Slashdot Mirror
Curing a Corporate Virus Infection
museumpeace writes "Over at Internet Storm Center Deb Hale's 'In search of the bot net' entry for September 25 recounts a grueling hunt for all the .exe's, reg entries and sources for a bot infection of a 60 server corporate network. What a nightmare! The story ends with an indictment of careless users and a suspicion that Ares, one of the sloppier Pirate2Pirate filesharing tools was the original souce of the extensive corruption that eventually even crippled the AV tools. How typical is this sort of grief? [More more frequent than reported, I would expect: the corporate victim demanded anonymity for the story to be told]."
also happens to be the one most prone to viruses, eh?
Hmmmmmm.....
Only slightly biased. I understand the annoyance of the admins over this screwup, but take deep breaths and count to 10 before you badmouth all P2P networks.
And security always includes usage policies.
$ su -
# uname
Linux
# iptables -P INPUT -j DENY
# iptables -A INPUT -m state --state=ESTABLISHED,RELATED -j ACCEPT
# exit
$
I want to delete my account but Slashdot doesn't allow it.
If you can use the 'protected port' option on e.g. cisco switches, TURN IT ON.
Essentially, it prevents the indicated ports on the switch from communicating with other ports that also have that protection set. Unless you have sloppy shared directories or some reason for the actual PC's to talk directly to eachother, it won't harm anything and will prevent the viruses from spreading pc-to-pc once (not when) they get in.
[disclaimer: i work for a major fortune 500 company with a large, 50+ distributed node WAN]
Everytime there's a big ass Windows vulnerabilty, there are security emails and IT manager emails basically saying "heads up, check your shit." But let's say somebody doesnt check his shit, and a site ends up infected. The WAN group watches the network, especially during times like this, and nodes are just dropped off routing from the rest of the network until they get their act back together.
I realize the article is talking more about the pains of these nasty new infections that mutilate machines, but the old saying works -- a good offense is a great defense. Assign local managers responsibility for the server boxen at their node, he/she should be keeping the machines patched, but when that fails, close the node off the network before it can damage anywhere else.
Of course the major server boxen have their own layer of network between them and the rest of the WAN, so they can be isolated if the worm is already rampant on the network. Doesn't hurt to access list transmission ports, either, icmp, tftp, foo...
Blame your own policies, not your users. Users are not IT experts and will not be even with extensive training.
Restrict privileges. Don't allow anything that is not necessary...
...a grueling hunt for all the .exe's, reg entries and sources for a bot infection...
Wrong answer. If you have a compromised system, trying to clean it is (a) likely to be really difficult, and (b) not secure.
Wipe the system, reinstall, and recover from backups. (You do keep good backups, right?) It sounds pessimistic, but in most cases an attempt to "clean" a system is going to end up with you pulling out the OS reinstall disks anyway.
Tarsnap: Online backups for the truly paranoid
There are really times when I wish you could mod a submission as "Flamebait."
"Only slightly biased. I understand the annoyance of the admins over this screwup, but take deep breaths and count to 10 before you badmouth all P2P networks."
YEAH! Let's badmouth only the ones used to transport "pirated" material.
~~~
It took more than a week to fix. Basically IT took everything down and cleansed each individual computer before it was allowed to be back on the network ... except of course for the linux boxen and even they were affected by the lack of servers.
Since I have great respect for our IT guys (they are really scrupulous about permissions and patches), it was a sobering experience.
That's what happens when you download prerelease bootlegs.
#1. Convince management that this is a BAD idea.
-or-
#2. Convince managment to give you some funding/equipment to implement network security upstream of those insecure PC's.
The next question is WHAT you'd implement and HOW you'd do so and HOW you'd monitor it.
Anyone can throw a bunch of PC's on a hub and claim to have setup a "network". It's the added security and monitoring that differentiates the best from the worst.
Funny how it's IT fault for not getting people to follow the rules (whatever happened to self-discipline?). But then everyone complains about the policies (waaa, the BOFH keeps me from doing what I want. Waa the BOFH keeps me from changing whatever I want I hate this screensaver.)
You needn't treat them like a threat to their face, that is just rude. Most people are "too busy" or don't care enough to learn about computer security. So nod and just listen to *their* problems and lock down their system against the big threat.
... so we set out to prevent user folly. In so doing we created the IT tech's dream.
We had to deal with this more often than not
First off you start at the network layer, and make sure via firewalls that people can't get anywhere or use any application that will cause you grief.(p2p/streaming etc.) Then you transparently proxy all your traffic so that the guy who checks out classic-cars.com all day for backgrounds can do his thing and not screw everyone else.
Then you take every user system and you lock them down. You start out by moving all their dynamic data (that you wanna keep) to a file server. Mapping the winblows appdata/my documents gives you a wannabe roaming profile without all the garbage.
After you make all that effort you either impliment a mandatory PXE re-imaging overnight (too much of a headache for us) or you use something like Deep Freeze and lock down the system entirely. Due to Deep Freeze even the most zealous surfer can only horribly damage their system once a day.
Now you have an ideal environment. All changes on a system that need a reboot *must* involve a contact to the IT department, and those you think are savvy enough not to need a frozen system can do 90% of their own support.
Ok sure so your level of responsibility goes up. The pristine environment means you have plenty of opportunity to script away your work. Not to mention silly things like virus outbreaks are really limited because a frozen system need only reboot to remove the virus.
