Extent of Government Computers Infected By Bots Uncertain

Krishna Dagli writes to mention findings by the company Trend Micro on the extent of bot infection in U.S. Government computers. The article by Information Week indicates that, while the 'original' findings were much harsher, the security vendor has since backed down from some of its claims. Still, the extent to which information-stealing software has penetrated our national infrastructure is enough to take note. From the article: "While it may be tempting to discount the warnings of security vendors as self serving--bot fever means more business for Trend Micro--there's unanimity about the growing risk of cybercrime. In its list of the top 10 computer security developments to watch for in 2007, released last week, the SANS Institute warns that targeted attacks will become more prevalent, particularly against government agencies. 'Targeted cyber attacks by nation states against U.S. government systems over the past three years have been enormously successful, demonstrating the failure of federal cyber security activities,' SANS director of research Alan Paller says in an e-mail. 'Other antagonistic nations and terrorist groups, aware of the vulnerabilities, will radically expand the number of attacks.'"

No Problem...

[Scoth]

Just get some draino for those tubes!

Re:No Problem...

[sanguisdev]

don't you wish the Internet was more like a dump truck, you could just wash it down w/ a good stream of water when it got to dirty. the the Series of tubes that is what the Internet is made up of needs a very special pipe cleaner called, firing the person using the Gov box to surf in site that have bots for adverts. and then to top it all you need to get a filter to catch all the pubic hairs(bots),that come off while computing w/o pants on. that damn series of tubes. so hard to maintain

Not only governments, but enterprises at risk

Most of cybercrime is just the ole criminal activity for financial gains. This is often underestimated.

http://www.verkiezingen2006.nl/

Other antagonistic nations?

'Other antagonistic nations and terrorist groups, aware of the vulnerabilities, will radically expand the number of attacks.'"

You mean anagonistic nations other than your own?

Why, that means

[Geminii]

- we have a new excuse for legalising illegal wiretapping and making it mandatory for Americans' PCs to spy on their owners! Because if we don't, those strangely elusive terrorists will have won. Again.

Re:Why, that means

[Doc+Ruby]

That would mean holding government people to the same laws as civilians. When do we do that?

Re:Why, that means

[thrillseeker]

That would mean holding government people to the same laws as civilians. When do we do that?

Daily.

Re:Why, that means

[Entropius]

If we did that, Bush would have been executed a few years ago.

Wouldn't it be fitting...

[HikingStick]

Wouldn't it be fitting if TM discovers, after its review of those 6TB of data, that the majority of bots are operating from within their own network, and from within those of their peers in the security industry. It would be a fitting irony.

Re:Wouldn't it be fitting...

[Hijacked+Public]

But they would never 'discover' that, because they can't sell themselves or their peers security software. A more newsworthy headline, even aside from the fact that 'Extent of Government Computers Infected by Bots Uncertain' really has no relevant meaning at all and anyone who paid to get a report with that title should demand a refund, would be if a security software company audited someone's machines and reached the conclusion that no, you do not need to buy anything from us.

Granny != Uncle Sam

[Rob+T+Firefly]

Insert the standard grumbling about government mismanagement and IT provided by the lowest bidder, but this is really extra sad. If people like me can keep bots off our grandmothers' computers for the low, low price of a smile, a hug, and some melted sweets which date back to the Carter administration, why can't the people who built the damn Internet manage?

Re:Granny != Uncle Sam

[rwhamann]

Because many of Uncle Sam's employees have the tech skills of granny. Just like a home users, convenience often trumps security - "don't break the mission!"

Re:Granny != Uncle Sam

[mad_minstrel]

Because nobody wants to be hugged by 50 year old suits?

Re:Granny != Uncle Sam

[rahrens]

"No generalization is worth a damn, including this one." - Oliver Wendell Holmes.

Neither is yours.

I work for a Federal agency (see my post below) and we have a large number of skilled IT workers (some as contractors, some as Feds) that diligently keep our network up, running, as as safe as several million dollars a year can manage.

For your (and the parent poster's) information, it is not as easy to manage millions of computers spread over the entire globe and keep them as safe as your granny's PC. If you think it is, then you need to find another profession.

Every Department is separately managed and funded. They all have different tasks, goals and operational requirements. Funding is and has been for years, getting slimmer and harder to come by. Virtually every government agency is underfunded just for core operations, never mind little things like computer operations.

If you think this is easy, then try working with us for a while; you'll not be so glib in just a month.

Re:Granny != Uncle Sam

If you think this is easy, then try working with us for a while; you'll not be so glib in just a month.

I think it could be easy if the bobos in charge actually had any interest in getting things done the right way. It's not your fault you're in bureaucrat hell in a department that the suits up front don't even like to admit to needing. They're the ones with growing up to do, maybe some day they'll actually realise what it takes to run networks without cheaping out on the skilled people necessary or forcing them into nonproductive procedures. If that ever happens, you and your compadres can be as glib as you want, because shit will actually be working for a change.

The OP's granny knows the right way to do things - get someone skilled and trustworthy in to handle it,in the way they know how best to do it. She could teach the gov quite a few things, if they weren't so bent on trying to look like they know everything when really they're still thinking it's all magic tubes that should "just work."

Re:Granny != Uncle Sam

[boyfaceddog]

Interesting and true (sorry, no mod points right now).
As someone who has worked for a government agency before, I can vouch for how cash-strapped these places really are. Money goes to wages and health care and very little is left for other things. Granted, the USA Government should do a better job, but given the amount of red-tape involved in contracting the IT dept (clearances, call-out times, safety assurances) it is a wonder the PCs work at all.

It would be great if we could all go into the government with our skills and tools and just fix things, but we'd never get clearance to work on the PCs. Its a catch-22 that we don't need clearance to infect a government PC and steal the data, but we need it to fix the PC and keep other people out.

Re:Granny != Uncle Sam

[rahrens]

I think you need a reality check.

The US government is a large, diverse entity with over a million people working for it in places all over the world. It takes a lot of money to make it work, and as with any government, that money has to be coerced out of the population by law; You don't pay for services, mostly, as you would from, say, your local air conditioning service company.

In a lot of ways, I agree that many of the people, especially in Congress, fit your characterization, as do a few government managers. But by and large, most do not.

Sure, there are managers that don't always focus on the right ways to do things, often becasue they're looking in the wrong direction at the wrong time. But under the current fiscal constraints the government is working under, almost all agancies are working under very tight monetary conditions. It isn't easy for many agancies to just do their core mission, much less things Congress considers fripperies.

As always, it isn't easy to get the management to understand what we in IT need in order to do the job that they ask of us. They are not, after all, technically oriented. We, on the other hand, are technically oriented, but not always able to properly communicate to them in language they understand just what we need. So the wheel turns, and things some time go to shit.

