Slashdot Mirror
The Birth and Battle of Conficker
NewScientist has an interesting look back at the birth of the Conficker worm and how this sophisticated monster quickly grew to such power and infamy. "Since that flurry of activity in early April, all has been uneasily quiet on the Conficker front. In some senses, that marks a victory for the criminals. The zombie network is now established and being used for its intended purpose: to make money. Through its peer-to-peer capabilities, the worm can be updated on the infected network at any time. It is not an unprecedented situation. There are several other large networks of machines infected with malicious software. Conficker has simply joined the list. The security community will continue to fight them, but as long as the worm remains embedded in any computer there can be no quick fixes."
If your ISP provided a free service where it would text or phone you and offer to help clean up your systems if it detected malware-ish behavior coming from your computer or network, would you sign up?
The only gotcha is that you would be inviting the ISP to watch your traffic.
OK, this is slashdot, so most people would say "no," but how many regular people would say "yes" and would that make much of a difference?
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
But its hard to tell... care to elaborate?
There are more than you think. Old home computers are quickly becoming Linux computers.
There are a lot of independent techs out there who service the lion's share of home computers. Yes, Best Buy and the like get a lot, too. But they can't compete on quality service with the little guy (due to overhead), so they have to keep themselves going through quantity.
I know a handful "home computer techs" - people who work out of their house or have a small one-room office somewhere. They're making ends meet and keeping their families going by doing this while at the same time putting linux on computers that are only mildly useful for anything beyond XP (and sometimes even XP, eg. 256Mb RAM).
More often than not, the system is in need of a reinstall anyway due to some combination of users messing them up and malware. It's like scoring a 3-pointer at the buzzer, in terms of removing an infection vector.
I'm one such person, while I'm unemployed. I'd say maybe one out of 5 of the computers that come to me leave with Linux installed. Those satisfied customers then refer their friends and family. Not much repeat service, but quite a few referrals. It would also appear that people are oddly appreciative for preventing them from installing all that crap as well - "it just works nice and fast and there are no pop-ups".
Not only that, but when someone upgrades their computer (and they've got the proclivity to tinker) they'll do something with the old one. Linux has picked up a lot of mindshare, and I know many of the so called "tech savvy" types (who still need someone who knows what they're doing on occasion when they can't recover or get stuck) are doing this.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
If only we consider more thoroughly what single thing they all have in common, we might be able to find a cure.
Help stamp out iliturcy.
I routinely encounter people who have disabled windows update because they believe Microsoft is out to get them. They worry that the updates their computer nags them about are filled with unnecessary crap. Crap that will spy on them, display advertisements, install toolbars and hijack their machine. I think this is largely due to some weird cultural concept that Windows is both evil and necessary. In truth, it's neither.
In theory they're not actually morons ;).
;).
Because in theory it's impossible to solve the halting problem.
In theory users have to figure out whether a program is safe (analogous to "halt") even though
1) They don't have the actual true description of the program
2) They don't know the full inputs of the program
And that's a harder problem than the halting problem
While you could say - nobody should install anything that's "Not Expert or Vendor Approved", to me that's a rather dismal state of things.
Things could be so much better. Really.
For instance if you had an O/S that will require applications/applets to list out the type of access they require.
Then the O/S can provide a meaningful and TRUE description to the user of what the application might do.
And the O/S can also enforce the limits of the access.
So if something says it's a screensaver, it's only going to get screensaver access. It's not going to be able to make recordings from your microphone and webcam, and send them to Elbonia behind your back. It's not going to be able to write to anywhere other than it's own designated scratchpad area, not even your USB drives.
And that would be a secure modern O/S.
Then you can tell your "morons" - "You can install whatever stuff you like, unless the O/S gives you that red warning dialog box about the program requiring full user or system privileges".
In terms of security, most current O/Ses aren't even better than what was available 40 years ago. Heck, Unix is a watered down Multics.
They're just decorated with fancy graphics and animations so most people think they're advanced.
Yes, Vista does have some sandboxing, but the way MS has implemented stuff makes many people turn off many of the protections. So they'll become the next hosts for the next Conficker.
As for Linux, Apparmor and SELinux don't appear "Desktop Ready" yet.
I'm tired of this meme.
The thing about worms like Conficker is that they absolutely do not rely on user interactivity with some sort of trojan interface. No, "CLICK HERE FOR FREE PORN!" or, "DOWNLOAD THIS APP AND GET GREAT WAREZ!" apps.
Conficker spreads site to site silently through vulnerabilities in Windows.
