Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Readying Massive Real Time Threat Intelligence Feed

Posted by samzenpus on from the dangers-of-the-day dept.

chicksdaddy wrote in with a link to a story about a Microsoft project that will share security information in real time with customers and law enforcement. The article reads "Microsoft has proven that it can take down huge, global botnets like Kelihos, Rustock and Waldec. Now the company is ready to start making the data it acquires in those busts available to governments, law enforcement and customers as a real time threat intelligence feed. Representatives from the Redmond, Washington software maker told an audience at the International Conference on Cyber Security (ICCS) here that it was testing a new service to distribute threat data from captured botnets and other sources to partners, including foreign governments, Computer Emergency Response Teams (CERTs) and private corporations."

89 comments

  1. Bad idea by Anonymous Coward · · Score: 3, Interesting

    sounds like a violation of the users' privacy

    just because my computer is part of a botnet doesn't mean I have agreed to have my IP and other info sent to government agencies, especially foreign governments

    1. Re:Bad idea by Bananatree3 · · Score: 4, Informative

      Son - you've got other problems if you're on a bot net.

    2. Re:Bad idea by bstag · · Score: 5, Funny

      99 problems but a bot net ain't one.

    3. Re:Bad idea by Anonymous Coward · · Score: 1

      Yeah, and if your car is stolen and used for a bank robbery, that doesn't mean you've agreed to have your plate and description of your car distributed to Government agencies!

    4. Re:Bad idea by viperidaenz · · Score: 2

      I think you nearly got the car analogy right.
      If someone steals your car for a bank robbery, is [americas most wanted/other tv or news show] allowed to say the police are looking for a car with a licence plate xyz1234. I would hope so.
      you don't own your ip address, like you don't own your license plate number

    5. Re:Bad idea by CanHasDIY · · Score: 4, Insightful

      If you've failed to secure your computer then you've waived your right to privacy

      Uh, no.

      According to your "logic," or in this case lack thereof, if you leave the doors to your home or car unlocked, you've 'waived your right to privacy,' i.e. government agents are free to ransack your belongings, place surveillance devices in and around your home/car, take what they like, et. al. Fortunately for all Americans (even the stupid ones), we have a number of Constitutional rights and amendments that protect us from that sort of mentality.

      Not only is that an ignorant way to view the world, it's incredibly dangerous to those of us who actually value our privacy, but don't want to live in a constant state of paranoid escalation, in which the only way to have even a modicum of privacy is to continually waste money on bigger and better locks. That's the sort of shit thought process that results in people getting sued by peeping toms for walking around the privacy of their own homes nude.

      --
      An enigma, wrapped in a riddle, shrouded in bacon and cheese
    6. Re:Bad idea by epyT-R · · Score: 2

      who decides what belongs on the shame list? authority uses this game all the time to badger people it considers a threat to its power. if everyone got a chance at that list, we'd have no rights at all.

    7. Re:Bad idea by g0bshiTe · · Score: 1

      For the average citizen it's much harder to get my personal info from my license plate number than from my IP address.

      You can not continue to probing my house from knowing my plate number, but you can probe my home network with my IP.

      --
      I am Bennett Haselton! I am Bennett Haselton!
    8. Re:Bad idea by lennier · · Score: 2, Interesting

      According to your "logic," or in this case lack thereof, if you leave the doors to your home or car unlocked, you've 'waived your right to privacy,' i.e. government agents are free to ransack your belongings, place surveillance devices in and around your home/car, take what they like, et. al.

      Replace "house" with "car" and yes, that's pretty much exactly what happen at the moment. If you leave your car doors unlocked and someone steals it and uses it to commit crime, do you really have an expectation of a hard-cre "right to privacy" that would prevent the police from stopping searching that car - even using deadly force against it?

      A non-networked computer is like a house, yes. A networked computer is much more like a car, because it "travels" and interacts with other computers and can break into and destroy them. You really need to know what you're doing when you own one.

      --
      You are not a brain: http://books.google.com/books?id=2oV61CeDx-YC
    9. Re:Bad idea by hedwards · · Score: 1

      I value privacy which is why I keep my machines free of malware, tracking cookies and things of that nature. Anybody that genuinely values their privacy has already gone to lengths to ensure that their machines aren't infected with malware.

      This is very much like leaving your car unlocked with an envelop marked incredibly important industrial secret and being surprised when somebody steals it. Sure they shouldn't have done it, but it's hardly reasonable to assume that nobody's going to steal something that's clearly valuable.

    10. Re:Bad idea by hedwards · · Score: 1

      That's not really a complicated matter, just make it a three strikes and you're outed thing and the ISP would be the party that would know about it. The ISPs already have a fair idea as to who is and isn't infected on their network, letting them shame people that repeated refuse to secure their machines would benefit everybody.

    11. Re:Bad idea by CanHasDIY · · Score: 1

      Replace "house" with "car" and yes, that's pretty much exactly what happen at the moment. If you leave your car doors unlocked and someone steals it and uses it to commit crime, do you really have an expectation of a hard-cre "right to privacy" that would prevent the police from stopping searching that car - even using deadly force against it?

