Virus history is a bit different if you follow the definition of viruses parasitically infecting files, whereas worms are self-contained and actively spread via network. Here's a paper that covers the early history of both to some degree.
I posted some of the reasons before this one appeared here and here,
and followed up in the comments to this article here.
Basically, the problem is - no matter how good your intentions are, you're going to hose some machines and cause real problems. You won't have control over the code once it is released. Even if you just publish source for it, someone else will release it and you won't have control.
If you want to help people, write your firewall activation and configuration program as a tool that allows the user to control it and distribute it freely on a website. Advertise it. If it doesn't suck, people will use it and you'll help make the internet more secure. Popular magazines might even recommend it as a really easy fix for security, and you'll help even more people. And, if you screw up, you can fix the bugs in the next version and provide support. Added bonus - the police and corporate lawyers won't be hunting you.
If you just want to flex your coding muscles, try writing cool stuff that you can put on a resume without being arrested. Or go help out on something useful that people will thank you for. If you really want to pit your code against others, try CoreWars - kinda old school, but it doesn't screw up anyone else's day.
If you've got enough skill to write a worm from scratch, you've got enough skill to either a.) make real money with programming, and/or b.) write useful software that will help lots of people. Don't waste your talent.
I was right the first time, and quite honestly I think I'll be proven right again if it's done as you suggest.
Not complex? You're downloading a bloody Microsoft Patch and running it! Have you seen how many people - competent administrators - have been saying all along that they have the automatic updates turned off because the patches keep breaking their machines? Ever written a buffer exploit? That's usually not simple code either, and it is very system and application specific - if the underlying code changes, but an overflow remains, your code will have completely unpredictable results. That's why the original patch for RPC prevented infection, but many patched computers that got probed still crashed.
Also - this won't be done in a corporate environment with proper testing labs if it is done. You simply won't have legal access to the number and variety of machines you need to even get an idea that it might work properly right at the moment, much less "for all of its lifetime". The DenZuk example I provided is a perfect example of a pretty well written virus that went all wrong - the disks it corrupted didn't even exist when the author wrote it, and yet, it still caused damage.
What happens when an uninfected machine attempts a legitimate RPC call? You infect it? Great.... You just broke someone's intranet that relied on RPC to get the job done, and you're preventing the legitimate program from binding to the port. Good job - pat yourself on the back, you just cost a company $1,000,000 in lost time during cleanup and lost customers.
Someone's CMOS battery is dead and they reboot it once a day? Great! Worm never dies, hoses RPC forever for that machine.
Trolling, or just innocent? DRM could help slow the proliferation of viruses somewhat, but - I doubt it will actually fix worms like this. What it can do is prevent unknown hostile programs from running in the first place - if you're running an executeable directly. I think it is a good idea, but more from a corporate administrative standpoint - no more stupid users installing KaZaa.
But can DRM truly be the solution to prevent exploits and worms? I doubt it. I expect that it will be trivial to exploit a program that's already been verified and make it do something it shouldn't even with fairly well implemented DRM.
Email viruses may be halted in their tracks - but most exploits will most likely not be. You say the Palladium implementation of DRM is sophisticated enough to detect a code change during runtime from a stack overwrite? I doubt it, but if so - just change the data instead. Same effect. It raises the bar, but viruses share a characteristic there with open source - the bar only has to be hurdled once before the flood. See the recent rash of RPC hole worms and exploits - one guy did it, now everyone and their 12 year old can.
And licensing a piece of software for $1000-$2000 so that it could run in the first place is ridiculous. Do you like freeware, shareware, or open source? It'd kill it on that platform. Might be great for the competing platforms, but not the one it's on.
I think the real threat with DRM though is that it'll be used in the ways we've already seen, only more expansive. Wanna play a DVD you bought on an unauthorized operating system? Pay the fee, or, if the owners are too lazy to write software for your OS, just forget about it. And don't even think about writing a program to play it for you if you value your freedom.
