Slashdot Mirror
New Botnet Dwarfs Storm
ancientribe writes "Storm is no longer the world's largest botnet: Researchers at Damballa have discovered Kraken, a botnet of 400,000 zombies — twice the size of Storm. But even more disturbing is that it has infected machines at 50 of the Fortune 500, and is undetectable in over 80 percent of machines running antivirus software. Kraken appears to be evading detection by a combination of clever obfuscation techniques that hinder its detection and analysis by researchers."
How many of those zombies are Linux platforms?
Seven Days with Ubuntu Unity
A few years ago, you saw you were infected by all the popups that apperared out of nowhere. But now, there is no way to tell for sure, is there? Every time my computer does something strange, I'm worried that I might be infected.
"It's too bad that stupidity isn't painful." - Anton LaVey
With an "80%" miss rate by AV tools, It would be very helpful to know what software anti-virus programs do detect Storm and Kraken? So that responsible users can check their PC's.
There are still Fortune 500 companies that allow unimpeded outbound SMTP traffic from their general userbase?
"Tell me doctor, with all of your defenses, are there any provisions for an attack by killer bees?"
The biggest one is the one that hasn't been found yet.
Which just goes to show that the best defense against infection is an educated userbase.
And then they must be willing to act along the guidelines for security set by IT dept.
Seven Days with Ubuntu Unity
Does anyone else find it absolutely aggravating that these stories
1. Never tell you how you know if you're infected, and
2. Never tell you how to clean up your shit if you are.
However, they always give massively generalized statistics on how vulnerable you are!
Thanks, asshats.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
There just aren't enough words.
This is not security through obscurity.
This is hiding in obscurity.
The program is not secure, it is simply good at hiding itself.
Oh, please. Do you honestly think that if Windows were to vanish off the face of the earth tomorrow all these virus authors and botnet operators would suddenly throw their hands up and say "oh well, guess we'll have to find something else to do?" No, they start working on all the exploits in Linux and OSX. Since important financial data is stored in a user's account on the system there's little to stop someone from grabbing this data once they're in. Destroying the user's system is no longer the goal of an attack you know.
Well, I don't use mac that often (only via a friend when I visit him...) but I don't think a regular .exe will run on a mac.
The only way I can see it working is if someone runs parrallels with windows and opens the executable there - thus it is technically a "windows machine" that is infected.
No os is totally safe from access - what distinguishes Linux/Unix/BSD and maybe even MACOS from the Windows crowd is what you can do when you have penetrated the firewall/got a mail inside.
With Windows it is easier (for various reasons) to have a program do something illegal - either via user click or automagically - than with the others.
For a hacker it would still be hard to do anything on a Linux/BSD/Unix box without root/admin privileges - maybe stealing info is the worst (via accounts that do not need special privileges to view/access files).
Thus the term "HOW SAFE" needs to be defined before one can argue the strong points of an OS over the other.
For one person ACCESS to the info is a security issue, and for another RUNNING AN UNWANTED PROGRAM (virus/keylogger/trojan/bot) is the issue.
With the first issue I'd say Linux/BSD/Unix is a little safer than Mac which is a little safer than Windows, with the second issue I'd say Linux/BSD/Unix is way safer than the others.
Seven Days with Ubuntu Unity
AntiVirus software has been relatively useless for the past few years. They charge extra just to detect basic "non virus malware" and they still dont detect the REAL threats!
AV vendors ought to be ashamed of themselves. Even more so, the customers should be ashamed of themselves for continuing to pay for a program that doesnt REALLY protect them.
We MUST move away from definition-based "protection" and move to behavioral-based protection. Unfortunately there's only one major player who's trying to do that. That is Microsoft, with Vista's User Account Control. Unfortunately, that is also the feature that people dislike about Vista, and way too many people turn it off.
It's funny how badly people hate the tools need to protect a PC.
Do you honestly think that if Windows were to vanish off the face of the earth tomorrow all these virus authors and botnet operators would suddenly throw their hands up and say "oh well, guess we'll have to find something else to do?"
Well done, you've managed to switch the argument from the factual to the hypothetical.
This is the standard debate tactic in this situation. Get everyone tangled in debating the possibility of potential but non-existant Mac and Linux malware, judging its likelihood against factual and vastly damaging Windows viruses, worms and botnets.
Just acquit Microsoft of all culpability for poor and short-sighted decisions, incurring costs in the billions, for millions of users, by saying, "eh, it was inevitable."
#define struct union
It's the difference between "this platform is inherently more secure" and "this platform is safer because it's not targeted as much." Apple's market share is rising--if it gets too high, it will likely become the target of malware authors.
You're not right. There's nothing preventing any user from setting up executables directly in his home directory; hell, back in my shell account days, I must have had the equivalent of a pretty good-sized unix system in ~/bin, ~/usr and ~/var.
Your solution simply does not address the dancing bunnies problem.
All of your suggestions differ significantly from the default configuration. It's pretty easy to tell Windows to show the real file extension. It's easy to create a new user on your Windows box, and it's easy to only log in as that user. It's easy to install software in this way (right-click, run as.)
Only we're talking about normal users here. Users who aren't going to go to these lengths to protect themselves and their computers. Nor are they going to modify the default behavior of their Linux computers, if we were to set them in front of one. We're talking about users who don't even realize that these are good things to do, so why do you expect them to do them?
