Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Worms Security IT

Sober.P Worm Accounts for 5% of all Email Traffic 451

Posted by CmdrTaco from the thats-a-lotta-bits dept.
destuxor writes "The grave insecurity of the day is the Sober.P worm which is currently pushing nearly 5% of all email traffic at the moment. Unlike previous worms, Sober can disable the Windows Firewall and Symantec Antivirus. Interestingly, patched machines are not vulnerable to the exploits used by this worm. What are we going to have to do to convince "ordinary users" to visit WindowsUpdate once in a while?" update percentage corrected.
This discussion has been archived. No new comments can be posted.

Sober.P Worm Accounts for 5% of all Email Traffic More

Sober.P Worm Accounts for 5% of all Email Traffic

Comments Filter:

  • sober.p (Score:2, Funny)

    by Anonymous Coward
    is that like the anti-tequila worm?
  • Oh better hurry and update iptables and patch my kernel and emerge sync;emerge -uv world... oh windows, they get all the fun!
    • Oh better hurry and update iptables and patch my kernel and emerge sync;emerge -uv world

      YAY!!!! It's don... what@ still compiling? It's been 4 hours already!!

      (kidding, man. but my slashbot training tought me that no emerge reference is complete without a compile time joke. it probably won't be that long. heck, it might even finish before sarge is finally released)

  • Only 1 way (Score:4, Funny)

    by Turn-X Alphonse ( 789240 ) on Sunday May 08, 2005 @11:02AM (#12468002) Journal
    Whenever your PC gets infected with a virus or 10 bits of spyware a large foot swings out from under the desk and hits you in the groin. It'd even work on them guys pretending to be women!

  • Reading the article? (Score:5, Informative)

    by r2q2 ( 50527 ) <zitterbewegungNO@SPAMgmail.com> on Sunday May 08, 2005 @11:02AM (#12468006) Homepage
    I read that the article refrences that it only comprises 4.65 percent of all email traffic? Where does this article say 25 percent???

  • Solution (Score:5, Funny)

    by 0x461FAB0BD7D2 ( 812236 ) on Sunday May 08, 2005 @11:02AM (#12468007) Journal
    What are we going to have to do to convince "ordinary users" to visit WindowsUpdate once in a while?

    Easy. Make it an invite-based system. People take for granted what they can get effortlessly.

    Add a cost to it, and people will appreciate and use it more.

    • Re:Solution (Score:4, Insightful)

      by numbsafari ( 139135 ) <swilson@bsd4us. o r g> on Sunday May 08, 2005 @11:39AM (#12468273)
      That sounds silly, but think about it... How much is spent on "personal firewalls" and "anti-virus" software every year by people who could simply run over to WindowsUpdate and get what probably constitutes the single most important security tool of all (bug fixes) for free?

      ps... I'm not saying firewalls aren't important security tools, but when it comes to at-home desktops, bugs are the real issue... and viruses are just exploiting bugs that haven't been patched yet.
    • Ah yes, "perceived value". Works every time. Just look at the success of Windows itself.

  • RTFA, Taco (Score:5, Informative)

    by Draoi ( 99421 ) * <.draiocht. .at. .mac.com.> on Sunday May 08, 2005 @11:04AM (#12468018)
    The Sober.P worm is still spreading fast and made up almost 5 percent of all e-mail traffic

    From the first line ... 5%, not 25%. Big difference ....

  • Interesting? (Score:3, Insightful)

    by RoadkillBunny ( 662203 ) <roadkillbunny@msn.com> on Sunday May 08, 2005 @11:04AM (#12468019)
    Interestingly, patched machines are not vulnerable to the exploits used by this worm.

    What is so interesting about that? It would only be interesting if the patched machines were still vulnerable.
    • What's interesting is that my fully patched XP Home box picked up Sober when I inadvertently clicked an e-mail spoofing my ISP's address. At least TrendMicro's online scan said it removed Sober. I was in an unpriviledged user account at the time.
    • In the articles context, I'd say he was being sarcastic.
      Sarcasm doesn't work too well on the internet.

    • Technological problems and technological solutions (Score:5, Insightful)

      by jfengel ( 409917 ) on Sunday May 08, 2005 @12:12PM (#12468548) Homepage Journal
      It's interesting because it means that there are still enough unpatched machines out there for a worm to gain serious traction without uncovering new technical vulnerabilities. Worms that hit patched machines are technologically interesting, but those are problems that can be fixed (eventually) by patching. A technological problem with a technological solution.

      But it appears that even if a putative Service Pack 3 were flawless, there would still be massive worm activity in those who haven't patched. And if they haven't patched by now, they're not gonna, and that means we're going to be dealing with this problem for a long time to come.

