please infect a PMG5 and sell it to me cheap!!

[MrRuslan]

RTFA!!!...virus writers are renting out control of infected machenes whos users are clueless...OMG

Re:please infect a PMG5 and sell it to me cheap!!

[bennomatic]

Durn it, the one time I pay more attention to other comments than the FA, and this is what I get! OMG!

microsoft

[stfubye]

A guy I know runs his unpatched Windows XP computer 24/7, and never does virus scans. The other day he got 1000+ (around 400mb) executable files in his C home directory. I asked him what he plans to do about it, and surprisingly enough he didn't want to apply critical updates. He said he doesn't care what people do to his computer, because he does nothing important on it. It amazes how many people must think like him.

Re:microsoft

[Sanchez+The+Outlaw]

As much as I'd like to blame Microsoft for creating the security holes in the first place, no ammount of patches can make up for a user who won't keep his machine secure. I don't think he'd be so complacent if one day he found someone had deleted his files, erased his hard drive etc.

Re:microsoft

[Mesaeus]

But that's the point. They won't do that. Instead of having the one time small pleasure of torturing ONE imbecile, they'd rather use him as part of their undead legions, who can smite anything on the Net that even looks funny at them. His pc is far more interesting as a launch platform for attacks against people who do try to secure their networks and who (usually) DO have something worthwhile to attack. Morons like this are quite a bit more rare than 'normal' people, who will try to protect their pc's even if they fail utterly at it in practice.

Re:microsoft

[DoraLives]

I don't think he'd be so complacent if one day he found someone had deleted his files, erased his hard drive etc.

Which is why there's a case to be made for producing malware that's really mal. Perhaps even grand mal.

In a weird sort of left-handed logic, certain people would be doing the computing community at large a MAJOR favor if only they'd take the time to write viruses, worms, and trojans that would be so kind as to format hard drives!

Re:microsoft

[D.A.+Zollinger]

Well, that's the problem. People don't want to know about viruses, trojans, zombies, etc. They want their desktop. They want their applications. They want it to "just work."

Consider the phone. People just want to be able to pick up the receiver, dial the number, and talk to their friend/family/co-worker/etc... They don't want a phone switch in their house, sitting under their desk. They don't want all of the burdens involved in maintaining complex hardware.

I'm willing to bet that the first person/company who can provide people with a computing experience without a computer stands to make a lot of $$$. If they can provide the system maintenance, installation of applications, protection from viruses, protection from hardware failure - they will be able to open a huge market, and cash in.

This is where I think Linux will prove pivotal, because this is where we lead Microsoft. Our thin client paradigm is so different, that we lead in many areas. Consider how Microsoft does thin clients - 256 colors only, 800x600 max, 8 fps - all rendered on the terminal server where the "picture" of the desktop is sent down the wire to the thin client who displays the "picture" and sends feedback of mouse clicks and key presses to the terminal server. Linux, and X, render everything on the X terminal, and send back and forth on the pipe application information. What does this all mean? You can play quake 3 on a linux X terminal but you couldn't on a Microsoft solution. And it would take YEARS to fix that gap. We lead here, and we could exploit it if we jumpped on this opportunity.

Did I say World Domination? Oops...now you all know my plans...

Re:microsoft

[walt-sjc]

Which is exactly why MS machines should update themselves automatically by default. Power users can turn that off. Considering that the average user of XP Home is totally clueless, MS needs to take the higher ground. They know better.

Re:microsoft

[Rude+Turnip]

He'll care when there is kiddy pr0n on his computer that was put there by a hijacker and he takes the heat.

Re:microsoft

[BlaKmaJiK_]

I think your experience with terminal server/slient is a bit outdated. Current versions support full screen (max resolution determined by the client machine) 24bit color, audio mapping. Widgets are drawn by the client, not the server. Its a very nice solution (albeit a more expensive) to anything that doenst require openGL.

Re:microsoft

[Sepper]

Or simply a pop-up window that says:

"This is a Virus. If You do not click Cancel in the next 30 seconds, You computer will be formated!"

And went the user click cancel, present them an explanation on WHY this happened. Or something like that... Something with REAL infection-properties, but with only purpose to SCARE the user...

Re:microsoft

[Mycroft_VIII]

Actually I believe your premis actually supports the obverse of your conclusion. Well here's my thinking on it anyway.

no ammount of patches can make up for a user who won't keep his machine secure.

This is more reason to point some of the blame right at Microsoft. For releasing a product so buggy it needs dozens of patches in the first place. I understand no one is perfect, and no coder will think of everything, but with the number of people Microsoft hires to write code and so on they should be doing a better job of checking and examing thier code before releasing it.
If this were the case, especialy if of software in general, then patches would get more attention by thier rarity alone. As would exploits.
Frankly in a sane universe Windows update would mostly feature new codec, more languages, and other such improvements and updates to fit/use new technologies that didn't exist at publish time.
And for what it's worth some of us have pitiful connections, you want to try and fully patch winxp pro sp1 over a connection only hits 28.8 on a good day. lemme tell you it takes a LONG time.

Mycroft (all IMHO of course)

Re: microsoft

[Black+Parrot]

> Which is why there's a case to be made for producing malware that's really mal. Perhaps even grand mal.

Nah, grandmal would never do that.

Re:microsoft

[Mycroft_VIII]

I see your point, and if I trusted Microsoft implicitly I would agree.
Now will those who trust Microsoft please raise your hands.

hello.... anyone out there.......

In theory it's a great idea, have the machine fix itself so to speak. But many people will NOT like the concept of thier computer 'phoning home' by default, even if there is way to turn it off. (it's already there but it's opt in instead of automatic) and around you risk violence (or least being flamed and modded into non-existance) for even suggesting such a thing.

Mycroft

Re:microsoft

[t1m0r4n]

Which is exactly why MS machines should update themselves automatically by default

And, what, 60% of the U.S. remains on dialup. (Insert quote about dishonest stats here). Ever download MS updates via a modem connection? A current update takes longer than downloading the linux OS back in the BBS days.

Re:microsoft

This comment made a lot of sense to me until the poster went into the difference between Terminal Server and X. It's quite apparant that this poster has no idea about either.

Re:microsoft

[Bazouel]

Terminal Server is indeed from a prehistoric age, but it doesn't matter since with .net/XAML/Avalon/etc., it's web technology that will get used to make thin clients. They are still taking years to deliver that thought :)

Re:microsoft

[Animats]

I'm willing to bet that the first person/company who can provide people with a computing experience without a computer stands to make a lot of $$$.

It's been done. Ever seen a standalone X Terminal> Or the i-Opener. Both work reasonably well. Nobody wanted them.

Re:microsoft

[sjgm]

Most critical updates are a couple of hundred Kb - it's only the service packs (perhaps every year or so) that are tens of megabytes.

Somehow, I still managed to keep up with critical updates when I was still using dialup.

Re:microsoft

[BenjyD]

Security guards in my building (university engineering dept) do this - they test the doors of all the offices they walk past. If one is unlocked, they walk in and leave a note on the desk saying "I could have been a thief - keep your door locked when you're not in"

Re:microsoft

[ratsnapple+tea]

"...would be so kind as to format hard drives!"

Come on, is that the best you can do? Be creative! I'd like to see a virus send some private Word documents and Excel spreadsheets flying around the internet, courtesy Outlook's address book. I bet that would get people's attention.

I told you!!!

[DAldredge]

I told you /. was a DDOS front! Most of these 'stories' are placed by competiors of the companies linked from the stories...

I TOLD YOU!!!

Media-whoring

[Pike65]

Is there anything that Organised Crime isn't making use of these days?