But guess what? Things do that in private corporations, too! Or don't you read the news?

if you want to gripe, gripe about managers everywhere, not just in government.

If you'd read my posts, you would see that in my agency, the management is actually paying some attention to us, with good, predictable results.

Re:Granny != Uncle Sam

For your (and the parent poster's) information, it is not as easy to manage millions of computers spread over the entire globe and keep them as safe as your granny's PC. If you think it is, then you need to find another profession.

If it isn't easy then you shouldn't do it. Seriously. If *you* find it hard to to manage millions of computers, then you shouldn't be managing millions of computers. Nobody should. No one person should be directly managing more than a few hundred or thousand computers at most and then they should be using the appropriate software tools. I know what you meant, but it is important to be clear about who is responsible for what in an organization as big as the US government and the associated institutions.

This isn't a problem of computer security, but a management issue. Delegation of authority is what management is about. The problem of keeping some computers and a network relatively secure is not the problem. It is putting a management system in place to be able ensure uniform best practices across the bureaucracy which is at issue. It seems far too easy for networks of hundreds or thousands of computers to go without appropriate computer security personnel for extended periods of time. Transitions are also a problem, with computer security being a very unrewarding area it seems that people are moved around with some frequency. There is nothing about computer security that is inherently hard, but the difference between good management and bad management is so little that it is hard to tell the difference until the effects are felt some time later.

Re:Granny != Uncle Sam

[rahrens]

I can see you don't know much about your own government, if you are American.

What part of "large" and "diverse" don't you understand? The US Government is comprised of a number of cabinet level Departments, each of which is separately managed and funded. That means nobody is managing more than you said. Some Departments even are sub-divided, such as the DOD, making it even less centrally managed. Don't put words in my mouth.

What I said wasn't a complaint, it was a statement of fact. It meant that the task isn't the same as managing your granny's PC, so you can't compare the two. It wasn't about "me", either.

So the management environment in the Federal Government is going to be mixed. Some are better managed than others, obviously, judging by the results we see.

The issues you relate in your second paragraph are true, and common to any large organization. So read the news, and realize that these problems are comon to all sectors of the economy. This article just focused on the Feds, but since we use the same technology as the rest of the world, we will face the same issues.

Re:Granny != Uncle Sam

[mac84]

The people that built the damn internet don't manage the systems any more. Take a gander at OMB Circular A76 (for those that don't know and don't care to llok it up, it's a directive from the Office of Mangagment of Budget that directs agencies to contract out for their help). Bid out all your IT administration to the low bidder and see what happens. Right now if the agency I work for buys me a new Dell, the IT contractors may get around to configuring and installing it for me within six months. It's obsolete before it ever makes to my desktop. And they won't give a senior level electrical engineer administrative rights to his own desktop, so you can't do it yourself.

Bots accounting for questionable browser habits

[Neil+Watson]

How many of these bots are there to generate hits for porn sites thus making the employees look bad?

Re:Bots accounting for questionable browser habits

[Plutonite]

Good point. Maybe this has been slightly exaggerated then, and I don't have a reason to be so pissed at the govmint people after all.

It's the bureaucracy that's the biggest problem

[elrous0]

As someone who has worked in government IT, I can tell you that the biggest problem that we faced security-wise was the bureaucracy of the government. Want to hire a consultant, buy a piece of security software? Then you have to go through the long and arduous procurement process (forget any nimbleness or adapatability). Want to fire someone who is incompetant? Forget it (firing anyone is a HUGE pain in the ass, especially in the federal system). What you end up with in government IT (and, hence cyber-security) is often a bunch of guys used to doing the same thing every day; never learning anything new; who have grown burned-out, disenchanted, and cynical with the whole process.

-Eric

Re:It's the bureaucracy that's the biggest problem

[P3NIS_CLEAVER]

The biggest problem is that people mention 'goverment computers' with this huge blanket statement. Goverment agencies are not connected to each other (except by the internet) and they are all run differently, with different policies and safeguards. Different sites might not even be connected in the same organization. There may be vulnerabilities in certain areas but they aren't necessarily systemic.

Re:It's the bureaucracy that's the biggest problem

Pssst. This is slashdot, maybe you didn't get the memo, but the government is the solution to every problem. The bots are only there because Bush is a moron and because Karl Rove is secretly using the bots to dupe the American public.

Re:It's the bureaucracy that's the biggest problem

I worked as a sysadmin, as a government contractor, for 6 years until I escaped. I certainly have to agree that bureaucracy is a pain, and they don't get rid of dead weight fast enough (which leads to spreading rot, as only the mediocre remain), the biggest problem for me was mandates without funding. We had an enormously expanded security burden since 2001, but little money to fund it.

For me, this was an opportunity. Don't want to pay another agency $40,000/year for vulnerability scans on 250 computers? I'll build Nessus, and provide the reporting for free (or under my regular salary). Increased concern about unauthorized access? I'll build a snort box, and check the traffic. I learned a bunch of hands on stuff that way.

The other big bureaucratuic problem was the constant struggle for more power between managers. I worked at a site away from D.C., but my Cabinet level organization's CIO decided she wanted to centralize IT in D.C. I left before my site was borged, but what I've been hearing is that the centralization and power grab is halted, because they ran into a bunch of problems and couldn't pull it off. Unfortunately, this happened after many man hours of work were wasted.

And Yet Still Windows

[blueZhift]

I know it's always fashionable to bash Windows here on /., but stories like this really do beg the question of why the government is not seriously looking at a more secure operating platform. In particular, while Linux is not perfect, it would be much less likely to fall prey to the ills that are epidemic on Windows without much, if any, added cost post transition. I suppose someone will have to die before getting off of Windows is seriously considered, if even then.

Re:And Yet Still Windows

HA

Do you know what govt agencies have to go through to approve an upgrade from Word 2000 wo XP? And you want them to change a whole OS? hahahahah! Nottice I said "approve". They can buy the stuff all day long, but can't install it without jumping through 1000 hoops. :)

Re:And Yet Still Windows

I say this all the time - the response is always the same - I canhold MS responsible when somethig happens - there's noone to hold responsible when OS breaks. I've been trying to get Firefox authorized - no dice.

Re:And Yet Still Windows

[ibbo]

Bloody hell you would think they would promote an OS that such vulnerabilities were hard to work on. I am flabbergasted that red tape can prevent such a common sense solution.

But then i suspect MS and the US gov are in bed together anyway.

Re:And Yet Still Windows

[enharmonix]

In particular, while Linux is not perfect, it would be much less likely to fall prey to the ills that are epidemic on Windows without much, if any, added cost post transition.

