CastleCops Anti-Malware Site Closes Down

Fortran IV writes "Volunteer-powered anti-malware site CastleCops appears to have closed shop. As of Tuesday, December 23, the CastleCops home page notes: 'You have arrived at the CastleCops website, which is currently offline. . . . Unfortunately, all things come to an end.' It was reported back in June that Paul Laudanski, founder of CastleCops and its parent Computer Cops LLC, was taking a full-time job with Microsoft and was 'looking for new management' for CastleCops. The site has also long had problems with funding and with hostile action from spammers. The actual shutdown seems to have taken the security community by surprise; as late as Tuesday evening Brian Krebs was still recommending CastleCops on his Security Fix blog."

Hostile Action from Spammers

[nurb432]

So in other words: they won that battle.

Re:Hostile Action from Spammers

[M1rth]

Basic problem:

Castlecops were volunteers. Spammers do what they do for a living. Eventually, the volunteers have to get back to the real world, while the spammers keep going and going because you're hitting them in the pocketbook.

Either we need a lot more volunteers, or we need to start imposing the the death sentence on convicted spammers and get the root problem solved.

Re:Hostile Action from Spammers

[houstonbofh]

Or, one guy eventually gets tired of fighting the tide. You need a group, and you need money. That way it becomes more than a side hobby. After all, abuse as a hobby has limited appeal.

Re:Hostile Action from Spammers

[causality]

Either we need a lot more volunteers, or we need to start imposing the the death sentence on convicted spammers and get the root problem solved.

That'll stop spam about as well as prison terms and (sometimes) death sentences have stopped drug traffickers. What you are dealing with is not a technological problem, which is why spam filters and anti-malware efforts have not ended spam. You're not dealing with a legal problem either because even if new laws to punish spammers somehow worked perfectly, and they won't, that could only change the jurisdiction from which the spam is being sent. Not to mention that if spamming becomes riskier because more spammers are caught and punished, you will actually make it more profitable for the ones that don't get caught (possibly those from other jurisdictions) because you will have removed their competitors.

This is an economic problem. The interesting thing about economic problems is that so long as there is sufficient demand for something, the suppliers will amaze you with both their ingenuity and their willingness to take risks to deliver it. We saw this with alcohol prohibition, we see this now with the War on (Some) Drugs, and we're also seeing it now with spam. The real problem with spam is that the spammers' costs are extremely low and there are enough idiots who buy from them to make it profitable. Punishing spammers amounts to a form of prohibition. Prohibition has never worked (they can't even keep illegal drugs out of prisons) and it's not going to start working now. It really amazes me that so many human beings can understand human nature so poorly that it was ever even tried, let alone that it continues today despite any social costs and that there are still people who would suggest applying this failed idea to more novel problems. When we, collectively, try something and find out that it has never worked and is never going to work, we think the solution to that is to try harder instead of trying something else. It's like a cross between that saying about having only a hammer and perceiving everything as a nail and that saying about the definition of insanity.

If the goal is to catch a tiny percentage of them and feel vindicated while your inbox continues to fill up with spam, the "crime and punishment" approach will do. If your goal is to end spam, then your only real option is to reduce the number of people willing to buy from spammers (the demand) until spamming is no longer profitable. Like many others, I have some ideas but I don't have the solution. At this stage though, I think that what's missing is a sound understanding of the problem.

Re:Hostile Action from Spammers

[j79zlr]

I am [was] a volunteer security expert on CastleCops. I helped hundreds of people, but the task was very daunting. Back in the hayday for malware, there were literally hundreds of new posts everyday with problems that would take more than a canned response and a hijackthis log. There was only a handful of us and to be honest, I am surprised that it lasted as long as it did. I know I would get burned out and disappear for a few months then pop back in and try to help a couple people.

Re:Hostile Action from Spammers

[fugue]

Excuse me, but what is the US Constitution's Second Amendment for, exactly?

Re:Hostile Action from Spammers

[writermike]

Either we need a lot more volunteers, or we need to start imposing the the death sentence on convicted spammers and get the root problem solved.

Right. Kudos to Microsoft for picking up a good member of the community. I sincerely hope he'll be able to help. Whatever platform you use, spam and trojans diminish everyone's experience.

Still, even if Paul Laudanski's expertise is top-notch, he was but one piece of the larger community. This isn't quite like a government where someone leaves to work elsewhere. In those cases, a system takes over, pushes a person into the vacated position, and business continues. In this case, the community is now closed, the members scattered.

I sincerely don't want to paint all this as MS business-as-usual. Heck, Paul wasn't forced to except the position. Still, the result is awfully close to embrace, extend, extinguish. No, MS doesn't want more trojans or spam, but by Paul leaving, an entire community is gone.

Obviously, the internal cynic has prevailed here. Perhaps Paul will be instrumental is helping to create a security structure that benefits all O/S for many years to come. I sure hope so.

Re:Hostile Action from Spammers

[Zonk+(troll)]

Excuse me, but what is the US Constitution's Second Amendment for, exactly?

