New Massive Botnet Building On Windows Hole

CWmike writes "The worm exploiting a critical Windows bug that Microsoft patched with an emergency fix in late October is now being used to build a fast-growing botnet, said Ivan Macalintal, a senior research engineer with Trend Micro. Dubbed 'Downad.a' by Trend (and 'Conficker.a' by Microsoft and 'Downadup' by Symantec), the worm is a key component in a massive new botnet that a new criminal element, not associated with McColo, is creating. 'We think 500,000 is a ballpark figure,' said Macalintal when asked the size of the new botnet. 'That's not as large as some, such as [the] Kraken [botnet], or Storm earlier, but it's... starting to grow.'"

Idiots

[IceDiver]

Don't people use auto-update?

Re:Idiots

No.

Re:Idiots

[moniker127]

Auto-update is really annoying, especially if you don't have a very good connection. Its one of the first things I disable when I do a fresh install of XP.

Re:Idiots

[Iced_Eagle]

Don't bring any logic into this!

Re:Idiots

[Henry+V+.009]

Here, let me turn it back on for you. There. Don't bother thanking me, I've already debited your bank account for my time.

Re:Idiots

[Brain+Damaged+Bogan]

I would imagine that most pirated copies of windows wouldn't use auto update, you don't want your pirated OS contacting the developer whenever it feels like.

Re:Idiots

wait, wait, but then you do complain when a patch does not get installed and your system is compromized and it's all MSFT's fault... right, right? Am I right?
What did I win?

Re:Idiots

[six025]

Auto-update works if you have a legitimate copy of Windows, and there are plenty of people using pirated copies of Windows which do not qualify for the "genuine advantage" required by Windows Update.

Even if MS managed to patch every security hole in Windows, there would still be a massive gaping hole left by the people who can't use auto-update and who are not inclined, or simply lack the technical ability, to seek out and install the required patches via a manual download.

This leads one to wonder about the wisdom of blocking illegitimate licenses from obtaining security updates via the auto-update service, as the end result of the decision is that everyone suffers to some degree e.g. increased spam levels.

Peace,
Andy.

Re:Idiots

[The+Bungi]

No, and that's obviously Microsoft's fault.

Remember Blaster, which had a full 40 days or something like that before the exploit was seen in the wild. 10 days is obviously not enough lead time. I personally think we should all be given at least 6 months warning for each vulnerability. Then the attack success rate would plummet to 20% from the 70% it seems to be at these days.

One year would be even better. 365 glorious days to decide whether or not to patch! That would be great.

Re:Idiots

What about all the users that never, you know, bought the software? Or those who installed Windows Genuine Advantage and now have a black background and MS watermark?

Nooo, you must be an idiot if auto update, windows firewall or #insert service name here# isn't started at boot. Only possible explanation.

Re:Idiots

[imemyself]

I believe that MS actually does provide security updates for systems that do not pass WGA.

Re:Idiots

What did I win?

A shilling. Same as always.

Re:Idiots

[cdrguru]

Enabling auto-update implies the user trusts Microsoft to (a) update Windows properly and (b) not steal their bank account and credit card information with each update.

I would say most Windows users do not believe in (a). Some think they know better what updates to install than Microsoft suggests.

A significant number of users do not believe in (b). They have heard so much trash talk about Microsoft that they believe it is a criminal enterprise being operated by the Mafia.

I would say there is no hope for anything good coming from this set of beliefs.

Re:Idiots

[LtGordon]

I own a legit copy of XP Pro and it bothers me how frequently MSFT releases that Genuine Advantage garbage. If only they put that kind of enthusiasm into the rest of their products.

Re:Idiots

[mika_au]

I disable Windows when I do an install of Linux.

Re:Idiots

[ThePengwin]

A Rational Thinking award!

Sorry but these days they seem to be worthless

Re:Idiots

[LtGordon]

Systems that do not pass WGA are only allowed access to "critical" updates.

Re:Idiots

[jaxtherat]

Auto-update is really annoying, especially if you don't have a very good connection. Its one of the first things I disable when I do a fresh install of XP.

Not sure why this was modded funny, as this seems to be far and away the predominant mentality of windows users...

Re:Idiots

[The+Bungi]

Which this particular patch qualifies as.

Re:Idiots

security=critical

Re:Idiots

[0123456]

"Some think they know better what updates to install than Microsoft suggests."

When updates stop breaking other software, and Microsoft stop bundling DRM as 'critical updates', then I suspect people will start trusting Microsoft to tell them what updates to install.

Personally I like to see what Microsoft are doing to my computer before I install it.

Re:Idiots

[nabsltd]

Auto-update works if you have a legitimate copy of Windows, and there are plenty of people using pirated copies of Windows which do not qualify for the "genuine advantage" required by Windows Update.

If someone is already using a pirated copy of Windows as their desktop OS, then they probably wouldn't have a problem running a pirated copy of Windows 2003, either.

In which case, they can then download Windows Server Update Services which doesn't require WGA to download. After installing WSUS on Win2K3, they can configure it to only download updates matching the pirated MS software they have, and then individually approve or reject updates. They would then configure all the systems to retrieve the approved updates from the WSUS server.

By doing this, every update is available, and WGA is never installed on any of the systems.

Re:Idiots

[osu-neko]

Enabling auto-update implies the user trusts Microsoft to (a) update Windows properly and (b) not steal their bank account and credit card information with each update.

Actually, installing Microsoft Windows and then connecting to the Internet implies you don't believe Microsoft will steal your bank account and credit card information. If they then further believe Microsoft will steal their data if they use Windows Update, no further analysis of their beliefs can yield useful information about what actions they may or may not engage in -- they have at that point proven to be completely irrational. Given this, any actions are possible, and you can try to rationalize their actions any way you like by picking and choosing from their contradictory beliefs, but it's ultimately pointless, since to do so assumes a level of rationality that is clearly not present.

Re:Idiots

[Xabraxas]

You're just an idiot then. You don't need to click on FREEREGISTRYSCANNER or anything like that to get infected. In fact you can click on a link that you click everyday and get infected. The best you can do is stay up-to-date and pray for no 0 day exploits.

Re:Idiots

[ushering05401]

Niche markets have problems getting specialty software updated in a timely manner.

A client in the Veterinary field is still unable to update to XP SP3 because their medical office management software provider told me their product absolutely could not run on SP3.

I thought that the provider was thinking I was trying to upgrade to Vista, but no, SP3 apparently kills their server product.

Re:Idiots

I hope you're being sarcastic or humorous because Auto-update is really very much the same as Apple Software Update (I have a mac, I know). I really don't get how people bag out Windows features like auto-update and user account protection (which IMHO is *less* annoying than it is on Linux/Macs as they ask for a password) when Linux and Mac OS have equivalent features. Macs do rule I agree, but I quite like many features of Windows NT based operating systems.

Re:Idiots

[master811]

That's not true, systems will still get access to the "recommended" updates as well if Auto-Update is set. I don't understand it myself as the same updates can't be accessed without validating, but they appear fine if you have it set to automatic (and don't use the windows update website).

Re:Idiots

[Hal_Porter]

I don't know why people complain about Genuine Advantage. If you buy the software it is unlocked. If you pirate it it will still work, even though it knows it is pirated, but it won't work 100%. I.e. pirate copies are partially locked.

Genuine Advantage would be better if they had a sense of humour about it. Like instead of black screening pirate copies they could shrink the desktop slowly surrounded it by a dirty border and have photorealistic DirectX 10 cockroaches in the border. When you unlocked the workstation they'd scatter, but you still see the odd leg or antenna poking out from the edge of the monitor. Every so often one would run across the screen when you were hard at work. Hell, maybe you'd let people crush them with the mouse pointer but it would leave a nasty yellow blob on the screen. The longer you held out against buying a license, the more bold the roaches would become, and the more hit points they would have.

Essentially Microsoft discovered a way to make people RAGE! by accident with Clippy. They should put that knowledge to use annoying pirates and making everyone else laugh at them. Most people have a fear of being mocked for being cheap, they should put that fear to use.

Re:Idiots

Of course you can, theoretically, get infected doing nothing at all... and yet, somehow, when I use Windows, it runs fine, for years at a time. Why do you think that is?

Re:Idiots

[Architect_sasyr]

Whilst I happen to be highly entertained by your idea about GA I should like to recount a little story:

Fully registered and licensed domain of XP machines (~60 or so). Update Windows Genuine Advantage. 58 of them claim to be pirated and cease to work at any level that can be considered acceptable for a corporation.

Stories like that are why people complain about GA.