I am not convinced that OSS is really all that more secure than closed-source software. Not saying Windows is not vulnerable (otherwise we wouldn't be having this discussion), but let's be realistic here. The cheif advantage to OSS is the peer-review process, but in a large company like MS, peer review is probably mandatory as well. If you actually look at some of the technology coming out of Redmond, it's not a thousand monkeys banging on keyboards.

I think the real reason that you see so many security vulnerabilities is because you have experts (not just script kiddies, but blackhat experts) trying to break into Windows on a daily basis. Now ask yourself, how many people really concentrate on inflitrating Linux? Yeah. Not that many. The main (but certainly not only) reason Linux is so secure is that people just don't bother exploiting it. The same argument people use about Mac security applies here as well. If Linux took over 90% of the world's desktops and was used to in the majority of US government infrastructure, I bet you'd see a disproportionate number of vulnerabilities and exploits of Linux. Brain teaser: Would Windows be more or less secure if malware authors had access to the Windows source code?

Anyway, I'm not trying to start a flame war by saying Linux's security <= Windows' security. Another of Linux's strengths (and a weakness as well) is its diversity. An exploit will probably only work on a fraction of the boxes exposed. But with One Distro To Rule Them All (i.e., Windows XP, with Automatic Updates), you've got near zero diversity in the genepool. To ensure maximum application compatibility, MS has also ensured maximum malware compatibility. So I think the answer to the Fed's (and public's) problem with malware is to diversify the computing environment.

Re:And Yet Still Windows

[maddskillz]

The problem is, the employees will not be able to use it. To us, using one operating system or another isn't really a big deal, but to your average office worker, it's a huge shift.
I have seen users struggle to use XP after learning windows 2000. To the average computer person, there is no learning curve, but to these users, it's completely different.
Now, try and do the same thing with an operating system that is truly different...

Re:And Yet Still Windows

[Lumpy]

Because they typically will not pay enough for competent IT staff and admins.

Government IT jobs are some of the lowest paying and have the absolutely lowest job satisfaction. Government does not want idea people, they want people that will do what they are told without question.

I know, I was there. Started my career as a Government IT employee. Hated it badly, and could not stand the supervisor that knew nothing about IT yet constantly micromanaged us, even telling us to do things that are insane-wrong then yelled when we did exactly what we were told screwed up something. I got my kicks out of listening to the council meetings where he tried to sound like he knew what was going on and knew his job while he threw around random acronyms. Many a public audience member snickered at thigs he said that were way off or nuts.

Funny part was I almost had him approve naming a new file server "PHUCK".... that last week there was the most fun I ever had :-)

Gawd working for Govt sucked, working Govt IT sucked even more.

Re:And Yet Still Windows

[Sloppy]

I think the real reason that you see so many security vulnerabilities is because you have experts (not just script kiddies, but blackhat experts) trying to break into Windows on a daily basis.

That may be an aggravating factor, but it's definitely not the main problem. Windows' biggest problem isn't just that it's proprietary software -- it's that it just plain sucks even within the realm of proprietary software. It's the one platform where

• Web browser was designed to download and execute binary code from web pages. I'm not talking about accidents and bugs like buffer overflows -- I'm talking about an intended feature. It's horrifically dangerous on purpose.
• Mailreader executes attached scripts (supposedly this is mostly fixed nowdays?)
• Word processor and spreadsheet execute macros when loading document -- and those macros can do just about anything.

These aren't merely bugs that Microsoft failed to catch before the product shipped. Free vs proprietary software issues aside, Windows is dangerous by design. It's not just about lack of peer review or poor code quality. It's about trying to serve interests other than the users'. Switching to anything, even other proprietary systems, would almost certainly be better, because the above "features" are things that nobody else would dare to implement.

If another platform were as dominant as Windows and there was still a lack of diversity, the situation wouldn't be as bad. Whether it were free software such as Linux, or a proprietary system such as MacOS, you'd still have a different situation. Bugs would still exist, and vulnerabilities would still be found. But the software wouldn't be designed to treat external (and therefore potentially hostile) content as executable code. You just can't do worse than Windows.

Re:And Yet Still Windows

I'm so tired of hearing this argument. If IT sets up the Linux pc's with a standard setup (using KDE) for all users with all necessary software pre-installed I doubt "your average office woker" will notice anything more than that the start button and the screen looks a little different. They might not be able to install their favorite spyware laden screensavers and the like but from IT's point of view that's a plus anyway.
Most struggle along with the default setups in whatever software they're using despite the fact that 5 minutes of simple tweaking would make their day to day use of the software much easier. They click on an icon to start their programs and save files wherever that program saves them by default. If the icon is gone a lot of users can't find their programs in the start menu.
Switching to Open Office or KOffice or some such won't be that big a deal. Only a tiny percentage of Office users use anything more than the simplest of features. Hell, most older accountants would still be using Lotus 1-2-3 for DOS if it hadn't been taken away from them.
I had trouble getting users to switch from IE to Firefox until I changed the icon from the Firefox icon to the blue e. After that there was almost 100% Firefox usage without my hearing any complaints.
As long as the company's main product software can run on Linux (that's a big if, I admit) or users can use something like VNC to access it the users shouldn't have any major issues running Linux. They might even really get to like some of its features. And IT will be much happier not having to deal with user caused security and/or performance features.

Re:And Yet Still Windows

You can't hold Microsoft responsible. Read the EULA.

Support for Firefox
InfoSpan (http://mozilla.infospaninc.com/mozilla%20-%20Mozi lla%20Support.htm) - Telephone support at 1-888-586-4539 is available for Firefox 0.9 and above, Thunderbird 0.8 and above, and final Mozilla release versions 1.5, 1.6, and above. $39.95 per incident.

Getting Linux bugs fixed
Just report the bug. Even without paying anything, it'll probably get fixed. Just like with Microsoft.
If you pay RedHat or someone else for support, it will get fixed. Just like Microsoft's extended support options.

Re:And Yet Still Windows

[Rick17JJ]

I don't entirely disagree with enharmonix's point about Windows being a more widely used target, but a large percentage of all webpage servers already do run Linux and already exist in large enough numbers. I do not work in the computer field, so I don't know how Apache webpage servers running on Linux compare to Windows IIS webpage servers, but why aren't there any Linux viruses or worms designed for them. I use Linux on my computer at home and it is still almost unheard of for a Linux computer to get infected with viruses or worms. Furthermore, I have never heard of a Linux user that got spyware from visting a website or from clicking on an email attachment. With all those Linux webpage servers out there why hasn't anyone yet been able to develop a Linux virus that is actually capable of circulating in the wild? Most Linux programs, users and background services run with limited permissions. There is also a lack of support for webpages and email attachments that use Microsoft's ActiveX technology. The various Linux browsers and email programs also don't automatically run executable code like Windows sometimes does.

