Slashdot Mirror
Cisco CSO Says Antivirus Money "Completely Wasted"
mernil writes with an excerpt that kicks off a story at ZDNet Australia: "Companies are wasting money on security processes — such as applying patches and using antivirus software — which just don't work, according to Cisco's chief security officer John Stewart. Speaking at the AusCERT 2008 conference in the Gold Coast yesterday, Stewart said the malware industry is moving faster than the security industry, making it impossible for users to remain secure."
Why pay for it, when there are plenty of free alternatives?
Companies are wasting money on Windows ;)
Patching software does work though, I don't see the alternative if you have an exploitable bug in your code? You want that code fixed. It doesn't matter if no damage can be done to your system, you still want all your applications running as expected.
which is totally what she said
As a desktop linux user, has anyone EVER gotten a virus? Or better yet has any anti-virus program saved your ass?
I read this story yesterday, and the quote is a little misleading. Here's the context: "If patching and antivirus is where I spend my money, and I'm still getting infected and I still have to clean up computers and I still need to reload them and still have to recover the user's data and I still have to reinstall it, the entire cost equation of that is a waste."
"It's completely wasted money," Stewart told delegates. Exactly. If it does not work, the money spent on it is wasted. Not exactly controversial.
Floating face-down in a river of regret...and thoughts of you...
But all the money spent on Cisco's obscenely overpriced security appliances is well spent, right?
There are a lot of people profiteering in the computer security market, and Cisco is up there.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
Unless he's expressing his vested interest in using hardware firewalls to keep viruses and malware away from the end user PC, this statement makes absolutely no sense.
Generally, a rational botnet creator would tend to try to pwn the low-hanging fruit first - i.e. the ones that have no updates, malware detection, AV, etc. Only if he/she is unable to get a large enough botnet after applying those tools would one resort to the higher-level techniques.
It's rather like saying that Timothy McVeigh would rather have used nuclear ordnance when a U-Haul full of fertilizer served his purpose just fine...
Sure the current antivirus industry isn't protecting us 100% (or even close) from viruses. But if there were no antivirus industry, that protection level would be a lot closer to 0% than to 100%. And the risks and losses would be much greater. Probably the global Windows installed base would be a botnet, making the Internet an impossible, not just an inconvenient, platform.
I don't think that Cisco's CSO is a total waste of money. But if he's going to equate "inadequate" to "nothing", Cisco needs to upgrade him and get its money's worth.
--
make install -not war
Need any more reasons to buy a mac?
Most free anti-virus apps available are free for personal/non-profit use only. If you want to deploy them on a commercial network I beleive you have to pay for almost all of them.
From TFA:
A better way of dealing with the unknown is to use whitelists â" where only authorised or approved software can execute, said Stewart.
"I'm sick of blacklisted stuff. I've got to go for whitelisted stuff â" I know what that is because I put it there," he said.
Hasnt he heard of PolicyKit in linux?
The A/V industry is having difficulty keeping up with the ever evolving and growing malware industry, but "completely wasted"? I don't think so.
For Geeks who delete suspicious emails, use Thunderbird (so emails are not rendered in the IE engine), etc., sure, an AV may be a useless waste of CPU cycles. But for the nontechnical user, it's important. While it's difficult to keep up with outbreaks, it's important for older viruses in the wild- something Grandma may not catch.
Now, as for a whitelist. Dumb idea. It puts too much power in the hands of AV companies (who can say "$$$ to get on the list!" or if users can change it, they'll get "IMPORTANT WINDOWS UPDATE- REMEMBER TO ADD TO YOUR WHITELIST!". What about unsigned programs? Updated versions?
A whitelist might work for children, for work PCs, for other non-administrators. But people ultimately want to install their own programs without the blessing of company XYZ.
And, as a geek, I strongly disagree that it's impossible to remain secure, it just takes a little training. I know nontechnical users, I teach them for 10 minutes, and they have good habits. Don't open emails saying "A greeting card from a classmate", don't run unsolicited programs, if you get an email saying it's from chase.com "Important Account Update" visit their directly, etc.). Those habits go a long way, along with some layered protection (ZoneAlarm Free, Router w/ a firewall, Avast Home, Immunize in SpywareBlaster, and Immunize in Spybot S&D). That user still has some trouble with some tasks, but with a little common sense and some good protection, they've stayed infection free for 4 years.
(And, of course, I fix the computer as a friend, and I occasionally run rootkit detection and AV from a LiveCD just to make sure).
Correct, patching your systems isn't going to protect you against state-of-the-art malware. What patching does is protect you against script kiddies running exploits that are 6 months old. The majority of the successful attacks I've seen are against old vulnerabilities, not new ones.
Additionally, patching isn't just about security. It's about fixing software bugs that could cost you time/money later.
This has been the case for quite some time. Expect signed binaries to come before long because people can't stop downloading and installing the malware. I dislike the idea, because it can lock some legit folks out of a platform, but expect something like a trusted developer program across all platforms in the future since people just can't do the right thing, and when they make a mistake, there are no real consequences.
I haven't run AV products since leaving for college. I run a router with everything blocked but what I need. I run multiple Windows computers. I have a wife and kids. Yet we don't get viruses.
... )
I'm a firm believer that hardware prevention is much greater than AV detection.
Once a friend challenged me, saying that "there's no way you have no viruses" so I let him run the scanner of his choice on the desktop at home. A few hits, all cookies. No viruses.
And I haven't reformatted Windows in 3 years (replaced the HDD, so kinda had to
If you know what you are doing, you don't need AV. Now do my parents have AV? You betcha.
Like this, which are designed to keep you off a network unless your system is up to date with all major OS patches, and has antivirus software with current definitions? If it's a waste of money to spend effort on keeping up with patches and antivirus software/definitions, I think it'd be hard to argue for spending money on systems which enforce hard-line policies (thus not only "wasting" IT's time, supposedly- but now also wasting employee time as they can't work until things are fixed.)
Please help metamoderate.
If John Stewart doesn't think antivirus software works, why doesn't he just fix everything with his magic Green Lantern ring?
Even if you made every OS somehow 99.999% malproof somehow. Someone would still be selling a Norton like utility that you need. Security is big business, since fear is the best motivation for buying you can have.
If they couldn't justify the fear, they would themselves research the holes JUST so they have something to patch or utility to sell us. While in a perfect world we could just patch our OSes for bugs and no need for anything running in the background to protect us from boogie men. Companies like Norton, McAfee, and *yes* Microsoft are going to make sure WE NEED THEM, since they see us more as $'s then end users.
waste of time! Just remeber how long it takes to get rid of a preinstalled `complimetary` Norton Antivirus Suite..
-- LP-Research
Cisco is integrating ClamAV in to their "Cisco Security Agent" HIDS product. They clearly think AV is useful, just not other peoples' AV.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
Yeah, I bought this anti-virus software for my Mac and it hasn't located a single virus. What a poorly designed piece of software!