Re:Idiots

[Hal_Porter]

I had a laptop with pirated XP on it which didn't pass Genuine Advantage. It worked fine for years, there were hacks to install Service Packs. Microsoft even documented how to change the license key from the leaked Corporate one to another. I actually had a spare OEM copy of XP but I used a keygen just to see if I could keep it working and see how Microsoft supported it.

The keygenned key let me install service packs but it stopped passing Genuine Advantage. There were cracks for that, but I never needed to use them. Apart from not being allowed to download stuff that needed GA from the Microsoft site I never really had an issue with it. And if you really have genuine copies, why not call Microsoft and get them to activate them for you, which they will certainly do if you have proof of purchase? Or read up on the latest cracks?

Whining about it on slashdot is just karma whoring.

Re:Idiots

[dissy]

I dont get viruses because I'm not a wintard who opens any FREEREGISTRYSCANNER add they see.
I've been running windows xp without firewalls/AV for like four years now. Every 6 months or so I scan for viruses, rootkits, trojans, and adware, and i've yet to come up with anything.

Well of course if you have a rootkit, scanning for rootkits will show clean. Thats how they work.

A rootkit modifies the kernel so that it intercepts all API calls, including the read() functions your scanner is using, and the rootkit feeds back false info such as directory listings omitting the rootkits files, and if one tries to open one of its files by name, the open() call now controlled by the rootkit returns a no such file error.

You no doubt have a home router that does a form of NAT, which acts as a firewall for all intents and purposes for incoming connections, so your statement about not running a firewall is false.
At least I hope so, else you have been rooted 10 minutes after connecting your computer to the internet. Sadly, your description fits the profile of someone who is infected and doesn't even know it because it has been that way since day one it went online.

Re:Idiots

[corsec67]

You no doubt have a home router that does a form of NAT, which acts as a firewall for all intents and purposes for incoming connections, so your statement about not running a firewall is false.

Yeah, he would have to patch everything within 4 minutes to not have an infection.

Re:Idiots

[Lershac]

Nope,

I run XP in parallels on a mac. Same way. After I installed and configured my machine, I backed up the image, and said "lets see how long this takes" and one year later, its still going strong.
    No Spybot, No antivirus, and I surf and do lots of stuff on that Vmachine.

Re:Idiots

[Lershac]

lets see, coz in Vista I get asked aLOT for UAC approval. On Macs, much much less.

all overusing the approval feature does is condition the user to clicking "go right ahead and ram that big cylindrical object up my arse."

Re:Idiots

[spongman]

not at all: - install XP with network unplugged - turn on firewall - plug in network

Re:Idiots

[moniker127]

I think i'm just not as paranoid about security as some. This is not what my day revolves around, because it simply has not affected me, and I doubt it will any time soon.

Re:Idiots

[moniker127]

Wear a tin foil hat much?

Re:Idiots

[silarulz]

Or Just move to Linux, BSD, OSX...

Re:Idiots

[LackThereof]

On machines that fail WGA, Auto-update functions fine; manually updating from the Microsoft website is disabled.

However, XP's autoupdate is not particularly reliable with service packs. It's more likely to sit in the tray saying "click here to install SP2" than actually install itself, even if the machine is set to "Automatically download and install updates". And users always ignore tray warnings; it's just another bubble between Weatherbug and VirusProtectPro.

Re:Idiots

[aweraw]

Keep in mind that the object in question is only cylindrical in the best case scenario. The truth is not suitable to air in this time slot (kids might be watching). Let's just say that corners are uncomfortable.

Re:Idiots

[mixmatch]

Why should corporate customers have to call up Microsoft every time they fuck up Genuine Advantage? Activation/IP protection schemes are hugely hated for the very reason that they don't bother the pirates but they do hassle the paying customers. Its great that you have time to play around on your pirated laptop copy, but come back when you have a bottom line to worry about.

Re:Idiots

this one is not 0 day

Re:Idiots

[Hal_Porter]

Hmm,

http://www.annoyances.org/exec/show/article03-200

Are there any users who won't have to activate their copies of Windows XP?
Yes:
1. If you purchase a new computer with Windows XP pre-installed, it will most likely come pre-activated. The only problem then is if you attempt a major upgrade.
2. The version of Windows XP Professional sold with a large corporate site-license doesn't contain the activation code. If you're using that version, you'll never have to activate it.

I.e. corporate users don't need to activate, neither do people that buy machines with XP preinstalled. The only people who need to activate are people that install it themselves.

Re:Idiots

[Yvanhoe]

Plus it is a fact : people with dialup still exist. They are not behind a firewall, they have enough bandwidth to get infections but not enough to get patches. Is there a way to keep a computer secure with Windows without access to someone who can burn updates for you ?

Re:Idiots

Because it's not connected to the Internet?

Re:Idiots

Auto-update is really annoying, especially if you don't have a very good connection. Its one of the first things I disable when I do a fresh install of XP.

It's a Microsoft service, of course it's annoying. Next thing you know you'll be telling us that the sky is blue.

Re:Idiots

[MrMr]

It's funny because it's true?

Re:Idiots

i.e. corporate users don't need to activate, neither do people that buy machines with XP preinstalled. The only people who need to activate are people that install it themselves.

You're talking about activation while everyone else is talking about WGA. They are not the same.

Re:Idiots

[hvm2hvm]

I'm not sure how parallels gives the virtual machine an internet connection but if it NATs the external connection of the mac then you are protected against those attacks that don't require the user to click on stuff in a browser. If you have a machine connected directly to the internet and no firewall, antivirus, updates, etc you could theoretically get infected by someone exploiting a bug in the services XP provides by default.

Re:Idiots

[Hal_Porter]

I dunno, my experience of it is that WGA works if Windows is activated. I have had one known pirated machine that WGA fails on and a bunch of genuine ones that it succeeds.

Re:Idiots

[HungryHobo]

"large corporate site-license "
not
  "Small corporate site-license "

You can have a small to medium buisness and still get fucked.

Re:Idiots

[mowall]

not at all: - install XP with network unplugged - turn on firewall - plug in network

XP didn't come with a firewall. You had to upgrade to SP2 (IIRC) to get the Windows firewall. Granted, if you bought XP after SP2 was released you'd have the firewall, otherwise you can potentially get infected very quickly... way before you get the chance to download SP2 and enable the firewall.

Re:Idiots

[smoker2]

It is the best mentality to have. I always change the settings to notify and nothing else. I choose what goes on my pc not microsoft. I have never downloaded the Malicious Software tool. I have never downloaded the WGA shit. Then again my XP pc has never been infected with anything either, so my actions aren't crazy.

If you are willing to dance to microsofts tune then carry on. Doesn't make you clever in any way. Or maybe you misunderstood the "auto" part of auto update.

Re:Idiots

[worthawholebean]

Well of course if you have a rootkit, scanning for rootkits will show clean. Thats how they work.

A rootkit modifies the kernel so that it intercepts all API calls, including the read() functions your scanner is using, and the rootkit feeds back false info such as directory listings omitting the rootkits files, and if one tries to open one of its files by name, the open() call now controlled by the rootkit returns a no such file error.

Rootkits can be scanned for. See Rootkit Revealer. If you don't trust the kernel to accurately report the contents of the HD, just don't use it.

Re:Idiots

[inasity_rules]

Try Jettico personal firewall - it has caught all of viruses trying to get on my laptop. After a year using jettico under Win2000(with no virus scanner or updates), I pulled the hard disk out and did a virus check on another machine using an up to date copy of AVG. No viruses. That laptop had been in so many public infested networks and on the net for ages.

The downside is it is extremely anoying - it asks you about everything at least once, and you have to make intelligent decisions.

Re:Idiots

You can't detect the vast majority of Windows malware - the stuff we're writing is ignored by all the clueless "virus scanner" and "anti-malware" nonsense. Even McAfee have a compromised Windoze server!

Re:Idiots

[Surreal+Puppet]

Note however that it's possible to detect contemporary rootkits in situ on a live system, even if any process that runs in ring0 obviously has the upper hand in a pure theoretical sense. One technique for this is to compare data returned from API calls with raw reads of the data (this is the technique used by "RootkitRevealer".)

Re:Idiots

[aliquis]

If I used Windows I would never have it turned on due to those retarded nag windows showing up and stealing focus the whole fucking time in XP until you accidently happen to be pressing enter since you was writing when one pops up.

I hate them, how the fuck can they used such a retarded system? Why nag at all? Just tell me that the updates has been downloaded and eventually have a small reboot-button show up in the same ballon tip in the systray in case I really want to reboot now but in all other occasions do the updates when I turn the machine off the next time.