There is also greater genetic diversity in Linux. As enharmonix also mentioned "an exploit will probably only work on a fraction of the boxes exposed." Linux users use a variety of browsers, email programs, package management systems and different versions of the kernel compiled with differently with different options. By comparison Windows is an inbred monoculture.

This is not to say that Linux is perfect, security patches are usually downloaded regularly, unnecessary services generally are not run and of course a firewall on a router or the computer is nearly always configured to block as many unneeded TCP/IP ports as possible. Various other things should be done too, but not being a computer professional I won't try to suggest what. I wonder how Vista will compare? With almost unlimited money, time and a large number of the worlds best programmers I am surprised that Microsoft hasn't already solved most of their security problems by now.

Re:And Yet Still Windows

[Millenniumman]

The main (but certainly not only) reason Linux is so secure is that people just don't bother exploiting it.

That's not true. Linux has a significant market share for servers (%30, I believe). It is hard to exploit.

The reason Linux/BSD/OS X is more secure than Windows is because security was a larger factor in its design. It is very difficult to secure a huge software product that wasn't designed to be as secure in the first place.

It's just the Patriot Act

[Yfrwlf]

Spying/eavesdropping/wiretapping? That's just the Patriot Act, come on. You guys made it legal yourselves, and now you're complaining when others do it back to you? Maybe I'm concerned about terrorists running this country, so I should be able to eavesdrop on all government communications. That's the same fantastic excuse you guys use, fair is fair.

Isnt just 1 bad

[dalewj]

I hate to complain, but in certain places isn't just 1 hijacked machine considered to be, too many? If that 1 hijack is on a machine connected to personnel files, military files, or population files then the data that could be stoeln could be huge. I cn imagine someone who has purchased a million or so hijacked machines would try to use some interesting tools on every machine just to see if 1 or 2 of them show good secure government data.

This scares me, i don't care if its 1 machine or 10,000 machines.

Budget cutbacks and incompetence

[RingDev]

I used to work both as a consultant, and an LTE for a department of a state government. I did software development, all of our Network resources were managed by the Department of Administration (DOA, appropriately enough). DOA may have started out as a good idea, one centralized agency that maintained licensing, contracts, support, purchasing, etc... But cutbacks led to them continuously cutting pay and positions. By the time I left, the only representatives from the DOA that I knew of were two LTE college students, and one former manager who took a demotion to a tech position to stay employed (which just happened to bump one of the last skilled technicians out of the department).

Anyways, under their watch we had numerous security breaches. One of our servers was hosting a child porn collection and IRC channel. Another server had been crippled by viruses, and we had seen other signs of intrusion time after time. The child porn server was confiscated by the FBI when they tracked it down. They returned the server to the DOA when they had finished so that the DOA could learn from the breach and correct the security issue, but there was no one employed with the DOA who could identify the failure or what to do about it.

Anyways, my rough guess is that given what I've seen of state networks, I would think they are heavily botnetted. The other side of the public sector though, atleast the Marine Corps network, is a pretty impressive setup. I've seen those guys in action and I would be extremely suprised if there is a lick of traffic that escapes their pipes with out their express knowledge.

-Rick

Re:Budget cutbacks and incompetence

[Fr05t]

"I've seen those guys in action and I would be extremely suprised if there is a lick of traffic that escapes their pipes with out their express knowledge."

I'm terrible with conversions, but isn't 1 lick approximately equal to 142 bytes?

Re:Budget cutbacks and incompetence

[RingDev]

Unfortunatly, I'm not finding anything good on Google when searching for Lick to Byte. I could probably increase the responses by turning off safe search though...

-Rick

Re:Budget cutbacks and incompetence

I think you have it backwards. I'll use your numbers. Assuming 142 Licks to get to the center of a tootsie pop, this is the equivalent of one byte.

this takes $$$ time and energy

[rahrens]

If an Agency is willing to spend the money, time and energy to put in place the protections that the typical Government information system deserves, this wouldn't be a problem.

My agency uses a multi layered defense to protect us against these issues. There are network level protections, PC level protections and desk-side support level protections. We also regularly send out warnings about current threats as well as require personnel to undergo annual IT security awareness training.

Individual PCs that are found to be broadcasting unknown signals to unknown or unverifiable outside destinations are removed from the network and reimaged immediately.

If, from a complaint to the help line, we find that a PC is infected with spyware, we don't even try to remove it; it is immediately reimaged.

We have instituted a locked down desktop policy; users are NOT allowed admin access except through application to a special committee for good business cases, based upon the use of special software that requires such access to run. We bend over backwards to alter those situations to avoid that access whenever possible.

Laptops are imaged using an image that is encrypted using a good encryption program that encrypts the entire hard drive using a 512 bit key, and NO laptops are allowed to be bought without going through our recieving process where that image is installed.

We have spent millions of dollars of your tax money in the last five years bringing this system online, but now that we have, we believe that we have as safe a system that we can get without just unplugging it or spending twice as much.

We don't have classified material, but we do have information that is confidential by law and must be protected from public release. (proprietary information belonging to firms we regulate.) This limits the measures we need to use, since classified material requires a completely different level of protection.

If the VA had used a system like ours, they would never have been embarrassed by the recent theft. The theft may still have occurred, but the information would never have been at risk.

It is not a perfect system, and it takes constant dilligence to maintain and periodically upgrade, but I think we do a pretty good job.

Re:this takes $$$ time and energy

[vertinox]

So um... What exactly do we need to protect with all that security at the United States Forest Service?

Re:this takes $$$ time and energy

[rahrens]

If you work for the Feds you know how the different Departments have differing tasks, goals and operational environments. I'm sure that your employees wouldn't like their SSAN's and other personal information open for all the world to see!

Re:this takes $$$ time and energy

[Terrasque]

Laptops are imaged using an image that is encrypted using a good encryption program that encrypts the entire hard drive using a 512 bit key, and NO laptops are allowed to be bought without going through our recieving process where that image is installed.

I was just wondering, how do you do that? Where is the key saved? Is the user required to type in a 512 bit key every time they start?

If it's saved in hardware, something along the trusted computing stuff, I can understand it. But how many laptops have that?

Otherwise, it brings me a feeling of uneasiness. Let me explain

If the user need to type the password :

• Does the user need to remember the exact 512bit key (the hex equiv)? I bet he's written it down somewhere easily accessible.
• Does the user write in a password which is then hashed? Won't the security hinge on the password, then? A 512bit key is uncrackable, true. But is a 8 char password?
• If the user require to type the password in, is it software based? Can a potential cracker change the boot loader to get the password, type "Wrong password" and then save the pw and give the user the real prompt?