"You are receiving HTML which speaks unfavorably about me. Cancel or Allow?
Does that mean "you can't visit randomwebsite.com because it's not on our white list?" How do you determine what to block?
I'm curious, because it does seem a lot more logical to say "here is what's allowed" than to say "here is a list of (we hope) everything nasty that's out there." An exclusive club doesn't try to keep a list of everyone who isn't allowed in.
I read somewhere that if I didn't run Windows as an admin, that would help a lot, which is what I do now, but to be honest I really don't understand the reasoning, other than that you have to be an admin to install programs.
because of this i run pirated av for free. it works really wel.
patches do more then make you secure and you should still install them for other things.
Oh, M$ patent, nevermind.
Invenio via vel creo
So following that logic I should cancel my company's global support contract for Cisco CSA { Cisco Security Agent} then? http://www.cisco.com/en/US/products/sw/secursw/ps5057/index.html
Whos says the alternatives have to be anti-virus applications? ;)
Sorry, but it is beyond laughable that this is news. Anti-virus software is like prayer. It lets you think you're doing something.
Anti-virus software is by its very nature a "post damage" measure, like closing the barn door after the horses leave. Of fixing the roof after the house is wrecked from rain.
The *only* way to prevent viruses is to understand that your computer only does what it is told and you need to control who gets to tell it what to do.
Windows, and we are talking about Windows here, is designed to allow foreign agents to control your system without your consent. Microsoft has so many holes in its system beyond just stack overflow exploits, but protocols and APIs designed to make it "easier" for application to do things "for you," and are we surprised that it is exploited?
Stewart said the malware industry is moving faster than the security industry, making it impossible for users to remain secure.
He then set his hair on fire and ran screaming from the stage.
AV is completely wasted money. Patching isn't. Especially for systems that expose that particular service to a hostile network. Internally behind firewalls, not as much of a threat, but should still be addressed. It all comes down to risk assessment. AV simply tries to solve a user stupidity issue with technology. That will never work, while making your systems less stable and more costly to maintain in the process.
The problem is Windows, and Microsoft could have fixed much of this, but decided that having an insecure OS, and making security and virus protection a profit center really will be their downfall.
Look at high severity security exploits for XP SP2+ and moreso Vista (even pre SP1). Choose your security reporter and even though these OS's are very popular they have a very low high sev count. You can no longer say Windows is the problem; you can say Windows WAS the problem.
As a desktop Mac user, has anyone EVER even heard of a virus? I mean seriously, has there even been ONE virus on OS X since it was released nearly a decade ago? I can even count the number of worms and trojans on two hands and have fingers to spare. Better yet, have you ever even installed anti-virus software of any kind? I mean, who even uses that stuff?? I think those virus things are Windows only ;-)
Cisco CSO Says Antivirus Money "Completely Wasted"
I take anything some stoner CSO says with a grain of salt.
--I'm not talking about dance lessons. I'm talking about putting a brick through the other guy's windshield.-
Cisco CSO says "You are all going to die so put down the muesli bar and pick up that burger."
He's right. Anti-virus tools only work against previous-generation attacks and inept attackers.
I read somewhere that if I didn't run Windows as an admin, that would help a lot
That's absolutely correct. If you avoid logging onto Windows as Administrator, you greatly lessen your exposure to security hazards. Especially since in the real world you can hardly run any useful software unless you're logged on as admin, therefore your using the Windows box less, and naturally, less use equals less exposure to danger. In fact if you just keep your Windows box powered off, then it will be the absolute most secure against malware.
I'm sure it's a common experience to Slashdotters to have a friend/relative show them their PC that they think it has a virus because it runs so slowly, when of course the reason it is running so slowly is all the anti-virus crap installed on it.
It appears that someone has hacked into the system you are using right now and disabled your spell checker.
I have two Windows computers that I use. They are rarely used (Govt issue). In addition I have 3 Macs, two Sun boxes (Solaris 9 & 10 respectively) and a number of Linux boxes. I run Symantec on the two Windows machines (comes pre-installed) but it has never caught anything. This is not because there was nothing to catch, but rather because I have very high security at the demarcation point of my network at home. I run a router with PacketProtector (a great OSS project...if you've not tried it out, you should) which runs ClamAV, Inline SNORT, DG, TinyProxy, etc. etc. etc. which pretty much stops everything in it's tracks. I wouldn't call it ready for prime time as there are still some bugs, but implementing the same packages on a old PC would be simplistic. My point is that it's relatively easy to stop darn near everything at the entry point to the Network rather than waiting for it to make itself known on one of the PCs. Catching it on the host should be the last resort, not the first line of defense. Hopefully projects such as OpenWRT, PacketProtector and IPCop will make it easier for the average user to make this a reality. There is certainly a need for more effective anomaly based analysis and filtering vs. signature based, but there seems to be a lot of progress in that direction by SourceFire and others. Of course it would be nice if MS would stop producing virtual petri dishes, but in the mean time....
Cisco says they have a great new hardware firewall that will stop *ALL* malware. You just need to sign a contract indemnifying them should you have a malware outbreak on your network...
The real question is why are people having such a problem with this issue in the corporate world.
Set up the PC's to only use / install / visit white listed sites / software.
Set up a secondary network of Virtual PCs running on people's PCs for any non-white listed activities under the assumption that you (or IT) can blow away the VPC at any time. With file transfers between the networks only allowed through a regulated FTP server.
Am I missing something?
Oh yeah, and keep the production servers from having any access to the internal network. (although I assume that didn't need to be said.)
* http://www.sophos.com/pressoffice/news/articles/2006/02/macosxleap.html
* http://www.sophos.com/pressoffice/news/articles/2007/11/mac-osx-trojan.html
* http://www.sophos.com/pressoffice/news/articles/2006/02/macpoll.html
"Mac users cannot keep thinking that they are invulnerable to these threats." -- Graham Cluley
Gonna make any other jackass statements?
If you haven't been down-modded lately, you aren't trying.
Sacred cows make the best hamburger.
To do what? Design creative images of puppies all day? Macs suck: http://www.thebestpageintheuniverse.net/c.cgi?u=macs_cant
"Stewart said the malware industry is moving faster than the security industry, making it impossible for users to remain secure."
well, MAYBE it's moving so fast, because
anti-virusmakers are neutralizing threats fast,
and the bad guys just have to come up with new
"exploits". which is a good thing(tm).
i'm sure even bad guys stick to the mantra "if
it ain't broken, don't fix it" (i know ms does;
but a certain fruit doesn't.)
side note: cisco won't exist in a few years. go
untangle! go linux network stack!
Just get a separate hard drive or a flash drive and store the stuff you need there. Then have a reformatting partition on your drive and press f11 during startup to clean everything out. If this process was faster and easier, anti-virus would be out of business completely.