If left unchecked, CD's will become that way. Downloadable audio has already started to. Tried to download an mp3 from iTunes on Linux? Find anywhere else you can get the same tunes legally? For now - yes, just buy the CD. For now. Hopefully consumers will be upset enough as use of such copy protection schemes increase to purchase alternatives. I subscribe to E-Music myself - no DRM, but I'm paying for the industry to create more, and mostly to smaller lables (mainly Napalm, if they keep track - bands like Tristania, The Sins of Thy Beloved, etc).
Uhm... no. Sorry. It's a bad idea. See this thread for additional comments from before this one hit.
The original anti-virus virus was probably DenZuk, created to kill the Brain virus. They were both bootsector viruses. Problem is, later on a new format of floppy got introduced - DenZuk trashed users' data when it encountered them. And there wasn't a damned thing the original author could do about it, because it was self replicating, and therefore by definition not under his control.
If you've gotta go vigilante, don't go viral. Do something you can control. Scan all the machines on the net and patch them, or just patch everything that bounces off your firewall - fine. It's likely to get you in legal hot water, and it is on questionable ethical grounds, but at least you aren't trashing random machines with self replicating code that you can no longer STOP, no matter how much you might want to.
Any experienced programmer will know well that code that works on one machine is not going to always work on every other machine - no matter how good of a coder you are. Any smart and experienced programmer will also know that almost any complex program is going to run into a situation it wasn't designed for eventually and create an unexpected and probably very unpleasant result. Spend some time and think about it before acting.
Re:Paging Professor Turing, Professor Alan Turing.
on
LovSan Clone Let Loose
·
· Score: 1
Yep. My bad - forgot about the spelling and terminology trolls "Proven" was a poor choice for wording. The proper wording would have been something along the lines of "executing until the code can be classified as viral or non-viral with a reasonable probability". Which, as you point out, works quite well in many cases.
For a well written emulator, it's very unlikely for a random virus to detect and outmaneuver the emulator with logic - especially if you watch for trivial traps (back in the day, things like prefetch queue tricks and seg:off address wrapping, although these are obsoleted now). A virus is also not likely to go into a loop for 2 days under normal circumstances before infecting something - that'd hurt its survival rate. Under most practical circumstances, you can in fact emulate and easily determine what a virus does. These days worms and viruses are often written in higher level languages (VBScript, C++, etc), so the number of instructions has increased - but the same concepts usually still apply.
TBSCAN was both an awesome idea, and a bit scary. It actually *executed* the code, although it tried to sandbox it a little - there were a few tricks around to 'escape' the protections in his environment. Certain viruses would format the hard drive if you tried to remove them with thunderbyte - not pretty. However, it could also disinfect most viruses w/o knowing anything about them, so there was some neat code there.
I picked up my first assembler after getting hit by the Stoned virus and wondering how the hell it worked, then ran into Joshi shortly afterwards. Cleaners for those were easier than for no-frills (they were BSV/MBR viruses), but disassembling them was pretty interesting at the time.
Sorry, I jumped the gun there - didn't mean to insult ya.
The 'original' virus that cleaned up another one was the DenZuk virus, which cleaned up Brain. This is like late 80's stuff. DenZuk started corrupting floppies when the new high density ones came out.
It's occurred on occasion since, and the idea comes up pretty often over in alt.comp.virus. Two papers of interest are Bontchev's (originally from the U. of Hamburg, working for F-Prot last I checked), and for the pro- view (written by a virus writer) MidNyte's paper.
Uhm - they've been doing that for years. Early types were called polymorphism, an idea pioneered by the 'Dark Avenger'. Search for "MtE Dark Avenger" on the net. Old stuff.
Basically, the concept is that an encryptor is built up in memory randomly, while the inverted code (e.g. add vs. sub, rol vs. ror) is built up in reverse. The virus is encrypted with the encryptor, and the decryptor is prepended.
There were a ton of them in the early 90's. There are polymorphic Word viruses that use different techniques - running their script through a randomizer for variable names and such. Some viruses have also mutated their own opcodes as you suggest, although it's less common - but its been done.
