Slashdot Mirror
Conficker Worm Asks For Instructions, Gets Update
KingofGnG writes "Conficker/Downup/Downadup/Kido malware, that according to Symantec 'is, to date, one of the most complex worms in the history of malicious code,' has been updated and this time for real. The new variant, dubbed W32.Downadup.C, adds new features to malware code and makes the threat even more dangerous and worrisome than before."
FIRST! now.. where do i get that update ?
Just so long as it doesn't insist on verification to check that nobody is using an unauthorised copy. After all, we wouldn't want to encourage piracy... ;-)
I run Linux! http://xkcd.com/272/
If people would stop downloading free_porn.jpg from 4chan, renaming it to free_porn.exe, and running it... we would not be having these problems.
Seriously, and why can't they agree on one name?
Maybe I'm being picky here, but why does Slashdot's icon for this story depict a caterpillar? Don't the editors know the difference between a caterpillar and a worm?
It's an inchworm.
Maybe I'm being picky here, but why does Slashdot's icon for this story depict a caterpillar? Don't the editors know the difference between a caterpillar and a worm?
That's why it's so dangerous. It mutated
I run VMWare on Linux! http://xkcd.com/350/
Genesis 1:32 And God typed
You're worried about the worm/caterpillar when there's a *stapler* underneath?
Is real evolution. And I don't mean Intelligent Design.
Look, you're malware authors, you have millions of machines to play with, you could bring the next stage of artificial life to the fore. Think of the recognition, the glory, the girls.
Deleted
if it's asking for instructions, why do they have to come from the blackhats? why couldn't someone write an update telling conficker to cease operation and uninstall itself?
They're using their grammar skills there.
This may be the most complex worm/virus ever made, but is it any more prevalent or hard to remove?
If I do basic things like keep my Virus definitions and system OS up to date and occasionally scan for spyware, am I still at risk?
In other words, are the ones at risk the same kinds of people who'd be at risk from a lesser, simpler, worm that essentially spreads via a "click here for free porn!" banner?
+1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
Ok fine... Conficker/Downup/Downadup/Kido/something else malware, that according to Symantec...
It's an inchworm.
Which is a caterpillar.
But that's ok. Pictures of worms are so damn hard to find.
Comment removed based on user account deletion
The worm probably uses encyption, so it doesn't just accept any control message from unknown sources.
Because unless you have something to gain (other than a warm feeling that you've done something nice and have helped the world), nobody wants the liability associated with writing an illegal but benevolent worm and releasing it.
And, you know, having access to the original source code saves some time picking apart obfuscated machine code.
He's getting rather old, but he's a good mouse.
why couldn't someone write an update telling conficker to cease operation and uninstall itself?
Because that would be illegal.
One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
If the payload for all of these infected hosts affects traffic across the Internet, even Linux users may care about this issue. Don't be lulled into apathy, this is a powerful, dynamic and capable threat with some very advanced coding and routines. The developers know how to optimize their threat and squeeze a ton of trouble from its deployment. It now sits in a rather powerful position, depending on how they intend to use it. You can catch scanning hosts on your internal networks using listeners on port 445 from Linux boxes without samba. Tools like netcat or own HoneyPoint applications have proven great at finding active hosts. If you identify any on your environment, remove them immediately. The less zombie systems Conflicker has to utilize, the better!
Check out HoneyPoint, our tools for combatting the insider threat! http://www.microsolved.com/honeypoint/
What are your favorite type of worms?
*Tape
*Round
*Heart
*Nightcrawlers/earthworms/anything uses for fishing
*spy/mole/CIA/KGB, including corporate espionage
*Software/malware
*German city
*Eisenia cowboynealia
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I am with you on that one, Linux would not be so susceptible as windows, although they have their own rootkits, but you get alot of programs (such as tripwire) that let you know when something is wrong,
and then just recompile that particular program.
As for windows, once your win32.dll has been rooted, then you cant turn around and do the same without reinstalling a whole slew of other things, thereby changing the installation, sometimes breaking patches or updates...
I say lets all move to linux for the desktop, and leave windows as a server environment.
