Slashdot Mirror
Windows Viruses up Sharply in 2004
Brad1138 writes "MSNBC has an article regarding the proliferation of Windows Viruses and collaboration among virus writers and spammers. Also mentions the likelihood that viruses for Linux and handhelds will see a sharp rise."
The debut of their new documentary Viruses Up, Windows Down.
Oh, and before anyone says this is Microsoft/MSNBC bias against Linux, it's a Reuters article available from many other sources and seems based on the same Symantec information as the earlier zombie story.
This is just what you expect when using a modern operating system. The level of viruses in the windows world is to be solely blamed on the users for their lack of responsibility, not in any way to be blamed on Microsoft for in some way creating an environment conducive to these things. Things like running an NAT to prevent possibly malicious inbound connections, having to patch frequently and early in case of exposed security vulnerabilities, and treating every file-- even a passive file like an email-- with suspicion are just an inherent part of using a consumer operating system, and something you should have to expect to do in order to run a simple computer which reads email and searches the web and prints microsoft word documents. The fact that no other operating system in the world has problems any way comparable to the worm and virus problem experienced by users of Microsoft operating systems is due to factors other than the actions of Microsoft.
2 + 2 = 5
Well since a lot of the big ISP's have banned incoming requests or outgoing requests to most windows ports (135, 445, 5000, et cetera) there aren't as many attacks anymore so even when a new exploit is released machines are compromised much less often.
I did battle with a xp machine yesterday that got zombied. This thing was blasting out thousands of mail messages. It tried nearly everything to keep me from removing it from the machine, morphing, auto reinstall, hiding in different locations, modifying start registry at every shutdown. This is not your average script kiddy stuff somebody wrote it that knew what he was doing. Spybot, norton, clam or adware never even recognized it. This is a machine behind a firewall, virus scanning, spybot scanning etc but it still got infected through yes you guessed it Internet Explorer, and yes it had every security patch installed.
Before I left I disabled internet explorer and installed firefox. It may still get infected through outlook or some other means but I made it one hell of alot harder by switching them to firefox.
Got Code?
This makes the probability of an increase in DDOS Extortion more likely. I fully expect a high profile site to be hit significantly before the end of the year, to lend a sense of legitimacy to the ability of bot network 0wners to shut down a site. Create enough fear of reprisal, and many companies might just pay off rather than inform police.
just kidding, albeit this would be nice to see. it may put to rest some assumptions that the relative popularity for windows is the pre-emptive reason there are so many viruses for the platform. perhaps Symantec would be the glad sponsor - somehow i doubt it ;)
Over the weekend, a young guide in a Buddhist museum (in the US) stopped me from snapping some pics of some new reproductions of some paintings. I put away the camera immediately, but he grew angry when I calmly asked "why?", snarling about "security", and "thieves casing 15th Century art". When I asked him if those paintings were that old, he growled that they were only a year old, but his body language projected rage and implied violence, mounting as he started to hear his own inadequate responses. When I asked him why he was glaring at me, he told me that I was making him angry, that I should just accept what I'm told without asking so many questions. Not only doesn't this guy understand security, he doesn't understand Buddhism. And of course he's part of an entire generation of petty fascists, enforcing the nonsensical security policies that give them a little power, channeling their rage at the contradictions they enforce onto the people who they service.
--
make install -not war
I think you are partially correct, but who provides the technical expertise for exploiting programs, and would they attack open source products?
Spammers are interested in making money, and they don't care about how they go about it. I suspect the majority viruses/worm writers are in it to gain notoriety and make a name for themselves, similar to creating graffiti or tagging.
There is no easy way in closed source products to make a constructive contribution to security, other than identifying flaws and notifying the product creators.
However with Linux (and open source in general) anybody can send in a patch to correct the flaw, and gain recognition and esteem for doing so, as a bonus they don't even have to use a pseudonym. This is not possible with closed source programs. Being able to usefully contribute to the product gives greater rewards and satisfaction than maliciously attacking it. You show how clever a designer/programmer you are by closing the holes, not by exploiting them.