Detecting such viruses is challanging, but usually there are static bytes with known (although possibly variable) distances between them. One can also run an interpreter over a file and pseudo-execute it until it can be proven that it is or is not a virus, or just blast any existing crypto around the body and look to see what's there. If the virus just flips between equivalent opcodes, then just scan with a regular expression that includes each equivalent as an alternative. Another method is analysing the opcodes - if an exe's entry point is at the end of the file where you have a 1k decryptor right before 2k of garbage, and all the decryptor's opcodes fall within what one virus can produce, chances are....
There are a lot more complex and hybrid techniques for it -those are just a few that can be described quickly.
I know that is what was suggested, and it's been a cynical rumor that has surfaced from time to time for years, but it simply doesn't hold water. In fact, most AV companies go through substantial effort to avoid anything that might make that rumor stick. They do not write viruses. Some write really lousy software - but it doesn't replicate.
The truth is, there are far more kids playing around with viruses than would be needed to sustain the antivirus industry. Now that most viruses and worms don't need to be written in assembler and everyone is connected to the internet, the bar is extremely low - any fool with Word can write one. Check this out for some interesting research whitepapers on who really writes them.
Probably a troll - but a really *bad* idea. It's been done in the past. Problem being - the follow up virus caused more damage than the original, and infected a lot of uninfected user's machines. In the worm world (worm = nonparasitic network-based), it would still cause heavy traffic with the scans, even if it didn't infect anyone but already infected machines.
Ever written a complex low-level program that ran on millions of machines without a single user ever finding a bug in it? printf("Hello world!"); doesn't count.
If you want to go vigilante - write a nice happy non-replicating program that scans everyone's PC on the net and fixes the problem. I wouldn't recommend this from a legal standpoint though.
A lot of antivirus packages have been able to 'see through' lousy encryption schemes and packing techniques for a long time. The polymorphic viruses (viruses with a pseudo-random encryptor/decryptor around them) and high level language viruses forced that back in the early 90's. A few have pretty serious processor emulation built in for heuristics to detect unknown viruses, although others use code signatures for the same purpose.
Most of the good AV packages do perform a hash of some sort on the unchanging parts of the virus to make sure it is the exact same one as their sample as a final check - otherwise disinfection can be dangerous depending on what has changed, and a huge percentage of the viruses out there are simple hacks of others. Misidentification can be really bad if something like an encryption key protecting original data from the program is changed.
If past performance is any indication, it's because Kaspersky takes multiple strings from harder to modify areas and also supports wildcards - the guy who started it (Eugene Kaspersky) is a badass at assembler and has generally produced some of the best virus analysis in the industry. I use and recommend F-Secure, which uses a combination of his engine and Fridrik Skulason's for scanning - that way you get the advantage of having two sets of seperately picked virus signatures plus different heuristical scanning methods.
Aside from a few stability issues that took them bloody forever to work out on 2K (BSOD's once a week for a few months on my box as a result) - it's been a great product for years. I've gotten to laugh at the people using McAfee's and Norton's several times and say 'I told you so' when they got hit
Unfortunately - I think they have the price for the personal edition set too high, and can't market in the U.S. for shit.
Right, I was actually referring to my bank's security plan - among other things they guarauntee that even on my debit card they'll have a 24-hour reimbursement time on fraud cases after I report them. I don't take out a seperate policy - it's part of the agreement, along with the FDIC insurance and all that other fun stuff.
Looking at one of their reports, I believe the quote was "The FTC's identity theft Web site had received more than 699,000 hits since it was launched in February 2000" that spawned that number.... The actual report I expect it's from is here,
and the article from the story misquoted it - the actual number of complaints to the FTC via their hotline for 2001 was over (but probably around) 86,000.
Several websites seem to use the larger number, but most of them are selling something and just playing "woopsie" with the numbers.
At 86,000, that puts it more at the level of arson. So I'll spend just about as much effort avoiding it - none outside of common sense. However, my credit cards do have insurance, just like I have insurance on my apartment and belongings. And I don't post my SS# to usenet.
