Slashdot Mirror
Lessons Learned From Blaster
CowboyRobot writes "It's been nearly a year since Blaster struck, causing hundreds of millions of dollars in fixes and lost revenue.
Jim Morrison of Symantec goes step-by-step in looking at how the Blaster worm got out of control so quickly, and what lessons can be learned from that event, by studying how one utility company dealt with it." The story is written as a fun, technothriller narrative; here's an snippet: "The laptops, usually out in the field, were always a hit-and-miss proposition to find on the network and deliver a patch or to have the user take the machine to a field office. That meant that on the 16th they could see a flood of traffic launched against Microsoft. The second phase of Blaster, launching a DoS (denial of service) attack against windowsupdate.com, was imminent."
I'm he gayest nigger I know
Don't run windows. :D
Fat nerdy teenagers with bleached hair can not be trusted!
Fin
Eheh, I couldn't help but chuckle when I read "Jim Morrison". Totally destroys the seriousness of the article.
All Hail Discordia. Hail Eris. Fnord.
The Linux FAQ
:) This happens :)
Here's a list of some frequently asked and answered question here
and elsewhere that you may find useful in your quest to try linux.
Read these carefully before you decide to invest time in Linux, you
may find that you have better things you can do instead.
SECTION ONE - INSTALLATION
--
1.1 Q: I heard linux was easy to install, is it?
A: That depends on what distro you try. Most of them will have
trouble detecting all your hardware. Most new hardware devices
are not supported. If your lucky you might be able to find
something that someone threw together on the net. But that's
after spending a couple hours searching and probably won't take
advantage of your hardware to it's fullest capability.
1.2 Q: Once I get it installed, then what?
A: Then you get the joy of making sure everything is configured
right. Plan on a minimum of two hours per device to get it to
work. That's if the device is even supported.
1.3 Q: What happens if I'm in the middle of an install and the
installation freezes or just stops?
A: You get to reboot and start all over again.
every so often with Linux. It seems like it's buggy install
routines or something. Ain't Linux grand?
1.4 Q: What's the deal?! I installed Linux and it took up almost 2GB
hard drive space!
A: The Linux distros usually install a LOT of never-used programs
on the default install. You can pick and choose what you want,
but good luck figuring out what programs are needed and what is
useless, obscure tools. Linux usually installs stuff like 10
different editors, 12 different mail clients, and so on.
(more to come...)
SECTION TWO - CONFIGURATION
--
2.1 Q: What's with all these cryptic files?
A: All of Linux is configured with cryptic text files. Some of
the more user-friendly distros have configuration utilities
that claim to do it for you, but success with these works
sometimes and other times don't, so sometimes you have to
edit them by hand. With Linux's spotty reliability in UI
programming, you might as well get used to it.
2.2 Q: What is killall, HUP, ls, cat, rm, which, etc and why are
these programs telling me to do them? Arggg!!
A: These are command line programs that do things within the
system. It's what makes Linux a powerful OS for those that
are experienced with it. But it's also what makes it a pain
in the arse to use and inefficient as a desktop system. Who
wants to type all the time when they can just click?!
(more to come...)
SECTION THREE - APPLICATIONS
--
3.1 Q: Where can I get some programs to run on linux?
A: Good question. Because Linux doesn't have a large user base
on the desktop,(I think it's about 0.24%, less than 1%)
companies that make software won't write their programs for
Linux. There's a lot of community created programs out there,
and some are fairly good, but those are few and far between.
Most of the Linux software that tries to mimic it's windows
counterpart is substandard. It's usually slow and buggy and
early in development.
3.2 Q: I tried to install an RPM but I got 'failed dependencies', what
is that?
A: That's Linux's version of DLL hell. Different versions and
distros use different libraries. So unlike windows where
programs will run on many different versions, Linux programs
will fail if they're not made for your specific version.
3.3 Q: What is compiling and configure, make and make install? And
what is a makefile?
A: Th
GNAA Announces Remastered Version of Gayniggers From Outer Space: The Movie
GNAA Vice-President and co-founder JesuitX announced Friday that GNAA founder timecop had completed his nine-month long project of remastering Morton Lindberg's classic Danish masterpiece, Gayniggers from Outer Space: The Movie .
Said timecop, "I undertook this project so the Gay Nigger Association of America could easily spread the gay nigger seed with a crystal-clear picture and DVD-quality sound. But most of all, I do it for my gay nigg[er]s."
The previously mentioned JesuitX and GNAA high-level operator lysol were allowed early access to view the remastered version of movie. Having been already familiar with the VHS copy currently in circulation, they were in for a real treat. JesuitX was quoted as saying "In that scene where Captain B. Dick [played by Sammy P. Soloman] takes Arminass [played by Coco P. Dalbert] into the relaxing room for a conversation, the beautiful quality of the black skin, combined with the crystal clear sound made it feel like the Captain was sitting right next to me, massaging my knee, and letting me know he always has an eye on my ass. I lost complete control and starting masturbating furiously."
GNAA member l0de was also heard in background continuously saying "LOL JEWS DID WTC LOL JEWS".
Digitally Remastered version of Gayniggers from Outer Space is to be available for worldwide distribution immediately. Everyone is encouraged to download it using BitTorrent, by clicking here. You will need a BitTorrent client to download this release.
About Gayniggers from Outer Space: The Movie:
Dino De Laurentus & Raymond Hansen Present
A Lindberg & Kaistensen Production
"The Universe. It's mighty power. It's evolutionary force, not to be stopped by anyone. In its beauty, this, this is a happy place to stay, filled with harmony and cosmic joy. A free place, where men can express themselves, and be as when they were born. All of this is, because someone cares. Because someone looks after us. When we sleep, when we play. When we act natural. This is a movie about those who risk life, and partners, to guarantee living in a wonderful and free universe. This is a movie about the Gayniggers From Outer Space. The Gayniggers come from the planet Anus, in the 8th Sun System, far far away from here. They are much, much more intelligent than any other creature in the Univerise. The most fascinating thing about them is that they, with the help of their super intelligence, and their highly developed telepathic system, Braintapping, will be able to create a world, a society, a perfect world to live in without the presence of women. A MALE ONLY WORLD."
Starring
About GNAA:
GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the first organization which
gathers GAY NIGGERS from all over America and abroad for one common goal - being GAY NIGGERS.
Are you GAY ?
Are you a NIGGER ?
Are you a GAY NIGGER ?
If you answered "Yes" to all of the above questions, then GNAA (GAY NIGGER ASSOCIATION OF AMERICA) m
Linux might be a bit of a hard line. Going back to PINE, on the other hand, suddenly seems considerably more appealing.