      Except that doesn't really work as an analogy, as in the case of botnets, no one is physically stealing your computer and using it for crime; they're stealing a portion of your resources. A more accurate analogy (yet still a very poor one) would be if you left your car doors unlocked, and someone used that as an opportunity to steal your tires, then committed a crime using said tires. Does that mean that law enforcement has a right to search your car, because the tires that came off it were used by someone else, who does not own them or the vehicle, in a crime?

      Of course, upon reading what I just wrote, even I'm having trouble making heads or tails of it... precisely why I fucking hate car analogies in regards to cybercrime. Until the day comes that we have cars with their own remote repair drones ala The Phantom Menace Pod Racers, They just wont mesh up.

      A non-networked computer is like a house, yes. A networked computer is much more like a car, because it "travels" and interacts with other computers and can break into and destroy them. You really need to know what you're doing when you own one.

      No; a networked computer would be like a car, if cars had the capability to transport stuff without ever actually moving.

      --
      An enigma, wrapped in a riddle, shrouded in bacon and cheese
    12. Re:Bad idea by CanHasDIY · · Score: 1

      I value privacy which is why I keep my machines free of malware, tracking cookies and things of that nature. Anybody that genuinely values their privacy has already gone to lengths to ensure that their machines aren't infected with malware.

      Security =/= privacy; I keep my money in a (small, locally-owned) bank, not because I don't want anyone to know how much I have, but because it's a hell of a lot safer there than buried in mason jars in the yard (which, while insecure, would be much more private). Besides, how do you know you're not infected? If the malware producer has done their job right, you won't know until the jack-booted Stasi thugs are kicking in your door and hauling you off to GTMO indefinitely for aiding and abetting known criminals.

      This is very much like leaving your car unlocked with an envelop marked incredibly important industrial secret and being surprised when somebody steals it. Sure they shouldn't have done it, but it's hardly reasonable to assume that nobody's going to steal something that's clearly valuable.

      No, it's not; and even if it were a valid analogy, what does that have to do with the right to privacy, ipso facto, the right to be free from government intrusion without warrant?

      *Sigh* Maybe it's because I'm likely one of a small handful of /.'ers who actually understand how cars work, but damn I hate nonsense car analogies!

      --
      An enigma, wrapped in a riddle, shrouded in bacon and cheese
    13. Re:Bad idea by viperidaenz · · Score: 2

      You don't know whos home you're probing with an IP address. You also don't know if the ISP as allocated the IP to another address since it was published. In most cases its not your IP. A few dollars will get any citizen your full name and registered address from a license plate number.

    14. Re:Bad idea by Anonymous Coward · · Score: 0

      It's like someone breaks into your house and starts running a meth lab. It would be nice if someone told you. If you're a repeat offender for meth labs, there may be a bigger problem.

    15. Re:Bad idea by AK+Marc · · Score: 2

      According to your "logic," or in this case lack thereof, if you leave the doors to your home or car unlocked, you've 'waived your right to privacy,' i.e. government agents are free to ransack your belongings, place surveillance devices in and around your home/car, take what they like, et. al.

      No, but when you've left your car unlocked and the keys in it and someone steals your car and uses it in a robbery, you should expect to have your information handed over to the authorities and hear your license number announced on the radio and images of your car shown on TV related to the crime.

      If you are in a botnet, you negligently allowed your computer to commit crimes. You didn't waive all rights to privacy, but criminal actions by a possession of yours is sufficient to get you under different scrutiny than the average person.

      Not only is that an ignorant way to view the world, it's incredibly dangerous to those of us who actually value our privacy, but don't want to live in a constant state of paranoid escalation, in which the only way to have even a modicum of privacy is to continually waste money on bigger and better locks.

      If you would stop your posessions from committing crime, people would pay less attention to them. It's not like your stolen car is used in a robbery, it's more like someone put in a shed in your yard and cooks meth and sells crack from it and you don't go in your yard much (you have a pool in back, so you don't go in the front much). If the police raided your yard to take down the drug lab, do you think they would or would not search your house as well? Would that action impinge on your privacy? Do you think their actions would have been justified?

      --
      Learn to love Alaska
    16. Re:Bad idea by AK+Marc · · Score: 1

      A more accurate analogy (yet still a very poor one) would be if you left your car doors unlocked, and someone used that as an opportunity to steal your tires, then committed a crime using said tires. Does that mean that law enforcement has a right to search your car, because the tires that came off it were used by someone else, who does not own them or the vehicle, in a crime?

      You are in possession of the computer and actively using it while the crime is committed. I'd be much more like someone breaking in to your car at home, planting drugs, and then later that day, breaking in to your car again and taking them out, making you an unwitting drug mule. Now, if you were caught driving around with the drugs planted on the outside of your car (under the trunk), what do you think the cops would do? I think they'd search the inside of the car. But your assertion is that since you didn't know, you can't be held responsible for the crimes *you* committed. You installed the OS, turned on the computer, and likely installed the malware, even if inadvertently and then later claim innocence. It wouldn't work for a drug mule situation, so what makes you think it should work for malware?

      --
      Learn to love Alaska
    17. Re:Bad idea by AK+Marc · · Score: 1

      If the malware producer has done their job right, you won't know until the jack-booted Stasi thugs are kicking in your door and hauling you off to GTMO indefinitely for aiding and abetting known criminals.

      Most botnets are run off "known" malware detected by every major detection engine. They don't do their job "right" they do it profitably. There's a difference.

