Slashdot Mirror
Top Botnets Control Some 1 Million Hijacked Computers
Puskas writes "Joe Stewart is the director of malware research at SecureWorks, and presented a dire view of the current botnet landscape at the RSA conference this week. He conducted a survey of the top spamming 'nets, extrapolating their size from the volume of emails that flow across the internet. By his calculations, the top 11 networks control just over a million machines, hitting inboxes with some 100 billion messages a day. 'The botnet at the top of the chart is Srizbi. According to Stewart, this botnet — which also goes by the names "Cbeplay" and "Exchanger" — has an estimated 315,000 bots and can blast out 60 billion messages a day.
While it may not have gotten the publicity that Storm has during the last year, it's built around a much more substantial collection of hijacked computers, said Stewart. In comparison, Storm's botnet counts just 85,000 machines, only 35,000 of which are set up to send spam. Storm, in fact, is No. 5 on Stewart's list.'"
Start with "microsoft" and "windows" as the technologies which bring you the largest, most profitable botnets!
you had me at #!
I'm a smart software developer, so I'm pretty sure my computer is not affected (secured hardware firewall, etc). But how can I be sure?
I don't necessarily trust that a clean-virus scan means a whole lot.
What's the best way to make this determination?
They obviously don't have a problem with tracking down and monitoring people. And they apperantly have bandwidth issue. Why don't they basically mail merge to SELECT * FROM `customers` WHERE `customers`.isinfected? Simple, cheap snail mail... nothing fancy.
"Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
God knows I installed on that notebook each and every Anti-Spyware, Antivirus, Anti-everything in order to get rid of it. I traveled each and every "advisory" site with my HijackThis logs, removed numerous keys from registry. Still, every now and then goddamn popup window with site "pc-on-internet.com" appears. I spent altogether perhaps 3 working days trying to remove stupid thing, there is lot of data and SW installed so I am trying to avoid re-installation. Now I am in sitting-in-the-corner-and-crying phase.
839*929
Be that as it may, "Kraken" is a superb name (as is "Damballa" itself.). "Bobic", "Oderoor" and "Bobax" sound like open-source CMSs. "Cotmonger" sounds like a word Bart Simpson would use when suddenly breaking into a unfunny Cockney accent for no reason.
What I'm listening to now on Pandora...
I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
I had a botnet once... didn't catch very many bots, but I got a shitload of dolphins :(
"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
Please fwd me some spam selling whatever it is you're smoking.
If Windows weren't so dominant an OS then botnets would operate on other systems as well (or in its place). It's a question of ROI, nothing else.
That said, it's also not a question of an "offending operating system." It's a question of uninformed (or incompetent, or both) users. If they can't be trusted to not double-click on an xxxxx.jpg.exe file in an email, they are likely to have problems with identity theft and other non-Windows-exclusive security issues. Rather than taking away Windows, these users need to receive training in basic computer security.
Using Windows is NOT a privilege, by the way. If the user paid for it, they have a right to use it.
Cutting off internet and then asking for demonstration that... they've bought a Mac? Will this be demonstrated using ninja magic? A photo via mail?
I can't tell whether you're a Windows elitist, a Mac fanboy, or just plain mental.
I like basketball!!1!
Wouldnt it be possible to log "bot" traffic and systematically, using the same exploits that the bot trojans used to infect the hosts, infect these machines with a virus that removes the bot and deletes itself? Sort of like an anti-bot virus?
Might be a little unethical, but hey drastic times call for drastic measures!
The industry is going at this all wrong. There are only a few players left, and they're all crooks. We need a consortium of companies with spam problems to hire Kroll, Blackwater, or one of the other big international security companies to deal with the people behind the problem.
If 5% of the money spent on dealing with spam went into finding the people behind it and making them go away, the problem would go away.
"Anybody found to have a zombied computer should have their Internet connection cut off immediately and it should only be restored when they can demonstrate that they have removed the offending operating system and either installed a free and secure alternative, or bought a Mac"
You really want ISPs making these decisions? Perhaps you are suggesting some new governmental agency decides when and where to summarily terminate someone's connection?
Freedom should not be sacrificed so trivially.