"No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain their right to keep and bear arms is as a last resort to protect themselves against tyranny in government." --Thomas Jefferson

"That the people have a right to keep and bear arms; that a well regulated militia composed of the body of the people trained to arms, is the proper. natural and safe defense of a free State. That standing armies in time of peace are dangerous to liberty, and therefore ought to be avoided, as far as the circumstances and protection of the community will admit; and that. in all cases, the military should be under strict subordination to and governed by the civil power." --George Mason

"The said constitution shall never be construed to authorize Congress to prevent the people of the United States who are peaceable citizens from keeping their own arms." --Samuel Adams

"Americans have the right and advantage of being armed -- unlike the citizens of other countries, whose governments are afraid to trust the people with arms." --James Madison

"Are we at last brought to such a humiliating and debasing degradation that we cannot be trusted with arms for our own defense? Where is the difference between having our arms under our own possession and under our own direction, and having them under the management of Congress? If our defense be the real object of having those arms, in whose hands can they be trusted with more propriety, or equal safety to us, as in our own hands?" --Patrick Henry

"[A]rms like laws discourage and keep the invader and the plunderer in awe, and preserve order in the world as well as property. The balance of power is the scale of peace. The same balance would be preserved were all the world destitute of arms, for all would be alike; but, since some will not, others dare not lay them aside. And while a single nation refuses to lay them down, it is proper that all should keep them up." --Thomas Paine

Re:Hostile Action from Spammers

[causality]

I am [was] a volunteer security expert on CastleCops. I helped hundreds of people, but the task was very daunting. Back in the hayday for malware, there were literally hundreds of new posts everyday with problems that would take more than a canned response and a hijackthis log. There was only a handful of us and to be honest, I am surprised that it lasted as long as it did. I know I would get burned out and disappear for a few months then pop back in and try to help a couple people.

I should preface this by saying that your efforts are noble and should be commended. I am encouraged any time I see people like you who are willing to selflessly try to do something about a problem especially against what must seem like impossible odds. What I would like to see this world become has a lot more of that spirit than the real world does.

I'll be honest with you and hope that how I genuinely feel about this doesn't appear to you to contradict what I just said. I don't really believe in this kind of solution, not because it's labor-intensive but because it addresses a symptom or a result instead of addressing the underlying problems that keep causing it. In other words, it is damage control and not real prevention.

If you study computer security, one (very sound) idea you will come across is the notion that once a machine has been compromised, the only way to ever trust that machine again is to reformat the hard drive and reinstall the operating system from known good media. To our detriment, the way security is generally handled flies in the face of this observation. There is a plethora of virus removal tools and spyware removal tools provided by what has become quite the cottage industry. These tools operate by detecting and attempting to remove known malware from a system that has been compromised. After the malware is removed, the system continues to be used even after it has been both compromised and proven to be configured/operated in an insecure fashion. This is perfect for the antivirus companies because the job can never be finally completed. Under this model, there will always be work in the form of finding, analyzing, and creating signatures and heuristics for new malware. Work that someone will have to be paid to do. What was a volunteer effort that caused burnout for you equates to $$$ dollar signs for them.

What is needed is a proper security system built into the OS that can prevent the compromise from happening in the first place. Windows can be found on the vast, vast majority of computers and Windows has no such security system (whether anyone else has or does not have such a system is not my point; this isn't intended to be a Unix vs. Windows debate). Further, no one in the security industry is really interested in providing one because by doing so they would kill their own market. If Microsoft tried to implement something like that, something far more effective and less of a "band-aid" than UAC, they would receive tremendous pressure to desist from an entire industry. What further complicates the problem is that there is a very large and very ignorant userbase which does not understand these issues and does not care to learn about them. Because of that, they have come to accept this as normal and "just the way things are done", as though entering into an malware vs. antimalware arms race that cannot possibly be won is an inherent feature of computing.

I hate to say it but I think this will have to get worse before anyone will be truly interested in making it get better. Call me cynical for saying so if you will, but as a culture we're not very big on dealing with foreseeable problems while they are still relatively small and managable and prefer to ignore them until they become a crisis first. I have said for some time that perhaps the best thing that could happen would be a wake-up call in the form of a virus/trojan/worm that infects a machine, spreads itself rapidly to other machines, and then destructively formats

Re:Hostile Action from Spammers

Basic problem:

Castlecops were volunteers. Spammers do what they do for a living. Eventually, the volunteers have to get back to the real world, while the spammers keep going and going because you're hitting them in the pocketbook.

Either we need a lot more volunteers, or we need to start imposing the the death sentence on convicted spammers and get the root problem solved.

I concur. The death sentence always deters the receiver of such sentence from repeating said offense.

Re:Hostile Action from Spammers

If you study computer security, one (very sound) idea you will come across is the notion that once a machine has been compromised, the only way to ever trust that machine again is to reformat the hard drive and reinstall the operating system from known good media.

perhaps a Windows port of Tripwire would be a useful tool to have so you know what the system looked like at any point in time (and perhaps have it produce a new signature snapshot after every windows update/program install)

Re:Hostile Action from Spammers

[bwcbwc]

You call the arms race a huge mistake, I think you'll find that it's an unavoidable natural law.