So that's why the second icon showed up as a broken image, viewing the page from here in Vancouver. We've had a serious crack-down on those dangerous weapons around here recently.
Find environmentally and socially responsible products on http://buy-right.net
It's an inchworm.
That's what SHE said!
Random Thoughts From A Diseased Mind (Not For Dummies)
It continually amuses me how the mainstream media managed to censor the name of this worm. It was originally conficker, which is slang/shorthand for 'configuration file fucker', but using the German fick instead. It was also known as 'downandup' as in the hip motion; both clearly sexual references. Since any kind of indirect reference to sex gets you scrutiny and/or shunning from the Moral Majority, suddenly we have 'downadup'.... So much better?
There it is ! That's my stappler. I told them..that I wanted my stappler. I will not change my desk anymore.
Ploum.net.
On a random blog, which was rather legit, I ended up getting redirected to this page:
Here's the link: hxxp://gowithscan.com/?uid=13100 (malware! warning!)
It appeared to scan my Windows and find multiple vulnerabilities. Good thing I'm running Linux. Then it proceeded to obnoxiously pop up JS alerts and have me download an install.exe. Major antivirus couldn't find anything wrong with it. I have the file if anyone is interested (submitted it to clamav.org too).
it can cause five tankers in the Ellingson Fleet to capsize.
Aww, give it a few more years and it will probably name itself!
http://209.85.173.132/search?hl=en&q=cache:kingofgng.com/eng/2009/03/16/conficker-worm-asks-for-instructions-and-gets-an-update/&btnG=Search
In Soviet Russia ^H^H^H America, The bank finances YOU!
Because unless you have something to gain (other than a warm feeling that you've done something nice and have helped the world), nobody wants the liability associated with writing an illegal but benevolent worm and releasing it.
Oh I'm not sure that there's nothing to gain from it. Does nobody remember the Morris Worm? If that's all I have to do to get a professorship position at MIT, hey, there's something to gain there!
I have left slashdot and am now on Soylent News. FUCK YOU DICE.
Now that is something BBC should take care of.
The good, the evil and the vacuum tubes.
Windows permissions are quite fine-grained. They're much more flexible than POSIX permissions--comparable to ACLs, in fact, which fewer people use on Linux.
The problem isn't the permission scheme at all, but a combination of legacy, a ruthless dedication to backwards compatibility, and lazy software developers who don't understand the guidelines that Microsoft (now) sets forth regarding secure development from their platform. Maybe throw in a dash of OEMs setting people to administrator by default, but until the other stuff is fixed, that's the only way that they're going to sell any computers.
That said, UAC is a lot like requiring sudo without a password, except that in theory, a user process can't automatically click "ok" for you.
If nobody AT ALL compiled W32.Downadup.C, by my calculations we should never see this worm in the wild. That IS the filename of the source, right? ;-p
I once used Windows XP in that mode. Where everything and its dog was locked down by the ACLs. It was pretty nice to know that a virus could really only frag my (backuped) user account. But it was a pain in the ass for configuration and installation. Mostly because the programs were not made for it. They did not expect something to be locked down at all. Even internal Microsoft programs. So you very often got crashing programs and the like, because they hiccuped on a non-accessible resource.
But then I realized that security holes of software that was too tightly integrated with the OS, made the whole thing useless.
Luckily I now use virtualization, and as my sig says:
Any sufficiently advanced intelligence is indistinguishable from stupidity.
F-secure was one of the first people I'm aware of to register some of the domain names that infected machines try to contact. When people were asking this question, this was their response.
UAC is a lot like requiring sudo without a password
Thank you. That explains just about everything right there.
www.lucernesys.comHorizon: Calendar-based personal finance
It doesn't require a password if you're running on an account that would otherwise be an admin. If you need elevation on a standard account, you have to enter the username and password of an account that does have admin privileges.
Hardening Windows is a fools errand. It has repeated been demonstrated that new Windows vulnerabilities are constantly developing and the lag time before Microsoft patches them can be years.
Switching to Linux and learning to use it is a one time event. Constantly patching and protecting Windows is an ongoing and never completed task.
