Well, the supply of ExpressCard compatible devices is limited, but this fact doesn't consider the most important point. The entire industry is moving to ExpressCard this year because the standard is better than the previous PCSlot / PCMCIA stuff. ExpressCard uses less power for example, and laptop vendors are eager to adopt it.
GPRS / EDGE can be used through the MacBook Pro Bluetooth interface, and that's the way most laptop users use the service today. Reason? If you use a plugin slot card you must either swap your SIM card all the time or use (and pay for) a second cell phone line. (I think as of a few weeks ago this is also true for EVDO with the Motorola RAZR from Verizon.)
There exist cute little readers that read five or six kinds of memory sticks for something like twenty bucks. These connect to the USB port and it's what most laptop users get. Reason? The PCSLot devices typically only read one or two types of memory sticks, because the slot was too small anyway. Granted, it's convenient if you only need to read one type of memory and if you don't need the slot for anything else.
And Dude! The fact that it runs Mac OS X does set it apart, in a really nice way.
Why can't banks use a similar system to the "mother's maiden name" to prove who they are? You tell them three pieces of information, and then when they call you can ask for any one of them (They may need to prompt you first).
Bank of America has a system like this, called SiteKey. If you click on a link and it doesn't go through a verification routine called SiteKey, you know you're not at the real web site of the bank.
There are several issues with this system, however. The biggest one seems to be that it requires the customer to remember still more crap... ^h^h^h^h... bits of arbitrary information which are required to perform their daily business with the bank. People are already crushed under the load of the information they must master to interact with banks, online retail vendors, and credit card companies. Now they have to remember some essentially random combination of pictures and words. Let's see, is that sitekey a dog, a mutt, a hound, a puppy, or a poodle? (Hint: the same picture could be any of those things. It's right on the tip of my tongue...)
Another issue is that several times a year now online shoppers are faced with learning entirely new paradigms and associated rules for how to know if they are being scammed. It's hard to keep up with this stuff when it's your full time job to do so let alone as a casual internet shopper. (That's the same issue you say? One, there is One big issue! I'll just go out and come back in...)
Another recent example is the Verified by Visa program which has recently been levered to provide a new social engineering angle for a phishing scam. I predicted this a few months ago when I was first exposed to the Verified by Visa system, but I just got around to blogging about it only ten days ago. (see: Verfied by Visa (Veriphied Phishing?) for a description of my unsettling first exposer to this major security initiative from Visa.) I wish I had blogged sooner, I need more points to get my "fortune teller" merit badge!
I've seen stories about identity theft scams within the last year which used this same simple technique. One of them was apparently calling people during the middle of the night to catch people while sleeping, and off guard. They would claim to be from the card vendor's security or fraud department, and to have detected unusual spending patterns, etc. During the course of the call they would "verify" the customer's information, getting sometimes basically whatever information they asked for.
Although some people probably have the message, they keep making more people. Many young credit card holders today were not bombarded with these awareness campaigns during the early 1990s.
Well, tracking cookies may not be executables, but it's probably reasonable to consider many of them to be spyware, at least to the extent that they may be part of or coopted by a larger adware system which may identify a particular user and their web surfing history.
Perfect? Like Neck stretched over chopping block?
on
Apple to Buy out Palm?
·
· Score: 4, Insightful
Palm is in the perfect position to build the device.
There really isn't anything obvious that Palm can offer to such an effort that Apple doen't already have a demonstrated ability to do without Palm.
In fact, stretched out over the chopping block, Palm really isn't in the perfect postion to do much of anything. Consider what has been thought to be their core asset for many years -- PalmOS, a system designed from the ground up to run on light weight mobile devices. The software quality is crap, and had been for years. Phone vendors are giving up on PalmOS. Palm is giving up on PalmOS. What do they have left? A few patents, a few hardware and software engineers and Grafiti. Well, honestly, I preferred the handwriting recognition in Newton (presently in suspended animation known as InkWell). The quality of other Palm software (which runs on the PC systems they connect with) is even worse, and demonstrates a deep lack of concern for the user experience of their customers. This leads me to suspect that if you scratch the surface, Palm is really not very much Apple-like in corporate culture in many ways.
No offense intended to those of you who might still work there, but the quality of PalmOS doesn't exactly scream, "Hey, buy the company because you'll get a great engineering team!"
The point is: There are undoubtedly a few good engineers left at Palm, but Apple can simply hire the good ones. They don't need to buy the company and get layers of clearly innefective mangement, legions of pissed off customers, and legacy technology baggage like PalmOS and HotSync as part of the deal.
Agreed, in general they tend to work very well. Like the Space Shuttle -- which doesn't involve Windows so the example may allow you to see past the particulars of this incident, to my point.
Note that one of the groupthink articles I mentioned discusses a Space Shuttle accident (Windows not implicated). A characteristic of that event was that there were plenty of warning signs that were ignored, "hey maybe it's not such a good idea to have a jet of burning gas flaming out of the joints of the solid rocket boosters and pointed at the hydrogen tank". It seems obvious in retrospect. When a worm disables the computer systems of a warship in battle that might seem pretty obvious in retrospect, too. But hey, for now they are working very, very well!
