New Massive Botnet Building On Windows Hole

← Back to Stories (view on slashdot.org)

New Massive Botnet Building On Windows Hole

Posted by kdawson on Monday December 1, 2008 @03:29PM from the so-patch-it-already dept.

CWmike writes "The worm exploiting a critical Windows bug that Microsoft patched with an emergency fix in late October is now being used to build a fast-growing botnet, said Ivan Macalintal, a senior research engineer with Trend Micro. Dubbed 'Downad.a' by Trend (and 'Conficker.a' by Microsoft and 'Downadup' by Symantec), the worm is a key component in a massive new botnet that a new criminal element, not associated with McColo, is creating. 'We think 500,000 is a ballpark figure,' said Macalintal when asked the size of the new botnet. 'That's not as large as some, such as [the] Kraken [botnet], or Storm earlier, but it's... starting to grow.'"

156 of 223 comments (clear)

Idiots by IceDiver · 2008-12-01 15:31 · Score: 1, Funny

Don't people use auto-update?
1. Re:Idiots by moniker127 · 2008-12-01 15:42 · Score: 5, Funny
  
  Auto-update is really annoying, especially if you don't have a very good connection. Its one of the first things I disable when I do a fresh install of XP.
2. Re:Idiots by Iced_Eagle · 2008-12-01 15:45 · Score: 1
  
  Don't bring any logic into this!
3. Re:Idiots by Henry+V+.009 · 2008-12-01 15:47 · Score: 5, Funny
  
  Here, let me turn it back on for you. There. Don't bother thanking me, I've already debited your bank account for my time.
4. Re:Idiots by Brain+Damaged+Bogan · 2008-12-01 15:52 · Score: 2, Informative
  
  I would imagine that most pirated copies of windows wouldn't use auto update, you don't want your pirated OS contacting the developer whenever it feels like.
  
  --
  -- Sex is the antonym of pringles. Once you pop it's time to stop.
5. Re:Idiots by Anonymous Coward · 2008-12-01 15:54 · Score: 2, Insightful
  
  wait, wait, but then you do complain when a patch does not get installed and your system is compromized and it's all MSFT's fault... right, right? Am I right?
  What did I win?
6. Re:Idiots by six025 · 2008-12-01 15:57 · Score: 1, Insightful
  
  Auto-update works if you have a legitimate copy of Windows, and there are plenty of people using pirated copies of Windows which do not qualify for the "genuine advantage" required by Windows Update.
  Even if MS managed to patch every security hole in Windows, there would still be a massive gaping hole left by the people who can't use auto-update and who are not inclined, or simply lack the technical ability, to seek out and install the required patches via a manual download.
  This leads one to wonder about the wisdom of blocking illegitimate licenses from obtaining security updates via the auto-update service, as the end result of the decision is that everyone suffers to some degree e.g. increased spam levels.
  Peace,
  Andy.
7. Re:Idiots by imemyself · 2008-12-01 16:01 · Score: 2, Informative
  
  I believe that MS actually does provide security updates for systems that do not pass WGA.
  
  --
  Every time you post an article on Slashdot, I kill a server. Think of the servers!
8. Re:Idiots by LtGordon · 2008-12-01 16:08 · Score: 4, Insightful
  
  I own a legit copy of XP Pro and it bothers me how frequently MSFT releases that Genuine Advantage garbage. If only they put that kind of enthusiasm into the rest of their products.
9. Re:Idiots by ThePengwin · 2008-12-01 16:13 · Score: 1
  
  A Rational Thinking award!
  Sorry but these days they seem to be worthless
10. Re:Idiots by LtGordon · 2008-12-01 16:14 · Score: 4, Informative
  
  Systems that do not pass WGA are only allowed access to "critical" updates.
11. Re:Idiots by jaxtherat · 2008-12-01 16:15 · Score: 5, Insightful
  
  Auto-update is really annoying, especially if you don't have a very good connection. Its one of the first things I disable when I do a fresh install of XP.
  Not sure why this was modded funny, as this seems to be far and away the predominant mentality of windows users...
  
  --
  http://www.zombieapocalypse.tv/
12. Re:Idiots by The+Bungi · 2008-12-01 16:20 · Score: 5, Informative
  
  Which this particular patch qualifies as.
13. Re:Idiots by 0123456 · 2008-12-01 16:31 · Score: 5, Insightful
  
  "Some think they know better what updates to install than Microsoft suggests."
  When updates stop breaking other software, and Microsoft stop bundling DRM as 'critical updates', then I suspect people will start trusting Microsoft to tell them what updates to install.
  Personally I like to see what Microsoft are doing to my computer before I install it.
14. Re:Idiots by nabsltd · 2008-12-01 16:36 · Score: 4, Informative
  
  Auto-update works if you have a legitimate copy of Windows, and there are plenty of people using pirated copies of Windows which do not qualify for the "genuine advantage" required by Windows Update.
  If someone is already using a pirated copy of Windows as their desktop OS, then they probably wouldn't have a problem running a pirated copy of Windows 2003, either.
  In which case, they can then download Windows Server Update Services which doesn't require WGA to download. After installing WSUS on Win2K3, they can configure it to only download updates matching the pirated MS software they have, and then individually approve or reject updates. They would then configure all the systems to retrieve the approved updates from the WSUS server.
  By doing this, every update is available, and WGA is never installed on any of the systems.
15. Re:Idiots by osu-neko · 2008-12-01 16:37 · Score: 1
  
  Enabling auto-update implies the user trusts Microsoft to (a) update Windows properly and (b) not steal their bank account and credit card information with each update.
  Actually, installing Microsoft Windows and then connecting to the Internet implies you don't believe Microsoft will steal your bank account and credit card information. If they then further believe Microsoft will steal their data if they use Windows Update, no further analysis of their beliefs can yield useful information about what actions they may or may not engage in -- they have at that point proven to be completely irrational. Given this, any actions are possible, and you can try to rationalize their actions any way you like by picking and choosing from their contradictory beliefs, but it's ultimately pointless, since to do so assumes a level of rationality that is clearly not present.
  
  --
  "Convictions are more dangerous enemies of truth than lies."
16. Re:Idiots by Xabraxas · 2008-12-01 16:39 · Score: 4, Insightful
  
  You're just an idiot then. You don't need to click on FREEREGISTRYSCANNER or anything like that to get infected. In fact you can click on a link that you click everyday and get infected. The best you can do is stay up-to-date and pray for no 0 day exploits.
  
  --
  Time makes more converts than reason
17. Re:Idiots by ushering05401 · 2008-12-01 16:53 · Score: 1
  
  Niche markets have problems getting specialty software updated in a timely manner.
  A client in the Veterinary field is still unable to update to XP SP3 because their medical office management software provider told me their product absolutely could not run on SP3.
  I thought that the provider was thinking I was trying to upgrade to Vista, but no, SP3 apparently kills their server product.
18. Re:Idiots by master811 · 2008-12-01 17:04 · Score: 2, Informative
  
  That's not true, systems will still get access to the "recommended" updates as well if Auto-Update is set. I don't understand it myself as the same updates can't be accessed without validating, but they appear fine if you have it set to automatic (and don't use the windows update website).
19. Re:Idiots by Hal_Porter · 2008-12-01 17:17 · Score: 5, Funny
  
  I don't know why people complain about Genuine Advantage. If you buy the software it is unlocked. If you pirate it it will still work, even though it knows it is pirated, but it won't work 100%. I.e. pirate copies are partially locked.
  Genuine Advantage would be better if they had a sense of humour about it. Like instead of black screening pirate copies they could shrink the desktop slowly surrounded it by a dirty border and have photorealistic DirectX 10 cockroaches in the border. When you unlocked the workstation they'd scatter, but you still see the odd leg or antenna poking out from the edge of the monitor. Every so often one would run across the screen when you were hard at work. Hell, maybe you'd let people crush them with the mouse pointer but it would leave a nasty yellow blob on the screen. The longer you held out against buying a license, the more bold the roaches would become, and the more hit points they would have.
  Essentially Microsoft discovered a way to make people RAGE! by accident with Clippy. They should put that knowledge to use annoying pirates and making everyone else laugh at them. Most people have a fear of being mocked for being cheap, they should put that fear to use.
  
  --
  echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
20. Re:Idiots by Architect_sasyr · 2008-12-01 17:22 · Score: 5, Interesting
  
  Whilst I happen to be highly entertained by your idea about GA I should like to recount a little story:
  
  Fully registered and licensed domain of XP machines (~60 or so). Update Windows Genuine Advantage. 58 of them claim to be pirated and cease to work at any level that can be considered acceptable for a corporation.
  
  Stories like that are why people complain about GA.
  