Facebook is billions of individual "Skinner Boxes." And if you use it you are the pigeon!
why couldn't someone write an update telling conficker to cease operation and uninstall itself?
How do you expect to make any money doing that?
One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
Really cool stuff! I want this toy!!! Can't believe that authors support Windows platform only! :)
.
W32.Downadup.C
Risk Level 2: Low
Currently hooked on AMP
This is not an OEM issue -- MS does this also. If you get an MS XP installation disk, install it and add users, the users will be Administrators. In fact, MS has made things more difficult since WIn2k -- under XP, the only options under the Contol Panel "Users" dialog are "Limited User" or "Administrator". Finding the option to exercise a more fine-grained control over user permissions is difficult -- most users won't find it at all. Since "Limited Users" can't control the network, a "Limited User" can't connect the wireless in a laptop to a new AP, which pretty much 100% of laptop users want to be able to do.
Under Windows 2000 (IIRC) more fine-grained options were much easier to find.
Summary: don't blame OEMs -- this is a problem that is 100% MS's making.
The real "Libtards" are the Libertarians!
But the caterpillar is called an inchworm. Look - the category isn't about earthworms (or any other long, soft-bodied critters). It's about computer code. Picking an inchworm as a graphical representation of that code is just as valid as any other "worm" imagery.
I understand the curiosity factor if you didn't know the image was an inchworm and instead you wondered what catapillers have to do with computer worms. But now that the correlation has been demonstrated, any further complaint is just being intentionally obtuse.
Oh I'm not sure that there's nothing to gain from it. Does nobody remember the Morris Worm? If that's all I have to do to get a professorship position at MIT, hey, there's something to gain there!
Oh, you mean they let Robert Morris out of jail? I kind of assumed he'd be out on parole by now...but I didn't know about the teaching post. Ah, I looked it up...Associate Professor at MIT, no less (http://en.wikipedia.org/wiki/Internet_Worm). And looks like he never had to do any hard time.
I feel a certain fondness for Morris, because I worked for the same company where he was a summer intern once. Sigh...my brush with fame. You have to give him points for originality: after all, his was the first worm. And it was 100% Unix compatible. Of course, the fact that his dad worked for the NSA as a computer security specialist may have given him something of an advantage...
Great men are almost always bad men--Lord Acton's Corollary
...Anthem!
Botnets, worldwide botnets.
What kind of boxes are on botnets?
Compaq, HP, Dell and Sony, TRUE!
Gateway, Packard Bell, maybe even Asus, too.
Are boxes, found on botnets.
All running Windows, FOO!
-------
Why, yes, I AM a smug bastard who's running Mac OS X. Thanks for asking!
Guaranteed! This comment 100% Anthrax free!
That said, UAC is a lot like requiring sudo without a password, except that in theory, a user process can't automatically click "ok" for you.
Actually, according to what I've read (though I've never tried it), you can set UAC to require a password input.
Let q be a radix > 1. I am in ur base-q, killing 10 d00ds.
Unix permissions rule.
They are quite enough for almost all use and easy enough to understand at a glance. It's easy to write "chmod -R a+r-x dir", but I'd hesitate to do this with cacls.exe.
I was looking for information on this last night and wasn't able to find much.
Is there a way (on a ASA/PIX specifically) to block the outbound connections made by this worm so that you can contain the traffic to the local network and also log the hosts that are infected?
The only thing I found was someone making reference to blocking http://ipaddr/search?q= requests but I couldn't find any backup for that claim. TIA
Error: Sig not found.
It's interesting to see this shift.
It is now trying to protect the existing infections.
Im a gamer, not a grammer major. This post is full of spelling and grammer mistakes.
Really? So you have never needed to patch or update any of your Linux boxes? Amazing!
All computer security is an ongoing and never completed task. It isn't something with a "do this one time and you are set forever" solution. Remaining vigilant is certainly not a "fools errand", as you suggest.
"But this one goes to 11!"
I'm a fan of the Unix permission model, but in some cases, it does leave something to be desired.
It's a fairly difficult process to give one other user access to my files. Sure, if I'm root, I can create a special group, add myself and that user to it, and then chgrp. That works on the small scale. Now what if I want two groups to be able to access the file? Create a new group, add the members of all of those groups, and chgrp again. Only now I'm maintaining that list of groups in two places--in the main group, and in the combined group.