It's also worth noting (I thought it was obvious, but apparently not) that there exist well-known examples of failures in many if not all of these systems, due to Windows security vulnerabilities including nuclear power plants. Many such incidents were coincident with worm attacks. Less-critical but very expensive failures of cash register networks, airline ticketing systems and so forth are also well known. Although perhaps not life threatening, they are very, very important to the businesses involved -- business critical is the phrase the MBA types use -- and can result in extreme financial damage to a business.
The question so many people ask is why? The answer, I suggest, lay partly in the decision making process of organizations.
I hope that clarifies the fact that I'm not blindly bashing Microsoft here, I'm mere suggesting that they have a long, long track record of quality and security issues which are not completely considered in the decision making processes which lead critical systems to be based thereupon.
Please spoo into this test tube, sir, while ma'me lies back waiting for the turkey baster. Pay no attention to the highly educated and trained staff, supported by millions of dollars worth of complicated medical equipment who will perform magic behind the curtain.
This "email worm" is more like a virus than a worm. It doesn't exploit an automatic execution hole in a popular email package, and thus it requires a user to execute the malware for it upon receipt of the email. This is social engineering, and purists can argue that it's a virus, not a worm. It doesn't self replicate, unless expensive medical intervention (in vitro fertilization) is also self-replication. (Note that this effort with respect to the malware requires only a modestly educated and trained person with a five hundred dollar PC to help execute the virus to steal or otherwise wreck havock on valuable data, rather than a highly skilled staff with millions of dollars worth of equipment.)
Well, in some circumstances it might self replicate. Symantec's description indicates that it attempts automatic propagation (including execution) using Windows C$ and Admin shares. This probably works in some LAN environments.
Like so many other bits of malware, it sports a mixture of virus-like and worm-like features (although not many worm-like features in this instance). Many other bits of malware last year routinely arrived in an email and then, once actived by a single user behind the company firewall, began probing the network to exploit one or more wormable holes.
The liability questions that you raise are probably less clear-cut than they first appear. Much of the actual exploitation of which the industry is aware exploits vulnerabilities which have been long patched. Others have suggested that home users be held accountable (e.g. liable) for evil deeds done to other systems by their presumably unpatched home PC systems. However, when a vulnerable system can be 0wn3d in less than two minutes of exposure to the internet, it's clear that home user responsibility is problematic. The same arguments and complications with respect to responsibility (and there are other examples) apply to most of the viruses, worms and botnets that plague the typical corporate or government network. Many of the exploited defects were patchable, but not actually patched by the customer, by the time of exploitation.
Nobody wants to fire the first liability shot, because the technical issues are complicated enough that nobody could predict how it might come out in a court room.
running windows as anything mission critical is stupid, it's a desktop system at heart, and an unstable one at that. running the bloody stock exchange on it is suicidal.
Although that might be a reasonable and rational statement on the surface, the fact is that Windows systems are now at the heart of critical systems everywhere. Although I'm surprised to see them playing such a critical roll in a stock exchange, I'm only a little tiny bit surprised, and mostly ashamed of my own instinctive reaction.
When these decisions are being made, you may feel as though you're stuck in a slow-motion sequence in a horror film, leaping to save someone, someone very beautiful that you could care about deeply if only you knew them a little better, someone who doesn't deserve to be eaten alive by a vicious monster, or maybe they do, but you just don't know it, anyway you don't know it and you didn't thnk of that until later, much later, after years of therapy in fact, all the while, leaping in futile slow motion to save a fatefully doomed monster victim, certain of their inevitable doom, crying "Nooooooo!" at the top of your lungs to no avail, due to the slow-motion and your voice having been run through an under-water pitch-reducing distortion filter. Yet another heroine devoured by the monster, just out of arms reach... You think to yourself, "If only... If only... If only I hadn't been stuck on slow motion..." when suddenly realize you're not alone, and you're thinking out loud, reliving the nightmare.
At this point a friend interrupts your navel gazing to say, "The monster would have eaten you too. Don't feel so guilty." whereas the cliche movie therapist would say, "How does that make you feel?" If you hear the former response, you're probably in meatspace, the latter, and you're still either dreaming or you really are a character in a horror film, and the monster is about to come crashing up through the floor or in through the window and eat your therapist.
Windows systems can be found:
running U.S. Navy warships
running medical imaging, monitoring, and other life-critical devices
running train control systems
running nuclear power plants
running ATM networks and other aspects of the banking system
Although it might be true that no rational and informed person would set up such critical systems on a system with the stability and security track record of Windows, remember that such decisions are typically made by a bureaucracy, not by rational and informed individuals. The field of psychology has studied this phenomenon and call it "groupthink".
The article was extremely short on info about the mechanisms through which they cause humans to become obese.
Probably because those mechanisms remain speculative. A vaccine might even be problematic, if for example it turns out that the virus doesn't directly cause the problem (whatever that turns out to be), but rather an immune response to the virus causes the problem.
Your analysis is probably reasonable with respect to the very top levels of large organizations -- CEO, CFO, etc. However, the glass ceiling is sometimes quite a lot lower than that -- mid level management is often heavily male dominated. Nearly all of those men were promoted to that level in a company that they didn't found. Women have valid complaints when the ceiling is quite low. In some very large organizations, VP and Senior VP positions are frequently or even routinely filled by promotions. The lack of women in those positions is often defended on the basis of a lack of candidates. This of course might be due to a glass ceiling lower in the organization which prevented women from becoming qualified candidates for senior positions. It does vary from organization to organization, but the Fortune 500 on the whole remains heavily dominated by men.