I just wrote a (bad) paper on a networking structure for games systems. I give it three weeks from when I hand it in until Organised Crime get their hooks into it. Apparently film piracy is also part of Organised Crime, and not my mate Donn, as I have previously thought.

Call me a cynic - but it seems to me that anyone who wants to get the media in on their thing cites Organised Crime as a benefactor and watches the links roll in.

OK - I'm done.

There is a solution

[osjedi]

I strongly believe that the most effective way to end this would be to scan for compromised nodes, identify them, and KNOCK THEM OUT. Then the user can call the local home-computer fixit guy to come fix their computer. He'll see it's infected with malware and fix it. User gets his computer fixed, fixit guy makes a buck, and one less node is spewing out sh*t.
Yes, I know this approach would be illegal. A felony computer crime in fact. I want legislation to make it legal and justified. I see it as self defense. Compromised nodes are clogging the internet with crap and the best defense is to knock them off-line. If I were standing in the middle of the freeway, clogging traffic and causing accidents the police would come remove me, by force if necessary. I see zombie nodes on the internet the same way.

Re:There is a solution

[moxruby]

Sounds like a "preemptive strike", shouldn't have trouble getting that one through congress ;-)

Re:There is a solution

[jonnystiph]

I want legislation to make it legal and justified. I see it as self defense

Yes and no. It wouldn't work. You are giving way too much power to a group that already has too much power. The good effects would be far out wieghed by the negative. Soon after something like this was passed it would be seen as an intrusion of electronic rights, which to some degree it would be. Good on paper, bad in practice. Oh hum, back to the drawing board.

Re:There is a solution

[Caraig]

Reaching out and clobbering computers is exactly the same thing that the RIAA wants the legal power to do.

The only real solution is an ISP-side one. The ISP says, 'If your computer is spewing out malware broadcasts, we have the obligation to kick you off the internet and then help you clean up your computer. If something happens, contact our customer care department or go to the other ISP down the street.' Yes, it inconveniences users but I'd rather see some users inconvenienced than Big Government give legal power to ANYONE to clobber a node without recourse.

Re:There is a solution

[ajna]

You are giving way too much power to a group that already has too much power.

And which group is this? Computer nerds with too much time on their hands? (Not that that's a bad thing... ) Your "rebuttal" looks good on paper, but I think it might be bad in practice.

Re:There is a solution

[Alien+Being]

It seems to me that the broadband providers should be doing *something* to deal with this problem. I don't have any files called default.ida and I never will, but day after day, year after year my neighbors keep asking me for it. I've been very tempted to return fire, but really I should just set up a cronjob to email parts of my logfiles to abuse@comcast.net.

Re:There is a solution

[3)+profit!!!]

Unfortunately, you aren't the police.

Re:There is a solution

[platipusrc]

Well, you could make yourself a file called default.ida that does some fun things maybe?

Re:There is a solution

[jonnystiph]

And which group is this? Computer nerds with too much time on their hands?

Actually I was refering to the "Gubment". The idea that we can "knock" someone off line under the context they are spewing out "garbage", leaves a lot of open doors. Whatever we can do, the folks making the rules can do ten fold. That may be pushing along laws that we are not going to be fond of in the end. Perhaps I should have been more clear.

Re:There is a solution

[ChaoticLimbs]

Freedom of Association Act for Computing Devices

Computers, like their human masters, have a right to determine who (or what) they will connect to, establish communications with, and direct packets for.
The inundation to the internet and World Wide Web of infected and compromised machines forces machines to perform operations at odds with the equipment owners' will.

Therefore, it is proposed that subnets have the ability and the obligation to other community members to detect and destroy packets which match patterns corresponding to well-known characteristics of infected and compromised machines.
No-one, not even a computer, should have to communicate with someone who's got a nasty virus.

Re:There is a solution

[Jah-Wren+Ryel]

Reaching out and clobbering computers is exactly the same thing that the RIAA wants the legal power to do.

I say bring it on! The RIAA doesn't stand a chance against the combined creativity, greed and showmanship of a million teenage boys. The only places they hold the upper hand are in Congress and the courts -- if they want to venture beyond their stronghold, they won't last long.

Plus, it will have the beneficial effect of accelerating "our" (the entire internet community not just the RIAA-vs-P2P camps) general knowledge of network based attack and defense strategems, which can only lead to stronger security for everyone in the long run. Think of it as wargames in preparation for a real internet "cyber"-war.

Re:There is a solution

[CAIMLAS]

ISPs don't want to have anything to do with users and their infection problems. They have a hard enough time preventing the stuff from propigating: beyond that, they don't give a fuck. It's too much of a financial investment to take care of people that should either be able to take care of themselves or not be using computers.

Re:Blaming the user

There is a limit to that I think. Think of it in terms of cars. Imagine buying a car from a major car manufacturer only to find out that every month you'll need to bring it in to the shop and have a few problems with it fixed. While they don't charge you to fix the car, it sure gets annoying and makes you wonder about the overall quality of their products. What's worse is when one of these problems appears before there is a fix and causes you to have a wreck and die, hurt someone else, etc.

Anyway that analogy can go on forever, but you should be able to see the point. MS has a responsibility to put out reliable, secure software just as much as Ford, Mazda, whatever has to put out safe, reliable vehicles. The patch-as-you-go thing doesn't cut it, and it's made obvious by things like this botnet problem.

Re:Blaming the user

[rainman_bc]

Isn't that like saying we should blame the dumb shit who doesn't install an anti-theft device in his/her car? Or the auto makers for not making it standard?

A thief is a thief. An extortionist is an extortionist. A duck is a duck.

A comedy in One Part.

[YankeeInExile]

Scene: A Courtroom

Bailiff The first court of Onlineia is now in session, Honorable Judge Foo presiding. Judge I have read your complaint. Let's hear from the plaintiff. Plaintiff Thank you, your honor. In our case, we intend to prove that the defendant, in violation of our terms of service, removed the viruses we had gone through great trouble to install and operate on a network of computers, leading to considerable monetary damages in the sum of $1.2 million Judge You may call your first witness Plaintiff Thank you, your honor. We call J. Random Hacker

Bailiff swears in J.R.H.

Plaintiff Mister Hacker. Did you, on 21 May 2004 rent for exclusive use, twenty-four hours of access to our BotNet DeLuxe service? JRH I did Plaintiff And what was your intention when you rented use of the cluster? JRH Well, at first I just wanted to set up a program to repeatedly check the home page on slasdot, trying to get first post Plaintiff And how did you go about that? JRH Well, I wrote this monster of a VB Program, but it was really buggy and I could not get it to work, so I decided to switch to Ruby Plaintiff And what happened next? JRH Well, I chose to install Geekdist Linux 12.11 because it came with the toolchain I was accustomed to Plaintiff But, did you not agree, when you rented this exclusive access not to damage our network in any way? JRH I guess so ... Plaintiff And would you not consider removing our access to these machines a form of damage? JRH No, sir, I do not. I consider the machines upgraded Plaintiff No further questions.

... write your own ending.

I think a good path for D. to take would be to show that P. does not have standing to bring the case in the first place, but that probably would have come up in pretrial motions... I have to go work

... the dark side of distributed computing :-)

[JMZorko]

I find this fascinating. Programs like SETI@home use the CPU of millions of distributed nodes to crunch SETI data -- a far more scalable solution to computing problems like this than running a big machine / cluster of your own. This article describes the same thing, except on the opposite side of the line -- millions (potentially?) of distrbuted nodes being used to do the will of spammers / virus writers / etc., a far more scalable solution than running your own spamming system.

Really, I do find this fascinating, albeit in an underhanded way.