Obviously, it is still possible to behave anti-socially and attack a project, but there is no kudos attached to it - in this respect the open source community is self-regulating (c.f. script kiddies).
I would imagine that most hackers (used in the original sense of the word) with sufficient skills to exploit open source products would spend their time fixing them. Hopefully they would not be swayed by the money of spammers.
Interestingly, the latest version(s) of Back Orifice are released under the GNU GPL, showing that exploit writers are aware of open source. Why then do they seem to concentrate on closed source products? The Code Red worm would have been an even larger problem if it had propagated using Apache rather than MS IIS.
[BTW: yes, this does look remarkable similar to a post I just made on KernelTrap!]
Most car crashes cause only property damage. There is probably a fair comparison in the waste from computer insecurity to the damage from those crashes. Yet we have decades of car safety laws (which lowered fatalities to today's accepted level), lots of technology and investment to increase quality, and only a veneer of computer security institutions. The apathy probably thrives more because there's not been a publication yet like Nader's _Unsafe At Any Speed_, which was published after almost a half-century of unsafe cars. Since companies like Microsoft are also in the publishing business, their counterpropaganda will probably inhibit the public response.
--
make install -not war
To target Slashdot.
You heard me right. A recent trojan actually used Slashdot to post the IP addresses of infected hosts to a public reading spot, so that the worm authors could collect these addresses and break into the systems. The infections were posted to sid=31337, one of Slashdot's two remaining "troll" discussions. You can click that link to see the approximately 4000 infections that posted their IP addresses (along with a random hash to prevent duplicate messages and defeat the "lame" filter) to the discussion.
Cmdrtaco responded to this terrorism by closing the sid, proving that terrorism works.
If guns kill people, then CmdrTaco's keyboard misspells words.
Some news for you: I happen to do work on my PC. This includes office type tasks, communication by email and sometimes IM, web browsing, software development, graphics work and a load of other stuff. I have to make sure my data is safe in case of nasties like a hard disk failure, which happenned a few months back (easy - DVD-R root fs + rsync'ed /home). I expect to be able to jump on and off my PC because I work from home to make childcare easier.
That's what I do. No games, no dicking around with software I don't have a use for. (Oh yeah, I post on /. though ;-)
I use Linux (or one of the BSDs on my production boxes) because it just works. I can get what I need done and get away without being bothered by the 'computer'. No rebooting, no intrusive update process ie: Windows Update popping up messages asking me stuff while I try and work, no downtime due to viruses, no wasted web browsing sessions due to popups, no wasted email time due to spam, worrying about if my keystrokes are being logged when I buy stuff online.
Contrast this to my two groups of friends who continue to use Windows:
The first group are not generally computer literate. They've mostly given up on their computers as unusable. Spam, viruses, trojans, popups, crashes, reboots. Poor sods. They really want to get stuff done, but the 'computer' just gets in the way.
The second group is probably the user I was when I was about 13 or 14. They have to have the latest, greatest cracked or keygened software, but they don't actually know how to use it or have any real need for it. They're like the trophy hunters in the jungle of Adobe, Microsoft, Corel and friends. "D00d I scored pshop cs last night, r0xx0rz!! how do i put my sisters head on britneys bodey?". They don't seem to care about getting 0wn3d, and thing they're enlarging their l33t sysadmin skillz when they end up reinstalling.
The reality is, I'm too busy to have to do battle with my PC when all I really want to do is get my work done then kick back with a beer and chill. Linux makes this a possibility for me in a way proprietary software can't.
Ready for the desktop? Of course it fscking is! (Hey, my wife uses it on her PC, and she's totally non-techie)
Like tinyurl, but one letter less! http://qurl.co.uk/
"...I will go on a limb and say that at least 50% of the viruses that are being written for Windows are being done so by Linux supporters...."
I'd say a very long limb. Now I'll go out on a limb. I'd say 100% of all Microsoft's efforts are to destroy Linux and remove it as a threat to its ca$h cow.
There have been several Linux worms as well, like the Lion worm. BTW: very interesting story about the origins of that one! Some even stay only in memory after infection, so that you can remove them by a simple reboot (and get re-infected 2 minutes later). Not changing any system files makes them harder to detect.