"The team, however, did not put this down to a causal link, because almost exactly the same decreased risk was seen on the other side of the head, leaving no overall increase risk of tumours for mobile phone users. Instead, they blamed biased reporting from brain tumour sufferers who knew what side of the head their tumours were on."
This bias could probably be eliminated by asking the cell phone users if they are right or left handed. It appears that most cell phone users hold the phone in their dominant hand, to that same side of their head, an ad hoc observation which itself could be confirmed rather than assumed.
"why would anyone in the right mind would want to develop IE5 for Mac?"
Researchers suspect that these people share a common genetic mutation with the people who wish to develop BeOS and OS/2. Known as the "uber underdog gene", its sufferers appear normal until they stumble upon a lost cause. Once even a trivial amount of emotional investment is made in the lost cause -- typically before they realize it is lost -- the sufferers are unable to move on.
The developers of FreeBSD (it's dead, I heard) are believed to suffer from a different mutation, as yet unidentified but statistically linked to repressed necrophelia.
"There's a deal between Apple and Microsoft. Part of the deal..."
There is no secret deal to kill MSIE on the Mac.
Well, not such that involves anyone at Apple, anyway. There certainly is no conspiracy between Apple and Microsoft to kill MSIE on the Mac. It's dead already. It was killed by Microsoft shortly after it shipped. (In the interest of Faux Fairness and Balance I note that IE on Windows was apparently killed shortly thereafter.)
IE fell flat on its back the moment I got 'im 'ome.
'IE's not pinin' for the fjords! 'IE's passed on!
This browser is no more! 'IE has ceased to be!
'IE's expired and gone to meet 'is maker!
'IE's a stiff! Bereft of life, 'ie rests in peace!
If you hadn't nailed 'im to the perch 'ie'd be pushing up the daisies!
'IE's metabolic processes are now 'istory!
'IE's off the twig!
'IE's kicked the bucket, 'ie's shuffled off 'is mortal coil, run down the curtain and joined the bleedin' choir invisible!!
THIS IS AN EX-BROWSER!
Well, I guess we had better replace it, then.
Development on IE for Mac ceased a few months after it shipped, and is unlikely to be the "Microsoft does something that Apple wants," part of any conspiracy theory. (Rumors of IE's demise were not greatly exaggerated.)
Likewise, AppleWorks isn't considered by anyone to be competition to Microsoft Office, and is less likely to be the "Apple does something that Microsoft wants" part of the conspiracy theory. In a scene reminiscent of Weekend at Bernie's, Microsoft is probably delighted to be able to prop up the AppleWorks corpse as an example of healthy competition before various judges now and then.
Furthermore, Apple's promotion of AppleWorks for years has approached zero arbitrarily close. If you have noticed a decline in Apple's promotion activities with respect to AppleWorks, your vision is sharper than mine (certainly possible). AppleWorks still looks like an old school classic Mac OS program, and not even a particularly charming example of that art form. It's a glorified clip art and font library for first time computer users. Although people have been expecting Apple to kill AppleWorks for years, largely because it's an embarassment to the platform, it's possible that it actually occupies a niche that may allow it to survive a while longer. (Perhaps: "Market research indicates that there exist customers who want an office package, but are scared of one that actually does anything useful... oddly, they are willing to pay the same price, $79.00, that we charge for the professional package, and may be willing to buy the Pro version later anyway, after they get their feet wet with the non-threatening glorified clip art and font library first." After the iWork suite is complete, perhaps a more modern "iDabble" subset will be created to replace AppleWorks, filling a more reasonable entry level niche, like Garage Band does beside Logic Pro.)
So far as the upside you mention is concerned, don't forget that Apple are steadily working to reduce their dependence upon Microsoft. Safari was the first big step, and was a response to *years* of neglect of MSIE on the Mac (and arguably the poor state of open source browsers on the Mac at the time as well). The iWork suite (thus far Keynote and Pages) offers serious capability in the professional office software arena and other applications in that space are probably under development.
W32.Wullik.B@mm is a "mass mailer", which means it uses email to send copies of itself. Technically it's not a worm, but the AntiVirus industry calls them "email worms" or sometimes simply "worms".
The confusion is partly due to the hybridization of malware in the last few years. The same bit of malware might exploit buffer overflow vulnerabilities over a network remotely and without user participation, like a worm, make copies of itself to removable media or other files on a hard drive or network drive, like a virus, or send copies of itself via email. The latter technique didn't get a cute name like worm or virus, and the lack of a cute name dedicated to this technique has helped foster the confusion.
Mass Mailers are typically the agents responsible for causing email outages in large organizations where the mail servers are Exchange and the clients are Outlook (and related). The mass mailer viruses cause particular grief in those environments because they are often equipped with the ability to harvest email addresses from the Outlook address book, so a handful of contaminated PCs can pretty quickly bog down the mail server by sending copies of the virus to everyone in the company over and over.