If all ISPs and businesses would simply block egress tcp port 25 for all addresses on their network except approved mail servers, they would stop these botnets in their tracks.
Of course, the botnets would then be rewritten to try to discover the mail server the PC normally uses and try to use it instead. But is ISPs enforced SMTP authentication to send, it would make it more difficult. Even if the botnets got past all that, it would now be easier to track down exactly who has the infected computer.
Of course many ISPs won't do this because it will make them more directly responsible for preventing spam, preventing viruses, and keeping their customers computers clean.
Once you know the PC is compromised you cannot get it back to a known good state. The best you can hope for with the various utilities is to get it workable enough to offload your data, build your recovery media and record your settings. You're actually better off removing the hdd to an external enclosure and installing fresh on a new one. You could then scan the removable device before carefully recovering the data from it. The worst possible thing you could do is eliminate the visible problems and pretend that means you have a good PC on which to do work.
What is pwned cannot be unpwned. Reinstall. Somewhere in my journal may be some helpful instructions for getting the reinstall done without becoming compromised in the process. You're not the first (or the ten thosandth) person here this has happened to.
Somebody else here will have suggested you try Linux by now, or Apple. There are no Linux or Apple botnets so they don't have this problem. The do have security vulnerabilities too, but compromising one of them is a retail, rather than a wholesale, endeavor and so less fruitful for the botmasters.
Help stamp out iliturcy.
Yes, they'll have other security-related problems, so I won't dispute that users are a huge part of the problem. BUT: Windows really is a special case. Give a clueless user another OS, and they will run malware or otherwise join botnets far less often, and not because of ROI or what platforms that malware authors choose to target. Outside of Windows, most naive users do not know how to even deliberately execute an email attachment. They wouldn't just have to click on xxxx.jpg.exe; they'd have to save it and chmod +x it first, since (AFAIK) no email clients go to extra trouble to help users execute malware.
Windows and its applications have an unusual amount of "support" for running malware. (Executable-by-default is just one feature; there's also autorun, ActiveX, and fuck-knows-what-else.) These are technical (not marketshare-related) "features" of the platform, which most other OS creators have not elected to implement. Windows would be attractive to malware authors even if it had a small marketshare, because the platform is malware-friendly.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
I just block everything incoming on port 25 from IP blocks in the US, apart from a (very small) handful of whitelisted servers.
This thread was all one person.
DRM: Terminator crops for your mind!
Fine them a few hundred bucks per machine. Lazy people who can't or won't keep their machines secure don't deserve to be given access to the internet.
It's like owning a dog. If you don't keep the dog secure, and it runs about able to harm others, you get a fine and potentially lose your right to own a dog.
I realize the logistics are tough, but something needs to be done.
Blar.
That's fine. If the OS is invisible to you then it's doing its job.
DRM: Terminator crops for your mind!
WHO IS CLICKING ON THE LINKS IN THESE EMAILS?
Why does spam work? Who are these stupid people and why do they click? Also, if you get 80 spam a day for the same fake product, why would pick one at random and say, "der, I think I'll go buy this!"
Can someone please tell me why?
I wish some news reporter would send out a billion spam but then, instead of taking money from the people who click, contact them and do an interview. I want to know who these people are and what the hell they are thinking.
Has anyone thought of writing a worm that just installs a stealth Folding@home client and patches the machine up?
If a million clueless consumers are going to buy more megahertz of Dells than they know how to use, we might as well use their stolen CPU cycles to cure diseases rather than impotence.
DRM: Terminator crops for your mind!
Ahh! How I wish you'd posted this under your real ID! I'd love to track the mod war!
"Flyin' in just a sweet place,
Never been known to fail..."
Regardless of platform, most users
1) Run as root, administrator, or some other super-trusted user account and completely disregard security
2) Open anything they receive in email. I've even had some users do a Save-As giving the file the correct extension to be runnable!
These are a result of fundamental flaws in the design of Windows, Unix, et al. Most operating systems assume that all programs should have the ability to do whatever the user can do. In other words, programs are as trusted as the user account they run under.