What I encounter far more often is the stupid debt collection agencies sending me bills that have nothing to do with me, where the name is slightly different and the SS# is nowhere near the same - I don't think those are someone trying to steal my identity. Rather, I think it's the debt collectors getting desperate to find someone and spamming any name that's even close hoping that either they'll find him, or someone else will pay the bill without realizing it isn't them.
Oh - by the way, the "using seperate random passwords for important online accounts" thing.... I count that as common sense. Add in - not logging into bank or brokerage services from untrusted computers, especially at Kinko's.
I've used DOS and Windows NT in large systems - they didn't evolve for me - but they worked just fine and our idea that used them created a demand (wafer and PCB inspection machines). And, both had previously evolved to be viable in those niches. If I were to do it over from scratch, I'd probably go with BSD or Linux if possible - however, at the time the drivers simply didn't exist for high-end image processing boards.
The point I got from the article is that he just read "Secrets and Lies" and went "Hey man, that sounds cool! Hey - Linux is a process! Dude, that sounds great!".
If you want to do something really unique and creative, you figure out what you need to do to make it happen and then do it.
Sorry, not going to buy the mutate/adaption - the install was modified and additional code was written by developers to make it work for TiVo.
Same thing happened as NT evolved for workstations and servers, or when the Windows codebase was ported to handhelds in Windows CE.
Yes, Linux, *BSD, and any other open source operating system can have that modification done by the users, rather than the owners, but the OS's don't just wake up and say "HEY! we're gonna run on a Toaster today!"
Again I say - all modern operating systems evolve quickly to fill demands. And if you're including GNU or GPL'd software in the "evolving/mutating/process" of Linux, take a look on SourceForge and search for win32 or windows - a lot of Windows programmers are doing open source too it seems.
And I think Ian should have at least tipped his hat to Bruce for abusing an expression that was already popularized by someone else - except in Bruce's case it was correct. Security is in fact, a process.
While some of the later points in the article are interesting, most of it really seems to me to be marketing hype.
Linux is a dynamic system. Updates and new software are made available all the time. There are flavors of Linux for many different niches, yet it's still GNU/Linux. Cool.
Windows is also a dynamic system, at least for those who don't disable the automatic updater from automatically hosing their system. Updates and new software are made available all the time. There are flavors of Windows for many different niches, yet it's still Windows. Spiffy.
The difference is that users can contribute to the core codebase - not just the add-ons. However, while this is awesome, and the GPL'd nature of Linux makes it special among the OS's.....
All modern operating systems are evolving at a high speed. All technology infrastructures are a process as much as anything else.
For boxen being broken at ISP's. Interland trashed a rather important co-located server for us over the weekend, and blamed it on a "Worm" referencing this bug. AFAIK, no worm has yet been released, and certainly none was out then - anyone else been fed this kind of b.s.? Anyone heard of any truth to it at all?
As far as DoHs getting in on the action - I think they'll cry wolf at anything to keep interest. The more afraid the public is on a daily basis, the more they are legitimized. I was appalled the other day to see this article on the front page a few days ago - no shit guys, thanks for the press release. Ya know what else?.COM stocks might not be the best investment if the company hasn't produced a product.
Obviously this hole is a major one, but we've kinda known that unfirewalled Windows boxen on the net are a Bad Thing (tm). This hasn't changed, and it's not much more likely now for a worm to run rampant through everything that it was in the past - it'll happen, it'll suck, and everyone will do the same fire drill as every other time it happened. And a few, bright IT departments will switch to FreeBSD or similar for their external machines or put up a bloody firewall.
Everyone in your company has $400 extra to blow on their computer to run multiple OS's? wow.... What kinda company? Pretty small, right?
I have a hard time getting my company to purchase anything beyond the minimum tools I need (NuMega and similar were out of my pocket, since I didn't mind owning them myself). VMWare's been on the wish list - but only as a wish.
Not going to stop the RIAA from catching you (although they'd have difficulty decrypted the drive once they did I guess), but looks moderately useful for protecting a harddrive from theft. I'd love one on a laptop. If someone stole it in an airport or somesuch - at least they couldn't get my data without some effort.
How do you tell if it's obvious? Well, if it's already becomecommon practice - that might be a clue. And if there already a term for exactly what's patented, like caching, I would assume it fit the definition of "obvious".