  --
  Me failed English...
  FreeBSD over Linux. If my comments seem odd, this may explain...
21. Re:Idiots by dissy · 2008-12-01 17:38 · Score: 4, Insightful
  
  I dont get viruses because I'm not a wintard who opens any FREEREGISTRYSCANNER add they see.
  I've been running windows xp without firewalls/AV for like four years now. Every 6 months or so I scan for viruses, rootkits, trojans, and adware, and i've yet to come up with anything.
  Well of course if you have a rootkit, scanning for rootkits will show clean. Thats how they work.
  A rootkit modifies the kernel so that it intercepts all API calls, including the read() functions your scanner is using, and the rootkit feeds back false info such as directory listings omitting the rootkits files, and if one tries to open one of its files by name, the open() call now controlled by the rootkit returns a no such file error.
  You no doubt have a home router that does a form of NAT, which acts as a firewall for all intents and purposes for incoming connections, so your statement about not running a firewall is false.
  At least I hope so, else you have been rooted 10 minutes after connecting your computer to the internet. Sadly, your description fits the profile of someone who is infected and doesn't even know it because it has been that way since day one it went online.
22. Re:Idiots by corsec67 · 2008-12-01 17:42 · Score: 2, Funny
  
  You no doubt have a home router that does a form of NAT, which acts as a firewall for all intents and purposes for incoming connections, so your statement about not running a firewall is false.
  Yeah, he would have to patch everything within 4 minutes to not have an infection.
  
  --
  If I have nothing to hide, don't search me
23. Re:Idiots by Lershac · 2008-12-01 18:17 · Score: 1
  
  Nope,
  I run XP in parallels on a mac. Same way. After I installed and configured my machine, I backed up the image, and said "lets see how long this takes" and one year later, its still going strong.
  No Spybot, No antivirus, and I surf and do lots of stuff on that Vmachine.
  
  --
  Chuck
24. Re:Idiots by Lershac · 2008-12-01 18:22 · Score: 1
  
  lets see, coz in Vista I get asked aLOT for UAC approval. On Macs, much much less.
  all overusing the approval feature does is condition the user to clicking "go right ahead and ram that big cylindrical object up my arse."
  
  --
  Chuck
25. Re:Idiots by moniker127 · 2008-12-01 18:51 · Score: 1
  
  I think i'm just not as paranoid about security as some. This is not what my day revolves around, because it simply has not affected me, and I doubt it will any time soon.
26. Re:Idiots by silarulz · 2008-12-01 19:09 · Score: 1, Troll
  
  Or Just move to Linux, BSD, OSX...
  
  --
  silarulz!
27. Re:Idiots by LackThereof · 2008-12-01 19:10 · Score: 2, Insightful
  
  On machines that fail WGA, Auto-update functions fine; manually updating from the Microsoft website is disabled.
  However, XP's autoupdate is not particularly reliable with service packs. It's more likely to sit in the tray saying "click here to install SP2" than actually install itself, even if the machine is set to "Automatically download and install updates". And users always ignore tray warnings; it's just another bubble between Weatherbug and VirusProtectPro.
  
  --
  Legalize recreational marijuana. Seriously.
28. Re:Idiots by aweraw · 2008-12-01 19:17 · Score: 1
  
  Keep in mind that the object in question is only cylindrical in the best case scenario. The truth is not suitable to air in this time slot (kids might be watching). Let's just say that corners are uncomfortable.
  
  --
  5468652047616D65
29. Re:Idiots by mixmatch · 2008-12-01 19:40 · Score: 5, Interesting
  
  Why should corporate customers have to call up Microsoft every time they fuck up Genuine Advantage? Activation/IP protection schemes are hugely hated for the very reason that they don't bother the pirates but they do hassle the paying customers. Its great that you have time to play around on your pirated laptop copy, but come back when you have a bottom line to worry about.
30. Re:Idiots by Hal_Porter · 2008-12-01 20:14 · Score: 1
  
  Hmm,
  http://www.annoyances.org/exec/show/article03-200
  
  Are there any users who won't have to activate their copies of Windows XP?
  Yes:
  1. If you purchase a new computer with Windows XP pre-installed, it will most likely come pre-activated. The only problem then is if you attempt a major upgrade.
  2. The version of Windows XP Professional sold with a large corporate site-license doesn't contain the activation code. If you're using that version, you'll never have to activate it.
  I.e. corporate users don't need to activate, neither do people that buy machines with XP preinstalled. The only people who need to activate are people that install it themselves.
  
  --
  echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
31. Re:Idiots by Yvanhoe · 2008-12-01 20:21 · Score: 1
  
  Plus it is a fact : people with dialup still exist. They are not behind a firewall, they have enough bandwidth to get infections but not enough to get patches. Is there a way to keep a computer secure with Windows without access to someone who can burn updates for you ?
  
  --
  The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
32. Re:Idiots by Anonymous Coward · 2008-12-01 20:36 · Score: 1, Funny
  
  Because it's not connected to the Internet?
33. Re:Idiots by MrMr · 2008-12-01 21:42 · Score: 1
  
  It's funny because it's true?
34. Re:Idiots by hvm2hvm · 2008-12-01 21:52 · Score: 1
  
  I'm not sure how parallels gives the virtual machine an internet connection but if it NATs the external connection of the mac then you are protected against those attacks that don't require the user to click on stuff in a browser. If you have a machine connected directly to the internet and no firewall, antivirus, updates, etc you could theoretically get infected by someone exploiting a bug in the services XP provides by default.
  
  --
  ics
35. Re:Idiots by Hal_Porter · 2008-12-01 22:12 · Score: 1
  
  I dunno, my experience of it is that WGA works if Windows is activated. I have had one known pirated machine that WGA fails on and a bunch of genuine ones that it succeeds.
  
  --
  echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
36. Re:Idiots by HungryHobo · 2008-12-01 22:13 · Score: 1
  
  "large corporate site-license "
  not
  "Small corporate site-license "
  You can have a small to medium buisness and still get fucked.
37. Re:Idiots by mowall · 2008-12-01 23:05 · Score: 2, Insightful
  
  not at all: - install XP with network unplugged - turn on firewall - plug in network
  XP didn't come with a firewall. You had to upgrade to SP2 (IIRC) to get the Windows firewall. Granted, if you bought XP after SP2 was released you'd have the firewall, otherwise you can potentially get infected very quickly... way before you get the chance to download SP2 and enable the firewall.
38. Re:Idiots by smoker2 · 2008-12-01 23:23 · Score: 1
  
  It is the best mentality to have. I always change the settings to notify and nothing else. I choose what goes on my pc not microsoft. I have never downloaded the Malicious Software tool. I have never downloaded the WGA shit. Then again my XP pc has never been infected with anything either, so my actions aren't crazy.
  
  If you are willing to dance to microsofts tune then carry on. Doesn't make you clever in any way. Or maybe you misunderstood the "auto" part of auto update.
39. Re:Idiots by worthawholebean · 2008-12-01 23:27 · Score: 1
  
  Well of course if you have a rootkit, scanning for rootkits will show clean. Thats how they work.
  A rootkit modifies the kernel so that it intercepts all API calls, including the read() functions your scanner is using, and the rootkit feeds back false info such as directory listings omitting the rootkits files, and if one tries to open one of its files by name, the open() call now controlled by the rootkit returns a no such file error.
  Rootkits can be scanned for. See Rootkit Revealer. If you don't trust the kernel to accurately report the contents of the HD, just don't use it.
40. Re:Idiots by inasity_rules · 2008-12-01 23:27 · Score: 1
  
  Try Jettico personal firewall - it has caught all of viruses trying to get on my laptop. After a year using jettico under Win2000(with no virus scanner or updates), I pulled the hard disk out and did a virus check on another machine using an up to date copy of AVG. No viruses. That laptop had been in so many public infested networks and on the net for ages.
  The downside is it is extremely anoying - it asks you about everything at least once, and you have to make intelligent decisions.
  