Help fight spam
so according to john, i shouldn't use any antivirus or protect on my computer because at some point i might get a virus or malware that the software i'm using won't protect me against.
cisco ought to smack this moron and throw him out on his ass.
his statement is the equivalent of me drinking, eating and doing drugs because, what the hell, you can't stop death.
point is, you're not going to stop or prevent everything, but the ones that you can stop, you should.
The problem is that it's not just a software deployment issue. Stewart is advocating whitelists but many times exploits are simply exploiting holes in services etc. To enforce a whitelist would require additional software so that the OS could differentiate malware from say the service it replaced.
No, to do actual work as a Unix programmer. You would know this if you were a technical person, but you obviously aren't.
Its a process that includes programs, applications, training your users, and a bunch of other things.
Unfortunately, when security works as it is supposed to, you rarely see a return on your investment, until you miss something and suddenly the cleanup costs are astronomical.
However, on that same note, there are many companies (I am sure mine is included), that like to use security as a fear mongering tool to generate sales. And while yes, I do work in the security industry, I am a consultant, and I do not favour 1 product over another, I pick the products that suit the job at hand (I prefer to be vendor agnostic)
I came, I conquered, I coredumped
If you spend any money on Symantec products.
They way they work to prevent viruses and malware, is to take up all your system resources so that no other malware/viruses can run at all.
Pretty brilliant I think.
The price is always right if someone else is paying.
okay, genuine question... who's got statistics on malware infections on windows that can be used to separate 'by trickery' versus 'by automated exploit'.
And 'by trickery' I would take anything from "double-click this exe in this e-mail to see a naked chicks!" to "you must download this program to play this audio file"; i.e. anything that actually requires the user to okay the action taken in one way or another.
Automated I would assume anything that either requires no user interaction whatsoever (somebody hacks into the machine remotely) OR happens as part of a drive-by (old outlook exploits, old IE activeX exploits), and throw in the "print list of links" exploit from a week or so ago that is an exploit of a non-default feature, but certainly a feature when enabled wouldn't give the user the impression that it might do Bad Things (as opposed to a checkbox saying "automatically load and execute any programs referenced from a web page".. or something of the sort).
IF those statistics show the latter category to outnumber the former by a large factor - yay, Go Linux/BSD/whathaveyou.
If not - I'm sorry, but other operating systems would be affected just as well. Okay, perhaps the malware can't gain root; woop-dee-doo if the purpose of the malware is to simply connect to web servers / send e-mail / do anything the -user- might do, and is allowed to do, themselves.
The problem is the users. No matter how secure you make an operating system users will still click on every link and give people their passwords.
The problem is one of design, this applies equally to all OSes.
The OS should protect effectively and transparently users against such occurrences.
Some hardened versions of popular Linux and UNIX systems come close, but are so difficult to administer that people tend to pray and hope to ensure their machines are safe....
IANAL but write like a drunk one.
How many of those copies of Vista were licenses only and were not even on the computers when they left the factory? How many when the PC's arrived at the end user? How many haven't been wiped since they arrived at the end user?
I ask because in my experience that process shrinks the numbers considerably.
You should not count reverts and license only sales in your 'win'. Those show only Microsoft's immense marketing powers, not the adoption rate of Vista.
Help stamp out iliturcy.
Good idea though, like the approach... http://roboeco.com/ - Get Busy working on the End of Work
The Future is already here, just unevenly distributed... THE ROBOTIC WAGELESS ECONOMY NOW! http://RoboEco.com/slash
Even though Avast costs nothing, the GPP still had to spend time on installing and configuring it.
While it might not be possible for a large corporate network to keep out malware through traditional antivirus approaches, it's entirely possible for a cautious home user to keep their system clean that way. Yes, even with Windows. The difference is that the large corporate network has a ton of users, and it's a safe assumption that many of them will not be careful. My home network with two careful admins/users is fine.
The problem they're talking about is how an informed network admin can guard against the stupidity of his users... on a home network, if you've got a stupid admin/user, no amount of whitelisting, blacklisting, antivirus software or ANYTHING is going to help.
So the idea is that the nasty things sneak in via other doors than the ones you would normally use, and you close those, then keep a record of everything that comes in and out of the open doors? And if you had, for example, spyware, you'd see it trying to phone home with the info it has gathered?
I'm just not educated on ports and routing and such - as my handle indicates, I'm only a wanna-be nerd. :)
The problem is that you will never know. Every company on Earth would love to cut their advertising budget by half, but they can never be sure which half is actually effective. In the AV world, you can never really know if your ass has been saved. If you cut your AV budget it's possible that only half your ass will be saved. Most half assed things are like this really - you can spend and spend and never see the benefit.
Yes, that was sarcasm.
No calls now, I'm
Oh, wrong site.
At the enterprise level, absolutely. I am CCNP so I may have a bit of bias, but I have used and configured (very in-depth) virtually every enterprise level routing & switching equipment from every vendor and I can say with 100% confidence that Cisco is at the very top in performance, scalability, featureset, and reliability.
I do agree that they are nowhere near cheap. For a lot of our small to medium business clients it makes Cisco a cost-prohibitive solution and forces them to use gear from Dell, HP, Extreme, etc. which are more along the lines of 'sufficient'. It would really be nice to see Cisco begin to react to market demand and try to scoop up the smaller business market. Fuck, I end up having to order a few Dell L2 and L3 switches (which are the cheap trashy hookers of the routing & switching world) a week for small business clients because, at a 3-6k price difference, it makes no sense to the customer. Even if Cisco were to come down to within 1.5-3k of their competitors it would start to make sense.
Don't get me wrong here...I am not a Cisco fanboi. I use their equipment primarily because one thing is definitely true...Cisco is still better. (although some vendors out there like Force-10 are showing some serious promise.)
You have GOT to be kidding me. You actually think that is a security threat? You want another Jackass statement? You're a complete tool, desperate to try and find some way to make your platform of choice seem less inferior to one that is actually secure.
Modding Trolls +1 inciteful since 1999
I am in security design and I can't tell you how many times my peers tell me I'm crazy for not spending more time patching systems than using them otherwise. My own belief is that most patching is a wasted effort and tends to break more than it fixes. Apply some common sense change management, do fixes quarterly or something.
My platform of choice is Ubuntu. And unlike the AC who started this sub-thread (or like you, evidently), I'm not enough of a moron to believe that I'm invulnerable.
The biggest security problem with any platform is not the platform itself, but the user. If the user does something stupid (like opening up an insecure attachment), then they've got a problem. Anti-virus and patch programs can only go so far in protecting users from their own stupidity.
If you haven't been down-modded lately, you aren't trying.
Sacred cows make the best hamburger.
AV is pretty much worthless these days. By the time the defs are out, someone's already got their foot in the door. Plus, it's damned annoying. Even AVG reboots my poor XP SP2 laptop every other bleeding day, although that's gotten better since the upgrade to 8.0. Patch management, on the other hand, is nothing more than an extension of software development.