Think *pro-active.*
Not on MY corporate network you don't. Our users actually have to get shit done. We don't have time for fucking debugging your shitty gnu/(cr)apps.
I used P2P for a while (eDonkey) but stopped, but I became pretty uneasy about the whole thing (ethically/ pragmatically). I feel it is only a matter of time before virus writers become more proactive in using these ready made networks for the transmission and control of their viruses. When the first P2P transmission virus blazes through the network, like HIV in a lymph node, then uses it as a reservoir for systemic (Internet) infection, it will be too late. When a virus writer releases an upgraded payload, or a modification to escape anti viral scanner via P2P to create "escape" mutants, we will be in serious trouble. We need government legislation of P2P now. Learn from biology.
Meine Schwester ist sehr, sehr reizvoll - Nietzsche
- Running Windows
- Not using total security throughout the network.
- Allowing Users to download any tool that they want
- I will bet that they allow CD/floppy downloads.
- Probably allow Outlook (and in an insecure fashion).
And the Blame goes to:p2p software??????
Our society really suffers from a lack of taking blame.
Anybody who runs MS should know that it takes a lot of effort and money to truely lock it down. As such they should do so. It is simply part of the total cost of running a Windows system.
I prefer the "u" in honour as it seems to be missing these days.
PugsleyButt:~/devstuff/c++ jmzorko$ strings file_to_examine
It just seems to me that this would be an obvious, but fairly effective way to quickly find all the registry points (as well as DLLs and other files) that a piece off could would touch ... maybe use it in conjunction with nm as well ...
Regards,
John
Falling You - beautiful
"There are really times when I wish you could mod a submission as "Flamebait.""
Do you have anything counter to it? Oh yes, one datapoint counters a forest of datapoints. It's flamebait because this entire forum is turning into "preaching to the party line".
You have no idea what sort of trojan / backdoor / über nasty malware was loaded on each individual machine.
Your time is much better spent developing a network reimaging system so that your machines can be reverted to a known state relatively quickly.
-Peter
. Penguins Surely Ca
"Over at Internet Storm Center Deb Hale's 'In search of the bot net' entry for September 25 recounts a grueling hunt for all the .exe's, reg entries and sources for a bot infection of a 60 server corporate network. What a nightmare!" ...Apple Macs and Assorted Linucen, curing .exe, registry and bot infections for 5 years and counting!
...or does this guy come across as a total ass? "Pirate2Pirate"? Blaming the users? I mean, isn't *he* paid to enable *them* to do their jobs, not the other way around? (Of course, the actual article is /.ed, so maybe it's just the summary that gives me that impression.)
That's the most succinctly put point I think I've ever read on slashdot.
...should be bastard to bastard. ;)
No reference at microsoft site about using a machine in limited mode to stop viruses/trojans.
I think linux users don't run exim or apache with uid 0...for a reason.
Limit access to the application/web server level at the router. Isolate workstations so that they can each see the file servers but not all other systems. If someone needs direct access to servers, they should have a real good reason (or it should be obvious; admins, developers.).
Keep in mind that I'm not suggesting that the limits be so strict that people are annoyed and attempt to break or ignore security. They should be well organized, though, and monitored. Reasonable exceptions should be made immediately, and unreasonable exceptions should be granted quickly with an eye to isolating the damage of that exception as much as possible.
A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
Here is an idea that seems to slip past many...
C-O-R-P-O-R-A-T-E F-I-R-E-W-A-L-L
We used to have botnet probs in our corporate network... once we installed a Zonelabs Integrity server and were able to control what programs had access to the internet and which ones did not, it was pretty easy to fix.
upon which all Windows operating systems are based.
Just out of curiosity, have you had similar problems under Win2K, or are you just seeing this with XP?
The higher the technology, the sharper that two-edged sword.
IT staff should either have a super-fast reinstall system (unattended install + all software) or use imaging system (I'm using this method) and just reimage patched OS.
User systems should not hold any vital data (documents etc.) - these should be in central server, thus there is no danger in loosing data in PC, plus one can implement central backup system.
Its all a master plan.. Microsoft is such shit. *nix based os's never have this sort of issue, I have had less problems recovering an owned box, than trying to get a windows box booted that is infected with the nimbda virus.. Its just so frickin pathetic.
;-)..
Windows costs so much to secure, and it takes so much frickin time, and you have all of these moronic microsoft minions, running out and paying thousands for the dumb ass certifications that basically prove that you know how to "use a GUI".
(Whooope frickin doo).. heheh IM a MCSE, I know how to configure windows... hehe and I paid 5000 dollars for it.. hehe... (im smart)
Not to mention you have so much shit to deal with if something breaks or "gets infected". You would think that its all one big plan, microsoft keeps holes in its software, so they can be exploited, so that people will buy more and more software to keep them from being infected, keeping everyone happy... I know I for one dont have the time to d4eal with the big MS virus drama.. oh geez george, i have the latest Anti-Virus-97x.GI.IQ virus protection... am i safe?
There are far too many people with way to much time on their hands..
I'll say. How could you be debugging if you are spending all your time fighting Virus/Worms/Crackers/ etc. on your few remaining windows boxes.
I find it amazing that MS people complain about lack of apps on Linux, yet about 97% of them use only a browser, MS Office, and Outlook which are all easily replacable.
Let me guess: you work for a toilet-manufacturing company?