      It's a non-technological problem, so there may not be a technological solution. (Me, I'd like to see ISPs start throttling infected users, but that's a whole separate can of worms.)

  • Here's what to do (Score:2, Insightful)

    by bazmail ( 764941 )
    A nationwide (USA) TV expose (-ay) of how spam is sent and how "your kids PC is helping terrorists send unsolicited email" would bring that percentage down to 5%.

    Ordinary users just have no idea. Many don't enven know about Windows Update.
  • I think that there are 2 categories:
    1. unaware users (like about all my neighbours and friends)
    2. Users who do not want to patch their system into a less controlable state (hence SP2 trouble).
    I think better filters at mailservers could help:
    The content of the mail may be unknown (different headers all the time), but the attachment is known. A simple filter should be able to get rid of it, no need for very expensive antivirus software.

    • Re:Visiting windows update once in a while (Score:4, Informative)

      by Karzz1 ( 306015 ) on Sunday May 08, 2005 @11:23AM (#12468173) Homepage
      At my office I have MailScanner [soton.ac.uk] configured with Postfix [postfix.org], SpamAssassin [apache.org], and ClamAV [clamav.net]. Every bit of this configuration is free (beer and speech) and works very well. I have the rules set fairly loosely, yet it still manages to catch >80% spam and I have yet to see a virus make it passed. It is a bit of a bear to set up, but for those who would rather not, all of those packages can be found in openprotect [openprotect.com] (with or without commercial support).

      Now, for the caveat. As is the case with any type of email scanner, it is very resource intensive. As such, I have a dedicated dual Athlon machine which handles scanning for 50-100,000 emails/day and it stays very busy (load over 1, >50% processor utilization).

  • Obligatory... (Score:3, Insightful)

    by Anonymous Coward on Sunday May 08, 2005 @11:06AM (#12468033)
    I use a Mac...I have no problems.
    I use Linux...I have no problems.

    (however, my email box is filled up with these stupid Sober.P-generated messages)

    What will it take for people to switch? All of the news reports I've heard this week about Sober.P don't even mention that it ONLY affects MS-based PCs running Outlook. I would think that the news industry would at least do one minute of digging and include this little nugget of information to help its listeners/viewers.

    TDz.
    • It doesn't just affect MS based PC's running Outlook. It only _infects_ MS based PC's running Outlook.

      Any computer with an overflowing inbox of messages with this virus attached to it, whether or not their machine is vulnerable, is affected.

  • Getting People to Update... (Score:5, Insightful)

    by quark101 ( 865412 ) on Sunday May 08, 2005 @11:06AM (#12468036)
    It's been my experience that it is almost impossible to get ordinary (read: non-computer) people to update their machines, be it Windows or Norton Virus updates. The only way that most of them will get these updates, ever, is if 1. Someone does it for them, or 2. If it is automated, and does it for them.

    Otherwise, they just don't see the reason to, don't have the motivation to, and just plain don't care.
    • Otherwise, they just don't see the reason to, don't have the motivation to, and just plain don't care.

      Nothing new, people have been running cars into the ground by not changing the oil for years. It's quite a similar analogy, preventative maintainence; handy if you are trying to convince someone to start doing it. "If you don't do this, this will happen". Keyloggers are a good one as well, worth mentioning as people might not care all that much if their PC is a spam host; instead tell them that it's loggi

    • White hats... (Score:5, Insightful)

      by Corpus_Callosum ( 617295 ) on Sunday May 08, 2005 @01:33PM (#12469136) Homepage
      Someone should write a white-hat worm that brings the machines up-to-date with security patches, turns on auto-update, sanitizes the computer and reboots...

      Before everyone starts screaming that you can't release a white-hat worm, please consider the situation we are in today; Hundreds of thousands, if not millions of zombie machines are sitting out there doing the bidding of criminals to extort money from sites that fear DoS, fill our inboxes with Spam, spread virus and trojans that install keyloggers, attempt to get access to your financial and other accounts, etc.. etc..

      On the one hand, we have total anarchtic hacker mayhem (today) and on the other, a sanitized Internet at the cost of using the techniques employed by the shadowy side of society.

      I really doubt that many people would have issue with this. Hell, it should be done in the name of national security. Really... And anyway, if your machine is susceptible to a white hat worm, it is equallyt susceptible to the bad stuff, which means it is pretty much guaranteed that you already have a bunch of nasty stuff installed on it. A white hat worm will provide some relief.

      • Re:White hats... (Score:5, Informative)

        by csirac ( 574795 ) on Sunday May 08, 2005 @03:59PM (#12470154)
        Like Welchia [symantec.com]?