For the moment, organizations using other email systems tend not to get hit as hard. However, there really isn't any reason that these viruses couldn't learn how to read other address book formats and wreack havoc in other places, too, so someday they probably will.
Yes, and the potential for worm based inward-facing DOS attacks is very real, even though most DOS attacks are thought of as accidental (due to network traffic from the probing threads) or outward facing (directed at remote web site). It's one of the more interesting aspects of this Zotob outbreak, but not well reported.
Zotob (and variants) demonstrated that an internal DOS attack can be about as devastating as the worm / botnet infestation itself. The massive news coverage of this latest crop of worms was due almost entirely to the effects of the (apparently accidental) Denial of Service attack that it performed on many vulnerable networks. The buffer overflow attempt appears to have failed quite often, and when it did the intended victim computer would reboot itself.
The instant the first worm hit a network and started probing around, systems all over the network were crashing. It resulted in widespread panic (well, pandemonium anyway) in some organizations, flooding the help-desk. Systems couldn't stay up much more than a few seconds after rebooting on networks with more than a few scanning worms.
The importance of the DOS aspect of these worms has been underestimated by trade press, but I'm sure it hasn't gone unnoticed by malware authors. It added substantially to the "noise" in the worm-infested environment, and hampered recovery and containment efforts in some organizations -- and they learned about its effectiveness on CNN.
Future worms will probably include options to "scan with horked buffer overflow" to intentionally cause this kind of disruption. In the past, crackers tossed these failed buffer overlow exploits out with the empty pizza boxes and Mountain Dew cans. After Zotob, they'll probably become part of the standard worm toolkit.
Windows won't be going away any time soon, so there will remain plenty of worm fodder. I am surprised by the number of relatively unsophisticated home users who are switching to Mac OS X or Linux as a result of adware, spyware, and worms, but I haven't seen the same switcher phenomenon occurring in corporations.
Besides, worms probably wouldn't go away even if Windows did. Although conventional wisdom says that a large pool of exploitable systems is required for successful worm propagation, that's not true, demonstrated by the Witty Worm's exploitation of a very small population of vulnerable systems. Although they are not as common, worms have exploited other, non-Windows systems and application software, and certainly buffer overflow exploits are discovered periodically in such systems. Granted, the UNIX architecture makes worm exploitation of application software less likely to result in super-user access, but routers, DNS servers, and others remain vulnerable to the extent that they contain worm-able security defects -- and clearly many do.
Worms are getting more sophisticated all the time. From the starting point of their current capabilities, worms and botnets could easily be extended to automatically harvest particular types of data from particular companies or government agencies, using the chaos of a massive worm outbreak for cover. Their ability to receive arbitrary commands from remote attackers over IRC control channels means that they may already be in use for this purpose.
My company specializes in antiworm technology and consulting. The FireBreak AntiWorm system impedes worm propagation
without interfering with normal network operations -- including bit torrent.
There is a tremendous amount of innovation going in in the software security area lately, driven by the relatively recent realization among large corporations that they must now spend money on worm prevention, containment, and recovery if they want their heavy investment in the Windows monoculture to survive.
Opting out of the monoculture simply isn't feasible for most large corporations at this point. It's not just the cost of the desktop PC -- if that's all it was, a bunch of them would have switched en masse to Mac OS X Tiger when it came out. The applications, the developers who write them, the help-desk workers, the system administrators, the managers, the employees -- at this point all they know is Windows.
Switching a desktop is so hard for a large company, that the survival of the Windows monoculture is virtually assured for about as long as one can predict anything in the IT world (5 years, I'm told). The the problems that come with it will be creating market opportunities for a long while to come.
Quite. At a client site last year, an obscure DLL buried in a 3rd party software package set off what turned out to be a false positive. It generated a flood (well, hundreds) of helpdesk calls on the day it "hit", which, as it turned out, was first day of an automated weekly scan following the definition udpate. False positives can be dreadfully expensive on a large network.
It didn't get much press attention, but the researchers are all still very interested in The Witty Worm. It did something similar to your suggestion, and demonstrated that a worm can be destructive without limiting its propagation -- saturate first, then destroy. It also saturated a niche population of systems (much smaller than the Macintosh market, whose security record people incorrectly attribute to the smaller number of systems).
Modern worms can spread so rapidly that a small delay in the destruction, as you suggest, is all that's needed. If you saturate the entire target population in an hour, and start erasing random bits from the hard drive, tremendous damage could result. If a worm like Witty had exploited MS05-039, we would see a few hundred thousand wrecked systems today.
Why don't we see that? Because these worms are designed to build fleets of useful systems, gather information, steal identities, log keystrokes, collect passwords, and all manner of really nasty stuff.
The victims would be far, far better off if the worm merely waxed the hard drive.
These worms wouldn't be able to achieve their aims if they wrecked the C: drives. The "non-destructive" nature of these worms gets widely reported, because people don't understand that these systems are remotely controlled by hostile attackers from outside the corporate network from the early moments of the worm outbreak. Hey, the system still runs and users can still get their corporate email, so it can't be that bad, right? This remote control stuff is theoretical, right?