Given people's experiences with OS X's admin dialogs or Vista's UAC, I'm not sure changing this assumption will lead to more security either. Most users, when presented with a dialog box, will immediately press whatever button is required to dismiss the dialog without reading it.
Even if the default is cancel, the first time they hit "naked ladies.jpg.exe", get a warning, and dismiss it they'll just figure they did something wrong and open it again, choosing the other option this time.
I'm not sure what the solution is.
Natural != (nontoxic || beneficial)
"i am too!"
That's "I am two!"
"Flyin' in just a sweet place,
Never been known to fail..."
I predict that despite our best efforts, more than 6 billion people will die in the next 100 years.
Anyway, as more and more economic activity moves onto the internet, security will get better. Look at the last five years. Security has actually gotten better. Even Windows is getting better, as long as you keep up with patches.
Nerd rage is the funniest rage.
I spent altogether perhaps 3 working days trying to remove stupid thing
Those programs are so complex, so woven in the fabric of Windows, I've never seen a repair work. You have to reformat the drive...not just reformat, but blow away the partitions and recreate them, then reinstal Windows, plus scanning the data files recovered with Knoppix.
Even then I won't warranty it. The hackers you're up against today are organized, professional programmers making big $$$ who do this for a living, not some 15 year old hack. They even know how to subvert security and anti-virus programs.
I'm not belittling you or anyone else when I suggest you may be a bit out of your league. Partition, reformat, reinstall.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
Wow. Strong state advocacy from the Stainless Steel Rat!
"Flyin' in just a sweet place,
Never been known to fail..."
There are a good chart mapping current botnets and spam at Marshall TRACE center (updated frequently afaik). That over 80% of all internet spam comes from botnets (and almost 50% of it just from srizbi) is a good sample of what is the impact of this kind of spam sources.
Bull.
I have a legitimate right to send SMTP from my machine - and I do so. I also run an SMTP server at home - have since 1993, when I got off of uucp.
I have never been an open relay, and access is passwd. I already have assholes at AT&T blacklisting me for no reason - and suffering their ridiculous petition process to get off their RBL.
This is the Internet. A collection of networks. ISPs are not cops, nor should they be. When you mandate this on common carriers, they become something else - and any slim protections we still have remaining will be long gone.
"Flyin' in just a sweet place,
Never been known to fail..."
Gotta love how these articles always say "a million machines" rather than the clearer and more accurate "a million microsoft windows PCs"...
Care about privacy? Read this!
ISPs really should have better IDS on outgoing traffic. At the very least they should be dropping the malicious traffic, and I would hope some ISPs would go as far as redirecting users to a webpage that tells them how to remove the malware, and gives them the tools to do so.
Also, anyone who thinks that macs are comhow invunlerable probabally has a couple other mental disabilities as well, but you should look into it some time and see just how easy windows makes it for the virus writers. The complexity of a windows system gives one a million places and ways to hide, and also makes it extremely hard to prevent an attacker from escalating privileges.
Please elaborate.
No comprende? Let me type that a little slower for you...
Yes, I want ISPs to take action to destroy botnets. There may need to be enabling legislation to shield them from liability when indignant negligent Windows users sue them. Stopping malware on the Internet should be a network-level issue since clearly many individual users are not qualified to do so themselves. The only freedom you are advocating here is the right to run Windows in such a manner that it endangers others. It's perfectly possible to run Windows securely, it takes a lot of effort, and a level of understanding.
Warning Spoilers!!!!!!
The Stainless Steel Rat becomes an interstellar secret agent later in the books working to support Democracy.
So, each of those million machines sends out 100,000 messages per day on average. Thus, if you require any machine that sends out over, say, 10,000 messages per day to be registered, and to be held to a minimum standard of security (machines not registered would be kicked off the network as soon as they reached 10,001 messages in a single day, and would not be allowed back on until registered and secured), the spam problem would be reduced by around 90%, at least from these botnets.
Okay, so it would require too much regulation to work, and it would take a lot of effort to establish. But it's okay to dream, right?
Everything is subjective.
That's assuming that the malware works on WINE. Virus programmers suck at coding things right.
"Hello 911? I just tried to toast some bread, and the toaster grew an arm and stabbed me in the face!"