It's like pulling up your fly when someone says, "your fly is open" (patches) verses just wearing black underwear and hoping to hell nobody notices (av).
What some companies might find a lot more value in is taking the money they hand over to Symantec and McAfee and punting it over to HR in order to write better zero-tolerance policies, better security awareness seminars and training, and better cultural integration. After all, the least you can do is tell someone they their pants do have a fly, and it just might possibly be open some days.
Then have a reformatting partition on your drive and press f11 during startup to clean everything out.
That's a bit complex. Why not just run a liveCD then? Cache it into RAM, and it runs very fast.
What?
An "actually secure" OS? Which one is that? As far as I know every single major OS in use has exploits available. If you believe "my system is safe because I run [OS name]" you are taking the wrong approach to your security model. Security is not software, security is not a product. Security is a process which is the same regardless of the OS you chose to run.
"But this one goes to 11!"
I completely agree with autor. Recently I checked a infected file in a antivirus site. From 32 commercial antivirus products available, only 15 catched the virus. Was just 47% efficiency. Nor the most *biggest* famous AV software catched the virus. AV, today, may be needed, but simply too much inneficcient.
Antivirus isn't a complete solution, and if you are scrupulous about the software you run and how you use it you don't need it, but it's useful because, well, not everyone is a geek.
Whitelists aren't a complete solution, because among other things you would need to eliminate most of the most commonly used products on the Internet, including just about every media player and both major browsers on Windows. And whitelists have a huge cost in productivity loss.
You use both, and allow exceptions.
I have a brick here that runs "Mortar OS". The OS doesn't support TCP/IP, or even a keyboard, mouse or display for what matters. I think it's probably the only secure OS in the world. No input, no exploit, right?
Of Code And Men
On linux world, you have a by default whitelist called "distribution", and probably exist or is easy enough to write a shellscript that checks that everything that is running comes from your distribution installation.
But for windows, where the main source of install programs is "out there", how practical could be whitelists? Programs and updates should start to provide their own entries for whitelists if they want that they ever got installed, and once in that road, that lists could be "infected" with malware entries.
Anyway, in all cases, an advanced enough rootkit installed maybe could hide most of itself from blacklists, whitelist or plain antivirus.
This is exactly the statement I would expect from a company who doesn't innovate anything in security and whose security technologies consist of purchasing other companies' products, painting them blue, slapping a 4 digit number on them, and selling them as their own with poor management, support and integration.
I wouldn't take what any Cisco security executive says seriously.
-J
Our Symantec Anti-Spam for Exchange blocks over 5000 emails a day. I'd say that's money well spent.
The greatest revenge in life is massive success.
hahaha, c'mon mods, this is funny
Yeah, kind of like the old "The only secure computer is one that is connected to nothing, has no software installed, is locked inside of a safe and then encased in concrete at the bottom of a lake."
"But this one goes to 11!"
While MS is fairly porous and is about the easiest to write malware for, the time will most likely come when either another OS has over taken it or MS finally learns to hire decent arch/coders (most likely the first will happen). The problem is that once another OS is massively dominate, or Windows is more secured, then we will see the malware target the other OSs. Keep in mind that there are several groups out there. You have the security minded hacker who targets Windows because of the ease (kind of like a dick cheney/W hunting trip). But you also have a groups out there that takes that code and make money from it. To them, they need lots of systems to form botnets. As such, once they believe that they can obtain LOADS of Linux/Apple/BSD/whatever, they will target those systems.
I prefer the "u" in honour as it seems to be missing these days.
Funny that he say that, today in the EusecWest security conference, a security researcher is presenting a generic rootkit that works in nearly all the cisco routers.
Is a pretty shocking piece of information in that he can pwn a huge piece of the internet infrastructure, and now the supply chain of routers and network appliances must be strictly controlled.
I don't know wy nobody submitted it to front page yet.
In the 15 years that I've used a computer I have been to bulletin boards, warez sites (countless warez sites where I obviously only downloaded demos), torrent sites (again for demos), etc, etc, etc. I've also visited various hacker sites (for research info and to help with my own security plans) and probably stumbled accidentally on many, err I mean a few, adult oriented sites. I've downloaded multiple programs (all free, freeware or demos) and during this time I've never had a virus and never used anti-virus protection. Why, because if I know where I go and I know what I'm clicking on and I know what I'm downloading then I will never have a problem. The ones that "catch" viruses are typically the ones that are too stupid to know that a guy offering you $5 million of his $25 million of a bank transfer from Nigeria is not legitimate and well, they deserve the virus. These are the same idiots who click on Google ads and give Google money for being a worthless company. I have no sympathy for those people. If you are too stupid to know what you are clicking on then you shouldn't be clicking in the first place...and those parents who's kids click on stupid links need to butch up and discipline your dumb offspring and save the rest of the world the hassle.
Ok, rant is over now...I must confess that I did get one virus once...it was actually part of an experiment prior to wiping out my drive and reinstalling my OS - I wanted to see what a virus could do....and mind you it was a virus that I, myself, manually had to activate and not some omnipotent super virus that "infected" my computer on its own because such a thing for computers does not exist.
...Linux gives you the whole house!!!
Want Big Business out of government? Take away the incentive and start by getting government out of big business!
Why would a malware writer write software that will only affect technically elite users? The goal in his eyes, is to damage as many people as possible through the least path of resistance. That means Linux simply isn't targetted. This is a stupid question.
:-)
You should really refrain from labeling other people's posts as stupid, it can backfire, and it does in your post - big time.
You assumption that Linux users are technically elite is ridiculous. Perhaps that was true 10+ years ago but in recent years any damn fool can install Linux and many do. Remember its the year of Linux and grandma can be browsing and emailing with Linux.
Your assumption regarding the malware authors goal is also naive. One, a *nix based system is highly desirable as it is a more capable platform from which to launch further probes and attacks. Many of the characteristics that make *nix based systems better servers also make them better for malware authors. Second, *nix systems are more likely to have valuable content to steal given their use as servers and in ecommerce. Third, ego is a big motivator for malware authors. Developing a *nix compromise offers far more "fame and glory".
so it's free however you want to use it.
I find it very interesting, as well as sad, to see this kind of solution. You're basically saying "you can't protect against malware, let's give up and use backup as the only defense".
Is this really what it's like? Is having malware violating your personal computer the norm? Is it really impossible to design secure OS's and applications from the ground up instead of making them full of holes and relying on "solutions" that pick up the pieces? Is it really better to do damage control than prevention?
I find that very hard to believe. I think it's more likely that the current state of the software industry is based on complacency and no respect for the customer and his or her personal data.
If it turned out that the maker of your main door lock made a shoddy product that allowed anybody to unlock it and have their way with your house... you'd be mad, right? You'd hold them responsible, want your money back, never buy from them again, maybe even sue them and ask for reparations if they acted like assholes.
But when your personal computer gets broken into you don't make a peep, you just sigh and use a backup, if they have one. Then it's back to the torture of finding and paying for antimalware, knowing full well that one day you'll get shafted again.