Regards,

John

question

[moviepig.com]

So there's a new micro-ecology of predators (spammers) and prey (vulnerable machines).

Presumably the exploitation of these victim-lists will proliferate with all the automated efficiency that is the spammer's hallmark. At its logical extreme, there'll soon be multiple spammers descending simultaneously en masse onto each listed victim, which one way or another results in the victim being shut down (presumably).

So, might the predators eat themselves out of existence?

(I know. I've been watching too much sci-fi.)

Re:question

[Leonig+Mig]

logically - wouldn't that mean one uber-spammer would rule the entire network?

Re:question

[Xeger]

An interesting idea.

If we take our cues from nature, I would expect that long before the predators exhaust their supply of prey, they will turn on each other. Each predator's worms/virii/malware will begin to not only infect machines, but destroy competitors' malware that has already infected the machine.

In fact, come to think of it, the most effective way to own a box is to infect it, destroy any competing malware, and then patch the exploit that allowed you to infect it in the first place! We may begin to see host-healing worms that do just this. (Without the ability to kill off competing infections, however, this practice is only marginally useful.)

Re:question

[Have+Blue]

I hope instead that we see something like a better-coded variant of Welchia, which infect, patch, spread, and then delete itself or go dormant.

Re:question

[tunabomber]

This thread is getting really bizarre. This "host-healing worm" you describe reminds me of that episode of Futurama where Fry gets infected with space worms that turn his body into their palace and treat it as such, giving him superhuman healing abilities, as well as increasing his intelligence and muscle build.
This begs the question: will viruses ever stop being viruses and start being symbiotic entities that live in our computers similar to the e. coli bacteria in our intestines (which we need to digest food properly)?
Someone earlier mentioned that there are few viruses out there that reformat hard disks, because doing so puts people on guard, preventing future infections. And someone else mentioned that he knows someone whose hard drive is full of strange executables that are undoubtedly of malicious origin, but the person doesn't care as long as the computer still runs the same.
Following these trends to their head, I believe the "virus" (if you want to call it that) of the future will be something that infects a machine, and then does everything it can that is invisible to the user to improve the state of the computer: it would run windows update periodically to defend against other worms, perform hard disk defrags and other performance optimizations to give it more computing resources to work with, all the while giving the user's packets and tasks a higher priority so as to not set off any alarms. This is the type of worm that would "earn" its place on the computer by being so inocuous that the user wouldn't even have to worry that it's there.

Viruses have already evolved to parasites, and soon they will be symbiotes.

Re:question

"Viruses have already evolved to parasites, and soon they will be symbiotes."

uhhh? You surely don't want to live in symbiose with the russian mafia.

Re:question

[heironymouscoward]

I've been writing about this in my journal for ages. Well, since last year at least.

Re:question

[arantius]

Did you read the parent post? Have you ever tried to teach your mom why it's important she patches her computer? Have you ever spoken with another human being?

Keeping a computer secure against (other) intrusions is a service for 99.999% of computer users that they ARE (sadly) unable to perform themselves.

Re:Beyatches of the web

[Sponge+Bath]

"me so infected, me serve you long time..."

Re:Blaming the user

[Draknor]

No, its more like blaming the dumb shit who leaves his doors unlocked and his windows open (pun not intended, but apt!), and then leaves the car sitting in a questionable neighborhood.

Installing anti-virus & firewall software are basic computer security measures, like closing the windows & locking your doors. Neither are foolproof, but both are simply a matter of training the user. Unfortunately, its been my experience that installing anti-virus & firewall software tends to be a much more painful process.

And of course - downloading updates would be analogous to putting fuel in the car: it is basic maintenance that needs to be done relatively frequently.

Taking responsibility

Tracing controllers of a botnet is next to impossible ... and everyone says that the people running the trojans are innocent victims. Well, this is going to carry on until the 'victims' are punished for their BLATANT NEGLIGENCE. They CHOOSE to run M$ software, and Outlook ... therefore they CHOOSE to run the risk of viruses. I say we start cutting them off their ISPs, maybe even prosecuting a few to make an example of them ... windoze lusers will start paying attention to their security *then*, and botnets will die.

WTF, you call this "news"?

You've NEVER used EFNET, have you?

This shit has been happening for years, virtually unchanged. The only difference is that now it's slightly more automated than it used to be, slightly more publically visible, and slightly more capitalist in nature. But what this article is describing was totally standard for the botnet wars in 1997, just then it was Wingates and "shells" instead of worm infections and "Zombies".

(Posted AC because I'm paranoid.)

Re:WTF, you call this "news"?

[ryanvm]

(Posted AC because I'm paranoid.)

You shouldn't be, lots of people use EFNET.

Re:WTF, you call this "news"?

[metamatic]

Presumably because they're unaware that it's a network where some of the servers are run by crooks.

Either that or they don't care...

I'm selling mine

[dragin33]

... for $12/h. Who wants it?

the only answer

[pizza_milkshake]

the only real answer would be to write a worm to wiggle its way onto exploitable machines, patch known holes, i.e. turning off most services, setting common application settings to common-sense ones and then delete itself.

unfortunately, this would be illegal. however, that won't stop anyone; what's stopping people from doing this is that to someone who could do it it's a waste of resources. if you have all those machines out there you can get your hands on, why not use them for your own nefarious purposes, since the people who own them neither have the common sense nor the ability to control their own machines.

Re:the only answer

[Satan's+Librarian]

Eh? And what happens when you need to fix next week's patch after already releasing last week's worm? Are you going to flood the net with crap for each Microsoft update? Leave a 'back door' in your worm that no bad guys will find? It wouldn't work in the long run (and I'm being generous and allowing that there's a small chance in hell it might work short-term to patch a few current holes), and it'd be at least as annoying as the previous viruses. We already have NetSky et. all and a worm war - and I haven't noticed it helping the situation much. The idea is old (late 80's, google for DenZuk), and it failed then too.

Once you release a self-replicating entity, you loose control! This is a recurring theme in biological viruses, computer viruses, computer worms, the grey goo, etc. If you wrote a 'nice' worm, maybe you could keep a bit of temporary control by having a callback - until you DOS'd yourself if it spread well or someone else took over your machine or shut it down because either they want to own the worm and rent out infected machines or they just got sick of your worm running around and wasting their bandwidth.

That said, it might be interesting to make something more akin to a venus flytrap rather than just a honeypot.... If it got pinged by a known worm, it could respond automatically by rooting the box, removing the worm(s), and patching it. It'd still be illegal in most countries (unauthorized access / modifications), but at least the control would be centralized and the ethics thereof could be intelligently argued.

Of course, with anything like that, you're still going to trash *someone's* machine eventually. That said, I am very concerned about the current state of the worm business. It's only a matter of time until people start tracking *what* they actually get into rather than using these shotgun methods for peanut-level monetary gains renting zombie-net's out for spamming.

Re:the only answer

[ameoba]

If you're going to do something illegal, go whole hog & just nuke infected machines. Not only would it be less work, but it would also teach people to do their own damned updating.

Re:the only answer

[drinkypoo]

You could just write a worm which did windows updates, and solve the problem nicely. Assuming you can come up with a way to download the updates in a resumable fashion, people won't even notice because you can snag any bandwidth they're not using. Then, keep track of their usage statistics, and do the updates when the system tends to be idle. Alternately, you can do updates in the background (hide them somehow - on XP, perhaps you could run them in another user session) and then when they are done, execute an orderly restart. This will give the user the idea that there is something wrong with their PC, which there is - it will be out of their control.

Meanwhile, virus programs which detect it will be forced to say "this worm does not intentionally damage your system, but instead does its best to keep you updated" in their description - except of course, they'll make it sound more malicious. Either way it will help keep the internet secure, and raise virus awareness.