No they shouldnt be allowed to make those decisions.
However, I do believe that if the ISP does notice "odd" traffic, that they should inform the client of its existance. (some may do this, but not many)
Although, this means that the ISP is at least partly monitoring your traffic, and its a small step from "we only look at Botnet sort of traffic" to "we look at everything cuz liek 0mg hoo nowz???111"
My home ISP just started outbound blocking traffic from DSL customers to port 25 a few days ago, which has stirred up some controversy. Maybe I'm just imagining things, but I believe my connection has been faster since then. We're always suffering from bandwidth problems (the downside of being on the end of a very long cable across the Pacific) so anything that eliminates our share of 100 billion daily spams clogging the line is a good thing in my book.
On mail servers I use spamdyke to immediately drop connections from end-user IP addresses (using the reject-ip-in-cc-rdns rule and Spamhaus PBL) and it's been remarkably effective.
If everyone did this, the botnets would be useless.
"Patriotism is your conviction that this country is superior to all other countries because you were born in it." -- GBS
No but this is the whole point (I think) ...
... people running Linux are less likely to contract nastys for the simple reason they are more likely to be tech savvy in the first place !!!
... why can't I just double click it ?
... but it takes exactly the same time to lock down windows into a relatively safe platform, as it does to unlock linux into a relatively USEFUL platform.
Anyone who has enough tech savvy to manage to save something and then chmod+x something IS NOT NAIVE !!!
Just as someone who (like myself) will always save and virus scan something before opening it IS NOT NAIVE !!!
So you defeat your own argument
But try telling someone who ISN'T computer literate that sorry, "you'll have to save it first and then do x,y,z before you can use it", will reply "fuck that"
And THIS is what the Linux fanboiz will not admit - it's not the O/S, it's the users.
Now admittedly, because of the market share (whether you like it or not), more people will get Windows which is by nature open rather than closed by default
It's the integration. Market a computer to someone who doesn't know what a program is, and allow that person to run programs. Without having to consult with anyone. So you are right; some basic training is in order.
.jpg.exe work? Especially if part of the information is hidden? Who thought that would EVER be a sensible idea? I used to try to allay peoples fears years ago, by saying "No, you cannot get malware from email -- the thought is ludicrous". And then we get the integration that lets it happen easily.
But the layout and features of Windows needs to come under examination as well. WHY does double clocking
Unix (Linux) isn't a "magic bullet". And, indeed, applications have been dragged into that "tight integration" role -- email must talk to the calendar, and multimedia, and random web pages must be allowed to run code, without sand-boxing! I swear, it makes me want to become a luddite. My kids are insisting that it is "ok" to run random games from the internet now.
At least I keep tabs of all traffic, incoming/outgoing. If it spikes, I find out why. Pull the plug. It's happened a few times.
"Where do you want to go today?" ads. Probably as socially responsible as marketing 400kmph racing cars to people who barely know how to drive. And when they crash, just engaging in hand-waving "They should have known".
No, I don't have the answer.
Just another "Cubible(sic) Joe" 2 17 3061
Or maybe the botnet is doing its job?
You can never be sure.
Also - Ubuntu = happy and secure?
If you mean blissfully ignorant and obscure, then sure.
The bottom line is this: Operating systems ALL have security flaws. Operating systems all have exploits. Operating systems all have functions that can do bad things.
In the last two months I have seen a huge increase of spam from distributed locations around the world and I get them in bursts at irregular times. The new junk is the backscatter spam that they send to other people, existing or not, and resultant rejections if they don't existing gets bounced to us. I think that burst of spam is bots controllers telling their slaves to send out spam simultaneously thus the resulting spam burst on my system.
If someone can find the most of bot controllers and then "cleans" those slave systems so there are less of them so we can have some peace. I'm not advocating killing them like the Russian Mafia:
http://it.slashdot.org/article.pl?sid=07/10/11/2157244
but torture them until they relinquish the password to their system so we can find out where the slave systems are. I have no problem sending them to some gulag in some God forsaken former Communist country have them beaten the living daylights out of them.