Excellent. But don't forget to keep administrative control from the users and limited to the a few users.
Run security audits to make sure only the chosen few have administrator rights. This is for local PCs. Domain rights should even be more tightly controlled.
Keep AV defs updated daily. Report the numbers daily to check compliance.
Remove the ability to disable AV.
Check AV logs daily. Any report should be dispatched to a tech to "fix" the PC or determine what happened to the AV and take action accordingly.
Use group policies to ban known software, P2P & Hack/hacked tools. ( Not perfect but keeps the stupid honest)
Scan all email in & Out with AV & Spam Killer.
Be perpared to shut mail off if required to protect systems. This means you will nee to provide some user with a safe external email.
Keep your PCs patched on a regular basis. After testing on several test groups for issues.
Document your system & processes.
Inform & educate your users.
Happy to report the last big virus we had hit was Melissa. It made us retool the whole AV/Patch process and take these measures and more.
It's simple enough to say - but what about when you are responsible for a corporate network of 400 users, and a remote WAN of over 30 sites, and 1000 users? And your Network operations department is comprised of you and a monkey sitting under your desk?
With the massive number of companies 'downsizing' lately, I find it hilarious how so many of you recommend doing all this rearchitecture, when most of us in the Ops/IT field are already spending 70+ hours a week fighting fires.
So I was a part-time (big projects, twice a month maybe) sysadmin at a local office of a large actuary firm. About 70 computers all tied in over a leased line to the central offices. Anywho, back when the Melissa (I think) virus was making its rounds I gave the full-time guy a heads up on wha to expect, patches, etc. Of course, his head was firmly stuck up his 'exit-only' hole and neglected to do anything. So our systems slowly but surely (not so slowly now that I think about it) groud to a halt.
Long and short of it was that we had to manually clean every system, and in doing so found dozens of other infections, trojans, etc. I never did any of the client admin work, just helped with the long-distance networking. But the head of the office took me aside and asked me for a "no shit" assessment. I told em the full-time had dropped the ball. He offered me the job, I chuckled and politely declined as that office was NO fun and the pay sucked (hence the lowly full timer they wound up with).
Anyway...
Except when you are a poor dialup user where
every byte counts, do *not* use DROP!
Be a nice citizen of the Network, use REJECT.
At work we have 20K users in the US alone. We actualy don't have that bad of a time dealing with viruses and worms and the like.
Why? Because 98% of the users get pushed their virus updates and their OS updates. This includes the clueless people.
We also run network scans and know WHEN computers were updated. If the computer is connnected to the network, we know what updates it has or doesn't have. The only hard part is FINDING the unpatched computers.
We also have a firewall that prevets P2P connections, FTP and anything else non web browser related (gets anoying at times).
In reading this story.. I can only assign 1% of the blame on the users and 99% of the blame on the admins for not doing a proper job.
yeah, yeah, i'm sorry, you're sorry, everybody's sorry... quit blaming your users. that aside, i think this article is a little more proof that anti-virus programs like norton, are ineffective these days. the way they function needs to be re-thought badly. i hope to see the cost of devices like this one come down to more consumer friendly levels in the future. anyone have any ideas on how anti-virus can be improved?
scott king
It's even more important. Do you want to chase problems every 5 minutes and waste your weekend? I don't!
Exactly my point!
Take one thing at a time, starting with your most troublesome group or servers. Don't grab the 300 client system nightmare first; look one server and see what it depends on. Are there 10 applications running on it? Is there a way to move one or a set of them of them off and isolated that?
If you're getting pecked to death by ducks, start by killing one duck at a time! (Or find a smaller group of ducks to kill at a new job.)
Don't let upper management know that you suceeding, though. They may want to get rid of the monkey.
A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
"In a world where a private corporation could create a private bridge and set strict rules of usage for that bridge, would that private corporation be responsible for its own damages if its manager of Bridge Upkeep failed to set the readily available measures to prevent paid employees to swerve around for fun, crash through side guards and park said car next to a fresh-water lobster?"
Sounds more like this guy was just looking for an excuse to submit a story and use the term "pirate2pirate."
"Making up a new plural case of a word to try to sound cool", on "haxor.dk". That's a 15 yd. penalty and loss of down.
"Ask not what your country can do for you." --John F. Kennedy
Seriously, if you knew the first thing about how network protocols work, you wouldn't be such a huge ass.
Like Warez HTTP and FTP sites don't exist. Or people don't email each other software. Or you can't find it on USENET.
Oh wait, should we ban all Internet traffic?
Oh wait, NO WE DON'T YOU FUCKING TWAT!!!
WE GO AFTER THE PEOPLE USING THE TECHNOLOGY INAPPROPRIATELY!
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
I admin a lab in a fortune 500 company, almost everything is windows. Since it is a lab, not everything can be patched, but we are very careful. The three times the lab has been infected, we have traced it back to being spread by a corporate IT box (file servers, web servers, etc). Very very annoying. But since it is a lab, we just wipe everything and reload from backups, and then wait and wait and wait for IT to finish cleanup before we trust their network again.
http://www.atlasshrugged.tv/speech.htm
"Blaming the users? I mean, isn't *he* paid to enable *them* to do their jobs, not the other way around? "
And are *users* paid to do their jobs, without creating unnecessary work on others, including IT?
If your going to take that tack, then it's only fair to ask about the role users behaviour play in the whole situation.