At the first layer, it appears that the reason we've fallen into this trap is that the whole electronics industry is build on an "arms race" model called Moore's Law. In computers, you have to buy new hardware to run the newest software, then developers come up with new software (Vista) that exceeds the current HW capabilities. You can find similar examples in media recording formats, TVs and so on. So perhaps the arms race is just the result of the Silicon Valley business model?

You brought up the biological analogy of the parasite, and that leads us to the 2nd and 3rd layers. Apart from being based on Moore's law in the electronics industry, the "arms race" mentality is based on the scientific method itself. As hypotheses are proven or disproven by experiment, the experimental results raise new questions that need to be answered by new hypotheses. Every answer spawns a new question, just as every countermeasure against malware spawns a new form of attack (or reversion to older forms such as MBR infection).

In the third layer, the arms race reflects simply the natural law roughly analogous to the theory of evolution. The internet and its connected computers are effectively a simulation of an ecosystem. The organisms (programs) in this ecosystem interact with each other, transmitting binary information the way organisms transmit DNA or consume food. The evolution of these programs is directed by the authors of the programs, either directly by new program releases or indirectly via AI technologies. The problem is that as long as you have programs interacting on the net, you create the possibility (or opportunity) for malicious programmers to attempt to tamper with programs used by innocents.

Solutions? 1) A tamper-proof defense is impossible, unless the "general purpose" computer is limited to run the programs that come with it, and nothing new can be installed at all. We've already decided that the benefits of networking and flexible software outweigh this approach. Otherwise, you've just got a 1G or 2G locked cellphone. 2) A tamper-proof, infallible trust network. In case you haven't noticed, the infallible part is the hard part. Especially since the trust networks for different people will be different. In fact, different people will use different criteria for establishing their trust networks. And sometimes the criteria are wrong: just when you think you've got it figured out, a former NASDAQ chairman turns out to have been running a Ponzi scheme.

So unless Moses (Linus?) comes down from the mountain with a divinely inspired security system (with no code defects in the reference implementation), we're stuck with a trial and error arms race that reflects the combat between the best technologies the white hats and black hats have to offer.

Re:Hostile Action from Spammers

[Atario]

How the hell did a thread about CastleCops going down devolve into Yet Another Gun Thread(tm)? No matter, I suppose...

"No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain their right to keep and bear arms is as a last resort to protect themselves against tyranny in government." --Thomas Jefferson

Things were as they were in Jefferson's time. Today, if your aim is to be able to fight the military of the US, your best bet, according the latest results in far-off lands we have invaded unbidden, is not in firearms at all, but in remote-controlled bombs. If you are advocating making remote-controlled bombs legal, I'm afraid I'm going to have to call you a loon.

"That the people have a right to keep and bear arms; that a well regulated militia composed of the body of the people trained to arms, is the proper. natural and safe defense of a free State. That standing armies in time of peace are dangerous to liberty, and therefore ought to be avoided, as far as the circumstances and protection of the community will admit; and that. in all cases, the military should be under strict subordination to and governed by the civil power." --George Mason

This point of this quote is that standing militaries (such as we have had here in the US ever since we decided wiping out the natives was more important) are to be avoided, and when needed they should be under civilian control. What this has to do with individual gun ownership, I'm not getting.

"The said constitution shall never be construed to authorize Congress to prevent the people of the United States who are peaceable citizens from keeping their own arms." --Samuel Adams

I'm wondering under what authority he made this proclamation.

"Americans have the right and advantage of being armed -- unlike the citizens of other countries, whose governments are afraid to trust the people with arms." --James Madison

Never mind that, I don't trust you with arms.

"Are we at last brought to such a humiliating and debasing degradation that we cannot be trusted with arms for our own defense? Where is the difference between having our arms under our own possession and under our own direction, and having them under the management of Congress? If our defense be the real object of having those arms, in whose hands can they be trusted with more propriety, or equal safety to us, as in our own hands?" --Patrick Henry

Ad hominem notwithstanding, Patrick Henry was a theocratic wingnut. That aside, his argument necessarily leads to the conclusion that you and I should be the ones controlling tanks and land mines and jet fighters and intercontinental ballistic missiles and nuclear explosives.

"[A]rms like laws discourage and keep the invader and the plunderer in awe, and preserve order in the world as well as property. The balance of power is the scale of peace. The same balance would be preserved were all the world destitute of arms, for all would be alike; but, since some will not, others dare not lay them aside. And while a single nation refuses to lay them down, it is proper that all should keep them up." --Thomas Paine

This sounds like an argument in favor of standing armies. Again, I don't see the connection.

Re:Hostile Action from Spammers

You're forgetting this is Slashdot. The general rule here is that if making something illegal doesn't work, the solution is to legalize it "so it can be controlled and there's no longer an incentive to do it illegally", to paraphrase the oh-so-often repeated argument.

Here's looking forward to a future of legal unsolicited emails from companies that no longer have to hide their faces.

Re:Hostile Action from Spammers

"Windows can be found on the vast, vast majority of computers and Windows has no such security system" - by causality (777677) on Saturday December 27, @05:09PM (#26244549)

That's NOT true: Using tools native to the OS & your other applications? It can be done for free (with 100% free tools ontop of Windows own native facilities for this):

I.E.-> Windows can be set up SECURELY, & with its own native toolset for security (alongside freebie tools) for those who are not security inclined with about 1-2 hours of work.