  --
  I have determined that my sig is indeterminate.
41. Re:Idiots by Surreal+Puppet · 2008-12-02 00:03 · Score: 1
  
  Note however that it's possible to detect contemporary rootkits in situ on a live system, even if any process that runs in ring0 obviously has the upper hand in a pure theoretical sense. One technique for this is to compare data returned from API calls with raw reads of the data (this is the technique used by "RootkitRevealer".)
42. Re:Idiots by aliquis · 2008-12-02 00:04 · Score: 1
  
  If I used Windows I would never have it turned on due to those retarded nag windows showing up and stealing focus the whole fucking time in XP until you accidently happen to be pressing enter since you was writing when one pops up.
  I hate them, how the fuck can they used such a retarded system? Why nag at all? Just tell me that the updates has been downloaded and eventually have a small reboot-button show up in the same ballon tip in the systray in case I really want to reboot now but in all other occasions do the updates when I turn the machine off the next time.
43. Re:Idiots by aliquis · 2008-12-02 00:06 · Score: 2, Funny
  
  Find out if your credit card number has been stolen on the Internet!
  CC # __________________ Expiration date __/__
44. Re:Idiots by aliquis · 2008-12-02 00:12 · Score: 2, Insightful
  
  I see that you have already been (correctly) moderated as troll.
  But anyway, for your information those systems isn't without exploitable bugs either. I would assume that OS X is especially risky since it might have a more standard collection of software and Apple bundles a bunch of security upgrades at the same time instead of sending them out as soon as there is an issue.
  I won't say that I'd rather trust Microsoft getting updates out in time than Apple because then I to will be moderated troll but well, let's just say neither of them are perfect.
  Regarding BSD and Linux it will to a big extent depend on what software you have installed.
45. Re:Idiots by aliquis · 2008-12-02 00:14 · Score: 1
  
  So, what are the rootkit scanners for? Or are there only rootkit guards?
  And I'm serious with this question, I'm not stating anything.
46. Re:Idiots by aliquis · 2008-12-02 00:20 · Score: 1
  
  How do you manage to find an image without SP2?!! :D
  http://thepiratebay.org/search/xp%20sp2%20integrated/0/99/300
  Anyway, I guess there are both good and bad things with XP including a firewall now. It's good that it protects somewhat after installation, it's bad because many people probably keep that inferior firewall instead of replacing it with something decent.
  For instance:
  http://www.personalfirewall.comodo.com/download_firewall.html (Bundled with antivirus, bad choice imho, for the user that is, nothing say that you want all of their products. Stupid apple technique (Oh, I see you want iTunes, here you get Quicktime and Safari to!)
47. Re:Idiots by macshome · 2008-12-02 00:41 · Score: 1
  
  Hmmmm... I can't get that form to work.
  
  Should I just e-mail you my info so you can check it for me?
48. Re:Idiots by aliquis · 2008-12-02 00:44 · Score: 3, Interesting
  
  Except in OS X it downloads the updates and tell you that they are updated, inform you if any of them will require a reboot and let you check the ones not requiring it, all of them and reboot, or not care at all and it won't bother you until next week or something such. (Of if you decide to do it manually)
  In XP however it will tell you that they are downloaded and ask you if you want to reboot to install them EVERY FIFTH MINUTE. Even if you tell the OS you don't give a shit and don't want to reboot.
  I don't like that OS X installers requiring a reboot remains running until you press reboot in them however. I'd rather just choose "I don't want to reboot now" and have them do their thing the next time I choose to reboot.
49. Re:Idiots by INT_QRK · 2008-12-02 00:51 · Score: 2, Funny
  
  One of the things that drove our household completely away from Windows is that as three of my daughters one-by-one traipsed through their college years, every few months (sometimes weeks or days) I'd have to fix their oft' gunked, crippled, or pwnd computers. The first and most common problem I'd have to confront would be the tons of adware slowing their system to a crawl, which at some point killed or subverted the antivirus software (evidently the preferred collegiate attack vector). Then, about the second really bad incident, one usually involving the appearance of a mysterious new admin account with theirs eerily downgraded. My epiphany at some point was that the registry is actually a giant Petri dish for malware spores. Anyway, once so totally pwnd, the only sure-fire cure would be to reload Windows from their OEM disks. About the second or third time this occurred, MS would reject the **always legal** reinstall as not "genuine." As my last raw nerve snapped at the insanity of it all, my solution would ultimately be to slick their drives and install Linux. This would carry them safely through their Junior and Senior years. However, when it came time to for them replace their computers following graduation, they all ended up buying Macs. Problem solved either way.
50. Re:Idiots by aliquis · 2008-12-02 00:56 · Score: 1
  
  Nah just write it here.
  Please fill in your last three numbers on the backside of the card to in case you mess some of the other numbers up.
51. Re:Idiots by wisty · 2008-12-02 01:07 · Score: 1
  
  Was this the same XP that would brick laptops by downing a firmware update while the mains was unplugged, forcing a reboot when the power was about to fail, which tried to update the firmware with 0.5% battery? Or was that Vista? I don't remember - I have a Mac. Not that I'm smug about it.
52. Re:Idiots by Bigbutt · 2008-12-02 02:37 · Score: 1
  
  Actually I have auto-update running on my XP Home and XP Pro systems at home.
  When SP3 installed on my wife's XP Home system, wireless failed and she couldn't connect to the internet. I had to back it out and turn off auto-updates.
  When SP3 installed on my desktop's XP Home system, wireless failed and I couldn't connect to the internet. I left it installed and just plugged a network cable into the box.
  When XP Pro is updated on my new system (I bought XP Pro SP3 with my new home built gaming rig), it occasionally loses the primary monitor. Originally I'd have to blindly change the primary to either the left or right monitor but I discovered that if I leave the monitor off during boot, Windows doesn't see it at all and changes the primary to the left monitor.
  But last night I updated the firmware on a Sun T2000 server and it marked 8 gigs of the 16 gigs of RAM as bad and now it won't boot to DVD.
  My wife's Toshiba bit the dust so she bought a Dell with Vista and is doing ok with it.
  I rebuilt my old XP Home box as a media server. I have to unplug and plug in the USB mouse as it doesn't recognize it on boot and I have to Repair the wireless connectivity (Netgear USB) every time but it is using SP3 and wireless works now.
  So it all sucks. Sometimes it sucks badly but it all sucks.
  [John]
  
  --
  Shit better not happen!
53. Re:Idiots by socsoc · 2008-12-02 03:26 · Score: 1
  
  You can turn off the reboot nag... http://4sysops.com/archives/disable-restart-after-windows-automatic-updates/
54. Re:Idiots by The+MAZZTer · 2008-12-02 03:45 · Score: 2, Informative
  
  Rootkits are not undetectable. Though in theory they can be, in practice fully scrubbing the files from all file request APIs can be difficult. Most scanners will use the high-level APIs (which are most likely to be manipulated by rootkits) as well as a low-level API (such as undocumented kernel functions or even direct hard drive access) which is far more difficult for the rootkit to manipulate... then they compare the results of the two scans. Any discrepancies are reported to the user as possible rootkits. MS hides some system-critical files from normal viewing, even if you choose to show system and hidden files, such as the master file table:
  C:\>dir $* Volume in drive C is Windows XP Volume Serial Number is DEAD-BEEF Directory of C:\ File Not Found C:\>type nonexistantfile The system cannot find the file specified. C:\>type $MFT Access is denied.
  (Yes that is my real volume serial number. No it wasn't like that when I got it, I changed it.)
  These files are small in number and so hard-coded into most rootkit scanners to ignore. Other legit reasons for discrepancies can be attributed to files being created or deleted between the two scans. Anything that's left can be Googled or otherwise analyzed to determine if it is a rootkit.
  Of course an even easier way to find rootkits is to boot from a known rootkit-free environment (BartPE, Linux LiveCD) and run a scan on the suspected rootkit-infected volume.
55. Re:Idiots by Xabraxas · 2008-12-02 03:54 · Score: 1
  
  I think i'm just not as paranoid about security as some. This is not what my day revolves around, because it simply has not affected me, and I doubt it will any time soon.
  
  It's attitudes like that that make the botnet world go 'round.
  
  --
  Time makes more converts than reason
56. Re:Idiots by Foolomon · 2008-12-02 04:17 · Score: 1
  
  Rootkit scanners typically do comparisons between what Windows says is in the file scanners and the physical contents of the MFT. Similar comparisons are done with the registry and some other components.
  So to say that scanning for rootkits is pointless is simply ignorance of the current technologies available. And here I was thinking that SysInternals was known by everyone...
57. Re:Idiots by mpeskett · 2008-12-02 05:02 · Score: 1
  
  So the question is, what would the minimum be for a person with some sense?
  To be specific, if my router has a built in NAT firewall and I have the brains to not open dodgy email attachments et al, will it matter if I let the updates sit for a while without rebooting or don't have an AV running?
58. Re:Idiots by mpeskett · 2008-12-02 05:09 · Score: 1
  
  Step 1: Download a decent firewall/antivirus/any other security software you like from another PC.
  Step 2: Install XP without the network connected, install previously mentioned software from a USB key
  Step 3: Plug in the cable.
  (Step 4: ???, Step 5: Profit)
  Then your risk should be fairly minimal while you download and install all the updates. If you felt like being even cleverer then Step 1 would be to copy the updates from another XP PC to a USB key, but it's somewhat easier to let the update website handle that.
59. Re:Idiots by aliquis · 2008-12-02 05:33 · Score: 1
  
  Stupid question eventually but will it also remove them if you choose to manually download them thru automatic update? =P
  Seems kind of obvious that it will but who knows with Microsoft.
  I think I tried following some guides for registry fixes for it but it never worked afair, and in any case you couldn't set it to infinite, and that tips above isn't something average joe will find in the settings of windows update anyway.
60. Re:Idiots by HTH+NE1 · 2008-12-02 06:00 · Score: 1
  
  Don't people use auto-update?
  Auto-update doesn't work so well when months to years pass without the machine being turned on.
  I don't even know if SP3 is installed on my gaming XP PC. I do know it wasn't on my Mac Pro under Boot Camp.
  I just want to burn the updates I need to a DVD-R and update it off-line. All their security in Windows Update and Genuine Advantage verifications suggests they don't want that to be possible.
  