Wrong. This crop of worms is efficient, and very, very nasty. I have an IRC session log which shows literally hundreds of MB of files being stolen from infected computers, and many MB of files downloaded and executed on those same systems. Files that are not recognized by AntiVirus, files that don't get cleaned up with the magic bullet clean up tools. It also shows the bots responding when a firewall rule was put up to block the initial IRC connection. These bots are becoming smarter all the time, and these are definitely not "gentle peaceful worms" that seek only to spread from system to system.
Sorry, I was a little less specific than I should have been. I was thinking specifically about larger corporations like those listed in the news articles about the MS05-039 worms. There probably isn't a single Fortune 100 company, probably not even a single Fortune 500 company, that allows desktop Windows systems to be knowingly exposed to the internet while connected to the corporate LAN. They are behind firewalls. (Yes, I know that's not sufficient protection, but it's a good first step). Small companies often don't have the sophistication or talent in their IT departments and you're right, sometimes their entire network is more or less directly exposed to the internet. This is particularly true of very small companies, which may have a DSL connection shared by a small LAN, with all systems exposed.
By contrast, nearly every Fortune 500 company allows laptops to come and go, willy nilly. That's often how worms get into their networks.
Slashdot Mirror
Well, the supply of ExpressCard compatible devices is limited, but this fact doesn't consider the most important point. The entire industry is moving to ExpressCard this year because the standard is better than the previous PCSlot / PCMCIA stuff. ExpressCard uses less power for example, and laptop vendors are eager to adopt it.
GPRS / EDGE can be used through the MacBook Pro Bluetooth interface, and that's the way most laptop users use the service today. Reason? If you use a plugin slot card you must either swap your SIM card all the time or use (and pay for) a second cell phone line. (I think as of a few weeks ago this is also true for EVDO with the Motorola RAZR from Verizon.)
There exist cute little readers that read five or six kinds of memory sticks for something like twenty bucks. These connect to the USB port and it's what most laptop users get. Reason? The PCSLot devices typically only read one or two types of memory sticks, because the slot was too small anyway. Granted, it's convenient if you only need to read one type of memory and if you don't need the slot for anything else.
And Dude! The fact that it runs Mac OS X does set it apart, in a really nice way.
There are several issues with this system, however. The biggest one seems to be that it requires the customer to remember still more crap... ^h^h^h^h
Another issue is that several times a year now online shoppers are faced with learning entirely new paradigms and associated rules for how to know if they are being scammed. It's hard to keep up with this stuff when it's your full time job to do so let alone as a casual internet shopper. (That's the same issue you say? One, there is One big issue! I'll just go out and come back in...)
Another recent example is the Verified by Visa program which has recently been levered to provide a new social engineering angle for a phishing scam. I predicted this a few months ago when I was first exposed to the Verified by Visa system, but I just got around to blogging about it only ten days ago. (see: Verfied by Visa (Veriphied Phishing?) for a description of my unsettling first exposer to this major security initiative from Visa.) I wish I had blogged sooner, I need more points to get my "fortune teller" merit badge!
More fodder:
Joris Evers of CNet blog on SiteKey with links to stories and discussions
Slashdot discussion on SiteKey
By the way, have you noticed that the time horizon for "recent" is now minutes and hours. I can remember a time when it used to be at least weeks.
I've seen stories about identity theft scams within the last year which used this same simple technique. One of them was apparently calling people during the middle of the night to catch people while sleeping, and off guard. They would claim to be from the card vendor's security or fraud department, and to have detected unusual spending patterns, etc. During the course of the call they would "verify" the customer's information, getting sometimes basically whatever information they asked for.
Although some people probably have the message, they keep making more people. Many young credit card holders today were not bombarded with these awareness campaigns during the early 1990s.
Well, tracking cookies may not be executables, but it's probably reasonable to consider many of them to be spyware, at least to the extent that they may be part of or coopted by a larger adware system which may identify a particular user and their web surfing history.
In fact, stretched out over the chopping block, Palm really isn't in the perfect postion to do much of anything. Consider what has been thought to be their core asset for many years -- PalmOS, a system designed from the ground up to run on light weight mobile devices. The software quality is crap, and had been for years. Phone vendors are giving up on PalmOS. Palm is giving up on PalmOS. What do they have left? A few patents, a few hardware and software engineers and Grafiti. Well, honestly, I preferred the handwriting recognition in Newton (presently in suspended animation known as InkWell). The quality of other Palm software (which runs on the PC systems they connect with) is even worse, and demonstrates a deep lack of concern for the user experience of their customers. This leads me to suspect that if you scratch the surface, Palm is really not very much Apple-like in corporate culture in many ways.
No offense intended to those of you who might still work there, but the quality of PalmOS doesn't exactly scream, "Hey, buy the company because you'll get a great engineering team!"
The point is: There are undoubtedly a few good engineers left at Palm, but Apple can simply hire the good ones. They don't need to buy the company and get layers of clearly innefective mangement, legions of pissed off customers, and legacy technology baggage like PalmOS and HotSync as part of the deal.
Agreed, in general they tend to work very well. Like the Space Shuttle -- which doesn't involve Windows so the example may allow you to see past the particulars of this incident, to my point.