E.G.-> I used this guide in the URL below to set up and secure both my Mom & niece's PCs, THIS way:

-----

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, plus, make it "fun-to-do", via CIS Tool Guidance:

http://www.tcmagazine.com/forums/index.php?s=e421e4d42f9df180374ee6028cd8339c&showtopic=2662 [tcmagazine.com]

-----

(As well as 100's of paying clients the past 1-2 yrs. now also)

And it works (No viruses, trojans, spywares, rootkits, etc. for them (for more than a year now).

----

"Further, no one in the security industry is really interested in providing one because by doing so they would kill their own market. If Microsoft tried to implement something like that, something far more effective and less of a "band-aid" than UAC, they would receive tremendous pressure to desist from an entire industry" - by causality (777677) on Saturday December 27, @05:09PM (#26244549)

Here?

Here you DO have an excellent point: The industry being 'killed' would be that of those who remove malwares in general from client's systems, daily... in other words??

Support techs...

(They're the LAST ones who want to see Windows secured, due to their "raison d'etre" being largely cleaning out such malwares from said client's who call on them for help in these situations, daily...)

I.E.-> It's the exact same reason you don't see the drug trade being slowed down by taking down the drug producing nations like Columbia - it'd put 1,000's of law enforcement folks out of a job!

APK

Re:Hostile Action from Spammers

[causality]

This point of this quote is that standing militaries (such as we have had here in the US ever since we decided wiping out the natives was more important) are to be avoided, and when needed they should be under civilian control. What this has to do with individual gun ownership, I'm not getting.

What does it have to do with gun ownership? They are not proposing that (during peacetime) the standing army should be replaced with nothing. They are saying that the standing army should be replaced by everyday citizens who are armed, trained to use their weapons, and ready to assemble and fight if necessary (the Minutemen were an example of this). This is what is meant by the "well-regulated militia" that the Second Amendment refers to. For this to be possible, the citizens need to own their own weapons.

All things?

[Tubal-Cain]

Unfortunately, all things come to an end.

Even Microsoft?

Re:All things?

Microsoft isn't a thing, it's a force.

Re:All things?

There's no such thing as an instoppable force ;)
(go on about there being an unmovable object...)

Re:All things?

Unfortunately, all good things come to an end.

There, I fixed it for you!

Re:All things?

[Alex+Belits]

No Microsoft -> no massive malware problem!

(inb4 "but any popular system will be insecuuure!!!")

Who?

I'm sorry, who? I've never heard of these people.

What we need is some vigilante activism

We need superheroes. True superheroes who seek out spammers and spyware writers and deliver them to justice (ie death)

Re:What we need is some vigilante activism

[actionbastard]

"We need superheroes.

I've got your superhero -right here.

Buy out?

[fragMasterFlash]

Apple should buy them out to parody the insecure nature of the Windows "Every user is a privileged user" culture. A nice keystone cops chasing malware baddies parody would serve this purpose nicely.

Re:Buy out?

You forget, Microsoft bought a controlling share in Apple to save them from going out of business in the late 1990s.

Re:Buy out?

And cow farmers should buy Apple's Macbook division to parody the "moos" that they made.

Re:Buy out?

Apple should buy them out to parody the insecure nature of the Windows "Every user is a privileged user" culture.

How can they parody that when it is no different in OS X where you have to go out of your way to create an unprivileged user? Out of the box, root is just a couple of commands away, no password required.

Re:Buy out?

[Chapter80]

Microsoft bought a controlling share in Apple

I'd hardly call $150 Million a controlling share. Microsoft bought about 8 Million shares, and there are about 800 million shares currently outstanding. So approximately 1% of current - or 4% accounting for the 2000 and 2005 2:1 splits (each).

* figures based on cnet article linked above ($150M/$19) and current stock price and market cap. This doesn't take into account new issues or share buybacks, which likely do not materially affect my case.

Re:Buy out?

it is no different in OS X where you have to go out of your way to create an unprivileged user?

That's definitely true; it's pretty hard to afford an Apple if you're not privileged. (^_^)

the community

[gandhi_2]

When looking for information about this or that virus, I would sometimes come across CastleCops.

The website looked a lot like all the superwindowsvirussmasher scam websites....You may have trojan.dropper.w32, free scanner here! with all the ads, color, and layout.

It's possible that it just never presented a legit-looking or professional experience. I'm no the only one who thought this...the community let it die too.

Re:the community

[Kojiro+Ganryu+Sasaki]

Their service was certainly a professional experience. They managed to figure out what my problem was on extremely simple basis. Compare this with microsofts support forum, where i'm now on my third day waiting for a solution to a problem i'm experiencing when trying to install C# Express.

Re:the community

Posting this as AC because I'm the one who made up the design for that site... back when it was Computer Cops and not Castle Cops... and this was also about 7 years ago when that "look" was fresh for the internet.