      Maybe it's because I'm likely one of a small handful of /.'ers who actually understand how cars work, but damn I hate nonsense car analogies!

      This isn't a question of "car" but law. You drive from home to work. Someone knows people generally work in the downtown area, so they attach drugs to the underside of your car, then follow you to work, take them off there. They repeat this, now no longer following you, as they know where you work and where you park there. If you are pulled over and the drugs discovered, do you think the police will or won't search the inside of the car? Why? How is that analogy flawed with regards to malware?

      --
      Learn to love Alaska
    18. Re:Bad idea by vux984 · · Score: 1

      Replace "house" with "car" and yes, that's pretty much exactly what happen at the moment. If you leave your car doors unlocked and someone steals it and uses it to commit crime, do you really have an expectation of a hard-cre "right to privacy" that would prevent the police from stopping searching that car - even using deadly force against it?

      This is nonsense. What if you DID lock the car? What you took the wheels off too, locked it in a parking garage, and then chained it to a support pillar.

      And then someone stole it and uses it to commit crime.

      Would that be in the slightest bit different?

      Nope. Not one bit.

      So whether or not you left the car unlocked or not is: COMPLETELY FUCKING IRRELEVANT.

      The police will stop it, and search it, and so on, regardless of whether you locked it or not. So why do you think its comparable to an unlocked car and more importantly how is a locked car the SLIGHTEST BIT DIFFERENT?

      So what is your point?

    19. Re:Bad idea by hedwards · · Score: 1

      It's a fair analogy. You failed to secure your premises and you left something attractive to the would be criminal and ultimately you got burned. It's illegal in both cases and in both cases it would be your own damned fault for not securing your property.

      Security isn't privacy, but it is in effect one of the things that you're going to find makes things a lot easier to maintain privacy with. If you don't close your drapes ever you'll find that your next door neighbors can see everything that you're doing. Around here it's even legal for them to watch as long as they do it with their naked eyes from their own property or a legal right of way.

    20. Re:Bad idea by Anonymous Coward · · Score: 0

      I like big bot nets and I cannot lie.

    21. Re:Bad idea by alreaud · · Score: 0

      ... It wouldn't work for a drug mule situation, so what makes you think it should work for malware?

      Lack of awareness of the contraband, and hence lack of mens rea. No dna, no fingerprints on the contraband, personal history, etc. I'd take it to a jury. Even more so with a computer than as with the mule case, well not for me, but for the average Joe Plumber.

      To many people a computer is a black box that works most of the time and really pisses them off sometimes. They would have no clue, other than that the computer was slow or something was popping up...

    22. Re:Bad idea by AK+Marc · · Score: 1
      mens rea isn't required for most laws, despite what you learned from watching Legally Blonde. Or, mens rea is required, but statutorily defined (possession of more than XX grams means there was intent to distribute, even if there was no mens rea for the possession in the first place - it's not required).

      To many people a computer is a black box that works most of the time and really pisses them off sometimes. They would have no clue, other than that the computer was slow or something was popping up...

      I would claim that there was negligence in using an unprotected computer. Much like it's illegal to leave an unattended car running in many places (some claim because of environmental reasons, and others as it's an attractive nussiance). They had mens rea if they knew they were operating a computer, even if there was no intent to join a botnet, much like getaway drivers who didn't know they were actually getaway drivers generally get convicted because the "should have" known, even if they didn't and there was no evidence they did know.

      --
      Learn to love Alaska
    23. Re:Bad idea by Anonymous Coward · · Score: 0

      cannot lie? that's what they all say ..

    24. Re:Bad idea by Anonymous Coward · · Score: 0

      And what if you DID install firewall and antivirus and didn't go to suspicious websites, but your system still was hijacked by a zero-day exploit and begins knocking into other systems and joins a DDoS?..

      In both cases a) you can't expect privacy one it's stolen, b) proper lockdown at least protects against junkies looking for some cash (common malware) and gives some chances against dedicated hi-jackers.

    25. Re:Bad idea by alreaud · · Score: 0

      "despite what you learned from watching Legally Blonde"
      LOL. Unless you're a lawyer don't go there, I've got over twenty years experience as a pro se litigant. I would totally disagree with your first statement. A valid counter example is an individual who is coerced into being an accessory to a crime. Further in your example, one has to establish "possession", i.e. "control over". If one has it kiestered, well obviously one is caught flagrante delicto. But if it sits in the trunk of the car, reasonable doubt is easier to establish.

      Negligence only occurs if one lacks the care that a reasonably prudent individual would use. Lets say granny get suckered into downloading those fake-ware anti-virus apps that float around. Remember, that it isn't about truth or justice, but rather what you can convince a jury to believe. Good luck convincing a jury that granny was negligent in using that rootkitted computer. That will fly with a jury like a pig with little itty bitty bat wings...

    26. Re:Bad idea by AK+Marc · · Score: 1
      If you have over 20 years representing yourself in court, then you have serious problems understanding law. Those of us who have even a passing understanding of how things really work manage much less legal experience. Perhaps you have not only a fool for a client, but a fool for a lawyer as well.

      Further in your example, one has to establish "possession", i.e. "control over". If one has it kiestered, well obviously one is caught flagrante delicto. But if it sits in the trunk of the car, reasonable doubt is easier to establish.