There's a lot of corporations that refuse to report a breech in security. Simply for the reasoning that people will bail out like rats, leaving the company with little to no customer base. I suspect there's an amount of identity theft involved with the whole sordid affair, and that quite a few people make the mistake of signing up with those companies.
One day, some kid working on his thesis paper will compile a list of the IDT (IDentity Theft) victims, and there will be a nasty little coincidence...
>dude, we are living in 2004
Don't call me Jude, it's not my name
Appropriately setting security permissions, or assigning users to the Users group. Also, try renaming ntuser.dat to ntuser.man (and of course remove write permission to the top of the user's profile).
.reg scripts that run at login time to reset the settings. ;-)
That'll mean they can change their settings, but they'll be automatically reset at logout. You don't even need a domain server to do it.
Of course, the users might get a little annoyed. The savvy ones will write
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
How can the edge firewall detect what software is driving the ports on the user's desktop? I guess you had to install the Integrity Client on each user's machine as well.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
Geez, any self respecting switch has some of those features - people should learn to use them to partition the network. On a Windoze office network, very few users need to talk to each other - most only need to talk to a server.
Oh well, what the hell...
"But don't forget to keep administrative control from the users and limited to the a few users."
.pdf or other such file from a client and realizing that the IT department never even considered the possibility that you might need to download additional software occasionally to open such things. Of course, it makes you feel important when people have to telephone you many times per day to do trivial things like installing software (as if you know the difference between good and bad software just by looking at the name)
Specifically, make sure you transfer power to yourself and your friends. It's fun having complete control over people, isn't it? Good thing power doesn't corrupt.
"Run security audits to make sure only the chosen few have administrator rights."
After the third time missing a meeting due to the PC having an incorrect clock, no administrator access to fix it, and a big wait-time for the IT department to do anything, I decided I never want to work for an organisation with someone like you in it. Other people feel the same way about their wallpapers, their favourite browser (you do lock down people's PCs so they only run Internet Explorer, don't you?) and other similar things.
The classic one is getting a tar.gz or a
"Remove the ability to disable AV."
Watch as your developers' machines take 25 minutes to recompile an application that used to take 3 minutes, as the virus-scanner scans every single file they open, including all standard headers and libraries...
Indeed, watch as the emails relating to the bespoke software you're buying get mysteriously deleted (quarrantined, delayed, or just disappear) as the software company has attached the new build of your software as an EXE file. You have no idea how much time we waste trying to communicate with customers that use such AV solutions.
...by now any intelligent and well-informed person should know how insecure and bad Microsoft products are, the facts are all over the 'net. If you still run a Microsoft OS, then any trouble you run into is your own fault and you deserve to be hacked/virused/trojaned/wormed/etc. If you're not intelligent, or you don't keep yourself well-informed, then you don't need to be using a computer in the first place.
Install a Linux operating system and you won't be bothered by most infections. Mandrakelinux can be downloaded and installed for free and I have found, after installing it on over 100 machines, that it is faster and easier to install and use than Windows. You can even go to Distrowatch and learn more about the hundreds of different "flavors" of Linux, there's a Linux distribution for any need and taste. And, you can go to Easy Linux CD's and pay a few dollars for a Linux disto and have the CD's mailed to you if you don't want to download the files.
Stop being a statistic and do something about the problem. I am sick and tired of hearing Microsofties cry, moan, and complain when there is such an easy and affordable solution close at hand. There's no excuse not to use Linux.
This comment is an attempt to begin to teach people how to rid themselves of the Microsoft operating system problem and everything herein is true, as I have experienced it. However, this comment will probably be modded down due to the fact that Slashdot doesn't really care about the "truth". We shall see how it is modded.
... they keep all the Windows users fouled up and off the internet and out of the way of those of us who know what we're doing on Linux :-)
Pirate2Pirate....what kind of bullshit is this? Fuck you for writing this, and fuck you, Slashdot, for approving this garbage. Yeah, p2p networks are used for piracy. The Internet has been used for piracy ever since it's inception. Do we trash the whole internet because of it? No, we don't. Fuck off. I should stab you.
You should give me all your work for free!
( while that was a joke, i think you will find taht if you make a quality product that is worth buying, you really dont lose anything via 'piracy'. A person that was not going to buy your product anyway isnt a lost sale to you.. so you didnt lose anything. )
---- Booth was a patriot ----
Can someone enlighten me what the authore means when he talks about using "attrib" to find files which are potentially bad? How can I do it?
... Debian and Slackware (2 separate computers), I never had a problem. I didnt graduate high school, hell, I never even seen the inside of a college. If I can instal and learn how to use Linux, you can to. Instal Linux and shut the hell up!
Here's some dandy quotes that might fit in with this discussion, all from gandhi:
Increase of material comforts, it may be generally laid down, does not in any way whatsoever conduce to moral growth. What does that mean? Trying to get rich off of anything means nothing for your moral growth? Would that include artists?
I believe in equality for everyone, except reporters and photographers. Whoops! Creators of so called "intellectual" property! He doesn't believe in equality for them!
