Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Slaps $250K Bounty On Conficker Worm

Posted by timothy on from the sic-the-french-air-force-on-'em dept.

alphadogg writes "The spreading Conficker/Downadup worm is now viewed as such a significant threat that it's inspired the formation of a posse to stop it, with Microsoft leading the charge by offering a $250,000 reward to bring the Conficker malware bad guys to justice. The money will be paid for 'information that results in the arrest and conviction of those responsible for illegally launching the Conficker malicious code on the Internet,' Microsoft said today in a statement, adding it is fostering a partnership with Internet registries and DNA providers such as ICANN, ORG, and NeuStar as well as security vendors Symantec and Arbor Networks, among others, to stop the Conficker worm once and for all. Conficker, also called Downadup, is estimated to have infected at least 10 million PCs. It has been slowly but surely spreading since November. Its main trick is to disable anti-malware protection and block access to anti-malware vendors' Web sites."

182 of 258 comments (clear)

  1. The new business plan by 140Mandak262Jamuna · · Score: 5, Funny
    1. Write malware for windows

    2. Give it to a bunch of script kiddies anonymously in bulletin boards.

    3. ...

    4. Turn them in to MSFT for the bounty.

    5. Profit

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
    1. Re:The new business plan by Fluffeh · · Score: 1, Funny

      ICanHaSSkript?

      No do homewerks?

      --
      Moved to http://soylentnews.org/. You are invited to join us too!
    2. Re:The new business plan by Locke2005 · · Score: 4, Interesting

      My thoughts exactly. If hackers can now make big bucks by writing worms then framing someone else for turning them loose on the world, doesn't that provide a powerful incentive to write more worms???

      --
      I've abandoned my search for truth; now I'm just looking for some useful delusions.
    3. Re:The new business plan by segedunum · · Score: 1, Funny

      Well, if it was good enough for Clint then it's good enough for the rest of us.

    4. Re:The new business plan by John+Hasler · · Score: 4, Insightful

      They also have to successfully pull off the "framing" part. The authorities are not unfamiliar with the idea that their informants may be lying for the reward.

      --
      Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
    5. Re:The new business plan by guyminuslife · · Score: 2, Informative

      Because no one will ever suspect that the guy with the advanced degree, antisocial personality disorder, questionable source of income, and miraculous discovery of "the real hackers," would have had anything to do with it.

      --
      I don't believe in time. It's a grand conspiracy designed to sell watches.
    6. Re:The new business plan by binarylarry · · Score: 4, Funny

      Yes, I highly doubt the Hans Reiser defense is going to work that well here either.

      --
      Mod me down, my New Earth Global Warmingist friends!
    7. Re:The new business plan by shanen · · Score: 1

      Naw, it's just Microsoft's business plan to buy a reputation, cheap.

      Actually, only based on the news reports I've already read, Microsoft's reward is already tiny compared to the initial reactive damages caused by Microsoft's sloppy programming and very unsloppy but aggressive marketing to make sure the danger is as widespread as possible. So far the damage (that I've heard about) has just been networks being shut down to try and clean the worm out--but if this thing actually has a hostile payload...

      Imagine a distributed supercomputer two orders of magnitude larger than Roadrunner. Whoops, no imagination required. We already have it--and no one knows how hostile it is.

      --
      Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
    8. Re:The new business plan by kpainter · · Score: 1

      That is why I favor the 'hitman" option rather than the 'bounty' option. That pretty much cancels out #5.

    9. Re:The new business plan by Anonymous Coward · · Score: 2, Funny

      Every day I feel the internet looks more and more like the wild wild west....

      A bunch of so called hackers doing whatever they want, with no law to control them.... and now, bounties....

      Now we just need a blondie to come up and collect fake bounties.

    10. Re:The new business plan by RINGSMUTH · · Score: 2, Informative

      Step 1: Russia hires you to program malware for $50K a year.

      Step 2: Russia lets malware loose.

      Step 3: ...

      Step 4: Russia turns you in for $250K.

      Step 5: Russia = Profit!!!

    11. Re:The new business plan by c6gunner · · Score: 2, Funny

      Imagine a distributed supercomputer two orders of magnitude larger than Roadrunner. Whoops, no imagination required. We already have it--and no one knows how hostile it is.

      OMFG, IS SKEYE NET!!!

    12. Re:The new business plan by Narpak · · Score: 2, Interesting

      I guess that is kinda the idea behind an Investigation and a trial. Do collect evidence, examine evidence, ensure that said evidence is correct, then present it in a court for consideration. Just putting out a bounty doesn't mean hackers can "just frame someone" and then collect the reward. In fact, under the current set of laws, framing someone would be a far more serious crime than the worm itself.

      --
      The Long Now Foundation
    13. Re:The new business plan by troll8901 · · Score: 1

      Every day I feel the internet looks more and more like the wild wild west.... A bunch of so called hackers doing whatever they want, with no law to control them.... and now, bounties....

      Dyin's too good for 'em!

      (Cue Wild West background music.)

    14. Re:The new business plan by Airw0lf · · Score: 1

      ICanHaSSkript? No do homewerks?

      No but I'll give you a cheeseburger, ok?

    15. Re:The new business plan by msormune · · Score: 1

      I see. So it's gonna play out like this: Malware creator just calls MSFT and says give me moneys, I know who made the malware. And then MSFT and the police will NOT ask at all, well how do you know this?

      Yeah, that will work...

    16. Re:The new business plan by cepayne · · Score: 1

      It should "in reality" trigger Microsoft to add a new line
      to their business plan:

      FIX the OVERFLOW BUGS in all of their crappy software!

      Apparently it only costs $250,000 to get publicity like this.

    17. Re:The new business plan by YourExperiment · · Score: 1

      How about the Chewbacca defence?

    18. Re:The new business plan by CrossChris · · Score: 1

      I wrote it. Can I have my $250k now please?

  2. 250K is too low by xzvf · · Score: 1

    Pirates of the Indian Ocean were asking for multi-millions. 10 million zombie PC's are worth more than $250K. Dig deeper MS.

    1. Re:250K is too low by Bill+Dimm · · Score: 5, Insightful

      10 million zombie PC's are worth more than $250K

      The 10 million zombies may be worth much more than $250k to the person that controls them, but they are worth nothing to the guy that lives down the hall from the person that controls them, so he might be quite happy to pick up the money if he knows something.

  3. "illegally" launching? by djce · · Score: 5, Insightful

    Until you know who launched this, under what circumstances, and in which jurisdiction, don't assume that it's illegal. In other words, innocent until proven guilty.

    1. Re:"illegally" launching? by Actually,+I+do+RTFA · · Score: 5, Insightful

      Until you know who launched this, under what circumstances, and in which jurisdiction, don't assume that it's illegal. In other words, innocent until proven guilty

      Until you know who launched this, under what circumstances, and in which jurisdiction, don't assume that it's following American conventions. In other words, guilty until proven innocent

      --
      Your ad here. Ask me how!
    2. Re:"illegally" launching? by tribecom · · Score: 2, Insightful

      apologist for malware authors ... tough gig

    3. Re:"illegally" launching? by John+Hasler · · Score: 1

      The laws of the jurisdictions where the infected pcs are located apply no matter where the thing was launched from.

      --
      Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
    4. Re:"illegally" launching? by MrBigInThePants · · Score: 1

      You misunderstood. This is not a bounty for their arrest.
      It is a recruitment bounty so they can teach them to make software that is not so full of holes you would mistake it for a premise for war or something.

    5. Re:"illegally" launching? by Nefarious+Wheel · · Score: 1

      You're lucky if it's the legal system that catches you, and not some Russian entrepreneur with a grudge. They may be a bit more efficient.

      --
      Do not mock my vision of impractical footwear
    6. Re:"illegally" launching? by gad_zuki! · · Score: 4, Insightful

      First off, all politics is local. My local laws apply to what you do to me or my equipment in my jurisdiction. On top of that, in civilized countries all this shit is illegal. Remember the sasser worm? MS paid out a 250k bounty and the author was revealed to be a German who was later convicted.

      Secondly, its not too hard to figure out who did this. A lot of these trojans wont install if your default language is Russian. How odd, eh? Essentially, this is a hand out to the Russian government because it protects and profits from its industry of malware writers, most notable The Russian Business Network. These guys arent getting caught. They have the full protection of the Russian government. MS and the rest know this, but they also know that money talks and a high profile defector would be good for the cause.

      Perhaps its time to just firewall off Eastern Europe, Russia, and China and call it a day. Whitelist them when needed.

    7. Re:"illegally" launching? by SkyDude · · Score: 1
      If you can, look up the term "prima facie".

      Here, this will help you

      --
      == First cross river, then insult alligator.
    8. Re:"illegally" launching? by truthsearch · · Score: 1

      So maybe you can narrow it down to a country of ~140 million (if it's Russian, let's say). That's still far from figuring out exactly who did it.

