Slashdot Mirror
Over a Million Zombie PCs
Doyle writes "A BBC article discusses new research revealing that over 1 million computers have been compromised and are being used in bot nets. From the article: 'The largest network spied on by the team was made up of 50,000 hijacked home computers.'"
Maybe I should have sent THIS in afterall...
I'm a virgo and on Slashdot. Coincidence? Yes.
... the breakdown of that million by operating system?
You never know, it might be a nice bit of PR for some Apple/Linux/BSD organisation to casually slip into a Press Release.
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
Aren't zombies constantly searching for "brains" ?
compared to the millions of zombies in front of PCs.
:P
Come to think of it, the two just may be related.
If 1,000,000 computers can be identified as being zombie machines than 1,000,000 computer owners can be contacted. This is THE major problem afflicting the internet, why dont governments form a unit to identify and at least notifiy the owners of these machines? Will it take a major internet terrorist attack like bringing down a power grid to make governments act?. As net users we should advocate government involvment in a measured controlled way rather than the reaction that will come after an attack (patriot act?)
"It's so convenient to have a system where everyone is a criminal" - A. Hitler
Is it really only one million? When I think of how the average user ends up getting a machine infected, I think of a whole lot more than 1 million. 10 million, perhaps.
01101001 01100001 01101101 01101110 01101111 01110100 01100001 01101100 01100001 01110111 01111001 01100101 01110010
At my university, we have to run snort at the head end of the network in order to control the havoc these compromised machines create. We also monitor the number of simultaneous connections each machine creates and block the ones at the very top.
*Connection Terminated Unexpectedly*
/dev/random
... a Beowulf Cluster of... oh wait...
(Hmm, can zombies be clustered? We all know from Night of the Living Dead that they DO cluster. Quite well, in fact...)
}#q NO CARRIER
Remmeber when viruses would just "format C:"? When you were infected, you knew it cause your HD was blank. Now the average user can't tell when they have a problem or not...
and at least notifiy the owners of these machines?
Something like that already exists.
Feel free to contact any of the infected and cross them out.
I'm a virgo and on Slashdot. Coincidence? Yes.
I know one thing: There's no way in hell they're ever gonna get passed my *ENLARGE YOUR PENIS* super leet windows 2003 install modded to look like xp *HELP RETRIEVE MY MILLIONS*. I even use IE7 beta, but I'm not scared cause I run McAfee *BUY SLIGHTLY USED PORN AT ROCK BOTTOM PRICES* firewall to protect my cable modem network. Let's see 'em try to get into THIS network! HA!
** "It's not my job to stand between the people talking to me, and the ones listening to me." -- Pego the Jerk
Better yet, why don't ISPs disconnect them until they can demonstrate they've been cleaned up?
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
No sane person should connect a critical piece of computer infrastructure, such as any computer dealing with the management of the electrical grid, to the internet.
Better thing would be to require by law that none can be connected instead.
Fly me to the moon Let me sing among those stars Let me see what spring is like On jupiter and mars
From honeypot FAQ:
8. Do you prosecute the people that compromise systems within the Honeynet? No. The prime directive of the Honeynet Project is research and to share those lessons learn. It is not our goal to catch and prosecure blackhats. We do forward information about compromised systems to CERT so CERT can notify admins of compromised systems. We limit our contact with authorities only when the Project feels there is a critical need. If we were to become involved in a major legal case everytime a system was compromised, we would not have time for research, let alone our real jobs.
read more about honeypot here. It seems they probably could, but are not going to.
"So there he is, risen from the dead. Like that fella, E. T." - Father Ted Crilly
Governments?, What about ISPs? They are the ones having to pay for the added bandwitdh on both sides. I'm surprised most ISPs dont run IDS that can detect Zoombie Networks and automatically send emails to its infected customers. This will not only pay for itself by reducing bandwidth, but also make the customers more happy.
mnewberg.com
So if 1 million machines are actively scanning for other machines with 200 threads. With ipv4 there should be 4211604225 theoretical public ips. If they were scanning with 200 threads/sec, they could cover the entire ipv4 address space in 21secs. Granted, I know not all 1 million are scanning, and I prolly screwed up in my ip calculations, but this still an astronomical number.
Now that the machines are known, their IPs are compiled into a list, what stops a good samaritan from setting up a script to patch them up?
It is probably quite complicated, technically speaking, because these machines now have to be scanned for every possible trojan, logger, virus in existance, but it's not impossible. Can an antivirus company, say, get a grant from a government to run a job like that?
You can't handle the truth.
One machine can be infected by multiple trojans.
One machine can reconnect to the same botnet multiple times as the person reboots to try and clear the problem.
One machine gets multiple IP addresses every time her reboots.
liqbase
This explains why my startup sound suddenly changed into a groaning voice saying "Braiinnnnnssss..."
I'll turn into a supernova and burn up everything. Well I'll turn into a black little hole and you'll turn into string.
It's sad, but it seems the only way to mitigate this is to hold the OS vendor responisble for insecure code. Similar to cars, we hold the driver responsible if they ( say ) drive drunk, but the manufactorer responsible if while driving the wheels come off.
A Human Right
is a zombie PC.
One MEEEELLEYON ZOMBIE PCs!
Home PC users do not need to generate traffic on port 25 that's going anywhere other than their ISP's mailserver. ISP mailservers should use SMTP authentication. Of course these simple measures would mean support calls from users who need to reconfigure Outlook, and support calls cost money, so it'll never happen.
Nonetheless, these companies are proffiting while user machines get hijacked. Someone needs to make a little bit of effort, 'cause for now spreading these nets wider is way too easy.
Now many will call me a Microsoft basher and i unashamedly am and with a dammed good reason. The insecurity of microsoft OSs does not just effect those who want to use (or dont know they have other options)windows, but it effects me and my peers. ,HPUX,Solaris,OS X(maybe i should just include this in *BSD) and *BSD are not perfect and have some security issues , though nothing on this scale(my opinion ) , you can use the argument about if blah had blah monopoly then blah would be just as cracked (which i think is rubbish and doth not change the fact that it is only and if as it isnt so cant be proven) So as a user of the internet on my chosen Unix variants at home and at work I still have to suffer microsofts lackluster Network security through the set-up of botnets .
I know * linux
Spam - DDOS and freinds continue to plauge our internet services.
Fine blame the average user for not updating etc , the fact remains that a person who is skilled in other areas should not need to have the knowlidge level of a Tech or even System admin or developer just to be able to safely use a computer (Ease of use is a difrent kettle of fish)
Sorry for the rant , but I am rather narked off at Spam nets
The only things certain in war are Propaganda and Death. You can never be sure which is which though
Time for someone to write a worm that forces an update from Windows Update; downloads a copy of SpyBot Search & Destroy, runs it and then turns on the firewall.
-Charles
Learning HOW to think is more important than learning WHAT to think.
I think the only plausible defense against a botnet of such a size is to use the botnet against itself. Allow one of your systems to be infected with the botnet - effectively join their network. Then sniff the network traffic to find out what IRC server and channel to join and any security codes that are necessary to control the botnet. Then upload a "virus" into the botnet that will patch the infected system and remove the botnet binaries. No more botnet.