Imagine my surprise when browsing around I stumbled there and saw the same design, just kind of more raped and pillaged for the CMS. Not saying it was great to begin with, but that's one of the few sites that was probably Web 0.5b, and decided to stick it out.

It's one of the sites I don't tell people I designed anymore, that's how I feel about it ;)

Too bad the site went under though, Paul is a good guy and I wish him all the best in his future endeavours. I'm sure someone will bring it back under a different name.

Re:the community

Compare this with microsofts support forum, where i'm now on my third day waiting for a solution to a problem i'm experiencing when trying to install C# Express.

3 days... sounds "express"

Re:the community

[coryking]

Well, it was still a useful site, so dont feel too bad :-)

Re:the community

[Suzuran]

Personally I would much rather have useful than pretty.

Re:the community

That's because the TCO of Windows is much lower than that of freeware, you get what you pay for.

Re:the community

[gparent]

The main deal about CastleCops is that it contained all the information necessary to get rid of some specific type of malware you'd find with HiJackThis, like CLSIDs and stuff like that.

It was a legit website, and a good one at that.

Re:the community

The look always made me nervous, so, I never used.

Ditto

[coryking]

The look of that site always made me nervous and I could never really tell if it was legit. Correct me if I'm wrong, but isn't CastleCops the ones who distribute HijackThis? I think so, because I'd always get nervous about downloading it from that website.

It must be hard to use AdSense on a security site like that because most of the ads would be "you may have blah blah blah". One of the flaws in AdSense, I suppose.

Re:Ditto

[TCiecka]

Trendmicro owns that app now. http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis I think it was started by the anti-malware community though. I think the forum name for the dev was Merijn. His website is no longer in service.

Re:Ditto

[DigiShaman]

Autoruns by sysinternals is a much better program. Microsoft keeps it updated here http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

Process Explorer is also another good program for killing running spyware and viruses prior to their removal (to unlock files for deletion). http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

Re:Ditto

[Master+of+Transhuman]

HijackThis was a critical tool for anti-spyware work. Every tech who knows anything has it in his anti-spyware toolbox. It was dangerous for end users to use it because it showed everything that was hooked into IE. The usual advice was run it and post the results on the site for others to analyze. Generally I found it not difficult to tell what was the crap to be removed.

The important thing about the site was the forums. If you ran across some spyware that was resistant to the usual utilities like Ad-Aware, you had to go there because somebody would have seen it already, would have investigated it, and probably would have produced customized instructions and scripts that would remove it.

That site was really important for techs doing home user computer support. Home users, unlike most business users, are known to run up to thousands of spyware on their machines. I've personally removed over 1200 spyware from one machine. Usually ninety percent of it is removed in the first couple passes of two of the usual anti-spyware tools. But the rest is usually a bear to remove unless you know exactly where the files and Registry keys are. That's where CastleCops and the other sites come in - they tell you exactly how to get rid of the worst stuff.

CastleCops will be missed. Hopefully someone else will restart it elsewhere.

Re:Ditto

Sure enough, www.merijn.org is currently showing a GoDaddy parking page--curious, since the site was still there just a few weeks ago. Even more curiously, a slightly outdated version of Merijn's site is still active at merijn.castlecops.com. Even the software downloads from CastleCops still work.

Free as in no money

taking a full-time job with Microsoft = my unemployment and savings ran out and then my ARM reset

'looking for new management' = did you just lose your job and have 6 or seven months of unemployment to tide you over (unadjusted ARM holders need not apply)

problems with funding = you can only bark up a tree so many times before even the most benevolent/stupid people stop handing you cash.

tag this neverheardofit

[an.echte.trilingue]

Twice in as many days that we get a post about a service nobody ever heard of ending its life.

Editors: how about posting news about cool services and sites before they die so that we can check them out, use them, and contribute (ie, keep them from dying)? I have seen things like this in the firehose, but they never make the front page.

Just a thought.

Re:tag this neverheardofit

[ushering05401]

If you never had a reason to run across CastleCops then you likely would not have been the sort to help out.

After all, CC has been high visibility on the web for years, you just haven't been searching for the types of information that they collected.

This was not exactly an obscure website. Those who are interested can check threads over at Wilders where some enterprising souls are collecting CC content out of the Google cache as quickly as they can.

Not really

[an.echte.trilingue]

Being volunteer has nothing to do with it. Lots of successful anti-spam/malware projects are or were run largely by volunteers. See ClamAV and SpamAssassin.

A big LOSS for no acceptable reason

This seems to have been such a badly handled shutdown. I've been tracking it since Dec 24th. and I was wondering if anyone at slash-dot would even comment. Now finally there is a thread.

By just shutting down CC, Paul Laudanski has destroyed the work of many many volunteers. All the reference pages on malware, illegitimate & legitimate dll's etc are just GONE. Additionally pages on specific projects like proximotrom (sp?), etc have just been vaporized. From what I have been able to find NO ONE was offered even the chance to archive any of these items.

It's a pretty BAD act by Paul. And while people have speculated on the reasons, Paul has not even had the decency to post any explanation. The reports of his being forced to close CC by MS, having pressures of a third child are all just speculations by others. And his defenders get very aggressive. BUT No response from Paul.