  --
  Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
61. Re:Idiots by Erikderzweite · 2008-12-02 06:11 · Score: 1
  
  How intuitive...
  Clearly WinXP is the newbie-friendliest of all OSes. Thanks for reminding us all 'bout it. *ducks*
62. Re:Idiots by default+luser · 2008-12-02 06:16 · Score: 1
  
  XP didn't come with a firewall. You had to upgrade to SP2 (IIRC) to get the Windows firewall. Granted, if you bought XP after SP2 was released you'd have the firewall, otherwise you can potentially get infected very quickly... way before you get the chance to download SP2 and enable the firewall.
  Not quite true. Windows XP came with a firewall. It was not enabled by default until Service Pack 2, and the settings were buried. Service Pack 2 changed the firewall configuration system, and had the system bug you about various security settings, including antivirus and firewall.
  Yeah, the firewall that came with XP sucked, but it was there.
  
  --
  Man is the animal that laughs.
  And occasionally whores for Karma.
63. Re:Idiots by hvm2hvm · 2008-12-02 06:40 · Score: 1
  
  No, I don't have an Antivirus, firewall or any updates done and I don't have any problems, my current install is still OK (I had a virus or two but those were my fault :D).
  
  --
  ics
64. Re:Idiots by bob.appleyard · 2008-12-02 06:53 · Score: 1
  
  And how do you know that it isn't part of a botnet?
  
  --
  How dare you be so modest!! You conceited bastard!!
65. Re:Idiots by Endo13 · 2008-12-02 07:02 · Score: 1
  
  I've been running windows 2000 or windows XP for about 7 years now, without an antivirus and without auto-updates turned on.. and I have never had any of my computers infected in any way, shape or form. Well, that is with the exception of the test system I had sandboxed and intentionally infected. In those 7 years, my computers have been connected to a high-speed internet connection at least 30% of the time.
  All it really takes is 2 key components:
  1. Always be behind a NAT.
  2. Be smart about your internet usage.
  One of the more sobering things I've seen recently though shed some light on why so many people are getting infected with Antivirus 2009, XP Antivirus 2009, etc. I found a list of "really good black friday deals" on Yahoo, and one of them happened to be an HP laptop. Well, the list was very sparse on details about said laptop, and the page for it on the actual reseller (Office Depot) was broken. So I did what any modern internet user would do: I googled the model number of the laptop. Problem was, the first search result on google led to an Antivirus 2009 page, and gave me one of those lovely false panic popups telling me I was infected, and gave me the option to "scan" or "cancel". I did neither, opting instead to create my own third option and killing the popup entirely.
  
  --
  There is no -1 Disagree mod. Slashdot.org/faq defines mod options. USE IT.
66. Re:Idiots by hesaigo999ca · 2008-12-02 07:24 · Score: 1
  
  Unless its pirated, then you get what you pay for....hence all those who DON'T want to update ...hell even my web machine I dont bother with any AV or slow apps on it, as I ghost it
  and reinstall it every 10 days or so (in under 15 minutes) garanteeing me that I have a good computer most of the time,and when I dont , i will again very soon. (That one is not for banking!only torrent + etc.)
67. Re:Idiots by Stewie241 · 2008-12-02 08:12 · Score: 1
  
  Ooooh... and you didn't select to install Quicktime and iTunes before installing the updates... let me ask after the updates: Do you want to install the new software? Of course you do, right?
68. Re:Idiots by Arterion · 2008-12-02 08:54 · Score: 1
  
  Or they could just run Windows 2003 as their desktop OS, bypassing the problem entirely.
  
  --
  "That which does not kill us makes us stranger." -Trevor Goodchild
69. Re:Idiots by nabsltd · 2008-12-02 09:33 · Score: 1
  
  Without WSUS, Windows Update will install WGA on Windows 2003 machines as well.
70. Re:Idiots by aliquis · 2008-12-02 10:00 · Score: 1
  
  Maybe time for a new advertisement slogan:
  Apple Software - Free of nag screens*
  * On macs**
  ** Nag screens only included to make the software more familiar on Windows systems.
  Back in the days Quicktime made sense, pre flash videos and such, but today? VLC/mplayer or k-lite codec pack or similar with Opera makes much more sense =P
71. Re:Idiots by Bynds · 2008-12-02 10:38 · Score: 1
  
  Auto-update is really annoying, especially if you don't have a very good connection. Its one of the first things I disable when I do a fresh install of XP.
  Well thanks for the spam. I really needed another shop to buy my cheap Mexican pharmaceuticals...
72. Re:Idiots by svank · 2008-12-02 10:46 · Score: 1
  
  Without any actual knowledge in the area, I would think they try various clever tactics in an attempt to find something revealing that the rootkit writer overlooked.
73. Re:Idiots by Xabraxas · 2008-12-02 13:41 · Score: 1
  
  Unless its pirated, then you get what you pay for....hence all those who DON'T want to update ...hell even my web machine I dont bother with any AV or slow apps on it, as I ghost it and reinstall it every 10 days or so (in under 15 minutes) garanteeing me that I have a good computer most of the time,and when I dont , i will again very soon. (That one is not for banking!only torrent + etc.)
  I know someone who has a similar routine, rebuilding their box every 30 days. Just the fact that anyone even considers that an option means that something is seriously broken with Windows. The last computer I had only ever ran Linux and I never rebuilt it in the three years that I owned it. My current machine is almost two years old now and has never been rebuilt.
  
  --
  Time makes more converts than reason
74. Re:Idiots by Z34107 · 2008-12-02 16:00 · Score: 1
  
  A rootkit modifies the kernel so that it intercepts all API calls, including the read() functions your scanner is using
  Very true. SysInternals' "Rootkit Revealer" can defeat these to a certain extent. It installs itself as an interactive service (meaning kernel mode, like most rootkits, drivers, etc.). It then compares the results of API calls - like read() - with raw data on the disk, or the contents of the active processes list with the actual data structures maintained by the kernel.
  It can generally see what's actually "there" because it's running at the same privileges as the rootkit - barring some kind of hypervisor trick. If regular API calls don't match with what's actually there, you have a rootkit.
  
  --
  DATABASE WOW WOW
75. Re:Idiots by mpeskett · 2008-12-05 07:39 · Score: 1
  
  Never said it was newbie friendly... newbies will find almost anything hard on almost any system, especially around the area of installation.
  Hell, I'd give my dad (not a total luddite, but behind the times) better odds at managing to install a recent linux release than XP.
Re:How is first ppost formed? by Anonymous Coward · 2008-12-01 15:37 · Score: 1, Funny

Weak. In the good ol' days, a first post troll would have picked up on the words massive and hole and made a Goatse joke. You are a disgrace to the once proud troll race.
Go vigilante by Anonymous Coward · 2008-12-01 15:38 · Score: 2, Insightful

It's time MS write botnets to exploit their own holes as means for patching said hole. Who gives a shit about the ethics of it, we are losing.
ISPs need to be more vigilant as well. Cut off subscribers ASAP when they're machine begins sending botnet traffic.
1. Re:Go vigilante by alohatiger · 2008-12-01 16:13 · Score: 5, Insightful
  
  ISP action is definitely appropriate. If they can tell who is using torrent software, they should be able to tell who is sending spam and which machines are part of a botnet.
  Filtering/quarantine at this level is like shooting down a scud missile on the way up instead of on the way down.
  