Re:Idiots

[aliquis]

Find out if your credit card number has been stolen on the Internet!
CC # __________________ Expiration date __/__

Re:Idiots

[aliquis]

I see that you have already been (correctly) moderated as troll.

But anyway, for your information those systems isn't without exploitable bugs either. I would assume that OS X is especially risky since it might have a more standard collection of software and Apple bundles a bunch of security upgrades at the same time instead of sending them out as soon as there is an issue.

I won't say that I'd rather trust Microsoft getting updates out in time than Apple because then I to will be moderated troll but well, let's just say neither of them are perfect.

Regarding BSD and Linux it will to a big extent depend on what software you have installed.

Re:Idiots

[aliquis]

So, what are the rootkit scanners for? Or are there only rootkit guards?

And I'm serious with this question, I'm not stating anything.

Re:Idiots

[aliquis]

How do you manage to find an image without SP2?!! :D
http://thepiratebay.org/search/xp%20sp2%20integrated/0/99/300

Anyway, I guess there are both good and bad things with XP including a firewall now. It's good that it protects somewhat after installation, it's bad because many people probably keep that inferior firewall instead of replacing it with something decent.

For instance:
http://www.personalfirewall.comodo.com/download_firewall.html (Bundled with antivirus, bad choice imho, for the user that is, nothing say that you want all of their products. Stupid apple technique (Oh, I see you want iTunes, here you get Quicktime and Safari to!)

Re:Idiots

[macshome]

Hmmmm... I can't get that form to work.

Should I just e-mail you my info so you can check it for me?

Re:Idiots

[aliquis]

Except in OS X it downloads the updates and tell you that they are updated, inform you if any of them will require a reboot and let you check the ones not requiring it, all of them and reboot, or not care at all and it won't bother you until next week or something such. (Of if you decide to do it manually)

In XP however it will tell you that they are downloaded and ask you if you want to reboot to install them EVERY FIFTH MINUTE. Even if you tell the OS you don't give a shit and don't want to reboot.

I don't like that OS X installers requiring a reboot remains running until you press reboot in them however. I'd rather just choose "I don't want to reboot now" and have them do their thing the next time I choose to reboot.

Re:Idiots

[INT_QRK]

One of the things that drove our household completely away from Windows is that as three of my daughters one-by-one traipsed through their college years, every few months (sometimes weeks or days) I'd have to fix their oft' gunked, crippled, or pwnd computers. The first and most common problem I'd have to confront would be the tons of adware slowing their system to a crawl, which at some point killed or subverted the antivirus software (evidently the preferred collegiate attack vector). Then, about the second really bad incident, one usually involving the appearance of a mysterious new admin account with theirs eerily downgraded. My epiphany at some point was that the registry is actually a giant Petri dish for malware spores. Anyway, once so totally pwnd, the only sure-fire cure would be to reload Windows from their OEM disks. About the second or third time this occurred, MS would reject the **always legal** reinstall as not "genuine." As my last raw nerve snapped at the insanity of it all, my solution would ultimately be to slick their drives and install Linux. This would carry them safely through their Junior and Senior years. However, when it came time to for them replace their computers following graduation, they all ended up buying Macs. Problem solved either way.

Re:Idiots

[aliquis]

Nah just write it here.
Please fill in your last three numbers on the backside of the card to in case you mess some of the other numbers up.

Re:Idiots

[wisty]

Was this the same XP that would brick laptops by downing a firmware update while the mains was unplugged, forcing a reboot when the power was about to fail, which tried to update the firmware with 0.5% battery? Or was that Vista? I don't remember - I have a Mac. Not that I'm smug about it.

Re:Idiots

Goatse ?

Re:Idiots

[Bigbutt]

Actually I have auto-update running on my XP Home and XP Pro systems at home.

When SP3 installed on my wife's XP Home system, wireless failed and she couldn't connect to the internet. I had to back it out and turn off auto-updates.

When SP3 installed on my desktop's XP Home system, wireless failed and I couldn't connect to the internet. I left it installed and just plugged a network cable into the box.

When XP Pro is updated on my new system (I bought XP Pro SP3 with my new home built gaming rig), it occasionally loses the primary monitor. Originally I'd have to blindly change the primary to either the left or right monitor but I discovered that if I leave the monitor off during boot, Windows doesn't see it at all and changes the primary to the left monitor.

But last night I updated the firmware on a Sun T2000 server and it marked 8 gigs of the 16 gigs of RAM as bad and now it won't boot to DVD.

My wife's Toshiba bit the dust so she bought a Dell with Vista and is doing ok with it.

I rebuilt my old XP Home box as a media server. I have to unplug and plug in the USB mouse as it doesn't recognize it on boot and I have to Repair the wireless connectivity (Netgear USB) every time but it is using SP3 and wireless works now.

So it all sucks. Sometimes it sucks badly but it all sucks.

[John]

Re:Idiots

I have a Mac. Not that I'm smug about it.

Is that the same Mac that corrupts the system if you accidentally hit Cmd+Q while it's running updates?

Re:Idiots

You're just an idiot then. You don't need to click on FREEREGISTRYSCANNER or anything like that to get infected. In fact you can click on a link that you click everyday and get infected. The best you can do is stay up-to-date and pray for no 0 day exploits.

Try not running as a non-Administrator account.

(Unfortunately a lot of application require Admin privileges, but that's the app's fault, not the OSes.)

Re:Idiots

[socsoc]

You can turn off the reboot nag... http://4sysops.com/archives/disable-restart-after-windows-automatic-updates/

Re:Idiots

[The+MAZZTer]

Rootkits are not undetectable. Though in theory they can be, in practice fully scrubbing the files from all file request APIs can be difficult. Most scanners will use the high-level APIs (which are most likely to be manipulated by rootkits) as well as a low-level API (such as undocumented kernel functions or even direct hard drive access) which is far more difficult for the rootkit to manipulate... then they compare the results of the two scans. Any discrepancies are reported to the user as possible rootkits. MS hides some system-critical files from normal viewing, even if you choose to show system and hidden files, such as the master file table:

C:\>dir $*
Volume in drive C is Windows XP
Volume Serial Number is DEAD-BEEF

Directory of C:\

File Not Found

C:\>type nonexistantfile
The system cannot find the file specified.

C:\>type $MFT
Access is denied.

(Yes that is my real volume serial number. No it wasn't like that when I got it, I changed it.)

These files are small in number and so hard-coded into most rootkit scanners to ignore. Other legit reasons for discrepancies can be attributed to files being created or deleted between the two scans. Anything that's left can be Googled or otherwise analyzed to determine if it is a rootkit.

Of course an even easier way to find rootkits is to boot from a known rootkit-free environment (BartPE, Linux LiveCD) and run a scan on the suspected rootkit-infected volume.

Re:Idiots

[Xabraxas]

I think i'm just not as paranoid about security as some. This is not what my day revolves around, because it simply has not affected me, and I doubt it will any time soon.

It's attitudes like that that make the botnet world go 'round.

Re:Idiots

[Foolomon]

Rootkit scanners typically do comparisons between what Windows says is in the file scanners and the physical contents of the MFT. Similar comparisons are done with the registry and some other components.

So to say that scanning for rootkits is pointless is simply ignorance of the current technologies available. And here I was thinking that SysInternals was known by everyone...

Re:Idiots

[mpeskett]

So the question is, what would the minimum be for a person with some sense?

To be specific, if my router has a built in NAT firewall and I have the brains to not open dodgy email attachments et al, will it matter if I let the updates sit for a while without rebooting or don't have an AV running?

Re:Idiots

[mpeskett]

Step 1: Download a decent firewall/antivirus/any other security software you like from another PC.

Step 2: Install XP without the network connected, install previously mentioned software from a USB key

Step 3: Plug in the cable.

(Step 4: ???, Step 5: Profit)

Then your risk should be fairly minimal while you download and install all the updates. If you felt like being even cleverer then Step 1 would be to copy the updates from another XP PC to a USB key, but it's somewhat easier to let the update website handle that.

Re:Idiots

[aliquis]

Stupid question eventually but will it also remove them if you choose to manually download them thru automatic update? =P

Seems kind of obvious that it will but who knows with Microsoft.

I think I tried following some guides for registry fixes for it but it never worked afair, and in any case you couldn't set it to infinite, and that tips above isn't something average joe will find in the settings of windows update anyway.

Re:Idiots

[HTH+NE1]

Don't people use auto-update?

Auto-update doesn't work so well when months to years pass without the machine being turned on.

I don't even know if SP3 is installed on my gaming XP PC. I do know it wasn't on my Mac Pro under Boot Camp.

I just want to burn the updates I need to a DVD-R and update it off-line. All their security in Windows Update and Genuine Advantage verifications suggests they don't want that to be possible.

