Slashdot Mirror
70% Of 2004 Virus Activity Down To One Man
arpy writes "According to a report produced by anti-virus software provider Sophos, 70% of anti-virus activity in the first half of this year can be blamed on Sven Jaschan, an 18-year-old German who wrote the Netsky and Sasser worms. According to the report, "Sasser claimed the top spot of the virus chart, in spite of the raging battle between the widespread Netsky and Bagle worms." The Register has a good summary of the report."
To be honest, I'd rather have to do AV work on one virus 70% of the time, and spend the other 30% fixing a couple of others. Maybe write a script if need be, and 70% of the time, I just do the same thing over and over.
Or, you could spend 10% of the time working on each of 10 viruses. Suddenly, you think, I wish I could be 70% sure what the problem will be, it is alot easier.
...99% of virus activity this year due to bugs / vulnerabilities in products from a single company.
THANK YOU!
People like you help me argument against the beady-eyed managers that a computer-monoculture is bad for business.
How else could I easily bring Linux or Firefox on Windows to our enterprise customers? And hey, what people know from the office, they will also use at home.
Not to say that you help the OSS community, but you do.
Thanks again.
If a significant portion of the world's communications and commerce infrastructure can be signficantly effected by the hackings of a disgruntled, alienated minor, perhaps rather than murdering the most likely talented, albeit misguided youth, we could take a closer look at why our infrastructure is so vulnerable.
This guy wrote the worms. He is directly responsible for 100% of the damage they caused.
I'd say people are justified to be angry at him.
"Ask not what your country can do for you." --John F. Kennedy
Me, I would have placed the blame squarely on all of the admins out there who allowed their systems to be compromised by the worms in the first place. That includes the admins of the e-mail systems of ISPs. It's time to start placing blame where it belongs. Security is a job function, not a function of the system. An {OS/mail system/website/whatever} is only as secure as its admin.
Which is more painful? Going to work or gouging your eye out with a spoon? Find out!
http://www.workorspoon.com
It's bad enough that they feel the need to "compete" against other virus writers for some internet version of "street cred" but now we're fucking ranking them?
How long until people start writing viruses just to "get points" on some chart somewhere? Christ, you people have no logic whatsoever.
Wait, you're saying it is the initial victim's fault that the virus authors wrote malicious code -and- released it publicly?
... Think of it in terms of vandalism ...
... the vandal.
... it is now the responsibility of that company to make materials that are up to the job. It won't stop the vandals, that is the job of the police, but it should make their vandalism as hard as possible to have a permanent effect.
I think if you're going to lay the responsibility chain, it lies primarily with the virus author.
Subsequently, the responsibility lies on the DSL service provider who KNOWS they are selling to often uninformed users and yet fail to provide adequate first (NOC) or second level (CPE) protection for these users.
Next responsility lands in the laps of those people who wrote software that was prone to infection.
Last, reponsibility makes it to Joe User at that point and then recycles to the beginning for any systems that his infection spreads to.
So I, as the end user, have -final- responsibility, but not primary responsibility nor -blame- for the infections.
The primary person responsible for vandalism is
Subsquent responsibility (for prevention) is law enforcement. Is law enforcement to blame for the vandalism? Only if they do less than is required to reasonably address the situation (I don't expect them to spend all day hunting down the tagger 3 blocks over, but I -do- expect them to patrol all the blocks as much as they can without hampering other worthy law enforcement activities).
Making the assumption that I know that I live in an area where people are vandalizing property, I will probably buy paint and materials that are durable enough to be washed/repaired (if I don't, we hit the next level)
Last, I am responsible for -using- the materials above, I am responsible for calling law enforcement if there is an infraction so that they can address it. However, if I fail to do the above all that happens is the 2nd and 3rd levels of responsibility are void. I am still not responsible for the unknown vandal having decided to unleash their frustrations on my neighborhood.
It is more productive to voice thoughtful opinions (reply) than to judge (moderate) others.
"More power to him I say.[...] Expecting people 'not' to crack/compromise insecure systems, a daydream you're having"
Newsflash: the real world was not built on being 100 unbreakable and unpenetrable.
E.g., your front door would _not_ be unbreakable to someone determined to get past it with an axe. It's a known vulnerability, for the past few thousands of years, and noone's fixing it. Your windows are likely even more vulnerable.
E.g., locks can be picked. Locks with master keys allow for escalation of privileges by attacking one pin at a time. It's a known vulnerability too.
The way Real Life works isn't to waste manpower and money to make something 100% impenetrable. Real Life works by basically just setting up a big sign that says "you're not allowed past this point." And if you do, we'll throw your sorry ass in jail.
That's really all that your front door and lock are: a sign that other people are not allowed past that point. If someone actually does the effort to pick the lock or hack down the door, it's proof enough that they did get their hint to stay out and deliberately circumvented it. So we throw them in jail.
If someone entered your home, it's not the door manufacturer's fault, it's not the lock manufacturer's fault, it's simply the thief that's to blame. That's the one who deserves some fine time in a state prison.
That's the security model that the Real World society was built upon. It's not perfect, but it worked wonderfully so far.
And here's your free complimentary clue for the day: those Windows users' instinctive expectation of computer security is the same. They don't expect their computers to be an impenetrable fortress, since their RL home or car isn't either. They do expect that whoever breaks past the boundary of their home, car or computer be thrown into state jail.
Unrealistic expectation at the moment? Maybe. But not an _unreasonable_ one. As in: it's not unreasonable to throw the script kiddie or virus writer in jail anyway. Sure, we won't stop trying to make the apps more secure, but in the meantime we also throw the asshole in jail to deter other assholes.
And maybe it's time to give users what they ask for, instead of idiotically insisting that they addapt to what we feel like programming. Not even just in this aspect. The software industry is a fucking disaster in this aspect, and all this whining about "idiot users" and "idiot managers" is just proof of it.
Any other industry, they try to make things comfortable and obvious for the user. In the software industry we just call them idiots and have whole sites dedicated to whining about them.
A polar bear is a cartesian bear after a coordinate transform.
What do you suggest we do about that?
Set up virus scanners at the ISP level - any mail that passes through an ISP's MTA gets scanned for viruses, double-extensioned attachments that would indicate possible worm payload (ie: anything that Windows will auto execute) should be bounced back to the sender with an "Unable to relay due to potential virus infection, see [website] for why we blocked this" error with instructions on how to fix it. Of course, that won't kill all routes but it'll guard a lot of people.
Next block windows RPC ports at the router level, don't even route traffic between subscriber lines within the ISP network - I'm on Zen and, while Zen block access to windows ports from outside the network, once one machine inside is infected it spreads like mad. Some two thirds of my firewall logs are hits from infected machines owned by other zen subscribers. If people need to share files with remote machines they should use tunnels or VPN.
Finally ISPs should also periodically portscan at least ports 0 to 1024 on subscriber machines and email those running machines without a firewall informing them that they are running a vulnerable box and provide instructions for how to lock it down. Those who fail two months of portscans without providing a valid reason why or start generating virus traffic are sandboxed with restricted email and web access to ISP instructions for how to get out of the sandbox.
Of course, none of this is actually going to happen because ISPs will see it as likely to scare people off.
In that twisted logic, I suppose you would blame gunshot victims for not wearing a bullet-proof vest or upgrading to the newest models when better armor piercing bullets came out.
Are some admins just lazy who don't do their jobs? Yes. But an admin can't always patch right away.
Remember in most corporate environments, admins can't simply patch a system when a new patch comes out. MS has burned them too many times with bad patches and this problem isn't an issue of the far past. Just last year, MS released a patch that crippled a computer's network connections. They released a fix online for the patch, but if you have no Internet, how do you get it?
Admins have to test them first before rolling it out. In some cases this may take up to six months. If they put in a bad patch, it's their blame not MS.
In some companies, admins have been plaqued with downsizes and more duties. This means for some of them security is just another load they have to tackle with normal admin duties.
I think most admins would not want the 10+ hours it takes to clean up a virus/worm. They don't have much of a choice in many cases.
Well, there's spam egg sausage and spam, that's not got much spam in it.