  --
  Bigtime Consulting - "We're the best because we cost the most"
2. Re:Go vigilante by Surreal+Puppet · 2008-12-01 16:14 · Score: 2, Informative
  
  Take a look at Schneier's arguments against this: http://www.schneier.com/blog/archives/2008/02/benevolent_worm_1.html. One additional point is that stack/heap overflows and other memory-corrupting vulnerabilities often can't be made to be 100% reliable, and can be difficult to code for different service packs and such. This can be, and is, coded around as a matter of course, but a bug in the exploitation process can have disastrous and unpredictable results (in this case, interruption of a large swath of critical internal office file sharing networks.) This doesn't matter to the criminals, but it presumably matters to any prospective "grey hat" worm authors.
3. Re:Go vigilante by techno-vampire · 2008-12-01 16:50 · Score: 1, Informative
  
  Personally, I'd rather see Microsoft put the effort into writing a version of Windows that doesn't have all those vulnerabilities in the first place. Of course, that would mean throwing out an awful lot of old code and that goes against their corporate culture, so I'm not holding my breath.
  
  --
  Good, inexpensive web hosting
4. Re:Go vigilante by nametaken · 2008-12-02 05:22 · Score: 1
  
  The biggest ISP at the college I used to go to (not the univeristy itself) used to do this. They'd profile traffic and shut down machines that were spamming or otherwise behaving badly.
  The way I see it, it's good for everyone, including the ISP. The only downside was when your roommate had something and your internet got shut off before a paper was due. :)
Re:Going around my work already by Anonymous Coward · 2008-12-01 15:44 · Score: 3, Insightful

Three words:
Incompetent IT Department.
It would be so easy. by Surreal+Puppet · 2008-12-01 15:48 · Score: 5, Interesting

Every time i see one of these high-yield Windows remote execution holes, I'm tempted to couple a timed network-stack-erasing payload to it (24 hours should be enough for it to be able to infect through vpn-connected laptops and such) and send it cracking. Then i always begin to wonder why this hasn't been done already; is the combination of narcissistic recklessness and technical competence really that rare? It could be argued that it's more fun to play pranks and infiltrate corporate and government networks, but we don't even see things like that (I know it was more common up to the early 90s, when the "criminal prankster hacker scene" still existed outside of small tight groups...)? Or do people just cover it up? You sysadmins out there, have you ever had anything like that happen to you, or anyone you know?
1. Re:It would be so easy. by Anonymous Coward · 2008-12-01 16:15 · Score: 5, Interesting
  
  Welcome to the 21st century.
  Unlike the 90's, viruses aren't typically coded for the purpose of doing as much damage as possible. Between eBay, Paypal, Amazon, and the other major e-commerce sites, the internet is now worth hundreds of billions - even trillions - of dollars every year. Dollars that would be lost if it went down or that can be stolen by the boatload. By and large, the motive for hacking - including the use of botnets - is all money driven these days. The two most common attack vectors are to either hold a site for ransom, threatening to take it offline via a Denial of Service attack if a certain mount is not paid or to simply use the masses of drones to slow down anti-phishing efforts by distributing the fake page across hundreds of bots (after all, you can run a web server using 500k of RAM and 200k of disk space, plus space for the pages, i.e. a Paypal clone takes up about 5MB on a drone.)
  Judging by the size of this one, I'm going to guess its use will be the former rather than the later. 500,000 bots, all launched, say, the week of Christmas, would do a LOT of damage. Many of those systems will be corporate boxes and nobody will be sitting at them to monitor or notice anything, meanwhile a site that offers "last minute" shipping could be taken offline at the...well...last minute, costing them billions in lost sales. $10 mil would be a small price to pay to avoid that.
  So yeah, it was more common in the 90's, but hacking solely to cause damage isn't something done any more. At all. The only people doing that would be, for example, if the Chinese were trying to crack a US State Department or Pentagon system (using the drones for brute force remote login attacks). That happens, but even there, the intent isn't to harm the systems, but merely to gain a valid login so you can steal information. This goes on in the corporate world too. After all, don't you think Ford would be willing to cough up $2 mil if someone could hand them a copy of Toyota's future business plan right now?
  It's not so much that there aren't people who want to "just cause damage" but rather that those people grew up and realized they could make a lot of money by NOT damaging the systems. They needed jobs and there aren't a lot of positions available for someone with a skill set that includes brute forcing SSH logins. The generation that has come since them, mine (I'm 21, but I have friends who are 18 and 19, and we see each other as about the same) doesn't generally posses the level of skill of those who came before us. Sure, I can crack SSH and brute force NT Hashes with the best of them, but if you sit me and my 60 year old uncle both in front of a binary disassembler only he will know what he's doing, and finding the kind of flaw needed to make this massive botnet will require a very intimate knowledge of one.
  Sorry, the script kiddies that bring the world to its knees have grown up and they refuse to work without pay.
2. Re:It would be so easy. by netcrusher88 · 2008-12-01 16:30 · Score: 1
  
  There was a fork of Blaster that installed the patch for the hole it used to spread, then deleted itself. Unfortunately, like Blaster, it had a tendency to crash the Messenger service, which causes Windows to reboot without letting the user interrupt the reboot. The anti-Blaster didn't get very far.
  
  --
  There's an old saying that says pretty much whatever you want it to.
3. Re:It would be so easy. by baomike · 2008-12-01 16:55 · Score: 1
  
  I have wondered also when someone is going to get pissed off enough to write some little bugger
  that cleans a hard drive. Makeing it worth while for people to protect their machines.
  No , I am not going to do it, but how long before somebody does?
4. Re:It would be so easy. by pjbgravely · 2008-12-01 17:27 · Score: 1
  
  Did you forget about Witty Worm ? I know it didn't attack the Microsoft windows operating system but it did randomly erase parts of the hard drive until the systm crashed.
  
  --
  Star Trek, there maybe hope.
5. Re:It would be so easy. by ockegheim · 2008-12-01 18:01 · Score: 1
  
  ...or to simply use the masses of drones to slow down anti-phishing efforts by distributing the fake page across hundreds of bots (after all, you can run a web server using 500k of RAM and 200k of disk space, plus space for the pages, i.e. a Paypal clone takes up about 5MB on a drone.)
  Interesting... if I wanted to host a web page on my computer, I'd have to log into my ISP to unblock port 80, direct port 80 on my router to my computer, and turn on web sharing on my computer. But I guess a lot of people still connect directly to the internet and the worm wouldn't have much trouble activating services.
  
  --
  I’m old enough to remember 16K of memory being described as “whopping”
6. Re:It would be so easy. by trawg · 2008-12-01 18:21 · Score: 2, Interesting
  
  Many of those systems will be corporate boxes and nobody will be sitting at them to monitor or notice anything, meanwhile a site that offers "last minute" shipping could be taken offline at the...well...last minute, costing them billions in lost sales. $10 mil would be a small price to pay to avoid that.
  Question: I'm not too savvy with the intricacies of DNS, but - could an organisation that was threatened with such a blackmail attempt do something like this:
  1) duplicate your web infrastructure on a number of different networks
  2) lower the TTL on your DNS records to something more responsive
  3) /if/ you are attacked, update DNS records to point to your alternate hosting (..repeat as necessary until you run out of sites or they give up)
  This is under the assumption that such an attack once launched would be hard to stop and/or redirect, which is quite probably not the case, I guess.
7. Re:It would be so easy. by Surreal+Puppet · 2008-12-01 18:22 · Score: 1
  
  Many (most) bot servers include standalone mail/web server code, usually ripped from sendmail and the like.
8. Re:It would be so easy. by Graymalkin · 2008-12-01 20:04 · Score: 2, Insightful
  
  For starters it is trivial to embed an HTTP or mail server in a worm and is done all the time. They don't need to be full featured, simply functional enough to get their intended job done. As for the NAT issues the default usernames and passwords for popular routers is common knowledge. Given the number of LINKSYS and 2WIRE WiFi networks I can see from my apartment it's safe to say at least some of those people are still using those defaults. From there it's simply building the appropriate POST or GET request to modify the port forwarding settings. Besides opening connections for remote hosts a worm can simply listen for local connections and modify the hosts file to point paypal.com to localhost and then collect information that way.
  Information harvesting worms do not need to be 100% effective to make their handlers money. If they get a few thousand PayPal accounts for every million machines they infect they can make a lot of money. Even if they don't get PayPal accounts or other information they can still be used for DDoS attacks and sending spam.
  
  --
  I'm a loner Dottie, a Rebel.
9. Re:It would be so easy. by Surreal+Puppet · 2008-12-01 23:43 · Score: 1
  
  Yeah, that's all true, but the point is you'd think *someone* should have done it by now. It only takes one person and one worm.
10. Re:It would be so easy. by Surreal+Puppet · 2008-12-02 00:15 · Score: 1
  
  Well, it won't change much will it? The DDOS will just follow the DNS update? You probably should invest in load-balancing across multiple connections instead. Or Akamai.
11. Re:It would be so easy. by socsoc · 2008-12-02 03:40 · Score: 1
  
  I hate 2Wire equipment, but they did something right. There is not a common username and pass installed. The default pass is (mostly) unique to that piece of equipment and printed on a sticker on the bottom of the unit.
12. Re:It would be so easy. by steelfood · 2008-12-02 05:05 · Score: 1
  
  People worried all the time about viruses back in the 90's, because they wiped away important data and because it affected the end user. These days, the virus writers are so clever you can't tell there's a bot running on the computer at all, and so end users don't care anymore.
  It may not be a bad idea to start spreading time bombs via these security holes, to bring back user awareness of viruses and the damage they can cause. And, it would probably reduce the ability for such massive botnets to be created, thus render ineffective such blackmail tactics.
  