Note that one of the groupthink articles I mentioned discusses a Space Shuttle accident (Windows not implicated). A characteristic of that event was that there were plenty of warning signs that were ignored, "hey maybe it's not such a good idea to have a jet of burning gas flaming out of the joints of the solid rocket boosters and pointed at the hydrogen tank". It seems obvious in retrospect. When a worm disables the computer systems of a warship in battle that might seem pretty obvious in retrospect, too. But hey, for now they are working very, very well!
It's also worth noting (I thought it was obvious, but apparently not) that there exist well-known examples of failures in many if not all of these systems, due to Windows security vulnerabilities including nuclear power plants. Many such incidents were coincident with worm attacks. Less-critical but very expensive failures of cash register networks, airline ticketing systems and so forth are also well known. Although perhaps not life threatening, they are very, very important to the businesses involved -- business critical is the phrase the MBA types use -- and can result in extreme financial damage to a business.
The question so many people ask is why? The answer, I suggest, lay partly in the decision making process of organizations.
I hope that clarifies the fact that I'm not blindly bashing Microsoft here, I'm mere suggesting that they have a long, long track record of quality and security issues which are not completely considered in the decision making processes which lead critical systems to be based thereupon.
Please spoo into this test tube, sir, while ma'me lies back waiting for the turkey baster. Pay no attention to the highly educated and trained staff, supported by millions of dollars worth of complicated medical equipment who will perform magic behind the curtain.
This "email worm" is more like a virus than a worm. It doesn't exploit an automatic execution hole in a popular email package, and thus it requires a user to execute the malware for it upon receipt of the email. This is social engineering, and purists can argue that it's a virus, not a worm. It doesn't self replicate, unless expensive medical intervention (in vitro fertilization) is also self-replication. (Note that this effort with respect to the malware requires only a modestly educated and trained person with a five hundred dollar PC to help execute the virus to steal or otherwise wreck havock on valuable data, rather than a highly skilled staff with millions of dollars worth of equipment.)
Well, in some circumstances it might self replicate. Symantec's description indicates that it attempts automatic propagation (including execution) using Windows C$ and Admin shares. This probably works in some LAN environments.
Like so many other bits of malware, it sports a mixture of virus-like and worm-like features (although not many worm-like features in this instance). Many other bits of malware last year routinely arrived in an email and then, once actived by a single user behind the company firewall, began probing the network to exploit one or more wormable holes.
The liability questions that you raise are probably less clear-cut than they first appear. Much of the actual exploitation of which the industry is aware exploits vulnerabilities which have been long patched. Others have suggested that home users be held accountable (e.g. liable) for evil deeds done to other systems by their presumably unpatched home PC systems. However, when a vulnerable system can be 0wn3d in less than two minutes of exposure to the internet, it's clear that home user responsibility is problematic. The same arguments and complications with respect to responsibility (and there are other examples) apply to most of the viruses, worms and botnets that plague the typical corporate or government network. Many of the exploited defects were patchable, but not actually patched by the customer, by the time of exploitation.
Nobody wants to fire the first liability shot, because the technical issues are complicated enough that nobody could predict how it might come out in a court room.
When these decisions are being made, you may feel as though you're stuck in a slow-motion sequence in a horror film, leaping to save someone, someone very beautiful that you could care about deeply if only you knew them a little better, someone who doesn't deserve to be eaten alive by a vicious monster, or maybe they do, but you just don't know it, anyway you don't know it and you didn't thnk of that until later, much later, after years of therapy in fact, all the while, leaping in futile slow motion to save a fatefully doomed monster victim, certain of their inevitable doom, crying "Nooooooo!" at the top of your lungs to no avail, due to the slow-motion and your voice having been run through an under-water pitch-reducing distortion filter. Yet another heroine devoured by the monster, just out of arms reach... You think to yourself, "If only... If only... If only I hadn't been stuck on slow motion..." when suddenly realize you're not alone, and you're thinking out loud, reliving the nightmare.
At this point a friend interrupts your navel gazing to say, "The monster would have eaten you too. Don't feel so guilty." whereas the cliche movie therapist would say, "How does that make you feel?" If you hear the former response, you're probably in meatspace, the latter, and you're still either dreaming or you really are a character in a horror film, and the monster is about to come crashing up through the floor or in through the window and eat your therapist.
Windows systems can be found:
Although it might be true that no rational and informed person would set up such critical systems on a system with the stability and security track record of Windows, remember that such decisions are typically made by a bureaucracy, not by rational and informed individuals. The field of psychology has studied this phenomenon and call it "groupthink".
Groupthink
Wikipedia on Groupthink
A First Look at Communication Theory (Ch. 18, 3rd Edition)
Your analysis is probably reasonable with respect to the very top levels of large organizations -- CEO, CFO, etc. However, the glass ceiling is sometimes quite a lot lower than that -- mid level management is often heavily male dominated. Nearly all of those men were promoted to that level in a company that they didn't found. Women have valid complaints when the ceiling is quite low. In some very large organizations, VP and Senior VP positions are frequently or even routinely filled by promotions. The lack of women in those positions is often defended on the basis of a lack of candidates. This of course might be due to a glass ceiling lower in the organization which prevented women from becoming qualified candidates for senior positions. It does vary from organization to organization, but the Fortune 500 on the whole remains heavily dominated by men.
The issue is confused because modern malware often incorporates virus and worm techniques into one svelt and evil package.