Personally, I think the USPTO should:
Require patents to be submitted in layman's terms that anyone knowledgeable in the subject can read, rather than in the legalese crap that's commonly used that only serves to obfuscate the issue. Patents should be rejected if they are unreadable - that would ease the burden on the patent office I'm sure.
Those would help a lot. Public comment would most likely be heavily abused pre-patent, but I think letting people call patents into question and produce prior art in order to contest and invalidate an existing patent should be free - I'd say spend the money on the people to take those requests and investigate them.
that somehow all the employees are (by this same magic) supposed to be proficient
I see lots of computer techs say things like this. Stupid user, doesn't he know how to xxxxxxx....
That's one reason why Linux is not ready for the desktop, and most software on all platforms sucks. The user shouldn't need to be proficient. The software should be designed to make sense.
It's fine to have cryptic compilers and command lines for those of us who use them. I personally hated the Mac until OSX came out because of the lack of a command line. But I'm a developer - if you want a system to be useful to people with other professions, design them to make sense in the terms familiar with the user. Otherwise you're just catering to yourself - cool, but it doesn't make it ready for the masses.
I'd highly recommend reading Don Norman's works on useability and engineering for anyone designing anything for use by others. GUI Bloopers by Jeff Johnson is another favorite for making things make sense to others that aren't coders or techs.
The simple point is - there are professions other than computer programmer/administrator/tech. Software should, in most cases, be designed for those other professions. And you shouldn't have to drop a lot of money to train people to use good software past the "this is a mouse - it moves the pointer" stage.
With only 17576 different 3-letter acronyms available, it's long past time to switch to four or five letter ones for new stuff... Even within just the programming field it's enough to make my head hurt reading stuff some days...
Slashdot Mirror
Virus history is a bit different if you follow the definition of viruses parasitically infecting files, whereas worms are self-contained and actively spread via network. Here's a paper that covers the early history of both to some degree.
I posted some of the reasons before this one appeared here and here, and followed up in the comments to this article here.
Basically, the problem is - no matter how good your intentions are, you're going to hose some machines and cause real problems. You won't have control over the code once it is released. Even if you just publish source for it, someone else will release it and you won't have control.
If you want to help people, write your firewall activation and configuration program as a tool that allows the user to control it and distribute it freely on a website. Advertise it. If it doesn't suck, people will use it and you'll help make the internet more secure. Popular magazines might even recommend it as a really easy fix for security, and you'll help even more people. And, if you screw up, you can fix the bugs in the next version and provide support. Added bonus - the police and corporate lawyers won't be hunting you.
If you just want to flex your coding muscles, try writing cool stuff that you can put on a resume without being arrested. Or go help out on something useful that people will thank you for. If you really want to pit your code against others, try CoreWars - kinda old school, but it doesn't screw up anyone else's day.
At the very least, please read this paper.
If you've got enough skill to write a worm from scratch, you've got enough skill to either a.) make real money with programming, and/or b.) write useful software that will help lots of people. Don't waste your talent.
Not complex? You're downloading a bloody Microsoft Patch and running it! Have you seen how many people - competent administrators - have been saying all along that they have the automatic updates turned off because the patches keep breaking their machines? Ever written a buffer exploit? That's usually not simple code either, and it is very system and application specific - if the underlying code changes, but an overflow remains, your code will have completely unpredictable results. That's why the original patch for RPC prevented infection, but many patched computers that got probed still crashed.
Also - this won't be done in a corporate environment with proper testing labs if it is done. You simply won't have legal access to the number and variety of machines you need to even get an idea that it might work properly right at the moment, much less "for all of its lifetime". The DenZuk example I provided is a perfect example of a pretty well written virus that went all wrong - the disks it corrupted didn't even exist when the author wrote it, and yet, it still caused damage.
What happens when an uninfected machine attempts a legitimate RPC call? You infect it? Great.... You just broke someone's intranet that relied on RPC to get the job done, and you're preventing the legitimate program from binding to the port. Good job - pat yourself on the back, you just cost a company $1,000,000 in lost time during cleanup and lost customers.