...and so-called security experts tells us to throw away our anti-virus software because they are obsolete, imagine what will happen to the Internet if everyone started doing that. The bottom line is, at least protect your PC against the known threats, we don't want 4-year old worms pumping out spam from every possible machine on the Internet.
www.cybertopcops.com
Except that Windows has you run as administrator so malware can do damage to the O.S. where as Mac and Linux run as a user so malware can only damage the user account. Malware rates might be the same with a similar user base but the damage done would still be vastly different.
Tired of all the isms, don't exploit people as an employer, or a government, mmmmK?
That is fortunate, since I don't want it.
I have to admit, I think I had an aversion to malware, even before I became a zealot. There are those who avoid infection for pragmatic reasons, and those who avoid infection on principles. I've always been a wishy washy flip-flopper on the issue. Maybe I should hand in my zealot card.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Executable files have been completely blocked from outlook and outlook express for many years now. I'm not sure you know what you are talking about. It's non-trivial to open an .exe attachment in either program.
There has to be some attempt at control. Obviously too much control is a bad thing, but no control is just as bad. Anarchy doesn't work as a government, why would it work on the internet?
I do not agree with blocking port 25 traffic and only allowing designated SMTP servers, but I do believe it is the ISP's and the end user's responsibility to make sure infected machines are handled in a quick and effective manor. The ISP should monitor their network for this type of activity and contact the end user so that the problem can be addressed. If the problem isn't addressed, the end user's computer doesn't need to be on the internet.
I don't want to hear that crap about "it's my computer I can do what I want" either. You're not allowed to drive on the sidewalk just because it's your car.
So what happened to Kraken being the largest botnet with an estimated 400k bots?
And you drop mail from my home-run email server, too. You're saying that home users should only be able to download stuff from the web, and that's the only way they can participate on the Internet? I thought the Internet was built as a network of computers that were all peers. Your "solution" makes separate classes of computers depending on how they connect, which would mean that you could only be a provider of content if you had enough clout in the right places. Sounds wonderful.
My blog. Good stuff (when I remember to update it). Read it.
My ISP has an optional firewall with quite a few settings, including "block outgoing port 25 to any system besides our mail servers". The option can be changed easily through the user control panel, and defaults to one of the more secure settings.
Best way of doing it that I've seen yet.
Breaking Into the Industry - A development log about starting a game studio.
There are plenty of things that your home computer can't do. It can't push BGP updates to backbone routers, are you up in arms about that?
The reason I am not taking your mail is not because you are at home. It is because you are wholly unauthenticated and trying to use my system's resources. 99.99% of the people matching those characteristics are spammers.
Solve the authentication problem, and I'll happily take your mail.
I can think of two easy ways offhand:
"Patriotism is your conviction that this country is superior to all other countries because you were born in it." -- GBS
I'm a smart software developer, so I'm pretty sure my computer is not affected (secured hardware firewall, etc). But how can I be sure?
You can never be SURE. You can just be reasonably confident. Some particularly hard cases...
- Rootkits corrupt the very pieces of the OS and utilities that you'd use to detect them, to hide the presence of their components. (Also they can corrupt any antivirus tools they know about.)
- Virtualization allows things like "Blue Pill" to create a virtual environment where the malware is running in the virtualization server and nothing is visible in the virtual machine except maybe some odd delays.
- RAM-only infections can vanish completely at reboot - requiring a reinfection to researt and leaving no trace (unless they plant a restarter trojan somewhere on the system.)
Regarding rootkits: One thing you can do to detect them is to compare what the filesystem shows when the system is running to what it shows when a clean system is viewing it from a live CD. Tools based on this principle are available, to look for files that are "invisible" when the compromised system is running and for those that present different contents from what they should contain - or did contain at setup.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
... and use them to force install all relevant windows 95 / winnt / linux / vista / osx / amiga / c64 / vic20 etc security updates.
(Ok, some of the latter ones might be fictional, but who knows.)
And when that's done, force the users to read a 10 minute introduction to how not to be a clueless n00b on da internetz --- the anti botnet software will only give the OS or what passes for it back, and remove every single trace of itself as the last step if the user successfully completes a multi choice quiz or something to that effect.