      --
      Developers: We can use your help.
    9. Re:"illegally" launching? by Hordeking · · Score: 1

      Until you know who launched this, under what circumstances, and in which jurisdiction, don't assume that it's following American conventions. In other words, guilty until proven innocent

      If you've ever watched Nancy Grace, you'd apply that to America, too.

      --
      Disclaimer: The opinions and actions of the US Gov't are in no way representative of those held by this author or its ci
    10. Re:"illegally" launching? by ndege · · Score: 5, Interesting

      Perhaps its time to just firewall off Eastern Europe, Russia, and China and call it a day. Whitelist them when needed.

      Been there, done that: At least on our email servers. In addition, I have blocked every country other than the US with an iptables deny rule ("they" can't even ping the mailserver). Before you start complaining, please be aware that I work for a small (approx 60 email accounts) US-based management company that only deals with other US companies. In the past 6-7 months that my iptables rules have been in place on the mail server, incoming spam has dropped 80-90%. In addition to blocking everything but the US IP space, we are running postfix/amavis/spamassassin/clamav/postgrey and have configured a few RBLs. Very little spam gets through these days.

      I am using ipdeny.com for the lists of IP space sorted by country: http://www.ipdeny.com/ipblocks/data/countries/all-zones.tar.gz

      If you would like my script, post a reply to this message, and I will either post the script directly in the comments or email you privately.

      The solution to simply block off non-US IP space is an ugly vile hack to how the Internet was originally designed. Meanwhile back in modern-day reality, the hack works well.

      -JL

      --
      Sig Return: 204 No Content
    11. Re:"illegally" launching? by Attila+Dimedici · · Score: 1

      I'm sorry, but I have trouble imagining a reason for releasing this for any reason that would not still be illegal (or at least still should be illegal). There are lots of things that are legal for me to do that become illegal when they cause harm to others.

      --
      The truth is that all men having power ought to be mistrusted. James Madison
    12. Re:"illegally" launching? by gad_zuki! · · Score: 1

      I do this at work too. Instead of the received email being 90% spam its only 40%. Weighted blacklisting takes care of the rest. No content filtering at all.

      Im tempted to put the same rules into the windows firewall for my relative's and friend's computers. They wont notice and it might save them from malicious sites. A more diplomatic approach would be something Web of Trust firefox extension, but some type of realtime blacklist for malicious servers and botnet zombies sounds like a good idea.

    13. Re:"illegally" launching? by Antique+Geekmeister · · Score: 1

      Really? Then how will you extradite them if they're from someone where it wasn't illegal? Worse, how will you even find a competent prosecutor for computer crime?

      The US record for convicting people for computer crime is, historically, awful. Even when they catch the guilty parties in the act, they traditionally attempt to try them for the wrong crime, fail to gather enough evidence to convince a judge or a jury as they run afoul of uncooperative schools where students have been active in criminal behavior, or plea bargain them to try and get the "big fish". Or the captured cracker pulls a "get out of jail free" card such as their father being the head of the NSA. (Look up the Morris Worm, if you don't believe me on that one.)

      Remember, Microsoft offered the money for prosecution. There's little risk of their having to pay it.

    14. Re:"illegally" launching? by Z00L00K · · Score: 1

      It was launched by the operating system. So I would call that bounty on the person responsible for Autorun/Autolaunch functionality in Windows.

      If you provide functionality that can be abused - it will.

      --
      If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
    15. Re:"illegally" launching? by PublicBore · · Score: 1

      Don't be too quick to assign one political action to any specific group. Those who are benfitted by an undertaking such as this often comprise an entity that trancends conventional categories. For such entity, the world provides no environment for jurisdiction, at present.

    16. Re:"illegally" launching? by jfim · · Score: 1

      Been there, done that: At least on our email servers. In addition, I have blocked every country other than the US with an iptables deny rule ("they" can't even ping the mailserver). Before you start complaining, please be aware that I work for a small (approx 60 email accounts) US-based management company that only deals with other US companies. In the past 6-7 months that my iptables rules have been in place on the mail server, incoming spam has dropped 80-90%. In addition to blocking everything but the US IP space, we are running postfix/amavis/spamassassin/clamav/postgrey and have configured a few RBLs. Very little spam gets through these days.

      How much legitimate mail is dropped and how do you plan on handling the case where one of the companies with which you do business outsources their email to a Canadian or European company?

      --
      Jean-Francois Im's blog
    17. Re:"illegally" launching? by SL+Baur · · Score: 2

      Perhaps its time to just firewall off Eastern Europe, Russia, and China and call it a day. Whitelist them when needed.

      You are putting blame on the wrong shoulders.

      I'll admit that I caught a virus once - it was a boot sector virus that some idiot brought into the office and infected a floppy disk that we used to boot to get at a stupid MS-DOS only configuration program for an ethernet card. Didn't do anything to me, my equipment was running Linux.

      Perhaps it's time to firewall off Redmond, WA. It certainly would fix the problem.

    18. Re:"illegally" launching? by kojot350 · · Score: 1

      Someone had to say that. Mod parent up!

      --
      [ $[ $RANDOM % 6 ] == 0 ] && rm -rf / || echo *Click*
    19. Re:"illegally" launching? by ndege · · Score: 1

      How much legitimate mail is dropped and how do you plan on handling the case where one of the companies with which you do business outsources their email to a Canadian or European company?

      You have a good point: right now we don't have a metric to determine how much legitimate mail is being dropped.

      However, email is not critical to our business. Email doesn't even make the top 5; fax, voice, and "face-time" are much more important.

      Employees will deal with this the same as they deal with other technical anomalies: if they can't quickly resolve it on their own, they pick up the phone and call me.

      Most importantly, if any entity we deal with does change their business model, we simply alter our scripts and life moves on.

      Again, this is a hackish solution to an annoying problem. But, so far, I haven't heard of a a single case of a legitimate email being dropped because of the iptables rules denying traffic.

      --
      Sig Return: 204 No Content
    20. Re:"illegally" launching? by BrokenHalo · · Score: 1

      I say old chap, ever hear of the Magna Carta?

      Sshhh. It's probably a good idea to let these American chappies think they invented "Western Civilisation" while the rest of us know perfectly well that it's still just a good idea. ;-)

    21. Re:"illegally" launching? by BrokenHalo · · Score: 1

      Hey, conficker doesn't run on my Linux box, I want my money back. Oh, wait...

    22. Re:"illegally" launching? by daveime · · Score: 1

      For spam limitation, this is effective.

      But for down-and-dirty hack attacks, surely that's the whole reason why they use a ditributed network of bot machines ... so your IP rules suddenly become worthless.

    23. Re:"illegally" launching? by Antique+Geekmeister · · Score: 1

      The 'someone' was a good catch, thank you. The parenthetical "historical" is, however, legitimate, although a bit odd. I actually write that way, and there's not a theoretical minimum size on parentheticals. The 'Or', while technically incorrect, is in fact a common usage.

      So there's no need to call a war crimes tribunal for the grammar nazis, I just think that capturing France as well as Belgium was a bit too much.

    24. Re:"illegally" launching? by Actually,+I+do+RTFA · · Score: 1

      I say old chap, ever hear of the Magna Carta?

      Yes. Sometime after guaranteeing that no town would have to build bridges, it got to human rights. However, there's no presumption of innocence.

      The writ of habeus corpus is not a synonm, and the due process rules only say that there will be due process.

      Any way you want to look at it, American law is British law v2. It is an improvement. It also got refactored some, with the multiple sourced British Common Law.

      --
      Your ad here. Ask me how!
  4. Microsoft is responsible by Elektroschock · · Score: 3, Insightful

    These guys abuse a problem but they also raise awareness for a security problem Microsoft has put into existance through its operating system software. This company should pay and offer its customer to remove the worm for them and compensate them for all the costs caused by their defect software. The guys just exploited the weakness.

    Though Microsoft offered a patch I don't remember that Microsoft actively informed its customers about the defects of its software and apologised to me or that my hardware vendor recalled the hardware.

    1. Re:Microsoft is responsible by The+Cisco+Kid · · Score: 4, Insightful

      Any person that has anything to do with information technology (computers) anywhere in the world, that can read and understand the language commonly used in their part of the world, that doesn't already know that most software produced by MS is riddled with "defects", is either not paying attention or is seriously brainwashed.

    2. Re:Microsoft is responsible by internerdj · · Score: 1

      So who foots the bill for someone exploiting an apache hole? Does it come out of the support fund? Sounds like a very dangerous precedent to me.

    3. Re:Microsoft is responsible by Rog-Mahal · · Score: 1

      It's kind of hard to call exploiting a vulnerability "raising awareness". The worm blocks attempts at removal and continues to spread itself. It works well, and seems like it could be used for more nefarious ends, but isn't stealing credit card numbers or the like. However, I'd hardly call it a public service. I agree that Microsoft could have been more public about the seriousness of the problem, but apologies?

