Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Botnet Dwarfs Storm

Posted by CmdrTaco on from the that's-a-lotta-zombies dept.

ancientribe writes "Storm is no longer the world's largest botnet: Researchers at Damballa have discovered Kraken, a botnet of 400,000 zombies — twice the size of Storm. But even more disturbing is that it has infected machines at 50 of the Fortune 500, and is undetectable in over 80 percent of machines running antivirus software. Kraken appears to be evading detection by a combination of clever obfuscation techniques that hinder its detection and analysis by researchers."

51 of 607 comments (clear)

  1. I am not trying to obnoxious. by AndGodSed · · Score: 5, Insightful

    How many of those zombies are Linux platforms?

    --

    Seven Days with Ubuntu Unity

    1. Re:I am not trying to obnoxious. by jcr · · Score: 4, Insightful

      About as many as are running Mac OS X or Solaris.

      -jcr

      --
      The only title of honor that a tyrant can grant is "Enemy of the State."
    2. Re:I am not trying to obnoxious. by AndGodSed · · Score: 2, Insightful

      Yes, and .exe should only target Windows - but what about people running wine?

      But then, a person running wine either knows better than to open a random .exe from a mail - or has tech support looking after them...

      btw, who these days open these spammy messages AND clicks on the executables?

      *shakes head*

      --

      Seven Days with Ubuntu Unity

    3. Re:I am not trying to obnoxious. by marklar1 · · Score: 2, Insightful

      1) yes, it was first. I'm not sure the conclusions your drawing or inferring are correct. Just because a few (very vocal) mac newbs, as well as some mac and linux fanbois have misunderstood the security of their platforms:

      note: once a hack used, it couln't be re-used.
      the hack used on the vista machine was believed to be applicable to all 3 platforms:

      http://blogs.zdnet.com/security/?p=993

      "âoeThe flaw is in something else, but the inherent nature of Java allowed us to get around the protections that Microsoft had in place,â he (Macaulay) said in an interview shortly after he claimed his prize Friday. âoeThis could affect Linux or Mac OS X.â
      The day 2 exploit succeeded finally after going back and forth between the machines tweaking the exploit.

      http://www.theregister.co.uk/2008/03/29/ubuntu_left_standing/

      "Plenty of commentators have made hay of the MacBook Pro being the first to exit the race, and Linux zealots are sure to conclude the contest results prove the superiority of that platform. Maybe. But that's not how it looks to Macaulay, who says with a few hours of tweaking, his exploit will also work on OS X and Linux."

    4. Re:I am not trying to obnoxious. by AndGodSed · · Score: 4, Insightful

      1You are the dumbass for not knowing that you are 2not an average user. First off, I don't understand that sentence, but let me try to reply to it first.

      1. Fine - call me a dumbass. Water off my back.
      2. I am not an average user - but I am not a hardcore Linux pro either.
        a) I started somewhere - I used to be an average user way back when. No one is born a pro.
        b) My mom is using linux via an XDMCP client on my dad's XP box - and loving it.
        c) My wife is using Linux - and loving it.
        d) You argument sounds like an uninformed rant on a perception of the linux desktop.

      Now, on user-friendlyness. You complain about something like installing a AGP card, or let's go wireless card.

      And then you talk about the "average user" - let's then exclude gamers and geeks.

      How many "average users" install new hardware on their Windows computers? The moment you feel confident enough to open up your tower case, rip out an old Graphics card and install a new one you are no longer an "average user".

      I used to work in IT support at a retail store - and I had TONS of pc's come through my hands from normal people wanting me to do things like set up 3g modems, modems - yes dialup on board thingies would you believe, "screen cards" and the like.

      Now then - a windows pc is pre installed with the OS no?

      Let us go to Linux - you get pre-installed Linux boxes - fine for the "average user" - even easier to use. Plug into the network and you are online instantly, as a for instance.

      No need to install office - it's there, chat client? there. You see - linux (and here I am referring to the desktop targeted distros such as Ubuntu/PCLOS/Mandriva etc) is very user friendly.

      The moment you crack open the box to do something out of the ordinary however, you cross the line from "average user" to "pending geek".

      I just wrote my first bash program this week, check it out - the source code is on my blog. It is a horrible mish-mash of commands and stuff to do something really badly - but it is there, and it is mine.