The only thing that makes me think it might not work is that it's similar to the stereotypical way of ridding the world of aliens in almost every sci-fi movie. Come to think of it, I might have gotten this idea from Independence Day.
I'm a big tall mofo.
...aiming a la-sor at the planet Earth!!! To avoid total destruction, you must pay me.... .... one meeeeelion dollars!!!!!
If a man empties his purse into his head no man can take it from him. An investment in knowledge pays the best interest.
in the UK now the earlier hacker key logging story has broken, newscasters are doing their very best to convince people the internet is safe but ultimatly that wont last forever and it will simply be "safer" not to use the internet at all, with rampant ID theft, viruses, extortion by botnets, spam, worms, viruses, spyware,malware,tracking, phishing, 419's,fraud sites, its just not worth the risk of doing anything serious on the net at all! and if the hostilities continues its trend of growth it will be very soon for security professionals to argue against disconnecting as this is will eliminate a substantial risk/cost factor for buisness/private users
people just cant be bothered anymore (or thats the feedback i get), its just too complex for the average joe who is currently overwhelmed with threats to his financial and personal wellbeing (look at list i just mentioned) its hard enough to protect your assets in the "real world" as it is from conmen,burglars etc, without worrying that a glass screened box in the corner is gonna ruin you and your families life forever if you click on the wrong thing
i know im getting fed up of it and im an IT professional !
My home machine's webserver gets regularly punished by bots that are sending buffer overflow URLs. I only have port 80 open, too. I use my home machine for mythtv, and I certainly notice when the bots start attacking me.
It's really annoying. I've thought about what I can do to shut down bots that are annoying me with excess traffic...
Does anyone have some good suggestions for keeping zombie PC traffic off of linux webservers either via firewall rules, apache config files, or ?
Perhaps a more interesting question is... if your machines is being attacked by a zombie PC, is it okay to attack it back (and try to take it offline?) - Isn't this sort of like 'self defense'?
I'm not the greatest security expert, but I follow the proper guidelines (running AV, firewall, patches etc) and I still find that my xp machine is constantly coming up with some sorts of odd processes or quirks. I am giving up on windows as a personal machine, simply because it's ridiculous to constantly be fighting off things like this. I'm not going to blame anyone but the virus/spam/malware writers. I do what I can to practice "safe computing" (sic) and don't download stuff willy nilly.
I think it's a shame that it has to be like this. Unfortunately the only real solution would be genetically modifying everyone to get rid of the gene that makes people think it's ok to spam/hack/whatever people's machines. Impossible as it is, the best solution would be to shut down the internet for about 2 months, then all the spammers would have to give back their money to the people that paid them (as if they would). Not likely to happen though.
"Will it take a major internet terrorist attack like bringing down a power grid to make governments act?."
Yes.
Of course it will.
I'm glad to be just part of the team!
<-[XP]-86840>: This message brought to you by Backdoor.Win32.Rbot.gen
SIGFAULT
The article says:
Many well-known vulnerabilities in the Windows operating system were exploited by 'bot net controllers to find and take over target machines.
That's the only mention of an OS. Any metrics on exactly which OS and version/patchlevel is the most responsible?
Weaselmancer
rediculous.
How many, out of that estimate, pertain to those who still didn't patch up that stupid RPC/DCOM vulnerability for 2000/XP?
"The ones who dont do anything are always the ones who try to pull you down" -- Henry Rollins
bots that infect computers ever conflict with each other. Like Bot1 takes over a PC, then Bot2 comes along, and maybe they fight over that PC or its resources?
A modern day witchhunt.
Comment removed based on user account deletion
Along with the rest of Earth's heterosexual male population.
Comment removed based on user account deletion
Comment removed based on user account deletion
I read a very interesting paper on this tactic/subject not too long ago. Rather than rehash the whole work, here is a link:
http://blanu.net/curious_yellow.html
Thank you, I could not have said it better myself. I use Linux everyday, and in all honesty I patch my Linux box more than I patch my Windows XP box. Sure, the Linux box is frequently getting simple app upgrades/patches, but there are a good number of security fixes in those patches as well. An admin I work with left his Red Hat box unpatched and for a year and it got nailed twice, just do the math. Linux might be more secure, but it is only as secure as the person who administrates the box.
I get nice little pop ups telling me my computer may be already infected all the time, don't you?
If you could reason with religious people, there would be no religious people
This is THE major problem afflicting the internet, why dont governments form a unit to identify and at least notifiy the owners of these machines?
Why should they? It's the ISPs who make money by providing Internet access. They should be responsible for alerting their customers about compromised machines. Most of them don't because it costs too much money, and there's little liability even if you do absolutely nothing.
On the other hand, customers aren't willing to pay for a notification service, or accept the privacy implications (notifying customers requires a mapping from dynamically assigned IP addresses to customer accounts). What's worse, a large percentage of them will just switch to another ISP once you restrict their network access because of a compromise.
Haven't you been watching 24? The terrorists can melt down every nuclear power plant in the country over the Internet!
...that all these botnets themselves seem to compromised that journalists and researchers can so easily get into them. If you're going to compromise other people's computers for whatever nefarious use, do you want your system itself wide open for someone to steal away from you or document your doings for law enforcement? The best back doors and holes are ones that no one sees until you're using them and it is too late.
If my grammar and spelling are off, I am [distracted/tired/careless] (take your pick)
No sane person should connect a critical piece of computer infrastructure ... to the internet.
ROTFL...
Quickly! Disconnect the backbone from the internet! Unplug the DNS root servers! Take the routers offline! Cut the cables leading into Mae East! The internet is too dangerous!!!
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
But it IS Microsoft's fucking fault! Microsoft has ultimate control over almost every users' system... and almost ever users' system eventually gets compromised.
Microsoft's browser that gives developers every last inch of control over a user's PC is what inevitably led to developers just completely taking over users' PCs. Microsoft insists on certain features in Internet Explorer that make it a pain for even the smartest PC users to control what they see.
Here's some problems with IE:
- no real ability to disable popups (Completely disallowing all forms of popups is more secure and convenient for the USER. Fuck developers.)
- Install on demand (What a fucking trainwreck feature this is. Developer puts the 'yes' button behind the 'close' button nested 8 popups under the first one. User gets frustrated and clicks 7 close buttons and 1 button marked 'fuck me in the ass please')
- Patch-and-fix attitude.. It's somehow not Microsoft's fault if they allow 'get into my PC free' for two months if they eventually release a patch for it?
Here's how you fix Internet Explorer:
- get rid of 'install on demand' (Make it so users have to actively download and install what they want installed. This whole 'make things easier for flash to install itself and bombard you with ads' is stupid.
- SUE MICROSOFT. That's right. Consumer class-action large-scale - the type of lawsuit that puts them in the red for a quarter. How many billions has this cost Joe Consumer?
"Just remember that it is also the responsibility of the computer users to patch their systems in a timely manner as soon as they are available."