Someone please explain this self-abuse to me. The only explanation I've come up with is that people are ignorant and/or brainwashed into thinking there's no alternative so they'll put up with anything and think that's how it's supposed to work.
Software industry needs to grow a spine, take responsability and stop all the "no guarantees" crap. Than maybe, just maybe we'll see some improvement on the malware front.
i ate crayons when i was a kid and now i have two braincells and the blue ones taste nicer
It's not like OEMs are going to stop producing high end machines and things of that nature. Hardware is growing so much faster than software ever will. Plus, who is going to support these old machines?
(I forgot this is Slashdot, all that matters is that everyone run Linux...support isn't an issue I guess.)
It is called imaging... like Acronis True Image for example. Use partitions or store data on the server, then restore boot/application partitions and drives that get infected.
Completely a social problem. Alter your behavior and you're good.
I find being offended by me offensive.
There are some basic things you can do (keep in mind I am not a security expert):
1) Don't do wireless networking, but if you must then use WPA2-PSK and change the key every 14 days.
2) Let users use fingerprint-scanners instead of passwords.
3) Let the server run Red Hat (selinux and support)
4) All ports closed by default
5) Have something to automatically block clients that transfer data through a p2p protocol. Also block messenger protocols.
6) Change IE to FF on client pc's.
7) Have two guys working on monitoring ports all day long
8) Give everyone an email address and have your own web-based email service that blocks everything but *.doc, *.pdf, *.odf, etc.
9) Replace the encrypted password system on Windows clients with something that hashes the passwords.
10) Maybe you can experiment with modifying a Linux distro so that it has XPDE and a version of Wine that can run MS Office (if you use MS Office) so that it can save you a lot of problems.
Here be signatures
While parent fully deserves the -1 Flamebait mod, he does have the point in that sometimes you can be better off trading some security for productivity.
A friend of mine works for a company developing a product called Savant anti-virus. It's not free, but it works basically by locking down a system so that only white-listed applications can get access to CPU time, or something like that.
For the standard home user this would probably be a burden to deal with, but for a business wanting true security there's really no other way to approach it.
life is a tragedy to those who feel, and a comedy to those who think
And as for Apples various OS products? Well they have only a tiny market share.
Wrong. From Tuesday's slashdot main page, 66% Apple Market Share For Sales of High-End PCs. These are the computers any self-respecting botnet operator would drool over.
So don't YOU be naive.
This idea that Linux is immune from viruses is just stupid
Name one Linux virus in the wild today.
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
I can't name names, since I'm under NDA, but there is a certain giant, world-famous brand of database and application software whose client software piece will not even install unless the windows logon user is a member of the local admins group. Even though you can technically run it after it's installed as a lesser user, you can expect an endless stream of nitpicky problems until you also make that user a member of the local admins group as well.
Another is a well-known brand of drawing software.
My employer does contract work for state/local governments and probably half of all the niche apps written for the Windows platform for the state/local public sector market, expect full access to the entire machine because most of that software was written by idiots.
Having an immune system means sometimes getting sick, but usually not fatally.
Having NO immune system ( == AIDS ) means you need life-support, soon.
Computers are born without immune systems: We apply them.
HE may find having an immune system is a complete waste of resources, but *I* don't.
HE may find that reducing frequency/severity of infection in the systems he's responsible for, very very significantly, is an absolute waste of money, but *I* don't.
He's insane, or delusional, or incompetent, or working secretly for some malware-vector.
That would be great if you didnt have to reactivate your copy of windows every time... remember there is a limit.
Following the "virus" metaphor from biology, if the computer is an organism, and AntiVirus is part of its immune system, we should realize that at some point, just like any biological organism, the system will die.
A healthy system may have the latest and best immune system known to man, but this does not guarantee and should not be construed to mean that the system is invulnerable or immortal. It is merely immune or resistant to the diseases that it has been exposed to or evolved resistance or immunity to.
We don't expect medical science to ever eradicate all disease and make us perfectly healthy; why do we think it's possible for computers? (Or conversely, why do we think that building an immune system is wasted effort?)
Then again, perhaps turing/von neumann machines and biological organisms aren't so similar after all. It's hard to assess whether this extended metaphor is too forced to be useful or not.
You see? You see? Your stupid minds! Stupid! Stupid!
Oh wow, one worm or trojan per year. And both require an extremely gullible user to help the infection process along. I think we can handle that over here in Mac land.
Gonna make any other jackass statements?Wow, no need to get your panties in a twist about it. The only jackass statement I see is the one you quoted above. Anti-virus really just isn't that relevant on OS X. In fact, I'd go so far as to wager that anti-virus products have caused more problems on OS X than the malware they are designed to defend against. I've never heard of a virus wiping out your fink install like Virex 7.2 did. There hasn't been a single OS X virus in the wild that I'm aware of since OS X 10.0 debuted back in Sept. 2000. The number of worms and trojans is also absolutely miniscule.
Yes, in theory, you're vulnerable on OS X too. In practice however, you're almost invincible.
Really, Malware today is not made by cellar door hackers who wants to play pranks... today malware is tools of organized crime... So, AV companies like Kaspersky, Eset etc is today fighting worldwide cybercrime... And we computer users must pay them to do it... Do we pay our local cop company to deal with crimes in our neighborhood? nah...
I think the Antivirus thing should be handled by an international Cyberpolice, say a joint venture funded by the EU, United States China Japan etc etc... they hire the worlds top security coders & researchers, put them on to develop a kick ass hasslefree & paymentfree AV app that updates daily. The fundings & resources behind such an app would be enormous compared to what private AV companies have at hand. Every internet user should have a AV and it should be as natural as having a police station in your neighborhood.
Safeties on guns, seat belts, helmets, and many other saftey devices have failed, but we still use them. If Cisco had any AV solution that was worth advertising to sop up your budget, they'd be singing a different tune.
The whole point of any security device is to stop as much as it can so we can focus our time on important issues, like improving security. Only a fool would would think it stops everything, but even considering the alarming studies showing what gets missed, you can bet it stops enough to justify it in your budget.
Nothing in security is perfect. All I need is a server in a 3rd world country to idle scan your network without giving away my location. Doesn't mean I'm throwing my firewall and IDS. With this mentality my spam filter would have been tossed within an hour of use.
It is quite possible to design an OS that cannot be attacked by malware. However, Microsoft is probably not interested (profit-wise) in designing such a thing. Once you have such an OS, you're not interested in upgrading to the next OS, if you're a business trying to save money. Instead, MS pushes DRM, which no consumer wants to touch with a 100-foot pole. I recently came across a MS patent covering an OS that is downloaded by an OS-free machine. Your future OS will probably be rented and downloaded from a server.
Cisco is trying to peddle the mantra "network apps are more secure because they cannot be attacked as easily is desktop apps". Well, network apps are more expensive (hosting is very expensive), unreliable (because they use networks) and slow (depending on how many users are using the remote server).