Or, maybe, countries trying to move forward too fast and without watching their step. How many people here know/work in a company where IT doesn't get the budget it needs for proper network defense?
You are in a maze of little twisting passages, all different.
By that reasoning, there should be a proportional amount of viruses/worms/trojans for Linux and OS X. If 5% of desktop computers are Unix (OS X is Unix) or Linux , then 5% of the viruses should affect Unix or Linux. Somehow I don't see that. The reason that so much malware exists on Windows is that the Windows architecture makes it so easy to do. Linux and Unix makes it harder to do.
Well, there's spam egg sausage and spam, that's not got much spam in it.
I think that the biggest problem is that people don't distinguish between "secure" and "safer." I alluded to this in my post.
The second biggest problem is that people don't define what "secure" really means. In the context of trojan horses, it mostly means that the rest of the system is safe, even if the user account is wholly compromised. This is important, because it will be much easier to clean up the infection from a super-user account if the trojan can't use rootkit-like behavior to hide itself. In short, anti-virus running as root will have an easier time finding malware that isn't running as root. In this specific context, an operating system which (by default) runs as administrator is going to be less secure; however this has more to do with configuration and less to do with architecture, which is where a lot of people try to define security.
There are other contexts that you can look at, though. In most distributions of Linux, software updates are handled somewhat automatically for all software on the system. While this could be a security concern, in most cases, it's a boon to security. Did someone find a bug in Firefox? Ubuntu's daily security check will find it and ask you to install the new version. Bug in libc? Same thing. Since most software on the system will be updated in this way, security updates are more likely to be applied, and the system will, in general, be less susceptible to exploits.
Of course, all of this assumes classical malware that expects to be run as administrator. There's no particular reason that malware couldn't be written to be hard to detect from the user-account, and which waits until it can sniff a password or execute privileged code within a password-less sudo context. Malware also can do a lot of damage without hiding itself, and before the user becomes aware of its existence. This applies to just about any platform (indeed, any platform where the user is allowed to execute arbitrary code.)
I find it easier to believe that that antivirus tools just suck.
I read the internet for the articles.
Microsoft's "hide extensions by default" has to be the worst security decision of all time. I know it's the first thing I turn off when I use a new machine, but still, most people leave it on and it's just asking for trouble.
I read the internet for the articles.
And _I_ consider the existence of antivirus tools to imply an OS that just sucks.
Let us not become the evil that we deplore.
The thing is, I hear this all the time.
.bash_profile (and a thousand other ones), and you can configure/fix them out of existence. But to get all of them pretty much means stopping someone from using their computer.
If someone says "Windows is insecure", I hear "Yeah, damn right. Stupid n00bs and its all Bill Gates fault, stupid people".
If someone says "Linux is insec.." I hear "lalalalalala. I can't hear you. lalalalalala".
The problem is about usage patterns of the OS. Put the same person in front of any OS and they will get infected the same way they always did. As someone mentioned, bots generally send spam or steal financial info - well, there's nothing stopping this from happening in any app. Either you restrict users from doing things they consider normal (like downloading gadgets and toys, and opening their own files) or you have to accept that they will get infected, no matter which OS they use.
Sure, there are technical, tricky issues with
The answer is to educate users about security, which would be an ongoing task forever (as new exploits are discovered, new attack vectors invented). Or to try and fix the damage an infected machine can do. Eg. why aren't the defaults for emailing set to only allow 1 per minute, or why doesn't the software pop a dialog every time an email is sent? If either of these were implemented at a point closer to the network (rather than the user application) then we'd get significantly less spam from infected PCs.
Of course, its tricky to do. A firewall could do it, but they tend to be focussed on on-demand access - ie, it'll pop a message everytime an app wants to use the network, and you end up with people turning the messages off.
Hiding the file extension - meaningless from a security viewpoint. Users still download SmileyCentral icon packs and explicitly install them.
Actually while I don't totally buy this (Windows gets a lot of "drive by" infections) you do make a compelling point. Even a "secure OS" cannot help if the users is willing to type their admin password at anything that asks for it.
Of course, you could make code show what it will do upfront ("This program will create files in your home directory, but won't open any network ports, or modify any files it didn't create"). This is something that could be done (I think Microsoft's "managed code" is a valid template for this approach). But the UI is really hard to nail, and the user must still read and understand what's being proposed. Consider: "This program will modify system files and read any files on the system, and open network connections both on the local zone and the Internet", does the average user allow that to run? Perhaps not, but what if it's pron?! Seriously, though - can an OS be secure, if it's users don't make rational choices?
Still, I'm not running Windows here...
Nothing will happen; the OS will stop it. How? By the trivial means of not allowing downloaded files to be executed unless I explicitly edit their permissions to turn on the execute bit.
Yes, this really would help. Mere double-clicking can be done reflexively. But more complex instructions like "save this to your filesystem, then open a terminal window and type 'chmod +x free_porn.sh', and then double-click it for free porn!" gives your victim just that little bit longer to realise that they're being conned. Is it 100% secure? No, of course it isn't. Is it more secure than an OS that will blindly execute anything that has a filename ending