Re:Idiots

[Erikderzweite]

How intuitive...
Clearly WinXP is the newbie-friendliest of all OSes. Thanks for reminding us all 'bout it. *ducks*

Re:Idiots

[default+luser]

XP didn't come with a firewall. You had to upgrade to SP2 (IIRC) to get the Windows firewall. Granted, if you bought XP after SP2 was released you'd have the firewall, otherwise you can potentially get infected very quickly... way before you get the chance to download SP2 and enable the firewall.

Not quite true. Windows XP came with a firewall. It was not enabled by default until Service Pack 2, and the settings were buried. Service Pack 2 changed the firewall configuration system, and had the system bug you about various security settings, including antivirus and firewall.

Yeah, the firewall that came with XP sucked, but it was there.

Re:Idiots

[hvm2hvm]

No, I don't have an Antivirus, firewall or any updates done and I don't have any problems, my current install is still OK (I had a virus or two but those were my fault :D).

Re:Idiots

[bob.appleyard]

And how do you know that it isn't part of a botnet?

Re:Idiots

[Endo13]

I've been running windows 2000 or windows XP for about 7 years now, without an antivirus and without auto-updates turned on.. and I have never had any of my computers infected in any way, shape or form. Well, that is with the exception of the test system I had sandboxed and intentionally infected. In those 7 years, my computers have been connected to a high-speed internet connection at least 30% of the time.

All it really takes is 2 key components:

1. Always be behind a NAT.
2. Be smart about your internet usage.

One of the more sobering things I've seen recently though shed some light on why so many people are getting infected with Antivirus 2009, XP Antivirus 2009, etc. I found a list of "really good black friday deals" on Yahoo, and one of them happened to be an HP laptop. Well, the list was very sparse on details about said laptop, and the page for it on the actual reseller (Office Depot) was broken. So I did what any modern internet user would do: I googled the model number of the laptop. Problem was, the first search result on google led to an Antivirus 2009 page, and gave me one of those lovely false panic popups telling me I was infected, and gave me the option to "scan" or "cancel". I did neither, opting instead to create my own third option and killing the popup entirely.

Re:Idiots

I dont get viruses because I'm not a wintard who opens any FREEREGISTRYSCANNER add they see. I've been running windows xp without firewalls/AV for like four years now. Every 6 months or so I scan for viruses, rootkits, trojans, and adware, and i've yet to come up with anything.

Pride goeth before a fall. I had the same attitude with my previous windows installation. I never click on stupid ads, don't dabble in warez or other suspect corners of the net. I used firefox for web browsing. I get all of my windows updates downloaded automatically. I should be safe, right? Nope. I still got infected with a virus so nasty that the only solution was a re-formatting.

My downfall was always running as administrator, and using FAT32 in Windows XP. Now I run Vista, NTFS, and never as administrator. The shame of it is, Vista is orders of magnitude more secure than windows XP, but after the disasterous launch, few are buying it. Take this vulnerability for example. The windows services vulnerability still exists, but isn't critical because the process requires authentication in Vista (i.e. log on name and password). In other words, saying Vista is vulnerable to this exploit is like saying sshd is a Linux security hole. It makes me wish Vista were more of a sales success.

Re:Idiots

[hesaigo999ca]

Unless its pirated, then you get what you pay for....hence all those who DON'T want to update ...hell even my web machine I dont bother with any AV or slow apps on it, as I ghost it
and reinstall it every 10 days or so (in under 15 minutes) garanteeing me that I have a good computer most of the time,and when I dont , i will again very soon. (That one is not for banking!only torrent + etc.)

Re:Idiots

[Stewie241]

Ooooh... and you didn't select to install Quicktime and iTunes before installing the updates... let me ask after the updates: Do you want to install the new software? Of course you do, right?

Re:Idiots

[Arterion]

Or they could just run Windows 2003 as their desktop OS, bypassing the problem entirely.

Re:Idiots

[nabsltd]

Without WSUS, Windows Update will install WGA on Windows 2003 machines as well.

Re:Idiots

[aliquis]

Maybe time for a new advertisement slogan:

Apple Software - Free of nag screens*

* On macs**
** Nag screens only included to make the software more familiar on Windows systems.

Back in the days Quicktime made sense, pre flash videos and such, but today? VLC/mplayer or k-lite codec pack or similar with Opera makes much more sense =P

Re:Idiots

[Bynds]

Auto-update is really annoying, especially if you don't have a very good connection. Its one of the first things I disable when I do a fresh install of XP.

Well thanks for the spam. I really needed another shop to buy my cheap Mexican pharmaceuticals...

Re:Idiots

[svank]

Without any actual knowledge in the area, I would think they try various clever tactics in an attempt to find something revealing that the rootkit writer overlooked.

Re:Idiots

[Xabraxas]

Unless its pirated, then you get what you pay for....hence all those who DON'T want to update ...hell even my web machine I dont bother with any AV or slow apps on it, as I ghost it and reinstall it every 10 days or so (in under 15 minutes) garanteeing me that I have a good computer most of the time,and when I dont , i will again very soon. (That one is not for banking!only torrent + etc.)

I know someone who has a similar routine, rebuilding their box every 30 days. Just the fact that anyone even considers that an option means that something is seriously broken with Windows. The last computer I had only ever ran Linux and I never rebuilt it in the three years that I owned it. My current machine is almost two years old now and has never been rebuilt.

Re:Idiots

[Z34107]

A rootkit modifies the kernel so that it intercepts all API calls, including the read() functions your scanner is using

Very true. SysInternals' "Rootkit Revealer" can defeat these to a certain extent. It installs itself as an interactive service (meaning kernel mode, like most rootkits, drivers, etc.). It then compares the results of API calls - like read() - with raw data on the disk, or the contents of the active processes list with the actual data structures maintained by the kernel.

It can generally see what's actually "there" because it's running at the same privileges as the rootkit - barring some kind of hypervisor trick. If regular API calls don't match with what's actually there, you have a rootkit.

Re:Idiots

I know someone who has a similar routine, rebuilding their box every 30 days. Just the fact that anyone even considers that an option means that something is seriously broken with Windows

and its users.

Re:Idiots

[mpeskett]

Never said it was newbie friendly... newbies will find almost anything hard on almost any system, especially around the area of installation.

Hell, I'd give my dad (not a total luddite, but behind the times) better odds at managing to install a recent linux release than XP.

Re:How is first ppost formed?

Weak. In the good ol' days, a first post troll would have picked up on the words massive and hole and made a Goatse joke. You are a disgrace to the once proud troll race.

Go vigilante

It's time MS write botnets to exploit their own holes as means for patching said hole. Who gives a shit about the ethics of it, we are losing.

ISPs need to be more vigilant as well. Cut off subscribers ASAP when they're machine begins sending botnet traffic.

Re:Go vigilante

[alohatiger]

ISP action is definitely appropriate. If they can tell who is using torrent software, they should be able to tell who is sending spam and which machines are part of a botnet.

Filtering/quarantine at this level is like shooting down a scud missile on the way up instead of on the way down.

Re:Go vigilante

[Surreal+Puppet]

Take a look at Schneier's arguments against this: http://www.schneier.com/blog/archives/2008/02/benevolent_worm_1.html. One additional point is that stack/heap overflows and other memory-corrupting vulnerabilities often can't be made to be 100% reliable, and can be difficult to code for different service packs and such. This can be, and is, coded around as a matter of course, but a bug in the exploitation process can have disastrous and unpredictable results (in this case, interruption of a large swath of critical internal office file sharing networks.) This doesn't matter to the criminals, but it presumably matters to any prospective "grey hat" worm authors.

Re:Go vigilante

[techno-vampire]

Personally, I'd rather see Microsoft put the effort into writing a version of Windows that doesn't have all those vulnerabilities in the first place. Of course, that would mean throwing out an awful lot of old code and that goes against their corporate culture, so I'm not holding my breath.

Re:Go vigilante

I wish ISP's would leave torrenters alone for a bit and go after stuff like this. The amount of times I have emailed spam reports to ISP's just to keep getting the same spam from the same ip address is spirit crushing, so I decided to upgrade my mail server protection, and now I get VERY little spam.

Re:Go vigilante

[nametaken]

The biggest ISP at the college I used to go to (not the univeristy itself) used to do this. They'd profile traffic and shut down machines that were spamming or otherwise behaving badly.

The way I see it, it's good for everyone, including the ISP. The only downside was when your roommate had something and your internet got shut off before a paper was due. :)

Going around my work already

This has been going around our work computers for about a week. Trouble is we have a lot of legacy computers that just do not get updated and/or we are forbid to install certain windows updates. Even if we had permission, our site internet is rather slow, so most computers go unpatched and the company relies on antivirus and firewall 100%.