Re:the only answer

[Sanchez+The+Outlaw]

It's been done to some extent with the Welchi worm that fixed the hole exploited by Blaster. But ultimately the responsibility is on the OS producer to prevent / patch vulnerabilities and on the user to keep up to date with the patches and use a computer safely.

In principle the idea of a "good" virus seems like a good idea. But in addition to opening up a can of worms on legal and ethical issues I can't see a "catch all" solution being feasible. Though perhaps others might follow the lead of Welchi and release solutions to individual worms and viri on a case by case basis.

Re:the only answer

[brucmack]

I guarantee you this would cause more problems than the viruses do for most business machines. Most businesses run programs that require some services be turned on that might not be considered normal. When you release that worm that helpfully resets service settings on all the machines, suddenly an IT manager has a shitload of users complaining that their critical apps don't work anymore.

Not only that, but it's not as simple as "infect, repair, delete oneself", because it has to stick around long enough to infect other machines. That'll certainly help to clog up networks.

Re:the only answer

[pe1chl]

It does not need to be a worm, it can be a central system that patches systems as it likes and does not propagate.

In fact it could be run by an ISP on its own address ranges. The legal base for it could be in the terms of use.

Re:the only answer

[Tim+C]

It would be illegal, immoral (unauthorised use of my computer is unauthorised use, whether for good or ill*) and most likely cause more problems than it solves. Most of the problems with most worms revolve around bandwidth usage - they hammer the networks as they propagate and search for hosts. A "good" worm would be no different.

As others have pointed out, it would also be essentially useless - so you release a patching worm today, and tomorrow, a new vulnerability is discovered. What now? Another worm? Update the current one? Neither is a very attractive solution.

* Yes, machines should be patched, and those that aren't represent a danger to the network, but two wrongs do not make a right.

Re:Blaming the user

[YrWrstNtmr]

Me leaving my car door unlocked is not an invitation or implicit permission for you to help yourself to the stereo.

Dumb, maybe, but you are still on the wrong side of the law when you take it.

This is the royal you, of course.

Re:Blaming the user

[Geek+of+Tech]

A person doesn't leave their guns in the open. They keep them secure, behind locks. And probably hidden. Kinda like computers. A computer can be a tool, but on the net it can also be a weapon. If you're going to play with it, you have to be responsible enough to keep it protected.

Re:Blaming the user

[walt-sjc]

While I would have agreed with you a few years ago, the problems are so frequent and the mass userbase so non-technical, that blaming the user just doesn't cut it. Many users DO update their software / AV yet still get hit. At some point the manufacturers of software need to take more responsability. Someone can take home a brand new Dell, plug it in, connect to the internet, and before the first patch gets downloaded end up with a worm. It's fast, damn fast. If you're going to make grandma or little Johnny your target market, then you damn well better make sure that the product is shipped secure to begin with, and maintains itself.

Re:Blaming the user

[BarryJacobsen]

A duck is a duck.

Or is it?

Here at Miami University (in Oxford, Ohio)...

[ToadMan8]

We have a bot network problem like everyone else... these things riding in on the coat-tails of the M$ft vulnerabilities has given us the 'ol one-two punch.

We estimate anywhere between 400 and 1500 of the ~10,000 on campus (student resedential) machines have some sort of back door installed.

We have blocked any incoming traffic to any dorm machine (regrefully) so they can't be controlled from outside because we mostly are tired of getting blacklisted for DoSing people or for spamming.

The saving grace has been TippingPoint, a network traffic analysis tool that sits behind the backbone routers and adds a latency-free checkpoint dropping traffic related to the M$ft security exploits. And when they get Blaster, Bagle, Nachi, etc etc etc they get automatically disabled by the routers and we (IT Services Support on campus) either fix their issues for them or they have to fix them themselves. When fixed they are automatically re-enabled.

Re:Here at Miami University (in Oxford, Ohio)...

[davisk]

Blocking incoming connections won't help terribly much when the backdoor is a bot that connects to an irc channel and receives its commands from there.

Re:Here at Miami University (in Oxford, Ohio)...

[drsmithy]

We estimate anywhere between 400 and 1500 of the ~10,000 on campus (student resedential) machines have some sort of back door installed.

Here's a solution. Enact a policy that allows you to block all traffic to *and from* any machine you detect to be infected until that machine has been fixed. Block it at the router nearest them, and only allow traffic to and from your local mirror that has all necessary fixes on it.

Believe me, people will get their machines fixed pretty quick smart when they can't get at their IM, porn, warez and mp3s until they do.

Re:Here at Miami University (in Oxford, Ohio)...

[ToadMan8]

Dude... I'm a Junior business major living on campus at MU and I work part time for IT Services.

Why don't you constructively say "You know, that TippingPoint: seems to me like it's a PC they put in a rack mountable case running BSD with GPLed programs they are violating the license of." And then give some backup behind your claim. Instead you choose to attack me incorrectly, and never got marked above a 0.

Notice I refuted your claim and didn't attack, for example, your shitty spelling ability.

Re:Blaming the user

[Artifakt]

Blaming the user is the least productive approach.
For the sake of arguement, let's say currently a full 90% of users are totally clueless, and it is somehow possible to wave a magic wand and make 90% clueful, leaving only 10% of them blameworthy.
What happens?
DDoS type attacks can't find nearly as many machines to work from. So the writers use a trojan, and have to increase the delay between propagation and activation. Because infection is typically a non-linear process, often approaching a square or logarythmic function for some parts of the process, the delay has to be increased from, say, a week to two weeks. Meanwhile, the patch for the trojan takes its usual month to develop, and the social structures that be are reluctant to tell even the clueful about a threat that is still unpatched as yet.
So long as the Trojan writer has abundant extra time to maneuver within, 'he' isn't strongly affected by the improvement in user cluefulness. Yes, it creates some extra stumbling blocks, such as a better chance of the Trojan being detected earlier in the process, but professional Trojan writers have shown serious ability to work around these obstacles.
In addition, although its an unrelated point to yours, these particular attacks are also supposed to be related to blackmail. Successful blackmail doesn't require a real threat, but merely one the victim believes is real.

Technical Difficulties Hijacking Botnets

[billstewart]

Scanning for compromised nodes is an aggressive and dangerous activity. But the compromised nodes you care about are already scanning you (like Soviet Russians) so you're safer just scanning the machines that contact you with spam or viruses. It's still Not Recommended, and it's somewhat susceptible to Joe Jobs if not done carefully, but there are days that it's got some appeal. Mostly you ought to feed the results to blacklists.

Some of the viruses leave easy-to-locate proxies or back doors, which let anybody just take over the infected machine. But others, perhaps most, use some sort of password protection or polymorphism to hide their activities, so you can't just hand them a better payload to work with, like LILO or FORMAT C: or ROUTE -F. They may still leave the original Windows weakness unpatched, or they may close it, though appallingly many of the weaknesses are located between the keyboard and the chair - mail the user another picture of dancing penguins and you can install whatever you want. (Doobie doobie doo...)

Careful with that Vax, Eugene....

[billstewart]

(Yes, it's OT, I'm commenting about the Signature...)

The alternative reference is something about "Restaurant at the End of the Unibus"

Re:Don't laugh: symptom of big problem with Mac

[Halfbaked+Plan]

The code word is 'grow up.'

The whole culture that emerged was:

"We have cruddy Macs at school until we get into Junior High. Then we get to use the PCs. And the lucky among us will have parents who buy a Family PC. And all the games we like are made only for the PC.'