What if my computer is already fucked up, assface?
Ya, I'm pissed. I'm not an idiot computer user - I spend 8 hours a day on a computer. Yet, while typing this, I got a goddamn a.tribalfusion.bullshit popunder sitting there on my taskbar... and this is while I'm running a proxy filter, run Spybot, run Ad Aware.. And, if I'm having problems like this, Joe Consumer is getting raped.
Ya, you can call me stupid and say I browse the Internet wrong or whatever shit like that. But, this shit never happened back when Netscape was the dominant browser and it did not allow the developer to ad 'features' that work much like a virus.
These zombie PCs ARE by and large Microsoft's fault. Microsoft needs to implement features with the idea that developers will EXPLOIT at every turn possible for money and they need to focus on the consumer, for once. You can't tell me that Microsot doesn't know that Joe Consumer does not want 8 popups while browsing Slashdot.org.
BTW, if anyone has an easy, one-click fix for all the problems I have browsing (that is made by Microsoft, built-in to Internet Explorer), I will print out this post and EAT IT.
--- We need more Ron Paul!
Perhaps all these Zombie comps should be put to good use. Who cares if people don't want to participate in grid computing ... they can be forced!
My coworker is doing some of his own investigations into this stuff. He hooked up a freshly installed, but unpatched, windows2000 box to the net with a freebsd box in between to monitor traffic. Within minutes it was infected, and we could see IRC traffic: connecting to a hidden channel to await instructions. Not that I'm that outraged that an old unpatched windows 2000 box is vulnerable; it's just amazing how quickly a worm will get you if you are vulnerable! -K
Is to aim for the head... In this case, the head of the user would probably be a better target.
Our greatest enemy is neither a single man, nor is it a nation, it is, as it has always been, our own greed.
When they're up, they're very entertaining.
An older spammer forum, SpecialHam.com is back up. With banner ads, even. "DarkMailer - not for newbies". "Blackbox Hosting - bulletproof hosting options" "SendSafe - bulk mail has never been this easy". "Bulkhost.com - the leader in bulk-friendly e-mail hosting".
Sites like these are where the hackers and spammers meet, find deals, and scream about being ripped off by each other. The actual deals tend to take place on ICQ.
-- Reality checks don't bounce.
Comment removed based on user account deletion
Bill Gates is using a robot net in building a spacecraft to return to his solar system.
Help end the use of Sigs. Tomorrow
This is true, but I'd like to go one step even further. Is there software out there to check if your PC has been co-opted, like what honeynet has but for regular users (just an integrity check)? I have a server with a firewall, then a router with a firewall, then ZoneAlarm software firewall on my main home PC. I expect this should be safe, but I know I've gotten spyware and adware on it (from downloaded programs), so even removing that how is one to know if there's an exploit through one of the legitimate I/O routes (web browser, P2P, IM, etc.).
Comment removed based on user account deletion
If they aren't already logging who was using what IP at what time, they'll probably get boned by law enforcement when one of their customers does something illegal and the ISP can't help them track the criminal ;p
What can I do to see if my computer has been hijacked? netstat -r?
http://threetechguys.info Come, discuss Technology. Got a technology question? Come ask!
How long til they start using distributed hijacked PC networks to crack complex codes etc....
In what way is my ISP responsible for what I do on the internet? I don't know about you, but I don't pay my ISP to protect me and my privacy. I pay my ISP to provide a pipe, and nothing more.
"No one is more miserable than the person who wills everything and can do nothing." -Emperor Claudius 10 BC - AD 54
There's an oxymoron if I've ever seen one.
Blame the user for not patching?
I don't see either of these as reasonable without DRM. Computers are more complicated then any other consumer device and the exploits are more complicated then any other repair or maintenance we expect people to do. This won't change unless the home computer stops being a general purpose computer, through the magic of DRM. Then we could blame the vendor who had control.
At the very most, we will only hold people responsible for not doing relatively easy things: patching, anti-virus, firewall, etc.. These aren't enough though (0-day exploit, etc...) and we won't expect the average person to do more. If it's not reasonable to think the average person could fix it or prevent it, then we won't blame them.
The only alternative would be taking your computer to a specialist and having it certified. (DRM the slow way.) Then lawyers could blame the company that worked on it, or individuals could be liable for not having it serviced, as everyone knows you should.
Thanks for putting on the feedbag. Thanks for going all out. Thanks for showing me your Swiss Army knife.
Everyone has equal protection and responsibilities under the law, so OSS projects would have to be held to the same standards as oh-so-evil big corporations. Be careful what you wish for.
Give a man a fish and you have fed him for today. Teach a man to fish, and he'll say "WHERE'S MY FISH, YOU IDIOT?"
And people say that the largest computer cluster in the world runs Linux. Bah!
Of course it runs Windows! Go Microsoft!
*ugh*
"Where are we going?"
"Planet Ten!"
"When?"
"Real soon!"
I'm not good in groups. It's difficult to work in a group when you're omnipotent. - Q
I know that's just a throwaway troll attempt, but most of the linux users I've met have been happily married professionals in their 20s and 30s. Okay, that means they have found "women", not "girls", but hey.
This action would make sense and for that reason alone wouldn't be performed by government. But there are probably other reasons not to do this:
1. It would cause public fear and panic
2. It would expose that Microsoft products are the cause (that's how the public would see it... after all, kids are being raised by violent video games, not by parents)
3. Microsoft paid them not to do that. (ref: OpenSecrets web site for how much money Microsoft started donating since they first started to get into trouble.)
And generally, we just don't want the public to realize the government is using the same software they are...
It tries to eat your brains.
If they aren't already logging who was using what IP at what time, they'll probably get boned by law enforcement when one of their customers does something illegal and the ISP can't help them track the criminal ;p
Europe currently lacks mandatory data rentention. On the contrary, many countries prohibit telcos from retaining call data records and the like for more than just a few months. As a result, ISPs can safely claim they do not collect that data. Currently, they simply don't have to.
Ah, thank you Steve Gibson from grc.com for that lovely nickname.
[an error occured while processing this directive]
The ISP needs to force the user to at minimum to install a software firewall.
Simpler than that. Just give customers a firewall appliance with their modem, and warnings of the doom that will befall them if they don't hook it up between their modem and PC....
iSKUNK!
The Internet is much too important to be connected to the Internet.
If corporations are people, aren't stockholders guilty of slavery?
My father recieved his first couple of Sparc-based unix boxes about 4 years ago in the wake of the dot-com collapse. For one reason or another, he decided to reinstall (a somewhat old version of) solaris from a disc he got with the system.
A couple of days later, his cable-modem based lan was nigh unusable; lo and behold, the unpatched solaris box was sending out data as fast as it could. Neither of us had the technical expertise to figure out what exactly had happened, but the process that was causing all the trouble was sitting in a dir full of various tools that seemed to be doing some sort of IP range scaning and self propegation.
If there are enough systems out there with a given hole, someone will exploit it, reguardless of OS.
(and please forgive the low-level question) ...How can I tell whether or not my own computer (PC, running XP) has been compromised?