The developers of FreeBSD (it's dead, I heard) are believed to suffer from a different mutation, as yet unidentified but statistically linked to repressed necrophelia.
Well, not such that involves anyone at Apple, anyway. There certainly is no conspiracy between Apple and Microsoft to kill MSIE on the Mac. It's dead already. It was killed by Microsoft shortly after it shipped. (In the interest of Faux Fairness and Balance I note that IE on Windows was apparently killed shortly thereafter.)
IE fell flat on its back the moment I got 'im 'ome.
'IE's not pinin' for the fjords! 'IE's passed on!
This browser is no more! 'IE has ceased to be!
'IE's expired and gone to meet 'is maker!
'IE's a stiff! Bereft of life, 'ie rests in peace!
If you hadn't nailed 'im to the perch 'ie'd be pushing up the daisies!
'IE's metabolic processes are now 'istory!
'IE's off the twig!
'IE's kicked the bucket, 'ie's shuffled off 'is mortal coil, run down the curtain and joined the bleedin' choir invisible!!
THIS IS AN EX-BROWSER!
Well, I guess we had better replace it, then.
Development on IE for Mac ceased a few months after it shipped, and is unlikely to be the "Microsoft does something that Apple wants," part of any conspiracy theory. (Rumors of IE's demise were not greatly exaggerated.)
Likewise, AppleWorks isn't considered by anyone to be competition to Microsoft Office, and is less likely to be the "Apple does something that Microsoft wants" part of the conspiracy theory. In a scene reminiscent of Weekend at Bernie's, Microsoft is probably delighted to be able to prop up the AppleWorks corpse as an example of healthy competition before various judges now and then.
Furthermore, Apple's promotion of AppleWorks for years has approached zero arbitrarily close. If you have noticed a decline in Apple's promotion activities with respect to AppleWorks, your vision is sharper than mine (certainly possible). AppleWorks still looks like an old school classic Mac OS program, and not even a particularly charming example of that art form. It's a glorified clip art and font library for first time computer users. Although people have been expecting Apple to kill AppleWorks for years, largely because it's an embarassment to the platform, it's possible that it actually occupies a niche that may allow it to survive a while longer. (Perhaps: "Market research indicates that there exist customers who want an office package, but are scared of one that actually does anything useful... oddly, they are willing to pay the same price, $79.00, that we charge for the professional package, and may be willing to buy the Pro version later anyway, after they get their feet wet with the non-threatening glorified clip art and font library first." After the iWork suite is complete, perhaps a more modern "iDabble" subset will be created to replace AppleWorks, filling a more reasonable entry level niche, like Garage Band does beside Logic Pro.)
So far as the upside you mention is concerned, don't forget that Apple are steadily working to reduce their dependence upon Microsoft. Safari was the first big step, and was a response to *years* of neglect of MSIE on the Mac (and arguably the poor state of open source browsers on the Mac at the time as well). The iWork suite (thus far Keynote and Pages) offers serious capability in the professional office software arena and other applications in that space are probably under development.
There is no conspiracy to see here, move along.
W32.Wullik.B@mm is a "mass mailer", which means it uses email to send copies of itself. Technically it's not a worm, but the AntiVirus industry calls them "email worms" or sometimes simply "worms".
The confusion is partly due to the hybridization of malware in the last few years. The same bit of malware might exploit buffer overflow vulnerabilities over a network remotely and without user participation, like a worm, make copies of itself to removable media or other files on a hard drive or network drive, like a virus, or send copies of itself via email. The latter technique didn't get a cute name like worm or virus, and the lack of a cute name dedicated to this technique has helped foster the confusion.
Mass Mailers are typically the agents responsible for causing email outages in large organizations where the mail servers are Exchange and the clients are Outlook (and related). The mass mailer viruses cause particular grief in those environments because they are often equipped with the ability to harvest email addresses from the Outlook address book, so a handful of contaminated PCs can pretty quickly bog down the mail server by sending copies of the virus to everyone in the company over and over.
For the moment, organizations using other email systems tend not to get hit as hard. However, there really isn't any reason that these viruses couldn't learn how to read other address book formats and wreack havoc in other places, too, so someday they probably will.
Yes, and the potential for worm based inward-facing DOS attacks is very real, even though most DOS attacks are thought of as accidental (due to network traffic from the probing threads) or outward facing (directed at remote web site). It's one of the more interesting aspects of this Zotob outbreak, but not well reported.
Zotob (and variants) demonstrated that an internal DOS attack can be about as devastating as the worm / botnet infestation itself. The massive news coverage of this latest crop of worms was due almost entirely to the effects of the (apparently accidental) Denial of Service attack that it performed on many vulnerable networks. The buffer overflow attempt appears to have failed quite often, and when it did the intended victim computer would reboot itself.
The instant the first worm hit a network and started probing around, systems all over the network were crashing. It resulted in widespread panic (well, pandemonium anyway) in some organizations, flooding the help-desk. Systems couldn't stay up much more than a few seconds after rebooting on networks with more than a few scanning worms.
The importance of the DOS aspect of these worms has been underestimated by trade press, but I'm sure it hasn't gone unnoticed by malware authors. It added substantially to the "noise" in the worm-infested environment, and hampered recovery and containment efforts in some organizations -- and they learned about its effectiveness on CNN.