Re:Going around my work already

Three words:

Incompetent IT Department.

Re:Going around my work already

Yeah, speaking of idiots...

his has been going around our work computers for about a week.

Re:Going around my work already

Even if we had permission, ...

You don't have permissions for your home PC?

Re:Going around my work already

Modded Insightful and Informative? Really?

Re:Going around my work already

Three words:

Incompetent IT Department.

Redundant much?

Re:Going around my work already

[Conor+Turton]

because I have a dedicated help desk for my home PC.. idiot.

So you're admitting you're an incompetent fuckwit. No way do you not have permission to do this on your home computer.

It has begun!

[Iced_Eagle]

*Bill Gates rubs hands together*

"Excellent... Just excellent... Rise my army, rise up and do my bidding!"

It would be so easy.

[Surreal+Puppet]

Every time i see one of these high-yield Windows remote execution holes, I'm tempted to couple a timed network-stack-erasing payload to it (24 hours should be enough for it to be able to infect through vpn-connected laptops and such) and send it cracking. Then i always begin to wonder why this hasn't been done already; is the combination of narcissistic recklessness and technical competence really that rare? It could be argued that it's more fun to play pranks and infiltrate corporate and government networks, but we don't even see things like that (I know it was more common up to the early 90s, when the "criminal prankster hacker scene" still existed outside of small tight groups...)? Or do people just cover it up? You sysadmins out there, have you ever had anything like that happen to you, or anyone you know?

Re:It would be so easy.

Welcome to the 21st century.

Unlike the 90's, viruses aren't typically coded for the purpose of doing as much damage as possible. Between eBay, Paypal, Amazon, and the other major e-commerce sites, the internet is now worth hundreds of billions - even trillions - of dollars every year. Dollars that would be lost if it went down or that can be stolen by the boatload. By and large, the motive for hacking - including the use of botnets - is all money driven these days. The two most common attack vectors are to either hold a site for ransom, threatening to take it offline via a Denial of Service attack if a certain mount is not paid or to simply use the masses of drones to slow down anti-phishing efforts by distributing the fake page across hundreds of bots (after all, you can run a web server using 500k of RAM and 200k of disk space, plus space for the pages, i.e. a Paypal clone takes up about 5MB on a drone.)

Judging by the size of this one, I'm going to guess its use will be the former rather than the later. 500,000 bots, all launched, say, the week of Christmas, would do a LOT of damage. Many of those systems will be corporate boxes and nobody will be sitting at them to monitor or notice anything, meanwhile a site that offers "last minute" shipping could be taken offline at the...well...last minute, costing them billions in lost sales. $10 mil would be a small price to pay to avoid that.

So yeah, it was more common in the 90's, but hacking solely to cause damage isn't something done any more. At all. The only people doing that would be, for example, if the Chinese were trying to crack a US State Department or Pentagon system (using the drones for brute force remote login attacks). That happens, but even there, the intent isn't to harm the systems, but merely to gain a valid login so you can steal information. This goes on in the corporate world too. After all, don't you think Ford would be willing to cough up $2 mil if someone could hand them a copy of Toyota's future business plan right now?

It's not so much that there aren't people who want to "just cause damage" but rather that those people grew up and realized they could make a lot of money by NOT damaging the systems. They needed jobs and there aren't a lot of positions available for someone with a skill set that includes brute forcing SSH logins. The generation that has come since them, mine (I'm 21, but I have friends who are 18 and 19, and we see each other as about the same) doesn't generally posses the level of skill of those who came before us. Sure, I can crack SSH and brute force NT Hashes with the best of them, but if you sit me and my 60 year old uncle both in front of a binary disassembler only he will know what he's doing, and finding the kind of flaw needed to make this massive botnet will require a very intimate knowledge of one.

Sorry, the script kiddies that bring the world to its knees have grown up and they refuse to work without pay.

Re:It would be so easy.

[netcrusher88]

There was a fork of Blaster that installed the patch for the hole it used to spread, then deleted itself. Unfortunately, like Blaster, it had a tendency to crash the Messenger service, which causes Windows to reboot without letting the user interrupt the reboot. The anti-Blaster didn't get very far.

Re:It would be so easy.

[baomike]

I have wondered also when someone is going to get pissed off enough to write some little bugger
that cleans a hard drive. Makeing it worth while for people to protect their machines.
No , I am not going to do it, but how long before somebody does?

Re:It would be so easy.

[pjbgravely]

Did you forget about Witty Worm ? I know it didn't attack the Microsoft windows operating system but it did randomly erase parts of the hard drive until the systm crashed.

Re:It would be so easy.

[ockegheim]

...or to simply use the masses of drones to slow down anti-phishing efforts by distributing the fake page across hundreds of bots (after all, you can run a web server using 500k of RAM and 200k of disk space, plus space for the pages, i.e. a Paypal clone takes up about 5MB on a drone.)

Interesting... if I wanted to host a web page on my computer, I'd have to log into my ISP to unblock port 80, direct port 80 on my router to my computer, and turn on web sharing on my computer. But I guess a lot of people still connect directly to the internet and the worm wouldn't have much trouble activating services.

Re:It would be so easy.

[trawg]

Many of those systems will be corporate boxes and nobody will be sitting at them to monitor or notice anything, meanwhile a site that offers "last minute" shipping could be taken offline at the...well...last minute, costing them billions in lost sales. $10 mil would be a small price to pay to avoid that.

Question: I'm not too savvy with the intricacies of DNS, but - could an organisation that was threatened with such a blackmail attempt do something like this:

1) duplicate your web infrastructure on a number of different networks
2) lower the TTL on your DNS records to something more responsive
3) /if/ you are attacked, update DNS records to point to your alternate hosting (..repeat as necessary until you run out of sites or they give up)

This is under the assumption that such an attack once launched would be hard to stop and/or redirect, which is quite probably not the case, I guess.

Re:It would be so easy.

[Surreal+Puppet]

Many (most) bot servers include standalone mail/web server code, usually ripped from sendmail and the like.

Re:It would be so easy.

That was not the issue... I recall that Nachi used the same exploit and patched, but it spread with the a ping to find other hosts to "fix". That's what took my network to it's knees, the ARP WHOHAS traffic following quad zero routes.

Re:It would be so easy.

[Graymalkin]

For starters it is trivial to embed an HTTP or mail server in a worm and is done all the time. They don't need to be full featured, simply functional enough to get their intended job done. As for the NAT issues the default usernames and passwords for popular routers is common knowledge. Given the number of LINKSYS and 2WIRE WiFi networks I can see from my apartment it's safe to say at least some of those people are still using those defaults. From there it's simply building the appropriate POST or GET request to modify the port forwarding settings. Besides opening connections for remote hosts a worm can simply listen for local connections and modify the hosts file to point paypal.com to localhost and then collect information that way.

Information harvesting worms do not need to be 100% effective to make their handlers money. If they get a few thousand PayPal accounts for every million machines they infect they can make a lot of money. Even if they don't get PayPal accounts or other information they can still be used for DDoS attacks and sending spam.

Re:It would be so easy.

[Surreal+Puppet]

Yeah, that's all true, but the point is you'd think *someone* should have done it by now. It only takes one person and one worm.

Re:It would be so easy.

[Surreal+Puppet]

Well, it won't change much will it? The DDOS will just follow the DNS update? You probably should invest in load-balancing across multiple connections instead. Or Akamai.

Re:It would be so easy.

[socsoc]

I hate 2Wire equipment, but they did something right. There is not a common username and pass installed. The default pass is (mostly) unique to that piece of equipment and printed on a sticker on the bottom of the unit.

Re:It would be so easy.

[steelfood]

People worried all the time about viruses back in the 90's, because they wiped away important data and because it affected the end user. These days, the virus writers are so clever you can't tell there's a bot running on the computer at all, and so end users don't care anymore.

It may not be a bad idea to start spreading time bombs via these security holes, to bring back user awareness of viruses and the damage they can cause. And, it would probably reduce the ability for such massive botnets to be created, thus render ineffective such blackmail tactics.

Re:It would be so easy.

[[ByteMe]]

could an organisation that was threatened with such a blackmail attempt do something like this:

1) duplicate your web infrastructure on a number of different networks
2) lower the TTL on your DNS records to something more responsive
3) /if/ you are attacked, update DNS records to point to your alternate hosting (..repeat as necessary until you run out of sites or they give up)

This is under the assumption that such an attack once launched would be hard to stop and/or redirect, which is quite probably not the case, I guess.

