Slashdot Mirror

← Back to Stories (view on slashdot.org)

White House Announces Initiative To Fight Botnets

Posted by samzenpus on from the fighting-the-good-fight dept.

benfrog writes "ISPs and financial-services companies would share data about computers made into botnets under a pilot program announced today by the Obama administration. From the article: 'The voluntary principles announced today include coordinating across sectors and confronting the problem globally. They were developed by the Industry Botnet Group, comprising trade groups including the Business Software Alliance and TechAmerica.' The White House is also backing a bill proposed by Joe Lieberman that would put the Department of Homeland Security in charge of cybersecurity of vital systems such as power grids and transportation networks."

5 of 89 comments (clear)

  1. So the BSA is leading the charge by Voyager529 · · Score: 5, Insightful

    Anyone want to start taking bets as to when a copy of uTorrent or Transmission will deem you as a part of the botnet?

  2. DHS in charge of cybersecurity?? by Anonymous Coward · · Score: 5, Funny

    I feel safer already.

  3. Re:war on botnets by runeghost · · Score: 5, Insightful

    They're doing great at giving the government more power, the corporations more money, and the citizenry more oppression.

  4. Re:war on botnets by troll+-1 · · Score: 5, Funny

    Next will be the War on Violence.

  5. Botnets exist due to the BSA & propritary soft by Anonymous Coward · · Score: 5, Interesting

    It is humorous that the BSA is taking charge of solving a problem that is essentially created by its members (and not able to solve it). The BSA is all about fighting for proprietary software. They ensure third parties (like antivirus companies) can't fix the code which lets botnets propagate and they ensure we don't have an Debian-like/apt-get like solution to software maintenance, distribution, and trust models.

    This BSA lead solution is bound to fail.

    The only thing I can conceive of working well to reduce or eliminate botnets is to free the software, implement official security standards all software need comply with, and fix the distribution problem. We would need to properly fund free software platforms and ecosystems. The move to free software with carefully scrutinised (think Debian) channels of trust exist and the software is available for third party review. These software repositories should require certain minimum security standards too. For the most part it's already being done as such with Debian although without any such standards (apart from trust in relation to distribution). They need to eliminate all but essential features of applications which execute scripts.

    - applications should not generally implement support for unnecessary scripting features, embedded objects, etc

    1. Web browsers should not have flash, PDF readers, java applets, GPU accelerated 'gaming' features, or silverlight.
    2. PDF software should not support scripting or embedded objects (like flash).
    3. Office software should not support macros; there is a business case although that needs restrictions and should not generally be in consumer office applications. Even within the business situation there needs to be restrictions on the businesses users ability to install such macros without technical advise.
    4. E-mail clients and similar should not support scripting or even html except for a minimal subset of features.
    5. Instant messaging software should also not implement scripting and limit any HTML to a subset of the standard.
    6. Applications should not install third party plug-ins to web browsers or similar.