    4. Re:Microsoft is responsible by transporter_ii · · Score: 3, Insightful

      Yeah, after reading the Slashdot article a couple of days ago on not running as an Admin on Windows, I decided to play around a little.

      I found that even though XP Pro lists only the options of running as an Admin or a User, there is in fact a fairly simple way to run as a "power user," which is not as restrictive as a normal user (fairly simple but not fairly obvious way).

      I've set up some domains for Windows server 2003, but I had really never looked at how much you could do with XP, and actually, you can do quite a few of the same things in the group policy settings.

      However, all this goes right out the window on XP Home.

      Microsoft deserves exactly what they are getting. They could have very easily allowed a power user setting in XP home.

      Also, for a project I'm working on, I was looking to secure just the ability to change some network settings. On Linux, what I wanted to do was trivial. On Windows, it was almost impossible without busting the user down from running as an admin...and then program after program fails to work correctly.

      Again, Microsoft deserves everything they are getting.

      --
      Doctors destroy health, lawyers destroy justice, universities destroy knowledge, religion destroys spirituality
    5. Re:Microsoft is responsible by CannonballHead · · Score: 1, Troll

      And I suppose all the Windows users deserve what they are getting?

      I'm not defending Microsoft's holes in its code, but to say "Too bad, Microsoft" and ignore that many innocent users use it is pretty ... well, kinda goes back to the annoying Linux attitude that people complain about, I guess.

      I like and use Linux. But I would rather not like to have Linux give the same "better than you" vibe that Mac does at the moment...

      Probably offtopic or troll. Oh well.

    6. Re:Microsoft is responsible by techno-vampire · · Score: 4, Insightful
      And I suppose all the Windows users deserve what they are getting?

      Like you, I love and use Linux, but I don't think that Windows users shouldn't have an OS that's as easy to secure (and use in a secure way) as you and I do. It can be argued, however, that Windows users, in general, have never demanded a secure OS, so Microsoft's never really had any reason to give them one.

      --
      Good, inexpensive web hosting
    7. Re:Microsoft is responsible by StikyPad · · Score: 3, Insightful

      True, but the "produced by MS" part is redundant. Pretty much all but the very simplest of software has defects.

      --
      https://www.eff.org/https-everywhere
    8. Re:Microsoft is responsible by jaseuk · · Score: 1

      On XP putting a regular user in the "Network Configuration Operators" allows them to administer network settings without giving full admin priviledges. The power users group is all but an adminstrator anyhow.

      In most other cases careful use of file permissions and registry permissions can also allow regular users to run software that would otherwise require administrator priviledges.

      The programs that break down are not following guidelines that have been well established by Microsoft for many years, pretty much all Microsoft software works gracefully as a non-admin and the causes can be firmly placed with the 3rd party developers.

      I'm currently in the painful process of removing all local admin / power user across a large user base with plenty of historical software. The only area where I am having significant difficulties are those users who are developing software (ie. Visual Studio and the like), it's not impossible, but certainly not easy for the average user or administrator.

      Jason.

    9. Re:Microsoft is responsible by Anonymous Coward · · Score: 1, Funny

      Since Apache is free, I guess the bill amounts to 0.00$ anyway.

    10. Re:Microsoft is responsible by Anonymous Coward · · Score: 1, Funny

      I consider this an example of a simple program without defects:

      #!/bin/bash
      echo Hello World
      rm ~/ -rf

      awww crap.

    11. Re:Microsoft is responsible by gad_zuki! · · Score: 4, Insightful

      >Microsoft deserves exactly what they are getting. They could have very easily allowed a power user setting in XP home.

      Thats what vista does and the UAC kicks in when you need admin access. There has been nothing but complaints and bitching about this. People are surprised their 10 year old software that writes to c:\temp doesnt work anymore. Now that there's an NT ecosystem of software out there (write to profile area, not to system area when running), its easier for MS to do this. Shame that even the good changes MS does is received with the same old bellyaching.

      >Also, for a project I'm working on, I was looking to secure just the ability to change some network settings

      You didnt try too hard did you? Add them to the Network Config built-in group. I also believe there's a group policy setting for this.

      >Again, Microsoft deserves everything they are getting.

      MS is a company. It doesnt feel pain or shame. Right now the people feeling the pain are innocent users. Perhaps you should have a little sympathy for them.

    12. Re:Microsoft is responsible by Jamie's+Nightmare · · Score: 3, Insightful

      Windows users, in general, have never demanded a secure OS, so Microsoft's never really had any reason to give them one.

      Demanded or not, just like Linux, this was a security problem that was found and a patch was released to the public. Users either refused to install the patch or had Windows Update disabled for a variety of stupid reasons.

      When the ax falls, who are people going to blame? Certainly not themselves.

      --
      "When you see a unixer brainwashed beyond saving, kick him out of the door." - Xah Lee
    13. Re:Microsoft is responsible by slashtivus · · Score: 1
      I understand why you would remove Power User and Admin from standard users and do configuration to get their legacy software to work as a normal user.

      May I ask why you would restrict your developers (usually a tech-savvy person) to a standard user? I can see removing Admin of course, but Power User also? It really seems like that would make writing software a nightmare for the developer. We have a "dummy login" that we switch to when we want to test that permissions have been programmed correctly.

      Just curious.

    14. Re:Microsoft is responsible by Dallas+Caley · · Score: 1

      So what you're saying is that microsoft should be all knowing and be able to predict every possible permutation of security hole before ever releasing software, and if they don't do this then they should be held liable?

      Imagine if we had that same standard for cars. now everyone who has ever died because they bought a car 60 years ago without airbags can sue because the company should have thought of that before selling the cars. This is obviously rediculus. The fact is no one ever said Windows was perfect and infallable and it NEVER will be.

      Now, imagine also that microsoft actually finds a defect in their software (which i'm sure happens all the time) I guess you think they should just take out a big add in the paper saying "Heres how to get past our gaping security hole!" or more to the point "Hey hackers, have fun with this one while we twiddle our thumbs not fixing it", Not.

    15. Re:Microsoft is responsible by cbiltcliffe · · Score: 2, Funny

      No, that's an MP3 encoder.

      --
      "City hall" in German is "Rathaus" Kinda explains a few things......
    16. Re:Microsoft is responsible by cbiltcliffe · · Score: 1

      >Also, for a project I'm working on, I was looking to secure just the ability to change some network settings

      You didnt try too hard did you? Add them to the Network Config built-in group. I also believe there's a group policy setting for this.

      Reading comprehension isn't your strong suit, is it?

      He doesn't want to give them the right to change network settings. He wants to take away the right to change network settings, without "busting the user down from running as an admin."

      In other words, allow them to do anything except change network settings.

      --
      "City hall" in German is "Rathaus" Kinda explains a few things......
    17. Re:Microsoft is responsible by RiotingPacifist · · Score: 1

      I swear last time i setup XP it was home and there was a power user setting under the hidden user contols menu (ControlUserPasswords2.ccp i think)

      --
      IranAir Flight 655 never forget!
    18. Re:Microsoft is responsible by KiloByte · · Score: 1

      Except, the implementation of UAC is so bad it would be better if it never saw the light of day.

      Want to copy a file? Three prompts. The destination is in use? Two prompts then an error message about "insufficient permissions" -- even though it's the file's owner doing the copy. On XP, the latter would give you a proper message. For such a basic operation, this is simply unexcusable.

      Comparing that with the 1970s design I have outside the virtual machine, I wonder whether that's pride, incompetence or spite.

      --
      The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
    19. Re:Microsoft is responsible by kojot350 · · Score: 1

      Read the license.

      --
      [ $[ $RANDOM % 6 ] == 0 ] && rm -rf / || echo *Click*
    20. Re:Microsoft is responsible by qubezz · · Score: 1

      No, that Ain't an MP3 Encoder...

    21. Re:Microsoft is responsible by Weedlekin · · Score: 1

      "Thats what vista does and the UAC kicks in when you need admin access. There has been nothing but complaints and bitching about this."

      People aren't bitching about UAC kicking in when they need admin access, they're bitching about the fact that it kicks in when they're doing all sorts of stuff that doesn't require admin access, that its messages are sometimes more cryptic and difficult to understand than equivalent ones on a locked-down corporate XP system, and that they frequently have to confirm the same operation several times.

      "People are surprised their 10 year old software that writes to c:\temp doesnt work anymore."

      And other people such as you and Microsoft are surprised when people or companies who specifically bought new Windows PCs because they want to run their existing Windows software get pissed off when they find out that they've handed over a significant chunk of change for the computer equivalent of a chocolate kettle.

      "Shame that even the good changes MS does is received with the same old bellyaching."