      No way that I would have grown to the point of even attempting something like that as a Windows user.

      There is a perception that Linux is hard/unfriendly/a nightmare - and detractors cling to this with all they have because in reality that is all they have criticism wise.

      The one thing that detractors of Linus tend to overlook is the underlying philosophy behind it. I was able to write my little script because the community wanted me to write it. My success as a user/contributer is important to them.

      That, my friend, is what makes Linux great.

      As to you using it yesterday - if that is true I gladly apologize for my assumption. Your original comment, however, leaves me to think you are either lying for dramatic effect, or you popped in a disk, tried something out of the ordinary, and base all your assumptions on one wacky experience.

      Most of getting to use Linux is getting past the "how it works differently" and then if you get your head around that you will be a-for-away...

      peace.
      --

      Seven Days with Ubuntu Unity

  2. Scary by Mr2cents · · Score: 3, Insightful

    A few years ago, you saw you were infected by all the popups that apperared out of nowhere. But now, there is no way to tell for sure, is there? Every time my computer does something strange, I'm worried that I might be infected.

    --
    "It's too bad that stupidity isn't painful." - Anton LaVey
    1. Re:Scary by couchslug · · Score: 1, Insightful

      "Every time my computer does something strange, I'm worried that I might be infected."

      Dispose of Windows, install a more secure OS, and take the time to learn to properly use your new OS. Surf using a virtual appliance to isolate the rest of the system. Some folks even surf and do much of their stuff using a live CD. Somewhat awkward but quite safe, and not a bad idea for online banking etc. Even if one isn't especially worried, this stuff is fun and useful to learn.

      --
      "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
    2. Re:Scary by dc29A · · Score: 2, Insightful

      "Every time my computer does something strange, I'm worried that I might be infected."

      Dispose of Windows, install a more secure OS, and take the time to learn to properly use your new OS. Surf using a virtual appliance to isolate the rest of the system. Some folks even surf and do much of their stuff using a live CD. Somewhat awkward but quite safe, and not a bad idea for online banking etc. Even if one isn't especially worried, this stuff is fun and useful to learn. I always laugh my ass off when people suggest "get a more secure OS". What's wrong with Windows? You can make one single minor adjustment to your computer's usage and be free of malware: fucking stop using Windows as administrator. Problem solved. No need to install another OS, no need to buy a more expensive computer (Mac). One single thing to do.

      Oh and stop clicking on every "OMG YOU WON AN IPOD TOUCHME CLICK HERE1111!!!!ONEONEONoneELEVENTYone11!!" banners. And how about some common sense about not executing a file called "horny_18_teen.jpg.exe"?

      99% of current malware is due exclusively because of user ignorance and stupidity. Wipe out Windows from the face of the Universe and what will you get? One BEEEELLLIIIIOOOON Linux and Mac zombies sending out SPAM.

      Windows security is easy:
      (1) Stop using your computer logged on as administrator.
      (2) Common sense.

      Yes I know, it's difficult.
    3. Re:Scary by fimbulvetr · · Score: 4, Insightful

      Perhaps you don't understand the implications of the article.

      ZoneAlarm, AVG and Spybot are _incapable_ of detecting trojans like the aforementioned Kraken simply because they are polymorphic. Don't be ignorant, just because these programs say you haven't been infected, there's a non-trivial chance that you have been.

    4. Re:Scary by Anonymous Coward · · Score: 2, Insightful

      BS.

      I've tried using windows as something other than administrator, but 80% of programs coded for windows fail to understand how to manage this.

      Everything wants you to input the admin password, you can't even check the calendar ! ("you don't have sufficient privileges to change the date and time") And where is the "sudo" equivalent ?

      Saying that not running as administrator will solve all your windows security problems is moronic.

    5. Re:Scary by ozmanjusri · · Score: 3, Insightful
      Granted, it requires more attention than a Linux box

      So Windows is fine if you know exactly what you're doing and don't make any mistakes.

      But Linux is supposed to be the complicated OS...

      --
      "I've got more toys than Teruhisa Kitahara."
    6. Re:Scary by couchslug · · Score: 3, Insightful

      "Hence why you don't click on random things and go to websites that could potentially be unsafe. It doesn't take much common sense to keep this stuff at bay..."

      Unless the "safe-looking" websites are infected...
      "But she looked like a nice girl. How would I know she had the clap?"