      Guns in glove boxes are "in possession of" the driver. A gun in a trunk is not "in possession" for gun laws. However, there is vast case law establishing that a person is "in possession of" drugs in the trunk. Truck drivers are 100% responsible of things in their trailer. Many times people have been convicted of trafficking based on the contents of their trunk (with the only exceptions being when they convict someone else for the same crime, usually from the testimony of the driver).

      Negligence only occurs if one lacks the care that a reasonably prudent individual would use. Lets say granny get suckered into downloading those fake-ware anti-virus apps that float around. Remember, that it isn't about truth or justice, but rather what you can convince a jury to believe. Good luck convincing a jury that granny was negligent in using that rootkitted computer.

      A reasonable person would use antivurus. You even state that yourself when you say she installed an anti-virus (proving she knew a reasonable person should do such a thing to protect herself). The only issue is that she did not install a real AV when she got the computer. I'd sink granny. She admitted in open court she installed the AV because she knew she needed an AV, so arguing that she didn't know she needed an AV (or that a reasonable person wouldn't) shouldn't get very far. God I'm glad I don't have you representing me for anything.

      And what a "self trained" loser with a history of finding himself in court thinks about what would happen if two competent lawyers were to meet isn't relevant to what actually happens in courts every day.

      --
      Learn to love Alaska
    27. Re:Bad idea by alreaud · · Score: 0

      So what does your eminent display of legal wisdom mean, when you have to resort to ad hominem attacks?
      It means that they didn't teach you the dialectic, O cheese dick member (or wannabe) of the Guild.

      Granny is a reasonable person. She got scammed. Honestly, are you a native speaker of American? WTF are you taking about that a reasonable person would use an antivirus. A Linux or Mac user would laugh at you. Maybe of Windows that's true. Read what I actually wrote, not what you want to read. Or please continue with the American reading lessons.

      Guild Member, I get things accomplished in my neck of the woods. Like getting judges corrupt judges removed. Ever hear of Tim Masters in Fort Collins? But it's not about me, it's about those last words of the Pledge: "... and justice for all".

      To the reading audience, when somebody uses the words "Perhaps you have not only a fool for a client, but a fool for a lawyer as well.", you're probably talking to a member of the Guild that has made a business of justice in America. Whatever, y'all don't win often with me, LOL!

      I have four points for you Guild Member, to correct the perpetrations of the "Guild" in my local community. The self trained looser speaks fairly well, and if the voter listens, your kind will be kicked to the curb like we did with the Monarchy.

      http://coloradoan-anti-censorship.net/forum/ballot-ideas-insure-local-justice

      That is if you can, good buddy, without getting your knickers in a wad.

      The Guild is an old ancient scourge on the West, folks, a tool that served the Crown. The problem is, the Guild no longer has a Crown to serve, so serves itself.

    28. Re:Bad idea by AK+Marc · · Score: 1

      Guild Member, I get things accomplished in my neck of the woods. Like getting judges corrupt judges removed. Ever hear of Tim Masters in Fort Collins? But it's not about me, it's about those last words of the Pledge: "... and justice for all".

      To the reading audience, when somebody uses the words "Perhaps you have not only a fool for a client, but a fool for a lawyer as well.", you're probably talking to a member of the Guild that has made a business of justice in America. Whatever, y'all don't win often with me, LOL!

      I have four points for you Guild Member, to correct the perpetrations of the "Guild" in my local community.

      What is this guild of which you speak? Sounds like you are talking about the Bar Association. Tim Masters had a lawyer (probably many of them, David Lane probably the last he'll ever use in that matter), and it doesn't appear that there were any judges or police removed, but I didn't follow the case as it happened, and just did a little googling just now to read up on your rant.

      Why don't you rant about how you would help people with their legal troubles, but you are banned from it by law by "the Guild". You aren't even allowed to help them help themselves, depending on the help offered. The Man is keeping you down.

      --
      Learn to love Alaska
  2. Found a direct link by symbolset · · Score: 5, Informative

    Internet Storm Center. Apparently it has been up for quite a while. What bright lights of wonder Microsoft hides under their bushel! I wonder what else there is.

    --
    Help stamp out iliturcy.
    1. Re:Found a direct link by Larryish · · Score: 1

      "Microsoft Readying Massive Real Time Threat Intelligence Feed"

      Meh.

      In reality MS just sends the .gov a map of Internet-connected Windows installs.

      Thin end of the wedge, and all that.

  3. data from captured botnets.... by nurb432 · · Score: 2

    And of course any files they happen to find along the way. "IP address x.x.x.x has a copy of the Communist Manifesto"

    --
    ---- Booth was a patriot ----
    1. Re:data from captured botnets.... by The+Grim+Reefer · · Score: 1

      And of course any files they happen to find along the way. "IP address x.x.x.x has a copy of the Communist Manifesto"

      Joe McCarthy has been dead for over 50 years. I think you're safe owning the Communist Manifesto. Searches in your browser history for al-Qaeda might be a different matter.

    2. Re:data from captured botnets.... by nurb432 · · Score: 2

      He may be long gone, but his legacy of paranoia has not.

      --
      ---- Booth was a patriot ----
    3. Re:data from captured botnets.... by The+Grim+Reefer · · Score: 1

      He may be long gone, but his legacy of paranoia has not.