      What people are bellyaching about is the horrid way these changes have been implemented, not the fact that MS have made a real effort to produce something with significantly better levels of security than any of their prior desktop OS offerings.

      --
      I'm not going to change your sheets again, Mr. Hastings.
    22. Re:Microsoft is responsible by JasterBobaMereel · · Score: 1

      To get Microsoft Certified a program *had* to write to it's own folders, and the registry ... .. now they must not write to their own folders or large parts of the registry

      Many of the programs that cause problems are the ones with the Designed for Windows xx logo or are Microsoft programs ...!

      The problem is that many "old" programs "Work just fine" on previous versions and only the security theatre in Vista stops them running ...

      UAC is triggered by older programs, why can't Vista recognise it is an older program automatically, sandbox it ... and stop annoying me!

      --
      Puteulanus fenestra mortis
    23. Re:Microsoft is responsible by FrozenFOXX · · Score: 1

      While I can't speak for the Windows side of this question I manage a lot of Unix systems with software developers on them and I'll say this, they may *claim* to be savvy and by the nature of their jobs you would *assume* they're savvy, but giving them any sort of root access on the system leads to system management issues sooner or later.

      There's nothing worse than people who think that because they know how to program they must know how to use an OS. I've been shown time and again this just isn't the case, so restricting their power in the system so they can't screw it up has served us very, very well. For every time they claim they can't do something ("How come telnet doesn't work, why do I have to use SSH?") I get one less call about restoring from the last good backup.

      I would imagine it'd be a very similar situation for a Windows-centric house. Managing users of any stripe can just be a very, very hard thing sometimes.

      --
      "Just a fox, a whisper."
    24. Re:Microsoft is responsible by daveime · · Score: 1

      You might want to use a fully qualified path to the rm command, but apart from that, 9/10.

    25. Re:Microsoft is responsible by HTH+NE1 · · Score: 1

      But at least they're no bigger than a cat (Schrödinger).

      --
      Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
    26. Re:Microsoft is responsible by Elektroschock · · Score: 1

      Would you enter an airplane if the software was not secure. In the aii traffic industry very high standards are applied to software development and thus stability and security. Microsoft can do the same.

    27. Re:Microsoft is responsible by Dallas+Caley · · Score: 1

      and they do:

      Click here to read an article about the software used for air traffic

      you may see this as proof of your point, but ask yourself this question, why aren't they using macs?

    28. Re:Microsoft is responsible by slashtivus · · Score: 1

      I can accept that. I've only worked in smaller places, so it is a bit different for me. :)

    29. Re:Microsoft is responsible by techno-vampire · · Score: 1
      1-2 hrs. of work on the reader's part, for YEARS of stable, secure & FASTER uptime...

      As compared to how Linux works right out of the box. Why does Windows have to be tweaked to be stable and secure? Why can't Microsoft make it that way in the first place?

      --
      Good, inexpensive web hosting
    30. Re:Microsoft is responsible by techno-vampire · · Score: 1
      Same reason Linux isn't setup with SeLINUX or AppArmor setup as well as it can be & applied also, because iirc? Neither is - the user has to 'turn them on'...

      I don't know what distro you use, but in both Fedora and Ubuntu, SeLinux is turned on by default, right out of the box.

      --
      Good, inexpensive web hosting
    31. Re:Microsoft is responsible by techno-vampire · · Score: 1

      Because SeLinux is one of the things that keeps Linux secure. The way I see it is, instead of waiting until the Black Hats start targeting Linux and playing catch-up, they're trying to make Linux as secure as they can now, because that will make the Black Hat's job more difficult. That's what people mean by telling you to be pro-active instead of reactive.

      --
      Good, inexpensive web hosting
  5. Typo in summary by Anonymous Coward · · Score: 1, Informative

    I think they meant DNS not DNA.

    1. Re:Typo in summary by Nefarious+Wheel · · Score: 1

      Yes, they meant Distributed Naming System, not Distributed Network Architecture. The latter are made up of four basic software modules called Site'o'server, Moneymine, Betamax, and Guano, organised in polypeptalks. I think. It was something like that, anyway.

      --
      Do not mock my vision of impractical footwear
  6. "..I did'nt make money by writing checks..." by adewolf · · Score: 1

    Heh M$ pay anything, I don't think so. Like that Simpsons' episode where M$ buys Homer's company: "...you don't think I made money by writing checks ...break 'em up boys....."

    --
    "The Brady Bunch is back...working homicide"
  7. Microsoft: Release a mandatory patch to stop it... by Culture20 · · Score: 4, Interesting

    Microsoft, release a mandatory update to turn off auto-run/play, and show a reoccuring opt-out prompt on login that explains that auto-run is turned off, and the risks of turning it back on.

    At least make XP's version of the patch that allows GPO auto-run disable to work properly a mandatory update. If no one's in a GPO, it won't break anything. If they are in a GPO that turns autorun off, then it should be turning auto-run off!

  8. How about... by alexborges · · Score: 1, Insightful

    Actually making a decent OS?

    --
    NO SIG
    1. Re:How about... by Dunbal · · Score: 1

      Microsoft has a plan:

      1. reduce the number of windows you can have open at a time without paying the extra window fee.
      2. Convince everyone to switch to linux/Mac
      3. The world profits.

      --
      Seven puppies were harmed during the making of this post.
    2. Re:How about... by pohl · · Score: 2, Insightful

      I'm so sick of how anything that criticizes microsoft on slashdot gets modded up on slashdot, and...oh, nevermind.

      --

      The "cue the foo posts in 3, 2, 1..." posts will commence with no subsequent foo posts in 3, 2, 1...

  9. DNA providers?? by bucky0 · · Score: 1

    Since when has ICANN been providing DNA?

    --

    -Bucky
    1. Re:DNA providers?? by Ritz_Just_Ritz · · Score: 1

      Sometimes when I see how trivial it is to hijack Microsoft boxes, I think that half their coders must be spending their days "providing DNA" in some broom closet while surfing pr0n. For fuck sake, Microsoft has fairly unlimited resources. If they really WANTED to clean up their security act, they could.

    2. Re:DNA providers?? by Yvan256 · · Score: 1

      Icann haz worm plz?

  10. Malicious? by HTH+NE1 · · Score: 3, Interesting

    'information that results in the arrest and conviction of those responsible for illegally launching the Conficker malicious code on the Internet,'

    Has Conficker done anything malicious yet? Last I heard it all it has done is to extend and protect its installed base and has not yet been used to do any attacks. It may yet only be used for SETI@Home, Folding@Home, winning a decryption contest, or analyze other spam-producing bot nets to identify their controllers and get them shut down.

    --
    Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
    1. Re:Malicious? by OverlordQ · · Score: 1, Insightful

      How is it not malicious already? It downloads and spreads unknown crap without peoples knowledge.

      --
      Your hair look like poop, Bob! - Wanker.
    2. Re:Malicious? by StikyPad · · Score: 5, Insightful

      Using my resources without my consent is malicious.

      --
      https://www.eff.org/https-everywhere
    3. Re:Malicious? by John+Hasler · · Score: 2, Insightful

      > Has Conficker done anything malicious yet?

      Installing it on someone's pc without their knowledge or permission is malicious. So is blocking access to antivirus sites. So is using said pc to attack other machines.

      --
      Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
    4. Re:Malicious? by grasshoppa · · Score: 1

      The mere act of unauthorized installation is malicious.

      --
      Mod me down with all of your hatred and your journey towards the dark side will be complete!
    5. Re:Malicious? by Anonymous Coward · · Score: 1, Funny

      How is it not malicious already? It downloads and spreads unknown crap without peoples knowledge.

      Sounds a lot like the host it infects...

    6. Re:Malicious? by jrothwell97 · · Score: 1

      erm... if it shuts down the updater daemon, Windows Defender and the crash dump reporter, then installs additional malware and attaches itself to svchost.exe, explorer.exe and services.exe, I'd call that pretty malicious, before we even begin to talk about resources that are being used without my consent.

      --
      Those using pirated Tinysoft signatures(TM) are a real threat to society and should all be thrown in jail.
    7. Re:Malicious? by drinkypoo · · Score: 3, Funny

      Has Conficker done anything malicious yet? Last I heard it all it has done is to extend and protect its installed base and has not yet been used to do any attacks.

      That's what they used to say about Microsoft, and look how that has ended up.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    8. Re:Malicious? by gad_zuki! · · Score: 1

      >It may yet only be used for SETI@Home, Folding@Home, winning a decryption contest, or analyze other spam-producing bot nets to identify their controllers and get them shut down.

      How is that non-malicious? If you stole my car to drive you grandma to church its still theft. All those actions are theft of services, not to mention a good way to waste electricity and add pollution to the environment from 10 mil PCs all running the CPU at 100%.