      --
      "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
  3. Detection? by Brit_in_the_USA · · Score: 5, Insightful

    With an "80%" miss rate by AV tools, It would be very helpful to know what software anti-virus programs do detect Storm and Kraken? So that responsible users can check their PC's.

    1. Re:Detection? by kcbanner · · Score: 2, Insightful

      They do have firewalls, they also have Joe User who likes to open every email and click each link to see "fun" pictures.

      --
      Obligatory blog plug: http://www.caseybanner.ca/
  4. Spamming by Scutter · · Score: 4, Insightful

    There are still Fortune 500 companies that allow unimpeded outbound SMTP traffic from their general userbase?

    --

    "Tell me doctor, with all of your defenses, are there any provisions for an attack by killer bees?"
  5. Best practices, people! by Anonymous Coward · · Score: 2, Insightful

    Maybe if people stopped relying on antivirus and malware detectors alone, and started educating their users and locking down their systems (instead of giving everyone root / local admin rights), we wouldn't have this problem...

    Security isn't a technology problem, it's a people problem.

  6. The naked truth about botnets by maxch · · Score: 3, Insightful

    The biggest one is the one that hasn't been found yet.

  7. Re:How does it get in? Duh! by AndGodSed · · Score: 3, Insightful

    Which just goes to show that the best defense against infection is an educated userbase.

    And then they must be willing to act along the guidelines for security set by IT dept.

    --

    Seven Days with Ubuntu Unity

  8. Aggravating... by MachineShedFred · · Score: 5, Insightful

    Does anyone else find it absolutely aggravating that these stories

    1. Never tell you how you know if you're infected, and
    2. Never tell you how to clean up your shit if you are.

    However, they always give massively generalized statistics on how vulnerable you are!

    Thanks, asshats.

    --
    Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
    1. Re:Aggravating... by Anonymous Coward · · Score: 1, Insightful

      I agree completely. Look up Kraken + Bot in Google... lots of fear mongering about a giant bot-net... and NOTHING about how to detect or clean it.

    2. Re:Aggravating... by Some_Llama · · Score: 2, Insightful

      "deduce that there's no 100% way of "How to detect it"."

      then how do they know the size of the botnet and how the infection routine works?

  9. The battle is lost by value_added · · Score: 3, Insightful
    From the fine article:

    Just how Kraken is infecting machines is still unclear, but Royal says the malware seems to appear as an image file to the victim. When the victim tries to view the image, the malware is loaded onto his or her machine. "We know the picture... ends in an .exe, which is not shown" to the user, Royal says.

    There just aren't enough words.
  10. Or Unix or Mac ... by Udo+Schmitz · · Score: 1, Insightful

    I assume a lot of those are Macs? Because I read on /. that Macs are as insecure as Windows machines and that Apple even takes longer to fix bugs ... Yeah, go and mod me flamebait or troll ... but I really would like an answer from all those MS apologists.

    1. Re:Or Unix or Mac ... by stubear · · Score: 3, Insightful

      Oh, please. Do you honestly think that if Windows were to vanish off the face of the earth tomorrow all these virus authors and botnet operators would suddenly throw their hands up and say "oh well, guess we'll have to find something else to do?" No, they start working on all the exploits in Linux and OSX. Since important financial data is stored in a user's account on the system there's little to stop someone from grabbing this data once they're in. Destroying the user's system is no longer the goal of an attack you know.

    2. Re:Or Unix or Mac ... by AndGodSed · · Score: 3, Insightful

      Well, I don't use mac that often (only via a friend when I visit him...) but I don't think a regular .exe will run on a mac.

      The only way I can see it working is if someone runs parrallels with windows and opens the executable there - thus it is technically a "windows machine" that is infected.

      No os is totally safe from access - what distinguishes Linux/Unix/BSD and maybe even MACOS from the Windows crowd is what you can do when you have penetrated the firewall/got a mail inside.

      With Windows it is easier (for various reasons) to have a program do something illegal - either via user click or automagically - than with the others.

      For a hacker it would still be hard to do anything on a Linux/BSD/Unix box without root/admin privileges - maybe stealing info is the worst (via accounts that do not need special privileges to view/access files).

      Thus the term "HOW SAFE" needs to be defined before one can argue the strong points of an OS over the other.

