I think that any effective remedy that will stem Microsoft's behavior would include, at a minimum, the following two conditions:
1) Microsoft must fully open the APIs and protocols to all interested parties, including rival software manufacturers and those who would set up emulation or compatibility layers (this would include WINE and Samba). It would seem to me that this should be considered the responsibility of anyone who makes an OS for general consumption. (Note that this would not require them to open up their source code.)
2) Microsoft should be prohibited from restricting equipment manufacturers from altering the software or reconfiguring the computer, such as installing rival software running on Windows or setting up a dual-boot with Linux.
Anything that doesn't do at least this much, in my view, will not make any difference whatsoever.
The article comes right out and states that it doesn't cover everything, but it seems to get the most common exploits. Once an admin gets this paper and secures the server against everything in it, it becomes easier to block other kinds of traffic (such as file types ending in exe). I do like the idea one poster had about a central database of port 80 fingerprints.
Thank you; at least there's one person who reads the entire message before having a kneejerk response. I even said, "Maybe it is worth the price," and maybe it is. I have nothing against paying money for software. I have purchased quite a lot in my time. It just seems weird to buy software that gives you access to free software...
Isn't MA the state that has a ballot initiative this year to repeal the state's Income Tax? There must be some people there with sense, Ted Kennedy notwithstanding.
For some reason, it bugs me that I have to pay money to use free (beer) plugins on a free (beer&speech) OS. Nice that they have a demo, though. I'll give it a shot; maybe it is worth the price.
You mean, like in California, where ridiculous energy legislation led to a state-wide power shortage?
Or like, anywhere in the country, where Federal health care policy directly results in the skyrocketing price of health care and the closure of most free clinics and charity hospitals?
These things only started going downhill in the 60s, when the Federal government started getting involved. Now, 200,000 Americans have died waiting for the FDA to approve medicine which would almost certainly have saved their lives, according to Robert Goldberg of Brandeis University. This is far more lives than they can claim to have saved.
Our government has about the worst track record of anything I can think of. And you say it's fine trusting this same government--which can't even keep drugs out of its own jails--with regulating things that are "innate in our system of living to the point that it is required to one degree or another"?
The computer technology is the one area of our economy where the government has been, for the most part, hands-off. As a result, technology has improved by leaps and bounds while prices have dramatically decreased. A mere $200 today will buy a computer so powerful it would have cost $10,000 just five years ago, while other aspects of the economy--such as health care and energy--where the government meddles for our own good have seen ridiculous amounts of inflation. Legislation in this manner will, IMO, stifle progress and the trend of declining prices.
Not only that, but the law will be an unfair burden on computer owners. Consider the following clause:
(a) REMOVAL OR ALTERATION OF SECURITY. -- No person may --
(1) remove or alter any certified security technology in an interactive digital device;
This essentially forces consumers to run software they do not want, and prohibits them from removing it. There don't appear to be any exceptions for issues such as data protection. The government wants to do exactly what it's blaming Microsoft for. This is a serious and inexcusable affront to our liberties.
All in the name of "enhancing the security of the internet." Check out this quote:
There is little financial incentive for private companies to enhance the security of the Internet and other infrastructures as a whole.
How clueless can you get?
On the plus side, there is an exception for time-shifting, but this is little consolation compared to the decimation of our basic rights and the certainly negative impact it will have in the computer marketplace.
So, let's see, when someone points out a flaw in a Microsoft product, Microsoft ignores it, until it gets out to the public, then Microsoft issues a patch (which may or may not fix the actual problem). It gets exploited (usually in the form of viruses and worms than spread like wildfire), and then Microsoft whines about "information anarchy."
When a flaw in Linux is discovered, they just fix the damn kernel and say, "oops."
Speedie needed to use Microsoft Word because the Linux word processors at her disposal were saddled with spellcheckers so abysmal they caused more problems than they solved, skipping over misspelled words and offering bizarre alternatives for words spelled correctly.
Strange...that's my experience with the Microsoft spell checker. Or with any other spell checker. None of them are perfect; nor are they intended to be a crutch. They're just tools to help find typos.