...WASTING THE DAWN!
'Nuff Said.
(Ok, maybe not, lameness filter isn't happy.)
Indians scattered on dawns highway bleeding
ghosts crowd the young child's fragile eggshell mind.
"It is not how things are in the world that is mystical, but that it exists." -Ludwig Wittgenstein
Great that this is just 2 posts away from some extremely stupid posts. People saying that viruses are unable to get installed by unpatched pc's without user intervention. Some people I tell you. Yes it is kind of offtopic, but hey, it's relevant!
The main weakness that allowed ingress was that any outside machine with a VPN connection also has a real IP address as well. Those machines, since they were unpatched, were sitting ducks for the virus... and then the trusted nature of the VPN assured that the virus would spread to the inside.
A basic firewall on the deployed machine to drop any packet not from the VPN could have stopped this before it started...
Lesson 2: Enjoy!
Back when Messenger Service popups happened and started using $80 hardware firewalls that doubled as Internet sharing boxes.
When Blaster hit I was sitting pretty and so was every client that took my advice.
*yawn*
Use Evolution instead of Outlook? Bewa
Disclaimer: The above comment was made while under the influence of too much coding and not enough sleep.
I use OSX since I never get virii or worms, but they are coming to the mac soon enough. Although, everyday I am using windows less and less and only for Oracle development (OAF/JDEV) because of my job.
;)
I guess the only thing to learn from the blaster worm is to switch to OSX.
GroupShares Inc. - A Free Stock Trading Community. Over a 100 active members daily!
-------
artlu.net
The article starts with a story about someone having trouble completing a bill payment.
I thought the requirements for systems that handle financial transactions were so stringent that nobody would use Windows for such a purpose. Have I got it wrong?
A contractor using the guest offices brought Blaster inside. His laptop infected the security-counter image-storage system, which then found its way to the HR server. That in turn spawned the infections to the HR XP laptops where the patch failed.
The first thing you learn in ANY security job is that most breaches are from the inside.
As someone standing right behind the front lines, I will tell you that employees with laptops are the worst. Most end up with administrator access (not that hard to crack if you don't have it). And the fact that they bring their computers home and on the road makes them feel a certain entitlement to install whatever they feel like. Contractors are even worse, since most of the time these laptops ARE their personal PCs. Desktops and servers inside the DMZ are the least likely originators of malware. (Not to say you couldn't surf pr0n on the company mail server as an admin. But then you deserve what you get.)
Network admins need to lock down MAC addresses and start treating their network like the PBX folks. Nothing gets wired except approved company equipment.
Have you Meta Moderated t
If it gets really high, eg 50 or so (your average AOL user) automatically turn on the Windows Firewall, and include a flag on every outgoing packet indicating that the user cannot be trusted to operate their computer in a safe fashion. Webmasters can then block traffic from these PC's at their discretion - Problem solved.
Making the moon less necessary since 1998.
I wrote an in depth analysis of the Blaster worm for my GIAC Certified Incident Handling Analyst (GCIH) practical:
Is that the lesson?
John Kerry is a Joke!
Lost in a Roman
Wilderness of Pain
And all the Children
Are insane!
A key paragraph in the story...
"We had to do some research, but we found out that the way we locked down the users prevented the patch from running properly," lamented one of the policy admins. "What we discovered was that the software restriction policy for the local computer allowed only local computer administrators to select trusted publishers. Because our patch agent ran as a pseudo user, the agent did not have the necessary rights. This was causing the failure. We changed the group policy for the HR systems so that we can patch remotely from now on."
Sometimes, locking your system too tightly ends up locking the keys in the car. When you really need something to run, it doesn't...
Automatic Updates and Norton...and try to minimize office guests access to the network...
See Sig! See Sig Zig! Zig Sig Zig!!!!!
Every penny of the losses due to this should be charged to Microsoft for neglegence. They were told over and over to fix their shit.
http://www.giac.org/practical/GCIH/John_VanHoogstr aten_GCIH.pdf
On the one hand, virus writers are aggressively pursued and prosecuted with claimed damages of billions of dollars; on the other hand, these losses are not included in the TCO of Windows! What gives?
Heh.
The conference room used for the first discussions had been converted to a war room. The whiteboards were filled with IP addresses gathered by the help desk of systems suspected of being infected and trying to propagate the worm. Another list for all of the nonfunctional pay systems covered the entire portable whiteboard. These systems would have to be patched before they could be used to receive payments again.
:)
Red Alert! All senior officers to the battle bridge. Prepare for saucer seperation in T minus 3 minutes and counting.
Picard: Data, can you locate the origin of infection?
Data: It will take aproximatly 10 minutes to scan each subnet.
Picard: We don't have that kind of time. Number One, options?
Riker: Disconnect the OC3 and raise the firewall, leave no ports open.
Captain: That should buy us some time but we need a better solution than that.
Diana: I am sensing something captain, it feels as if the SUS server has fallen offline, we may have missed the latest patches
Data: Her hypothesis could be correct
We are the Borg, We will assimilate you!
Captain: Damn, and here I was thinking it was The Boy and his nanites again
No offense Wil
Im dreaming ofa big bndwdth, That can resist the
EOM
--- Ban humanity.
The Blaster Worm awoke before dawn.
He put his boots on.
The utility company lost more than $1 million in revenue that would normally have been generated from the pay systems during the time they were down.
Wait a second. Blaster didn't directly cut off any customers. How could the virus cost revenue?
Well, in the case of this story's Mona, it was because her power was cut off despite the fact she had the money to pay her bill through the last-minute pay system. That means a few days that she didn't use power, plus the cost of a needless disconnect that they couldn't charge for.
If the power company had a brain or heart, they would have not done any disconnects due to non-payment during this time frame. Sure, some deadbeats would get 3 days of free power, but the majority of people who missed their payment deadline would happily pay if just given the chance.
In short, they could have saved time and money if the bill collectors would have been told to take some time off...
The first thing I did when Blaster started doing the rounds was put DCOMbobulator in the login script -- bought me more than enough time to get patches in place.
But if these biyearly "connects to a flaw in an enabled-by-default MS service that serves no real purpose" worms have proved anything, it's that when something goes wrong, if looking at the problem critically would result in them having to make actually hard choices, then people will continually blame absolutely everything except the actual problem.
I thought he was with The Doors.
Damn! I thought he died 33 years ago !!
I thought the lesson was, software monoculture in the global computing industry is opening the door for disaster -- what we need is diversity in platforms and applications.
NAT makes a very good poor man's firewall. Unsolicited packets get dropped... and services you didn't realize you had listening can't be reached.