      For one person ACCESS to the info is a security issue, and for another RUNNING AN UNWANTED PROGRAM (virus/keylogger/trojan/bot) is the issue.

      With the first issue I'd say Linux/BSD/Unix is a little safer than Mac which is a little safer than Windows, with the second issue I'd say Linux/BSD/Unix is way safer than the others.

      --

      Seven Days with Ubuntu Unity

    3. Re:Or Unix or Mac ... by shrykk · · Score: 5, Insightful

      Do you honestly think that if Windows were to vanish off the face of the earth tomorrow all these virus authors and botnet operators would suddenly throw their hands up and say "oh well, guess we'll have to find something else to do?"

      Well done, you've managed to switch the argument from the factual to the hypothetical.

      This is the standard debate tactic in this situation. Get everyone tangled in debating the possibility of potential but non-existant Mac and Linux malware, judging its likelihood against factual and vastly damaging Windows viruses, worms and botnets.

      Just acquit Microsoft of all culpability for poor and short-sighted decisions, incurring costs in the billions, for millions of users, by saying, "eh, it was inevitable."

      --
      #define struct union /* Reduce memory usage */
    4. Re:Or Unix or Mac ... by Sancho · · Score: 4, Insightful

      It's the difference between "this platform is inherently more secure" and "this platform is safer because it's not targeted as much." Apple's market share is rising--if it gets too high, it will likely become the target of malware authors.

    5. Re:Or Unix or Mac ... by Artuir · · Score: 2, Insightful

      The root problem and why this guy shifted the argument is that, quite frankly, Linux users need to stop wearing the OS as a badge and rubbing it in. Yes, we get it. Linux is so vastly superior to Windows, OSX is so vastly superior to everything ever and Microsoft made some very dumb mistakes in the entire structure of their OS - but at least windows users don't need to recompile source code to get raid cards to work. Do you guys see how ridiculous all of this is?

      I know a lot of you understand how every single bit works in that OS but a lot of people don't, and it's irritating to have the fact being rubbed in all the time. Oh wow, we've heard for the 3 millionth time that Windows is inferior in security once again. Not much people can do about it when it's an industry standard for like 90% of everything in history. It's a pity, I agree. But it's fact.

    6. Re:Or Unix or Mac ... by Sancho · · Score: 4, Insightful

      All of your suggestions differ significantly from the default configuration. It's pretty easy to tell Windows to show the real file extension. It's easy to create a new user on your Windows box, and it's easy to only log in as that user. It's easy to install software in this way (right-click, run as.)

      Only we're talking about normal users here. Users who aren't going to go to these lengths to protect themselves and their computers. Nor are they going to modify the default behavior of their Linux computers, if we were to set them in front of one. We're talking about users who don't even realize that these are good things to do, so why do you expect them to do them?

    7. Re:Or Unix or Mac ... by UnknowingFool · · Score: 3, Insightful

      Do you honestly think that if Windows were to vanish off the face of the earth tomorrow all these virus authors and botnet operators would suddenly throw their hands up and say "oh well, guess we'll have to find something else to do?" No, they start working on all the exploits in Linux and OSX.

      By that reasoning, there should be a proportional amount of viruses/worms/trojans for Linux and OS X. If 5% of desktop computers are Unix (OS X is Unix) or Linux , then 5% of the viruses should affect Unix or Linux. Somehow I don't see that. The reason that so much malware exists on Windows is that the Windows architecture makes it so easy to do. Linux and Unix makes it harder to do.

      --
      Well, there's spam egg sausage and spam, that's not got much spam in it.
    8. Re:Or Unix or Mac ... by Sancho · · Score: 4, Insightful

      I think that the biggest problem is that people don't distinguish between "secure" and "safer." I alluded to this in my post.

      The second biggest problem is that people don't define what "secure" really means. In the context of trojan horses, it mostly means that the rest of the system is safe, even if the user account is wholly compromised. This is important, because it will be much easier to clean up the infection from a super-user account if the trojan can't use rootkit-like behavior to hide itself. In short, anti-virus running as root will have an easier time finding malware that isn't running as root. In this specific context, an operating system which (by default) runs as administrator is going to be less secure; however this has more to do with configuration and less to do with architecture, which is where a lot of people try to define security.