If I'm not root? Forget it. It's a support request at best, and not going to happen at worst.
ACLs make it trivial to grant selective access to files, and you don't even have to be root to do it.
I forget whether or not regular users can modify ACLs on their own files in Windows, but I'm pretty sure that they can.
Yes, someone else pointed out that UAC requests a password if you aren't an administrator--which is, of course, correct. I fell into the same trap of assuming that users will be administrators, since that's how things tend to be in the real world (when not in a locked down environment, of course.) Of course, if you're not running as an administrator, the original complaint is moot. UAC is a compromise between making day-to-day users "Limited Accounts" and software which makes bad assumptions.
As a side note, I ran Windows 2000 for a fairly long while as a regular user. Most things worked fine, but the ones that didn't were incredibly irritating. Tracking down what permissions were required to get things to run was a pain. As a side-side note, I eventually stopped using Antivirus because it never found any viruses--either I wasn't getting them (in which case, why bother?) or it wasn't finding the ones I had (in which case, why bother?)
Of course, the poster to whom I replied implied (with his subject line) that UAC was comparable to Unix permissions, which is really like comparing Apples(tm) to oranges. S/he seemed completely ignorant of the fact that Windows does have permissions (which I noted are actually ACLs--more granular than Unix default permissions.)
There's nothing wrong with access rights in Windows. Linux isn't perfect; please stop deluding yourself into believe that Linux is the One True Way to do things.
It's possible to use POSIX ACLs for that. For example, /dev/audio on most systems uses ACLs to control access to it.
And users can change them also.
LITTLE BOXES (with apologies to Malvina Reynolds & Pete Seger)
Little boxes on the internet
Little boxes with no security
Little boxes running Conficker
Little boxes all the same
There's a Dell one, and an Asus one
And a HP one and a Sony one,
And they have the Conficker
And they all spread it just the same
And the people on the internet
Represent a great diversity
But no one taught them to use their boxes
And they all learned just the same
They all use Windows, and don't use AV
And open executables
And now they're all in the botnet
And help expand it every day
Sorry that's all I could come up with while at work :P
"The first time I got drunk, I got married. The second time I bought a chimpanzee, after that I stayed sober" Arian Seid
UAC is a lot like requiring sudo without a password
Thank you. That explains just about everything right there.
How, exactly? The password requirement for sudo is to identify that the user has been given permission to administer the computer. Windows uses "Administrator" accounts to determine the same thing.
It's not the computer's ability to identify computer administrators that is in question, it's requiring deliberate human interaction that is in question, and both sudo and UAC accomplish this.
May be risk is low for consumer computer. Worm does nothing harmful. We'll speak about real risk when botnet build with this worm will DDoS YOUR site.
*German city
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
THIS! If you read the academic analysis of the trojan/worm it will refuse to update itself unless the new payload is signed using the original 4096-bit encryption key.
It's not that simple in a corporate environment (i.e., LAN). We do packet filtering and proxy at our ingress and egress points, we stay up-to-date with patches (WSUS), and AV (ESET), and we've disabled a number of unnecessary Windows services, but still, occasionally infections get through. Sometimes this is because a consultant or freelancer walks through the door and plugs into our network; sometimes it's because a laptop user brings something back with them. Sometimes, yes, it's our own users who are stupid, and the defenses we have in place do not catch them. So far, we've been able to limit damage, but as for stopping it completely-- this has been hard to achieve. As far as we can tell, the only way to accomplish this is to ditch Windows.
Besides, if you don't run AV, how do you know you don't have something? Do you trawl your firewall logs daily? At the moment, Conficker is pretty much just sitting there, waiting to do something. You might not even know you have it.
Ah. You're using XP Home. You have the fine grained options under XP Pro.
Fascism starts when the efficiency of the government becomes more important than the rights of the people.
I once used Windows XP in that mode. Where everything and its dog was locked down by the ACLs. It was pretty nice to know that a virus could really only frag my (backuped) user account.
I know you meant "backed-up," but now I'm picturing a creature that walks with its back.