Well, this brings the scenario closer to a fantasy movie with a powerful artifact to control an army of the undead... go figure :-)
We had same issue. We forgot about one of our linux boxes that was on the public network, and someone exploited sshd and rooted the box. Admins were only actively patching the nt boxes and complaining how secure unix systems were. It was quite ironic.
Have you ever been to a turkish prison?
I do too. I find it particularly funny that these helpful windows installation wizard popups keep appearing on my Mac (OS X) box.
I tried every decent and legal way I could think of to resolve the issue w/the business before I rented the chicken suit
..spam mails is determining which are real and which are fake. :/
I have a bunch of Win XPhome, Pro and W2K boxes @ home, fully patched, personal firewalled, my router screens what it can, in fact it blocks most every port and tosses pings from both sides. There's antispyware and AV scanners running on all desktops. And brute force scans for virus and all other malware kick off weekly. The uplink is cable (shared). Am I contaminated? You betcha. I can run any spyware tool @ random and find something and once a month I trap a virus either in the browser cache or the jpi cache on one or all of these machines.
Shit I forgot why I wrote this - oh yeah. What is the definition of "GOOD"? So while there 1.2 globzigillion zombies out there, what is the likelihood you're actually clean? I'd say damn near zero.
The wording should be changed to read: No sane person should connect any machine to the internet without at least a hardware firewall in between. They are really inexpensive and provide a critical line of defense against comprimise by worms.
/dev, etc.
Long ago I made the experiment of pluging an old Red Hat 6.x box directly to the internet with most of the ports open: telnet, ftp (anonymous), rsh etc. It was compromised in no time. The new owners did a decent job of hiding the tracks, they installed a kernel patch to provide "hidden" files, a new "top", several interesting cron jobs, thousands of new entries in
But they screwed up netstat. I was monitoring the machine remotely and could not see my own connection ! that gave it away. It seems they were half way thru the process. I was able to locate most of the source for the "worm" (I assumed it was one), the code was nicely annotated and the paradigm was really interesting, very close to the dream of the platform independent worm.
That was years ago, I don't even want to image how far the techniques have advanced in this time.
or post comments on /. without hitting preview
aload = allowed
M$ it's whats for diner!!!!!
Why does everyone insist that firewalls are secure? There are so many ways to bypass them it is not even funny, and I am not only talking about NAT but SPI also. Ultimately it is like a strainer. Blocks some but not all. Really more of a traffic cop. Everyone has allowed open ports, and I can run scripts to pull down what I can not push up. Why bang on locked windows and doors, when I can stroll in through the front main entrance? People have very hard time managing internet logs too, even if they do discover they've been compromised. Sheesh!
Have your machine intentionally be part of the "zombies", and you get all the goodies, and look like a victim at the same time.
Don't tell my wife or my girlfriend.
You know that is my experience as well. Somehow, being a linux user and happily married seems correlated. I wonder why?
Religion is regarded by the common people as true, by the wise as false, and by rulers as useful.
I work for a minor dialup in BFE, KY. We used to have large problems with our users getting hacked and zombiefied. But we decided since they weren't going to have a local firewall then we'd run one for them. Generally speaking Joe User doesn't need an internal SMTP server, http server, and so on. So we've got it set up now where they can connect to http, ftp, send their emails, send their IMs, play their games, and even use BT. But, alot of things that they'll never noticed are disabled for their own good. We'll occasionally have someone call about something not working and we'll then add in a rule to punch a hole for them. But I think that has been one person in the past year so far.
I'm surprised more ISPs don't do this as we used to be overloading our pipe due to the bots but now we're using half of our pipe durring peak times.
I could see this as a potential issue for some broadband ISPs but the saved money in bandwidth is much higher than the cost of manpower
Bravo!!! brxndxn you have hit the nail on the head, (with a sledge hammer)...
Politics is Treachery, Religion is Brainwashing
....a group of super smart nersd somehow figures out how to do the same thing to these millions of PCs, but in reverse. Somehow create a worm that turns on the XP firewall, installs MS Anti-Spy and SpyBot and whatever else is needed. Isn't this easy to do (for the geek crowd)? Every new client I get (I'm a home computer tech) is infected with massive amounts of spyware. They have NO idea. My last two clients had more than 10,000 files and programs that were deemed spyware (not including cookies). It took forever to clean these machines, esp with those damn trojans not wanting to leave. I've got years of experience so I know what to do. But 99.999% of Windoze users doesn't have the damndest clue. My clients can't even set up their own DSL connections. how are they going to prevent their computers from being turned into zombies? Hell, they don't even know what that means.
It's up to the benevolent hackers or MS. My $$ is on the geeks outside of Redmond.
thanks!
They'll probably never know anyway as it would take them off the Spam circuit.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
Aaaactually.... I would say that you are probably about 12 for saying "Linsux" (It's on the same intellectual level as "Micro$oft" and "Winblows") and therefore aren't mature enough to look for girls and are more likely to sit as far away from them as you can.
If you wish to contend this point, I'd be willing to fit you in my timetable (Family permitting).
How many people can read hex if only you and dead people can read hex?
Who do we hold responsible when the owner leaves the keys in the ignition, the manufacturer didn't provide any door locks, and an Eastern European gang steals the car and uses it to deliver advertising circulars to 10,000,000 mobile homes? Just hypotheticall, of course.
Pe op le wi th a l ar ge pen is sho uld ha ve mas s iv e, frequ ent, la rge typ os d ue to ina dver tant ap pe nda ge intr usi on on the ke yb oard you wou ld th ink. No te t hat 99.9 99% of pen is spa m is ho rri bl y ful l of typo s. There fore, a ll pe nis spa m is r ea l. Go fo r the si ze in cre ase!
If my grammar and spelling are off, I am [distracted/tired/careless] (take your pick)
Bad PR but who the fuck cares.
tihihi I said boxen.
'Once scientists, even the dim-witted social scientists, get muzzled, the Western Civilization is finished.' - oldhack
Barring the 9th circuit and all of Great Britian as I understand it, there is another problem with retaliation in self-defense here.
Application of force. If someone attacks me in my home with real or apparant intent to kill, I respond in full. If I somehow manage to subdue said scumbag without killing them, after they are incapacitated I am no longer able to justify their death at my hands as self defense. In other words, if I tie up a murderer in my apartment and wait for the police, I cannot claim self-defense for then shooting him out of boredom.
In other words, the response is usually considered self-defense only if it is comparable to the attack. Try to take it offline, well, were you knocked off-line in the attack? Keep in mind, I most definitely am not a lawyer.
http://en.wikipedia.org/wiki/Self_defense
why dont governments form a unit to identify and at least notifiy the owners of these machines?
To paraphrase the late great Jerry Orbach playing Lenny Briscoe, "Sure, let's get the government involved. That'll solve everything."
And as far as the ISPs go, I've worked for ISPs that wouldn't even cut someone off for non-payment for fear of their subscriber numbers going down. Do you really think they have the manpower, resources, or interest in doing anything about this until they're forced to by business pressures? (eg, never.)