      There are other contexts that you can look at, though. In most distributions of Linux, software updates are handled somewhat automatically for all software on the system. While this could be a security concern, in most cases, it's a boon to security. Did someone find a bug in Firefox? Ubuntu's daily security check will find it and ask you to install the new version. Bug in libc? Same thing. Since most software on the system will be updated in this way, security updates are more likely to be applied, and the system will, in general, be less susceptible to exploits.

      Of course, all of this assumes classical malware that expects to be run as administrator. There's no particular reason that malware couldn't be written to be hard to detect from the user-account, and which waits until it can sniff a password or execute privileged code within a password-less sudo context. Malware also can do a lot of damage without hiding itself, and before the user becomes aware of its existence. This applies to just about any platform (indeed, any platform where the user is allowed to execute arbitrary code.)

    9. Re:Or Unix or Mac ... by Sancho · · Score: 2, Insightful

      I believe that the contest ended when two of the three machines were cracked, so no.

      So here's my full disclosure: I really like the design of OS X. I like it more than just about any Linux window manager that I've tried, and it's simply leaps and bounds beyond Windows Vista. I point this out so that any bias may be evident in what I'm about to say.

      It's pretty likely that the Macbook Air was targeted because it's a more desirable computer. If I was going to participate in a hacking contest where I got to keep the computer I hacked, I'd go for the Mac first every time. Moreover, because of the perception of OS X as being so secure, there's a certain amount of prestige associated with hacking one. A couple of years ago, David Maynor hacked a Mac (instead of other operating systems which were equally vulnerable to similar exploits) for just this reason.

      This competition did not show which OS was more secure--it showed which OS was hacked first. There's not necessarily a direct correlation with security, here. Scientific tests would look at things like how much time it took to actually hack the machine, not how much time from the start of the competition elapsed before the machine was hacked.

    10. Re:Or Unix or Mac ... by gbjbaanb · · Score: 4, Insightful

      The thing is, I hear this all the time.

      If someone says "Windows is insecure", I hear "Yeah, damn right. Stupid n00bs and its all Bill Gates fault, stupid people".

      If someone says "Linux is insec.." I hear "lalalalalala. I can't hear you. lalalalalala".

      The problem is about usage patterns of the OS. Put the same person in front of any OS and they will get infected the same way they always did. As someone mentioned, bots generally send spam or steal financial info - well, there's nothing stopping this from happening in any app. Either you restrict users from doing things they consider normal (like downloading gadgets and toys, and opening their own files) or you have to accept that they will get infected, no matter which OS they use.

      Sure, there are technical, tricky issues with .bash_profile (and a thousand other ones), and you can configure/fix them out of existence. But to get all of them pretty much means stopping someone from using their computer.

      The answer is to educate users about security, which would be an ongoing task forever (as new exploits are discovered, new attack vectors invented). Or to try and fix the damage an infected machine can do. Eg. why aren't the defaults for emailing set to only allow 1 per minute, or why doesn't the software pop a dialog every time an email is sent? If either of these were implemented at a point closer to the network (rather than the user application) then we'd get significantly less spam from infected PCs.

      Of course, its tricky to do. A firewall could do it, but they tend to be focussed on on-demand access - ie, it'll pop a message everytime an app wants to use the network, and you end up with people turning the messages off.

      Hiding the file extension - meaningless from a security viewpoint. Users still download SmileyCentral icon packs and explicitly install them.

    11. Re:Or Unix or Mac ... by Sandbags · · Score: 2, Insightful

      Well, since all applications in OSX (and BSD, and most true Unix variants) need to list themselves in various tables, be individually identifyable to the OS, and have strict limits on what APIs they can access from what kind of memory space (and what kind of memory space they can occupy), the issue is not that they don't target macs because it's used less, but because they TRY, and noone can find a way to get a virus into a mac that doesn't say "Hi, I'm a virus, and I'd like permission from the kernel to run. Please enter your keychain password so I can add myself to your active applications list and take up a spot in your launch tray. Don't mind me!"

      They'll target Apple all they want, but if there's a virus in a Mac, it will be incredibly easy to spot and remove. Getting it in there can't be by accident either, it has to come from a very complicated set of tricks, and must involve users actually permitting the infection. Macs are the target of Phishing all day long, but that's not an issue of securing the OS, it's about educating the user. Airbags don't prevent you from hitting a tree if you're asleep at the wheel...