It is the quality of our work which will please God and not the quantity. Does that mean accumulating ridiculous warchests of dubious IP patents is not a smooth move? How about those middlemen who accumulate thousands of copyrights, then use their financial clout to have the laws extended to benefit them, to the detriment of everyone else? Could Gandhi be talking about regular plain vanilla old fashioned sins like greed, gluttony, avarice? Sounds like it to me. How much is enough? How rich, how much money do you have to accumulate, how much does some vague non person "person" like a corporation have to accumulate before they can say "enough"? Why is it they can profit from technological advances which make their jobs much easier-merely making "copies", while they don't want anyone else to be able to use modern technology? Doesn't that seem a scosh greedy and wrong?
The mice which helplessly find themselves between the cats' teeth acquire no merit from their enforced sacrifice. Perhaps he means being a *professional victim* isn't a wise thing. Perhaps he means we should resist predators? Seems like you could extend this to being a victim of out of control colluding corporate entities who seek to enrich themselves and pass laws through bribery to increase their "IP" profits at your expense, making a mockery of any sort of "free" market, let alone "advancing the arts and sciences" for the good of ALL. Perhaps.
Satisfaction lies in the effort, not in the attainment, full effort is full victory. Satisfaction in producing "IP" lies for the creator in the attempt, not in what comes after the attempt.
As to working to change the law, a lot of what he and the millions of Indians did was technically "illegal" according to British Imperial rule "laws". You can start with failure to obey orders, and go up and down and sideways from there.
As for me, personally,I do all manual labor for my coin, all of it. The *exact second* that there exists a technological way for someone to "copy" what I do, to replicate it cheaply and easily, please, go right ahead! Enjoy! Modify it! Share it with your friends! As it is now, doing mostly landscaping maintenance type stuff, the best I can offer is you can drive by on the road and go "nice work, looks good, better than that raggedy mess it was last week!". I've created visual "art". It costs me effort, my employer expense, there's fuel, maintenance equipment, etc, plus my salary. MOST of what I do is purely visual, it serves no other purpose other than to change the way a certain section of reality looks. It's "art" in a way. I mow huge areas, plant gardens, make flowers bloom where before was crab grass and poison ivy and brambles. It looks "better", and it's certainly changed, and I try to be "soft" with what I do, to be careful to not do harm, only to enhance for effect. My "patron" pays, but anyone driving by looking may "enjoy" it at no charge. Some folks even have a term for that now, it's called "viewscape", it has a certain "value" to it, as does any other sort of "art". But, it's not "copyright-able". Should it be? should I charge a fee for looking at it? Hey, what a concept, what I create all these people are ripping me off for, they are looking at something FOR FREE, something THEY didn't create or pay a fee for! What should the license say, how long may I hold that license, where can I set up a toll booth for anyone to drop their money into as they drive by and look? Work's work, right? Although many others als
It also wreaks havoc trying to manage pcs remotely in an enterprise..
And if you open those ports, it sort of negates 90% of the value of the 'local' firewall in the first place..
It also seems that locking things down via GPO isn't keeping a lot of them out either.. The viruses that
manage to get past a good antiviral program still find something to attach too. ( this includes spy/mal ware,
which sould be re-classified as a virue/trojan.
Its a no-win scenario, eventually we will have to have 90% of our PCs OFF the net, and no extrernal email..
---- Booth was a patriot ----
http://shit.slashdot.org/article.pl?sid=04/09/26/1 321257
hmm.. someone needs an anger management class.
There is a serious lack of humour or ability to understand humour.
Comedy vs. Tragedy. Far too many MS people are Tragedy based.
Portscan your entire network, it can also probe what things you are vulnerable and gives direct download links to the patches for each machine.
This is the traditional post stating that the Mac is OS is superior because it is unaffected by Windows viri.
Also included in the traditional post is a gratuitous slam against Windows users: "Windows users are poopieheads for using Windows!"
Finishing up with a "In Soviet Russia..." joke
In Soviet Russia, you infect virus!
It has been my pleasure to provide the Slashdot Community with the traditional posting making fun of the Windows OS and WIndows Users, contrasting the Windows OS with the Mac OS, in a snarky, oh, so superior and ultimately uninformative manner, in a comment thread about yet another flaw/fault/sploit in the Windows OS.
Thank you for your kind attention!
P.S. if you use Linux or any of the UNIX variants, please substitute the name of your OS for Mac OS in the above posting, the better to observe the Slashdot traditions we so revere.
Guaranteed! This comment 100% Anthrax free!
Once upon a time there was a fellow who bought a Yugo. It had a really shiny paint job and plenty of marketing oomph behind it too. Unfortunately, the pretty, painted Yugo was still just a Yugo on the inside and very soon after purchase the new Yugo owner was most unhappy, as were all his fellow Yugo-owning neighbors.
One particularly troubling day the Yugo owner asked his fellow Yugo owners why this sorry state of affairs was extant and if there wasn't some way to mitigate the myriad problems inherent with Yugo ownership. After much argument and debate and considerable gnashing of teeth, the Yugo owners all decided to go and get fresh, clean paint jobs on their Yugos: No other solution seemed palatible to their collective Yugo mindset.
Obviously this solution did not solve any problems other than a few scratches in paint, but it did make the Yugo owners feel better for a while. Unfortunately, Yugo owners are horrible with simple math and have almost no concept of the value of quality when measured over time and so continue to make this same error in all aspects of their lives. Such is life for the Yugo owner who can't bring himself to admit that the Yugo is just a sorry piece of poo on the inside, regardless of how much he has spent on the paintjob.
The moral of the story: Windows users, YOU GO!