Yes, it's possible to own *NIX boxen via trojan horse deployments, but for home users who aren't running apache, mysql, openssl, ssh, ftp, gopher, BIND, etc. the non-user infection vectors dry up. This is because Windows *sucks* for system security. While it's possible to pull privilege escalation on *NIX machines, and other OSes, often, they're a pain in the ass and usually require specialized setups(certain version of MySQL running with certain version of Apache, with... etc). Home users really don't have to worry about Samba file/print sharing owning their machine like NetBIOS on Windows users have to worry about their machines being similarly owned.
Sure, disabling autorun, running firewalls, virus scanners, etc. is great computing practice, I think it's more to expect from a typical home user who just wants the damned thing to work regardless. Lots of people use a computer thinking it's, well, a computer. Not a car, or a fax machine or a rifle that every so often needs to be broken down and maintained. Nor should it be. Modern file systems are virtually self-optimizing and aside from system updates and making sure there's room on your disk, which NO OS can really claim to do for you, unless you count Apple's MobileMe/.Mac service, even then it's only 20 gigs, most modern OSes can just be used on end with out much worry. Except most machines aren't running with components designed in this decade, they're often running Windows.
Non impediti ratione cogitationus.
It may not be popular on /., but Windows isn't the main problem here. The core of the problem is people not giving a shit about the security of their system. Whether that system is Windows, Linux or Mac is irrelevant.
Windows has reached a point where it can be considered "fairly secure". There are few known security holes, and none that can't be fixed with a little system tweaking and putting a router in front of the machine. But what can the system do if the user is the main point of failure, when he grants everyone any kind of privileges?
Take a look at the Dancing pig problem. In a nutshell: "Given a choice between dancing pigs and security, users will pick dancing pigs every time."
A webpage promises the user what he wants to see or do. Firewalls and security systems ring alarms because what the page actually will do is install malware. But the user clicks it away and allows it in. Because he wants to see the dancing pigs (or install a crack, or see some pron, or ...).
What system could avert that? Only one that does not allow its owner to do what he pleases. Do we want machines that we don't own but that only install what's "good for us"? I wouldn't want to go there...
As long as people don't give a shit about their security, this problem will not end. Be it with Windows, Mac, Linux or FantasyOS. And people will not give a shit about their system's security and whether their system is a threat to the rest of the internet as long as they are not held responsible for their system's actions.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
You are talking about servers which have these things called Linux administrators, or Guru if you will, that actually read security bulletins, patch on time, have IT experience, etc. This makes them a lot harder target than Velma.
Everybody, meet Velma. Say hi Velma-(Hi Y'all!)
Working in PC repair and sales since the days of Win3.xx, when dinosaurs roamed the earth as my oldest puts it, I have found Velma to be a VERY typical Windows user. She rarely if ever patches because it scares her that it might "break" something, if it wasn't for me should would be running the Norton that expired in 2004 for an AV, and worst of all, like WAY too many of my customers, she has a serious weakness. In Velma's case it is her BFF Kim. You see, her BFF Kim is what some of us in the biz call a "click whore", in that she will click on ANYTHING. Spam attachments, chain letters, you name it. And Velma will ALWAYS trust her BFF Kim no matter what to tell her. Now please enjoy an ACTUAL account of my working with Velma-
/Me/Velma, that is a password protected zip file. It is even telling you to turn off the AV before opening! It is a Virus, do NOT open that!
(Velma) Ohh...You worry too much. It is from my BFF Kim! She wouldn't send me anything bad! See, it says "happy puppy pics!" Isn't that nice?
/Me/ Velma, it isn't pics. Pics end with .jpg. That is Happ_Pup.exe! That is a virus! Do NOT run that! (Velma) Oohhh...drink decaf, it'll be fine! See it has Kim's name on it and everything! /Velma turns off and ignores AV warnings, runs .exe, popups start sprouting everywhere and the network crashes from all the activity/
(Velma) Whoops. But it MUST be a trick, because my BFF Kim wouldn't do that! /Me/.....
NOW do you see why Linux "security" wouldn't be worth a bucket of warm spit if Linux got all the Velmas of this world? If you ever do manage to get Velma and Kim and all their little buddies onto Linux your good friends at the Russian Business Network and their friends in China and Nigeria would be sending "Happ_Pup.sh" along with easy to follow instructions on how to run it. And Velma and Kim WOULD run it, no matter how many times you told them not to. It is simply the dancing bunnies problem and short of forcing Velma and all her kind to run locked down thin clients with no rights at all to their own machines Linux will NEVER fix it. Sorry.
ACs don't waste your time replying, your posts are never seen by me.