      --
      There is no contest in life for which the unprepared have the advantage.
    12. Re:Or Unix or Mac ... by ianare · · Score: 2, Insightful

      chown root.root .xinitrc
      chown root.root .bash_profile

      What part of the above is a Significant change? it's easier to do than setting windows to show file extensions. Funniest thing I heard all day!!

      Try getting an average user to use a CLI and see why for yourself.
  11. Re:Wait a sec. I thought... by Tridus · · Score: 2, Insightful

    When your "security" is based entirely on reactive methods and file signatures (like standard AV products), obscurity is extremely effective.

    When your security is based on not giving every user local admin rights, and educating them not to run random .exe files (oh, and changing the settings to actually show the extension is helpful too), obscurity doesn't work so well.

    I mean really, this thing would never have started if people could learn to not run Image.exe.

    --
    -- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
  12. Re:Wait a sec. I thought... by ukatoton · · Score: 3, Insightful

    This is not security through obscurity.

    This is hiding in obscurity.

    The program is not secure, it is simply good at hiding itself.

  13. Comment removed by account_deleted · · Score: 2, Insightful

    Comment removed based on user account deletion

  14. Have them or monitor them? by khasim · · Score: 2, Insightful

    They can have firewalls, but if they don't monitor them they're not very effective.

    The same with intrusion detection systems.

    Being a network administrator requires some effort, every day. Not much effort. Particularly if you have some scripting skill. But it still requires some effort.

  15. How bad will i get flamed for this? by JeremyGNJ · · Score: 3, Insightful

    AntiVirus software has been relatively useless for the past few years. They charge extra just to detect basic "non virus malware" and they still dont detect the REAL threats!

    AV vendors ought to be ashamed of themselves. Even more so, the customers should be ashamed of themselves for continuing to pay for a program that doesnt REALLY protect them.

    We MUST move away from definition-based "protection" and move to behavioral-based protection. Unfortunately there's only one major player who's trying to do that. That is Microsoft, with Vista's User Account Control. Unfortunately, that is also the feature that people dislike about Vista, and way too many people turn it off.

    It's funny how badly people hate the tools need to protect a PC.

    1. Re:How bad will i get flamed for this? by Sancho · · Score: 4, Insightful

      AntiVirus software has been relatively useless for the past few years. They charge extra just to detect basic "non virus malware" and they still dont detect the REAL threats! Signature-based detection is on its way out, and antivirus manufacturers are not adapting well. They have some heuristics that look for weird types of files, but they're not great.

      UAC isn't really a solution, either. All it does is to train the monkeys that you have to click an extra time in order to get the banana.

      Education is what's needed. I no longer recommend antivirus to my family--I tell them to avoid running programs that they don't know about, not to trust any attachment that comes through the mail, and offer other suggestions for safe computing practices. Running without antivirus works to remove the perception of safe computing, making them actually think about the things that they're doing. This, incidentally, leads to actual safe computing.

  16. Untrue. by QuoteMstr · · Score: 4, Insightful

    You're not right. There's nothing preventing any user from setting up executables directly in his home directory; hell, back in my shell account days, I must have had the equivalent of a pretty good-sized unix system in ~/bin, ~/usr and ~/var.

    Your solution simply does not address the dancing bunnies problem.

  17. Untrue by QuoteMstr · · Score: 2, Insightful

    Users need no special permissions to run executables, and for most people, rm -rf $HOME would be as disastrous as rm -rf /. If we're talking about malware, it's trivial to get a user program to run on login without administrative privileges.

    The only viable long-term solution is to put email clients, web browsers, and other sensitive programs each in their own separated, limited environments to contain any damage. The approach works for network servers; why not for clients?

  18. Re:Designate Windows OS as Terrorist Tool by Trevoke · · Score: 3, Insightful

    Or, maybe, countries trying to move forward too fast and without watching their step. How many people here know/work in a company where IT doesn't get the budget it needs for proper network defense?

    --
    You are in a maze of little twisting passages, all different.
  19. Re:Designate Windows OS as Terrorist Tool by jandrese · · Score: 5, Insightful

    I find it easier to believe that that antivirus tools just suck.