If the user dont need to type the password, where do the system get the password from, and is that storage location safe from a potential cracker?

I've been thinking on securing my own laptop, but the problem is, as long as I dont have special hardware, every idea I've had I would have been able to get around. So I'm curious how you've done it.

Re:this takes $$$ time and energy

[rahrens]

The key is, of course, part of the software that encrypts the hard drive, and yes, is based upon the password. Our agency forces the use of long passwords, from 8 - 16 characters, mandating the use of capital letters, lower case letters, and numbers.

Yes, the user has to type the PW, after all, if it's stored, then it's accessable, isn't it?

Of course the security depends on the PW - it always does, unless one is using biometrics, and that has its own problems.

I've seen some of the mathematical probablitites characterizing just how much brute force it would require to force an 8 character password using the three different character types we force, and since our app forces a reboot after three incorrect tries, no-one is going to force a password. They'd have to guess, and spend a lot of time waiting for reboots while they're at it. I hope they're patient.

The storage location, being in the usrs' heads, is only accessible if they have access to the user.

There are several apps on the market that companies use for this purpose, the one we use is Pointsec. It encrypts the entire HD, unless you have the password, even a separate boot disk cannot even recognize the HD as being a bootable disk; it looks like an unformatted drive.

This program is only meant to protect the data on the HD from theft; the HD can be reformatted and reloaded, but the data on it can only be extracted and read if you possess the password, or have a same numbered version of the encryption program on another mnachine you can attach the HD to AND know one of our admin passwords, which we restrict to a very few top IT people. None of the desktop admins know them, we use a challenge-response system to give desktop admins temporary passwords to administer the laptops.

As I said, the key is, like all such keys, generated by the software based upon something provided by the user, in this case a password. Without that password, you cannot gain access, but this system, like all such systems, depends upon the users to use good passwords. We do what we can to force good password generation, but there only so much any system can do.

Re:this takes $$$ time and energy

[Terrasque]

Ok, a few points.

8 character passwords are in the realm of today's private sector computers. And if you think people will sit at the prompt, well.. think again :p
An attacker would make a backup of the disc, find the encryption used, and start cracking.

even a separate boot disk cannot even recognize the HD as being a bootable disk; it looks like an unformatted drive.

Well, thats how encrypted data should look like. But the machine will need to be able to read it, and for that it needs some software. Which means that there must be something unencrypted a standard computer can read. But that's beside the point.

You've yet to explain how it stops for example a very small usb key, set to boot first, that have this logic: 1st boot, provide a fake prompt, get password from user, save on usb key, display "wrong password", and pass to real pw window. Next boots, skip directly to real pw prompt. (don't do the mistake many people do, center their reply on the "usb" part. it could also have been a cd, diskette, a change in the boot loader for the encrypted program, who knows, some really smart people might have gotten it all in a modified BIOS. Or just attaching a small physical key logger on the keyboard cable. And maybe a few more ways i haven't thought about.) Of course, this would be a targeted attack by determined people. But if you aren't expecting such attacks, then why have all that security?

As I said, I've been theorizing about how to secure a laptop, and every idea I've had, I've also found a weakness that I would be able to use to break it. The only thing I've seen yet is hardware like Trusted Computing.

Re:this takes $$$ time and energy

[rahrens]

Ok, explain to me why he'd need a BACKUP of the disk - he's got the laptop, he's got the disk - the back up does what for him?

"Well, thats how encrypted data should look like. But the machine will need to be able to read it, and for that it needs some software."

Yeah, that would be something called Pointsec. Give it the right password, get in. Works real well. Forces a reboot after every third wrong password.

Just what other software would you use to do your little attack that can duplicate a 512 bit key? ...From a password you don't know? Do you know how many iterations you would have to go after to force an 8 character password using three character types? (lower case, upper case, numbers with an unknown combination of the three types in the password) I haven't done the math myself, but I've seen it. The number's big enough to need scientific notation to express. Good luck and I hope you have a good pension plan.

Oh, and we also have a lot of people that use 16 character passwords, we do allow them that long.

Yeah, you can attack the encryption directly at the bit level, but why? You'd need a real cray computer to do that, and against 512 bit encryption, probably about 50,000 years. Agin, I hope you have a good pension plan.

Some very smart people spent a fair bit of time thinking about just the very things you are when they wrote this stuff. I'm sure, like anything else in the security world, this can be cracked, given enough time and money.

But it'll take a lot of time, and money. For the people that would want the stuff we have, and are likely to have on a laptop, (which is not much, since everything is saved at the network level) then good luck to them in getting it for anything like a cheap enough price to make it worth their while.

Then perhaps you should be looking for a job in the security field, I'm sure they'd fall all over themselves offering someone as smart as you plenty of money. Better yet, offer yourself to those wanting to crack this stuff if you're that smart - I'm sure they'd be glad to throw money at you...

In the meantime, show me another organization similar to mine in size and technology level that's using something better and spending the same amount of money.

I didn't say our security was perfect or uncrackable. I did say that I think we're doing as well as anybody can expect for the money we have to work with. ...And that's better than most.

Safe

[syrrus]

I feel so safe knowing that these people protect me from the "terrorists".

Re:Safe

[goldspider]

I suppose this was inevitable. Of course, there are more federal agencies whose job it is to dole out your tax dollars than there are keeping you safe from those dag-blasted ter'rists.

I suspect those non-military, non-law-enforcement agencies are the biggest offenders of lax network security.

Re:Safe

[Yfrwlf]

If you've been listening to the post-911 Bushisms you should know that you are NEVER safe, remember? We're on CODE ORAGE right now in fact, you should be running around screaming because there's a terrorist RIGHT BEHIND YOU, AAAAAAH!!!! http://www.dhs.gov/dhspublic/display?theme=29

Re:Safe

[aplusjimages]

A better alert system is this one. We never want it to get to Elmo because that is bad news.

The war on cyber terrorism doesn't seem to be of any concern to the current administration.

Why Hasn't Our Government Achieved Better Security

[organgtool]

I think we should be less concerned about the use of government computers in botnets and more concerned about securing personal information. If the government created and enforced security guidelines for all of their equipment, botnets would not exist AND our information would be secure. I never understood why the government gave the NSA tons of money to develop SELinux and then not deploy that software to other government agencies. I know that government employees currently need Windows-only software, but it appears that they haven't made any attempt to find solutions for locked-down SELinux boxes. They could also use AppArmor, virtual machines or chroot jails for software that can not be trusted, read-only file systems, etc. Instead they choose to give most users Windows machines that don't appear to be locked tightly. The ignorance and apathy of our government towards computer security never ceases to amaze me, especially when the Department of Homeland Security is spending billions of dollars and they don't seem to be making much progress.