Now that'd be kind of cool.
ISO certified == THX certified
A friend of mine is investigating an interesting approach to spam.
From this article it quite clear that chasing the source of the spam is quite pointless.
His research is into tracking the destination.
Spams only make sense if they can make some money from it. This means the payload(content) must lead
someplace with a URL to order, a URL with adds, or a phone number for orders.
His blog is at:
http://spamdirect.blogspot.com/
I have to push him to post some of the more interesting stuff he has discussed in E-Mails with me.
One very odd note.
My domain unmailable.com get's no spam!
without any filters and addresses even posted publicly there is just no spam to it.
I think they must remove any mail reference to unmailable assuming it must not be a real domain.
I am always doing that which I can not do, in order that I may learn how to do it. - Pablo Picasso
I have a legitimate right to send SMTP from my machine - and I do so. I also run an SMTP server at home, have since 1993, when I got off of uucp.
Really? Read your terms of service lately on that home account? I'll bet servers are banned.
Theremite burns way too hot and fast! You want the malware to die slowly and painfully, thus gasoline. Duh!
Short of running every single new program in a clone of the machine inside an isolated VMware box, you can't do this with Windows, Linux or Mac.
Once capabilities get baked in to the OS kernels, you don't have to trust anything except the kernel, ever again.
Linux doesn't have it either, but at least we could add it if we really wanted to.
No they shouldnt be allowed to make those decisions.
They already are. If you actually read the terms of service most ISPs use, they reserve the right to shut you off at any time for things spambot-infested machines do, like "running a server" and the catchall "hacking or other malicious activity".
0 1 - just my two bits
Apple's are less likely to be targeted because their users are more observant. They know how to use their operating system and try to get the most out of it. Performance detiorating is going to cause notice. Microsoft users are smart and savvy as well, but not all of them. Alot of them are just used to the Microsoft way of doing things. They are never going to try an Apple or flavor of Linux. These users are the people the botnet makers are after. They are unlikely to do anything when they lose performance. Instead they'll keep signing on to check their email and use yahoo messenger. If they download a game and the exe is infected they are going to allow that port through and they are probably never going to remove it. If anyone removes it for them it's likely to be Best Buy or some kid that stops by to use it. You can blame Microsoft for convincing people that the Microsoft way of doing things is the simplest, and for giving out free software in schools to get people used to it. That's not the answer though. It's what people want. They wanted the simplest device to get online and go which is what the company has provided. Anyone that wants to take the time to dig deeper can easily spot a backdoor.
"I guess I'm gonna fade into Bolivian."
Support NYCountryLawyer RIAA vs People
And especially, show me the law and/or contract you have which states you have right to send the SMTP to any other machine beside your ISPs SMTP server.
I sincerely hope you stay blacklisted.
Show me the law that says I don't.
"Flyin' in just a sweet place,
Never been known to fail..."
You don't have an MX (DNS) record for your domain!
Without designating where the mail should go, you won't get much (if any).
Mail servers *do not* use ordinary "A" type DNS records for email!
Are you even running a SMTP server? It doesn't look like it...
So we apparently agree: the ISP has a right to stop your SMTP.
A very simple viewpoint that is increasingly common where people insist a system can be modelled by a single number but unfortunately completely wrong. Microsoft Windows gave us flaws that should be pure science fiction like being able to spread a computer virus with image files.
A recent experience demonstrated to me a salutary lesson in how this works.
I would consider myself pretty savvy in respect of spam/viruses etc, but recently I started working on a blog - and I'm sure as you all know there are blog spams out there. Well I didn't know that - why would I?! It's not something I had any dealings with - and you never see them on other blogs, because they get moderated out.
Now, I'm get 2-3 of these things a day and I just mark them as spam, no problem. But I have to say the first one had me good. It was a very vague comment on the blog, and I'm trying to promote my site from a marketing point of view. If someone seems unclear - standard marketing insists that you clarify the situation for them. And this appealed to my sense of "Cool! Someone's interested in my blog" - another victim of human frailty.