      Nor his epic stupidity. You need look no further than the TSA to find that.

  4. Re:This was suggested on Slashdot by Synerg1y · · Score: 1

    They certainly didn't handle their anti-trust case in such a way.

  5. Huge list of security blogs by Anonymous Coward · · Score: 0

    You can't get much better than this list:

    http://pastebin.com/F1JcZHLz

    It was featured on Cryptome, still is if you scroll down to the Offsite section.

  6. Sounds kinda like... by betterunixthanunix · · Score: 1

    ...the full-disclosure list:

    http://seclists.org/fulldisclosure/

    --
    Palm trees and 8
  7. Re:This was suggested on Slashdot by poetmatt · · Score: 4, Informative

    wow, you sure posted a positive comment about microsoft as a first post again, huh! We know about you and will call you out every time you shit up a thread.

    Not to sideline the reality of this being very questionable, or how this has nothing to do with botnet owners right? Please stop the shillposts and work for someone other than MS. even having you on enemy isn't enough.

  8. What would you do? by Anonymous Coward · · Score: 1

    IBM would turn it into a product.

    Google would integrate this in Chrome and their DNS.

    MS gives it away and wonders why their stockholders are not happy...

  9. Botnet by John3 · · Score: 1

    I do not think it means what you think it means.

    --
    "We make our world significant by the courage of our questions and by the depth of our answers." Carl Sagan
  10. Re:This was suggested on Slashdot by DCTech · · Score: 1

    You really cannot see sarcastic comment thrown at you, can you? And how it relates to botnets, well gee, maybe read the summary

    Microsoft has proven that it can take down huge, global botnets like Kelihos, Rustock and Waldec.

  11. Re:This was suggested on Slashdot by poetmatt · · Score: 2

    do you understand the difference between botnets and *botnet owners?* I didn't say botnets.

    The one I mention actually matters, the other (having botnet data by itself) doesn't mean much unless you have a script kiddie maintaining the botnet who doesn't know what they're doing.

  12. Yeah well... by Anonymous Coward · · Score: 0, Funny

    "Microsoft has proven that it can take down huge, global botnets like Kelihos, Rustock and Waldec."
    Wake me up when they can prove they can prevent them.

    1. Re: Yeah well... by Dog-Cow · · Score: 2

      They know exactly how. Why do you think Windows Phone 7 uses a curated app store, and why do you think they are pushing to do the same for Windows 8? Copying Apple is only part of the story. Ultimately, even a mainframe is vulnerable if the user is allowed to install anything they want.

    2. Re: Yeah well... by AK+Marc · · Score: 1

      Depends on "install". A mainframe is not very vulnerable. A program is run in protected space, then all traces are purged before the next program is run. If you sandbox every program and give nothing root access, nothing is vulnerable. Windows requires "root" access to release/renew IPs and so many other common tasks, it's inherently unsafe. Most programs are installed as "root" as well, and some even require "root" to run. Sandbox everything, protect the kernel, and the malware wouldn't be able to bury itself in the undetectable places it strives for.

      --
      Learn to love Alaska
  13. Re:This was suggested on Slashdot by DCTech · · Score: 1

    For a long time Slashdotters have suggested cutting off internet for anyone who has botnet or malware on their computer. Why are you resisting?

  14. If your PC is generating spam or hack attempts by Anonymous Coward · · Score: 0

    ... then identifying your IP address sounds like a good idea to me. Probably a lot of servers would like to block connection attempts from you, but hopefully some kind-souled outfit will display a message to clue you in that you are persona non grata, so you can fix your problem.

  15. good idea? by viperidaenz · · Score: 4, Interesting
    Just wait till those running the botnets use this real time information as a tool to avoid detection/capture.

    wouldn't it be advantageous if they can tell what botnet behaviours are picked up by the detection tools in real time?

    1. Re:good idea? by schlachter · · Score: 2

      it will always be a game of cat and mouse....no reason not to keep innovating..

      --
      My God can beat up your God. Just kidding...don't take offense. I know there's no God.
  16. Re:This was suggested on Slashdot by g0bshiTe · · Score: 1

    Define cutting off internet.

    With multiple devices in ones home connected to the net, be it several home computers, ipods/pads, dvd or blue ray players, game consoles. I think you should define cutting off internet. Are we talking your ISP blocking your connection, or are you talking about the one device infected being killed remotely by some entity other than the owner of the machine.

    I'd much rather not see a kill flip for some poor schlup that has botnetware running on their system, I think a better approach would be mandatory computer security classes. This would go much further to actually stopping the problem by educating the end user instead of punishing them.

    --
    I am Bennett Haselton! I am Bennett Haselton!
  17. Skynet? by Joe_Dragon · · Score: 1

    Skynet is growing

  18. IF ur going to downmod me trolls? Say why by Anonymous Coward · · Score: 0

    Legitimately why, on computing technical grounds (ala errors I made misleading others etc. technically).

    (No, not just doing a "hit & run" downmod that you have either, because WHEN you do that, you only show us all that's "the best you've got" & nothing more (which means you have squat)).

    * Ah... then again, I am asking a blatant cowardly little worm to be a MAN, not a worm in my request above.

    APK

    P.S.=> That'd be TOO much to expect around /. - home of the "Pro-*NIX troll" online, lol!