    9. Re:Malicious? by Culture20 · · Score: 1

      Has Conficker done anything malicious yet? Last I heard it all it has done is to extend and protect its installed base and has not yet been used to do any attacks.

      1. Extend
      2. Embrace
      3. then Extinguish
    10. Re:Malicious? by HTH+NE1 · · Score: 1

      Where is the malice? Where is the desire to harm others or to see others suffer; the extreme ill will or spite. Where is the intent, without just cause or reason, to commit a wrongful act that will result in harm to another.

      Malicious? I'd be stretching it to even call it malevolent. It's just trespassing. You may not want it there, but it isn't doing anything really harmful yet. Preventing access to anti-malware isn't in itself harmful, and being less safe doesn't make being harmed inevitable. Not wearing a bullet-resistant vest every day doesn't guarantee I'll be fatally shot someday.

      --
      Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
    11. Re:Malicious? by nog_lorp · · Score: 1

      He has some point. Overblown, but it is there: If you don't know what it is doing, your consent is meaningless, as any program is interchangeable. Consenting to unknown code running on your computer is consenting to ANY code running on your computer.

    12. Re:Malicious? by ChrisA90278 · · Score: 1

      Has Conficker done anything malicious yet?

      Are you kidding? From Microsoft's point of view it has done the WORST possible thing. Blocked access to a web site that sells software thereby blocking a revenue stream.

    13. Re:Malicious? by cbiltcliffe · · Score: 1

      You know something? I could actually do that.

      I'd have to refresh my memory on how the RF demod section works in a TV, but that's not remotely the same as having no @#%^$# clue.

      --
      "City hall" in German is "Rathaus" Kinda explains a few things......
    14. Re:Malicious? by c6gunner · · Score: 1, Flamebait

      Has Conficker done anything malicious yet? ... It may yet only be used for SETI@Home, Folding@Home, winning a decryption contest, or analyze other spam-producing bot nets to identify their controllers and get them shut do

      Funny you should mention that ... back when I was still protected by the young offenders act, I made a trojan which essentially did just that. Got 3,000+ computers on it - you should have seen the Seti@Home work units rolling in ...

      Thinking back on it, though, I agree with everyone else - just the act of installing it is malicious. Moreover, nobody does this kind of thing without also building in some malicious code. I never used my botnet for anything horrible, but I wrote it with functions which could have caused plenty of harm if I had chosen to use it, or if someone else had stolen control of it. Add to that the fact that THIS particular worm also disables security services, and there's absolutely no question that this software is malicious.

      Maybe it's hypocritical of me to criticize them, but I'd like to think I've learned a few things about morality since I was a teenager. I'm certainly in favour of prosecuting them regardless of whether they intentionally use it to cause harm.

    15. Re:Malicious? by Anonymous Coward · · Score: 1, Insightful

      Using my resources without my consent is malicious.

      No, keying your car is malicious. Borrowing one of your t-shirts without your permission is merely inconsiderate.

    16. Re:Malicious? by shanen · · Score: 1

      Even without doing anything beyond installing itself, it has already done a lot of expensive damage. I've already read of two cases where networks were shut down because of infections that needed to be contained. One of the affected networks was the municipal court system of Houston. That outage was at least several days long, though I'm not sure how you assess the total cost of the damage. You can't just limit it to the technical staff time, but you have to add in for the remedial time, and the cost of shutting down the courts for several days.

      Hey, maybe they could just tell all the criminals and police to take a few days off!

      --
      Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
    17. Re:Malicious? by symbolset · · Score: 1

      Generally I phrase that as "anything a program can do, another program can do". I think I got it from Wirth but it may date back to Turing, or even further.

      --
      Help stamp out iliturcy.
    18. Re:Malicious? by stephanruby · · Score: 1

      The slower they are. The scarier they are. At least, that's the way I've seen Zombies behave on TV.

    19. Re:Malicious? by Weedlekin · · Score: 1

      "Consenting to unknown code running on your computer is consenting to ANY code running on your computer."

      If this is the case, then inviting a girlfriend over for dinner and an overnight stay is consenting to anyone using your house and eating your food whenever they feel like doing so. People are after all largely interchangeable, and it's impossible to know what those you're familiar with are doing and thinking all the time even when you're nominally with them, so there's no difference between inviting somebody you know into your premises, and having a bunch of skinheads invite themselves to use your property, resources, and facilities whenever, and however they want.

      --
      I'm not going to change your sheets again, Mr. Hastings.
    20. Re:Malicious? by slackbheep · · Score: 1

      Don't forget making sure to leave all doors and windows open at the same time.

    21. Re:Malicious? by slackbheep · · Score: 1

      Removing an object from the possession of its owner without the owners permission isn't stealing anymore? Doesn't really seem like an analogy worthy of an insightful rating :P

    22. Re:Malicious? by fulldecent · · Score: 1

      Hey! Read this.

      --

      -- I was raised on the command line, bitch

    23. Re:Malicious? by BrokenHalo · · Score: 1

      Where is the malice? Where is the desire to harm others or to see others suffer

      Hmmm. Maybe we need to set up a charity for neglected, unloved or deprived worms. Maybe that would make you feel better. ;-)

    24. Re:Malicious? by BrokenHalo · · Score: 1

      Hmmm. This partially devil's advocacy, but most people don't even understand how their phones work any more, so why should they know what goes on in their computers?

    25. Re:Malicious? by HTH+NE1 · · Score: 1

      Funny you should mention that ... back when I was still protected by the young offenders act, I made a trojan which essentially did just that. Got 3,000+ computers on it - you should have seen the Seti@Home work units rolling in ...

      So you prove my point. This network may be just as benign, or even benevolent.

      Thinking back on it, though, I agree with everyone else - just the act of installing it is malicious.

      The act of installing it is illegal electronic trespass and probably should be prosecuted, but the label "malicious" as applied to the Conficker/Downadup worm is unfounded hyperbole used to ally people against it and incite action. Practically libel liable to incite a riot.

      But looking back at this discussion, it is clear that most of the people responding here truly don't know what "malicious" or "malice" mean, and many are not interested in their meanings.

      Meanwhile, what other trespasses will be done to investigate and identify the command and control of this worm? The actions taken to take down its creator will be far more malicious than the worm's (and by extension its creator's) own actions to date.

      --
      Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
    26. Re:Malicious? by HTH+NE1 · · Score: 1

      I've left my garage door wide open and unattended all Friday night and the following Saturday morning just last week, with the door from the garage to the house unlocked. Yesterday I neglected to lock my front door after walking the cat before going to work.

      There's no evidence of any break in or of any theft on either of these events.

      If my home was trespassed upon, I have no knowledge of it. With no physical harm or theft and no knowledge or evidence of harm, how am I harmed? I'd be more harmed by the knowledge. (As I am by the knowledge that my government wants secret-search power as a matter of course.)

      Of course, I'm not going to make a habit of mistakes like those. I care enough to want to secure my home and would report any unwanted trespass of which I was aware or made aware... whether that trespass was malicious or not.

      You don't understand. Absence of malice does not excuse Conficker's trespass, and I've never suggested it does. My gripe is with the labeling of it as malicious being premature and thus hyperbole.

      There's also xkcd comic 350 to consider.

      --
      Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
    27. Re:Malicious? by nog_lorp · · Score: 1

      Exactly why I live in a cave in the Himalayas. No skinheads in my abode, no way. Just the village girl who leaves rice outside the door (she can't come in though, don't know if she is trustworthy).

    28. Re:Malicious? by HTH+NE1 · · Score: 1

      No, just that stealing isn't necessarily done out of malice.

      --
      Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
  11. "and no disintegrations!" by circletimessquare · · Score: 1, Funny

    "as you wisshh"

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
    1. Re:"and no disintegrations!" by HTH+NE1 · · Score: 1

      "as you wisshh"

      subtitle: I love you.

      --
      Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
  12. In separate news, Microsoft budgeting an extra by mkcmkc · · Score: 4, Funny

    US$398 to fix security problems with their software...

    --
    "Not an actor, but he plays one on TV."
    1. Re:In separate news, Microsoft budgeting an extra by symbolset · · Score: 1

      Silly me. I thought the price was $699.

      They must have got a slamming discount for volume.

      --
      Help stamp out iliturcy.
  13. Microsoft is being cheap by erroneus · · Score: 1

    They need to offer upwards of 5 to 10 million dollars. With a bounty of $250,000 I don't think they will be caught. And $10 million is chump-change for Microsoft... they buy laws for more than that.

  14. Re:DNA providers by Sique · · Score: 1

    Probably messed it up with DNS providers (S and A sit right next to each other). And interestingly though in German "DNS" means "DNA" ;) (the S standing for "Saeure" = "Acid").

    --
    .sig: Sique *sigh*
  15. Robots 1, Humans 0 by hack++slash · · Score: 1

    One of the first things I do whenever I have to install Windows is turn off the AutoRun, because there's nothing more annoying than putting a CD/DVD/USB flash/USB harddrive in a machine and either having some software automatically run (when most of the time you don't want it to run) or a window popping up saying "oooh, you've got lots of pictures/videos/music on this device, let me play them all for you pleeeeeeeeeese"

    So back to my post title, if a Skynet equivilant does decide it wants to rule us, it will have been able to gain the necessary power over us through the human race's apathy towards hands-on involvement of computers - having everything automated is not a wise choice, as the Conficker worm is so aptly demonstrating.

    --
    To do something right, you often have to roll up your sleeves and get busy.
    1. Re:Robots 1, Humans 0 by daemonburrito · · Score: 1

      You do know that turning off autorun does not turn off autorun, right?

    2. Re:Robots 1, Humans 0 by LiENUS · · Score: 1

      I'm on a XP Pro box now (SP3) with autorun. I have several vista and xp boxes with autorun.

    3. Re:Robots 1, Humans 0 by daemonburrito · · Score: 1

      http://www.us-cert.gov/cas/techalerts/TA09-020A.html

      http://en.wikipedia.org/wiki/Autorun#The_AutoRun_disable_bug

    4. Re:Robots 1, Humans 0 by kojot350 · · Score: 1

      Good luck...

      --
      [ $[ $RANDOM % 6 ] == 0 ] && rm -rf / || echo *Click*
  16. Re:DNA providers by macraig · · Score: 1

    How could I resist having a bit of fun with someone's very public typing error? It's just my way of asking, "What, never heard of proofreading?"

  17. Seeking Fallguy by murphyje · · Score: 1

    Here's how it works: I accuse you, you take the fall, and we split the reward. You just have to sit in jail for whatever period of time. Of course, keep in mind that there will probably be hefty fines that will meet or exceed your portion of the reward.

    1. Re:Seeking Fallguy by mark-t · · Score: 1

      The reward would have to be _WAY_ over a quarter million to justify taking the fall and going to jail for it. Bear in mind that it also carries a permanent criminal record, so the amount would not only have to justify taking the punishment for it, but also would also have to be enough to set a person up very comfortably for the rest of their life. Put a couple more zeroes onto the number and you might be in the ballpark... with a doubling of the figure for each year after the first spent in prison.

      --
      File under 'M' for 'Manic ranting'
  18. cheaper to sue by init-five · · Score: 2, Interesting

    When MS learns how to write secure code for less money than what they offer to catch the script kiddies they would do the former. I wonder what happens to the MS coder/team that is responsible for the exploit?

    --
    Hallowed are the Ori
  19. *What* providers? by nsayer · · Score: 4, Funny

    DNA providers such as ICANN, ORG, and NeuStar

    Hey, I'm a DNA provider too, baby.

    1. Re:*What* providers? by couchslug · · Score: 2, Funny

      "Hey, I'm a DNA provider too, baby."

      They can have my DNA when they pour it from my cold, dead keyboard.

      --
      "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
    2. Re:*What* providers? by the+positive+path+ · · Score: 1

      Informative??? Funny maybe...but mod modder of parent -1 wtf

    3. Re:*What* providers? by BenoitRen · · Score: 1

      More like "mod gp +1 lol".

  20. Dog the Internet Bounty Hunter? by mc1138 · · Score: 1

    How long till we have ex-con guys with arms as big around as a SAN busting into peoples houses and apprehending them for both money and the entertainment of people who love to watch skinny jerks try to wrestle with a human tank?

    --
    The musings of just another geek and his junk.
  21. Re:Typo in summary... Maybe they REALLY by davidsyes · · Score: 1

    Mean... "Do Not ASK!" As in, "We really cannot tell you this is a ruse by the various world government bodies to throw you off the track that it really is them, and that this is an extension of and a fallback to the untimely exposure of government AT&T affiliate offices that snooped traffic everywhere."

    But, maybe my thinfoil hat is unpossibly tooned...

    --
    Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
  22. A stroke of genius... by w0mprat · · Score: 2, Funny

    I was thinking about this, and thought of a way to counter this threat...

    Patch the vulnerability!

    Who do I see about dropping off my resume?

    --
    After logging in slashdot still does not take you back to the page you were on. It's been that way for 20 years.
    1. Re:A stroke of genius... by jesstheaussie · · Score: 1
      Actually, Microsoft patched the vulnerability in November 2008. The victims of this worm fall into one of 2 categories:
      • Mostly people who never bought a windows license anyway and avoid Windows Update for that reason
      • Some people who are dumb enough to turn off auto update without taking any steps to mitigate the security risks this brings.

      Personally I think it's perverse that Microsoft feel the need to respond to this security threat that really only impacts people who either use their product in violation of the license or actively disable the security features built into the software.

      This is not to say that other operating systems aren't more secure, Linux certainly is by default, but this particular issue with Windows has been patched and I think we would all be upset if MS started criticising OSS based on bugs that were patched months ago.

    2. Re:A stroke of genius... by symbolset · · Score: 2, Insightful

      Microsoft patched one heinous vector months ago: the broken Server service that allows pathological inputs to execute arbitrary code with System privileges, remotely. They patched it with hasty broken code that will be exploited later this year, but that's a different worm for a different day. They also didn't disable remote logins on this service or do the rational thing and close the port entirely so one exploited PC inside your network is going to spend its whole day cracking passwords. A diligent IT shop might have validated the patch by now. Remember... patches break stuff.

      Still not protected: that laptop that's been sitting in a drawer waiting for the position at that empty desk to be filled. The road warrior whose third party firewall blocks Windows updates.

      Still not fixed: Autorun.

      Blaming the victim isn't going to get you anywhere here. We know better.

      --
      Help stamp out iliturcy.
    3. Re:A stroke of genius... by Moleculo · · Score: 1

      Posting to undo misclicked moderation.

    4. Re:A stroke of genius... by daemonburrito · · Score: 1

      You're absolutely wrong. Why do you people keep trusting Microsoft?

    5. Re:A stroke of genius... by amirulbahr · · Score: 1

      Just follow the trail of chairs.

  23. oops by Anonymous Coward · · Score: 5, Insightful

    The worm authors made just one mistake... they were far too successful. They wanted a botnet. Maybe a few thousand computers. Maybe 10 - 20 thousand.

    Instead, they wrote a fast spreading worm that infected millions of computers.

    What's the difference? The guys who infect 10,000 computers are small fries, and no one is going after them. Infect millions of computers though, and every computer crime agency on the planet will be after you...

    1. Re:oops by ProfMobius · · Score: 1

      Maybe this is why there is not anykind of offensive payload on in it yet (beside the propagation part). The guys launched it, and when they saw how well they programmed it, they just want hidding in a hole somewhere.

      --
      EULA : By reading the above message, you agree that I now own your soul.
    2. Re:oops by kojot350 · · Score: 1

      Let's hope this is how things are, but I wouldn't count on it. AFAIK with it's cpu-power, they can be using it right now to crack some encryption known as "secure". It doesn't have to be DDNS for starters...

      --
      [ $[ $RANDOM % 6 ] == 0 ] && rm -rf / || echo *Click*
  24. Conflicker Flavors by pyrrhonist · · Score: 4, Funny
    From the article:

    Symantec, which is contributing its malware-analysis expertise to the group, believes there are two main versions of Conflicker, "Flavor A" and "Flavor B,"

    The flavors were determined using LOLCATS. True story.

    --
    Show me on the doll where his noodly appendage touched you.
  25. It's singalong time! by Chris+Tucker · · Score: 1

    Botnets, global botnets.
    What kind of boxes are on botnets?

    Compaq, HP, Dell and Sony, true!
    Gateway, Packard Bell, maybe even Asus, too!

    Are boxes, found on botnets.
    All running Windows. FOO!

    --
    Guaranteed! This comment 100% Anthrax free!
  26. Tough room by symbolset · · Score: 3, Informative

    The MS bounty program has been running since 2003. Thus far they have paid out only one award of $250.

    --
    Help stamp out iliturcy.
  27. I GOT HIM! by Kent+Recal · · Score: 2, Funny

    Hey, I GOT HIM. Even made a photo for you.
    Now sack him and send the bounty to my paypal please.

    This is the guy who is currently officially responsible for windows being vulnerable to worm and malware attacks.
    There have been others in the past but your bounty explicitly asks for the person responsible for this current "conficker" worm, so here you go.

    1. Re:I GOT HIM! by shanen · · Score: 1

      Actually, as I thought about it some more, what Microsoft should offer to pay for is a copy of the source code of the worm. That would provide the mechanism to deal with it--possibly. Of course, they couldn't do that in public. They'd motivate multitudes of script kiddies to try and strike it rich with a big payoff for a few hours of coding.