Now, I was tempted to reply to their e-mail address - but I didn't and replied through the comments on the site instead. Thing is though, the reason I didn't reply was not because I was worried about the malware effects but because I wasn't too sure what the procedure for dealing with comments was and I didn't want to offend my potential new customer and/or look stupid.
So alls I'm saying, it's people who are novices in areas (as everyone is at some stage) who click on these things. And given that there are 100s of millions of new PCs sold annually, literally there is one born every minute, or more accurately every second.
Genesis 1:32 And God typed
Pretty much any consumer facing OS is going to go into security rot if you don't keep up with patches. The default for Windows XP, since Service Pack 2, has been to automatically install patches. That's about as much as the vendor can do(short of improving the security to start with, go ahead and find some statistics about Vista exploits vs XP exploits if you don't think Microsoft is at least improving along those lines, I don't care enough about what you believe to prove it to you).
Nerd rage is the funniest rage.
Okay, so maybe _you_ get it... But it seems many don't understand the difference between doing things the right way and doing things the way the customer wants. I constantly fight this at work... I want to do things correctly, the business people "just want it to work" no matter what the costs. MS decided to go that route - give 'em what they want. Until users truly want security over convience (or at least both equally) MS will dominate. I never meant to say Linux is doing it "wrong", just not the way for quick mass adoption.
No comprende? Let me type that a little slower for you...
Point one: That's not an example of "hacking/being hacked". That's an example of a virus that relies heavily on end-user stupidity. I.e., executing a file with elevated permissions.
Point two: It's not a prevalent exploit, with Symantec estimating that there have been fewer than 49 infections over the past six years.
We have a lot of programs written by people who simply do not understand security issues. Windows, for example,I couldn't agree more! Oh, okay, I did get clever when snipping that quote, but more seriously, Windows was clearly written by people who were not terribly concerned or competent when it came to building a multiuser, network OS. The preponderance of exploits that take advantage of remote, privilege-escalation, and auto-execution exploits in Windows and the Microsoft applications that come bundled with it underscore this point. Name a single Linux remote exploit, patched or not. Name a single Linux privilege-escalation exploit. Or a single auto-execution one of the sort that had Outlook Express automatically installing malware if a user just received an email with a malicious payload.
You just can't hope for a sturdy structure if you're building on a crumbling foundation. Security incompetence can bring down the sturdiest structures, but it takes far more than "just not being completely incompetent" to secure a structure that could be blown down in a breeze because it's so shoddy.
What if all a user is guilty of is not downloading (or being able to download) a few dozen megs of patches from Microsoft on a regular basis, in order to correct the egregious security flaws that require no user interaction as they infect a machine?
That's a lot of the problem-- Outlook and Internet Explorer are prone to just automatically executing whatever they encounter with elevated permissions if they're not patched and locked-down completely. End-user incompetence is not the only thing to blame anymore.
I will say that it's unfair to everyone else who pays to use the internet & run or utilize services that people who aren't maintaining their computers competently are able to make a mess of things. ISPs should be more proactive in kicking machines off their networks that exhibit evidence of being compromised.
I don't get your post. We still have amateur engineers working in their garages all over the world. Yet, we require PE certification if you want to design/build a bridge for the government.
They aren't mutually exclusive, ya know. (and yes, I realize MSFT *could* make the mutually exclusive....but it doesn't HAVE to be that way by default)
Just like other engineering disciplines, programming will have many different "levels" of competence. Some folks will be amateurs. Others will "know enough to be dangerous". And still others will know it inside and out. The idea is that the marketplace needs a way to differentiate between those groups. Right now, there is 1 group: programmers.
Some are good. Most are bad.
Question: Is there a blackhole list maintained for malware infected IP addresses? (Maybe not, since so many are on dynamic IPs at DSL providers).
If a national police agency (maybe with the support or assistance of the NATO cyberwarfare group) were to compile a list of IPs, times, and associated network providers whom are known to be infected (and the associated evidence), is there no rule of law that could be used to ask a court for an order to force the ISPs to shut down the accounts of the individuals with the infected computers?
I mention NATO and/or Interpol because obviously it needs to be done in as many countries as once.
Yeah yeah, I don't want a police state. But clearly what's currently being done is NOT working well enough.