    ... apk

  19. Real Time Hosted Threat Intelligence Feed v2.0 by Anonymous Coward · · Score: 0

    A spokesman, on condition of anonymity added: "Once we have this project on the way, Microsoft will start a project that will share more information in real time with qualified entertainment industry customers and law enforcement. We will flag certain search terms in Bing, then notify authorities about those who use them, of course in real time. We envision that we can be busting down doors well before the torrent finished downloading."

  20. Re:This was suggested on Slashdot by forkfail · · Score: 1

    Why are you resisting?

    After all, Resistance Is Futile (tm).

    --
    Check your premises.
  21. insert here... by CohibaVancouver · · Score: 1

    [Insert tired "but Windows is the biggest virus there is!" post here.]

  22. What? by Georules · · Score: 2

    MS proved they can take down botnets largely comprised of systems they wrote the software for? Good work.

  23. Since when did Microsoft get the right to... by Anonymous Coward · · Score: 0

    Search (without a cour order) anyone else's computers? Normally, afaik, only a branch of law enforcement can do what they say they can and are doing, and that only with a court order. Is spying and gathering data on someone legal if you're Microsoft, but not if you're Joe Schmo off the street?

    Who knows, I may be delusional and thinking false and utopian thoughts. If so, shoot me and send my remains to Microsoft.

    1. Re:Since when did Microsoft get the right to... by AK+Marc · · Score: 1

      Didn't you read the EULA?

      --
      Learn to love Alaska
  24. Also readying by Anonymous Coward · · Score: 0

    Massive real-time marketing layoffs.

  25. Cart before the horse by Detaer · · Score: 1

    It would probably be better if the focused their energy on closing security holes and doing their best to stop their consumer operating systems from being the low hanging fruit for botnet makers. I have heard than an ounce of prevention is better than a massive security project to remove the ass of a tick or something to that effect.

  26. So let me get this straight by giorgist · · Score: 5, Interesting

    1. Some "criminal" bot net grabs my private data.
    2. Microsoft infiltrates bot net.
    3. Microsoft hands the data to government in real time. They are not responsible on what the data contains.
    4. Government has my data legally ?

    Does this not sound like the police getting criminals to do their dirty work ?
    What would be the intensive to bring down the bot ?
    How do I know who set up the original bot ?
    Should I trust Microsoft ?
    Should I trust the government ?

    1. Re:So let me get this straight by Bacon+Bits · · Score: 2

      You'd rather trust the bot net operator?

      Yes, I understand (and agree with) your reservations and concerns about what the government would do with such data, but it's really not like the alternative is demonstratively better. Yes, the government *could* abuse this type of information, but a bot net operator can abuse his bots, too. What's to stop a bot from installing a key logger and browser history scraper? Or from scanning your personal files? Or from turning on your webcam?

      Additionally, owners of systems infected with bot net software are the victims of a crime and their systems are themselves being used in the commission of other crimes. Are you going to argue that MS doesn't have an obligation to tell law enforcement about their knowledge of such crimes? What if the bot net is used to coordinate a StuxNet-like attack on US infrastructure?

      Honestly, this sounds like complaining that the police are searching your house for evidence when the neighbors called them about a break-in they saw going on.

      --
      The road to tyranny has always been paved with claims of necessity.
    2. Re:So let me get this straight by Anonymous Coward · · Score: 0

      1. Some "criminal" bot net grabs my private data.
      2. Microsoft infiltrates bot net.
      3. Microsoft hands the data to government in real time. They are not responsible on what the data contains.
      4. Government has my data legally ?

      Does this not sound like the police getting criminals to do their dirty work ?
      What would be the intensive to bring down the bot ?
      How do I know who set up the original bot ?
      Should I trust Microsoft ?
      Should I trust the government ?

      And if criminals break into your house or car you want the government not to deal with it? People get caught with "things they shouldn't have" then as well. When law enforcement investigates a crime of any kind other things sometimes pop up. If you're worries about this being a problem you should just worry about them doing it without a crime being involved. After all, it is possible.

  27. Am I reading it right? by Anonymous Coward · · Score: 0

    Botnets were formed because of malicious guys and an incompetent OS maker (M$) which transfers to its customers the responsibility to complete the software with add-ons which might or not work.

    Then said OS maker intends to deliver the names of its customers to gov't agencies like a chicken to pitbulls?

    You know, I despise Windows buyers as suckers as much as any other Linux or Mac user, and I want something to be done against botnets, but aren't we morally obligated to show some consideration for the mentally impaired?

  28. Re:Microsoft is no hero by benedictaddis · · Score: 2

    Since Microsoft began their Trustworthy Computing programme, they have had a reasonably healthy attitude to security. To say as you do that they 'probably' use security holes in their own products to take over botnets is plainly silly.

    Microsoft have in fact been quite clever in taking down Waledac and other large botnets. The mechanism was not technical but legal: they filed a civil complaint against a number of John Does, which resulted in the judge granting a restraining order. This handed Microsoft control of 277 domain names which had been used to direct infected machines to the Waledac Command & Control servers. Google 'operation b49' for more info.

  29. Re:This was suggested on Slashdot by AK+Marc · · Score: 1
    If your connection is the source of "mal" it should be cut off. Whether a home user, business, or small ISP, the upstream ISP should notify you of all the data they have (IP, times, etc) and cut you off. If you have 20 computers/devices at your home and are spreading malware, why should anyone care it's your phone that was rooted and compromised, rather than your Linux server or Windows gaming rig? You got infected, you got cut off.