Pretty much exactly as you said. The "momentum" of such an attack once launched is very low; a botnet-generated DDoS can be retargeted fairly quickly (in general). Worse yet, the cost to the bad guy is near-zero to add more bots or to retarget, while the cost for a threatened organization is definitely *not* zero.

Re:It would be so easy.

NO ONE has "cracked" SSH, you idiot. Not you, not your "friends", not even the NSA.

Re:It would be so easy.

Idiot yourself, you mentally constipated twit.

Re:It would be so easy.

[zix619]

Motivation is the key: who would write those anti-malware viruses? The security business makes millions out of selling anti-malware software. Good sysadmins? Writing viruses, bad or good intentioned is still illegal, why should you risk your neck for some jerk who clicks on any s... he sees!

There's no profit it in.

[khasim]

Then i always begin to wonder why this hasn't been done already; is the combination of narcissistic recklessness and technical competence really that rare?

Pretty much. The closest was the "I Luv U" email which overwrote media files.

Since then, it's all about profit. Why destroy a computer when you can use it to send spam?

If you want to be really cruel, your "virus" would randomly alter a few numbers on any Excel spreadsheet it could access.

Re:There's no profit it in.

[Kijori]

If you want to be really cruel, your "virus" would randomly alter a few numbers on any Excel spreadsheet it could access.

Fortunately Microsoft cleverly protect their users against this by using closed file formats. Thank God for Microsoft!

Re:There's no profit it in.

[maxume]

Just use COM.

Of course, with Excel running in the background, the user would definitely notice that something was wrong.

Re:There's no profit it in.

[Johnny+Mnemonic]

It seems to me that if you had a 100K CPUs at your control, you could find something to do with those compute cycles that would be more profitable than SPAM, especially if you weren't restrained by what was legal. Like breaking encryption keys.

Isn't there a more imaginative/profitable use of a botnet than to send spam?

Re:at least he's not a house negro

[FunkyRider]

1. moderate down -1: Off topic.
2. Don't like it? Get the fuck out of US of A. Coward.

ancient joke

[FunkyRider]

Reminds me an ancient joke:
Windows is same as whores: They both have massive hole and full of viruses.

Re:ancient joke

[dzelenka]

I have another mental picture for you. I read the heading " New Massive Botnet Building On Windows Hole" and thought hemorrhoids. Painful, painful hemorrhoids!

Re:ancient joke

[ahow628]

You've gotta pay the troll toll if you wanna get in this boy's hole...

Botnet, starting to grow

[PPH]

Do you want a larger, firmer botnet? One that all the ladies will love and other guys will envy? Here's how to enlarge your botnet quickly and easily.

If your botnet stays up for 6 hours or longer, please seek the help of a physician.

Re:Botnet, starting to grow

[melikamp]

How does one get other guys to envy the size of his botnet? Bust it out during parties and on dance floors? Join a botnet ring? Or just hope that girls will tell other guys about your size? I mean, of your botnet?

Re:Botnet, starting to grow

[corsec67]

Easy: DDOS competition.

If you can slashdot /., you obviously have a large botnet.

Re:Botnet, starting to grow

[ockegheim]

Denial of Service to one's botnet can be disheartening.

Dial up users.

[aywwts4]

Indeed, my father in law is stuck on dialup, and wondered why his computer was so slow. (I hadn't been supporting him previously so I didn't look at his patch status) A quick speedtest (20 minutes later) showed he was downloading at less than a kilobyte per second.

Thats when I noticed it was downloading SP2 every single time he connected to check his mail. It has probably been downloading SP2 since it came out, years prior.

I think he was almost 70% complete with sp2 it probably would have been done in another year of intermittent use, but not before sp3 came out ;)

I now give him service packs on CDs

Re:Dial up users.

oh shutup, it doesnt download the same update over and over, it probably just never finished so it kept resuming.

Re:Dial up users.

[Ragzouken]

Did you read the bit where he said what you said?

6astards

[Tablizer]

Hit at our company today. Pain in the butt. PC's that had lagging or broken anti-virus updates got hit the most.

This resource is no longer valid. Please return to

This resource is no longer valid. Please return to the beginning and try again. again.

Analogy

[jaavaaguru]

If you buy a gun, and leave it sitting in your front garden, then some criminals come along, take control of it, and kill everyone in your street, you're kind of responsible for that.

Apart from the obvious killing != spam and/or fraud, how is leaving an unprotected OS with known problems available to be hijacked by anyone who wants to do damage with it any different? You should still be responsible (although the punishment might be different). Suppliers should be forced to make this obvious to people buying this stuff.

Re:Analogy

[NicknamesAreStupid]

What if I buy a rosebush and plant it in my garden, then somebody uses it to deface little kids and old ladies with its thorns? Am I kinda liable for that?

Is a computer more like a gun or a rosebush? I guess that depends on whether it is running Windows or Linux.

Re:Analogy

[AmberBlackCat]

What if the choices are (Leave a gun in your yard) or (smash your television, audio system, and car). Because I just upgraded to Fedora 10 and lost all support for the Integrated sound, Nvidia, and my DVD burner. It's a choice between a security vulnerability and having half your hardware not working.

Re:Analogy

What's wrong with you? You're using a Stupid Gun Analogy when you could have used a Stupid Car Analogy!

Here: If you buy a car, and leave it sitting in your driveway, then some criminals come along, jack it, and kill everyone in your street, you're kind of responsible for that.

Didn't work? That's cuz tortuous analogies are stupid. Please stop.

Re:Analogy

[jaavaaguru]

I'll go with the third option, thank you. The last computer I bought works fine with the Ubuntu it came with. Even then, I'll keep a NAT router between me and the Internet because I know I don't always install the security updates as soon as they're available.

Re:Analogy

[Whiney+Mac+Fanboy]

If you buy a gun, and leave it sitting in your front garden, then some criminals come along, take control of it, and kill everyone in your street, you're kind of responsible for that.

Gun? Are you mad? Slashdot is about car analogies only.

how is leaving an unprotected OS with known problems available to be hijacked by anyone who wants to do damage with it any different?

One buys a car, forgets to lock it at night & it's used for a ram raid. Is the car owner responsible for the ram raid or a victim?

Re:Analogy

Is a computer more like a gun or a rosebush? I guess that depends on whether it is running Windows or Linux.

Wait... which is which?

Re:Analogy

[wmbetts]

Oh course. Why wouldn't you be? After all you didn't take responsible precautions to prevent such atrocities from happening.

Re:Analogy

[AmberBlackCat]

Did you know Windows has Wi-Fi?

Re:Analogy

[RazzleDazzle]

Your analogy is more apt than the OP's. A loaded gun's uses are more singularly designed compared to that of say a crow bar, baseball bat, chainsaw, rosebush, unkempt PC, or unconscious syph infected hooker. All of the latter have designed uses other than causing harm whereas the gun is more or less useless other than as a weapon.

You cannot blindly blame the owners of certain tools if the tools are covertly used by another party. If someone sneaks into my house, steals my carving knife, stabs someone with it, cleans the knife, and returns it back all without my knowledge, should I be punished?

Re:Analogy

Did you know Windows has Wi-Fi?

Did you know that whether or not Windows has Wi-FI doesn't have anything at all to do with what the GP was talking about?

Re:Analogy

[Bane1998]

Computer to 'Some simple concept' analogies are stupid as hell. Get over your elitism. Most people don't understand the first thing about computers, and they don't have to. Just like most people use a TV, VCR, whatever, without any clue how it works, they just use it to play movies. Blinking 12:00.

Your analogy fails because leaving a gun out is gross negligence. It's a dangerous thing, and that's fairly obvious. A computer isn't. I suppose an argument could be made that computers are dangerous. It would be quite a stretch though. In that case there should be mandatory licensing to operate one, you know... like a car. But there isn't. So, either make the argument that computers are dangerous and should be controlled (and make sure you understand the actual ramifications of that argument), or stfu and realize that no, most people don't understand Computer Security or why it's important, and they never will.

And then, as an expert in the field, learn that you aren't smarter than mom and dad using their computer, you just have a specialized skill set. Most nerd kids like prolly half the slashdot crowd are or were.. started out with computers coming naturally to them. It's easy to assume then that it shoudl come naturally to everyone. And when you see it doesn't, your first reaction is that something is broken in them. After that nerd grows up a bit in the world, that person learns that no... they aren't idiots. We just have an aptitude for something that others don't. And that doesn't make them dumb. They probably have skills we don't. Say... socializing for example. So my guess is your (and all those who always come to slashdot posting the same song and dance) maturity level hasn't quite evolved yet.

