It appears that he did from the screenshots. You can see in the background his desktop has that sort of "OMG YOUR INFECTED, BUY OUR PRODUCT" type text that rouge AV products use to scare people.
At least they had him use a decent anti-malware program. I generally find symantec products to be more of a virus than most viruses, that crap is hard to get rid of once it's installed and doesn't detect much of anything.
It would be a hell of alot easier of software developers didn't require administrative privileges when they really don't need them. I tried to run in a "user" usergroup when I replaces win2k pro with win xp pro but nothing ran correctly. I tried using the "run as" menu and a program called sudo-win which would elevate my privs temporarily then reduce them again. Nothing would install correctly, nothing would run correctly. Even programs that don't use any administrator functions or zones wouldn't work correctly. Realistically, running in a non-admin account is a pain in the ass.
It is common practice for domains to be registered using stolen credit card numbers and phony registration information, as well as using bots within the net to act as proxies between you and the actual server, such as with fast flux. That combined with the fact that the servers are generally hosted in countries that don't have a lot of money, man power, or motivation to track these types of operations down makes stopping them a very difficult process.
I guess it would depend on how you define mutation in terms of a computer worm. If you mean it changes it's executable there is already alot of malware that uses polymorphic code and a few that use metamorphic code. If you mean changing the means of transmission, I'm sure a rudimentary form of mutation could occur using some sort of built in fuzzing and vulnerability analysis engine.
This would only work for centralized command and control mechanisms. More sophisticated bots use decentralized p2p type communication, as was with the storm worm last year. Conflicker uses a built in mechanism to generate new domains to contact each day, and while security firms are deploying blacklists based on the generator code, it could easily be changed in a new variant. This is of course not taking into account the difficulty one would have in getting ISP's to maintain a list of blacklisted domains that changes day to day.
It's autorun.inf not autoexec.bat, and it does require a bit of user interaction. Double clicking on it in explorer in XP will execute it but on systems running vista/7 it must rely on social engineering.
PJ didn't blame the mom for Megan's death, but pointed out how the very laws that were twisted to punish Drew could just as easily be used to convict her mother. But you must admit that there is a certain amount of responsibility that her mother has for what eventually happened to her. She had attempted suicide before but was left alone while she was clearly upset.
That distinction doesn't make the least bit of difference. What if tomorrow 90% of the population decided that using the name Improv was unconscionable and decided to make a law against it, should you be tried under this law for using the name right now? Ex post facto laws are prohibited by the constitution for a good reason.
So if I write a book, and 1 person buys a copy and proceeds to photocopy it and give it away for free, it's my fault for selling it to him? As for people who sing on a street corner, that could be much better equated with "for donations" software, and them not getting paid by everyone who listens is a result of a public performance. I'm sure if you snuck into a concert "for pay", they band would be much less understanding then the guy on the street corner.
Yes I read your post, and boo hoo for you, but the vast majority of people who pirate windows don't do it because they can't find their cd key. I was only made the last reply based on the overwhelming frequency with which everyone that pirates software uses that same argument. "Oh I'm just making a copy, I'm not stealing anything." The people that work at Microsoft don't write software because they enjoy socialist software ideals, they do it to make money.
Exactly, the idea behind javascript obfuscation is to get past automated tools (antivirus engines) not flesh and blood analysts, and it does the job very well. It really isn't the same thing as DRM.
Use their own tactics against them:
If anonymous posting is illegal, then children will have to post their full names whenever they send a communication on the internet, they're all sure to get molested!
Your post advocates a
( ) technical (X) legislative ( ) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
(X) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(X) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(X) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(X) Lack of centrally controlling authority for email
(X) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
(X) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(X) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(X) Extreme profitability of spam
( ) Joe jobs and/or identity theft
(X) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(X) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
( ) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
(X) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses [hey, it's Microsoft... they've probably already submitted the patent...]
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
(X) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
( ) Sorry dude, but I don't think it would work.