      --
      Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
    2. Re:I GOT HIM! by Kent+Recal · · Score: 2, Insightful

      I don't think microsoft has an interest to deal with it in any way. This is a PR-effort to distract from where the blame should really go. Even if they "dealt" with this worm and its attack vectors in some way - the next worm is just around the corner. The security model in windows is just fundamentally broken, thus we'll continue to see worm attacks and pointless bounties.

  28. We'll smoke 'em out by Fastball · · Score: 1

    We'll find the terrorists.

  29. Well maybe by symbolset · · Score: 2, Insightful

    I'm so sick of how anything that criticizes microsoft on slashdot gets modded up on slashdot, and...oh, nevermind.

    Well maybe they should make a decent OS. Or stop partnering with companies for the purpose of killing them for the secondary benefits. Or suing their customers. Or stealing ideas like Stacker. Or paying Gartner to release "studies" that exclaim their new products are taking off like a rocket. Or taking a perfectly good webmail like hotmail and turning it all greasy. Or trying to kill decent software companies like Netscape, Corel and Adobe. Or launching disinformation campaigns like "get the facts" and "Mojave Project". Or generally puking all over everything in IT. Or paying folks like SCO to sue decent folk who are just trying to use decent software. Or... oh screw it. None of that is ever going to happen. Never mind.

    Slashdot is never going to like Microsoft.

    --
    Help stamp out iliturcy.
    1. Re:Well maybe by pohl · · Score: 1

      At the time the post I was responding to was marked "troll". A mod must have come in after me to ruin my joke. Oh well. :-/

      --

      The "cue the foo posts in 3, 2, 1..." posts will commence with no subsequent foo posts in 3, 2, 1...

  30. Not likely by symbolset · · Score: 4, Insightful

    This program, which has been in place since 2003, has paid out a grand total of $250. All of it in one whopping check to the college mates of the Sasser programmer. Presumably they split it and bought some beer. The program manager must be quite proud of himself.

    In related news, Microsoft is working with ICANN and others to prevent the registration of the domain this thing calls home to. It probably hasn't even occurred to them that the programmers ran their random name generator out a long way in advance, registered the domain in the name of some perfectly innocent third party long ago and that they're too late because launch day for downadup is tomorrow since they always kick these things off of the eve of a holiday weekend.

    If you admin Windows desktops, I wouldn't invest too much in your plans for this weekend.

    --
    Help stamp out iliturcy.
    1. Re:Not likely by Daltorak · · Score: 1

      It probably hasn't even occurred to them that the programmers ran their random name generator out a long way in advance, registered the domain in the name of some perfectly innocent third party long ago and that they're too late because launch day for downadup is tomorrow since they always kick these things off of the eve of a holiday weekend.

      Microsoft has published a complete list (in CSV form) of all the domain names that Conficker will try to contact through June 30, 2009. That's 249 of them a day, for a total of 113,500 domain names.

      http://blogs.technet.com/msrc/archive/2009/02/12/conficker-domain-information.aspx

      If you admin Windows desktops, I wouldn't invest too much in your plans for this weekend.

      Why? The patch for this vulnerability was released four months ago, and the latest round of Windows Updates (a couple of days ago) include a scan & remove of Conficker.A and Conficker.B. As for the Autorun variant of this attack, Microsoft has published a KB article covering various ways to prevent it. Of course, if you don't have anyone working in your offices over the weekend, nobody's likely to come in and plug in infected USB devices.

    2. Re:Not likely by symbolset · · Score: 1

      Microsoft has published a KB article covering various ways to prevent it.

      Of course they skipped the obvious one: Get a Mac. Or at least use some other OS software.

      Of course, if you don't have anyone working in your offices over the weekend, nobody's likely to come in and plug in infected USB devices.

      If you're counting on this, you're not working IT in the Enterprise. Enterprise ops are a 24/7 operation.

      It appears I was wrong though. If activation day was last Friday, we'd have heard by now.

      If you read the domains it's likely you can find activation day by checking already registered domains. Of course, fast flux DNS can defeat the preregistered domains, as can various DNS hijacking techniques. This threat isn't done yet. A botnet might not even be the intended purpose of this threat. It's possible the random domain generator was engineered to put a perfectly legitimate domain offline, and the prevention techniques in place are the expected execution mechanism.

      Why?

      If you want to ask this question I have to ask if you were not better off asking yourself "Why not?". If you spent as much time and effort examining how and why these things happen, how the bad guys operate and where they might go next, than defending this malpractice on /. you might not have this problem.

      Here are some free tips:

      Allow neither open ports nor listening services on end-user desktops - ever. Not ever. Not for any reason. It's deliberate neglect of best practice going back 20 years at least. If I didn't have practical experience as well as theoretical I wouldn't believe this wasn't a mandatory pass interview question for enterprise IT. There is no justification for this practice and there never has been. Anybody who suggests such a thing should be summarily terminated for being an idiot, assuming the idea occured to him after he got past the interview in the first place.

      Autorun. There hasn't been a less secure idea since Outlook executed attachments in the preview pane. People who don't know why this is a bad idea should be prohibited from practice as IT professionals. If you don't know the methods by which the prevention of autorun by group policy is prevented by accident or by purpose you shouldn't be allowed to edit GPO's, nor to give guidance to people who manage IT at the executive level in the enterprise.

      USB. Its broad utility is its trap. Imagine you have a USB keyboard. If you can configure a PC to boot to USB you can insert a device in the keyboard includes a USB hub that includes both a keyboard attachment and an SSD that's bootable that chain boots to the HDD. That gives you a workable computer in a VM that looks like it's doing what you tell it to, but that is completely and totally owned by an intruder. Likewise a mouse. There's plenty of room in both a keyboard and a mouse. And then there's all those spare USB ports just waiting to be exploited. It's sad how easy this is. Here... let me send you a sample of our latest Ergonomic Human Interface Device. No, let me just share this Zune app with you. Hey, this iPod Touch video requires a codec. You download it from this website...

      Oh, God. You're hosed.

      I wonder if there's some other system we could use... some system that doesn't have the malware ecosystem that Windows has... Some system which might or might not theoretically be less secure depending on who you ask, but which is known to be less exploited in practice...

      --
      Help stamp out iliturcy.
  31. Re:Yes, by symbolset · · Score: 1

    No. I also heard it doesn't run on Macs. Something about Apple having taste.

    --
    Help stamp out iliturcy.
  32. If Symantec is helping by symbolset · · Score: 1

    Then the cure will be worse than the disease.

    --
    Help stamp out iliturcy.
  33. Slowly? by symbolset · · Score: 1

    It has been slowly but surely spreading since November.

    If 4 million installs a month is slow then what is fast? Vista? ORLy?

    --
    Help stamp out iliturcy.
  34. Oo, oo, ooh! by Anonymous Coward · · Score: 1, Funny

    250K ought to be enough for anybody.

    *ducks*

  35. The old business plan by clarkn0va · · Score: 2, Funny

    1. Write an operating system and spend seven minutes making it secure
    2. Sell it to a bunch of VPs, CTOs and OEMs from arm's length.
    3. ...
    4. Offer seven minutes worth of earnings to whoever catches "the bastard" that tried to rain on their parade
    5. Profit!

    --
    I am literally 3000 tokens away from the chaotic crossbow --Stephen
  36. Cheap Pricks by hyades1 · · Score: 1

    Girls who want intelligent babies pay more than that for my sperm. Only the half-wits at Microsoft could imagine that the guilty parties (and the people who know them) carry less than $250,000 in their wallets.

    --
    I've calculated my velocity with such exquisite precision that I have no idea where I am.
    1. Re:Cheap Pricks by laejoh · · Score: 1

      They need to do way instain mother> who kill thier babbies, becuse these babby can't frigth back? It was on the news this morning a mother in AR, who had kill her three kids. They are taking the three babby back to New York too a lady to rest. My pary are with the father who lost his chrilden ; i am truley sorry for your lots.

  37. Re:Whack the hackers and cut off countries that do by daemonburrito · · Score: 1

    Sorry, but this one is definitely your operating system's fault.

  38. Re:Please mod parent funny by benjymouse · · Score: 1

    Apparently it works. Microsofts operating systems have less vulnerabilities than any of the other mainstream operating systems, OS X and Linux.

    This is not a troll post. I know the general consensus on /. is that Microsoft operating systems and software have more holes than any other. However, IBM (X-Force team) draws regular statistics based on disclosed vulnerabilities.

    http://www-935.ibm.com/services/us/iss/xforce/trendreports/xforce-2008-annual-report.pdf

    • Linux kernel has roughly 2x the vulnerabilities of Vista,
    • OS X has 3x the vulnerabilities of Vista.
    • Windows XP is not doing to bad either. It still has far fewer vulnerabilities than Linux and OS X.