The only way to fix this problem is user education. And because most users refuse to be educated, or accept any form of responsibility for their own machines, I don't see this problem getting fixed. Ever.
Never underestimate the power of stupid people in large groups.
When I see a new PC and look at the user for 3 seconds... if only I could ask 2 questions and then bet money on whether the machine in question has any malware - I'd be rich.
Yea corporate networks are better - if the corporation is big. Most small businesses have owned or infected boxes.
'Once scientists, even the dim-witted social scientists, get muzzled, the Western Civilization is finished.' - oldhack
Remember, Linux is is the Insecure OS, not WIndows! http://linux.slashdot.org/article.pl?sid=05/03/16/ 1517207&tid=163&tid=1&tid=218
Another blaster-like gets widespread, and destroys the machines in question. Wipe the HD, wipe the BIOS if possible. Wipe all files on all network drives with write access. Wipe everything. Write nasty letter to boss. Play fart sounds, change wallpaper to tubgirl.
THIS would wake people up. Not the fact that the ADSL light blinks a bit and the machine feels a bit slower.
'Once scientists, even the dim-witted social scientists, get muzzled, the Western Civilization is finished.' - oldhack
best.post.ever.
"If Joe User were required to start by using Linux or BSD, it would set computing back 10 years."
To a time before rampant SpambotNets and the DMCA. Sign me up! :-)
What? What?! NOW it's the ISP's responsibility?? Consistenty, Slashdot. Please. ISPs provide a connection to the Internet. It's the USER's responsibility to decide what they do with that connection. And it's the GOVERNMENT's (read: society's) responsibility to find and prosecute the sons of bitches who willfully and with malice inject our machines full of their garbage--be it bots, spyware, or spam. Casting [any] blame on the ISPs is akin to blaming P2P companies for copyright infringement or blaming Smith and Wesson for drive-by shootings. I could go on for hours, but I feel like I've made my point.
"It seems they probably could, but are not going to."
Well yeah, it's not their job, and its as much their problem as it is the rest of the worlds.
Imagine trying to fix 100,0000 relatives computers. Most of these people are people who don't care at all if their computer is compromised, and would require someone else to fix it, not them.
In fact I was just at a cafe that had a few spybots installed on the machines there, I told many people who went up to use them exactly what was/would happen if they used it, most of the responses I got were "what are they going to do, break into my yahoo account". And it didn't stop a single person from using it (then I decided to login to their router and deny all access to irc ports).
TruePunk | Games
What? What?! NOW it's the ISP's responsibility?? Consistenty, Slashdot. Please. ISPs provide a connection to the Internet. It's the USER's responsibility to decide what they do with that connection. And it's the GOVERNMENT's (read: society's) responsibility to find and prosecute the sons of bitches who willfully and with malice inject our machines full of their garbage--be it bots, spyware, or spam. Casting [any] blame on the ISPs is akin to blaming P2P companies for copyright infringement or blaming Smith and Wesson for drive-by shootings. I could go on for hours, but I feel like I've made my point. (Re-post. Sorry, I guess I screwed something up. THIS is where this comment's s'posed to be.)
By extension of your argument, Linus is responsible for every compromised linux box. Because when you get down to it, the kernel is the absolute control of every Linux PC. The kernel in theory could stop every attack (though such a kernel would not likely be very usable). The fact it doesn't means it's Linus' fault -- not the end user's (using your arguments).
Suing Linus would surely result in a better kernel, wouldn't it?
In a weird way, I have to give some credit to the botnet operator(s) who are running 50,000 machine botnet. That is, assuming they actually wrote the bot software themselves.
It's not easy to write networking application that would scale well, especially when you have n amount of peers and each peer has unknown amount of bandwidth.
If the machines can cross-communicate without centralized server and scale up to 50 000, that's one nice application.
now, only if they would use them for something else than extortion and crime..
There are no atheists when recovering from tape backup.
True enough, I even see Windows security reports on my local newscast now, the information is becoming hard to avoid. I'm not sure if it's apathy or just pure laziness, but some of these people would have issues no matter what OS they ran.
http://it.slashdot.org/article.pl?sid=05/03/15/134 1203&tid=172&tid=1
/. think we didn't RTFA in the first place or too dumb to understand it... We needed the diluted verion i guess.... or maybe Zonk and Camander Taco don't compaire notes... who knows. EIther way same story twice in 3 days = yuck.
RTFA!
I am pretty sure the BBC news post is just a dumbed down version of this report:
http://www.honeynet.org/papers/bots/
So it begs the question why is this news... Does
out
DarthVain
So how many of these are being used for P2P serving?
"But Judge, I wasn't me that was sharing those files "
Before you laugh, I had a Linux 'router' broken into about 8 years ago. I of course caught it in nightly auditing, but it happened.
Turned my machine into a porn ftp server and a bridge to break into the next person.. If I hadn't been auditing, might have been months before discovery..
---- Booth was a patriot ----
I've had machines show up in my shop along with notes from Road Runner stating that they can't regain their service until they show proof the machine was repaired properly. These machines have always been so bad off, they were unusable, yet they were kept online constantly, to display popups and act as zombies.
One case it was actaully not the customers machines, but his neighbor who was taking a free ride on their wide open wireless network. Turning on WEP immediatly fixed the problem. The customer couldn't figure it out, because they were a household of Macs, and were sure they couldn't get hijacked like that. They never even thought of the wide open network.
rm -rf
reinstall Windows! It's the answer to everything.
Sometimes seventeen/Syllables aren't enough to/Express a complete
1) get source code of whatever worm is making all these zombies
2) modify code to only spread itself for a few hours per machine before killing net connection and berating computer owner for poor security.
Result: bot nets destroyed, computer owners informed.
Optional result is you get arrested, but that's why I am leaving this up to a non-American to do. However, what if I drove to Mexico before releasing the worm, would that make a difference?
It occurs to me that we are seeing the Free Market at work. There is obviously more money to be made in spamming and supporting spamming than there is in ordinary folks like you and me communicating through email. Nor is this the type of thing that one ISP can solve alone, so you can't vote with your money at another ISP.
Until the cost equations tilt somehow, spam will continue and probably grow. As long as the incremental cost of sending additional spam is so close to zero it'll happen.
Perhaps another law is being broken with zombie nets, but as long as it's only for a nuisance like spam or zombie growth, I doubt the government will get involved.
Now, if we could prove that terrorists are shipping plans and information through zombie nets, steganographically hidden in spam, it would be a different story. We could wear our tinfoil hats right to the DHS and get action.
The living have better things to do than to continue hating the dead.
No, that's wrong. He's blaming the _company_ who's selling the product, not those who made it (i.e. the kernel hackers). In Microsoft's case, it's one in the same, but that can't be said for Linux: there is no "Torvalds" distro. Linus is no more responsible for the Open Port Party that RedHat used to be any more than a Windows kernel hacker (if there is such a thing) could be blamed for the Active X Happy Hour that Bill and Steve foisted on a suffering public.
