Slashdot Mirror
Internet Security Warnings
Juha-Matti Laurio writes "Internet Storm Center's Diary reported today: Due to a number of very well working Windows exploits for this weeks patch set, and the zero-day Veritas exploit, we decided to turn the Infocon to yellow. The following Internet Threat Level meters are at level 2/4 because of Windows Plug and Play vulnerability's several exploit codes too: Symantec ThreatCon as a part of global DeepSight Threat Management System saying Increased alertness and Internet Security Systems X-Force with Increased vigilance at AlertCon."
Eh, just wait for Vista.
Oh, but of course that's a troll, so I've gotta say something constructive.. Microsoft's been doing a lot better with security now that everyone on earth is making a buck off of "securing" Windows. As more and more security-related technologies such as antivirus, firewall and antispyware make their way into Windows, however, lots of these companies will die or be bought by MS, and they'll be held a lot more responsible for security, and thus, when Vista rolls around, security is likely to be absymal again. Maybe it'll be just what's needed for a huge evacuation from the MS dependency...
Here's for hoping..
"Victory means exit strategy, and it's important for the President to explain to us what the exit strategy is." G.W.Bush
In other words.. the alert level tends to stay stubbornly at green unless there is a real issue - the ISC is usually extremely conservative about threat assessments. If they've raised the alert level as a precaution then it's definitely time to take notice.
As for me.. I check the ISC at least once every day to see what emergent threat are out there. There are also a number of tools you can use such as a small Windows app that can help to inform you when the threat level changes.
It's worth having these tools - when Sasser came out I'm pretty sure they saved my backside.. because in that case the short amount of time between the vulnerability being announced and the worm coming out was so short that many organisations hadn't even started patching. Thanks to the ISC we managed to get almost everything secured in a day, so when the inevitable rogue laptop user physically brought a worm infected machine into the office, then we managed to contain the outbreak effectively.
Never email donotemail@WeAreSpammers.com
The current threat level is brown - meaning that I don't give a shit. Just patch your systems when the patches are available and you should be good to go. Your users are a much bigger threat than the new exploits based on vulnerabilities that have already been patched.
If you don't want crime to pay, let the government run it.
How long until that "uber-virus/trojan/worm" comes out that deletes the hard disk contents of millions of PCs? On one hand, that would be a great day, because then people would truly pay attention to security and Microsoft would get the attention it deserves.
On the other hand, it would be bad for obvious reasons. But, IMO, it's only a matter of time. What color will the Infocon be then?
bash: rtfm: command not found
What are the chances of Microsoft making a secure anti-virus or a secure anything? Remember their last "security push?" 1 month of "emphasis on security" isn't a magic wand to fix 20 years of code; nor will it change the underlying corporate culture. It was all for the media. And they ate it up, being too lazy (or too addicted to free meals - see the story on groklaw about that) to bother telling the truth. http://www.groklaw.net/article.php?story=200508121 9304040 or, for those too lazy to click, Microsoft is offering free pizza:
Anyone guillible enough to believe there really is such a thing as a free lunch deserves what they get.Isn't "color-coded threat levels" an excessively paranoid way to describe what we've always known as outdated, buggy software? This kind of representation paints a very fake picture -- as if those "threats" are a given and that all we can do is "try to protect ourselves", when in fact what we're dealing with is simply the result of flawed operating system design. These threats are only symptoms, not the root of the problem. I wonder who benefits from making people focus on the former instead of the latter.
The filesystem is the package manager
I don't think the alert level has been below yellow since the system was invented, and I've never heard such a thing. There are occasionally announcements saying somehting to the effect of "we're being particularly vigilant right now", but I'm not sure that's tied to anything.
You do get searching of vehicles at the airport entrance when the threat level is orange, however, or at least of vehicles with ferners in 'em.
None of these color codes is intended to be useful to the common man - they're indicators for security professionals, in whatever field is relevent. The media can't go 3 days without a "crisis" however, so they're good for a scare on a slow news week. I'm not sure why people still pay attention to media hysteria, but apparantly it still gets ratings.
Socialism: a lie told by totalitarians and believed by fools.
Windows bigots are fond of pointing at Linux and Apple as each having 5 percent of the market, and therefore are "loser OSes that can't do anything".
So ok, let's use that number, just for shits and giggles. If popularity of OS == abundance of malware, let's do some math.
Depending on who you ask, there are between 60 and 70 THOUSAND Windows viruses, trojans, etc.
I'll use the low number, just so nobody can accuse me of bias.
5 percent of 60,000 is 3,000.
Where are the THREE THOUSAND viruses that should be out there for Linux or Macintosh? Last I looked, there were 7 for Linux, and NONE of them were active.
So it's more complicated than just popularity. There are other factors, and I'll let you guess as to what they are.
--
BMO
I'm sorry, but if I have to take stuff seriously, can someone put it in plan simple english without these threatening big brother buzzwords?