Someone's CMOS battery is dead and they reboot it once a day? Great! Worm never dies, hoses RPC forever for that machine.
Bad idea. Mark my words on that.
But can DRM truly be the solution to prevent exploits and worms? I doubt it. I expect that it will be trivial to exploit a program that's already been verified and make it do something it shouldn't even with fairly well implemented DRM.
Email viruses may be halted in their tracks - but most exploits will most likely not be. You say the Palladium implementation of DRM is sophisticated enough to detect a code change during runtime from a stack overwrite? I doubt it, but if so - just change the data instead. Same effect. It raises the bar, but viruses share a characteristic there with open source - the bar only has to be hurdled once before the flood. See the recent rash of RPC hole worms and exploits - one guy did it, now everyone and their 12 year old can.
And licensing a piece of software for $1000-$2000 so that it could run in the first place is ridiculous. Do you like freeware, shareware, or open source? It'd kill it on that platform. Might be great for the competing platforms, but not the one it's on.
I think the real threat with DRM though is that it'll be used in the ways we've already seen, only more expansive. Wanna play a DVD you bought on an unauthorized operating system? Pay the fee, or, if the owners are too lazy to write software for your OS, just forget about it. And don't even think about writing a program to play it for you if you value your freedom.
If left unchecked, CD's will become that way. Downloadable audio has already started to. Tried to download an mp3 from iTunes on Linux? Find anywhere else you can get the same tunes legally? For now - yes, just buy the CD. For now. Hopefully consumers will be upset enough as use of such copy protection schemes increase to purchase alternatives. I subscribe to E-Music myself - no DRM, but I'm paying for the industry to create more, and mostly to smaller lables (mainly Napalm, if they keep track - bands like Tristania, The Sins of Thy Beloved, etc).
The original anti-virus virus was probably DenZuk, created to kill the Brain virus. They were both bootsector viruses. Problem is, later on a new format of floppy got introduced - DenZuk trashed users' data when it encountered them. And there wasn't a damned thing the original author could do about it, because it was self replicating, and therefore by definition not under his control.
If you've gotta go vigilante, don't go viral. Do something you can control. Scan all the machines on the net and patch them, or just patch everything that bounces off your firewall - fine. It's likely to get you in legal hot water, and it is on questionable ethical grounds, but at least you aren't trashing random machines with self replicating code that you can no longer STOP, no matter how much you might want to.
Any experienced programmer will know well that code that works on one machine is not going to always work on every other machine - no matter how good of a coder you are. Any smart and experienced programmer will also know that almost any complex program is going to run into a situation it wasn't designed for eventually and create an unexpected and probably very unpleasant result. Spend some time and think about it before acting.
For a well written emulator, it's very unlikely for a random virus to detect and outmaneuver the emulator with logic - especially if you watch for trivial traps (back in the day, things like prefetch queue tricks and seg:off address wrapping, although these are obsoleted now). A virus is also not likely to go into a loop for 2 days under normal circumstances before infecting something - that'd hurt its survival rate. Under most practical circumstances, you can in fact emulate and easily determine what a virus does. These days worms and viruses are often written in higher level languages (VBScript, C++, etc), so the number of instructions has increased - but the same concepts usually still apply.
TBSCAN was both an awesome idea, and a bit scary. It actually *executed* the code, although it tried to sandbox it a little - there were a few tricks around to 'escape' the protections in his environment. Certain viruses would format the hard drive if you tried to remove them with thunderbyte - not pretty. However, it could also disinfect most viruses w/o knowing anything about them, so there was some neat code there.
I picked up my first assembler after getting hit by the Stoned virus and wondering how the hell it worked, then ran into Joshi shortly afterwards. Cleaners for those were easier than for no-frills (they were BSV/MBR viruses), but disassembling them was pretty interesting at the time.
The 'original' virus that cleaned up another one was the DenZuk virus, which cleaned up Brain. This is like late 80's stuff. DenZuk started corrupting floppies when the new high density ones came out.