Additionally the choice of Dec 23rd to shut the site off, sure looks like it was planned for a time when fewer people might be watching.

So as to the once respected Paul Laudanski, it seems that he has displayed an arrogance adn a total disdain for DD'd supporters, volunteers and the work a lot of us contributed. Cc was a valuable resource and to have it sneakily destroyed with out any recourse is not acceptable. Paul might have had the right to do this but that does not make his actions the right thing to do.

This would definitely damage any credibility he might have had. Perhaps we should remember this ifs he ever puts his head up again. No credibility. But plenty of arrogance and disdain for others. Not very good additions to his resume.

But some will say that he may have had good reasons. OK. But that does not count unless he discloses what why. By saying nothing publicly, he has now negated the value of any good reason he might have had.

And on top of it all he managed to block any archiving. Even getting the site out of the "way back machine"

A very disgusting set of events. All done by the formerly respected Paul.

but this is just one "unbiased" opinion. :(

Re:A big LOSS for no acceptable reason

[kcbnac]

I've previously worked for one of the large tech support companies, fixing machines etc.

Castle Cops was one of the resources when you found a particularly nasty infection, that you'd know would be a good resource - so when it turned up in Google searches, you'd hit it. Mind you, we did our stuff remote - so we had to be extra careful about how we fixed things. (Pilot project and all that, panned out apparently, then outsourced - wheeee!) I'm not terribly surprised they didn't try to fund any of these, since they were very stingy despite us being a massive profit center. (Hence the outsourcing)

Anyway, back on topic.

Seems sorta like someone wanted him to do it as quietly, and quickly, as possible. With significant motive. What would Microsoft have to gain by this resource being shut down? I'm not sure. But I do know the spammers/malware writes would have something to gain...perhaps the economy tanking combined with the right offer, and he decided to switch allegiances for the payoff?

I don't know. But this sure seems fishy to me.

Your premise is wrong

[coryking]

Spamming V1aG4 isn't were the money is at. The big money is in identity theft, espionage and pump & dump schemes. These crimes are committed by using botnets that host phishing sites, send out phishing spam, and use scripts to log into bank accounts and broker accounts.

It is an economic problem, yes. It is *not* analogous to prohibition. This stuff *is* criminal and the crimes committed cost tens billions of dollars each year. The solution is *not* to just toss your hands up and say "we give up", the solution is to lock these fuckers up and toss the key. We, as a society, need to clamp down on these fuckers before they do something that really screws with us. And don't kid yourself either, these people are sitting on top of some of the most powerful distributed computers on the planet.

Chicken Bone Spammers, V1agr4 and R0l3x W4tches is old school 1998 thinking. That crap is the little leagues. The big money is in "professional," massive, highly organized, sometimes government funded crime. This is the big leagues and the assholes playing in it need to be stopped.

Re:Your premise is wrong

[causality]

Spamming V1aG4 isn't were the money is at. The big money is in identity theft, espionage and pump & dump schemes. These crimes are committed by using botnets that host phishing sites, send out phishing spam, and use scripts to log into bank accounts and broker accounts.

It is an economic problem, yes. It is *not* analogous to prohibition. This stuff *is* criminal and the crimes committed cost tens billions of dollars each year. The solution is *not* to just toss your hands up and say "we give up", the solution is to lock these fuckers up and toss the key. We, as a society, need to clamp down on these fuckers before they do something that really screws with us. And don't kid yourself either, these people are sitting on top of some of the most powerful distributed computers on the planet.

Chicken Bone Spammers, V1agr4 and R0l3x W4tches is old school 1998 thinking. That crap is the little leagues. The big money is in "professional," massive, highly organized, sometimes government funded crime. This is the big leagues and the assholes playing in it need to be stopped.

But that's exactly why new laws aren't going to work. What you're talking about there is fraud. Fraud is fraud; it's not something new just because the means of communication was a networked computer. Fraud is already universally illegal (everywhere or nearly everywhere) and this hasn't stopped the type of spam that you mention. Why? Because these criminals are finding it to be very profitable.

The laws that imprison or execute people for things like rape and murder have some deterrent effect on would-be criminals because there is generally no enormous economic incentive to rape and murder people and the desire to do those things is widely recognized as aberrant and pathological. Contrast that with spam (any kind) where there is a strong economic incentive (it's only getting worse so it's obviously profitable) and the desire to make money is generally valued and encouraged by our society -- the problem with spam is the destructive method by which that desire is satisfied, not the desire itself. In my mind, that's the difference between enforcable laws and unenforcable laws.

I believe that my previous point was sound and still applies here. The only thing your clarification changes is the application of the term "demand". Whereas before, demand constituted people who purchase items from spammers, now it also describes people who want to connect a computer to a network that is known to be hostile without learning how use it securely (botnets), people who want to make transactions without careful authentication (phishing), and people who want to get rich quick or who think that some random spammer with a stock tip really has their best interests at heart (scams). Whether such people are genuine victims or merely suffering the consequences of poor decision-making makes no difference to the spammer. A large (enough) number of people who keep doing these things despite all of the warnings against them and all of the information available is indistinguishable from the usual sense of the word "demand" as far as spammers are concerned.