Possible Cases

[lababidi]

Being that many of my young friends work in the government including in the House and Senate (not as Pages *ducks*), I know they aren't using their heads when computing. They spend about 6 hours a day on a computer probably looking at $_favorite_porn_site . Those computers are almost guaranteed to be infected.

To one Congressional Office's credit (Cliff Stearns), they actually had iMacs setup. I guess that's one step in the right direction.

Even worse

Extent of U.S. Government Officials Acting Like Bots Painfully Obvious

Headline &/or summary should say WINDOWS

[toby]

These problems are endemic to the Windows universe, yet the headline and summary give no clue. Obviously the ignorant market needs more help to make the connection between Windows and unnecessary risk.

If it had been a Linux problem, the headline would have shouted it. Let's give Windows headline credit for its main features: Insecurity and wasted time and money.

Re:Headline &/or summary should say WINDOWS

[LaughingCoder]

Obviously the ignorant market needs more help to make the connection between Windows and unnecessary risk.

No, the ingorant market needs to make the connection between incompetent or overworked system admins and unnecessary risk. Now, Windows may be *harder* to protect than, say Linux, but in the hands of incompetent (or grossly overworked) system admins, neither system is safe.

Speaking of which

[wiredog]

Commerce Department Targeted; Hackers Traced to China

Hackers operating through Chinese Internet servers have launched a debilitating attack on the computer system of a sensitive Commerce Department bureau, forcing it to replace hundreds of workstations and block employees from regular use of the Internet for more than a month, Commerce officials said yesterday.

The attack targeted the computers of the Bureau of Industry and Security, which is responsible for controlling U.S. exports of commodities, software and technology having both commercial and military uses. The bureau has stepped up its activity in regulating trade with China in recent years as the United States increased its exports of such dual-use items to the growing Chinese market.

Hard Break: Simple Solution

[visionsofmcskill]

The Goverment has too much infrastrucutre to just change their operating systems, and far too many potential compromises in the form of hundreds of thousands of employees (millions?). To ask them to make the sweeping and drastic changes to all their agencies wouldnt be a monumental task, it would be a near impossible one. Instead, just pull the plug. That is the internet one. Seriously, completely remove all the agencies from the Web, firewall them down to ZERO access to non-goverment networks. In each office place setup 4-5 computers (unconnected to the network) with internet access... if employees need access to the net at large... they can use those machines. I know its not a pleasant solution to the workers, but very few goverment positions actually require access to the net. It would go a long way to helping that 2 billion dollar loss in productivity mentioned not too long ago. While the offices are segmented, the Goverment IT guys can work on more effectivly deploying their machines in a manner that can restore access to each computer, but until then there's little reason 99% of these employees need direct access.

Re:Hard Break: Simple Solution

[Rick17JJ]

Another possibility might be to install a KVM switch on each computer so that the government employee could switch back and forth between a computer that is connected to the Internet and one that isn't. At one time I had a KVM switch between my new computer and my old computer. The KVM switch allowed me to switch back and forth between the two computers in about two seconds. A KVM (keyboad-video-mouse) switch allows the use of one keyboard, video and mouse to control more than one computer. One of the computers would only be connected to the Internet and the other would be on the internal network (not to the Internet).

If space for the second computer is a problem, there are now computers as small as a book that could be used to connect to the Internet. For browsing the web they could use something small possibly similar to the WinBook Jiv Mini, The Panda PC, MicroServer HP, AOpen MiniPC Duo MPO945-V, or the Apple Mac Mini Core Duo. To keep costs down, perhaps they would not need to upgrade the mini-PC that is connected to the Internet as often as their other computer. Conceivably they could use Ubuntu Linux or Mac OSX on the mini-PC that is connected to the Internet which would be an advantage because virus, worms and spyware are almost unheard of on Linux or Mac computers. They could still use Windows on their main internal network where their computers would live a more sheltered existance. The extra PC wouldn't need to use much extra electricity because some of the mini-PCs only use about 21 Watts.

I am not a computer professional (or expert), but it seems to me that isolating the internal nework from the outside world with a KVM swith might possibly be an alternative to consider. That would be especially true if they are using malware infected Windows computers, are understaffed with properly trained and motivated IT people, and have failed to secure their network by other methods. I have actually thought about doing something like that at home with one or both computers running Linux.

Okay ... tie this to the porn and gambling article

[Maxo-Texas]

Bots don't come from CNN and slashdot.

The observed porn and gambling surfing by govt employees becomes a national security risk.

Well......

They ARE running windows....... but I digress. Article fails to say what the computers are used for, the timeframe they recorded their data, and how quickly it was fixed (assuming it WAS a problem). General workstations for secretaries, payroll, call centers, break rooms, computer labs for military personnel, etc may be infected as employees are likely to surf the web and read e-mails during work. Big Deal! Same thing that a normal user would have to deal with. Every business with even a small number of workstations faces the same problem.

This article leads us to believe that national security is at risk and slashdotters can say OMG another George Bush failure (typical knee-jerk reaction from liberals). This article is nonsense since if it was a problem steps would be taken to fix it (such as centurion guard hardware).

The article is clearly slanted to get attention since its focus on the government. Besides, I don't think Big Brother would let trend micro near any computers that really do matter.

Local govt IT sysadmin here...

I'm the systems admin for a medium-sized city govt in the southern US. Please don't paint all "govt" IT ops with a broad brush. Yes we have a cumbersome bureacracy imposed over us, but we have a crew of very sharp folks working in our department and are able to keep all our systems updated to the latest performance and security standards in spite of the PHBs. I dare say, we probably run a tighter ship here than many high-tech private sector corporations. We use Linux and open source stuff extensively to secure our networks (mostly Winblows on the inside, due to the problem that all app vendors only write for MS anymore), but Linux-based firewalls and security monitoring solutions, plus the fact that we don't allow direct routing between our inner and outer networks, keeps us very safe and we've never had a break-in or a major virus/worm/trojan/malware problem EVER in the last decade since we first connected to the public Internet. We are constantly learning new stuff every day, and always have some new systems project in the works to modernize or expand our systems, so our people are always in a state of training for the new technologies.

Govt computers are some of the worst....

[i_want_you_to_throw_]

Government machines have the distinction of being extremely insecure. There are lots of reasons, government requirements to contract out to "8A" corporations being one of them. "8A" corporations are small companies that the goverment has to sling a percentage of work to when contact time comes up. Oftentimes these are inexperienced folks who don't even know what a DOS prompt is.