If your machine listened on port 135, the virus had a way in.
well, if your machine was listening on port 135, and you hadn't bothered to apply the patch that had been available for, what was it, 7 months?
You could've turned off Messenger service in Admin Tools->Services, but I guess you probably would've been pwned by the blaster (assuming you don't patch right away...).
...as a norton rep.
:(
so sad
...I sincerely thank ALL you Windows users for walking around with great big targets on your backs and between your eyes and on your asses and having all those viri wankers, er, writers using you for their perverse pleasures.
Keeps 'em away from the rest of us, don't you know?
Thanks, guys! I and the rest of the Mac using world appreciate it.
Guaranteed! This comment 100% Anthrax free!
.Mac Email complaints.
Lots of other complaints from Mac Users.
Is it only the slashdot geek crowd that's happy with Apple ?
I think that was his point, was it not?
Make sure you have the codes to shut down SkyNet. Oh yeah, lock yourself into a hardend underground base with Claire Daines to reproduce and save the world. Damn worms.
I wanted to thumb my nose at you from my high and mighty perch..
Whats that sound? Oh, its my ego expanding and my capability to form reasoned thought escaping.
OK, so M$ has designed a bad OS. But nobody that I know who has Windows XP and knows how to use it ever got infected with a virus.
Simple rules:
1. firewall software (eg. Norton) before connecting
2. You don't use Outlook/Outlook Express and preferably not MSN
3. Preferably don't use IE
4. windowsupdates
5. update your norton firewall/antivirus
Don't get me wrong I'm a OS X, and Debian user, but come one, all I can say is if it wasn't for all the dumb people out there who don't get what I call the essentials I would be unemployed.
Oh crap, I just spilled the beans.
Warren Peace
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
Daniel
http://people.cinn.ca/daniel/
What I found outrageous is that they disconnected customers. Even though they knew there was a payment issue. Surely the first thing to do would have been to put all disconnections, late fees etc on hold until after you know what the situation is.
They didn't include the cost of alienating customers or destroying their own brand image in the post mortem. But then again it would be a breath of fresh air to find a utility company that shows compassion or cares about its own image.
no text
Someday people are going to start develloping worm that automatically patch the hole they got in through... that'll be the day, no more Windows Updates
the school that I go to, and work at, learned from blaster. we got pounded by it and after that we put the systems that should have been in place, in place. when sasser hit it was much less pain because of it. we learned all right
-Tim Louden
Blaster was a worm, and of worms in general I would say that there is little new to be learned from them. I did learn something new with blaster though.
I was doing some security work for an ISP at the time of blaster. They have a number of Cisco 12000 series GSR routers as well as Foundry Big Iron Switches. For those who are not familiar with the Cisco 12000 series routers, let it be sufficed to say that it is Cisco's biggest, baddest router that stands up to 6 feet tall and comes from the factory with a 4 barrel carburetor, dual testosterone modules and a custom paint job with flames painted on the side (pin stripes are optional). These switches are designed to handle hundreds of gigs of traffic across their backplane and through their interfaces. If the ISP were forewarned that they would be seeing 300 mbps of traffic coming from the MS Blaster worm, they would have said "Bring it on!"
For those of us that aren't CCIE's, Cisco routers and Layer 3 switches have a function called CEF, or Cisco Express Forwarding. CEF is a technology that by its simplest definition caches routes.
If a packet from my computer is destined for yahoo.com, it will first hit the DNS server to resolve the host name to its IP address. My computer will then send packets to my ISP with the destination IP of yahoo.com (66.218.71.198). My ISP's router, presuming it's a Cisco router with CEF enabled, will look at its internet BGP tables and determine the optimal route my packet should take on the internet to arrive at that destination. Once the router has processed the route, it caches it so that all future packets coming from my home IP address, destined for yahoo.com will automatically be routed using the cached route. This takes a tremendous load off the router CPU as each packet no longer needs to be processed by the CPU, hence the term "Express Forwarding".
What the blaster worm did was send out hundreds of thousands of ICMP pings per second. This usually wouldn't be a problem for the router, except for each packet was destined for a unique IP address. What started happening is that each route was looked up, routed, and stored in its cache for future packets - only there weren't any future packets. What happened next was the memory space allocated for caching CEF routes filled up, and once full, the router simply purged its cache so that every packet had to then go to the CPU to be routed. Once this happened, all hell broke loose.
CPU utilization on the routers jumped to 100%, which should never happen under normal conditions, but this was clearly not a normal condition, and the internet came to a crawl.
There we were, with a router that should handle hundreds of gigs across the backplane without breaking a sweat being brought to its knees by 100mb of traffic... it was incredible.
Good security is based upon reality and common sense. Common sense is a function of having common knowledge.
See... that's the problem. All those people running Windows with Keyboards and Networks and Unlocked Rooms attached.
Q: How do you know your Windows PC is lying?
A: It's plugged in.
It takes my power company more then one day to disconnect my power. I doubt they would send a truck out just to disconnect me because I was one day late. I've been more then 30 days late and have never been disconnected. Something smells fishy about the whole "Mona" part of the story. It also seems a bit too dramatic. I hate it when they mess up a story by trying to synthesize a "human" element to it.
They're lucky that Blaster was removable by remote control. A more effective virus would lock out any attempt to change system files.
naahh.. he had to fix the draft coming in from the Windows.
In the world of computer viri, is revinue conserved?
One day, in a galaxy...never mind...One day, internet connections won't even be possible with an exposed PC address. DSL/cable won't even be permitted to connect directly to a PC without DHCP/NAT interposed between. The sky will be clear of pollution. All people will clasp hands in a show that we are all from the same human family and we all have rights......
I'm getting loopy. It must be those packets I solicited from that guy downtown.
1) On home machines, *all* network accessible services should default off. In most cases, this will mean that remote exploits aren't going to happen - kernel level remote exploits are fairly rare. This means that if I port scan a machine out of the box, I should find 65535 closed TCP ports, and 65535 closed UDP ports.
2) On buisness workstations, all network accessible services should also default off, but the administrator should be able to provide a configuration to enable services needed for remote management.
3) Unneeded use of privledged accounts should be actively discouraged. M$ - consider defaulting to popping up "don't do anything stupid" reminders to users running with administrator rights under "end-user" versions of windows. Make it easier to obtain administrator rights when needed without having to log off and log back on. Educate users about the "Run As User" facility.
4) Operating systems designed for end users should have a facility to lock down the system temporarily while doing emergency maintainance, a "No services" mode if you will, which allows the user to obtain updates without being exposed while doing so.
5) While it can be argued that automatic updates are themselves a security risk, in practice, lack of updates are a far bigger risk. Anything thats remotely exploitable should be updated frequently and automatically by default.