What I am telling you is that so long as this is the case, you can make the penalty for this type of fraud as severe as you like and it will make no difference, for all of the reasons I have outlined in my previous post. It is prohibition because there is a large enough demand to make $ACTIVITY profitable and you are trying to eradicate $ACTIVITY by punishing $SUPPLIER in an effort to destroy $AVAILABILITY. It will fail for all of the reasons why more traditional forms of prohibition have failed.

Remember that you don't need perfectly knowledgable users running perfectly secure systems so that online fraud is completely impossible; you just need knowledgable enough users running secure enough systems to make fraud difficult enough that it's no longer profitable. Accomplishing this is merely very difficult; catching, prosecuting, and punishing enough spammers to achieve anything resembling "stopping spam" is utterly impossible.

Re:Your premise is wrong

[causality]

The solution is *not* to just toss your hands up and say "we give up", the solution is to lock these fuckers up and toss the key.

My real response to you is this post but I also wanted to ask you something.

What I am advocating is that we should attempt to understand the real nature of the problem before we even begin to think about implementing any solutions. This may include a willingness to question what we think we know about it since the "conventional wisdom" has thus far gotten us nowhere. It might also include an examination of history to see if people have faced problems that had similar underlying principles, even if those problems were radically different in outward appearance. If any such examples are found, we should consider the attempted solutions and whether they had any success. In short, we need to know as much as we can about what we're dealing with and we should learn from the mistakes of others as much as possible.

My question is, what part of this constitutes "tossing your hands up and saying 'we give up'"? In light of my question, do you still believe that this is what I am advocating? I understand your righteous anger and your desire to see spammers punished, but these things are in vain if they cause you to take hasty action that cannot bring about your goal.

Re:Your premise is wrong

[bwcbwc]

Not to mention the fact that there IS a legal problem here. OP mentions the fact that most pro spammers reside outside US jurisdiction. Jurisdiction is by definition a legal/diplomatic problem.

In some ways it's similar to the "War on Terror": you have a bunch of criminals preying on peaceful neighbors and ducking across the border when things get too hot for them. Unfortunately, we can't send a bunch of Predator drones to launch missile strikes against cyber-criminals in Russia and China with the same impunity we have in Pakistan.

But don't worry, if we wait long enough, the US will be completely bankrupt and the Chinese will be much richer targets for identity theft. Then the shoe will be on the other foot. Of course that assumes the Chinese are stupid enough to fall for that invention called the "credit card".

Re:Your premise is wrong

[drpt]

Why not use your extra bandwidth to fry the host phishing sites, it could be setup like seti at home, or maybe we could just drop an anchor on their undersea cable

Some of its resources still live on

The volunteer team behind the creation + maintenance of the widely-used CastleCops "malware databases" (CLSID list, startup list, etc.) moved them to SystemLookup.com a couple of months ago, after CastleCops suffered a considerable bout of downtime.

Looks like they were lucky. It seems the rest of the old CastleCops site isn't even available on the Internet Archive. :-/

Hitting Google Cache

I've been hitting the Google cache hard since I saw this story trying to collect all the information out of Castlecops wiki. It was an excellent resource on malware removal. If nothing else, i hope the site owners consider putting the wiki database dump online for us to use.

Re:blame nigger obama.

Where were people like you when it came to W?

I agree

[coryking]

And I suspect we are a bit on the same page. Personally, I think most computer crime is akin to real-world viruses. The stronger our anti-boitics, the stronger and more resistant the bugs get.

My only concern is, and I doubt you are part of this, sites like Slashdot seem to carry a strange attitude that because something takes place on a computer, it is immune from law. You sometimes see comments from people who whine about a spammer getting 10 years in jail--"they didn't hurt anybody". You'll get a story about some fuckhead getting 5 years for hacking a corporate network and some comments will bitch "they were just learning, and besides people should lock their doors better". All of it silly nonsense that has no place in our industry.

To answer your question directly:

My question is, what part of this constitutes "tossing your hands up and saying 'we give up'"?

Tossing your hands up and saying "we give up" means we just blame the user, blame the system admin, or blame anybody but the criminal. Often times they won't even be labeled as criminals, worse they'll manipulate language to make them sound like some kind of modern hero (Hacker vs Cracker is nothing more then straight Orwellian doublespeak). I think such talk is a form of denial and worse a form of insidious propaganda. It is also a byproduct of a more innocent time in our computing history.

Bottom line is, I'm sure we are on the same page.

It might also include an examination of history to see if people have faced problems that had similar underlying principles, even if those problems were radically different in outward appearance.

Look no further then how nature deals with nasty stuff. Study our own immune systems. Study the immune systems found in nature. The two are very similar. How we combat AID's or the common cold are good starting points for how we combat online criminals and their software.

But without somebody with authority talking about it, nobody will take computer crime as seriously as it needs to. Until somebody as high up as Obama starts preaching the gospel of security, we wont stand a chance.

Too bad "leaders" of certain open source movements dont start talking about security more. Maybe if somebody like RMS starts advocating for more law enforcement, these people would grow up and put more pressure on our leaders to take this seriously.