Don't you wish your girlfriend was a geek like me?
The last time I tried to lock down windows boxes and user accounts, it all came to a screeching halt because the accounting people had to have Quickbooks and Quickbooks absolutely would not run any time it decided (seemingly randomly) that it just had to modify it's own .exe with an update before it could even conceive of doing anything else ever again.
Net result, either make the most security sensitive app in the organization vulnerable full time, make everything vulnerable part time by giving the office people (who only knew how to use Windows by rote) an admin account, or create an endless stream of urgent support requests at the worst possible times.
That's not strictly Windows' or MS's fault, except that they're the ones who "trained" all those 3rd party developers to assume everybody is root all the time.
The options are there but they are pretty hidden.
Yes we IT guys know the non dumbed down user admin tool is in administrative tools-computer management (I think this is availible on both home and pro) and how to disable "simple file sharing" (this can only easilly be disabled on pro) but most people are only going to notice the dumbed down options in the users section of control panel (if indeed they bother creating multiple users at all).
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
any other links?
Living in Chile
Uh, no. I just checked on an XP Pro machine and under the "User Accounts" option from the Control Panel, I select "Change Account Type" and the only options there are "Limited User" and "Administrator".
.... I'll probably be modded down to "Troll" again for pointing out the truth -- just because the truth happens to paint MS in a bad light. Are people paid to support MS on /. or do they just do it because they love MS?
Note that I did not say that more fine-grained permissions are not available, it's just that they are difficult to find (for the average user). Another person replied to your post and confirmed what I had written.
Even if this were only XP Home, what of it? If MS makes it difficult for users to configure a user account so that it has the necessary permissions without the account being an Administrator, is is surprising that users set their accounts to be Administrator? If MS does all manner of things in the name of making it easier for the user. In this case, MS has made it difficult for the user to configure a secure and useful user account.
Meanwhile
The real "Libtards" are the Libertarians!
ZOMFG!!!
a linux virus infected 3500 machines 7 years ago!?
man, you put me to silence about win-vs-linux security!
I will instantly stop mocking windows for the dozens of botnets that spawn every day and have several hundred million PCs infected so far and infect tens of thousands of PCs every day...
The MAFIAA is a bunch of mindless jerks who will be the first up against the wall when the revolution comes
Yes, someone else pointed out that UAC requests a password if you aren't an administrator--which is, of course, correct.
It's not even non-admin users that I'm talking about. You can apparently require the password to be entered on UAC prompt, even for an Admin account. Ooh, let me go find it....
http://en.wikipedia.org/wiki/User_Account_Control#Features
From that link:
There are a number of configurable UAC settings. It is possible to:[10]
* Require administrators to re-enter their password for heightened security;
* Require the user to press Ctrl+Alt+Del as part of the authentication process for heightened security;
* Disable Admin Approval Mode (UAC prompts for administrators) entirely;
(emphasis added)
In theory, your WinSudo could have the same level of protection as a sudo command prefix, based on what I read here.
Again, though, like I said, I haven't actually messed with UAC settings before in Vista. I could be mistaken, because the Internet isn't perfect.
Let q be a radix > 1. I am in ur base-q, killing 10 d00ds.
That's pretty spiffy, actually! I think it might even beat out gksudo, since ctrl-alt-del generates a non-maskable interrupt.
My university uses AFS to achieve these more complex access rules. It is very easy to use and understand.
For some reason, my XP Pro machine here at work gives me a fine-grained dialog box to start.
Fascism starts when the efficiency of the government becomes more important than the rights of the people.
VERY well done, indeed!
I bow thrice in thy honored direction!
Guaranteed! This comment 100% Anthrax free!
Which of course means users can lock the Admin user out and then forget their password. The admin then just has to go through one of many security holes to change it back.
MS Windows security is like Brittany Spear's underwear. If it's even there at all it is excessively frilly and elaborate without actually covering much and still easy to remove.
In other words, it's really there just for show IMHO.
Which of course means users can lock the Admin user out and then forget their password. The admin then just has to go through one of many security holes to change it back.
I don't get this. Lock the Admin out of what? Access to the file? The Administrator can always take ownership of the file.