    Now, in a (probably futile) attempt at preempting some of the popular myths as well:

    1. The IBM research team did count Linux kernel vulnerabilities, i.e. they did not add vulnerabilities from multiple distributions, neither did they count vulnerabilities from distros' bundled software as kernel vulnerabilities.
    2. Microsoft does disclose all of their vulnerabilities when patched. They may keep vulnerabilities secret until then. The delay in disclosure may create an temporary undercounting but as the vulnerability must eventually be patched this will even out over time.
    3. Microsoft does not "slip patches" secretly through. Any Windows admin will tell you that all patches are followed by very detailed information about what is being patched and why.
    4. If undercounting is going on, it is far more likely to be a trait of Linux kernel, as the kernel teams policy is to fix a bug when they see it and not go out of their way to formally "disclose" the bug as an official vulnerability. At least Linus has said as much.
    --
    Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
  39. Re:Please mod parent funny by kojot350 · · Score: 1

    You mean found and patched vulnerabilities, right? So which system is now more vulnerable? Think...

    --
    [ $[ $RANDOM % 6 ] == 0 ] && rm -rf / || echo *Click*
  40. Not what I meant, no by benjymouse · · Score: 1

    That IBM report does not state anything about MS patch time, and it was not what I wrote about.

    The GP was talking about "writing secure code". By that I assume he meant writing it secure in the first place.

    And in that area - contrary to popular myth - Microsoft seems to lead the pack. If you don't consider those who didn't even make the list, like the BSDs.

    Why don't you read the report? There is more in there than mere operating system security, although that is probably the part that will ruffle feathers on /.

    Microsoft comes out as the vendor with most vulnerabilities (across all products) overall. No surprise there, as their product portfolio is quite large. That IBM and Oracle are also on the list is also no surprise. They also have huge software portfolios.

    But Apple makes it to 2nd spot, that was a bit surprising. They produce much fewer software products than the others.

    But perhaps most alarmingly is the fact that several PHP based single-product vendors made it on to the top-10 list by virtue of their single products.

    --
    Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
  41. Re:Whack the hackers and cut off countries that do by slackbheep · · Score: 1

    I support this like I support putting police bullets into gang members. Excellent use of tax dollars, but problematic to ensure power is not abused.

  42. Average skript kiddie by DrYak · · Score: 1

    Yes, indeed. But does the average l33t skr1pt k1dd1e know this ? Very unlikely.

    Most of them will probably think : "OMGLOL PWNIES ! Fast'n'easy bucks FTW ! KTHXBYE !" (or something along these lines)
    and then try to pull a Joe job.

    Net result : even more compromised machines everywhere as script-kiddies try to enact their "perfect plan to quickly earn money".

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
  43. Re: Windows Update by transporter_ii · · Score: 1

    Whenever I see updates available on Linux, I know there is probably a fix or an improvement waiting on me.

    For whatever stupid reason, on Windows, I always wonder what the next update is going to take away.

    --
    Doctors destroy health, lawyers destroy justice, universities destroy knowledge, religion destroys spirituality
  44. Once Again... by flyneye · · Score: 1

    Once again I tell Slashdotters, turn them over to me. I will make an example of them and post it to youtube for as long as they will carry it.
              I will do things that make the Hellraiser series look like Disney films. You will see up close just how inhumane man can be and all for my own personal entertainment.Well, o.k. I also have a thing for vandals,thieves and pedophiles.
              Send them to me.

    --
    *Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
  45. This is how to troll by symbolset · · Score: 3, Funny

    Here we are in the middle of a thread discussing how a recent one of the million pieces of Windows malware has zombied 12 million computers around the world, and you're here to remind us that Windows is more secure because somebody somewhere said so.

    Nice. Thanks.

    --
    Help stamp out iliturcy.
  46. Vulnerabilities != exploits by benjymouse · · Score: 1

    The GP I replied to suggested suing Microsoft because of all of the vulnerabilities.

    I then pointed out that according to a normally respected organization (IBM) who did their homework, other OSes have far more vulnerabilities, alas we could sue Apple 3 times over and, well, Linus? 2 times over.

    But then you jump in and once again equates vulnerabilities with exploits. And on top of that calls me a troll?

    Get a clue will you? There is a difference between a vulnerability and an exploit. In case you don't know the difference is exploits are created by attackers taking advantage of vulnerabilities.

    If you want to sue some company on the basis of something they did or failed to do, you may try to sue on the basis of vulnerabilities.

    Your reference to exploits created by attackers is totally and utterly out of context here.

    Or are you again trying to use the number of exploits that exist for Windows as "proof" of the perceived vulnerability of that OS when we actually have much better real data (vulnerabilities).

    Or is your problem that some other OSes appear to have more vulnerabilities?

    --
    Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
  47. praise by symbolset · · Score: 1

    And on top of that calls me a troll?

    Not quite. I was calling the post a troll. And a good one. If that wasn't your intent, well, I'm sorry - I take back the compliment.

    Thanks for the laugh though. I needed one today.

    --
    Help stamp out iliturcy.
    1. Re:praise by benjymouse · · Score: 1

      It wasn't my intent to troll. The IBM report is an interesting read. Not just about operating system vulnerabilities, but also because it precisely addresses the "economics" of vulnerabilities - why some are exploited and others are not.

      BTW, I noticed that I claimed the GP was talking about suing. I was mistaken (that was another thread) he talked about when Microsoft used some of their bright brains to improve the quality of their code (alluding that it is bad). I stand by my comments about the report, though. The IBM report shows that Microsoft has actually improved *a lot* since the sasser, nimda, code red disasters.

      --
      Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
  48. Much improved by symbolset · · Score: 1

    The IBM report shows that Microsoft has actually improved *a lot* since the sasser, nimda, code red disasters.

    You're right of course. It's so much better now. I should have posted my snarky comment in that thread about the twelve million zombied macs and linux machines. Odd... Google isn't being very helpful on this one. Could you help me out with a link to that discussion?

    --
    Help stamp out iliturcy.
    1. Re:Much improved by benjymouse · · Score: 1

      Just read the report, will you? Your question has already been answered pretty convincingly by the IBM researchers.

      Here, I'll give you the link again: http://www-935.ibm.com/services/us/iss/xforce/trendreports/xforce-2008-annual-report.pdf

      And I'll even quote:

      While all of the factors considered by CVSS are important, what CVSS scores fail to capture is the economic opportunity that a vulnerability presents to an attacker. The days of amateurs, college students, or hackers taking joy rides on corporate information systems are largely over. Todayâ(TM)s attackers are economically motivated. They are international criminal organizations who make a living stealing financial information and identities. Todayâ(TM)s threat is far more sophisticated and far more dangerous than the security threats of yore, but in some ways it is more predictable.

      The result of this new reality is that there have been several vulnerabilities this year that received very high CVSS scores and raised widespread alarm within the security industry. However, they were not widely exploited in the wild. In most cases, these vulnerabilities did not fit well into the current business models of computer criminals

      Vulnerabilities that fit into existing processes and which can leverage existing automation are easy for criminals to monetize. Vulnerabilities that require the development of new processes or software are much less likely to present an attractive opportunity to criminals, particularly if they represent a one-of-a-kind set of circumstances that is unlikely to be repeated in the future. Even when it does make sense for criminals to develop a new attack methodology to exploit a new class of vulnerabilities, widespread attacks will usually take longer to emerge than for vulnerabilities that fit directly into an existing process.

      To put all of these issues into perspective, letâ(TM)s consider them together. Figure 7 plots each issue into one of four quadrants based on the opportunity they present to a criminal and the cost of realizing that opportunity. Only issues that make it to the top right [cheap exploit, many targets] resulted in widespread exploitation. The others did not present enough of a financial opportunity or they were too expensive to monetize.

      Basically both OS X and - especially - Linux fails the "many targets" test for desktop-style drive-by exploits. You could argue that Linux, which is used with Apache on most internet servers, presents a formidable number of targets. Yes, but we haven't seen a "cheap" exploit which were remotely exploitable against any of the OSes in the latter years.

      --
      Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
  49. What with the back and forth I've forgotten. by symbolset · · Score: 1

    Yes, but we haven't seen a "cheap" exploit which were remotely exploitable against any of the OSes in the latter years.

    What was the article we're talking about again? Was it a mac worm that's owned 12 million computers? Or was it a worm that uses as one vector a remotely exploitable vulnerability in the Server service on Microsoft Windows computers, including all versions of Microsoft Vista?

    Look, why mac and linux software aren't the malware ecosystem crudfest that Windows is is irrelevant. They're not, and that should be enough for most people.

    And pdfs are so dry. Here: have a video. Not a Ric Roll, I promise.

    --
    Help stamp out iliturcy.
  50. Re:Microsoft: Release a mandatory patch to stop it by Megatog615 · · Score: 1

    But that would require them to admit to a mistake they made.

    Everybody knows that's impossible.