The worst part is, network apps allow Big Brother to completely spy on all your activities on the computer. No way we want this.
I just started going to our agencies security conferences with our ISO. OMG, I had no idea. They describe very discouraging and frightening scenarios on the current state of the internet infrastructure security limits. Listening to these security experts the only secure computer is one locked in a box and buried in an unknown location. And even then they'd worry. I have a router, full blown internet security suite set to maximum secure options, I only work/play on my computer as a "limited" user never as an "administrator", set all my internet security settings to maximum when switch over to do general/entertainment internet browsing, install security patches immediately. Even with all this they scared the heck out of me.
You're right... Numbers matters and attacking windows gives a better return of investment...
BUT, on Linux the distributions are responsible and capable of patching exploits. On windows that job is done by the anti virus vendor, who creates an application that looks for code that takes advantage of a known exploit... Tell me which model do you is best...
If the day comes and linux is seriously targeted (never mind it's superior security system) linux users are much better protected because they already have a fixing model that works way better than, than that of windows...
"how will PC users in home environments know what to put on a whitelist and what not to put on a whitelist?"
If the OS was designed properly then the Installer would keep a whitelist of known good applications. If the app isn't on the list then it don't run. There would be no other vectors for malware to get on the system.
For online updates it would verify the update using digital signatures and so on. There would be a strict division between updating the core OS and lets say adding a new font to the Browser. So in the event of you clicking on a URL and something.exe attempts to run, the Installer triggers and prevents it, same for email attachments. Remember the Installer only needs to know about good software, therefore it don't go out of date.
For added protection the Installer could run from an embedded device, app signatures encrypted obfuscated etc, making itself immune from compromise. Yes I know about in-memory hacks. But at reboot the Installer would remove anything that wasn't on its WHITELIST.
davecb5620@gmail.com
"It exists malware for both Apple and Linux too, but not in the same volume as for Microsoft's OS:es"
What about on servers, there's an aufull lot of nix boxes out there, with lots of jucy creditcard details on them.
"This way of relaxed behavior is kicking back because it also makes it easy to create malware"
Ease of use doesn't necessarly lead to lax security. A locked down Linux box can still provide a full feeture experience. You can click on URLs and open email attachments with 99.999% safety. Chief reason being that 'OPEN' isn't the same as RUN.
On non Unix platforms, you should run all the security bits on an embedded device, that way the 'malware don't compromise security.
davecb5620@gmail.com
"If you want to deploy them on a commercial network .."
.. :)
What's the point, they DON'T WORK !! Right now in this place, every time I plug in my USB stick I get a 'virus'. I only know this when I get home and see a pile of *.EXE files on it when I boot up my RedHat box
davecb5620@gmail.com
One thing all malware must do in order to be useful to its creators is to connect back to some other resource via HTTP, SMTP, etc, so we may end up in an era where finding the actual intrusion itself is pointless and so we would be better served to instead model its behavior by looking for outbound anomalies.
Wow, does anyone else find it extremely ironic that Cisco would publicly tout such a message, considering their Clean Access product? ( http://www.cisco.com/en/US/products/ps6128/)
Many universities (including the one who's IT department I work for), use Clean Access to verify that clients have AVs and updated OS installs before allowing them on the network. It is the bane of my existence, and this just further reinforces my feelings on the false securities it creates. But I never thought I'd hear it from Cisco themselves.
People don't go after Linux desktops because they are much harder to break into. What about all those nix servers out there. Linux isn't 'immune' but when properly configured you don't get infected by 'malware' merely by clicking on an URL or opening an email attachment.
.. :)
Bank: N.H. Hannaford Customers' Cards Compromised
International Hackers Indicted for Sniffing Credit Cards from Dave & Buster's"
Windows sure has the most market share in getting your CreditCard stolen
davecb5620@gmail.com
That article has a seriously flawed 'qualified' statement-- can't believe you aren't considering this.
part 1 " Consider this: Apple's retail market share is 14 percent, and two-thirds for PCs costing $1,000 or more. "
part 2 "The share data is for first-quarter brick-and-mortar stores, as tabulated by the NPD Group. "
ok.. two thirds of brick and mortar laptop sales-- NOT ALL LAPTOP sales...
think about that-- if YOU were gonna spend over 1k on a laptop- would you go to best buy?
(I realize people do so)
but what percentage of wintel laptops in B&M stores are even priced over 1k?
who is being naive? apple fans at the mall.....
Ya know what! I bet they also 97% or more of all laptops depicting a piece of fruit as it's logo.
every day http://en.wikipedia.org/wiki/Special:Random
Whitelisting is a good idea, as Stewart suggests, but honestly I don't agree with him. You need antivirus software. And on that, free antiviruses aren't as good as paid ones. I actually tried out almost all the major brands -- free and paid -- and that's the verdict I arrived at. (Here's my reviews: http://avscan.blogspot.com/ )
t.
Yes, and what do you do when the server gets infected?
98% of America's teens drink alcohol, smoke, and have sex. Put this in your sig if you like bagels.
The MAFIAA is a bunch of mindless jerks who will be the first up against the wall when the revolution comes
Realistically, TFA's right in the sense that if the security field keeps doing things the way that it is, they'll always be behind. That's to be expected, but to suggest that we should be giving up is a bit on the overreacting side of things.
The conclusion to this is that we should be going from a blacklist to a whitelist strategy, and add more security into the chipset itself. As well as beefing up security to make sure that rogue programs don't get phlashed in.
Ultimately, even if a virus is detected before it's installed, if a person is so used to seeing false positives that they click through anyways, there's no point. Require a program to be specifically whitelisted or for the user to say that the program is trusted. Even if they're not right most of the time, they'll still be far more secure than the way it's done presently. It's just that much harder for programs to be installed stealthily.
Additionally, require websites to disclose up front who's scripts they're using would help a lot as well. Realistically, the XSS vulnerabilities which they introduce and the lack of candor about which servers should be allowed to host the scripts is a serious problem as well.
Using your comparison of malware to the real life scenario of your house being broke into, it's impossible to make a house that can't be penetrated (or would be so difficult that it's not worth it). It would be the equivalent of building a fortress and running it with the various employees. Assuming people wanted to get into your house to bug it for information (i.e. spyware), it would be much more efficient to have a cheap house that you can demolish and rebuild.
Help fight spam
if one reads TFA, one will see that his solution is 'whitelisting' software. Nothing runs unless it has been inspected and approved. This approach is working well for linux distros. The package distribution systems linux distros (apt, yum) are a type of whitelist.
I call BS on the moderation. Parent was NOT offtopic in the least bit.
I agree. More like flamebait, with a bit of troll thrown in.