Apparently they were using SUSE 8 Pro and Solaris 8 as the Honypots. My issue with the BBC article is that although (as can be seen from the Honeypot site) 90% of the attacks were aimed at, or originated from a Windows machine, the offending OS is mentioned only once.
They (the BBC) should spell it out, so that the general public actually gets notified officially, and thus make it a well known issue amongs non-IT literate people.
why dont governments form a unit to identify and at least notifiy the owners of these machines?
I think I would prefer my tax dollars go to the fixing of schools and highways or medical research or even the military before someone gets a government job notifying people that their comptuters are bothering people.
Does this mean we have 1 million+ zombie users on our hands?
IT Guy: Get your stooped windows viruses off of me!
Zombie: Must click on banner...Must click on banner...Must kill all who don't click banners...
Hey any game makers out there, we have your self a new game...
Technabyte - Read my tech news blog.
Why isn't Linus responsible for privilege escalation exploits via kernel bugs? They're used quite often to get root shells.
The real question is why people think that multiple layers of firewalls make them more secure. It is confusing. If your first firewall blocks out all incoming traffic except port 80, and the NEXT firewall blocks out all incoming traffic except on port 80, what good does the second firewall do? Maybe it each firewall, adds another "REALLY" protected. 1 firewall. I'm REALLY protected from all ports but port 80. 2 firewalls. I'm REALLY REALLY protected from all ports but port 80. 3 firewalls. ...
is anyone really suprised by this? alot of people who own computers dont even bother updating any protection software they might have. its not really a surprise at this point
Society never gets more or less violent, the definition of violent just keeps changing.
But what command to send!!??? Sleep. Sleep... Data... Sleep.
"Microsoft has ultimate control over almost every users' system" That's the most ridiculous thing I've ever heard. If you don't patch your machine your going to get hit, thats just the way it goes. You can't blame the phone company if someone prank calls you. Microsoft is doing the best they can. Just because you're a linux fanboy doesnt make them evil.
Society never gets more or less violent, the definition of violent just keeps changing.
Still have your notes from that? It sounds like it might be interesting to go over.
01101001 01100001 01101101 01101110 01101111 01110100 01100001 01101100 01100001 01110111 01111001 01100101 01110010
Independence Day
Or maybe from Shin seiki Evangelion (Neon Genesis Evangelion), Episode 13: Angel Invasion / Lilliputian Hitcher
Irene KHAAAAAAN!
Yup, they should make a law that forces ISPs to simply pull the plug on the users broadband connection when a zombied pc is conclusively detected. Until that user can show that they are a responsible pc owner and netizen, it's back to playing Solitaire or Minesweeper.
(Monty Python Argument Clinic Sketch.) The joke he was doing was a reference to the "Night of the Living Dead" series of zombie movies.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Sounds like a rip-roaring time. A great party, I bet.
My other first post is car post.
Now imaging those 1M PCs infected with good viruses, viruses that crawl the web, crunch difficult problems, etc.
Virus hackers: write good viruses that infect even more PCs.
Simpy
I've been relatively unharmed thus far. Sure i've had a few run-ins with malware, spyware, adware etc... but nothing I couldn't have simply lived with... and nothing that I haven't been able to defeat. So far my toughest experience was with a worm that was eating all my system resources and for some reason couldn't be removed by Norton... Luckily I'd prepared backups the day before because I was planning to do a fresh install of windows anyway. Most of my other experiences with malware etc, were "hey I didn't even notice the symptoms" moments when Avast! let me know about them. Personally, if I dont see a problem... then there's no problem. Generally though, my computer checks out clean. I know my way around windows and dos and the internet, but I wouldn't consider myself a computer expert since I know very little about programing and networking. So if I'm no expert, why am I unharmed? Well, I've got the good sense to use a decent virus program (Avast! free and recomended, google it), a spyware tool (spybot), a firewall (both hardware and software), and an automated backup utility. All that software of course could sit on your hard drive unused and you'd be better off which is why I've developed the good habits of manually activating a virus or spyware check every now and then, keeping my desktop, menus, and programs organized and free of crap, not falling for "britany_spears_naked.exe," and backing up frequently. Hey, a spindle of cd's is well worth the cost when you consider how much easier it is to back up your files than to re-create them after a disaster.
Over a million zombie PCs
not
Over a zillion mombie PCs!
Hello! I'm a disaster waiting to happen!
Comment removed based on user account deletion
When my uncle was living in Italy, there was one day that he was driving through the mountains and one of his wheels came off. He avoided falling off the cliff, and to hold his spare tire on, he decided to take one nut from each of the other wheels. He put the wrench on the first one to remove it, and it was loose, and so were the others. After checking that nobody he knew was trying to kill him, he decided that it was probably just thieves trying to steal his fancy wheels who'd been interrupted before they'd gotten them off.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
This is where the government can step in: they can make it unlawful for ISPs to not disconnect someone after they are notified of illegal activities via a hijacked PC. Right now many ISPs simply don't care what their customers do. This should change.
When not handling abuse reports will result in being put out of business, this will wake them up and put people on the task.
There was sod all wrong with the Firestone tyres. It was because the users had been told to run them at absurdly low pressures to try to minimise the risk of the vehicle flipping at low speed. Had the Explorer been built with a low enough centre of gravity (instead of being about as stable as an egg standing on its pointy end) the problem would not have occurred.
As an aside, I use Firestone tyres on all kinds of vehicles, and have never had a problem. If I was in a nitpicky mood, I'd say that their 145SR15s are not nearly as sticky as the Michelin equivalents, but they *are* 1/3 the price.
ISPs should be held responsible for what theur client do when they have been notified of their wrongdoings and have decided not to pay attention to those notifications.
Right now there is the problem of many hijacked and virus-infected PCs on broadband networks, and the victims of those have the problem that they can identify the problem spot only by IP address,
The ISP acts as a shield between you and the troublemaker, by systematically ignoring requests to take them offline or to give you contact information so you can call them yourself.
This is not like the position of P2P companies or weapon manufacturers. It is like the ISPs position in copyright violation cases. The ISP is held responsible until they provide the name of the offender.
Check again, they use Dell laptops. (Thank you, HD!)
It would be cool if it didn't suck.
The Eastern European gang!
The others share some blame for making it too easy, but let's not lose sight of the fact that the perpetrators of the theft have actual malicious intent.
Newest ad-aware, newest Norton SystemWorks, half a dozen other malware removal programs, winxp firewall up and running... and I can't get this stuff (ads, CPU-sucking processes which respawn, etc) off my parent's machine permanently. What's the deal? Is anyone else out there finding it flat out impossible to make this stuff go away? Jon
My home PC runs WinXP most of the time, behind a hardware firewall of course, and security updates are relatively painless. I have them set to download automatically, and only update when I want them to (it's not the default, but I don't like the machine rebooting itself when I'm not around or don't want to be interrupted), but the nag balloon pops up any time there are updates ready. I think their default is to update automatically as well. It's a big change for MS, but it's a lot safer than it used to be.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
There's certainly no excuse for implementing it as a worm when it could have just as well been a scanner program that operated at a controlled rate from an identifiable site. But one of the biggest problems with Nachi was that it generated too much internet traffic. It did lots of pings deciding what to infect, and worked fast enough that it generally made a bigger mess of any networks it was on than the original Blaster had.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I deal with several spy-ware comprimised machines every day. They account for perhaps fifty percent of my workday each and every day.