"Internet Storm Center"
"turn the Infocon to yellow"
"Internet Threat Level meters"
"Symantec ThreatCon"
"DeepSight Threat Management System"
"Internet Security Systems X-Force"
"AlertCon"
Sounds like a bad CIA / X-Men / Matrix rip off movie.
people who blab that shit generally have no real technical insight into why these worms become such a problem. thats why the fall back on "windows is more popular, therefore it has more attackers" what they view fails to take into account is there are millions of linux boxes installed on fat pipes doing unoffical mail servers and website, they DO MAKE A BIG TARGET. as an attacker why would i care about infecting someones cable internet with a shitty 25kb/sec upstream, when i can infect a linux box with 100mbit upstream? and i simply don't buy these market share figures, they are all bogus. how do they manage to take into account for boxes built and installed by admins themselfs? those figures of 5% only take into account PURCHASED systems. so as you can see, the idea that windows has a much larger virus potential is bullshit.
If you mod me down, I will become more powerful than you can imagine....
Generally speaking, not getting media is a choice you make when ordering the machine (at least in the case of Dell). I know some companies don't offer you the choice, and maybe that's one of the OTHER reasons to never buy from Dell as a "Home" customer..
Sometimes it doesn't even save you money on your machine, but we all know it increases their margins a little bit - which adds up.
I do happen to do professional tech work, and since I also run into the "what package of documentation and CDs?" problem - I just keep copies of the OEM CDs, as well as the retail versions.. Everytime I see a new slipstreamed version come through, it gets imaged..
That way - I can use my loaner media, and their CD key (which is supposed to be attached to the machine).. There is nothing illegal about doing that, since they obviously have a license to be running it.
- Joel
Erm, it DOES affect your powerbook.
IIRC we're all plugged into the same internet. A potentially mid to high level set of Windows exploits raises the *Internet* Storm Center's alert level to yellow.
This should tell you something. Ideally it should tell you that when X million Windows boxes are exploited, that there will be a noticeable degradation of quality or service on the internet. That the resultant poor quality traffic and noise created by a large scale (poorly written) worm will degrade the connection your PowerBook is enjoying.
Don't ever forget that we're all in the same boat, and it does little good to sit at the stern and laugh at the suckers at the bow as they dip gently under the water for the Nth time.
Damn, I posted, and I had mod points to burn too.
Doesn't every ISP already have the typical windows ports blocked already?
I mean, in every one of my routers I block 135-139,445 TCP/UDP. (Yes, I know, there's one or two that aren't windows specific, but its easier on the FW rules considering its exceedingly rare for any legitimate traffic to go over the 'net on 'em)
Maybe the yellow alert is warrented, but imo its jumping the gun. And to those network admins who haven't gotten the hint yet and blocked those ports, DO IT NOW! Thanks. Oh, and while we're at it, make some decent anti-spoofing filters too, huh? Only things that should be leaving your network are *your* ips, and conversely the only things entering should *not* be yours. Lets all work together to make a better 'net huh?
Fucking hell! Is your second name Sisyphus? Plus you're doing half-assed stuff like sorting by file date and automatically overlooking old files?
Save yourself some of your lifespan dude and do what's the only right thing to do to a compromised machine: reinstall from fresh media.
Of course it runs NetBSD. BTC: 1NT7QvbetmANwaMzhpVL6
The thing that really galls me on MS with these issues is the fact that it's THEIR problem, and they issue a security update to patch a product a user BOUGHT under good faith. Then you have to sign your life away/agree to various thing MS can do to your machine to apply it - as if it's YOUR fault and not MS's onus.
I think you just have the wrong approach. If you don't reeducate the people who's computer you're trying to salvage then you're only punishing yourself since 99% of the time they themselves caused the infections and as soon as you turn your back they'll reinstall that cute "dancing pigs" screensaver that comes with 10 trojans.
It's easy to blame Windows/Microsoft/whoever but if you're honest you know that most of what's there is there because of their doing.
Get them a software firewall, or if you can convince them of the value, a home broadband router will go a long way.
Then sit them down and teach them how to install programs using alternate credentials so they can run under a LUA all the time. That takes care of most of it.
Then convince them not to blindly click or answer 'Yes' to everything that comes their way (by far the hardest).
I only had a few who didn't want to take the trouble and for those I simply told them they were on their own from then on. Everyone else has been clean ever since saving me countless hours regardless of whether they went with Firefox or preferred to stick to IE.
I haven't gotten to the point where they'll all update Windows or some other program when I mail them saying they need to but even so they manage to stay safe still.
The thing is, the whole claim that OSS has inherently better security has been exposed as hype for a long time now.
Some OSS projects have excellent security, because the project leaders place sufficient emphasis on it, and the coders code with that emphasis in mind.
Other OSS projects do not have good security, sometimes not even as good as Microsoft and co.
Consider this: I have downloaded patches for more security flaws in Firefox than for IE in recent weeks. Moreover, the IE patches were offered to me via automatic updates within minutes of being available on Windows Update, while the Firefox patches did not show up as automatic updates for several days after they were available from the project web site in some cases. They even had a whole version missed out of the automatic updates, because somehow a release was made that contained serious bugs of its own, and had to be withdrawn.
This is not intended to be a slam against Firefox; it's great software and the project seems to be run well, the vast majority of the time. Rather, this is intended to demonstrate that nothing's perfect. Trying to convert people from Windows to OSS alternatives, based on security fears, at a time when a worm is circulating, Microsoft has made a patch available, but people haven't bothered installing that patch yet, really is being a used car salesman in the most derogatory sense of the term.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Here are my conclusions about the current Windows threat level:
Today, 173 users of Slashdot will post comments about how Windows security sucks, they've had enough, and they'll be switching their entire corporate network to Linux on Monday. None of them will.
Threat assessment: hollow.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.