  --
  "If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
13. Re:It would be so easy. by [ByteMe] · 2008-12-02 07:28 · Score: 1
  
  could an organisation that was threatened with such a blackmail attempt do something like this:
  1) duplicate your web infrastructure on a number of different networks
  2) lower the TTL on your DNS records to something more responsive
  3) /if/ you are attacked, update DNS records to point to your alternate hosting (..repeat as necessary until you run out of sites or they give up)
  This is under the assumption that such an attack once launched would be hard to stop and/or redirect, which is quite probably not the case, I guess.
  Pretty much exactly as you said. The "momentum" of such an attack once launched is very low; a botnet-generated DDoS can be retargeted fairly quickly (in general). Worse yet, the cost to the bad guy is near-zero to add more bots or to retarget, while the cost for a threatened organization is definitely *not* zero.
14. Re:It would be so easy. by zix619 · 2008-12-16 02:48 · Score: 1
  
  Motivation is the key: who would write those anti-malware viruses? The security business makes millions out of selling anti-malware software. Good sysadmins? Writing viruses, bad or good intentioned is still illegal, why should you risk your neck for some jerk who clicks on any s... he sees!
There's no profit it in. by khasim · 2008-12-01 15:54 · Score: 5, Interesting

Then i always begin to wonder why this hasn't been done already; is the combination of narcissistic recklessness and technical competence really that rare?
Pretty much. The closest was the "I Luv U" email which overwrote media files.
Since then, it's all about profit. Why destroy a computer when you can use it to send spam?
If you want to be really cruel, your "virus" would randomly alter a few numbers on any Excel spreadsheet it could access.
1. Re:There's no profit it in. by Kijori · 2008-12-02 00:22 · Score: 1
  
  If you want to be really cruel, your "virus" would randomly alter a few numbers on any Excel spreadsheet it could access.
  Fortunately Microsoft cleverly protect their users against this by using closed file formats. Thank God for Microsoft!
2. Re:There's no profit it in. by maxume · 2008-12-02 03:13 · Score: 1
  
  Just use COM.
  Of course, with Excel running in the background, the user would definitely notice that something was wrong.
  
  --
  Nerd rage is the funniest rage.
3. Re:There's no profit it in. by Johnny+Mnemonic · 2008-12-02 05:32 · Score: 1
  
  It seems to me that if you had a 100K CPUs at your control, you could find something to do with those compute cycles that would be more profitable than SPAM, especially if you weren't restrained by what was legal. Like breaking encryption keys.
  Isn't there a more imaginative/profitable use of a botnet than to send spam?
  
  --
  
  --
  $tar -xvf .sig.tar
ancient joke by FunkyRider · 2008-12-01 16:03 · Score: 5, Funny

Reminds me an ancient joke:
Windows is same as whores: They both have massive hole and full of viruses.

--
just wonder why there are so many anonymous cowards in this world....
1. Re:ancient joke by dzelenka · 2008-12-01 17:15 · Score: 1
  
  I have another mental picture for you. I read the heading " New Massive Botnet Building On Windows Hole" and thought hemorrhoids. Painful, painful hemorrhoids!
  
  --
  Bah!
2. Re:ancient joke by ahow628 · 2008-12-02 15:36 · Score: 1
  
  You've gotta pay the troll toll if you wanna get in this boy's hole...
Botnet, starting to grow by PPH · 2008-12-01 16:03 · Score: 4, Funny

Do you want a larger, firmer botnet? One that all the ladies will love and other guys will envy? Here's how to enlarge your botnet quickly and easily.
If your botnet stays up for 6 hours or longer, please seek the help of a physician.

--
Have gnu, will travel.
1. Re:Botnet, starting to grow by melikamp · 2008-12-01 16:19 · Score: 1
  
  How does one get other guys to envy the size of his botnet? Bust it out during parties and on dance floors? Join a botnet ring? Or just hope that girls will tell other guys about your size? I mean, of your botnet?
2. Re:Botnet, starting to grow by corsec67 · 2008-12-01 16:22 · Score: 1
  
  Easy: DDOS competition.
  If you can slashdot /., you obviously have a large botnet.
  
  --
  If I have nothing to hide, don't search me
3. Re:Botnet, starting to grow by ockegheim · 2008-12-01 18:04 · Score: 4, Funny
  
  Denial of Service to one's botnet can be disheartening.
  
  --
  I’m old enough to remember 16K of memory being described as “whopping”
Re:Going around my work already by Anonymous Coward · 2008-12-01 16:07 · Score: 1, Informative

Yeah, speaking of idiots...

his has been going around our work computers for about a week.
Dial up users. by aywwts4 · 2008-12-01 16:11 · Score: 5, Interesting

Indeed, my father in law is stuck on dialup, and wondered why his computer was so slow. (I hadn't been supporting him previously so I didn't look at his patch status) A quick speedtest (20 minutes later) showed he was downloading at less than a kilobyte per second.
Thats when I noticed it was downloading SP2 every single time he connected to check his mail. It has probably been downloading SP2 since it came out, years prior.
I think he was almost 70% complete with sp2 it probably would have been done in another year of intermittent use, but not before sp3 came out ;)
I now give him service packs on CDs

--
Web Developers: Celebrate to our roots! Animated Gifs and Tiled Backgrounds, dont let our history die!
1. Re:Dial up users. by Ragzouken · 2008-12-01 21:38 · Score: 4, Insightful
  
  Did you read the bit where he said what you said?
6astards by Tablizer · 2008-12-01 16:26 · Score: 1

Hit at our company today. Pain in the butt. PC's that had lagging or broken anti-virus updates got hit the most.

--
Table-ized A.I.
Analogy by jaavaaguru · 2008-12-01 17:01 · Score: 3, Insightful

If you buy a gun, and leave it sitting in your front garden, then some criminals come along, take control of it, and kill everyone in your street, you're kind of responsible for that.
Apart from the obvious killing != spam and/or fraud, how is leaving an unprotected OS with known problems available to be hijacked by anyone who wants to do damage with it any different? You should still be responsible (although the punishment might be different). Suppliers should be forced to make this obvious to people buying this stuff.

--
Follow me
1. Re:Analogy by NicknamesAreStupid · 2008-12-01 17:42 · Score: 5, Insightful
  
  What if I buy a rosebush and plant it in my garden, then somebody uses it to deface little kids and old ladies with its thorns? Am I kinda liable for that?
  
  Is a computer more like a gun or a rosebush? I guess that depends on whether it is running Windows or Linux.
2. Re:Analogy by AmberBlackCat · 2008-12-01 17:57 · Score: 1
  
  What if the choices are (Leave a gun in your yard) or (smash your television, audio system, and car). Because I just upgraded to Fedora 10 and lost all support for the Integrated sound, Nvidia, and my DVD burner. It's a choice between a security vulnerability and having half your hardware not working.
3. Re:Analogy by jaavaaguru · 2008-12-01 18:03 · Score: 1
  
  I'll go with the third option, thank you. The last computer I bought works fine with the Ubuntu it came with. Even then, I'll keep a NAT router between me and the Internet because I know I don't always install the security updates as soon as they're available.
  
  --
  Follow me
4. Re:Analogy by Whiney+Mac+Fanboy · 2008-12-01 18:06 · Score: 1
  
  If you buy a gun, and leave it sitting in your front garden, then some criminals come along, take control of it, and kill everyone in your street, you're kind of responsible for that.
  Gun? Are you mad? Slashdot is about car analogies only.
  how is leaving an unprotected OS with known problems available to be hijacked by anyone who wants to do damage with it any different?
  One buys a car, forgets to lock it at night & it's used for a ram raid. Is the car owner responsible for the ram raid or a victim?
  
  --
  There are shills on slashdot. Apparently, I'm one of them.
5. Re:Analogy by Anonymous Coward · 2008-12-01 19:23 · Score: 2, Funny
  
  Is a computer more like a gun or a rosebush? I guess that depends on whether it is running Windows or Linux.
  
  Wait... which is which?
6. Re:Analogy by wmbetts · 2008-12-01 19:35 · Score: 1
  
  Oh course. Why wouldn't you be? After all you didn't take responsible precautions to prevent such atrocities from happening.
  