(X) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
I probably should have elaborated on my own feelings that suicide should, in fact, not be illegal. But then regarding your own statement of
So long as suicide is called a crime I am not aware of any law which actually outlaws suicide.
How exactly would that fit into any law without being completely stupid and arbitrary? If I'm walking down the street and come upon a scene where someone is threatening to jump off of a building, and I yell "Jump!", and he does, does that make me a murderer? As much as people hate to hear it suicide is not murder and hurting peoples feelings isn't and should never be illegal.
P.S. Anyone who thinks otherwise should kill themselves.
Slashdot Mirror
It appears that he did from the screenshots. You can see in the background his desktop has that sort of "OMG YOUR INFECTED, BUY OUR PRODUCT" type text that rouge AV products use to scare people.
At least they had him use a decent anti-malware program. I generally find symantec products to be more of a virus than most viruses, that crap is hard to get rid of once it's installed and doesn't detect much of anything.
It would be a hell of alot easier of software developers didn't require administrative privileges when they really don't need them. I tried to run in a "user" usergroup when I replaces win2k pro with win xp pro but nothing ran correctly. I tried using the "run as" menu and a program called sudo-win which would elevate my privs temporarily then reduce them again. Nothing would install correctly, nothing would run correctly. Even programs that don't use any administrator functions or zones wouldn't work correctly. Realistically, running in a non-admin account is a pain in the ass.
It is common practice for domains to be registered using stolen credit card numbers and phony registration information, as well as using bots within the net to act as proxies between you and the actual server, such as with fast flux. That combined with the fact that the servers are generally hosted in countries that don't have a lot of money, man power, or motivation to track these types of operations down makes stopping them a very difficult process.
I guess it would depend on how you define mutation in terms of a computer worm. If you mean it changes it's executable there is already alot of malware that uses polymorphic code and a few that use metamorphic code. If you mean changing the means of transmission, I'm sure a rudimentary form of mutation could occur using some sort of built in fuzzing and vulnerability analysis engine.
This would only work for centralized command and control mechanisms. More sophisticated bots use decentralized p2p type communication, as was with the storm worm last year. Conflicker uses a built in mechanism to generate new domains to contact each day, and while security firms are deploying blacklists based on the generator code, it could easily be changed in a new variant. This is of course not taking into account the difficulty one would have in getting ISP's to maintain a list of blacklisted domains that changes day to day.
It's autorun.inf not autoexec.bat, and it does require a bit of user interaction. Double clicking on it in explorer in XP will execute it but on systems running vista/7 it must rely on social engineering.
PJ didn't blame the mom for Megan's death, but pointed out how the very laws that were twisted to punish Drew could just as easily be used to convict her mother. But you must admit that there is a certain amount of responsibility that her mother has for what eventually happened to her. She had attempted suicide before but was left alone while she was clearly upset.
That distinction doesn't make the least bit of difference. What if tomorrow 90% of the population decided that using the name Improv was unconscionable and decided to make a law against it, should you be tried under this law for using the name right now? Ex post facto laws are prohibited by the constitution for a good reason.
Yes. You failed to control your product. Too bad for you.
That's all I need to know about you to end this conversation.
So if I write a book, and 1 person buys a copy and proceeds to photocopy it and give it away for free, it's my fault for selling it to him? As for people who sing on a street corner, that could be much better equated with "for donations" software, and them not getting paid by everyone who listens is a result of a public performance. I'm sure if you snuck into a concert "for pay", they band would be much less understanding then the guy on the street corner.
Yes I read your post, and boo hoo for you, but the vast majority of people who pirate windows don't do it because they can't find their cd key. I was only made the last reply based on the overwhelming frequency with which everyone that pirates software uses that same argument. "Oh I'm just making a copy, I'm not stealing anything." The people that work at Microsoft don't write software because they enjoy socialist software ideals, they do it to make money.