A decade later, Linux is lauded as a technical success. But as a business, it's a flop.
Why do we insist on measuring everything by the dollar value?
What if all the mental energy, the rage on Slashdot message boards had been concentrated on building solid business models in enterprise computing?
That's strange; the impression I got from the whole article was that of some junkie posting a rant on a bulletin board. I don't see him out developing the next greatest platform, and yet he pans others for doing exactly what he does.
The problem is the DMCA. As I understand it, it's now illegal to do that kind of reverse engineering, i.e. the type that allowed *nix users to connect to SMB via Samba. So basically, through emrbrace and extend, MS can technically and legally exclude non-conformists.
You misunderstand. The DMCA rules only apply to reverse engineering methods that protect copyrighted materials. IANAL, but I don't think this situation applies.
As others have pointed out, you must lease the bandwidth. But more to the point, the bandwidth being used by this worm is bandwidth taken away from the customers for their normal internet access. Freeing bandwidth created by a worm for the users is the exact opposite of restricting their bandwidth.
I've had almost 25,000 incoming port 80 requests since this virus was unleashed. (That's with my Linux box running constantly.) It's nice to see an ISP doing something productive.
To the naysayers, I'd like to point out that they aren't punishing people; just making them call to get their access back and make sure they're not infected. Remember, the bandwidth belongs to the ISP. They have to protect it.
I wish BellSouth would do something similar, but they've always been clueless. Heck, many of these requests were from BellSouth servers!
They exploit security holes in Microsoft software on Microsoft OSes. Other software and OSes are immune (although if a user has access to the file space, they could place an infected file on the non-MS server, making it an "immune carrier"). So what should we call them?
Slashdot Mirror
1) Microsoft must fully open the APIs and protocols to all interested parties, including rival software manufacturers and those who would set up emulation or compatibility layers (this would include WINE and Samba). It would seem to me that this should be considered the responsibility of anyone who makes an OS for general consumption. (Note that this would not require them to open up their source code.)
2) Microsoft should be prohibited from restricting equipment manufacturers from altering the software or reconfiguring the computer, such as installing rival software running on Windows or setting up a dual-boot with Linux.
Anything that doesn't do at least this much, in my view, will not make any difference whatsoever.
And how do you know the "14-and-counting Dept." didn't start counting at 0 as well? :^)
Granted. As I said, I'll check it out and see if it's worth the money.
The article comes right out and states that it doesn't cover everything, but it seems to get the most common exploits. Once an admin gets this paper and secures the server against everything in it, it becomes easier to block other kinds of traffic (such as file types ending in exe). I do like the idea one poster had about a central database of port 80 fingerprints.
Thank you; at least there's one person who reads the entire message before having a kneejerk response. I even said, "Maybe it is worth the price," and maybe it is. I have nothing against paying money for software. I have purchased quite a lot in my time. It just seems weird to buy software that gives you access to free software...
Isn't MA the state that has a ballot initiative this year to repeal the state's Income Tax? There must be some people there with sense, Ted Kennedy notwithstanding.
For some reason, it bugs me that I have to pay money to use free (beer) plugins on a free (beer&speech) OS. Nice that they have a demo, though. I'll give it a shot; maybe it is worth the price.
The biggest clue they had was not only the lack of the donut, but the lack of police cars in the vicinity.
What, you mean "Orwell" isn't a contraction of "Orson Wells"?
You mean, like in California, where ridiculous energy legislation led to a state-wide power shortage?
Or like, anywhere in the country, where Federal health care policy directly results in the skyrocketing price of health care and the closure of most free clinics and charity hospitals?
These things only started going downhill in the 60s, when the Federal government started getting involved. Now, 200,000 Americans have died waiting for the FDA to approve medicine which would almost certainly have saved their lives, according to Robert Goldberg of Brandeis University. This is far more lives than they can claim to have saved.
Our government has about the worst track record of anything I can think of. And you say it's fine trusting this same government--which can't even keep drugs out of its own jails--with regulating things that are "innate in our system of living to the point that it is required to one degree or another"?
Oh, rest assured, I'll be writing...