It's occurred on occasion since, and the idea comes up pretty often over in alt.comp.virus. Two papers of interest are Bontchev's (originally from the U. of Hamburg, working for F-Prot last I checked), and for the pro- view (written by a virus writer) MidNyte's paper.
Lock your door and windows everynight or I'll take your TV.
Basically, the concept is that an encryptor is built up in memory randomly, while the inverted code (e.g. add vs. sub, rol vs. ror) is built up in reverse. The virus is encrypted with the encryptor, and the decryptor is prepended.
There were a ton of them in the early 90's. There are polymorphic Word viruses that use different techniques - running their script through a randomizer for variable names and such. Some viruses have also mutated their own opcodes as you suggest, although it's less common - but its been done.
Detecting such viruses is challanging, but usually there are static bytes with known (although possibly variable) distances between them. One can also run an interpreter over a file and pseudo-execute it until it can be proven that it is or is not a virus, or just blast any existing crypto around the body and look to see what's there. If the virus just flips between equivalent opcodes, then just scan with a regular expression that includes each equivalent as an alternative. Another method is analysing the opcodes - if an exe's entry point is at the end of the file where you have a 1k decryptor right before 2k of garbage, and all the decryptor's opcodes fall within what one virus can produce, chances are....
There are a lot more complex and hybrid techniques for it -those are just a few that can be described quickly.
Doh - bad link. Badguys.org, not .com. here.
The truth is, there are far more kids playing around with viruses than would be needed to sustain the antivirus industry. Now that most viruses and worms don't need to be written in assembler and everyone is connected to the internet, the bar is extremely low - any fool with Word can write one. Check this out for some interesting research whitepapers on who really writes them.
Ever written a complex low-level program that ran on millions of machines without a single user ever finding a bug in it? printf("Hello world!"); doesn't count.
If you want to go vigilante - write a nice happy non-replicating program that scans everyone's PC on the net and fixes the problem. I wouldn't recommend this from a legal standpoint though.
Most of the good AV packages do perform a hash of some sort on the unchanging parts of the virus to make sure it is the exact same one as their sample as a final check - otherwise disinfection can be dangerous depending on what has changed, and a huge percentage of the viruses out there are simple hacks of others. Misidentification can be really bad if something like an encryption key protecting original data from the program is changed.
Aside from a few stability issues that took them bloody forever to work out on 2K (BSOD's once a week for a few months on my box as a result) - it's been a great product for years. I've gotten to laugh at the people using McAfee's and Norton's several times and say 'I told you so' when they got hit
Unfortunately - I think they have the price for the personal edition set too high, and can't market in the U.S. for shit.
Right, I was actually referring to my bank's security plan - among other things they guarauntee that even on my debit card they'll have a 24-hour reimbursement time on fraud cases after I report them. I don't take out a seperate policy - it's part of the agreement, along with the FDIC insurance and all that other fun stuff.
Looking at one of their reports, I believe the quote was "The FTC's identity theft Web site had received more than 699,000 hits since it was launched in February 2000" that spawned that number.... The actual report I expect it's from is here, and the article from the story misquoted it - the actual number of complaints to the FTC via their hotline for 2001 was over (but probably around) 86,000.
Several websites seem to use the larger number, but most of them are selling something and just playing "woopsie" with the numbers.
At 86,000, that puts it more at the level of arson. So I'll spend just about as much effort avoiding it - none outside of common sense. However, my credit cards do have insurance, just like I have insurance on my apartment and belongings. And I don't post my SS# to usenet.
What I encounter far more often is the stupid debt collection agencies sending me bills that have nothing to do with me, where the name is slightly different and the SS# is nowhere near the same - I don't think those are someone trying to steal my identity. Rather, I think it's the debt collectors getting desperate to find someone and spamming any name that's even close hoping that either they'll find him, or someone else will pay the bill without realizing it isn't them.
Oh - by the way, the "using seperate random passwords for important online accounts" thing.... I count that as common sense. Add in - not logging into bank or brokerage services from untrusted computers, especially at Kinko's.