And to not be elitist myself... I can admit I was once the same way. I grew out of it, as will you. :)

Re:Analogy

[Tatsh]

Did you know in Windows Vista it takes 5+ clicks just to connect to a network? XP takes about 3, Linux takes one right-click on the NetworkManager icon (which shows found networks), Mac OS X takes one click on the wifi icon (which also shows found networks). Windows always lags.

Re:Analogy

[Tatsh]

Most people don't understand the first thing about computers, and they don't have to.

I nearly want these people to GO AWAY (but then I would not have a particular job). Honestly in the long run, stress levels of everyone would be lower if these know-nothing-and-don't-want-to-know people would just go away and do sports or whatever ACTUALLY interests them. These are the people who watch televised sports and go to mlb.com to check 'stats', a total waste.

Re:Analogy

[kv9]

It's a dangerous thing, and that's fairly obvious. A computer isn't. I suppose an argument could be made that computers are dangerous.

are you mad? look at HAL, Colossus or Skynet. pretty dangerous computers there.

Re:Analogy

Because I just upgraded to Fedora 10 and lost all support for the Integrated sound, Nvidia, and my DVD burner.

Maybe you shouldn't be using a brand new release of a self-confessed bleeding-edge distro with a short support window if you don't want things to either break or go out of support quickly? Or maybe wait a few months before installing the latest release while the most serious bugs get fixed?

Re:Analogy

[NatasRevol]

And, at least in XP, you need admin privs to change network settings, and make those 3 clicks.

That's nice, eh?

Re:Analogy

[D+Ninja]

In that case there should be mandatory licensing to operate one, you know... like a car.

Given that pretty much anybody can get a license (including some idiots that should never be a passenger in a car, much less the driver), I'm not entirely certain that this is the best analogy.

The rest of your post is excellent, though.

Re:Analogy

Guns and rosebushes!? This is Slashdot, people, where we only accept car analogies!

Re:Analogy

[socsoc]

no, but you should get rid of that knife.

Re:Analogy

Exactly. My dad can barely use a mouse. He however learned enough so he could use ebay.

On the other hand he is a awesome salesman. I once watched him sell a used Christmas light bulb on a garage sale. I was totally floored. Who the hell goes to a garage sale and buys a light bulb for xmas in SUMMER! My dad talked him into buying it. I on the other hand would have thrown it away probably. My dad just sold it 'cause he felt like selling something today'. I do not have that skill he does. I have the skill to make his computer, that he barely knows how to use, to do all sorts of cool stuff. Which he cares not about...

Re:Analogy

[shentino]

Except in this case the gun is in a case with a defective lock.

It isn't the customer's fault if their OS is full of holes.

Re:Analogy

[Bane1998]

Given that pretty much anybody can get a license (including some idiots that should never be a passenger in a car, much less the driver), I'm not entirely certain that this is the best analogy.

Licensing isn't about stopping someone before they do something bad. It would be nice if it did, but there's no test that will reliably predict future behavior in every situation. It's about being able to control an activity. Licenses can be revoked when you screw up, thus hopefully creating a sense of responsibility because you don't want to have your license taken away. The very act of licensing something makes it something that can be monitored and taken away. That was the point I was trying to make. Well, I mean... that was my Devil's Advocate point, that if we licenses computer that would be a bad thing.

Re:Analogy

[lennier]

"Your analogy fails because leaving a gun out is gross negligence. It's a dangerous thing, and that's fairly obvious. A computer isn't."

But a computer *is* dangerous. No, the danger is not obvious, but that awareness is starting to change. This isn't about elitism - not even all the computer scientists picked up on the danger at first.

An internet-connected computer that can host worms is dangerous in the same way an unmaintained car is, or a stagnant pond in which mosquitos can breed. We accept car licencing and vehicle checks. We accept health restrictions on what we can put in our garbage and what food we can sell. Why don't we accept mandatory computer licensing, or a category of 'infohazard' like 'biohazard'?

Well, because we're also afraid of censorship, and that's also a valid fear. One person's freedom of speech could be another person's infohazard. Even 'anti-phishing' browser plugins are blurring the line - who gets to maintain those site blacklists, and how much would it take to bribe them?

How can I sign up for this botnet?

I have some spare CPU cycles. I am an out of work advertiser, and I'd like to donate to other advertisers.

I'll reformat my machine and start fresh as soon as I need my machines back, but for now, seriously, how do I FOR SURE, join this botnet?

use norton

[delvsional]

I use Norton, Mccaffee and AVG Grisoft all at once, oh wait nevermind. I don't use windows anymore.

Re:use norton

[Conor+Turton]

Not to worry, Linux kernel has had a massive hole all of its own found this week as well.

If you're feeling left out, here's 31 pages of vulnerabilities for Ubuntu . Just select Ubuntu as the vendor and Ubuntu Linux as the title. You can do it for other distros if you're using them. Results will be similar for most distributions

Re:use norton

You can do it for other distros if you're using them. Results will be similar for most distributions

Vendor: Red Hat
Title: Enterprise Linux
Version: 5 server

No matching vulnerabilities found

Cool, thanks!

Uh oh

[Stereoface]

Does that mean Macs have 10% of the market share of annoying ass spam networks? Cause they've already got 100% of the annoying and misleading commercials...

Re:at least he's not a house negro

Wow.

Simply wow.

I mean, I haven't seen a collection of stupidity like this in years, and I read Stallman's articles from time to time.

Please, get yourself spayed before you breed.

Wouldn't it be nice

[Smuttley]

if the people writing exploits for these security holes wrote a worm that once it had got onto a computer patched the exploit and then detached?

You could call it Good Samaritan Computing or something ;)

Re:Wouldn't it be nice

[mach1980]

if the people writing exploits for these security holes wrote a worm that once it had got onto a computer patched the exploit and then detached? You could call it Good Samaritan Computing or something ;)

It is still an intrusion in legal sense. Whoever wrote such a worm would face charges if caught.

Re:Wouldn't it be nice

[Smuttley]

It is still an intrusion in legal sense. Whoever wrote such a worm would face charges if caught.

this much is true, but at least all the DIY lawyers on slashdot will be there to represent them ;)

Re:Wouldn't it be nice

[vwjeff]

It is not uncommon for some of these malware programs to install, remove existing malware, and then patch the system. In this case the application writer is removing competition and preventing other malware programs from using the exploit.

Everybody, SING ALONG!

[Chris+Tucker]

"Botnets, spammer's botnets!
What kind of boxes are on botnets?

Compaq, HP, Dell and Sony, true!
Gateway, Packard Bell, maybe even Asus, too!

Are boxes, found on botnets.
All running Windows, FOO!"

I'm running Mac OS X 10.5.5, here.

Why, yes. I AM a smug bastard!
Thanks for asking.

Re:Everybody, SING ALONG!

http://support.apple.com/kb/HT2550 now do you feel so smug?

How Do They Survive?

[Bob9113]

I'm curious - how do infected computers survive on the Internet?

We have legions of honeypots for the detection of infected hosts (not to mention the likes of GMail). ISPs have been qqing about bandwidth - surely bandwidth consumed by infection is the most loathsome waste.

Why don't ISPs have a takedown system? They could restrict who they trust - perhaps only Symantec and McAffee, maybe hotmail, yahoo, and GMail as well. The could do a limited takedown of outbound email only, adding a message to the customer's email account. Perhaps have an HTTP interceptor display a page with links to tools for system cleaning, maybe commercial products if they feel the defense of their corner of the net is not sufficient recompense.

OK, I can dig the risk of inappropriate takedowns - but we run that risk non-stop with the DMCA for a heckuva lot less tangible benefit.

Expense? I'm sure we could get a few dozen folks together to write the software.

Customer experience? Really now - if my Mom's computer was infected and her ISP told her, and gave her links to fix it, she'd love it.

Inability to trust the router droppings? Half the Internet connections in the world are probably covered by a couple dozen ISPs - start with trusting only those router entries.

So - what am I missing?

Re:How Do They Survive?

[slydder]

Bob,

I agree 100% and that is exactly why I started WIPOC (World Internet Providers Organization Counsel) back in the early 90's. had a few ISP's/Hosting Companies interested.

However, a majority of them were like "why? this will all be gone by the beginning of 2000 anyway. They will get it all under control".

Well, hate to say it but "I F*CKIN TOLD YA!"

You CANNOT always push responsibility for your problems onto others. and believe me. it's your networks so it IS your problem.

rant done. nothing left to see here. enjoy. ;)

Re:How Do They Survive?