"Is this really what it's like? Is having malware violating your personal computer the norm? Is it really impossible to design secure OS's and applications from the ground up instead of making them full of holes and relying on "solutions" that pick up the pieces? Is it really better to do damage control than prevention?"
problem #1 Windows. Windows was never designed with even the slightest concern around security, every type of security product for windows, has to compensate for the fact that every admin user can modify every file on the operating system that isn't locked by a process. and ever admin user can set a registry key to modify any locked file on reboot.
Problem #2 Organized crime. The Internet is a gateway to as much as 6 billion dollars a year in crime (if you count crimes that are hybrid, parts done online, parts done offline EG:laundering money that was produced from drug sales on the street, but laundering the money via Internet based scams etc). Organized Crime has been involved in Internet crime, as soon as they realized how much faster, cheaper, and better the Internet was for their core business, doing crime. Because of the resources organized crime has, they've made doing crime on the Internet a lot more straightforward. faster, better, cheaper, every crime syndicate has used technology the the fullest their paid hackers could come up with ideas for.
no longer are we protecting computers from a john doe with a gripe about religion deleting every file on the system every Sunday at noon...
Problem 3. The Internet. by it's very design the Internet is made for the criminal, absolutely no way for any single computer to stop any other computer from sending a message and preventing another computer from receiving it... firewalls at the border or ISP aside, the Internet was designed to allow communications in a post nuclear war holocaust scenario where only a few underground bunkers had survived. Worse still, ISPs network owners, just about everyone seems adamant against changing this even in the slightest. very few want every Internet transaction to be completely traceable, completely held accountable for both sender and recipient... ISPs don't want to upgrade their hardware to allow this, because it costs money, governments don't want to force this because they are corrupt and owned by crime families anyways... billionaires have security guys with 7 digits to protect their wealth so they don't give a damn either...
so a few nutjobs in security want everything to be traceable, and nobody listens to them... and all the free speech guys are against it because they know it would basically shut down freenets etc. anyone who pirates software is against it because they're afraid they won't be able to pirate in the future etc.
so, basically, you're left with Linux etc, which was designed loosely around UNIX, which was hardcore about security because you had thousands of untrusted users sharing a single mainframe...
using Linux doesn't equal security, but the crime families aren't after Linux because it doesn't have enough ROI (yet) and it was designed around security principals in the first place so it has an edge over not designed around security products like Windows (mac os's foundation is based around security in principal, but in practical terms Apple is only as concerned about security as any OS maker is, as long as people are buying macs it's not a problem...)
https://www.gnu.org/philosophy/free-sw.html
That's not secure! All it takes is for someone to drain the lake, smash the concrete, blow the safe, install Windows XP Gold and connect it up to the Net without a firewall or router.
That's all child's play to your garden-variety megalo-maniac.
I mean come ON, don't you take your security seriously???
for a very small investment you can get a quality 'security system' with 24 hour monitoring and 30 second police call on break in, and that's only for beginners...
for about $100 a window you can make every glass surface in your house impervious to everything except gun fire, and glass cutters and gun fire will only make a hole the size of the bullet. 99% of thieves lack glass cutters, but of course if everyone bought this product they would become standard. in the demonstration of this product, they gave the thief a nice Louisville slugger, and the window was shattered, but the thief couldn't even budge the broken pane, not even with repeated swings from the slugger (which broke on the first swing anyways, then they gave him a metal bat, and a crow bar, irrc)
not to mention hitting the window with a bat activated the security system that they installed.
they've done everything from small businesses, to home owners with priceless collections... before the ex-thief guy always gets in and almost always gets away with stuff before the cops get there (although sometimes he waits too long and gets caught by a silent alarm) after the 'upgrade' the thief never gets in, and they show him trying to think of everything from social engineering a site, to looking in the unlocked shed for tools to get in...
sometimes, the best bet is to secure your place with what an ex-criminal is unable to get past.
with organized crime running Internet crime though, it's hard to find skilled enough thieves that don't have bullets in their heads for releasing security info about what the crime families are using to get crime accomplished.
https://www.gnu.org/philosophy/free-sw.html
I'm sorry but there are so many ways to get by this if you really wanted. Remember that viruses are frequently developed programs that constantly evolve. I have seen it takes a thief (though not from start to finish since it's boring). A simple trick that I learned in high school chemistry is that hydrofluoric acid is one of the few (if not the only) acids that can dissolve glass. As for the 24 hour security monitoring, what if someone simply cuts the power, or the video feed is tampered to show a safe house? Besides, were talking the scenario of sneaking in bugs to listen in on conversations. Anyone can plant the bug on the clothes of person that lives in the house and get lucky. Or just deliver a package from some "long lost relative" that happens to contain monitoring devices. Or the next time someone calls for repairs or anything needed in the house, the crooks could simply bribe the guys into taking their places and do their work at their leisure (either stealing or bugging). The list goes on and on, which is why these companies (back to computers now) are falling so far behind.
Help fight spam
the solution to malware is simple.
set up a dual boot system, use linux to browse for porn, and use windows for playing games.
you've eliminated all the risks, and you get to use your computer for the only two things its good for: porn and gaming.
-I only code in BASIC.-
I'm no thief (or ex-thief), but for fun I might try using dry ice (or similar) to break the window or lock.
Basically if the lock/window is hard, you can probably freeze it, make it brittle and then shatter it.
If the lock/window is soft, you can cut or drill it.
Ah, but there are entire free Operating Systems which are inherently immune to viruses, due to having a quaint old-fashioned little concept called "privilege separation" designed-in. They also have applications that weren't written by self-taught tinkerers using knocked-off copies of the development software and relying on guesswork.
Je fume. Tu fumes. Nous fûmes!
That link of the dolphins is damn cool :D
This is the sig that says NI (again)
"How would one develop for what you call a properly designed OS?"
The other poster specifically mentioned how 'PC users in home environments'. For developers the Installer would have an exempt option where anycode run from a designated 'safe harbor' would be exempt. Currently, the biggest vector for malware is click and run from a URL or email attachment. Obviously a developer would be able to recognize his own code, I mean he wrote it.
davecb5620@gmail.com
The problem is the O/S design. Most, if not all, operating systems have an all or nothing approach: either you are an administrator or you are a user. This forces programs to run in the context of the user (so as that the user contexts are manipulated) or if a user program is running with administrator rights, it allows the malware to get control of the system.
A much better approach would be the one similar to Intel CPUs: a system of software protection rings, with the outermost ring being the least privileged ring and the innermost ring being the most privileged ring. Rings would communicate with special gates provided by the operating system kernel living in the most privileged ring.
Untrusted software should be run within a protection ring less privileged than of trusted software...then malware could not do any harm, because it could not touch anything else, even the user's files.
The only problem that then remains is buffer overflows/wild pointers, but this is solved by the operating system hardening a process by not allowing execution in data pages (a functionality already existing in operating systems, but being optional).
You are aware of the difference between finding a new vulnerability and using existing vulnerabilities not yet dealt with in the most recent set of patches?
For starters.
Name your proof.