6) Reboots are absolutely unacceptable to many users. Microsoft needs to work harder to eliminate unneeded reboots, *including* making changes to the way file locking works so that a reboot isn't needed to replace a file that's in use, or so that the affected subsystems can be stopped and restarted without restarting the entire system.
7) While blaster didn't use ActiveX, quite a bit of spyware and other ratware does. Fully executable web pages without any kind of sandboxing is a bad idea. Please, Microsoft, *disable* ActiveX out of the box, or require controls to be manually authorized by the administator by adding them to an "Allowed controls" list in the Tools -> Internet Options dialog - NOT as a pop up "Do you want to install and run" box.
8) Expand user education campaigns. Encourage users to obtain basic computer training, and a basic understanding of computer security.
9) Provide readily accessable documentation that adresses security concerns. Warning labels get old, but perhaps a big red "STOP: Please review this security information" is appropriate.
10) Discourage software developers from enabling network-accessible services automatically. (Hopefully the "new" Windows Firewall in SP2 will go a long ways towards making users aware of what they are running, but time will tell.)
The "loss" numbers are bogus figures that include the time people stand in the halls talking instead of pretending to do work. There's no actual difference in the amount of "work" that gets done, but the company gets to write it off as an expense. The numbers also include things like "well our corporate website brings in $x million/month worth of sales (on average), and we were down for Y hours, so that comes to $Z of lost profits."
I can't help but feel sorry for Mona and the uncountable other people in her situation. She had her power disconnected for three days because of this, lost all the food in her refrigerator through no fault of her own, and all she got in return was her reinstatement fees waved. All through the article I kept waiting for somebody to correct their cranial-rectal insertion and put a hold on any disconnects or late fees until the system was back up. Clearly, they know that not everybody can get to their office during normal business hours -- why else have the payment centers in convenience stores -- and having their payment system down wasn't going to change that. When Mona called in on Day 2, she should have been told that the disconnect had been moved back until two days after the system was back up. If somebody isn't investigating why this wasn't done, and firing the people that dropped the ball,it's only because Pointy-haird middle managers tend to be employed by Pointy-haired CEO's.
Good, inexpensive web hosting
Of our elaborate plans, the end.
No safety or surprise, the end.
Was Jim singing about Microsoft or SCO?
(Visions of slow-mo helicopter fly-bys and napalm exploding.)
If you don't want to repeat the past, stop living in it.
It's too bad power companies are monopolies. If I were Mona, I'd want to switch to a different provider for (a) being stupid and (b) cutting me off when it wasn't my fault they were stupid.
How were they stupid? Lots of ways, including poor security and using Windows for critical systems.
How did the Blaster worm got out of control so quickly?
Stupid people still using Microsoft products... that's how.
How do we solve this problem?
Install Linux... that's how.
Well lets see. Basic measures are necessary for us, since people tend to not follow security policies, and our Tech:PC ratio is so damn high we have had to be pretty ... well creative I guess is the word. Since we haven't the funding, manpower, or infrastructure to deploy anything that would require client reconfiguration 100% we have resorted to the following:
1. DHCP access listing. (Indexed systems get ips, others don't)
2. Router Access lists (in non-cisco language port filtering)
3. Heavily restricted nat firewalls (ipcop+snort)
4. NAV/Deep Freeze (www.faronics.com... if you can use it, do... no spyware, no viruses, no deliberate destruction of the local system, reboot and it's all fixed.)
5. Software Update Services (Deepfreeze plays nice if you schedule it right)
So obviously we use windows... and obviously we have a relatively secure (at least from the current and past virus/worm attacks.)
About 95-99% of the systems on a campus are frozen. In the case of an outbreak we can shutdown all systems (removing the obviously infected systems from the DHCP access list) and booting the frozen systems back up. This is assuming the virus is 0 day, and it hits us before the SUS updates...
Still there are horrible gaping holes... for instance, a virus that spreads quickly, before a patch is released, and happens to still be spreading during the SUS thaw could result in a complete infection... but the odds there are pretty slim. And really, it puts us in a better position for 23 hours a day... and on par with most companies for 1 hour a day.
thaks I'm adding that to my list of trolls
Loof foward to an FP with it soon@
... they seems to keep using Windows.
R T F A ! The reason the laptop got infected WAS because it was locked down. THAT WAS A COMPANY notebook! . Now, having to use my work computers gets annying. THe admins will lock some software down for NO REASON, JUST BECAUSE THEY CAN. Even when attending GSU (Georgia State University) Some of the library computers were similarly locked prohibiting legitimate uses. Other campuses like Georga Tech (where I transfered, now a happy camper) have a very liberal policy applied. Haven't had any problems with viruses worms etc.
I bought a mac.
Break on through
Break on through
Break on through
The open ports, yeah
Poor Mona...I'm glad to see that they oversimplified someone's life and made them look like a poor struggling soul. That helps for pity value and gains extra credibility.
"Without an extra day to pay her bill she was facing certain disconnection, meaning extra reconnection fees and no lights or stove to fix hot meals for her kids."
"Mona's alarm woke her up--a good sign that she still had electricity. Maybe, because of the problems with the pay systems, the power company was giving her extra time. She set out to fix a hot breakfast for her children, get them dressed, and walk them to school before facing another day of dealing with customer service to buy more time before disconnection."
Yea, remember to think of the kids. Let us all shed a tear for Mona and her children.
I'm not sure why people think "hardware firewalls" are better. Experience shows that they are often shipped with huge gaping holes. One of them had a root password of "uclinux". Most of them probably have a static root password that's the same on every unit.
If you want a cheap, trustworthy firewall put a free Unix on a cheap PC and configure it per the community's advice.
We'll start off by assuming the story is a fabrication and not all facts are equal, now the analysis I noticed.
1. The first TCPdump was supposedly taken from the firewall - but the packets were destined for the same network - it would be unlikely that the firwall should see this traffic being non broadcast - unless we assume the utility company did not have their network either properly routed (traffic from the internal lan should not hit the gateway) or their network is not properly set up with a switch and everything is on hubs.
From my suspession of disbelief I had a hard time believeing either of these facts - it would have been more logical to state it was an IDS system of a network scanning utility plugged into a mirrored switch port - sorry I just didn't buy the firewall would see it since there would be no reason to make the firewall be able to see any unnec. packets, therefore increasing the load on the firewall - esp in a mission criitcal company liek the utility company.
2. That hte utility company lost millions in revenue - it was the utility company - they would get their money one way or another - so all "lost" income would come and they would get what is coming to them - but we wouldn't have heard the tale of the innocent bystander Mona.
Sorry these just irked me - but beyond that was a fairly good write up.
