Slashdot Mirror
CastleCops Anti-Malware Site Closes Down
Fortran IV writes "Volunteer-powered anti-malware site CastleCops appears to have closed shop. As of Tuesday, December 23, the CastleCops home page notes: 'You have arrived at the CastleCops website, which is currently offline. . . . Unfortunately, all things come to an end.' It was reported back in June that Paul Laudanski, founder of CastleCops and its parent Computer Cops LLC, was taking a full-time job with Microsoft and was 'looking for new management' for CastleCops. The site has also long had problems with funding and with hostile action from spammers. The actual shutdown seems to have taken the security community by surprise; as late as Tuesday evening Brian Krebs was still recommending CastleCops on his Security Fix blog."
Basic problem:
Castlecops were volunteers. Spammers do what they do for a living. Eventually, the volunteers have to get back to the real world, while the spammers keep going and going because you're hitting them in the pocketbook.
Either we need a lot more volunteers, or we need to start imposing the the death sentence on convicted spammers and get the root problem solved.
If you can read this sig, congratulations, you have your glasses on!
The website looked a lot like all the superwindowsvirussmasher scam websites....You may have trojan.dropper.w32, free scanner here! with all the ads, color, and layout.
It's possible that it just never presented a legit-looking or professional experience. I'm no the only one who thought this...the community let it die too.
THL phish sticks
taking a full-time job with Microsoft = my unemployment and savings ran out and then my ARM reset
'looking for new management' = did you just lose your job and have 6 or seven months of unemployment to tide you over (unadjusted ARM holders need not apply)
problems with funding = you can only bark up a tree so many times before even the most benevolent/stupid people stop handing you cash.
That'll stop spam about as well as prison terms and (sometimes) death sentences have stopped drug traffickers. What you are dealing with is not a technological problem, which is why spam filters and anti-malware efforts have not ended spam. You're not dealing with a legal problem either because even if new laws to punish spammers somehow worked perfectly, and they won't, that could only change the jurisdiction from which the spam is being sent. Not to mention that if spamming becomes riskier because more spammers are caught and punished, you will actually make it more profitable for the ones that don't get caught (possibly those from other jurisdictions) because you will have removed their competitors.
This is an economic problem. The interesting thing about economic problems is that so long as there is sufficient demand for something, the suppliers will amaze you with both their ingenuity and their willingness to take risks to deliver it. We saw this with alcohol prohibition, we see this now with the War on (Some) Drugs, and we're also seeing it now with spam. The real problem with spam is that the spammers' costs are extremely low and there are enough idiots who buy from them to make it profitable. Punishing spammers amounts to a form of prohibition. Prohibition has never worked (they can't even keep illegal drugs out of prisons) and it's not going to start working now. It really amazes me that so many human beings can understand human nature so poorly that it was ever even tried, let alone that it continues today despite any social costs and that there are still people who would suggest applying this failed idea to more novel problems. When we, collectively, try something and find out that it has never worked and is never going to work, we think the solution to that is to try harder instead of trying something else. It's like a cross between that saying about having only a hammer and perceiving everything as a nail and that saying about the definition of insanity.
If the goal is to catch a tiny percentage of them and feel vindicated while your inbox continues to fill up with spam, the "crime and punishment" approach will do. If your goal is to end spam, then your only real option is to reduce the number of people willing to buy from spammers (the demand) until spamming is no longer profitable. Like many others, I have some ideas but I don't have the solution. At this stage though, I think that what's missing is a sound understanding of the problem.
It is a miracle that curiosity survives formal education. - Einstein
I am [was] a volunteer security expert on CastleCops. I helped hundreds of people, but the task was very daunting. Back in the hayday for malware, there were literally hundreds of new posts everyday with problems that would take more than a canned response and a hijackthis log. There was only a handful of us and to be honest, I am surprised that it lasted as long as it did. I know I would get burned out and disappear for a few months then pop back in and try to help a couple people.
I should preface this by saying that your efforts are noble and should be commended. I am encouraged any time I see people like you who are willing to selflessly try to do something about a problem especially against what must seem like impossible odds. What I would like to see this world become has a lot more of that spirit than the real world does.
I'll be honest with you and hope that how I genuinely feel about this doesn't appear to you to contradict what I just said. I don't really believe in this kind of solution, not because it's labor-intensive but because it addresses a symptom or a result instead of addressing the underlying problems that keep causing it. In other words, it is damage control and not real prevention.
If you study computer security, one (very sound) idea you will come across is the notion that once a machine has been compromised, the only way to ever trust that machine again is to reformat the hard drive and reinstall the operating system from known good media. To our detriment, the way security is generally handled flies in the face of this observation. There is a plethora of virus removal tools and spyware removal tools provided by what has become quite the cottage industry. These tools operate by detecting and attempting to remove known malware from a system that has been compromised. After the malware is removed, the system continues to be used even after it has been both compromised and proven to be configured/operated in an insecure fashion. This is perfect for the antivirus companies because the job can never be finally completed. Under this model, there will always be work in the form of finding, analyzing, and creating signatures and heuristics for new malware. Work that someone will have to be paid to do. What was a volunteer effort that caused burnout for you equates to $$$ dollar signs for them.
What is needed is a proper security system built into the OS that can prevent the compromise from happening in the first place. Windows can be found on the vast, vast majority of computers and Windows has no such security system (whether anyone else has or does not have such a system is not my point; this isn't intended to be a Unix vs. Windows debate). Further, no one in the security industry is really interested in providing one because by doing so they would kill their own market. If Microsoft tried to implement something like that, something far more effective and less of a "band-aid" than UAC, they would receive tremendous pressure to desist from an entire industry. What further complicates the problem is that there is a very large and very ignorant userbase which does not understand these issues and does not care to learn about them. Because of that, they have come to accept this as normal and "just the way things are done", as though entering into an malware vs. antimalware arms race that cannot possibly be won is an inherent feature of computing.
I hate to say it but I think this will have to get worse before anyone will be truly interested in making it get better. Call me cynical for saying so if you will, but as a culture we're not very big on dealing with foreseeable problems while they are still relatively small and managable and prefer to ignore them until they become a crisis first. I have said for some time that perhaps the best thing that could happen would be a wake-up call in the form of a virus/trojan/worm that infects a machine, spreads itself rapidly to other machines, and then destructively formats
It is a miracle that curiosity survives formal education. - Einstein