Amazing. the worm has already spread to change its own threat level.
We're all going to die.
If you can read this, I forgot to post anonymously.
The module is named downadup.c not downandup.c, so unless you are suggesting the virus writers are PC, get a clue!
The implications of these connections are as follows. The systems that performed these connections employed applications that computed a set of Conficker A domain names. However, these systems employed the Conficker B URL string request, which Conficker A victims are incapable of producing. Furthermore, Conficker B victims include a trigger to prevent connections to any Internet rendezvous points prior to 1 January 2009. This temporal trigger, along with the targeting of a Conficker A domain, indicates that these victims cannot be running B. Thus, these connections must either be associated with a hand-generated request with awareness of variant B's URL format, or a variant application that combined both functions with A and B, i.e., a hybrid test application. The Kiev Ukraine geolocation of connection 1 offers further potential interest because Kiev is also associated as a registered location of Baka Software (baka.kiev.ua).
Is it that difficult to get a warrant and a search for these guys? It seems pretty obvious to me they are responsible.
I.O.U One Sig.
What's the proper voice to read this in? Comic Book Guy? Morgan (Freeman)? Alan Rickman? There should be a video montage somewhere...please don't leave out Dogs and cats living together!
WARNING: Smartphones have side effects--most of them undocumented.
I just read several articles on this virus, including TFA and some links on that page, as well as few other sources.
Something started bothering me about all this.
I asked myself, "What damage is it doing?", and, aside from some DDOS attacks, which appear unintended and pretty limited in scope, there is really only one thing left.
It appears to be inoculating computers against tampering by MICROSOFT, and not much else. Now, that statement might sound obvious, but the intent may not be so obvious.
Suppose, just for a moment, that the person/persons behind this virus are acting from a purely ALTRUISTIC motivation, and that their goal is not to remove control of computers, but to keep Microsoft from doing whatever the hell it is they want to do?
"Microsoft Genuine Advantage" and numerous other "protections" are used by Microsoft to slipstream DRM onto everyone's machines, this virus blocks it, along with all the other sneaky, under-handed stuff Microsoft does with "patches" and "hotfixes".
I got modded troll in another post when I stated, jokingly, that everything that I did to keep Microsoft's fingers out of my Windows machine, manually, this virus does as well. This virus stonewalls Microsoft in almost precisely the same fashion I did.
Another thing that got me thinking was the fact I could not find a single source that said that this virus cripples AV software, rather then just protects itself from it. If it keeping the rest of the AV software functioning, just what, exactly, is this virus damaging?
Aside from the OBVIOUS issue of having something out of your control on your machine, how is what this thing is doing any different from what Microsoft itself is doing?
Could this all be the efforts of some, well-intentioned, Irate Microsoft Hater trying to protect us all from the Borg assimilation?
It sounds like these worms would be so much more elegantly architected using erlang. When will the worm industry finally escape its Windows/x86 ASM legacy and enter the wonderful world of distributed, functional dynamic programming?
I must be dumb.
If they knew which domain(s) worm will contact for updates, why didn't they ("authorities", let's say) give worm the updates? They could've disabled it or do million other things.
Welp.
Does anybody know if Microsoft has ever offered a reward for the capture of a virus creater, as they have with this one?
Reference:
http://www.microsoft.com/presspass/press/2009/feb09/02-12ConfickerPR.mspx
> and then just recompile that particular program.
Not that easy.
Colorless green Cthulhu waits dreaming furiously.
It's as if they are leaving their fingerprints all over the crime scene.
Modding me -1 troll doesn't make me wrong.
``I run XP Pro behind a router. No AV, no anti-malware of any kind. I'm just not a fucking RETARD, hence I don't have a Conficker infection.''
It's nice to be able to point and laugh and feel superior, but keep in mind that the only kind of retard you need to be for malware to hit you is a retard who doesn't know enough about computer security. You can be such a retard and be brilliant in another field. I know I am not an expert in everything I deal with, and I am willing to bet you aren't, either.
Understanding how a computer works and how computer security works takes not only a measure of intelligence, but also the time and dedication to actually study it. Personally, I understand why people don't do so, and I don't think they should be required to do so, either.