Did anyone else read to the end where the employees discuss "lessons learned"? Really encapsulates whats wrong with IT. First, nobody says the obvious, that they shouldn't have used Windows for a dedicated, distriubted application. I guess at least someone must have thought that, and was afraid to speak up. There are hints in the article of an upper manager beating his chest and making the peons shake.
Second, they vow to not let contractor notebooks on their network without a thorough security vetting. Great, more IT-fascism, and totally impractical. IT needs to support the organization's business objectives, not obstruct them. If you have an attorney who bills $400/hour coming in to meet with the Chief Counsel, and he's got one hour before he has to drive to the airport, who is going to hold him up and scan his notebook? What if you screw it up in the process? There are lots of more practical solutions to this problem, once you accept the basic fact that IT is not an end in itself but just a business enabler.
Also, did you notice how Windows' overly complicated permission system caused a disaster? The machines were locked down to prevent tampering, which prevented the patch scripts from running. In the end, they had to send people out to each location to fix the machines. I've never had this problem with Unix, because Unix permissions are simple and logical; therefore a sysadmin can easily understand the implications of any permission setting.
I particularly liked the phrase (quoting from memory) "one of the policy admins". One? Not only do they seem to have a full time employee maintaining these tragic "policies", but they have a team? And still caused a train wreck? Windows is close to being a job-creation program for mediocre technical types.
What does it mean to "ping port 135"?
It did nothing to the files, just rebooted the computer, and waited for a precise date to attack Microsoft site. I wanted to participate to this huge distributed computing effort.
To do this, no patch was required: just open the control panel, clic on ugly icons, and go to the RPC panel. Here, I was surprised to see that the main annoying comportment of this worm was due to a default windows setting!
The default option on RPC failure is to "restart computer"! So I chose the "restart service" option for every failure and that worked fine! All my friends could now live with this worm and contribute to this distributed computing effort!
Default options in Windows are users' worst choices: restart the computer on every failure!! The most funny, an stupid, one is the default restart computer on... boot failure!
To Fix every virus under Windows, put a Knoppix CD in your box and then restart your computer for the last time.
9.5 for style, 0 for content.
Patching is dead. In a world where worms can spread faster than patches, patching is by definition a failed paradigm.
Of course, too much so-called security business depends on the model of adding layer after layer after layer (each layer another product that can be sold) to achieve "security". Whereas security (without quotation marks) is often reached by reducing rather than increasing complexity.
My bet is 18 months or less before a worm uses some exploit in an anti-virus or anti-worm software to propagate.
Assorted stuff I do sometimes: Lemuria.org
Hey, come on, guys. Windows XP has a personal firewall built right in. You just have to activate it for your Internet connection. It's about three clicks from the desktop.
While the XP firewall is certainly not the holy grail of secure computing, it does prevent your PC from being blasterized while you download the necessary updates. Don't tell me that you didn't know this, having been a Linux user since 1995 and being security-conscious.
As a state gets corrupt, its laws multiply; the most corrupt states have the most numerous laws. (Tacitus, Annales 3:27)
The utility company lost more than $1 million in revenue that would normally have been generated from the pay systems during the time they were down.
Huh? No-one's going to get by without paying their utility bills, as illustrated in the sob story. That revenue was likely deferred, not lost.
deus does not exist but if he does
1. Silly: there's no purpose to such an exercise. We all know what the cause was, and these 'cottage industries' that feed off the weaknesses of you-know-who aren't fooling anyone except themselves.
2. Stupid: I mean REALLY - how much is it going to take until these idiots get a grip and realise it's Microsoft technology? I'd like to see one of these idiots in the Alps during an avalanche:
'Run! Get out of the way! Avalanche!'
'Huh?'
'It's an avalanche! Run for it! Hurry!'
'Huh?'
And so forth. Yell 'Microsoft' and it's the same thing. Trouble is, some of these idiots think Windows is a GROOVY platform - something I will never get.
3. Slanted: Anything that refuses to look the truth in the face at this late a stage in the game is slanted. I think there's money involved, but exactly what prompted this idiot to offer us his pearls of wisdom I cannot of course know. Still - basic bottom line: I could give a flying F. If I could pass a law about anything at all right now, it would be a law that muzzled these idiots once and for all.
Sure, it's a riot how Windows machines get the shit knocked out of them, but it's a disastrous waste of global resources and it long ago ceased being funny. Muzzle these idiots and don't encourage them by linking to them.
... and DSL/cable users will no longer be hosts on the Internet, in the sense of RFC1122 - the Internet is, after all, peer-to-peer. Since even dial-up users have traditionally been real Internet hosts, that would be a shame.
I would support ISPs blocking incoming connections by default, but only if it's easy to unblock them.
...no. you TEST stuff. rigorously. if you're using automated builds and locked clients, then this is pretty easy - get a preproduction lab setup, test everything and THEN roll it out. if you don't have the skills, hire a contractor that does to set it up for you.
i can tell you that changing group policies on a domain level is something that brings me out in sweats - you NEED TO TEST IT as otherwise some tiny check box will fsck all your clients domain wide of a monday morning.
now many people made sure their virus software was up to date after reading that? For the 3 mac users, I don't care what AV software you don't run, for the 7 Linux users, I don't care either, for the 10 windows users that claim to be Linux fans, but only use Linux for a server, your vote doesn't count, for the 933,343,343 windows users, did you make sure your AV software was up to date?
My NAT/fw is a P166 box running IPCOP.
Easy to patch. Easy to use. Easy to set up.
You make the mistake of thinking you can educate the fundamental stupidity out of people. You can't.
I think the most important lesson is that the more proprietary software is, the more difficult it is to mature. Microsoft's closed development model does not help in the direction of code maturity, no matter how many programmers there may be. One of the reasons is that the open source developer may feel more pressure to deliver something that works flawlessly than the closed sourced developer.
YHBT
YHL
HAND
If it's one thing people should have learned from Blaster and the like is that it's still out there. It's on the wires, passing through routers and scanning for its next victim. It's not going to go away anytime soon. So before anyone just blindly plugs into the Internet, just remember that it's out there, waiting for you.
We got hit by Nachi/Welchia at the end of August 2003 while I was on holiday with my daughter.
I came back to work to find the place in chaos (the volume of traffic that critter produced on our network was astounding).
I knocked up a KiXtart script which, when run remotely with Administrator credentials using Sysinternals.com's PSExec detected the presence of the worm, killed the process if it was running, ran McAfee's Stinger and patched the workstation.
A modifed version of that script which detects over 100 common viruses is now run on every workstation when the users log in.