    I think a better approach would be mandatory computer security classes.

    They'd work as well as mandatory driver's education classes. People would take them because they had to, and not do what they were taught, even if they remembered it.

    --
    Learn to love Alaska
  30. Re:Microsoft is no hero by AK+Marc · · Score: 1

    Would you like there to be a pop up from the OS stating "you may be infected, click here to download a free scanning tool." I've seen those messages before, and I think they are the cause of, not fix for the problem.

    --
    Learn to love Alaska
  31. Why I already hate it. by Anonymous Coward · · Score: 0

    Starting with the name: Real Time Threat Intelligence Feed

    If only they would have called it: Real Time Intelligence Feed

    but no the word "threat" had to be in there and so it will be political, false flag intelligence

    The only threats: Political and False Flag threats

    You can't trick adults!

    1. Re:Why I already hate it. by alreaud · · Score: 0

      "You can't trick adults!"

      Really? How did President Bush serve two terms, and had us fight a war in Iraq based on WMD?

      "Good thing for rulers that the masses don't think." Goebbels or Hitler, I can't remember which offhand.

  32. Humor in the works... by alreaud · · Score: 0

    It's going to be funny as shit when that there threat database gets hacked by Anonymous or somebody, to ribald rib-breaking laughter online...

  33. Lets make a list! by haltline · · Score: 1

    "Trust us. No one on that list is there because of a mistake or because they are a business competitior or because they have views we don't like or because they have an ugly pet. Once we have enough people using our list we'll establish control over the flow of information and...er... I mean we'll stamp out that pesky varmit infected computers.... yessiree"

    To state the obvious, this is the Information Age. Information is of increasing value, therefore, the control to it's access is of great interest to those who seek power. I hope we're smarter than to let just anyone become the gatekeepers of the sum knowledge of mankind. I want us to consider carefully what mechanisms we put in place controlling the flow of information now that it is a great commodity. I wonder if we are smart enough to require acceptable behavior from those we entrust with such power. I fear we are probably screwed.

  34. Re:This was suggested on Slashdot by Alien+Being · · Score: 1

    MS leaves thousands of gates and windows open and then struts around like Barney Fife when it catches a few kids sneaking through. Are you as clueless as you seem or are you just messin' with us?

  35. Am I reading this correctly??? by Anonymous Coward · · Score: 0

    IBM supplies data to the Nazis now Microsoft supplies data to the US Gov't. Hmmm! I think Gov'ts are scared. Of US? We the people? They better be!

  36. Re:This was suggested on Slashdot by Hamsterdan · · Score: 1

    The ISP provides you with an internet connection (thus the SP part). If the ISP doesn't take action, what do you think happens? The *other* costumers might be prevented from using some services (as in unable to send email to @somedomain because my ISP's mail servers are blackholed or throttled).

    If you're not able to reach the costumer, you flip the switch to prevent the problem from spreading.

    --
    I've got better things to do tonight than die.
  37. Re:This was suggested on Slashdot by EdIII · · Score: 1

    I agree with you entirely.

    I'll be honest. I don't give a fucking shit about the poor bastard at home with 20 infected computers spitting out malware.

    That's life, and life can be hard, not fair, and not forgiving either. There are costs associated with life, and every so often you need to pay out your ass to fix your truck, go to the doctor, or any other disaster you did not prepare for, or could not prepare for.

    I already use Spamhaus for their lists, and if MS offers their list service for a decent price, I will jump on it so damn fast to use it. No questions asked. I don't question Spamhaus when it tells me to kill the connection. Of course these days I don't actually kill the connection but I do add a "fatal" amount of points to the SPAM score.

    If I could tie the MS service into the firewalls running on my routers at data centers, or even at home, I will do so in a split second. Probably even redirect them to a honey pot machine and a web page notifying them they have been listed as infected and to take appropriate action. Once they fall off the list they can come back and use our services.

    Any extra tool in the arsenal is a bonus. I get attempts to hack my SIP gateways by the tens of thousands on a daily basis. Fail2Ban really helps there.

    I'll take any list of IP addresses and ranges that are being used for attack purposes and /dev/null them. It just makes my life easier, and although I might feel for the person on the other end if they are a victim too, I can't let myself be dragged down with them. Go to GeekSquad or get a new computer.

    I have been on the other end of the stick too. Website being hosted with us had a form that was used to SPAM the living hell out everyone else. So massive we needed to track down where the heck the bandwidth was coming from. We ended up being flagged by IronPort for awhile. That really ruined our day. We cleaned it up, put some counter measures into place, IronPort upgraded our status after awhile, and things returned to normal.

    Now if I had the IP address of that computer used to attack us in the first place.................... Who knows? Maybe they would have not even been on the list. I would think a hacker would probably use a compromised system to probe us in the first place though.

    To anyone who thinks it is too unfair, and you can't block them, and might also think that blocking dynamic IP address ranges for email is being "fascist", let me ask you this question:

    If you owned a retail store, and saw a man covered in shit and flies walking up to your store, would you let him in your store or tell him to take a long shower and come back?