My experience

[Rich+Klein]

I bought my laptop used. It had "property of Rent-A-PC" stickers on it, and my first night with it was spent eradicating a multitude of virii. I bet a lot of people who buy used PCs don't think of checking them for mal-ware right off the bat.

Re:My experience

[Flyboy+Connor]

Even worse, my dad bought a brand-new PC, and when I set it up for him I checked it immediately, finding malware on it.

Re:My experience

[Rich+Klein]

Because it had Win2000 installed on it. I don't have a Win2000 install disk, and I wanted to try out that version of Windows.

Re:My experience

[Rich+Klein]

Well, I wouldn't have expected *that*!

Re:My experience

[Hinkey]

most smart people re-format PC's they buy if there new or used to totally avoid the problem... there are places out there im sure that sell computers with backdoors enabled for the retailer to use(for good, like updates and for evil, like spam, etc.) plus who knows what kind of other crap they install.

Re:Blaming the user

[ameoba]

The difference is, of course, that it's far more difficult for a small handful of people to steal thousands of cars in a night and then use them to stop a legitimate business from operating.

Re:Blaming the user

[Mycroft_VIII]

Exactly, withing minutes of finishing my first install of XP pro (SP1) (finishing NOT starting), I connect to net intent on A) making shure it's connecting properly and all settings are correct. And B) donwloading the necessary patches, never made it to the windows update page as winxp's firewall isn't on by default and blaster had my system nearly unusable on the net by the time I'd logged in and verified I could get e-mail.(this with a connection that rarely reaches 28.8)
Fourtunately getting the firewall on slowed it down enough to get the patch and clean the system.
This was the third virus I've gotten, the other I got at the same time off of a 5.25" floppy (that long ago, MSdos was still on the 3.x version.)
As far as I'm concerned that is a recall level problem, if a car or tv was that faulty out of the box a recall would almost be certain.
How is it we tolerate this out of 'comercial' software? And accept we'll have to patch most out of the box to get them to work. It's one thing if something doesn't work perfectly with some obscure hardware (though the o.s. and drivers are what's broken in this case). But to be almost unuseable is not acceptable.
Would you buy a car that if the radio was turned on at the wrong point during some songs it blew a fuse and caused the controll module to think it was pumping to much gas to the injectors?
Would you buy a tv that couldn't get the odd numbered channels after watching a channel above 9 unless you powered it off then on with the remote only?
And before anyone starts in on how computers are so much more complex than the above, or how impossible it is to test against everything, etc. I would like to point out that cars and tv's and so on have gotten VERY complex (just look into some of what the ecm module in a new car does)
And simply making shure your code can handle, in a gracefull way, any inputs,exceptions, or other out of bounds conditions it may have to deal with, and that is possible. Some languages make it hard not to and still 'comercial' programs written in these languages still crap out for things they should have been able to deal with, or at least recover from.

Mycroft

Re:Blaming the user

[myov]

One thing that bugs me about Dell (at least their consumer stuff) is that they ship a 90-day trial version of McAfee. So, the user thinks that their machine is protected, and doesn't update when it expires.

Also, one reason why I won't ever use McAfee is that they want your email address or you don't get the auto-updates.

Either ship a full AV which updates by itself without the user's interaction, or don't fool the user into thinking they're protected.

Quarantine

[hardcode57]

Most countries have some sort of legally enforceable quarantine and notifiable disease regulations relating to human health. Nations need to give serious thought to instituting corresponding legally binding provisions on externally linked computer systems.

If companies and individuals were taken offline and/or fined for infecting others, we could expect that more trouble would be taken to put in place appropriate precautions.

Everyone knows that there is a problem, so no-one can claim innocence. Letting your system become infected and infect others is to be complicit with the virus writers, and you deserve to be treated as a criminal not a victim.

How to (not) fix this problem

[teamhasnoi]

Either we need for users to be forced into securing their boxes (which can't happen) or someone needs to write a bot/virus/trojan that downloads and shares 'illegal' software, music, and movies.

At this point, mandatory DRM will be lobbyslated by our congresswhores or the RIAA/MPAA/BSA will be made powerless, as everyone with a pOwnzored box is currently not held responsible for computer maintenance - lawsuits would come to a head, and the wrong person will finally be sued, who will take them on. Either way, I think I have (not) made my point.

Re:How to (not) fix this problem

[CaptainTux]

Either we need for users to be forced into securing their boxes (which can't happen) or someone needs to write a bot/virus/trojan that downloads and shares 'illegal' software, music, and movies

I love this stream of though: either we ethically force users to secure their box and do the right thing or we break the law and get them in trouble. Certainly, you're not *that* amoral right?

Actually, we *can* force users to patch their boxes. ISP's own their network. If the ISP classifies systems that are not cleaned after the first warning as a misuse of their resources then they could legally ban those users from the network and deny them service until they clean up.

No need to be unethical or break the law.

Re:Blaming the user

[ticktockticktock]

What is also sad is that some home routers are also setup terribly by default. Such as one from SMC that had remote administration enabled by default! So much for "putting your machine behind a NAT router to keep it secure" when it defaults with a gaping security hole that if most users don't specifically do something about this, they could still end up being compromised behind their router due to it allowing anyone to remotely login and change its settings. Using that gaping hole, an attacker could and still attack computers behind the very thing they thought was protecting them.

What about stolen CC's?

[Glamdrlng]

Don't know about the status quo, but I remember a year or 3 ago stolen credit card numbers factored into this trade as well. Makes the paper trail pretty otugh to follow...

Taking responsibility not possible for most

[CustomDesigned]

Most Windows users are not capable of taking responsibility. They are simply too ignorant. Even if Windows shipped with zero security holes, when an email arrives saying "save this attachment to a file, then double click for a surprise", they will follow the instructions. When the email says "go to this web site and enter all your banking details", they will follow the instructions.

I hate to say it, but the only solution for Windows users is Paladium. Yes, Paladium prevents users from running the software of their choice and effectively puts their machine under the control of Microsoft. But their stupid choices are the problem! Besides, if they really wanted choice, they wouldn't be running Windows.

Paladium doesn't fix the system security holes, but it does fix the biggest security hole on most Windows machines - the user. It could be good for the net - provided that responsible users aren't forced to use it. At present, the test is easy. Windows users need Paladium. Others don't. (Yes, I know there are competent Windows users out there - but I've never met one.)

Re:Taking responsibility not possible for most

[anarxia]

Paladium doesn't fix anything. What if I send out an email saying:

A virus has been detected. Please delete all files in the Documents directory.

Ignorant users will still get s****. Nothing replaces proper user training.

Re:Taking responsibility not possible for most

[CustomDesigned]

A very good point. As a matter of fact, we have had 2 or 3 rounds of exactly what you describe. They get an email which says something to the effect of, "A horrible virus has been infecting PCs!!! Delete XXXXX.DLL from your Windows directory immediately!!! Send this email to all your friends!!!". And they will dutifully follow the instructions. After all, it did come from someone they knew, right? I guess this would be classified as a "hoax".

The point is, Linux will not help these people. I am perfectly happy to let Microsoft take care of them. If only they did! Unfortunately, Microsoft support is worthless. I and my coworkers end up helping them - without getting paid since we supposedly don't support Windows. ("It couldn't be a Windows problem - Windows is what everyone uses.")

They're right, Windows is usually not the problem. But you can't tell the customer to their face what the real problem is. We carefully set them up with Linux firewalls, filtered web proxy, and filtered email. So they hook up a phone line to a modem card and download a virus that way, which quickly spreads to all the PCs over the LAN. Or else a salesman who picked up a boatload of viruses on the road with his Windows laptop comes in and connects his laptop to the LAN without telling anyone.

Sorry for the rant, but I am sick of Windows users. They need either Linux thin clients or Paladium to limit the damage they can do to deleting their own documents. They won't even consider a Linux thin client - it is not "standard" like Windows. But they would be perfectly happy to fork over yet more dough to M$ for Paladium.

Something has to be done...

[The+Master+Control+P]

When I play BZflag, if you do certain activities too often (teamkilling, usually) the server will usually automatically kick you.

If your computer is infected with malware (spamware, adware, spyware, trojans, viruses, etc), it will constantly be generating large amounts of traffic on seemingly random ports. Your ISP will kick you for being a danger to the rest of the Internet. If you attempt to reconnect without cleaning your computer, you will be kicked again.

Re:Blaming the user

[Laebshade]

downloading updates would be analogous to putting fuel in the car: it is basic maintenance that needs to be done relatively frequently.

Downloading updates would be analogous to changing the oil in the car; it is something that is needed frequently. If it isn't done frequently, it's going to run worse and worse until it eventually dies.

Most users care about their computers but are too stupid and lazy to do anything about it. That is why when a TSR (technical support representative) -- like yours truly -- gets the definitive short-end of the stick nearly every time: an incompentent user who has a slew of malware on his/her computer complaining that our Internet is slow. if that isn't the case, they claim their computer is slow because of our Internet.

Wow, take a step back and look at that. They're saying because we provide them with the Internet services, we're responsible for their down-trodden computer. That's (somewhat) analogous to say that because I was driving my car on your road, and I wrecked my car, it's your fault!

Unfortunately, its been my experience that installing anti-virus & firewall software tends to be a much more painful process.

It usually isn't installing the anti-virus/firewall/malware software that tends to be the problem, it's the fact that the user has no knowledge of how they work, how to update them, and use them properly. Most users using ZoneAlarm, for example, complain after it's been installed because they can't get on the Internet. Never mind the huge popup box in the system tray asking them if they would like to authorize x program to access the Internet and even a checkbox to make sure it's never asked again.

I received several calls today concerning "my Internet isn't working" and "my computer is slow". Normally people don't have the audicity to ask number #2 alone, but #1 and #2 usually go hand-in-hand. At least 3 calls today ended with me telling them I could not help them and they needed a PC technician.

Re:Blaming the user

[oneishy]

Hey... I'm the Mr dumb shit you spoke of. As I type, my car is sitting out in front of my townhouse (in a somewhat questionable neighborhood) with the windows down.

In doing so, am I doing anything illegal? NO. Stupid? thats arguable, as there are many good points on both sides.

If my car gets stolen, or if someone elses uses it while the windows are down; who bears the blame? I would say the theif does, not the owner.

And before you look up where I live... it's not worth stealing ;-)

It's happening. Parent deserves better than 0.

[Beryllium+Sphere(tm)]

It is already starting to happen at least in the worm type viri. Some of the ones I have seen DELETE other random variants. Some even plug the hole the other variant got in through. There are tons of 'tag' messages in them. Which basicly amount to 'you suck my variant is better'.

However if these 'networks' are really for rent. It wouldnt take much detective work to rent one of these networks and follow the money. This type of action would probably be jailable in a few states in the US. This would almost be an EASY collar. If I was a cop I would be drooooooling for an easy case like that...

Then what if one of your 'competors' rented your network and the PATCHED all of your zombies. Or 'stole' them? This should be innnnnteresting to watch...

If you've been following the malware watch bulletins, you've already seen the beginning of the disable-other-malware tactic.

We already do this...

[sailor420]

Being on a university network does have its priveleges--we can do what we want with it. The network does just that, it blocks off all access to any machine spewing traffic of the virus or malware sort (but mostly virus). The user gets a phone call from the ATN department saying what happened and telling them to bring their machine in to be cleaned. They bring it in, it gets cleaned, and they are allowed back on. It works pretty well, and manages to keep viruses from propagating to badly on the network.

Fortunately, other than this, the University is also pretty hands off in terms of what you do with the network. Dont cause them any trouble, and they wont cause you any.

Re:Blaming the user

[Draknor]

There's a lot of very good comments in this thread!

And as for you being a dumb shit - I was just mimicking the parent post. In your case, if your car gets stolen, whose fault is it? I agree - it's the thief's fault. However, that doesn't mean it isn't in your best interest to take basic precautions to protect your property. If you make your car accessible to thieves, and your car gets stolen, the thief is to blame but YOU are the one who may be greatly inconvenienced by the loss of your car. Which parallels what others have said in this thread - so many people complain about their computers or the internet being slow, when they don't take basic precautions to prevent their computer from being infected with viruses & worms. The worm-writers are still at fault, but its the users who are greatly inconvenienced.

Of course, I also agree that Microsoft and the OEMs like Dell are at least partially to blame by not making Windows more secure by default for non-technical users.

Re:Blaming the user

[Draknor]

Downloading updates would be analogous to changing the oil in the car; it is something that is needed frequently. If it isn't done frequently, it's going to run worse and worse until it eventually dies.

I agree completely, but I didn't want to use that analogy because if you only download updates every 3 months, you're almost guaranteed to be screwed by some new virus, worm, or security hole (assuming you are running a Windows box)! I figure people fuel up their cars much more frequently, and hence gave a better sense of timing :)

And I have to admit - I admire the TSRs (at least the few intelligent ones that I've spoken with on the rare occasion when I have to call a support line). How you put up with the shit you must take I will never know! I couldn't do it - I'm happy to help out a few people, friends & family, etc, but to do it for dozens or hundreds of people a day, over the phone, people who are completely clueless - I would flip out! Props to you!

Re:Blaming the user

[saunabad]

One of the problems is the price. Non-technical people tend to always buy the cheapest. It seems to be very difficult to persuade them to buy a computer with antivirus tools if it costs even a little bit more. And it seems to be impossible to make them buy macs, because they don't won't to pay the price difference. After a while, their brand new Windows-pc:s are back in the shop for a "repair" for weeks.

In their shoes I'd pay few hundred euros more for a computer that would'nt fuck it up all the time and make me mad.

I run a British email server

[CdBee]

I'm the helpdesk for a medium-sized enterprise and I look after the MIMEsweeper and Exchange boxes

Since about 3 months ago we have been receiving an infected email approximately every other second, mainly during office hours

It's mainly Netsky, or similar and the balance of versions is leaning heavily toward the new 69 and 70kb versions, meaning a lot of people are getting "upgraded" to the latest release. The timing suggests it's mainly office PCs
We're frantically telling all our group companies and contractors to virus-check, and calling-in our laptops, but it is still flooding in.

I'm starting to make a case for using Linux on every PC that doesn't require a Win32 application, as all the usual hassles of managing a linux roll-out pale into insignificance compared to the virus danger our systems are currently under.

Re:I run a British email server

[pe1chl]

We block all executable attachments, zip (etc) attachments containing executables, and password-protected zips.
Additionally we check for known viruses.

No virus has made it past that check yet, even when the "known virus" check did not yet identify it.
(re-scanning the captured mail a day later would identify a new version of one of the wellknown viruses)

Unfortunately, they don't give away business

[Kjella]

The only real solution is an ISP-side one. The ISP says, 'If your computer is spewing out malware broadcasts, we have the obligation to kick you off the internet and then help you clean up your computer. If something happens, contact our customer care department or go to the other ISP down the street.'

Now if they would be able to say "or go to the other ISP down the street, but they'll tell you the same thing" then it could help.

To be honest, I think it's way past that. Almost every computer has some kind of spyware installed now. Every friend I recommend running ad-aware or similar finds crap, and I'm sure they'll be so foolish as to install it again. These are supposed to be computer-savvy people, I dread to think what the normal mom&pop machine looks like.

Kjella

haha

[agentforsythe]

no really... what on earth are you talking about?

Re:haha

[reub2000]

He's stereo typing the brits as having being technolgicly impaired. Duh!

There has been...

[Kjella]

...at least two cases that I'm aware of, where people have successfully claimed that their machine was hacked.

I'm sure there's some ugly numbers on both false positives and false negatives out there I'd really don't want to know.

Kjella

After Klez, I took PC security *very* seriously!

[iamcf13]

About two years ago I download a shareware program from a particular website.

After that, my PC acted sluggishly after I installed the program and whenever I when online.

I finally found out my PC had picked up the Klez virus and that a bunch of .exe files were infected with it.

After this incident, after disinfecting my PC, I took PC security very seriously!

I found the URLs below very helpful to keep my PC free of all malware:

The 'Home User Self Defense Guides' at http://www.uksecurityonline.com
(Thanks to spammers/crackers/blackhats, you have get a free account with a valid email address in order to access the Guides.)

AVG antivirus by Grisoft.
Sysclean by Trend Micro
Outpost Firewall by Agnitum.

My program CF13 keeps malware out of my PC by treating all email file attachments as 'text files'. This renders any malware in them inert and also makes it safe to scan said files for malware or otherwise handle them--even delete them.

The only way the botnets will continue to survive is through user inertia/apathy or, worse yet, trusted firewall/antivirus programs become silently compromised and used widely.

Re:Blaming the user

[Tim+C]

Yeah, they're dumb, but they're perfectly within their rights to do that if they choose. Stealing/trashing the car is a crime, no matter where you park it or what state you leave it in (ie locked, unlocked, doors open, etc)

Computer users need to take more care, but the bad guys also need to be stopped.

Re:Blaming the user

[wfberg]

Exactly, withing minutes of finishing my first install of XP pro (SP1) (finishing NOT starting), I connect to net intent on A) making shure it's connecting properly and all settings are correct. And B) donwloading the necessary patches, never made it to the windows update page as winxp's firewall isn't on by default and blaster had my system nearly unusable on the net by the time I'd logged in and verified I could get e-mail.(this with a connection that rarely reaches 28.8)

You can enable the built-in firewall during setup, before windows boots up for the first time. Do make sure to unplug your broadband connection during the first couple of boots, as the firewall isn't instantly active when tcp/ip is started and you'll be exposed to the outside during windows starting up.

So, it IS possible to install a windows machine and not get hit by worms, just very hard. By design(!).

Re:Blaming the user

[Laebshade]

Well yes, one shouldn't take analogies very seriously and treat them loosely, otherwise they fall apart :). It is definitely difficult, but there are bonuses to it. For one, I have access to a T1 line where I can surf/work on my website in between calls. It's a very laid back atmosphere too.

As far as the anlogy goes, changing your oil every 3 months isn't necessary; it depends on how much you use it. the rule of thumb is every 3000 miles (or 3 months if you don't put that much).

But the analogy can't be taken that far simply because most people leave their computers on when they're not using them. That would be like running a vehicle for a whole month straight!

A lot of breathing exercises go into dealing with customers, and a lot of it is just telling them how it is, telling them flat out, "look, it's a PC issue, we can't fix it and it isn't even our problem". People need to start buying those extended warranties or better yet get some computer education.

Punish the victom?

[DeanFox]

I keep seeing posts about punishing the victom. Isn't that a little like slashing up a pretty girls face because she got raped?

To take it further, ya maybe it wasn't too bright for her to walk down that dark alley but she's still a victom of a crime. Ya maybe she was dressed sexy but that still doen't give someone the right to victomise her.

It's easy to blame victoms. But how can we justify causing even more harm to them when it is the criminal who comitited the act?

Our FBI and others can track these people down in a heart beat. Just read www.grc.com to see how easy it is for someone smart enough to do it.

So I think we're stuck. I believe we can and do track these people and know who they are. But to expose that fact would compromise their ability to do so.

But in the absence of putting these people away, to then turn around in frustration and cause even further harm to the victom isn't the answer either, the way I see it.

Re:Blaming the user

[jafiwam]

It sounds like you need to stop buying Dodge to me.

Re:Blaming the user

[jafiwam]

Get an old copy of 6 or 7.

Put in a bogus email address.

When the trial expires, reinstall with a different bogus address.

It works great, and you don't have to entertain the idea that Norton would somehow work better. (It sucks worse.)

Re:Blaming the user

[metamatic]

In fact, something that hasn't been getting enough attention is that it's impossible to run Windows on a computer with a dial-up connection, unless you are prepared to run without the latest patches.

Reason being, to download the latest service pack and patch load is an 8+ hour task, and good luck getting Windows to hold a reliable dialup connection for that long via a WinModem. Plus in most countries, you're paying for the phone call...

I realized this when my parents asked me to reinstall their system after it was wiped out by a worm (again). They had install CDs... but there was no way to install the necessary patches, so they'd just get infected again. Microsoft has now started offering update CDs, but that'll only get you up to date as of October last year.

My parents are now running Linux. Over a year without a single crash, worm or virus. I think they're believers now.

Microsoft should be required to put a sticker on Windows boxes saying "WARNING: This software cannot be used safely on Internet-connected computers unless you have a broadband connection."

Vigilante Justice

[morgajel]

I'm noticing more and more that the current crop of law enforcement agencies are increasingly incapable of handling this sort of problem. The only way they seem to be able to handle it is if we give them free reign and throw out all of our rights.

The only thing I can see working is vigilante justice. Find out who is doing it, and beat the ever-loving shit out of them. Frame them. Do what you have to do to make this bastards either quit doing what they're doing, or get them in Legal trouble.

Yes, it's illegal, but is it wrong? If I wasn't such a coward, I'd consider it. But I have a wife with babyrage, so I must keep that in mind. Those that do not, those that are bored with their lives.... Go after a spammer, go after a Spyware maker. make their lives a living hell.
I'll cheer everytime I see you on the news.

The bigger picture

[maximilln]

And people wonder why "insider trading" isn't more prosecutable.

"Your honor, I had no idea that my manager was using the intended business moves of my client to weight his other accounts. There must've been a trojan on my computer."

Yeah... It's the one the IT department installs by default so that they can make sure you're a proper company man.

Microsoft Bot Net.

[ColPanic]

Bill Gates has some nerve to charge $1000/seat to organized crime :)

Re:Blaming the user

[Oriumpor]

In this analogy I would say that patching and applying antivirus is a bit in the same vein as needing to check your fluids twice a month, and change your oil ever 3k miles.

If a drivers engine explodes because they didn't perform regular maintanence and they hold up traffic for the rest of the populus they get a ticket.

Re:Blaming the user

[Oriumpor]

The spread of worms is not just an operating system problem. A worm traverses many networks to be operable, both ISPs, overworked administrators and clueless users all contribute to this problem. Also, overworked users and clueless administrators have a limited affect in the same area. If a conglomorate of ISPS had done a job of blocking the proper ports, or you had treated your internet connection like you would treat a sexual encounter with an unknown individual and purchased propper protection...

If you had recieved an STD from a partner and you hadn't used protection you are at least partially to blame for not taking the propper precautions. If you read the paper, you know about virus outbreaks, if you care to educate yourself you know about virus outbreaks. Computer systems are not toys with a turnkey that just run, they are complex machines requiring at least a modicum of intelligence to comprehend and operate on a daily basis. You don't drive a car without a tune-up and an oil change periodically, and you don't operate a computer without regular virus maintanence and firewall protection of some kind.

Re:Blaming the user

[Oriumpor]

No, however you are still liable if you facilitate a crime by leaving your car open to be stolen knowingly. If someone steals your car and you deliberately ignored the automatic lock switch on your car, and they go and kill someone in a hit and run the licenseplate is registered in your name, and I would bet (IANAL) that someone could sue you for negligence and collect.

World Domination vs. Ross Dress For Less

[tgrigsby]

Yeah, so what.

I actually rented one of these networks. It was a "Portal of Doom 8" compromised, all broadband, 10,000 node net with single-point-of-command control. I was going to use it to take over all the financial institutions' traffic, slowly siphoning off billions into various Nigerian bank accounts (I would worry about how to get the money out of those accounts later). Then I would use the network to control the minds of the populace by sneaking spoofed CNN stories into their browsers accusing the politicians of the world of being one brotherhood dedicated to raping the world's resource just to impress the Olsen twins. Once the politicians understood that I held the key to their utter destruction, I would RULE THE WORLD!!!! bwuHAHAHAH!!!!

Just as I completed my "WorldDomination.scr" script, my wife maxed out our bank account shopping at Ross Dress For Less, the rent check bounced, and I was looking at "access denied."

Dang it.

I hate it when that happens....

Imagine a Beowulf ...

[Calydor]

Oh wait ... this sorta IS a Beowulf cluster, isn't it? Never mind.

Re:Blaming the user

[glitch23]

you damn well better make sure that the product is shipped secure to begin with, and maintains itself.

Maybe we should get our mothers an IBM eServer for Mother's Day? They heal themselves...sometimes even order themselves.

Re:Blaming the user

[oneishy]

I agree, and I just wanted to give a (real) practical example, as they are easier to understand.

You make a good point about me being the one inconvenienced by a thief's wrongdoing. As such I have clearly taken steps to lessen that inconvenience (in relation to my car). There are no valuables in the car (my laptop always stays with me), I have no stereo receiver in the car (my ipod works wonders when plugged into an amp in the trunk).

There are many similar things that you can do with a computer that don't deal with the risk, but deal with your inconvenience, which I would strongly push for. Simple things like having a backup of your data, keeping both a desktop and a laptop around, keeping the original copies of all your software in order.... These things will not stop a hacker from re-formatting your drive, but if that happens (or any other computer related problems) you will be less inconvenienced.

Re:Blaming the user

[Mycroft_VIII]

I assume you are adressing the masses in general with those direction. (or are in a country where 28.8 is reasonable for an always on 'broadband' connection')
Still I don't recall the option to enable the firewall by default during setup, it's possible I did and decided not to as I was planning on buying some new basic protection software the next day (a.v., firewall, etc.).
Still with the anoying endless stream of reboots involved in setting up a windows system a kind of numbness does set in.
That is one thing I aplaud the linux distros for, boot the install cd., install what you want in one session, reboot ready to go. (well except earlier versions of mandrake, the 7.x and iirc some of the 8.x, would crash with a divide by 0 error durring setup).

Mycroft

Re:Blaming the user

[Mycroft_VIII]

I do agree taking basic protections is somthing a user should do. However If the o.s. wasn't so susceptable because of design choices and coding errors, then exactly where would the worms,viri, etc. come from?
Also I'm not really for isp's using a blanket 'blocking proper ports' just because a worm is known to use it, someone may have need of that port for some obscure app. Now if an automated process would detect specific worm activity (It is known what most worms send as packets across the net) and blocked that, it would be different.
I do also blame the writers of such software. Unlike your std analogy, worms are the deliberate creations of people.
So as a practical matter, YES people need to take precautions, even though with raw number of these things out there I can see why many just decide it's futile.
And yes, the people who write these things then release them are definate on my BAD PEOPLE list.
And being the dominant desktop OS makes windows the biggest target.
The fact remains that windows is not only susceptable in too many ways, but is actively pro-worm in many of it's features.
I give microsoft credit when it earns it, but in this case they have fallen miserably short.
Also I've always considered basic maintanence of a machine to be dealing with parts that suffer wear and tear, this isn't wear and tear but deliberated damage. Would you consider it 'basic maintanence' to replace the passenger door after some idiot accidently bumps it with a shopping cart and a design defect causes it to fall off in 4 pieces? Also replacing a defective part or having it fixed also isn't basic maintenance.

Mycroft

Re:Blaming the user

[wfberg]

Still I don't recall the option to enable the firewall by default during setup, it's possible I did and decided not to as I was planning on buying some new basic protection software the next day (a.v., firewall, etc.).

Make sure to enter the advanced/custom networking setup (the exact wording escapes me), where you can enter an IP number.
In TCP/IP properties, click Advanced, then go to the Options tab, click on TCP/IP filtering, properties, check enable, and select "permit only" for all protocols.

You don't need to fill in anything in the TCP section, because TCP/IP filtering (not quite a firewall, but at least it comes standard) simply blocks incoming connections, not outgoing connections. Port 53 is useful to allow in the UDP section (for DNS).

TCP/IP filtering is present in NT 4.0 (no service pack required) and upwards.

It will protect you from the usual worms that would otherwise get you before the windows update patching cycle is complete.

An alternative would be to "slipstream" any servicepacks and patches (that support it..) onto the installation media. That means copying the original setup CD to a harddrive, running update.exe with the /s:c:\cdcontents flag, and then burning the updated cd contents to a new, blank cd, but to make it bootable you'd need the bootsector from the original setup cd (though that's been ripped aplenty and is available through the magic of google).

linky

Still with the anoying endless stream of reboots involved in setting up a windows system a kind of numbness does set in.

If you slipstream SP1, you're up and running in 2 reboots, with maybe an additional one or two for any remaining windows update patches (notice that often even WU updates that can only be selected exclusively do NOT require a reboot, if you simply enter windows update again you can install more patches. DirectX is a notable exception, but then some systems can go without it.)

It's still annoying as heck though. Add to that that you can't easily mirror the windows update site. What are they smoking?

Re:Blaming the user

[Mycroft_VIII]

I admit that winxp has fewer re-boots than the 9x series while installing just the windows core, it's all the drivers you have to install seperately, each with thier own reboots that's a pita.
While this is partly due to the driver makers and partly due to how windows itself works, with linux I get the drivers installed with the o.s. and don't usually need to install driver seperately with thier own install, reboot, set setting cycle.
Linux has it's own usability issues, some pretty bad, but the initial install on many distro's is NOT one of them. I consider it one of the few areas where Linux is clearly ahead of MS.
Now how about fixing cut and paste?

Mycroft

Re:Blaming the user

[Mycroft_VIII]

Gak hit wrong button, had more to say, sorry for splitting my reply like this.

As far as mirroring the site, what really bugs me is they don't make it easy to just d/l the updates so you can save them to a cd and install them offline so I can install from there, gonna look into this slipstreaming though as my brother's pc is getting really wonky on him and he's talking about setting up xp when the inevitable re-install occures (he's running ME right now.) On of the apps he runs is still a beta and has a habbit of locking his system hard requireing the magic reset button. Same exact program on xp doese not do this, it just gets really sluggish for a minute or so, but you can still use everything else while waiting for it to realize you've hit the [x] in the corner.
I can't wait till Linux gets to the point where I can play the games I like, and work with the 3d files I want for those games and I can shrink my xp install and usage to near nill.

Mycroft

Re:Blaming the user

[YrWrstNtmr]

That happens all the time. Kid steals a car, runs into something or acuses a big accident, abandons it (or is caught).
How many times have you heard of the car owner (the other victim) being sued? I haven't heard of one. Not ever.

I gathered that much

[agentforsythe]

I would make a comment about your deficient spelling, but that would be mean.

I don't see how we could be considered to be technologically impaired, though. My study looks like something from NASA...