In my experience, there's a residual 2 to 3 percent of workstations which, for a variety of reasons, refuse to be patched remotely (usually no ADMIN$ share, sometimes in need of a service pack).
Every month I use the same techniques to push out critical patches to our 2000+ desktop PCs.
It's amazing what you can do with free software.
Fairly recently, there was a worm ("Witty") exploiting a hole in BlackIce Defender (a server-grade firewall and intrusion detection system). A damn nasty specimen, too -- it randomly wrote bogus data to random sectors of the hard drives, slowly destroying the server (and immediately rendering it untrustable).
One article on the worm can be found here; I'm sure the usual gang has advisories out for Witty as well.
the real answer is oss doesn't have a critical mass to attract the ire of virus writers. Once Linux or any other open operating system hits critical mass, you'll see plenty of viruses and exploits and they'll be easy to write since the author will have a copy of the source code available. I also don't buy the pressure to perform well argument, well I think you have it backwards. Proprietary software will have more pressure to perform for the author or owner's livelihood is on the line with it, but oss is written more by hobbiest that do it for fun so they receive little pressure in that regard. That hobbiest mentality is what makes oss good, but not from pressure, but desire to do something right. With proprietary software, the engineers aren't always excited or interested in the project so don't give it their best and have immense pressure to get things done in the shortest period of time. In oss, the engineers volunteer for the project because they believe in it or are interested in it and so put lots of energy into the project. They also deliver when they want to and so wait until the internal pluming is a more consistent state. So back to the point, once oss hits critical mass, we'll see how much time volunteers spend updating security holes, releasing patches and the like when the authors would rather write new code, not maintain old stuff. It could all work and the trigger for this mini rant is the lies and spinning of the oss community that every good attribute of software is an attribute of oss and every negative attribute of software is an attribute of proprietary software. They both have positive and negative qualities and the lying will do more harm to the oss community in the long run than just admitting that there are positive qualities to your enemy.
Patching isn't dead, it's still needed.
What's frightening, however, is that Antivirus vendors still haven't got it. Weekly, or even daily pattern updates are NOT sufficient to prevent the spread of viruses and worms.
For example, W32/Zafi.b@MM was in the wild on June 11th this year, and was detected and stopped on the same day by Bitdefender and ClamAV on our MailScanner box. McAfee released its 4366 DAT files 2 1/2 days later, on June 14th.
Similar slow responses happened with Netsky and Bagle, IIRC.
The biggest trouble we have is getting past the mindset which says "we have up to date antivirus on our PCs therefore we're safe". I beg to differ.
Phil
use DOORS instead of WINDOWS !!!
vir viri m. [a man , male person]; esp. [a grown man; a husband; a man of character or courage, 'he-man']; milit. [a soldier, esp. an infantryman; a single man, individual].
virus -i n. [slimy liquid , slime; poison, esp. of snakes, venom; any harsh taste or smell].
Latin Dictionary and Grammar Aid
sic !
CC.
TaijiQuan (Huang, 5 loosenings)
I find the parent quite Funny indeed, not that the post has too much truth in it though. ;)
Seriously, I think we've already compiled our kernels.. Next!!
- Voice of Ambience -
I thought he had gone under the name of RMS since 1971?
I'm suprised ISPs aren't taking proactive steps and setting up firewalls in front of their DSL/cable/dialup users. Even a Cisco CBAC firewall or simple router access-lists would be better than nothing. I know some of them block NetBIOS ports, but they should really just block anything incoming to an enduser unless it is part of an established connection. Also, block outbound SMTP and require HTTP/HTTPS access to go through a proxy server to stop worms from just hitting other ISPs willy-nilly.
This sounds like a party game. You get a used computer bought at some sort of closeout, a Windows95 OSR2 installation disc, and a wide-ass open internet connection.
When you get a virus, you yell "Gates Rape", and someone hits a stopwatch to time your run. Whoever can get raped the fastest wins!
who are those slashdot people? they swept over like Mongol-Tartars.
I'm with you on the REAL firewall thing.
Get something with stateful packet inspection, ability to recognize port scans and cut off access (i.e. an intrusion detection system), response time in under half a second, and a logger that shows everything that has happened for the last four weeks, just in case. Oh, and just in case it gets hacked, make sure you have a way of showing it's process listings.
What can do all of these things? Certainly not the cheap Linksys router you suggested. Those don't even come with an IDS. I know because I have one of the latest models.
For that you're going to have to buy something that costs over a grand...or a $40 133Mhz machine.
How about instead of suggesting a hardware firewall, we say a dedicated firewall, since a grand is a bit much to pay for the good features.
As far as fruit goes, I don't think the analogy fits too well. It suggests that it is only slightly more difficult to make a virus for a well-firewalled system with user process levels. It's more like the difference between getting a leaf off the top of a shrub and getting one off the top of a giant redwood.
Mod me down and I will become more powerful than you can possibly imagine!
How bad would it be for the router to be tracking state on EVERY packet for EVERY internal customer?
An alternative would be to go stateless, and just block incoming SYN packets. That would leave UDP open. How big an exposure would that be, or how big a burden would it be to go pseudo-stateful on UDP, blocking incoming SYN on TCP?
But then again, I don't want to solve ISP problems like this, because I'd like to have remote access to MY systems at home.
The living have better things to do than to continue hating the dead.
my isp (small mom and pop outfit) is also a whitebox shop and has a big sign out front that says "we will fix your viruses". I think they like they can make a nice chunk of change off of relatively simple repairs, it's a steady business model. AFAIK talking to the guy who runs it, I'm the only linux user he has. Not saying this is true for all ISPs, but it's like "you" as joe homeuser getting them to do an oil change and tuneup and tire rotation for these shops, and most of them I have been in charge a pretty snazzy rate for de infesting machines and applying patches-all things the owners of the PCFs could do themselves, but most users choose to remain ignorant it appears,and don't make the effort, so the fixit repair shops take advantage of that, at least the first few times the users get nailed. Say 50$ or something a pop to have your box cleaned, it adds up. I imagine a lot of /. readers here make some nice loot off of windows insecurities and viruses, especially the ones who get hired to run networks or who get called in to fix stuff. No problems and everything running smooth = much less money made in *some* cases. I know that's a bit cyncical, but I bet it's true.
Didn't those MIS experts think to install anti-virus software on any of those hundreds-if-not-thousands of PCs?!
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
For large corporations, I always quite liked the idea of sending occasional spoofed e-mails with dodgy attachments, similar to your average e-mail virus. If a user opens the attachment, MIS gets notified, and a "three strikes" rule applies.
The first time, they get a polite warning about their behaviour and how damaging it could be if that had been a real virus, and a friendly reminder to read the corporate IT policy. You're not trying to piss these people off and alienate them, you're trying to educate them.