Future worms will probably include options to "scan with horked buffer overflow" to intentionally cause this kind of disruption. In the past, crackers tossed these failed buffer overlow exploits out with the empty pizza boxes and Mountain Dew cans. After Zotob, they'll probably become part of the standard worm toolkit.
The speed of light in the neighborhood of the device might be locally distorted, too. (I hate it when that happens. I loose all track of time.)
Windows won't be going away any time soon, so there will remain plenty of worm fodder. I am surprised by the number of relatively unsophisticated home users who are switching to Mac OS X or Linux as a result of adware, spyware, and worms, but I haven't seen the same switcher phenomenon occurring in corporations.
Besides, worms probably wouldn't go away even if Windows did. Although conventional wisdom says that a large pool of exploitable systems is required for successful worm propagation, that's not true, demonstrated by the Witty Worm's exploitation of a very small population of vulnerable systems. Although they are not as common, worms have exploited other, non-Windows systems and application software, and certainly buffer overflow exploits are discovered periodically in such systems. Granted, the UNIX architecture makes worm exploitation of application software less likely to result in super-user access, but routers, DNS servers, and others remain vulnerable to the extent that they contain worm-able security defects -- and clearly many do.
Worms are getting more sophisticated all the time. From the starting point of their current capabilities, worms and botnets could easily be extended to automatically harvest particular types of data from particular companies or government agencies, using the chaos of a massive worm outbreak for cover. Their ability to receive arbitrary commands from remote attackers over IRC control channels means that they may already be in use for this purpose.
My company specializes in antiworm technology and consulting. The FireBreak AntiWorm system impedes worm propagation without interfering with normal network operations -- including bit torrent.
There is a tremendous amount of innovation going in in the software security area lately, driven by the relatively recent realization among large corporations that they must now spend money on worm prevention, containment, and recovery if they want their heavy investment in the Windows monoculture to survive.
Opting out of the monoculture simply isn't feasible for most large corporations at this point. It's not just the cost of the desktop PC -- if that's all it was, a bunch of them would have switched en masse to Mac OS X Tiger when it came out. The applications, the developers who write them, the help-desk workers, the system administrators, the managers, the employees -- at this point all they know is Windows.
Switching a desktop is so hard for a large company, that the survival of the Windows monoculture is virtually assured for about as long as one can predict anything in the IT world (5 years, I'm told). The the problems that come with it will be creating market opportunities for a long while to come.
Quite. At a client site last year, an obscure DLL buried in a 3rd party software package set off what turned out to be a false positive. It generated a flood (well, hundreds) of helpdesk calls on the day it "hit", which, as it turned out, was first day of an automated weekly scan following the definition udpate. False positives can be dreadfully expensive on a large network.
It didn't get much press attention, but the researchers are all still very interested in The Witty Worm. It did something similar to your suggestion, and demonstrated that a worm can be destructive without limiting its propagation -- saturate first, then destroy. It also saturated a niche population of systems (much smaller than the Macintosh market, whose security record people incorrectly attribute to the smaller number of systems).
Modern worms can spread so rapidly that a small delay in the destruction, as you suggest, is all that's needed. If you saturate the entire target population in an hour, and start erasing random bits from the hard drive, tremendous damage could result. If a worm like Witty had exploited MS05-039, we would see a few hundred thousand wrecked systems today.
Why don't we see that? Because these worms are designed to build fleets of useful systems, gather information, steal identities, log keystrokes, collect passwords, and all manner of really nasty stuff.
The victims would be far, far better off if the worm merely waxed the hard drive.
These worms wouldn't be able to achieve their aims if they wrecked the C: drives. The "non-destructive" nature of these worms gets widely reported, because people don't understand that these systems are remotely controlled by hostile attackers from outside the corporate network from the early moments of the worm outbreak. Hey, the system still runs and users can still get their corporate email, so it can't be that bad, right? This remote control stuff is theoretical, right?
Wrong. This crop of worms is efficient, and very, very nasty. I have an IRC session log which shows literally hundreds of MB of files being stolen from infected computers, and many MB of files downloaded and executed on those same systems. Files that are not recognized by AntiVirus, files that don't get cleaned up with the magic bullet clean up tools. It also shows the bots responding when a firewall rule was put up to block the initial IRC connection. These bots are becoming smarter all the time, and these are definitely not "gentle peaceful worms" that seek only to spread from system to system.
Sorry, I was a little less specific than I should have been. I was thinking specifically about larger corporations like those listed in the news articles about the MS05-039 worms. There probably isn't a single Fortune 100 company, probably not even a single Fortune 500 company, that allows desktop Windows systems to be knowingly exposed to the internet while connected to the corporate LAN. They are behind firewalls. (Yes, I know that's not sufficient protection, but it's a good first step). Small companies often don't have the sophistication or talent in their IT departments and you're right, sometimes their entire network is more or less directly exposed to the internet. This is particularly true of very small companies, which may have a DSL connection shared by a small LAN, with all systems exposed.
By contrast, nearly every Fortune 500 company allows laptops to come and go, willy nilly. That's often how worms get into their networks.
I thought I saw you when we boarded. That was me wearing the Viva La Relativity! T-Shirt.
Yes, not all clients are rational.