  --
  "Ubuntu" -- an African word, meaning "Slackware is too hard for me". - stolen from Dan C alt.os.linux.slackware
7. Re:Analogy by AmberBlackCat · 2008-12-01 20:01 · Score: 1
  
  Did you know Windows has Wi-Fi?
8. Re:Analogy by RazzleDazzle · 2008-12-01 20:30 · Score: 1
  
  Your analogy is more apt than the OP's. A loaded gun's uses are more singularly designed compared to that of say a crow bar, baseball bat, chainsaw, rosebush, unkempt PC, or unconscious syph infected hooker. All of the latter have designed uses other than causing harm whereas the gun is more or less useless other than as a weapon.
  You cannot blindly blame the owners of certain tools if the tools are covertly used by another party. If someone sneaks into my house, steals my carving knife, stabs someone with it, cleans the knife, and returns it back all without my knowledge, should I be punished?
  
  --
  ZERO ZERO ONE ZERO ONE ZERO ONE ONE! Just brushing up for my next big invention: Ethernet over Voice (EoV)
9. Re:Analogy by Bane1998 · 2008-12-01 21:17 · Score: 5, Insightful
  
  Computer to 'Some simple concept' analogies are stupid as hell. Get over your elitism. Most people don't understand the first thing about computers, and they don't have to. Just like most people use a TV, VCR, whatever, without any clue how it works, they just use it to play movies. Blinking 12:00.
  Your analogy fails because leaving a gun out is gross negligence. It's a dangerous thing, and that's fairly obvious. A computer isn't. I suppose an argument could be made that computers are dangerous. It would be quite a stretch though. In that case there should be mandatory licensing to operate one, you know... like a car. But there isn't. So, either make the argument that computers are dangerous and should be controlled (and make sure you understand the actual ramifications of that argument), or stfu and realize that no, most people don't understand Computer Security or why it's important, and they never will.
  And then, as an expert in the field, learn that you aren't smarter than mom and dad using their computer, you just have a specialized skill set. Most nerd kids like prolly half the slashdot crowd are or were.. started out with computers coming naturally to them. It's easy to assume then that it shoudl come naturally to everyone. And when you see it doesn't, your first reaction is that something is broken in them. After that nerd grows up a bit in the world, that person learns that no... they aren't idiots. We just have an aptitude for something that others don't. And that doesn't make them dumb. They probably have skills we don't. Say... socializing for example. So my guess is your (and all those who always come to slashdot posting the same song and dance) maturity level hasn't quite evolved yet.
  And to not be elitist myself... I can admit I was once the same way. I grew out of it, as will you. :)
10. Re:Analogy by Tatsh · 2008-12-01 23:03 · Score: 1
  
  Did you know in Windows Vista it takes 5+ clicks just to connect to a network? XP takes about 3, Linux takes one right-click on the NetworkManager icon (which shows found networks), Mac OS X takes one click on the wifi icon (which also shows found networks). Windows always lags.
11. Re:Analogy by kv9 · 2008-12-02 00:14 · Score: 1
  
  It's a dangerous thing, and that's fairly obvious. A computer isn't. I suppose an argument could be made that computers are dangerous.
  are you mad? look at HAL, Colossus or Skynet. pretty dangerous computers there.
  
  --
  Stop Computers/Cars Analogies on S
12. Re:Analogy by NatasRevol · 2008-12-02 01:51 · Score: 1
  
  And, at least in XP, you need admin privs to change network settings, and make those 3 clicks.
  That's nice, eh?
  
  --
  There are two types of people in the world: Those who crave closure
13. Re:Analogy by D+Ninja · 2008-12-02 02:44 · Score: 1
  
  In that case there should be mandatory licensing to operate one, you know... like a car.
  Given that pretty much anybody can get a license (including some idiots that should never be a passenger in a car, much less the driver), I'm not entirely certain that this is the best analogy.
  The rest of your post is excellent, though.
14. Re:Analogy by socsoc · 2008-12-02 04:12 · Score: 1
  
  no, but you should get rid of that knife.
15. Re:Analogy by shentino · 2008-12-02 07:05 · Score: 1
  
  Except in this case the gun is in a case with a defective lock.
  It isn't the customer's fault if their OS is full of holes.
16. Re:Analogy by Bane1998 · 2008-12-02 07:07 · Score: 1
  
  Given that pretty much anybody can get a license (including some idiots that should never be a passenger in a car, much less the driver), I'm not entirely certain that this is the best analogy.
  Licensing isn't about stopping someone before they do something bad. It would be nice if it did, but there's no test that will reliably predict future behavior in every situation. It's about being able to control an activity. Licenses can be revoked when you screw up, thus hopefully creating a sense of responsibility because you don't want to have your license taken away. The very act of licensing something makes it something that can be monitored and taken away. That was the point I was trying to make. Well, I mean... that was my Devil's Advocate point, that if we licenses computer that would be a bad thing.
17. Re:Analogy by lennier · 2008-12-02 09:52 · Score: 1
  
  "Your analogy fails because leaving a gun out is gross negligence. It's a dangerous thing, and that's fairly obvious. A computer isn't."
  But a computer *is* dangerous. No, the danger is not obvious, but that awareness is starting to change. This isn't about elitism - not even all the computer scientists picked up on the danger at first.
  An internet-connected computer that can host worms is dangerous in the same way an unmaintained car is, or a stagnant pond in which mosquitos can breed. We accept car licencing and vehicle checks. We accept health restrictions on what we can put in our garbage and what food we can sell. Why don't we accept mandatory computer licensing, or a category of 'infohazard' like 'biohazard'?
  Well, because we're also afraid of censorship, and that's also a valid fear. One person's freedom of speech could be another person's infohazard. Even 'anti-phishing' browser plugins are blurring the line - who gets to maintain those site blacklists, and how much would it take to bribe them?
  
  --
  You are not a brain: http://books.google.com/books?id=2oV61CeDx-YC
use norton by delvsional · 2008-12-01 17:18 · Score: 2, Funny

I use Norton, Mccaffee and AVG Grisoft all at once, oh wait nevermind. I don't use windows anymore.

--
Oh Crap, I'm an optimist.....
Uh oh by Stereoface · 2008-12-01 17:24 · Score: 1, Troll

Does that mean Macs have 10% of the market share of annoying ass spam networks? Cause they've already got 100% of the annoying and misleading commercials...
Re:at least he's not a house negro by Anonymous Coward · 2008-12-01 17:49 · Score: 1, Funny

Wow.
Simply wow.
I mean, I haven't seen a collection of stupidity like this in years, and I read Stallman's articles from time to time.
Please, get yourself spayed before you breed.
Wouldn't it be nice by Smuttley · 2008-12-01 18:15 · Score: 2, Interesting

if the people writing exploits for these security holes wrote a worm that once it had got onto a computer patched the exploit and then detached?
You could call it Good Samaritan Computing or something ;)
1. Re:Wouldn't it be nice by mach1980 · 2008-12-01 21:22 · Score: 1
  
  if the people writing exploits for these security holes wrote a worm that once it had got onto a computer patched the exploit and then detached? You could call it Good Samaritan Computing or something ;)
  
  It is still an intrusion in legal sense. Whoever wrote such a worm would face charges if caught.
  
  --
  Break the sound barrier - bring the noise.
2. Re:Wouldn't it be nice by Smuttley · 2008-12-01 21:27 · Score: 1
  
  It is still an intrusion in legal sense. Whoever wrote such a worm would face charges if caught.
  this much is true, but at least all the DIY lawyers on slashdot will be there to represent them ;)
3. Re:Wouldn't it be nice by vwjeff · 2008-12-02 01:48 · Score: 1
  
  It is not uncommon for some of these malware programs to install, remove existing malware, and then patch the system. In this case the application writer is removing competition and preventing other malware programs from using the exploit.
Everybody, SING ALONG! by Chris+Tucker · 2008-12-01 18:17 · Score: 4, Funny

"Botnets, spammer's botnets!
What kind of boxes are on botnets?
Compaq, HP, Dell and Sony, true!
Gateway, Packard Bell, maybe even Asus, too!
Are boxes, found on botnets.
All running Windows, FOO!"
I'm running Mac OS X 10.5.5, here.
Why, yes. I AM a smug bastard!
Thanks for asking.