(Psst! Hey fella, here's a free clue for ya: The Porches are free! *snicker-snort-ROFL* Doh, what am I going to do for cheap entertainement when everyone is running *NIX?)
Everything in the Universe sucks: It's the law!
How typical is this sort of grief?
This sort of grief is very typical. But only for incompetent drones, known better publicly as "Windows users". It is extremely unlikely for enlightened open source hermetics.
There you are, staring at me again.
4 words: "do not use Windows" :)
Which one???
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
How much of the work is truly original? Most artists draw heavily upon a shared cultural heritage and public domain to create new works. It's a bit hypocritical to make use of that heritage and then scream "It's mine! All mine! Nobody else can ever look at it or listen to it without paying me for the privilege."
Mea navis aericumbens anguillis abundat
Then *you* should be administrating your machine, and complying with all policies the administrator has to comply with, and everything else.
There: Something at a specific location.
Their: Owned by someone.
Please make sure your english compiles.
Find a new job before your network explodes and management blames it on you rather than face the fact that they should have had 3 more admins to handle the load to prevent the explosion in the first place.
Do you even know anything about perl? -- AC Replying to Tom Christiansen post.
We are still cleaning up and testing to ensure that the infection does not return. We did discover that we had several machines throughout the organization that had various spyware and other downloaded games and programs. One that stands out and may well have been the entry point for the worm is the ARES P2P program.
Sounds like p2p is only one of many potential culprits in this case. From prior experience, I'd be more inclined to blame spyware programs which are deliberately designed to socially-engineer users into compromising their own systems.
Once you've got spyware running, the security of your system becomes dependent on the integrity of spyware creators who have already passed the ethical brightline of coercing users to install their product through either dishonesty or direct exploits.
The content that can be reached via P2P software poses some degree of security risk in untrained hands, but that risk is miniscule compared to the mind-boggling insanity of discounting the danger of spyware which has gained access to your network without necessarily even being intentionally placed there by a user. If spyware is running, the system is compromised. End of story.
...and that's why I run PeerGuardian Lite with the malware/evil only blocklist and Spybot S&D in active-protect mode on my system and anywhere else I have access to. You should too.
"We have to go forth and crush every world view that doesn't believe in tolerance and free speech." - David Brin
When I need to delete a system, readonly or hidden file at the commandline I first use attrib to clear the appropriate file attributes first.
"Allow me to interject. I am a professional musician (no, you haven't heard of me) and when I write a song, or a piece of music, I am thrilled to see it end up on a P2P network."
Great! And copy-right allows you to do that. However the pirates are taking the decision out of your hands, and for good measure are saying "I know better than you". They may be doing you a favour, but you should be the arbitor of that. Would you like your "fans" to make some other decisions for you? Wipe your chin? Comb your hair only on Tuesdays?
I kid you not, some companies really do shuffle stuff around the office using "all your content are belong to us" Messenger, not even internal email. Yes, it is dumb. Yes, the traffic bills are indeed horrendous (or were, they upgraded their DSL link to "unlimited", solely because of this, but their traffic excesses over a year would have more than paid for an internal email server and a file server, including hardware, either of which could have profitably run an internal P2P network for essentially zero effort). Yes, they do send sensitive info that way, including "client privilege" stuff. Yes, they have had it explained. No, they didn't believe me, I think because as far as they know it has never yet bitten them on the ass.
Got time? Spend some of it coding or testing
You know what? I agree with all of it. Over on the usenet forums devoted to art we have this debate between pirates, and us ALL THE TIME. Now here's something for people to ask themselves. Is entertainment a right? If you don't agree with the price asked for? Why are you then entitled to getting the item for free. And as you've just witnessed the latest. The guilt trip. There's the implication that you should "do it for the love" and be quiet about asking for compensation. You have to wonder if they were ever told that utopias don't exist? I even made an agreement with them. We'll take "love" as payment for services rendered, if everyone else would do likewise. Guess what response I got?
Hey moron, there is no such word as "viri" or "virii". The plural of virus is viruses. If you don't believe me, then go to Dictionary dot com or Merriam-Webster Online and look it up for yourself.
You stupid people make me sick.
I keep hearing this time and time again and it is such a lame excuse that it still makes me laugh.
When you went to Linux from Microsoft, you learned how to use a different window manager, web browser, email client, chat client, menu system, file system, firewall, network connection, etc. didn't you?
You can do the same with MYOB. Now, there may not be a Linux app that is exactly identicle to MYOB, but there are tons of accounting and book keeping apps out there for Linux. It's just a matter of you changing the way you do things... just as you did when you moved to (Linux) a whole different file system/operating system.
My advice is to find and learn to use an app on Linux that does pretty much the same thing as MYOB and leave Windows in the trash where it belongs.
Otherwise, it isn't MYOB that is keeping you on Windows... it's you who is keeping you on Windows.
They're no longer called guard rails. They are officially termed guide rails. This change occurred after somebody crashed through some and complained that they didn't guard him from that cliff.
It'd be funnier if it wasn't so sad.
-theed.
Do you honestly believe the average admin locks down systems, disables installs, etc. because they seek power and want to inconvenience you? Or maybe you think it's because they don't have enough to do already just protecting against viruses, hackers and users who trash thier systems by installing free screen savers and IE toolbars which include spyware and other malware?