Only if you think the time spent developing software is worth nothing.
It's okay to steal an unlocked car right? Cause they left it unlocked?
Yea I mean, how dare they expect to be paid for a product they made. How dare they. How DARE they!
If by "google for keys" you mean, google and steal other peoples keys, then yes.
Exactly, the idea behind javascript obfuscation is to get past automated tools (antivirus engines) not flesh and blood analysts, and it does the job very well. It really isn't the same thing as DRM.
Vista has it's fair share of privilege elevation exploits.
Use their own tactics against them: If anonymous posting is illegal, then children will have to post their full names whenever they send a communication on the internet, they're all sure to get molested!
Man I screwed that up, I'm such a noob at this Slashdot thing. :(
Your post advocates a ( ) technical (X) legislative ( ) market-based ( ) vigilante approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.) ( ) Spammers can easily use it to harvest email addresses ( ) Mailing lists and other legitimate email uses would be affected (X) No one will be able to find the guy or collect the money ( ) It is defenseless against brute force attacks ( ) It will stop spam for two weeks and then we'll be stuck with it ( ) Users of email will not put up with it ( ) Microsoft will not put up with it ( ) The police will not put up with it (X) Requires too much cooperation from spammers ( ) Requires immediate total cooperation from everybody at once ( ) Many email users cannot afford to lose business or alienate potential employers ( ) Spammers don't care about invalid addresses in their lists (X) Anyone could anonymously destroy anyone else's career or business Specifically, your plan fails to account for ( ) Laws expressly prohibiting it (X) Lack of centrally controlling authority for email (X) Open relays in foreign countries ( ) Ease of searching tiny alphanumeric address space of all email addresses ( ) Asshats (X) Jurisdictional problems ( ) Unpopularity of weird new taxes ( ) Public reluctance to accept weird new forms of money ( ) Huge existing software investment in SMTP ( ) Susceptibility of protocols other than SMTP to attack ( ) Willingness of users to install OS patches received by email (X) Armies of worm riddled broadband-connected Windows boxes ( ) Eternal arms race involved in all filtering approaches (X) Extreme profitability of spam ( ) Joe jobs and/or identity theft (X) Technically illiterate politicians ( ) Extreme stupidity on the part of people who do business with spammers (X) Dishonesty on the part of spammers themselves ( ) Bandwidth costs that are unaffected by client filtering ( ) Outlook and the following philosophical objections may also apply: ( ) Ideas similar to yours are easy to come up with, yet none have ever been shown practical ( ) Any scheme based on opt-out is unacceptable ( ) SMTP headers should not be the subject of legislation ( ) Blacklists suck ( ) Whitelists suck (X) We should be able to talk about Viagra without being censored ( ) Countermeasures should not involve wire fraud or credit card fraud ( ) Countermeasures should not involve sabotage of public networks ( ) Countermeasures must work if phased in gradually ( ) Sending email should be free ( ) Why should we have to trust you and your servers? ( ) Incompatiblity with open source or open source licenses [hey, it's Microsoft... they've probably already submitted the patent...] ( ) Feel-good measures do nothing to solve the problem ( ) Temporary/one-time email addresses are cumbersome (X) I don't want the government reading my email ( ) Killing them that way is not slow and painful enough Furthermore, this is what I think about you: ( ) Sorry dude, but I don't think it would work. (X) This is a stupid idea, and you're a stupid person for suggesting it. ( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
How exactly would that fit into any law without being completely stupid and arbitrary? If I'm walking down the street and come upon a scene where someone is threatening to jump off of a building, and I yell "Jump!", and he does, does that make me a murderer? As much as people hate to hear it suicide is not murder and hurting peoples feelings isn't and should never be illegal. P.S. Anyone who thinks otherwise should kill themselves.
Scalpers have been doing that around here for years, buy a red ribbon for $100 and get a ticket free!
Perhaps you should lookup the word "recidivism" before making stupid comments.