Most people who use computers use them as tools to accomplish a task. They have better things to do than becoming computer security experts. The same goes for me and driving cars: I drive almost every day, but I wouldn't know where to begin to service the car, let alone that I would be good enough to keep the car safe. The same goes for many other drivers. Yet, we don't see many people dying or getting injured from failing cars (at least, not in my country). The reason is that (1) cars are required to live up to a certain standard of safety, and (2) cars are serviced by people who do know what they are doing.
Applying the same to computers, I think we can use the same solutions:
- Encourage software vendors to ship more secure software (whether by buying preference, by law, or holding them (partially) liable for damages, or some other means)
- Have computers serviced by knowledgeable people
For example, I could imagine a sort of lease model: pay a monthly fee and get a computer on your desk, with regular maintenance, backups, etc. performed for you.
Please correct me if I got my facts wrong.
I don't know what you're talking about. I don't see this alleged update anywhere in Synaptic.
Surely I'm not the only one sitting here with a mental image of the Conficker worm Authors and their intentions. Hitler-esq guy sitting in front of computer "heheheh" "All your base are belong to us" Surely????? - Come on mad power tripping malware author.
+n insightful
Of course I meant for the enterprise environments already running windows, who don't want to pay money
for setting up and configuring servers in a linux environment, however ubuntu desktop at the workplace works quite well, without extra configurations etc... you just need a good install package.
So to change people's desktops over would not cost you much, except just giving them a bit of training in knowing which apps to use in replacement for their windows counterparts.
That's just way too funny, but that is what I meant about using linux for desktops only, not for servers..
Well, my sister-in-law called and her computer won't boot. Another *&)(* rootkit/worm/virus, most likely. And I just disinfected it at Christmas. Who knows which one this time around. It could be a game that the kids downloaded, or it could be something else. So in the end, running Linux hasn't helped me at all :-). If I could just get them to use Firefox, it would probably help some...
I guess this counts as a shameless plug, but I wrote about this using a sci-fi, self replicating minefield as an analogy: Controlling a Minefield. As someone else said, it simply comes down to digital signatures, though it doesn't even need to even be that complicated to do simple things.
Any method of generating a problem and its solution at the same time, where the problem is very difficult to solve, would work.
For a simple approach as an example, before the worms are spread, various one-time commands could be set up by first finding two large primes, multiplying them together, and storing that composite in the worms and associate it with a command. Finding the two primes from the composite is impractical, but if the authors wants to issue a command, they just broadcast the two primes. It would be easy for the worms to verify that these are the correct primes, and then execute the corresponding command.
This can also be done with the knapsack problem.
Traditional unix permissions leave a lot to be desired in my experiance.
1: there is no inheritance of permissions. That means if as the admin I make a directory that is supposed to be shared by a group read/write for the group anyone in the group can create files in there but they can't edit files created by each other.
2: Only the admin can create groups making it impossible for users to make thier files availible directly to each other.
3: only one group can have access to a directory making group management a PITA.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
2. That's easily fixed with suid'ed utils.
1,3. That's easily fixed with POSIX acls. For example, "/dev/audio" usually uses them.
But these examples rarely occur on home computers.
indeed, posix acls fix all the issues mentioned above and (unsurprisingly) are really not hugely different from windows permissions (there are differences but those differences are minor details).
Unfortunately on linux (at least on debian and it would appear from my searches probablly ubuntu too) acls seem to be rather a second class citizen compared to traditional unix permissions. I have to install a special package and set a special mount option before I can use them at all and then it seems I can only view and set them from the command line.
Also I would argue the only reason theese rarely occour on home computers is because most home users don't bother with seperate user accounts for each familily member or if they do they just leave the premissions wide open.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
GNU SLASH LINUX, you insensitive clod!
Sorry. Comes from the germanth Language. Am i on used. Must thou forgive. :D
Any sufficiently advanced intelligence is indistinguishable from stupidity.
My sig is:
--
To start Windows, I run K -> Games -> Windows XP!
Any sufficiently advanced intelligence is indistinguishable from stupidity.