Symantec Wants To Use Victims To Hunt Computer Criminals

Hugh Pickens writes "Business Week reports that security experts plan to recruit victims and other computer users to help them go on the offensive and hunt down hackers. '"It's time to stop building burglar alarms to keep people out and go after the bad guys," says Rowan Trollope, senior vice-president for consumer products at Symantec, the largest maker of antivirus software. Symantec will ask customers to opt in to a program that will collect data about attempted computer intrusions and then forward the information to authorities. Symantec will also begin posting the FBI's top 10 hackers and their schemes on its Web site, where customers go for software updates and next year the company will begin offering cash bounties for information leading to an arrest. The strategy has its risks as hackers who find novices on their trail may trash their computers or steal their identities as punishment. Citizen hunters could also become cybervigilantes and harm bystanders as they pursue criminals but Symantec is betting customers won't mind being disrupted if they can help snare the bad guys. "I'm convinced we can clean up the Internet in 10 years if we can peel away the dirt and show people the threats they're facing," says Trollope.'"

Re:The World is America?

[Romancer]

And the countdown to a DOS via spoofing a report to symantec of malware propogation..... Begins.

Re:such a john wayne

[Runaway1956]

1. Users are mostly idiots. An educated idiot is still an idiot.
2. Despite lame excuses about "market share" that MS uses for their frequently exploited vulnerabilities, there isn't a system that CANNOT be hacked.
3. The best standards and coding practices can probably only hope to reduce exploits by about 80 to 90 percent.
4. Damn good idea. Next time you meet a marketer, shoot him. We don't need his genes in the pool.

I need a job ...

[neonprimetime]

... will somebody victimize me so that I can put it on my resume?

Re:Hmm, tip line? Vigilante? or just more info?

[davidphogan74]

The example in the article is even misleading, since it was a Facebook account that was hacked, who knows if the hackers ever touched the system of the user. He may have just used the same password too many places. I'd assume Facebook isn't using Norton Internet Security, so I'm kind of wondering what cases this will really make a difference in. Most worms/viruses even don't come from the creator's PC, but infected zombies.

Re:such a john wayne

[cmiller173]

there isn't a system that CANNOT be hacked.

Hack mah abacus, n00b!

I kick the table your abacus is on causing the beads to shuffle about randomly.

next.

Re:such a john wayne

[hairyfeet]

Wow, you should have at least put "educate users" lower on the list, so you wouldn't fail right off the bat like that. I have been building, repairing, and selling boxes since the Win3.x days, and educating users=UBERFAIL. Why? Because of what i call "the Velma problem". You see all you have to do with Velma is send her something that says..ohh I don't know...."Happy_Puppy_Pics.scr.exe" and guess what Velma will do? If you said turn off her AV because the email tells her she has to before running her new screensaver/malware, you are right.

I had one customer that brought in a Toshiba laptop that had over 3400! viruses. The final count IIRC was something like 3467. It took nearly two hours under power to get to the desktop, but the boss wanted to see if it "broke the record" of 2700+ he found on one machine. Turned out you could put the word "lesbians" on just about anything and he would click. Lesbian_xxx_passwords.txt.exe, Hot_lesbians.avi.exe, etc. You get the picture.

So you see, education=UBERFAIL. It will always equal fail because the malware writers know about this thing called "social engineering" which will make otherwise normal and sane people do incredibly dumbass things, just by waving the right prize in front of them. For some it is sex, for others greed, for Velma it is cuteness. pretty much the ONLY way to remove the "Velma problem" would be to give them locked down thin clients with no rights to do much of anything, and Joe Average ain't gonna put up with that. Oh, and FLOSS guys PLEASE don't say "Linux Security" would fix it, as I tried that once with one of the porn guys, with either PCLOS or Mepis, can't recall which. He managed to complete bork the machine in less than 3 days. The poor thing wouldn't even boot anymore. How? He decided he didn't like that package manager thingie, so instead googled "Linux software" and ended up in dependency hell from a bucnh of crap he downloaded and installed from Freshmeat. Like the movie said "Stupid is as stupid does". All you can do is try to minimize the damage they can cause and clean up the mess afterwords. Sad but true.

Re:Huh? Clean up the Internet?

[wagnerrp]

Right now, it is not illegal, wrong, immoral or forbidden to have a computer owned by a botnet. This means that if my computer at home is infected nothing will stop it from doing whatever its little botnet commander wants it to do. And my ISP will not do anything to prevent or deter this computer from stepping on the rights of others in any way possible.

Maybe 7 years ago, my sister's computer got caught into a botnet. Someone had loaded mIRC and a bot, and her computer was off trying sequentially to find more machines to infect. We got dropped offline, and our modem was blocked from reconnecting.

That evening, I called the ISP tech support, explained what was going on, and explained why we were disconnected. He turned our connection back on, and a couple seconds later, the scans started up again. He then proceeded to walk me though telneting into the modem, watching the NAT states to see which internal IP was causing the behavior, and then tracing that back to the machine that was infected so I could clean it.