Did the admins at your previous employer even KNOW you were the unique employee who actually knows enough to keep their own system running without being a threat to everyone else? I'm promising you, if you are able then you are in the minority in the workforce. (Probably the majority on /. but very few organzations are made up entirely of /. readers.)
It's likely that before the lockdown they spent 90% of their time just fixing things users broke themselves. Do you have a solution for this other than a lockdown which would work but wouldn't baloon costs in some way? Have the user's PC taken away or maybe she should be fired on the 3rd offense and training? Try getting the CEO to fire his favorite secretary because she's a "bad computer user."
How does an admin choose who is qualified to not need a locked-down PC? Do they base the choice on the word of the person in question? In our organization at least, there are a few people who consider themselves computer-savy or even experts. Only a couple are. I'm saying that based on how often they mess up their PC and need help, not my personal opinion about their abilities.
Or how about if you only lock down systems after the user has already disabled their PC or infected the network with a virus? Sure, that's an option in an office of 10-20. But what if you are responsible for 30,000 PCs?
Throwing more IS staff at it doesn't go over well with most organizations these days. Unless you are an IT business, your IS department probably doesn't earn the company a cent directly. Instead, to the accountants, it is un undesirable (though neccessary) expense of doing business.
...because it verges on flamebait for responses that will not be entirely on topic [I thought the /. gods did a good thing recatorizing the story as IT] but the sparks have been kind of flying and I do enjoy
fireworks. The sad truth is that there are valid
points being made by both Calamormine and Quaters.
Consider how some small time software developers try
to make a living with share ware or the "free" trial
version that, if you like it but want all the bells
and whistles, you have to pony up 59.95 to get a
licencse key [and of course, those poor guys are at the mercy of people who pass around key-gen
programs]. Point being that products that benefit
from word-of-keyboard marketing CAN take advantage of pervasive sharing. You could learn a lot from
reading Dan Bricklin's article on how the right
license can make or break a small company's
fortunes.
BTW, My oldest son is a fairly creative musician but though he still spends hours per day composing or improvising, has chosen to study molecular biology, abandoning an
idea he had in high school to put his compositions up on his web site. Why? When he comes home from college, I unplug the rest of our computers from the cable modem, he plugs his laptop in so he can keep picking "stuff" up with Ares. I let him have a nice wallow in the information sewer highway and point out the keylog files on his hard drive at the end of his visit. Within a few days the weird protocol/port combinations bouncing off my firewall drop down to normal levels. Why? You have to ask someone his age I guess.
I can't tell you how fervently I wish I could make a living in a cabin off the grid with a few hot PCs and a solar powered satellite dish serving up fairly priced tricks and treats you all would not mind paying to have on your computers but I can't think of any way to protect it. I have resigned myself to working in a soulless megacorp, writing software I can't tell anyone about because megacorps have the means to get customers by the short hairs and hang on.
SLASHDOT: news for people who can't concentrate on work or have no life at all and got tired of yelling back at the TV.
You know something? I *used* to do a little software development. I don't anymore. You know one big reason why? I realized that writing software (while not doing so as part of one's job description, working for someone else) is not and shouldn't be something that guarantees me "food on my table, clothes in my closet, and money to enjoy my life with".
If I develop an excellent piece of software on my own, then sure, there's a good likelihood I'll make some money from it. But screaming at all of the people "pirating" my software, trying to accuse them of "cheating me out of my money" is ridiculous. Quite simply, those folks are part of the same demographic as the rest of the population who DIDN'T think my product was worth paying for. (Would you think it right to FORCE some people to buy your software package, even if they weren't at all interested in it? Surely not, so what's the real difference? Technically, yeah - the people "pirating" the software are getting some benefits out of using it. But that doesn't change the bottom line. They (for any number of reasons) didn't wish to compensate you financially for that particular piece of code.)
IMHO, that's all part of the RISK of working for yourself - and it happens in all areas of life. If I open my own company to do people's taxes, maybe I won't have enough customers to remain profitable? I could sit around and complain that programs like TurboTax are stealing my business from me and should be outlawed, right? But that probably wouldn't be a real useful and constructive way to solve my problems.
If you can't make enough money to live comfortably doing software development, maybe it's time to change careers or find employment where you're guaranteed a regular paycheck for writing the code for that employer?
MYOB is available for Mac OS X - I use it myself, and wouldn't be without it/them.
*sound of windows user hitting head against wall*
Mac User: My head hurts much less since I stopped hitting my head aginst the wall
Windows user: Damned Mac assholes, always making snide comments about how superior they are.
Mac server and see if I can find these 'exe's.
I drank what? -- Socrates
Mmmm, I am a software engineer employed by a major major company having worked for an even more major one recently.
I also share files on p2p networks. Having seen what large slave farm corporate companies do with and too their supposedly 'valuable' employees and what the financial sector (biggest thieves on this planet) does to the software industry - the whole lot would be better if it were not for copyright etc.
If i have the slighest idea, even while taking a crap, the company owns my intellectual property !
That makes me nothing more than a slave that gets paid a subsistence wage so i can raise a tiny family to make more slaves for the system. And a single software engineer is no match for a multi-hundred-thousand person strong software company.
p2p is here to stay and i spend my spare time ensuring it grows and grows and grows.
The Greeks stole from the Egyptians, the Europeans stole from the Greeks and the US (modern day - not original) stole from the Europeans.
Stick your copyright and intellectual property stupidity in a pipe and then stick that up your as$ before smoking it.