We had a recurring nightmare scenario in the Army of someone successfully infilitrating our machines with "byte crack" (think HotBar) and that spyware would be a key logger that phones home and self destructs without a trace.

You know it's coming. It's also no secret that other governments have set up M$ networks for their cyber wargaming with the express purpose of taking them down and timing rebuild and recovery times (think MS/Shared source which the Chinese have purchased).

Oh no folks, it gets worse from here.....ESPECIALLY with NSA relying much more on OTS solutions. Remember the good ole days when the government had technology that couldn't be matched? A lot of future woes are going to be caused by the fact that John Q. Cracker can create encrypted malware that does all of it's damage so quick that the game is over by the time the Feds figure out what hit 'em. Feel better knowing that NSA is relying on M$ solutions more and more?

The price of progress, indeed.

Don't bet on it

The unclassified side of military networks can be just as scary as any other government IT network. I can't speak directly about the Marines, but I remember Code Red hitting the Army networks connected to NIPRNET real hard, compromising thousands of machines and generally making life difficult for those of us on the same connections.

It's like any other organization though - there's areas that are run exceedingly well, and areas that aren't. It's hard to generalize about anything as large and complex as government, or even military IT.

Re:Don't bet on it

[RingDev]

There were a few notables I saw while I was active duty in the Marine Corps as a 4067 (Computer Programmer). My first experience with the MITNOC was in Okinawa, Japan. One of the network/pc techs had put up a geocities page that had references to UNC paths inside the network. It worked great for him because he could go to any PC on any of the bases and get to all of the tools/software/installs he needed for most of his work. The links were only worth a damn if you could get into the network though. Unfortunately someone else (I believe it may have been 'Hackers for Girls') also discovered the links. The same weekend in 1998 that CNN was disrupted, the MITNOT (Located in Quantico, VA) noticed a huge flood of attacks on the Oki network. With in a few hours, the MITNOC had the website taken down, a mirror image of the PC tech's hard drive, his browsing history for the last 3 months (printed and digital), and 3 Marines on a plan to Japan.

Another notable environment I saw was one of the Office buildings in Quantico, VA. Each new building for the most part had it's own network design team that would configure the building prior to people moving in, and they would design and configure everything. Once the regular staff showed up, the design team would hand off control of the network to the local IT department. The guys at the Marsh Center had this down to a science. When I left Quantico, the only thing those networks would get out of their chairs for was to clear a printer jam or replace failed hardware. Everything else was locked down, automated, network pushed, and other whys control remotely. A truly beautiful environment for both the IT support team, and us developers.

-Rick

Eeeewwww....

[Svartalf]

Now you put me right off my feed...

Must find suitable brain eraser for that mental image...

It's worth reading TFA

[xoyoyo]

As it appears that Trend Micro can't spot a forged FROM: header. They're having to "reanalyse" their data after it turned out they were wrong. The upshot is that this is a non-story, but an interesting one. The correct reading of it is that a security vendor has been caught out doing what we all suspect they do all the time anyway: spinnign research to make their IO-bound bloatware look useful.

Huh? Government Workers == Bots!

[filesiteguy]

This is surprising. I was always under the impression that all government computers were infected by bots.

Oh, wait - my bad. I thought it said that all government computers were operated by bots.

Nevermind.

Had Enough?

[Doc+Ruby]

Five years of George "The Genius" Bush protecting us. Revamped all our security into "Homeland Security", reorganized all our intelligence systems, got a Republican Congress to do whatever he wanted. Now we're starting to see how rampant insecurity has rotted his huge government from the inside.

Feel safer?

Vote to fire or keep your Representative on TUE November 7, 2006 (one month from tomorrow). Odds are you'll have the choice to fire one of your Senators. Reformatting the White House will probably take another couple of years, when its automatic reboot timer expires.

Re:Had Enough?

[Doc+Ruby]

Moderation -1
    100% Flamebait

TrollMods don't want you to know that you can feel safer by voting in a month, on TUE November 7, 2006, to fire your representative and probably your senator, too.

Because TrollMods are Republicans, and your representative and senators are probably Republicans, too.

TrollMods have faith in security by obscurity, especially when securing elections for a Permanent Republican Majority.

trojan task ..

[rs232]

.. multi layered defense .. network level protections, PC level protections and desk-side support level protections .. annual IT security awareness training .. reimaged immediately .. a special committee .. encrypted .. recieving process where that image is installed

Apart from this trojan task what else does the IT department contribute to your business.

"We have spent millions of dollars of your tax money in the last five years bringing this system online"

Ah, I see .. there's nothing like spending other peoples money. Do you mind telling us the name of this agency as you do seemed to have covered security better than the rest.

'Last night I had the same dream again.

I was walking along a beach littered in small stones.

I carried a basket filled with similar stones.

Every time I found one exactly the same I could put it down.', ???

was Re:this takes $$$ time and energy

Re:trojan task ..

[rahrens]

Uh, what do you exactly mean by "trojan"? Our department isn't disguising itself as something it isn't, like a trojan is usually defined. We are integral to the FDA being able to do its job without outside interferance with IT operations.

I work for the FDA - the Food and Drug Administration, and we are part of the HHS.

If you work for anybody but yourself, you are spending someone else's money, so what? I like that, too, especially when they have more than I do (which isn't hard...).

Cute little poem, but what relavance has it to my post?

Moo

[Chacham]

Which is worse? Youngsters voting patterns or Evil nations controlling things?

Hmm.. i'm not even sure there's a difference. So, in some way, you're vote does count.

Little ole' me...

[certain+death]

You know...I have your typical ADSL line, 6 megabit down, 700kbps up. Here is what I see pounding on my firewall (BSD type firewall) almost every day... Hitting port 1026 like a mad hatter. port 1026 is generally used for those nasty windows messenger (the service, not the IM software) SPAM popups. Funny, right? Perhaps it is really the DOD trying to use windows messenger popup spam to brain wash me, but I highly doubt it, My mind is not worth the effort!!! OrgName: DoD Network Information Center OrgID: DNIC Address: 3990 E. Broad Street City: Columbus StateProv: OH PostalCode: 43218 Country: US NetRange: 29.0.0.0 - 29.255.255.255 CIDR: 29.0.0.0/8 NetName: MILX25-TEMP NetHandle: NET-29-0-0-0-1 Parent: NetType: Direct Allocation Comment: Defense Information Systems Agency Comment: Washington, DC 20305-2000 US RegDate: Updated: 2002-10-07 OrgTechHandle: MIL-HSTMST-ARIN OrgTechName: Network DoD OrgTechPhone: +1-800-365-3642 OrgTechEmail: HOSTMASTER@nic.mil

STFU, fascist

We don't need goose-stepping Nazis here that want to impose a white power theocracy on the world.