.exe files in the root and in the temp directory that were obviously spyware. The machine would NOT let me delete the files even though I booted with a known good "Bart's PE CD" I was unable to find what was preventing me from deleting them (attributes all seemed okay).
About a month ago things started getting worse again, for a while before that things had gotten better for a while. Part of it was because I was getting better at dealing with the crap but another part of it seemed like I was actually seeing fewer comprimised machines. The metrics seemed to bear this out too.
In the past few weeks, the machines have been more grossly effected - many having multiple installs of spyware and virtually every one of them containing a trojan back-door of some sort. On top of that, either I'm getting dumber or the crap is getting much harder to remove. In some cases, the computers wouldn't let me run the more common tools that I use - they would launch and be closed immediately.
In one case in particular, I had a machine that worked fine one day and the very next the machine litterally took hours to come up to the desktop! All the while it was doing *something* with the remote user's network connection. When I brought that machine in I booted using a bootable CD ROM and discovered a number of
After reimaging the computer, I put the data back down and reinstalled the programs and the machine was flawless - so it wasn't hardware. Unfortunately, time is money and I can not afford to take all the time in the world to do forensics.
What I guess I am trying to convey here is that in my opinion, there has been in the very recent past a fundimental change in the way this stuff is working. I suspect that these efforts are more than just an effort to make the spyware harder to removed. I suspect that there is now more happening in the background of these machines. I'm sure many of them are "bot-net" machines but even worse, I think some of the machines that I've seen are very busy "harvesting" data from the owner's machines!
If my hunch is correct, I'm willing to bet the in the very near future, we will see identity theft on a scale we had never imagined before. Frankly, I'm quite concerned about that and am suggesting that people who have been victims of this "nasty spyware" take the time to change all of the passwords and credit card numbers while their computer is still "fresh" or better yet, change the information in person at their bank or over the phone.
Does anyone else see the same things happening?
Google for "Process Explorer" - free download, shows all processes and CPU usage (there is also an option to show % fractions of CPU usage or context switches for being really precise). Shows processes in a tree also, so you can see what's started what. Also gives ability to pause (a la -SIGSTOP/CONT) processes, very handy lil download. Well done the creators.
-2A
The revolution will not be televised... but it will have a page on Wikipedia
There are two reasons a hacker might not want to leave the key unencrypted on his disk - one is that if he gets caught, it's proof that he knew the key, and the other is that if somebody cracks that machine, they can steal his zombie army. Neither problem is a real worry - if you're Evil But Not Stupid, you don't run the zombie controller on your own machine, you crack somebody else's machine and use that to crack somebody else's machine and use *that* to run the zombies from, so it's hard to trace back to you or the cybercafe you rode in on. The theft problem is a threat model issue - since the zombie controller is just another hijacked machine, you may decide not to worry about it getting stolen, or you do a little more cookbook cryptography and handle the asymmetric private key the way PGP does - store it encrypted using a conventional symmetric cypher using a password you can easily remember, so you don't need to store that on your machine, though you might write it on a yellow sticky note.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Sometimes having an over sized swap file can cause over hdd activity. Old rule was "swap should be 1.5 times size of RAM" (I think)... but this really doesn't apply for the amount of RAM our machines come with these days for what we do with them.
Also as someone else said - turning off index service (or "find fast" which came with older Office versions - dunno about recent ones).
Also as I mentioned in another post, check out the free download Process Explorer (google for it), watch 'context switches', see what's busy.
-2A
The revolution will not be televised... but it will have a page on Wikipedia
This *was* a few years ago, and crackers have gotten more sophisticated, and DSL and cable modem proliferation means there are lots more fast net connections for them to work with. At the time, Win95 was obsolete, RedHat was doing 7.x versions, and Staecheldraht attacks seemed to mostly come from universities (including Washington University, whose wu-ftpd was one of the main holes exploited by crackers, and a machine that looked like it was from MIT but was actually from somebody in Japan with a byte-order problem.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
The client doesn't need to be technically sophisticated - you set them up by routing all their HTTP requests to your new-user server, so they don't even have to remember to go there themselves, tell them to wait while you run a scan, and then have them tell you whether they've got XP/Win2K/Win98/Mac/Linux and download the appropriate checkup program. Furthermore, it's not unreasonable to keep them in a quarantine zone with an easy mechanism to get full internet capability if they can fill out your form correctly - that keeps the naive users in protected mode, and lets the clients who know how to RTFM get unfiltered or semi-filtered access if they want it.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Microsoft is doing the best they can.
I really, really hope you're wrong.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
http://en.wikipedia.org/wiki/NMCIe ms
and
http://en.wikipedia.org/wiki/Electronic_Data_Syst
I saw the Sign, and it opened up my eyes
http://en.wikipedia.org/wiki/Electronic_Data_Syste ms
/. keeps breaking it.
Just copy and paste it,
I saw the Sign, and it opened up my eyes
That's a good idea in theory. Unfortunately, where technology is concerned, I don't trust the government to know what an ISP is, let alone realize that people can do illegal things with it.
Plus enforcement would be all but impossible. The tax revenue consumed by such a (IMHO) futile effort could be put to much better use.
The underlying cause of ISPs' apathy towards compromised PCs is that consumer culture in this country (posting from the USA) is broken. The way IMHO that consumerism is supposed to work is if you don't like the way someone is providing a service or product, you'll vote with your pocketbook and go to the competition. In this case, if the ISP that you're on allows compromised PCs on its network, then you get the heck off their network and switch to a provider that gives a damn about security. But the average USian is either too lazy, too stupid, or too cheap to do anything about it, and when you compound those factors with the average USian's complete stupidity regarding technology (see this post for my definition of stupidity vs. ignorance), you have the problem we're discussing.
Never underestimate the power of stupid people in large groups.
These are the H2's of the computer world.
I would certainly hope not, considering how incapable the H2 is off-road.
hello dear sirs my name is jamesh i are india (bihar) can u guide me install red had linux 9?
Of course all operating systems have their security holes. However, it's stily to say that no matter how poor a OS design may be (Windoz), that it doesn't matter and they are "all the same."
I think the problem is not that customers are or should be unsatisfied with their own ISP and thus should move to another.
The problem is that other ISPs exist that do not care, and that we are all connected to one single Internet.
So even when you are at a ISP that cares about these things (I am), you still suffer from the million PCs of users at ISPs that don't care, and there is nothing you can do about that.
So an ISP should be required by law to care about this. Just as there exists a mandatory facilitation of lawful intercept (at least here), it could be mandated that ISPs provide a contact method to report compromised systems, and be mandated to actually do something with the reports.
