Slashdot Mirror
Fears of a Conficker Meltdown Greatly Exaggerated
BobB-nw writes "Many have been worrying that the Conficker worm will somehow rise up and devastate the Internet on April 1. These fears are misplaced, security experts say. April 1 is what Conficker researchers are calling a trigger date, when the worm will switch the way it looks for software updates. A 60 Minutes episode about the worm on Sunday will stoke concerns. But the worm has already had several such trigger dates, including Jan. 1, none of which had any direct impact on IT operations, according to Phil Porras, a program director with SRI International who has studied the worm. 'Technically, we will see a new capability, but it complements a capability that already exists,' Porras said."
Maybe I'm wrong here, but doesn't it make more sense to get everyone trying to fight this virus/bot/whatever early rather than wait?
After April 1st, this thing will be drawing from more domains than can be blocked for future updates. It sounds like it'll be much more entrenched and difficult to combat if that happens. So this advise sounds a lot like 'Well, the gangrene has spread from your foot up to your knee, but it's not a problem'.
Seems like Windows Update is always failing with random errors. Maybe MS could buy up this technology to fix their own? ;)
Current Windows inherited most of its security problems from DOS and Win16. In fact Windows XP was the first "home desktop" Windows (given 2000 was marketed for office use) to use memory protection at all. Prior to that a process could read/write anywhere, which effectively meant there was no security of any kind.
And since most applications require administrator access to run at all, including most server applications, even having memory protection is reduced to the effectiveness of chewing gum. With administrator access, any application can insert itself as a shim into any other application.
Then even when you do narrow down to the few applications that run with pure user access, and run that way all the time, there are plenty of privilege escalation holes to get that administrator access back.
It's swiss cheese from the ground up. Users cannot be expected to be tech geeks just to be basically secure. Certainly if they run an untrusted binary, their personal files are forfeit, but by no means should that be allowed to spread to the whole system (of potentially thousands of users) nor the whole network via server software running as administrator.
Sam ty sig.
If everyone were using something else. Lets say linux or OSX Then whe worms would be tailored for those environments.
I'd like to see a worm tailored to my custom-compiled hardened 64bit gentoo. Linux is not a monoculture, only in source code form. You cannot target it the way you do windows.
You mean having 10x users would reduce the number of different configurations? I don't know what you're smoking, but give me some.
Actually, it would probably be safe to assume that it would. Mass take-up of Linux would either require or force standardisation, and with that would come a form of 'same-ness' that would be open to attack.
While what you say is technically true, (no OS is completely immune to malware) Linux simply has more hurdles that malware must jump over before a system can be infected. (people typically not running as root, fewer ports open, most software coming from "sterile" sources like official repositories, etc.) At least one of these obstacles is usually enough to stop most infection attempts before any damage is done. However, when users get lazy or careless and bypass these lines of defense, infection is possible if there is a type of malware able to exploit the opportunity at that exact moment.
"It is a denial of justice not to stretch out a helping hand to the fallen; that is the common right of humanity."
They might try to tailor their junk for these environments, but it's like the difference between a normal car (windows) and a car coated with teflon with a motion sensing machine gun on top (OSX/Linux), with the worms/viruses/malware being a type of graffiti paint.
Graffiti will stick pretty well to a normal car (and if you tend to stop in the more seedy parts of town than others, you have more of a chance of having your car "tagged" too), but it's not going to be very effective on the teflon coated ones and the owner is going to have to be silly enough to log in as root to disable the guns so the criminals can get close enough in the first place.
The argument that the reason why windows is being attacked is because it has a majority share is an ass backwards way of thinking about the issue.
Windows is targeted because it's "security" is inherently flawed, it's security isn't flawed because it's being targeted. The fact that it has a majority share is just an added bonus for these people, but it has nothing to do with the underlying problem, (though it certainly does help the problem grow by orders of magnitude).
I'm reminded of Dan Dennett's Ted Talk where he insightfully points out that, we don't like chocolate cake because it's sweet, it's sweet because we like it.
Another way of looking at it is like this... Houses aren't unoccupied, unalarmed and filled with artwork, expensive stereos and silverware because someone wants to break into them, someone wants to break into them because they are unoccupied, unalarmed and filled with artwork, expensive stereos and silverware.
If OSX or Linux took a majority share of the desktop, the problem wouldn't shift like you are thinking it would. Granted, there would be an uptick in attempts and there will inevitably even be a few holes to patch up that were previously unknown, but there certainly won't be an equivalent to the 100,000+ viruses that exist for Windows.
Why are we discussing Windows/Linux/OS X preference at all?
If you want a system that's not vulnerable to Conficker, Koobface, Torpig, Storm, Antivirus 2009, Bitfrost, Sasser, MyDoom, Sober, Sobig, Welchia, Blaster, Nimda and Code Red, you need look no farther than "anything that's not Windows".
Help stamp out iliturcy.