  38. Re:This was suggested on Slashdot by Anonymous Coward · · Score: 0

    For a long time Slashdotters have suggested cutting off internet for anyone who has botnet or malware on their computer.

    I know you have a high UID but please, for a long time Slashdotters have argued about everything. Stating that Slashdotters think the same about anything is just trolling or being stupid. Your choice.

  39. If you're going to mod me down troll, say why by Anonymous Coward · · Score: 0

    Legitimately why, on computing technical grounds (ala errors I made misleading others etc. technically).

    (No, not just doing a "hit & run" downmod that you have either, because WHEN you do that, you only show us all that's "the best you've got" & nothing more (which means you have squat)).

    * Ah... then again, I am asking a blatant cowardly little worm to be a MAN, not a worm in my request above.

    APK

    P.S.=> That'd be TOO much to expect around /. - home of the "Pro-*NIX troll" online, lol! ... apk

  40. Hit & Run downmods by trolls & no reasons by Anonymous Coward · · Score: 0

    At least state why, & legitimately why on computing technical grounds (ala errors I made misleading others etc. technically).

    (No, not just doing a "hit & run" downmod that you have either, because WHEN you do that, you only show us all that's "the best you've got" & nothing more (which means you have squat)).

    * Ah... then again, I am asking a blatant cowardly little worm to be a MAN, not a worm in my request above.

    APK

    P.S.=> That'd be TOO much to expect around /. - home of the "Pro-*NIX troll" online, Truths I post don't seem to go over well on /. (home of the "Pro-*NIX Trolls online", lol!)...

    ... apk

  41. Good move there! by hesaigo999ca · · Score: 1

    I applaud their wit and strategy, although it is THEIR software that is causing all this in the first place....I know they can not go backwards,
    or change their OS methodology, so instead they do the next best thing, make all the info available to those law enforcements, to catch the ones that
    would use these vulnerabilities to exploit the people using Windows..... great! so today the big evil corp we know as MS, has done a good deed indeed!
    First step on the road to redemption....

  42. Not black and white by Anonymous Coward · · Score: 0

    You'd rather trust the bot net operator?

    Why does it have to be one or the other? Apparently he'd rather trust neither.

    Yes, the government *could* abuse this type of information, but a bot net operator can abuse his bots, too.

    That's right, both would definitely abuse the information. We can't move forward with such a compromise as part of the solution, because information abuse is one of the things we are trying to prevent as part of eliminating botnets.

  43. Meh... by Anonymous Coward · · Score: 0

    Doesn't apply to me.
    I run Linux.

  44. Good security applies 2 Linux too (see inside) by Anonymous Coward · · Score: 0

    KERNEL.ORG COMPROMISED - The Cracking of Kernel.org: (very bad - do you trust it now?)

    http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised

    ---

    Linux.com pwned in fresh round of cyber break-ins: (lol)

    http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/

    ---

    Mysql.com Hacked, Made To Serve Malware:

    http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware

    What's that site running? You guessed it - Linux -> http://uptime.netcraft.com/up/graph?site=mysql.com

    ---

    London Stock Exchange serving malware:

    http://slashdot.org/submission/1484548/London-Stock-Exchange-Web-Site-Serving-Malware

    (I mean hey - NOT ONLY DID LINUX FALL FLAT ON ITS FACE less than a few minutes into the job http://linux.slashdot.org/story/11/02/19/0147232/London-Stock-Exchange-Price-Errors-Emerged-At-Linux-Launch, & crash not only ONCE, but TWICE there? You see "Linux 'fine security'" in motion @ the LSE too!)

    ---

    DUQU ROOTKIT/BOTNET BEING SERVED FROM LINUX SERVERS: (very recent):

    http://it.slashdot.org/story/11/11/30/1610228/duqu-attackers-managed-to-wipe-cc-servers

    ---

    Linux Foundation, Linux.com Sites Down To Fix Security Breach: (lol)

    http://linux.slashdot.org/story/11/09/11/1325212/linux-foundation-linuxcom-sites-down-to-fix-security-breach

    ---

    Linux's showing in CA's breached recently too? Ok: (very, Very, VERY BAD for ecommerce, online shopping, banking, etc./et al)

    http://uptime.netcraft.com/up/graph?site=StartCom.com

    http://uptime.netcraft.com/up/graph?site=GlobalSign.com

    http://uptime.netcraft.com/up/graph?site=Comodo.com

    http://uptime.netcraft.com/up/graph?site=DigiCert.com

    http://uptime.netcraft.com/up/graph?site=www.gemnet.nl

    The list of CA Servers BREACHED that RUN LINUX (StartCom, GlobalSign, DigiCert, Comodo, GemNet)... per these articles verifying that:

    http://itproafrica.com/technology/security/cas-hacked/

    &

    http://threatpost.com/en_us/blogs/site-dutch-ca-gemnet-offline-after-web-server-attack-120811

    ---

    The Stratfor SECURITY hack: (can't blame it on poor setup, this IS a security firm that uses Linux)

    http://yro.slashdot.org/story/11/12/28/1743201/data-exposed-in-stratfor-compromise-analyzed

    What's that domain run? Yes kids - you guessed it: LINUX -> http://uptime.netcraft.com/up/graph?site=www.stratfor.com

    ---

    Phishers/Spammers FAVOR attacking LAMP: