Zombie Networks On The Rise
A reader writes "
According to Symantec via the BBC online, Zombie PC nets are growing very fast. Of course, it should also note that Symantec may want those numbers to be as scary as possible. " ITMJ is part of OSTG, like Slashdot. There's also a NY Times story on the article as well.
Symantec's industry survives because of news article that promote security threats.
-------
artlu.net
How exactly would NAT protect them? A amjor control vector for these bot-nets is IRC, which can be used through NAT. The infection vector is e-mail, which is also useable through NAT.
If NAT became widespread, then the zombies will adapt. It is only a false sense of security.
A lot of good that will do when the trojan goes through your NAT/Firewall through that big hole we call "email."
Only a comprehensive approach will make a big enough difference. That includes patching, being skeptical of email attachments, firewalling, and virus scanning.
PC hygiene goes a long way too. People are slowly learning that you just can't install the "newest c00lest blah-blah of the day" anymore as it will be 99% spyware and 1% app. It will be poorly written and cause all sorts of problems.
These are just growing pains and even though the stats dont look good right now at least I can talk about spyware and viruses and have people understand what I'm saying.
Why bad-mouth Symantec for pointing out the reality of the situation? Would you be happier if it were CERT or someone else delivering the bad news?
Symantec and its tools are part of the solution. Not exclusively the solution, or the only solution, but a part of it. And, by letting people know that problems are out there, they're performing a service that is necessary; you didn't think someone like Microsoft was going to be issuing press releases to the media that put its products in a negative light, did you?
It's not even as if the other AV vendors that you mention are any different to Symantec: both Panda and Kaspersky are closed-source commercial products and both companies have prevalent virus activity and warning indicators on the homepages of their respective websites. And I bet they both send out press releases to the media highlighting large-scale infestations and particularly dangerous threats, so why crucify Symantec for being the company whose press release the BBC chose to focus on?
Bottom line: why blame the messenger if the message is accurate?
Just what's Symantec done here to warrant you being any more ticked off at them than anyone else? Do you have a legitimate reason for targetting them or are you just trolling?
"Accept that some days you are the pigeon, and some days you are the statue." - David Brent, Wernham Hogg
"The key challenge for Microsoft is not XP users," said Mr Beighton, "it's the Windows 98 and 95 machines."
Any bets that we'll still this line 5 or 10 years down the road? The "ain't broke, don't fix" mentality is above and beyond some individuals' concept of needing to update.
"Update? Why do'z I need to do'z dat? My solitare runz just fine ma!"
Some aim to please, I aim to tease.
To quote the fine article:
Don't think so. There are *far* fewer exploitable services running on Windows 95 and Windows 98, as compared to Windows 2000 and XP. I'd *much* rather use Windows 98 online than Windows 2000 or XP, in security terms. Most of the recent worms use exploits in services that never existed prior to Windows 2000 ...
"If you think the problem is bad now, just wait until we've solved it." --- Arthur Kasspe
That makes no sense. If you would normally receive a packet (e.g. because you provide web service, or have an IM port open or whatever) then the NAT router will rewrite the packets so that you still receive the trojan.
OTOH if you wouldn't normally receive something (e.g. it's an HTTP attack and you don't run a web server) then the NAT makes no difference, you still won't receive it. Big deal.
NATs are not magical protective charms. They're just a desperate hack to get around running out of IP addresses. If you want a firewall, install a firewall, not a NAT.
How can you make that determination when neither has been accomplished?
What do you call OS X then?
'By the pricking of my thumbs, something wicked this way comes'