For example, an e-mail address or form on their website where you enter date/time, IP address and observed activity (spamrelay, attempted virus delivery, portscanning or other hacking) usually related with compromised systems. The ISP would then have to handle these reports, for example in order of decreasing number of reports per address. The customer would have to be contacted, warned about the situation, maybe get moved to a closed network where they can download only tools, or disconnected completely until the situation is remedied.
Don't say it can't be done, my ISP does it and others do. But as it is not mandatory there remain countless other ISPs that don't, and millions of PCs that you can see attacking you and the rest of the world but you (and others) can do nothing about because you have no way of contacting their owner.
I think the solution should be instant death penalty for hackers.. Hey it shouldn't be tough to get compromised attacks down to almost nothing..
Just say no to license servers!!
"Vendor-written drivers have a very poor record". Sure. I'd much prefer my drivers to be written by someone who has time on his hands rather than the actual MANUFACTURER OF THAT HARDWARE.
Whether you're pro or anti MS, you've got to realise the parent poster was absolute bullshit.
FUD, plain and simple. "What good is it as an OS if you can't add various hardware" - find me an OS with better support for third party hardware right out of the box and I'll kiss you on the ring, you fucknut.
All OSs have their pluses and minuses, but one thing Linux and the Mac aren't renowned for is compatibility with loads of hardware.... Mod me up, you fvckers!
Taking the internet as a whole entity it begins to resemble a biological model, similar to cells comprising a whole creature, or a population of individual creatures comprising an ecosystem, subject to the same points of frailty and weakness. Infections break out all the time, a constant war is waged between organisms competing for scarce resources - food, territory, and the like. Or cpu time, disk space and bandwidth.
Genetically uniform populations are wiped out easily by viruses that are quicker to adopt, and are easily able to invade the cell and get it producing and distibuting more viruses in a chain-reaction.
What is interesting is that no biological system has a really large number of easily infectible hosts that have survived for any length of time, they have inevitably died out. The numbers of the initial population are irrelevant, a larger population simply means there are more target hosts for predatory orginisms to feed upon, which accelerates the process of the demise of the species. The only thing that will enable them to survive is geological isolation, or adaptation and evolution of more effective immune systems, feeding habits, physical robustness, intelligence, and other survival traits.
That being the case, the biological model is a warning that systems that do not adopt will inevitably perish. What is the biological equivalent of an anti-botnet botnet? A retrovirus would more akin to the sasser worm, in which a virus tries to repair the vulnerability that enabled it to infect the host/cell in the first place.
http://www.spreadfirefox.com/
so how helpful was this? The first day the american news sources said it was a good virus stopping the bad. I can tell you first hand that Nachi was more painful...
Your Average Joe
The problem is that other ISPs exist that do not care, and that we are all connected to one single Internet.
This is true, but technology exists to filter harmful content at the borders of a given ISPs network (known exploits, spam, virii, etc.). It's implemented with varying degrees of intelligence among ISPs.
So even when you are at a ISP that cares about these things (I am), you still suffer from the million PCs of users at ISPs that don't care, and there is nothing you can do about that.
I disagree. There are many steps you can take to minimize your systems' exposure to harmful content, such as an updated antivirus, spam filtering (on the server and the client), and a correctly configured firewall. I agree that these steps shouldn't be necessary, the problem should be prevented before it's created, but that's like saying you shouldn't have to carry an umbrella because it shouldn't rain.
So an ISP should be required by law to care about this.
In a perfect world, a law could be created and enforced that would acheive this. We don't live in a perfect world. The government tried to do something about one aspect of this problem with the CAN-SPAM act, which has been loudly criticized as a deeply flawed piece of legislation that not only doesn't accomplish what its writers intended, it in fact makes the problem WORSE by giving spammers the right to email anyone once with any campaign they choose, with the only condition that they give you the option to not receive any more messages related to that campaign. Expecting spammers to be discouraged because they're doing something illegal is like expecting your dog not to pee on your rug if you don't let him out.
Don't say it can't be done, my ISP does it and others do.
Yay for your ISP. I'm glad someone in the business world gives a damn about the quality of the product or service they're producing. They're in the drastic minority; most businesses (including ISPs) only care that the money keeps coming in faster than it goes out.
The facts of life in this case are these: Millions of vulnerable machines are connected to the Internet, through a combination of Microsoft's "swiss cheese" approach to security and user ignorance/stupidity. ISPs are unwilling or unable to do anything about zombie machines, either because of resource limitations or incompetent management. To say government is incompetent in this area is like calling water wet. All you can do (until the ISPs figure out a way that curing the situation could make them money) is protect yourself as best you can.
Never underestimate the power of stupid people in large groups.
I recently cleaned a machine from a neighbour, who asked me about the dangers of spyware. When I told them what could happen (I gave the classic example of online banking login), their reaction was: "oh, we're not that rich, who would steal our money?". What the???
As long as you can't force users to do something about the situation, you're nowhere. And to force them, they have to do something wrong.
The best thing would be to disallow them access to the Net on an ISP level, like another poster already pointed out.
There are many steps you can take to minimize your systems' exposure to harmful content, such as an updated antivirus, spam filtering (on the server and the client), and a correctly configured firewall. I agree that these steps shouldn't be necessary, the problem should be prevented before it's created, but that's like saying you shouldn't have to carry an umbrella because it shouldn't rain.
Of course I have taken all measures to be sure I do not get the bad guys on my system. I use Linux, filter for dangerous content, run a firewall, etc.
But this does not prevent me from receiving one hundred spam mails per day via compromised systems (which are rejected but still cause lots of logging and traffic), plus many more attempts to connect and portscan.
Also I have had to abandon a domain name because spammers have chosen to use it as a From address in their spams. I have had to set the MX record to localhost. When I try to set my own system as MX host, I get bombarded by bounces (thousands a day).
This is also caused by careless ISPs. A reasonably managed mailserver would not accept mail from a source address that has its MX set to localhost, but they do.
Finally, some of those virus infected systems are spreading their virusmail with my valid mail address as a sender address (because it appears somewhere on those systems). Others may think I am spreading that. I want to stop them from doing it but the ISP does not give me contact information and I have no way to force them to stop misusing my name (mail address).
I agree that a law is not the first choice to rectify such situations, but it may be the only way to make the ISPs do something. It does not matter so much that the government is incompetent, what matters is that I can send a letter or mail stating "you are required by law to take action so please do so within an X amount of time or I will take legal action".
But see, this is exactly the point I'm trying to make. How is anybody supposed to know if they are secure? I'm a pretty smart guy and I'd say intermediate knowledge on networking and security, but I haven't got a clue how to check if my PC has been breached. Obviously ZoneAlarm reports unexpected incoming and outgoing traffic, but a number of programs need to pass through, like web browsers and P2P.
So I'll ask the question again. Is there any software out there to check if a PC has been breached? Obviously the honeynet project has some of their own, but what about the rest of us? Do I have to become an expert and write my own code? (If the answer is yes, we're doomed.)
Oh, as a side note, the 2 firewalls has nothing to do with being more secure. Both the server and router come with firewalls. The server is necessary because it serves our webpages and email and the router is necessary to attach more than one PC.