Re:I agree

[causality]

I always appreciate such a well-reasoned response.

My only concern is, and I doubt you are part of this, sites like Slashdot seem to carry a strange attitude that because something takes place on a computer, it is immune from law.

I think much of that comes from the "artificial scarcity" nature of copyright and the repeated extensions to both the duration and severity of copyright law. Our legislators are not carefully evaluating whether or not technology has made this model obsolete and using the results of that evaluation to make any necessary adjustments. Instead, they are applying more and more "brute force" to the law by turning formerly civil matters into criminal matters to appease various monied interests, as though such complex problems could be solved so easily. Not surprisingly, the reaction to this has not been a good one.

You sometimes see comments from people who whine about a spammer getting 10 years in jail--"they didn't hurt anybody". You'll get a story about some fuckhead getting 5 years for hacking a corporate network and some comments will bitch "they were just learning, and besides people should lock their doors better". All of it silly nonsense that has no place in our industry.

Part of it too is that the reason why you should have reasonable laws that are not weighted too heavily in favor of any particular group is because when people lose respect for the law, they tend to lose respect for the entire institution. It is trendy these days to "make an example of" people who commit certain crimes and sometimes the question of whether the punishment fits the crime is well-founded. There is also the possibility that a free-for-all network where all forms of computer intrusion are legal will result in more secure systems than would a regulated network where such people are prosecuted. This boils down to a form of Darwinian natural selection. I'm not saying it's a good or desirable possibility, only that it may be true regardless of anyone's personal feelings about it. A spammer getting 10 years doesn't bother me, so long as this is for actual fraud/ID theft and not merely because otherwise legitimate business offers were unsolicited, and so long as we aren't releasing violent offenders early to make room for them like we do in the War on (Some) Drugs. I am not agreeing with or defending the views you mention. I simply find it edifying to understand where viewpoints come from, especially those with which I disagree.

Tossing your hands up and saying "we give up" means we just blame the user, blame the system admin, or blame anybody but the criminal. Often times they won't even be labeled as criminals, worse they'll manipulate language to make them sound like some kind of modern hero (Hacker vs Cracker is nothing more then straight Orwellian doublespeak). I think such talk is a form of denial and worse a form of insidious propaganda. It is also a byproduct of a more innocent time in our computing history.

Let's just say for the sake of argument that an Ultimate Solution to the Spam Problem has been found and that this Solution can be absolutely rigorously proven with 100% confidence. If it turns out that the Solution is for the users to alter their computing habits, would you say someone was "blaming the user" if they advocated it? I believe that too much concern for who is at fault, for at whom we can point the finger, is counterproductive. There's a certain visceral satisfaction to it if you need that but it's not good problem-solving, especially if your goal is prevention. It can cause good ideas to be discarded for no reason except that they affect someone other than the perpetrator.

Look no further then how nature deals with nasty stuff. Study our own immune systems. Study the immune systems found in nature. The two are very similar. How we combat AID's or the common cold are good starting points for how we combat online crimi

Mod parent up

[milesw]

Not sure why this was modded down - very important point. Why was an entire site by volunteers simply shuttered with no time to move the donated content elsewhere? It was a goldmine of anti-malware tips and techniques generously given by hundreds, if not thousands, of users over the years. Geeks (even more than most people perhaps) generally abhor having to figure something out that has already been solved. It is simply a waste of brain power (which God knows is in rather short supply). Now with this repository of valuable information gone, much of it will have to be solved anew unless archives can be found.

Re:Mod parent up

That is a very valid point. The information on that site is wide ranging and in some cases irreplaceable. What happened to it?

Process Explorer

[Fencepost]

Just as a side note, while it's sometimes not possible to kill suspicious processes with Process Explorer (or they get automatically relaunched by another piece of software - especially if they were installed as a Windows service) you can also "Suspend" processes allowing you time to deal with other parts of the cleanup.

Switch-Hitter.....

[IHC+Navistar]

"It was reported back in June that Paul Laudanski, founder of CastleCops and its parent Computer Cops LLC, was taking a full-time job with Microsoft"

-And this turncoat joins *MICROSOFT"?!

I though he was *ANTI-* malware!

Remember the Registry

> a Windows port of Tripwire

This would either be useless (because the Windows registry changes in mysterious ways at the drop of a hat) or require hefty new Windows-only algorithms which would be able to filter out these innocuous changes.

Actually, I have AIDE (a similar tool to Tripwire) installed on my new laptop under Linux, and I do not find it to be an effective tool for my use case, which I suspect is not that atypical. Since the laptop is new, I am continually installing new software packages on it. This causes tons of change messages to be generated. I judged it to not be worth the effort for me to sift through all those log messages to verify that I haven't been infected from some other activity (e.g., browsing), at least not during this phase of the laptop's life cycle.

Hell, even without the software installations, AIDE's out-of-the-box Ubuntu config also generated tons of messages from the /dev pseudo-filesystem.

And if I were to be infected, and the malware is high-quality, later runs of integrity checking will not help (as userID causality points out above).

It seems to me that the integrity checkers are useful tools mainly for very stable production boxes, as opposed to your average consumer use case.