The point I got from the article is that he just read "Secrets and Lies" and went "Hey man, that sounds cool! Hey - Linux is a process! Dude, that sounds great!".
If you want to do something really unique and creative, you figure out what you need to do to make it happen and then do it.
Same thing happened as NT evolved for workstations and servers, or when the Windows codebase was ported to handhelds in Windows CE.
Yes, Linux, *BSD, and any other open source operating system can have that modification done by the users, rather than the owners, but the OS's don't just wake up and say "HEY! we're gonna run on a Toaster today!"
Again I say - all modern operating systems evolve quickly to fill demands. And if you're including GNU or GPL'd software in the "evolving/mutating/process" of Linux, take a look on SourceForge and search for win32 or windows - a lot of Windows programmers are doing open source too it seems.
And I think Ian should have at least tipped his hat to Bruce for abusing an expression that was already popularized by someone else - except in Bruce's case it was correct. Security is in fact, a process.
Linux is a dynamic system. Updates and new software are made available all the time. There are flavors of Linux for many different niches, yet it's still GNU/Linux. Cool.
Windows is also a dynamic system, at least for those who don't disable the automatic updater from automatically hosing their system. Updates and new software are made available all the time. There are flavors of Windows for many different niches, yet it's still Windows. Spiffy.
The difference is that users can contribute to the core codebase - not just the add-ons. However, while this is awesome, and the GPL'd nature of Linux makes it special among the OS's.....
All modern operating systems are evolving at a high speed. All technology infrastructures are a process as much as anything else.
Nicely hyped though.
As far as DoHs getting in on the action - I think they'll cry wolf at anything to keep interest. The more afraid the public is on a daily basis, the more they are legitimized. I was appalled the other day to see this article on the front page a few days ago - no shit guys, thanks for the press release. Ya know what else? .COM stocks might not be the best investment if the company hasn't produced a product.
Obviously this hole is a major one, but we've kinda known that unfirewalled Windows boxen on the net are a Bad Thing (tm). This hasn't changed, and it's not much more likely now for a worm to run rampant through everything that it was in the past - it'll happen, it'll suck, and everyone will do the same fire drill as every other time it happened. And a few, bright IT departments will switch to FreeBSD or similar for their external machines or put up a bloody firewall.
I have a hard time getting my company to purchase anything beyond the minimum tools I need (NuMega and similar were out of my pocket, since I didn't mind owning them myself). VMWare's been on the wish list - but only as a wish.
Also, here's the key.
Not going to stop the RIAA from catching you (although they'd have difficulty decrypted the drive once they did I guess), but looks moderately useful for protecting a harddrive from theft. I'd love one on a laptop. If someone stole it in an airport or somesuch - at least they couldn't get my data without some effort.
Personally, I think the USPTO should:
Those would help a lot. Public comment would most likely be heavily abused pre-patent, but I think letting people call patents into question and produce prior art in order to contest and invalidate an existing patent should be free - I'd say spend the money on the people to take those requests and investigate them.
I see lots of computer techs say things like this. Stupid user, doesn't he know how to xxxxxxx....
That's one reason why Linux is not ready for the desktop, and most software on all platforms sucks. The user shouldn't need to be proficient. The software should be designed to make sense.
It's fine to have cryptic compilers and command lines for those of us who use them. I personally hated the Mac until OSX came out because of the lack of a command line. But I'm a developer - if you want a system to be useful to people with other professions, design them to make sense in the terms familiar with the user. Otherwise you're just catering to yourself - cool, but it doesn't make it ready for the masses.
I'd highly recommend reading Don Norman's works on useability and engineering for anyone designing anything for use by others. GUI Bloopers by Jeff Johnson is another favorite for making things make sense to others that aren't coders or techs.
The simple point is - there are professions other than computer programmer/administrator/tech. Software should, in most cases, be designed for those other professions. And you shouldn't have to drop a lot of money to train people to use good software past the "this is a mouse - it moves the pointer" stage.
With only 17576 different 3-letter acronyms available, it's long past time to switch to four or five letter ones for new stuff... Even within just the programming field it's enough to make my head hurt reading stuff some days...