The second time, they get another warning, and all non-essential access revoked for a week: no personal mail, no web browsing, nothing. You might mention that this is the sort of thing that viruses try to do to everyone in the company, which is why it's so important not to run attachments carelessly.
The third time, they get the book thrown at them: automatic formal disciplinary procedures, loss of all personal usage privileges and direct monitoring of their usage by MIS, etc.
Of course, you need some very senior people on your side to make this work, particularly because managers are often the most incompetent in this respect. However, if your CIO has any clout at all, a quick explanation about the impacts of a real virus on the company and the most likely way to get one should get the CFO and CEO on-side.
The nice thing about this approach is that it's fair. No-one who's not a liability will be affected. Anyone who's simply naive will be given a friendly reminder of the danger, and how to avoid it. You have to screw up spectacularly several times before really bad stuff happens. And if you really are that stupid, inconsiderate or incompetent, the rest of the organisation doesn't have to suffer the risk you bring to their livelihoods.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
What did _you_ learn from this?
There are a _ton_ of problems spelled out in the article.
Incompetently set permissions. Incompetently managed network, including unpatched production servers, not just the client machines. (Yes, that would also explain needing the tons of policy admins. You haven't seen the kind of drooling incompetents that some companies hire.)
An incompetently programmed application, presumably written by the cheapest clueless monkey that could be found. (How _do_ you write an application, so that it needs the _OS_ to be unpatched and unprotected?)
A management who's more into chest thumping and scaring peons into submissions, than actually managing.
A total contempt for the paying customers too. (It would have taken just a couple of phonecalls to tell everyone _not_ to disconnect everyone's electricity, when it was the company's system that failed to accept payments. But did anyone even think of the customers? Nope. Fuck 'em. Who cares about 'em?)
Etc, etc, etc.
But what do _you_ understand from that? "Waah! Microsoft sucks! They shouldn't have used Windows!" Well, see, that's the problem with the IT world indeed.
And I'm talking about the ever increasing reliance on some magical "+3 cloak of IT protection (+5 against bugs)". The rush to rely 100% on the OS, framework or whatever, to protect you.
"If only it was _____ (random hyped IT product), it would have been 100% invulnerable!" Where the product may be Linux, WebSphere, EJB, ASP, XML, or whatever fashionable buzzwork or framework.
Heck, I don't doubt that, back in the caveman times, the same kind of people were busy whining about how just upgrading to Stone Axe v2.0 from Sharpened Stick v1.5 didn't automatically keep tigers at bay. Now if we had bought the hyped Wooden Club v2.6 instead, that one surely would have swung itself against the tigers! All by itself, and without requiring any skill!
No, sorry. It never worked like that, and never will. A system is only as secure as the people using it.
And that's the problem written all over that story. That a big team of incompetents crafted an insecure network, with insecure computers on it. And would have been just as bad off with any other OS or framework, if they stick to those incompetents.
But no, let's hope for some magical cloak of protection instead. Maybe this time it will actually work. Right?
A polar bear is a cartesian bear after a coordinate transform.
...until someone brings in an infected laptop.
--
"Open source is good." - Steve Jobs
"Open source is evil." - Microsoft
A user that does all of those dangerous things or Microsoft for allowing users to do all of those dangerous things?
This is a problem with the "modern user". They just accept that Windows and computers in general behave this way. That problems like Blaster are "just the way it is." Those who work on multiple platforms and systems see this and call "bullshit" because we get things done and don't have to deal nearly with this level of crap.
Throwing more software at XP is not going to solve the problem. What needs to change is Microsoft!!
- Above all else, why are users forced to run under a prelivaged account? Although not exactly necessary for Blaster, many rogue programs use this as a vector to infect machines. As long as Microsoft does not address how aweful the premission scheme is on Windows, people will have to run at highly elevated permissions which means its easy to infect people. Change this and many virii just go away...
- For 1: Why do you need to buy more software to use a computer out of the box? Mac, Linux, BSD all can all install and go and even do live installs. Even though you can do a live install of XP it isn't safe. So the solution on Windows is "you need more software"?? I call BS again. The installation process should be secure because its a custom kernel that is heavily scripted. There is no reason why the install process is vulnerable!!
- For 2: You can say that but as long as Microsoft allows users to start the application they will use it. Any other vendor by now would have gutted, disabled, etc. such a problematic application but Microsoft seems to know better....
- For 3: look at "For 2:"
- For 4: Windows Updates and beating "keep your system up to date" drum is all nice and neat but once again if you need run it manually (versions of Windows before XP) then there is a big chance it won't be done at all. Even then its dumb to have to login to apply a patch in an enterprise. No wonder why IT time is expensive. They have to babysit hundreads of machines!
- For 5: Just like "For 4:" this can get problematic in a hurry. To make things worse, this even more incidious because for each piece of "security" software you install you now have a seperate process to keep it up to date.
Microsoft made Windows into the monster we have today. There are less bugs and in general a better user experience than previous versions of Windows but that is no excuse for having such idiotic exploits still floating around. Many platforms figured this out years ago (some aspects are 20+ years old for security) and yet Microsoft just dances along milking vendors and OEMs for as much money as they want with inane licensing schemes.
Its interesting to note that firewalls and networking solutions are discussed in the conclusions of the article.
.NET, and documentation. I've only seen DCOM used once in my life, and it was a very specialized application where DCOM was used to control a smartcard reader on another computer for enrollment purposes. Obviously, this kind of applicaton should _not_ be world accessble either.
IMHO, only necessary ports/services should be available to the internet. Period.
Do I export my NFS shares to the world? No.
Do I expose my rpc portmapper to the world? No.
What percentage of Window's ports 135 need to be exposed to the internet? I did a search for "DCOM application" and "DCOM applications" and found nothing interesting except how to migrate from DCOM to
I don't blame Microsoft for these exploits, they are networking/sysadmin issues.
I have never been compromised from network intrusion, ever. The last virus that I had on my machine was the "Monkey" virus (I belive) that a roomate brought onto my computer from a floppy that he used in a computer lab at school 10 years ago.
Again, I'd like to reiterate that these are networking/sysadmin issues, not OS issues. Although, its worth mentioning that these kinds of things have never seemed to affect Macs, which are almost always on the same network as window's machines.
Poor Mona. All these rug rats because of putting out for the home-boys. Want to give them sex but not have children?
Try sodomy.
> out of control so quickly, and what lessons can be learned from that event...
- Lesson #1 - Don't run Microsoft OS
- Lesson #2 - Don't run any Microsoft apps
- Lesson #3 - See lesson #1
If you want to stop viruses (and spam, it seems) you cannot run any MS software.--
If I actually could spell I'd have spelled it right in the first place.