I am sick of brainwashed idiots who dont even know they are slaves too.
Wake the hell up !
I agree with what you got to say, but a good admin absolutely MUST lock down PCs simply to stay ahead of the game. AS a slashdot reader you should respect that decision and give your admin heads up when you need special programs. Most admins keep such programs on their own machines and could easily help you out... note it's not just security, but licensing, sexual harrassment, company security, etc that admins have to worry about.
We lock down wallpapers not because we're worried about viruses, but because the guys on the line put up dirty pics and the bosses teen daughter helping out in the office saw them!!! We lock down outside email because somebody bypassed our mail filters and passed around dirty jokes said bosses daughter reported to daddy...not to mention the disgruntled sales guy that exported his contacts/ pricing sheet to his "new" employer!
As far as AV...do YOU bring any media to work at all from home? You surely scan it at home and at work before you access ANY files ...right... The purpose of scanning every file in memory is because people get sloppy and even 1 time forgetting screws EVERYONE!
At my shop we try to be accomadating, but it's OUR jobs on the line if YOU screw up... After all, it's not going to be YOU at work for 70 hours [salary no less] cleaning up the mess...is it?
Seriously, computers are toolboxes just like anything else. IT's job is to give you the tools management says you need...not everything you want. That you need more tools to do your job is MANAGEMENT's fault for not properly documenting the tools of your work... get your manager to document your tools and IT will cheerfully comply in most cases!!!
Is that "Don't let (upper) management know you're succeeding" as in "Go around replacing the operating systems on your company's servers without permission?"
I don't know of many faster ways to get fired. I don't know how it is in the shop where you work (if you work in IT or ever have) but in the shops where I worked, I did not own the servers or any of the other equipment. Neither did my boss. Those things were the property of the company, and even in shops where we had incredible leeway over what we did and how we did it, going around and replacing OSes with other ones required at least approval from the CTO. That was in the liberal places. In the conservative places, approval for such things may be higher than that. When customers depend on your systems operating, stability is job one and they aren't going to allow you to take a potentially de-stabilizing action without approval. Even if you succeed in every way, you may still be fired for acting without authorization.
Now, about this time, some of you might be saying "Well, if it's stability they want, they should get *nix in and Windows out as fast as possible."
While I couldn't agree (in principle) with that sentiment more, and am glad that in my present position in email security (I miss being an admin, but I sure don't miss carrying a pager!) I am grateful that I have sufficient leeway over my tools that my workstation is one of the handful on our network that is not running Windows (Ubuntu, a Debian-based distro. Quite nice; but I digress). However, the fact remains that in any properly run shop (yes, properly run, as hard as that may be for anyone with little or no experience - especially in big operations - to accept, have controls in place is the proper way to do things), permission is required to go around re-architecting major systems and replacing OSes.
In smaller networks, the decision may go no higher than the CTO, and if further approval is formally required, whatever the CTO asks for is rubber-stamped.
In larger shops, such things will typically require a general management decision, requiring the COO, the CEO, and often the CFO (and maybe others) to sign off on it. Why the CFO? These things cost money directly, and if there are failures, those cost money too. Especially if you have SLAs with your customers.
So yes, we may know a better way (and we do run our hundreds of servers on Linux, thank you), it's not enough to know a better way. If you want to change to it, you have to make the business case, present it professionally, and get approval and support for it. If you go ahead without following these steps, in most shops you're onto a good way to find yourself unemployed.
Actually this is the first job I've had where I do not have admin rights or "TOTAL Control" of any thing. I don't miss them. I thought I would but you know I didn't really miss them and when people show up to try to circumvent the usual helpdesk, I have to say "I sorry, I can't do that, Dave." We do have a process to get them if I require admin rights to install or change my PC and they can follow it too. As for your time issue. We have no issues like yours here, but we seem to be better run then your site. Maybe we could out source your IT?
I was under the impression that people who were talking about setting "policies" here meant the legal staff should draw up terms-of-use policies to threaten wayward employees with.
Whether or not that is what they meant, it *is* an idea that would give you something serious to hold over people's heads who might be inclined to do criminally negligent stuff on their office computers. Also, it is something that gives another department something to do without adding to your own workload.
That scenario might be worth considering, especially since the ramifications of HIPAA mean you can put some serious teeth into your enforcement: "If the CEO's own kid downloads bad software onto daddy's work machine, it puts the entire facility in danger of violating federal HIPAA laws, endangering *everyone's* jobs." How's that for getting attention?
This may or may not be what you are looking for, but since I spent half a day cleaning off a friend's computer just so I could feel safe[ish] borrowing it for email, I do have an opinion here:
The AV companies need to try some of the evasion methods that the viruses use, now that viruses are doing so much to prevent AV activity.
For example, on my friend's machine, viruses had set the hosts file to point to 1.1.1.1 for any of a list of antivirus websites. I was lucky enough to find one that wasn't listed, on www.virusall.com. But the other workaround was to brows thru Symantec's website using IP numbers copied into URLs--I had to get the IP number from an independent lookup source.
Okay, so how hard would it have been for the companies to set up multiple sites to download from?? And why not move those sites around from time to time?
And while we are at it, if the viruses learn to inferfere with the running of certain files... Can't the AV's use variations of filenames just like varying the URLs?
Just my 1/2 cents worth.
Let me guess... You're an architect?
Or you just forgot to run the spellchecker on your own punchline?