Usually these don't have as big an impact as their Windows counterparts, I suspect this has a lot to do with the way the average *nix system is managed in comparison to the average Windoze box. Decent built-in security, and software distributed in source form, makes life a lot harder for worms, spyware and shit like that.
It doesn't really matter if it's a browser-only or other type of exploit. Malware like worms, virusses, spyware, whatever, eat CPU time, memory, can cause unexpected crashes, leak private information, loads of network traffic, or weird/annoying behaviour of your system. In short: they cost you (time and/or money). And what they do (infect other systems, send spam, ...), causes cost on others as well.
More like the OS is as secure as the admin maintaining it.
I think it's a dangerous attitude to believe that you're secure just because you run Linux. 50 unpatched exploits on a Windows box vs 1 unpatched exploit on a Linux box - you're owned either way. Unless you're keeping a close eye on things, your *nix box could get owned and you wouldn't even think to notice.
TODO: come up with a clever sig
I agree that we will see more trojans and more worms. But that doesn't mean much.... After all the limit of 2x as x goes to 0 is still 0.....
;-).
Worms will never be the problem on Linux that they are on Windows. Windows worms tend to spread through a few services with many dependencies and a poor security record, such as MS RPC. Linux worms tend to spread through vulnerable servers, but these often have better security records and are the basis for fewer dependencies than their Windows counterparts. You don't have to run Apache to connect to the Internet (PPP and PPPoE depend on Client for Microsoft Networks on Windows due to the CHAP possibilities)
Trojans face a different problem. Trojans in Windows are installed via browser exploits and usually have system-level permissions (pulling off this in Linux is more complex) or are installed as part of low-end freebie tools. These are often used for adware, keyloggers, remotely installing more adware, and the like. This is at its root mostly an economic problem and one which does not exist on the same level in the Linux world due to the prevailence of open source software. I.e. I have trouble believing that someone will install a copy of a program with a trojan when a Free alternative is available without it.
It will be interesting to see how the next battles over security are fought. We know what our new defences are (IPTables, easy firewall setup utils, IDS's, SPF, etc) but how will these be attacked? What vulnerabilities does our system have that have not been adequately exploited?
LedgerSMB: Open source Accounting/ERP
Those are excellent reasons listed, and I'd like to add examples from what I call "the real world".
I think its obvious to everyone at slashdot that there are many in the l33t h4x0r community that use linux because it is more powerful.
The media, software companies, MS, and even fellow geeks often like to claim that viruses will one-day explode into the linux scene. But its common knowledge that the same l33t h4x0rs that write windows viruses will use linux. Why has there not been a SINGLE noteworthy virus in linux yet? Don't try to pass it off as virus writers havent "noticed" linux yet and are purely after marketshare for their viruses.
Viruses are proof-of-concepts that escape half the time, and hackers like to fiddle around in linux. Yet no virus explosions.
I make the bold claim that we will never see viruses like MSblaster, SoBig, Sasser, etc, hit linux.
We started filtering viruses from our incoming mail in November, and as the sysadmin for the mail server in question, I was nervously awaiting the first onslaught of viruses. The statistics for the first couple months were dismal, with the number of viruses canned being at only about 2-300 a day, and sometimes a lot less.
Then MyDoom came out January 28, 2004. This day will live on in infamy since I posted to usenet about it and it's in Google's cache.
We went from 300 a day to 15,000 a day in two days.
After a while though, it died down. To about 5000 a day, still more than 10 times what it used to be. Then Zafi came out on June 11th and in three days the number of virus hits hit their peak at about 110K per day.
Again, it died down, but now we're cleaning *coughcough*only*cough* 15,000 messages per day out of our mail. Yes, that's right, we're now filtering more viruses on a daily basis than at the *peak* of MyDoom.
If the people at F-Prot, or the developers of qmail-scanner are listening, thank you. You've saved a lot of people a lot of pain.
"No problem. I have the capacity to do infinite work so long as you don't mind that my quality approaches zero."-Dilbert