From the article: ...it was given access to the main production network to place image files on an open share on the server used by human resources. ...bypassed patching the HR server because we were going to take it offline and replace it at the end of the same week that Blaster hit.
A contractor using the guest offices brought Blaster inside. His laptop infected the security-counter image-storage system, which then found its way to the HR server.
I saw this on the Three Stooges once. Seriously, note that it took three failures to get Blaster into their network:
1. Why was the contractor able to reach the image computer? Why weren't the guest office connections DMZ'd on their own branch: common sense says you barrier everything and only punch holes in the barrier when they are needed, as they are needed.
2. why was the image computer allowed access to the main production network? to hit an open share? that was pure laziness! There are a number of ways to do that without granting internal access: this was a publicly accessible system!
3. Who cares if the HR server was due to be replaced at the end of the week? Someone took the time and effort to remove it from the list of patched servers: isn't it less effort to just leave it on the list until no longer connected?
Note that it took a fourth failure that allowed it to run rampant:
"Did we find out why the XP systems in HR did not get patched on the first go-round?" asked the director.
"We had to do some research, but we found out that the way we locked down the users prevented the patch from running properly," lamented one of the policy admins. "What we discovered was that the software restriction policy for the local computer allowed only local computer administrators to select trusted publishers. Because our patch agent ran as a pseudo user, the agent did not have the necessary rights. This was causing the failure. We changed the group policy for the HR systems so that we can patch remotely from now on."
Who implemented the policy? Who tested the policy? Fire him/her/them! Don't they have any logging to tell them when an update fails?
>My pet peeve, for example, is the Finder: it's 2004, why can't they make Finder windows update immediately when a new file is created, and why can't icons stay in the same place when files are modified?! I mean, if Windows has been able to do it for 10 years, it shouldn't be that hard!
As to the former, Panther seems to have fixed that, with views usually updating when files are created elsewhere. (Jaguar and prior did have issues with this.) As to the latter, I wouldn't know, given that I use Column View exclusively...
>hmm... I should have realized it would have the BSD firewall. I wonder why there's no GUI for it?
Under Panther (and I think Jaguar as well), there is.
System Preferences App > Sharing Panel > Firewall Tab
And what makes you think that joe user will do anything other than login as root.
As for User consent, most of the windows viruses out there at the moment require the user to run the
The biggest vulnerability in computers is the users. Just you see how secure your beloved OS (pick any OS here, not just linux) once you unlease the great general public on it.
No matter how well you idiot proof something, you can always find a better idiot.
And what makes you think that joe user will do anything other than login as root.
joe doesn't do that on a Mac, and should be steered away from it on linux (usually is during the install). yes, there will always be stupid people who do stupid things, but that is not the system's fault. plus, i believe that such users will inspire *nix developers to design better systems. the market (think business/corporate ppl) is becoming so frustrated with OS vulnerabilities that it will soon be demanding better systems, and the open, competitive nature of Linux lends itself to such development.
As for User consent, most of the windows viruses out there at the moment require the user to run the .exe ... "ooh a new task bar that stores my credit card info for me and its free?" ...click click.
that's always an issue, but the biggest problem is that windows user accounts generally allow people to install such crapware. linux and windows make installing programs a more restricted process. in a corporate environment, it can be locked down better as well.
No matter how well you idiot proof something, you can always find a better idiot.
agreed. however, that doesn't mean it's not possible to prevent a lot of problems and avoid others altogether by switching to a better designed system.
I saw it on Slashdot, it must be true!
No, it's not fixed in Panther - if it were, I wouldn't have a problem, since Panther is the only version of Mac OS I've ever used (for more than a few minutes).
If you don't belive me, here's a way to reproduce the problem: open the terminal, cd to the desktop, and type "touch foo" - the icon doesn't show up until you task-switch to the finder (i.e. click on the desktop). The problem doesn't only apply with the Terminal either; it happens when you create the file with other programs too. (this is in 10.3.4, by the way)
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
They are a utility, and a natural monopoly (since it makes little sense to have multiple sets of power lines in the same neighbourhood).
This is why I believe utilities serve society best when they are either crown owned (like BC Hydro) or users cooperatives (like Laurens Electric Cooperative)
I think you also over estimate the market when you suggest "business/corporate ppl [are]
Big business has a huge amount invested in their IT Infrastructure and so any change is going to cost a large sum of money, and if they make the wrong choice, someone loses their job. The old case of "no one got fired for buying IBM" is becoming true for microsoft. It may not be the best choice, but it's unlikely to get you fired.
very true, I'm not convinced that linux is that system yet, it solves many issues but then causes others. There is a lot to be said to the microsoft approach of treating your users as if they don't understand, and don't care. And then providing good documentation for those that seek it out.
my experience of linux is that documentation is either information overload, or nothing useful, and not much in between
I think we need a paradigm shift in computing with relation to security, comparable to that between command line and gui [ yes yes, I know real men use command lines, but most users aren't real men]. Unfortunately I don't know what that shift is, otherwise I'd be potentially very rich, but I don't think it's any of the current unix offspring.
Unfortunately I don't know what that shift is, otherwise I'd be potentially very rich, but I don't think it's any of the current unix offspring.
my theory is that the nature of the "current unix offspring" is such that it lends itself towards meeting needs and demands placed upon it by users, developers, et al. there is a world of potential in these systems. it doesnt hurt, either, that as of right now they're also more stable and secure, regardless of their market share. the more developers rise to the challenge and demands of (mostly) the business world, the more market share you'll see going to not necessarily superior systems (even tho i think they are), but systems better suited for whatever the company needs.
i remain unconvinced that joe uses a mac, my suspicion, (based on personal observation) is that mac users are neither average nor ordinary.
you're right..."joe" uses windows by and large. i'm not saying joe DOES use mac, i'm saying he'd be BETTER OFF if he used mac (not 'yelling' here, i just like emphasis ;). once the basic interface differences are overcome, it's a very easy, very stable system that is MUCH less likely to give him problems.
my $0.02 ;)
I saw it on Slashdot, it must be true!
Somebody can ride off my comment and get a 4 but I get "off topic"... wow, slashdot is stupid.
Here's an idea. Tell me what you think:
:)
You know the way some viruses appeared in the wake of Blaster, that actually uninstalled Blaster so they can take control? Well, what I say is, why not make counter-viruses like these, that do only this nice part (skipping the take-control one). If somebody's computer has a security hole that can be used for infection, then it can be used for disinfection as well.
A sort of "Protect yourself, or we'll do it for you..."