--
Guaranteed! This comment 100% Anthrax free!
How Do They Survive? by Bob9113 · 2008-12-01 18:45 · Score: 3, Interesting

I'm curious - how do infected computers survive on the Internet?
We have legions of honeypots for the detection of infected hosts (not to mention the likes of GMail). ISPs have been qqing about bandwidth - surely bandwidth consumed by infection is the most loathsome waste.
Why don't ISPs have a takedown system? They could restrict who they trust - perhaps only Symantec and McAffee, maybe hotmail, yahoo, and GMail as well. The could do a limited takedown of outbound email only, adding a message to the customer's email account. Perhaps have an HTTP interceptor display a page with links to tools for system cleaning, maybe commercial products if they feel the defense of their corner of the net is not sufficient recompense.
OK, I can dig the risk of inappropriate takedowns - but we run that risk non-stop with the DMCA for a heckuva lot less tangible benefit.
Expense? I'm sure we could get a few dozen folks together to write the software.
Customer experience? Really now - if my Mom's computer was infected and her ISP told her, and gave her links to fix it, she'd love it.
Inability to trust the router droppings? Half the Internet connections in the world are probably covered by a couple dozen ISPs - start with trusting only those router entries.
So - what am I missing?

--
Stop-Prism.org: Opt Out of Surveillance
1. Re:How Do They Survive? by slydder · 2008-12-01 22:21 · Score: 2, Funny
  
  Bob,
  I agree 100% and that is exactly why I started WIPOC (World Internet Providers Organization Counsel) back in the early 90's. had a few ISP's/Hosting Companies interested.
  However, a majority of them were like "why? this will all be gone by the beginning of 2000 anyway. They will get it all under control".
  Well, hate to say it but "I F*CKIN TOLD YA!"
  You CANNOT always push responsibility for your problems onto others. and believe me. it's your networks so it IS your problem.
  rant done. nothing left to see here. enjoy. ;)
  
  --
  IT Admins Group: Where you decide the content
2. Re:How Do They Survive? by Bob9113 · 2008-12-02 03:16 · Score: 1
  
  hehe - damn - you were way ahead of me. :)
  However, a majority of them were like "why? this will all be gone by the beginning of 2000 anyway. They will get it all under control".
  So sad. How could they not understand? Ummm, "they"?!? Who is "they"? Hey, ISP - you are "they". Now let's get to work.
  Alas. Thanks for trying!
  
  --
  Stop-Prism.org: Opt Out of Surveillance
3. Re:How Do They Survive? by ko10ha · 2008-12-02 04:00 · Score: 2, Interesting
  
  > Why don't ISPs have a takedown system?
  My ISP does. It took me down within hours when I let a friend connect his laptop to my network. He had a problem with his computer he told me. That proved correct - it was spamming like mad. But his own - cheapish - ISP did not take him down. So perhaps only solid and more expensive ISP have a take down system.
4. Re:How Do They Survive? by steelfood · 2008-12-02 05:11 · Score: 1
  
  It's not always easy to clean up an infection. You can clean it up once, and then get infected again the next day because the cleanup didn't catch something. And having to clean up the same infection every day will hurt customer experience.
  And Microsoft's need to validate Windows before allowing access to patches doesn't help anything all. People who run illegal copies of Windows just won't update. It's not like being a part of a botnet has any effect on them.
  
  --
  "If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
Re:at least he's not a house negro by Chris+Tucker · 2008-12-01 21:28 · Score: 1

"I haven't seen a collection of stupidity like this in years"
Never read the comments at the John McCain YouTube site, have you.
Pure, refined and concentrated crazystupid, all in 500 characters or less.

--
Guaranteed! This comment 100% Anthrax free!
The ISPs could solve this quickly by xenobyte · 2008-12-01 22:57 · Score: 1

Just block excessive web-requests or mails coming from a regular home connection and you have defanged whatever bot or zombie that might be lurking there. Without the ability to send spam or to participate in DDoS blackmail attacks, the machine is essentially worthless to the cyber-criminals. Sure, it might provide a password to some online backing and maybe a credit card number, but that's about it.

--
"For every complex problem, there is a solution that is simple, neat, and wrong." -- H.L. Mencken (1880-1956) --
Windows antivirus process illustrated by David+Gerard · 2008-12-01 23:35 · Score: 1

I think of Windows antivirus and I think of this picture. "Ur doin it rong."

--
http://rocknerd.co.uk
STOP Using Microsoft Windows by Anonymous Coward · 2008-12-02 00:22 · Score: 1, Funny

Isn't it about time DHS declare Microsoft Windows a Weapon of Mass Destruction (WMD)? "Stop palling around with terrorists," says Governor Sarah Palin.
when most of your business by nimbius · 2008-12-02 00:44 · Score: 1, Troll

revolves around unscrupulous business tactics and emergency fixes to a dated and uncompetitive product turned fixture by lock-in, an enormous spinning vortex of shit known as a botnet is only natural.

Windows vista and its DRM in and of themselves are a botnet that offer you plugins and upgrades at the expense of your CPU time and sanity much the same way a botnet effectively doles out dickpill adds.

you can hurl your best in-house antivirus at it, but since that was composed by coders flogged to the finish line by marketing, i dont see how thats destined to placate the issue.

--
Good people go to bed earlier.
Wow. Good troll by Toreo+asesino · 2008-12-02 01:50 · Score: 1

Flaming sentiment: check.
Questionable grammar: check.
DRM + Vista mention: check.
Zero citations: check.
Please feel free to comment similar sentiment when non-Microsoft OS's get patched up quickly.
In other news, Apple is now recommending Anti-Virus for Mac OSX. Now that is a curious turn of events, don't you think?

--
throw new NoSignatureException();
Re: no legitimate copy of Window no update by ko10ha · 2008-12-02 03:23 · Score: 1

As someone who occasionally boots an illegitimate copy of Windows to play his legitimate copy of Half-Life (tried it in Wine but it blew up the entire system somehow) I can state that such a person would perhaps not be inclined to update, out of uncertainty about what installing the WGA program might entail (now or in the future). Certainly WGA identifies one as a vile and wicked person, and most likely (now or in the future) it might somehow cripple the system. Therefore, no updates. Yes, I do feel the pangs of guilt with regard to the pirated copy, but if somebody where to give me 200 bucks and told me to choose between a new cpu+mobo or a donation to an organization which imho does more damage than good ... tough choice.
Re:Idiots : more with less by zijus · 2008-12-02 04:48 · Score: 1

I concure: I believe I get some security with less - no, lesser than that - instead of more protections.
I run a win XP SP1 at home. Behind a NAT rejecting non solicited traffic.
Apart of that :
- no soft firewall
- no real time virus scanner
- no OS updates ever
but even less than that:
- disabled about 90% of startup process
- disabled about 70% of all startup services
- disabled all automatic updates
- uninstall un-needed stuff
- no toolbar-crapware-[younameit]ware
- aggressively remove crap ( CrapCleaner helps ) The one time I was too aggressive : I broke a soft. Guess what: I downgraded the soft. Worked fine since.
- Being somehow prudent internet surfer: etc/hots + addblock + rip + a few other things giving me a browser doing lesser than usual but well.
I obtain a seemingly clean radar when I scrutinize my box from time to time.
Sometime less is more.
I remember once at a work place : the automatic update on win boxes got the source code repository access screwed. Halted the nigtlies for the company. Since that, I consider automatic updates as viruses: you don't know when and what comes in. Yet it is often allowed and recommended. Mad.
Bye.
Z.
Apple Quietly Recommends Antivirus Software ... by InvisiBill · 2008-12-02 04:59 · Score: 1

Apple Quietly Recommends Antivirus Software For Macs http://it.slashdot.org/article.pl?sid=08/12/02/1314208
Re: no legitimate copy of Window no update by HTH+NE1 · 2008-12-02 06:07 · Score: 1

As someone who occasionally boots an illegitimate copy of Windows to play his legitimate copy of Half-Life.... if somebody were to give me 200 bucks and told me to choose between a new CPU+mobo or a donation to an organization which IMHO does more damage than good ... tough choice.
Which organization do you mean: Microsoft or Black Mesa?

--
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
Why not by hesaigo999ca · 2008-12-02 07:26 · Score: 1

If its as bad ad they say, offer a freedownload WITHOUT the checkers to those with valid or invalid windows xp ...and let them update THAT hole....problem solved....oh yeah M$ != profit....sorry my mistake.
Re:YABON - Yet Another BOt Net (or YABber On) by neomunk · 2008-12-02 11:39 · Score: 1

Go back and check those 31 pages again... Go ahead, click on the links to the issues themselves... Now click solution... Good. Now, as a homework assignment, count how many of those 31 pages are actually "outstanding". For extra credit, apologize to the slashdot community for talking shit without having a clue.
BTW, the closest I found to an "outstanding" issue were 2 bugs (I only checked the first page). One had a PROPOSED patch (I'd count that as outstanding) and the other recommended uninstalling the Microsoft provided patch. Hrm. Maybe those 31 pages don't seem so daunting after all.