Why don't ISPs have a takedown system? Because it would cost them money and wouldn't win them any customers. Doesn't matter how cheap you make the software to do it, they'll incur an expense to run it and handle complaints. Customers have shown they don't care about these systems, so implementing one is only going to cost customers, not attract them. Therefore, they have no incentive to do this, and they won't.

Re:How Do They Survive?

[Bob9113]

hehe - damn - you were way ahead of me. :)

However, a majority of them were like "why? this will all be gone by the beginning of 2000 anyway. They will get it all under control".

So sad. How could they not understand? Ummm, "they"?!? Who is "they"? Hey, ISP - you are "they". Now let's get to work.

Alas. Thanks for trying!

Re:How Do They Survive?

So - what am I missing?

venture capital?

Re:How Do They Survive?

[ko10ha]

> Why don't ISPs have a takedown system?
My ISP does. It took me down within hours when I let a friend connect his laptop to my network. He had a problem with his computer he told me. That proved correct - it was spamming like mad. But his own - cheapish - ISP did not take him down. So perhaps only solid and more expensive ISP have a take down system.

Re:How Do They Survive?

[steelfood]

It's not always easy to clean up an infection. You can clean it up once, and then get infected again the next day because the cleanup didn't catch something. And having to clean up the same infection every day will hurt customer experience.

And Microsoft's need to validate Windows before allowing access to patches doesn't help anything all. People who run illegal copies of Windows just won't update. It's not like being a part of a botnet has any effect on them.

YABON - Yet Another BOt Net (or YABber On)

[gramlord]

Why is another botnet, based on the incredibly insecure Windows VPS (virus propogation system), of interest. Yet another bot net, and more yabber (slang for talk) on the subject. Why doesn't the world of professional computer types fess up that Windows might look nice, might be easy for dummys to use, but is BAD. BAD for you. BAD for me. BAD for everybody. And the solution might be a little less pretty, perhaps, and a little more costly (depending on how you define "the solution"), but it will be GOOD. Damn the world's users for their blindly ignorant view on computers.

Re:YABON - Yet Another BOt Net (or YABber On)

[Conor+Turton]

With over 31 pages of outstanding vulnerabilities for Ubuntu on SecurityFocus.com and 20 pages for Mac OS X, WHILST XP AND VISTA ONLY HAVE EIGHT PAGES COMBINED, non of the OS vendors have anything to shout about really.

Re:YABON - Yet Another BOt Net (or YABber On)

[neomunk]

Go back and check those 31 pages again... Go ahead, click on the links to the issues themselves... Now click solution... Good. Now, as a homework assignment, count how many of those 31 pages are actually "outstanding". For extra credit, apologize to the slashdot community for talking shit without having a clue.

BTW, the closest I found to an "outstanding" issue were 2 bugs (I only checked the first page). One had a PROPOSED patch (I'd count that as outstanding) and the other recommended uninstalling the Microsoft provided patch. Hrm. Maybe those 31 pages don't seem so daunting after all.

Re:at least he's not a house negro

[Chris+Tucker]

"I haven't seen a collection of stupidity like this in years"

Never read the comments at the John McCain YouTube site, have you.

Pure, refined and concentrated crazystupid, all in 500 characters or less.

The ISPs could solve this quickly

[xenobyte]

Just block excessive web-requests or mails coming from a regular home connection and you have defanged whatever bot or zombie that might be lurking there. Without the ability to send spam or to participate in DDoS blackmail attacks, the machine is essentially worthless to the cyber-criminals. Sure, it might provide a password to some online backing and maybe a credit card number, but that's about it.

Re:This resource is no longer valid. Please return

Oh, come on. That was funny the second time!

Windows antivirus process illustrated

[David+Gerard]

I think of Windows antivirus and I think of this picture. "Ur doin it rong."

STOP Using Microsoft Windows

Isn't it about time DHS declare Microsoft Windows a Weapon of Mass Destruction (WMD)? "Stop palling around with terrorists," says Governor Sarah Palin.

when most of your business

[nimbius]

revolves around unscrupulous business tactics and emergency fixes to a dated and uncompetitive product turned fixture by lock-in, an enormous spinning vortex of shit known as a botnet is only natural.

Windows vista and its DRM in and of themselves are a botnet that offer you plugins and upgrades at the expense of your CPU time and sanity much the same way a botnet effectively doles out dickpill adds.

you can hurl your best in-house antivirus at it, but since that was composed by coders flogged to the finish line by marketing, i dont see how thats destined to placate the issue.

Re:Poooooooo what? repititialian?

NO i will nolt bow to then n0(ppppp=ooo-3 k0pk-sa 33 fsssvcb 543rfewtew hh ass asss assssss

Hi I'm a Mac

I don't get viruses. I'm a Mac. :D

Don't mention this company

See why here: http://www.scriptumlibre.org/Boycott_Trend_Micro

Wow. Good troll

[Toreo+asesino]

Flaming sentiment: check.
Questionable grammar: check.
DRM + Vista mention: check.
Zero citations: check.

Please feel free to comment similar sentiment when non-Microsoft OS's get patched up quickly.

In other news, Apple is now recommending Anti-Virus for Mac OSX. Now that is a curious turn of events, don't you think?

Re: no legitimate copy of Window no update

[ko10ha]

As someone who occasionally boots an illegitimate copy of Windows to play his legitimate copy of Half-Life (tried it in Wine but it blew up the entire system somehow) I can state that such a person would perhaps not be inclined to update, out of uncertainty about what installing the WGA program might entail (now or in the future). Certainly WGA identifies one as a vile and wicked person, and most likely (now or in the future) it might somehow cripple the system. Therefore, no updates. Yes, I do feel the pangs of guilt with regard to the pirated copy, but if somebody where to give me 200 bucks and told me to choose between a new cpu+mobo or a donation to an organization which imho does more damage than good ... tough choice.

Re:Idiots : more with less

[zijus]

I concure: I believe I get some security with less - no, lesser than that - instead of more protections.
I run a win XP SP1 at home. Behind a NAT rejecting non solicited traffic.
Apart of that :
- no soft firewall
- no real time virus scanner
- no OS updates ever
but even less than that:
- disabled about 90% of startup process
- disabled about 70% of all startup services
- disabled all automatic updates
- uninstall un-needed stuff
- no toolbar-crapware-[younameit]ware
- aggressively remove crap ( CrapCleaner helps ) The one time I was too aggressive : I broke a soft. Guess what: I downgraded the soft. Worked fine since.
- Being somehow prudent internet surfer: etc/hots + addblock + rip + a few other things giving me a browser doing lesser than usual but well.
I obtain a seemingly clean radar when I scrutinize my box from time to time.
Sometime less is more.

I remember once at a work place : the automatic update on win boxes got the source code repository access screwed. Halted the nigtlies for the company. Since that, I consider automatic updates as viruses: you don't know when and what comes in. Yet it is often allowed and recommended. Mad.

Bye.
Z.

Apple Quietly Recommends Antivirus Software ...

[InvisiBill]

Apple Quietly Recommends Antivirus Software For Macs http://it.slashdot.org/article.pl?sid=08/12/02/1314208

ISPs

Hey ISPs how about denying access (internally and at the border) to compromised systems - lists from spamhaus et al will help.

Re: no legitimate copy of Window no update

[HTH+NE1]

As someone who occasionally boots an illegitimate copy of Windows to play his legitimate copy of Half-Life.... if somebody were to give me 200 bucks and told me to choose between a new CPU+mobo or a donation to an organization which IMHO does more damage than good ... tough choice.

Which organization do you mean: Microsoft or Black Mesa?

Why not

[hesaigo999ca]

If its as bad ad they say, offer a freedownload WITHOUT the checkers to those with valid or invalid windows xp ...and let them update THAT hole....problem solved....oh yeah M$ != profit....sorry my mistake.

Mine's clean, here is how

See subject-line, & the URL below...

----

HOW TO SECURE Windows 2000/XP/Server 2003, & yes, even VISTA: Plus, make it "fun-to-do", via CIS Tool Security Benchmark Guidance (& beyond):

http://www.tcmagazine.com/forums/index.php?s=3c2f2f607967bc4818b28f0d7fad17d1&showtopic=2662

----

It works, & for roughly a 2 hr. investment of your time, for years of safer uptime online on the internet, & for years into the distance... Windows is easily secured using the CIS Tool multiplatform benchmark-gauge of security, & was highly noted by COMPUTERWORLD, no less, plus the other points noted in that guide, for the concept of "layered security".

(And, it's not just for Windows either guys, also for MANY *NIX variants also)

CIS Tool almost makes it fun, & especially if you're the type of computer user that likes benchmarks for performance, this is for you. Albeit, it's oriented around security testing is all.