    --

    I read the internet for the articles.
  20. Re:How does it get in? Duh! by jandrese · · Score: 4, Insightful

    Microsoft's "hide extensions by default" has to be the worst security decision of all time. I know it's the first thing I turn off when I use a new machine, but still, most people leave it on and it's just asking for trouble.

    --

    I read the internet for the articles.
  21. Re:Designate Windows OS as Terrorist Tool by Facetious · · Score: 4, Insightful

    And _I_ consider the existence of antivirus tools to imply an OS that just sucks.

    --
    Let us not become the evil that we deplore.
  22. Need to start over by lord_sarpedon · · Score: 2, Insightful

    This will never stop with the current security model. Attacks like this work just as well on the other major operating systems. Let's move away from reactive security and fix the root cause.

    BitFrost (see http://wiki.laptop.org/go/OLPC_Bitfrost [laptop.org]) is the set of security mechanisms present in the OLPC.

    Though I certainly wouldn't care to summarize the entire thing, here's what it comes down to.

    User programs don't automatically get the running user's full rights. A calculator has no reason to delete your documents, so why should it be able to? And without your knowledge to boot. On the OLPCs, documents are kept in a special storage area. It isn't a matter of owner read access. In general, for a program to get a user's file poofed in to its chroot sandbox, it has to ask the document service (which presents a consistent dialog). Further, a text editor doesn't need to access the network. The user can access the network, but his or her programs can only do so if explicitly allowed to (various such rights are set at install time, configurable later). Certain combinations of program rights are disallowed at install time (such as both network access and webcam access) but can be enabled later. Plus a lot more.

    Sudo/UAC sound nice and all until you realize that programs and users are separate entities.

    Yes, there's a lot to learn from the OLPC project. It's designed to be used (safely) by computer-illiterate children who can't (or can scarcely) read. If you think that sounds like a good description of computer users in general, then you're absolutely right. Security as seen in *nix and Windows makes perfect sense for protecting users from each other. That was the goal back in the day. The people with access to a server were supposed to have a general idea of what they were doing (entirely on them if they didn't), and in that case *nix security works well. But computers have gotten more personal, and that assumption is now blatantly false. Anyone thinkng that Windows security problems stop at buffer overflows, or that Linux on the desktop will change anything, is a fool.

    --
    "Strangers have the best candy" -Me
  23. Re:How does it get in? Duh! by rbochan · · Score: 2, Insightful

    "We know the picture... ends in an .exe, which is not shown"

    And yet, still to this day, Microsoft has the godawful stupid default of hiding the damn file extensions.

    --
    ...Rob
    The American Dream isn't an SUV and a house in the suburbs; it's Don't Tread On Me.
  24. Re:Designate Windows OS as Terrorist Tool by Jezza · · Score: 3, Insightful

    Actually while I don't totally buy this (Windows gets a lot of "drive by" infections) you do make a compelling point. Even a "secure OS" cannot help if the users is willing to type their admin password at anything that asks for it.

    Of course, you could make code show what it will do upfront ("This program will create files in your home directory, but won't open any network ports, or modify any files it didn't create"). This is something that could be done (I think Microsoft's "managed code" is a valid template for this approach). But the UI is really hard to nail, and the user must still read and understand what's being proposed. Consider: "This program will modify system files and read any files on the system, and open network connections both on the local zone and the Internet", does the average user allow that to run? Perhaps not, but what if it's pron?! Seriously, though - can an OS be secure, if it's users don't make rational choices?

    Still, I'm not running Windows here...

  25. Re:Designate Windows OS as Terrorist Tool by Haeleth · · Score: 4, Insightful

    I could send you a bash script that says

    rm -rf ~
    and tell you "double click this for free porn!"

    How is an OS supposed to stop that?
    Go on, try it. You send me that script, and I promise I will double-click on it.

    Nothing will happen; the OS will stop it. How? By the trivial means of not allowing downloaded files to be executed unless I explicitly edit their permissions to turn on the execute bit.

    Yes, this really would help. Mere double-clicking can be done reflexively. But more complex instructions like "save this to your filesystem, then open a terminal window and type 'chmod +x free_porn.sh', and then double-click it for free porn!" gives your victim just that little bit longer to realise that they're being conned. Is it 100% secure? No, of course it isn't. Is it more secure than an OS that will blindly execute anything that has a filename ending .exe, .bat, .cmd, or any of half a dozen other extensions? You bet.