The computer technology is the one area of our economy where the government has been, for the most part, hands-off. As a result, technology has improved by leaps and bounds while prices have dramatically decreased. A mere $200 today will buy a computer so powerful it would have cost $10,000 just five years ago, while other aspects of the economy--such as health care and energy--where the government meddles for our own good have seen ridiculous amounts of inflation. Legislation in this manner will, IMO, stifle progress and the trend of declining prices.
Not only that, but the law will be an unfair burden on computer owners. Consider the following clause:
(a) REMOVAL OR ALTERATION OF SECURITY. -- No person may --
(1) remove or alter any certified security technology in an interactive digital device;
This essentially forces consumers to run software they do not want, and prohibits them from removing it. There don't appear to be any exceptions for issues such as data protection. The government wants to do exactly what it's blaming Microsoft for. This is a serious and inexcusable affront to our liberties.
All in the name of "enhancing the security of the internet." Check out this quote:
There is little financial incentive for private companies to enhance the security of the Internet and other infrastructures as a whole.
How clueless can you get?
On the plus side, there is an exception for time-shifting, but this is little consolation compared to the decimation of our basic rights and the certainly negative impact it will have in the computer marketplace.
Could you even make a worm to exploit this? My understanding is that the exploit requires you to be connected already as a nonprivileged user.
So, let's see, when someone points out a flaw in a Microsoft product, Microsoft ignores it, until it gets out to the public, then Microsoft issues a patch (which may or may not fix the actual problem). It gets exploited (usually in the form of viruses and worms than spread like wildfire), and then Microsoft whines about "information anarchy."
When a flaw in Linux is discovered, they just fix the damn kernel and say, "oops."
Of the two, I know which one I like better.
Where does it say the writer worked for Red Hat?
Russ Mitchell (vortumnus@yahoo.com) , a former managing editor at Wired,most recently was editor in chief of Business 2.0.
And I've never met a female named "Russ."
Speedie needed to use Microsoft Word because the Linux word processors at her disposal were saddled with spellcheckers so abysmal they caused more problems than they solved, skipping over misspelled words and offering bizarre alternatives for words spelled correctly.
Strange...that's my experience with the Microsoft spell checker. Or with any other spell checker. None of them are perfect; nor are they intended to be a crutch. They're just tools to help find typos.
A decade later, Linux is lauded as a technical success. But as a business, it's a flop.
Why do we insist on measuring everything by the dollar value?
What if all the mental energy, the rage on Slashdot message boards had been concentrated on building solid business models in enterprise computing?
That's strange; the impression I got from the whole article was that of some junkie posting a rant on a bulletin board. I don't see him out developing the next greatest platform, and yet he pans others for doing exactly what he does.
You misunderstand. The DMCA rules only apply to reverse engineering methods that protect copyrighted materials. IANAL, but I don't think this situation applies.
What do you mean. No one does this, don't be rediculous. I think you're about to loose your mind?
...if they get the file METALLICA.MP3.vbs and it wipes their hard drive??? :^)
As others have pointed out, you must lease the bandwidth. But more to the point, the bandwidth being used by this worm is bandwidth taken away from the customers for their normal internet access. Freeing bandwidth created by a worm for the users is the exact opposite of restricting their bandwidth.
I've had almost 25,000 incoming port 80 requests since this virus was unleashed. (That's with my Linux box running constantly.) It's nice to see an ISP doing something productive.
To the naysayers, I'd like to point out that they aren't punishing people; just making them call to get their access back and make sure they're not infected. Remember, the bandwidth belongs to the ISP. They have to protect it.
I wish BellSouth would do something similar, but they've always been clueless. Heck, many of these requests were from BellSouth servers!
They exploit security holes in Microsoft software on Microsoft OSes. Other software and OSes are immune (although if a user has access to the file space, they could place an infected file on the non-MS server, making it an "immune carrier"). So what should we call them?
No, they didn't. What do you think the Federalist Papers are?
Not true. Abraham Lincoln did so, and the courts found that he violated the Constitution in doing so.
Yes, and each time the Supreme Court has ruled on them, they've been declared unconstitutional.