The Government is a juggernaut

[Opportunist]

And that's why it generally fails against any kind of sophisticated online attack, no matter what form this attack takes. It's the same for huge companies, btw. Vast amounts of money, the ability to hire every and any brain available to counter the attack, but the time it takes 'til they get into gear usually means that by the time the attacker is long gone and untracable, they are finally done with the budget for it.

That's where organized crime is having the upper hand: Speed. When you're in the defensive position (which you invariably are as the attacked one), your most significant disadvantage to the attacker is time. He had all the time he needed to plan, stage and prepare the attack. You have to respond. NOW. And that is something the feds can't. They cannot respond immediately because it was not in the budget, there is no task force to counter the attack.

That's why it's still possible. Not because the government "counter-hackers" are worse than their attacking cousins. They're just caught up in so much red tape that it's more hassle to fight this than the attacker.

read a book ..

[rs232]

"Our department isn't disguising itself as something it isn't, like a trojan is usually defined"

The story goes that a war was fought by the Achaeans against the city of TROY for ten years. They built a Wooden Horse and hid in it until the trojans brought it into the city. Ergo trojan task refers to any Herculaen task.

"Cute little poem, but what relavance has it to my post?"

It's something similar to a quote from, I think, Grace Hopper regarding braking codes in WW2. Now that was a real trojan task. She discovered the first computer bug, a moth caught in a relay.

was Re:trojan task ..

Re:read a book ..

[rahrens]

Sorry, didn't relate the work 'trojan" with what is usually described with the (also) Greek name-derived word "herculean", which, I think is more often used to mean a large, difficult task. Usually the trojan war is refered to in modern literature as being related to the deceptive manner of the Greek entry into Troy, as in "Beware of Greeks bearing gifts".

I'd never heard of the poem, I'll look it up and read it, if that was just a snippit.

Re:read a book ..

[rahrens]

..sorry, I meant "word" trojan...

fat fingers...bad eyes didn't see the error until after I hit submit.

The difference is

[RKBA]

"If you work for anybody but yourself, you are spending someone else's money, so what?"

The difference is that only the government forcibly takes people's money under threat of imprisonment.

Re:The difference is

[rahrens]

That's true, but people at our level don't have anything to do with either the coersion or the allocation of that money, now do we? I won't feel bad about that, after all, at least some of that money was mine! You ARE aware that Federal employees pay income taxes, too?

Does YOUR employer take money from your paycheck and then pay you with the resulting funds? Mine does!

Little Help Here?

[Bob9113]

Hey, if any of the people running these bot nets is reading this, can you get in touch with me? I'd like to get the aggregated personal tax return information for the past thirty years or so, so I can do a fact-based analysis of shifts in wealth distribution. Thanks in advance.

nobody headed DHS warning against using MS IE

[Locutus]

not one organization at the state or local level took any action when the Department of Homeland Security(DHS) put out a warning against using MS Internet Explorer when a major risk was found and left open by Microsoft for over 3 months. Heck, three departments in my city were shutdown for a day when one of the Microsoft Windows bot software was 'failing' and resulted in some of the infected computers to constantly reboot. Yet, after that, questions presented about continued use of MS IE resulted in answers like, 'with limited budgets they are doing the best they can' and 'balancing financial impacts and security risks results in some tough choices', etc.

So it does NOT surprise me to hear that there is a massive bot network running inside many state, local, and federal government systems. And, like how the TSA handles 'threats' in a RE-active manner, so too will this be addressed when something wicked this way comes. IMO.

LoB

Re:And Yet Still Windows Isn't really the problem

[Grand+Facade]

Just recently a report was made about how govt workers are wasting time on the internet, shopping, chatting, my space, and porn.....

Gee, I wonder how those bots got in the system? They didn't just cruize in and take up residence. THEY WERE INVITED!

Now if an limitation were installed that would not allow a luser to click OK, that would prevent that from occuring. However on the other hand call center tickets would double and luser satisfaction would decline if they were not allowed to install useless screensavers and fuzzy mouse pointers, or 19 internet search bars.

Luser education is the way, I have never been infected by any of these vermin. Mostly because I learned my lesson with the monkey virus from a floppy someone gave me in 1995. Most of the exploits were not around in the days I was mucking about learning about the internet by searching out the rankest porn (thank the gods). So I was spared from most of the misery, however I am very familiar with it from the other end as an admin.

If lusers were educated or if their privledges were limited the infection would be limited. The fact is that govt does not want to deal with the problem, IT depts are not allocated the resources to deal with the problem. They are not willing to deal with the political effects of limiting privledges (certain PHBs will demand sys admin privs and they are a source of infection). Another way of limiting the infections would be to route all outside traffic through a proxy with heavy filtering, again iliciting potilical backlash with slow access.

I don't really want to go draconian on them, but the wankers shouldn't be shopping or porning on my dime. Cut their nuts off. Clamp down on access and privledges however neccessary. Take away luser privledges now!

Extent of Government Computers Infected By Bots U

[P3NIS_CLEAVER]

Who gives a shit about what you know? If they know the bot is in the network they will remove it. Name one company that knows how many bots are in their network.

What percent is this a Windows problem?

[webweave]

Should the headline then read "Government gives Microsoft billions and still has bot problem"? So much for the idea that paying for commercial software produces better software.

Why does Microsoft get off so easily in the media for all the problems caused by running its software?

I can't stop, some more good headlines.
"Almost 100% of owned computers are running Windows"
"Supporting Botnets is the cost of running Windows"
"Goverment supports bots by running Windows"

Solution

[master_p]

The solution is a 'virus' that installs Firefox and Thunderbird, replacing every reference of IE and OE with said programs, then downloading and running Spybot S&D/Adware as well as an antivirus program.

I just had an epiphany...

Somebody should name an anti-virus/malware/spyware program Drano (or draino since drano is already a product). :)

FunWebProducts are no fun

[SpunkyWabbit]

tias-gw7.treas.gov - - [15/Jul/2006:18:44:37 +0300] "GET /index_flash.html HTTP/1.1" 404 214 "http://search.mywebsearch.com/mywebsearch/AJmain. jhtml?st=bar&ptnrS=ZNxmk572YYUS&searchfor=chat+roo m+software" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; .NET CLR 1.0.3705; .NET CLR 1.1.4322)"

glamdring.mildenhall.af.mil - - [03/Aug/2006:10:21:59 +0300] "GET /index.php?section=application HTTP/1.1" 302 7963 "http://some.site/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; InfoPath.1)"

Obligatory

[ineedbettername]

In Soviet Russia, Government infects bots!