(Not that I think Mac OS X is invincible. Feature creep certainly erodes the walls, too. But there is a difference, even then.)
And, I suppose, whether you surf the web as your default admin privileged user.
You are ignoring one reason why the status quo will continue. Lawful access is inevitable and it absolutely requires the existence of reliable access methods including "goodware" in all platforms - not all vulnerabilities are created accidentally. Proper handling is built on managing information flow, discovery and risks such as third-party disclosure. Perhaps you can appreciate why it needs to be so. There are certainly no serious objections to any of this, outside nerd circles.
using Linux doesn't equal security, but the crime families aren't after Linux because it doesn't have enough ROI (yet) and it was designed around security principals in the first place
It was designed around security PRINCIPLES, unless you believe the fat, useless administrators of schools are going to secure your computer. Learn to use proper grammar you fuckwit, especially since English is your first language. If you know how to use grammar, then learn to fucking proofread you douche.
Dude, I don't know what kind of lock you think you have on your front door, but locks only make it more difficult to break into your house. They won't stop a determined person. The "security vulnerability" in your home is your need to have glass windows that I can throw my malware-rock through. We *can* design houses that are less vulnerable to attack (a solid, concrete exoshell would work), but we don't want to feel like prisoners in our own homes, so we take risks with our designs. Same thing with our computers. That being said, I don't run AV software on my home XP box. Never have. And to my knowledge, I've never been infected with anything. Probably because I don't run silly email attachments or try to install "smiley packs".
"And then you get into platform vendors charging for access to the safe harbor"
I'm sorry but the safe harbor I refered to resides on the PC and the owner gets to decide who has access.
davecb5620@gmail.com
for a slightly more expensive system, you can get a UPS powered security center with a cellphone like device that can only call the security company and 911, the security center the second that power cuts off, and the police when one of the sensors indicate a thief cut the power trying to break into the house.
then i suppose you'll talk of cellphone jamming etc, really, are thieves going to bring a $50 bottle of acid to eat through glass? for a house they don't even know if it has $50,000 dollars worth of fencable goods or not? the reason they don't use glass cutters is because most security systems like the homeowner to put big stickers warning thieves to find easier prey.
when the guy down the street didn't put any security in, the person with the big stickers becomes a lot less appealing, especially when both homes have the same model Lexus in the driveway.
computers aren't being hijacked by thieves just to do a little bit of key-logging, they're being used to do just about everything needed to make electronic crime profitable... key-logging is a very hit or miss opportunity, most people don't even do on-line banking, and there is a glut of stolen credit cards on the black market as it is...
spam relays, botnets, rootkits keeping systems 'ready' to go live with a botnet every time a security pro takes an infected machine off their botnet... the lists go on and on, if you have stealth rootkits on 14 million computers, but only need 1 million in your botnet, would you install the botnet software on all 14 million machines? or only on 1.5 million machines? botnet programs because of heavy Internet traffic are easy to track and pin down... systems that have been tainted with a polymorphic rootkit that are ready 'to go live as need requires' are far more common, and since the rootkit does almost nothing detectable it's virtually impossible for the 'infected' to realize they're infected, and making more computers 'infected' every time they mail a CD or DVD to friend. it's virtually impossible to detect a stealth rootkit in a burned CD or DVD, it exploits an age old bug in auto-play/auto-run, and can infect any windows PC with a stealth rootkit, with none the wiser. well I caught it, because the 06 model had horrible bugs with XP, that were 'end user noticeable' no doubt the 08 version has fixed those bugs... but due to it's polymorphic nature, the rootkit was only detected by google's g-mail as far as i could 'test' free testing programs...
https://www.gnu.org/philosophy/free-sw.html
You're sort of tarring with too wide a brush there.
There used to be a number of viruses for Macs, during the 680x0 processor era. I know this because the Mac emulator I did also got hit by the same viruses, as well the 68000 and 030 Apple Mac machines I had.
What is somewhat amusing is a Mac emulator competitor over in Germany ("Aladin") wrote a virus that was designed to break programs if they were run on my emulator, but not on theirs. Because I made a mistake in how I handled one exception, the virus didn't trigger. Heh!
For example, Robert Woodhead, who co-wrote "Wizardry", wrote one of the anti-virus programs for that era Mac.
Nowadays things are quite different, with rather old 680x0 Macs, PPC Macs, and Intel Macs, and such running operating systems that have some significant differences at the lowest levels. For example, there was no hardware memory protection between processes for years in the older Macs. I'll bet OSX has it.
I think you will find in general in the PC market that while there are some sophisticated viruses around, that a great deal of them are written by "bored Bulgarians on the dole who don't have anything else to do", quoting an old pal. Taking someone else's virus, filing off their handle, and hex-editing in a new handle is big excitement in those circles. You tend to see the same stupid code "written" by fifty people.
Lot of those people are low to medium-talents. I can distinctly recall a magazine interview with a "major virus writer" talking about his use of Visual Basic. Umm, yeah, let's link in those libraries...
Most of the very talented people I know would not write a virus simply because they have a hands-on good idea of the horror it causes, just as a doctor would not willingly make a city full of patients sicken by tampering with a vaccine. Lot of people on Slashdot have had to deal with the aftereffects of viruses.
The reason this Cisco guy John Stewart is such a horses's butt (in my opinion) are several fold:
(1) Who is Cisco to be talking? I have seen the "what to do" manual in case of problems for Cisco routers. It was about 2.5 inches thick. One bug per page. In almost all cases the cure was "power off, reboot the router". Most of the bugs appeared to be bad pointer problems (out of RAM). Hire some Bulgarians, John.
(2) Nice for John to be talking when his company's routers are the way that viruses get transmitted across the Internet. Even a pathetic level of scanning could pick some off. Well, with the programming skill shown in (1), it may not be possible for Cisco.
(3) Nice for John to be yapping when his routers are how spam gets flooded through the net like an elephant with diarrhea. Again, a luzer level of scanning could help with it. Where is John? Oh, he's at a conference, in Australia. Drink some Fosters and start making sense, John.
(4) Good of John to be right at the wheel while the Chinese sold fake routers to the US Military, and there is only one reason the Chinese would do that, and it's military.
In my opinion the entire "Security" division should have been fired, immediately, for that one.
The main thing that is stupid about John's comments, though, is that he's saying that levees, sandbags and pumps are useless when floods hit -- but often, and especially if they're applied intelligently -- they are really quite useful.
Thanks,
Dave Small
"Does the owner of a video game console get to decide who has access, without questionably legal third-party products that crack the console's security?"
What ever, I'm not a lawyer and this is gettign slightly off topic. The original subject was how to protect computers from malware. It's a technical problem that could be solved by technical people. I mean does being legally 'compliant' actually make the machine any safer. Lets make thew machines safer and get all lawyered up later.
"The first thing we do,is "kill all the lawyers."
davecb5620@gmail.com
This story relates more to IT professionals rather than grandma (unless your grandma is an IT professional).