      • Re:White hats... (Score:5, Insightful)

        by repvik ( 96666 ) on Sunday May 08, 2005 @04:33PM (#12470384)
        Take this scenario:


        Gangsters are starting to roam the streets, killing people at a rate of 8-9 people a day. Do you then propose "normal" citizens should get a gun and shoot them motherfsckers down? What if a stray shot kills an innocent? (And no, the analogy isn't inept. You *WILL* hurt innocent systems by doing this)

        Are you willing to be liable for taking down a major international corporations headquarters? Killing off millions of Windows PC's that are in a different locale than the worm, because you hit a locale-specific bug in Chinese Windows? Or maybe your worm manages to knock out Cisco routers (Code Red crashed my i677DIR). Now that'd be real fun, wouldn't it?
        What about the amount of bandwidth this worm creates. If this worm of yours is 220kb, and I'm getting hit by it repeatedly while surfing over GPRS, will you pay the cost? (Currently, that'd cost me almost 1 USD)
        Or, your worm has a bug that overwrites a random file in the filesystem. Who will pay for the damages? "You destroyed my thesis! I've been working two months writing it!"


        No matter the reasoning behind it. There are millions of different windows configurations, hundreds of different windows versions (if not thousands). How the hell are you going to QA this worm?

  • Funny how something called sober is free as in beer.

  • It's the GDGA vendor attitude that 'cornsumers' (Score:4, Insightful)

    by Senor_Programmer ( 876714 ) on Sunday May 08, 2005 @11:08AM (#12468055)
    be brainwashed into believing that the computer is an easy to use appliance, like a toaster or TV, and NOT a potentially hazardous tool like a chainsaw.

    That this has become the holy grail of huge numbers of Linux afficianados is likely the worst thing there is for Linux. Instead of promoting Linux as the 'thinking man's alternative' most of it's fanbase has bought into the whole 'computer as appliance' mindset.

    Give a man a bananna and he might choke on the skin. Teach him to peel and he'll be hell's bells.
    • "a potentially hazardous tool like a chainsaw."

      last time i severed my leg with my computer, i was reminded of this fact.

      The object of linux SHOULD be to make the computer as easy to use as possible, because the people who care about how their computer actually works are a stastical minority of computer owners. The reason thses viruses spread is that people REFUSE to be educated. If your goal is to become a mainstream OS [which I'm not convinced yours is, but it seems to be the goal of the majority of
    • Instead of promoting Linux as the 'thinking man's alternative' most of it's fanbase has bought into the whole 'computer as appliance' mindset.

      You can buy or built a PC with significant horse power for $500 and under. The PC as household appliance or an office tool as commonplace as a typewriter made that possible.

  • its not just windows-users (Score:3, Interesting)

    by rehabdoll ( 221029 ) on Sunday May 08, 2005 @11:10AM (#12468070) Homepage
    I get _TONS_ of logs from various ssh-worms roaming around these days.

  • Trusting MicroSoft (Score:5, Interesting)

    by KiloByte ( 825081 ) on Sunday May 08, 2005 @11:12AM (#12468082)
    What are we going to have to do to convince "ordinary users" to visit WindowsUpdate once in a while?"

    The problem is, MicroSoft went a long way to tell people that no, they can not trust them when it comes to privacy. People from random businesses around here are pretty paranoid now -- I've talked to the CEO of a ~300 employees big company who, albeit a non-technical user himself, went on a long tirade about not letting Windows phone home.

    • Re:Trusting MicroSoft (Score:2, Interesting)

      by cpghost ( 719344 )

      People from random businesses around here are pretty paranoid now

      ... and still use Windows? I know the cost of migrating a lot of corporate stuff to Linux is pretty high, but if they don't even get started, their paranoia ain't getting them nowhere at all.

      BTW, I've seen similar attitudes recently: a lot of companies are very untrustful w.r.t. Microsoft's crypto libs and suspect all kinds of backdoors etc.. It may be paranoia, but it may also be true (wasn't there an NSA key somewhere in Windows in the

    • I'm wondering, would it be any different in linux? It takes only slightly less effort to upgrade debian than it is to run Windows Update (debian has mostly no dialogues and no annoyances), however I doubt people would still pedantically update.

      Perhaps skillful use of cron would help?
  • But if you slashdot the Sober.P worm, who wins?

  • Windows Update is useless to dialup users (Score:3, Interesting)

    by LTSharpe ( 809868 ) on Sunday May 08, 2005 @11:16AM (#12468120)
    I have tried using windows update on several machines over the years ever since it came out. All I ever receive in return are page script errors, stalled connections and general frustration of all kinds. I especially hate waiting for it to do something after god knows how long only to have it error out and start all over again. I gave up on windows update long ago which is fine because I generally follow and advise others to follow hte rule of 'if it ain't broke then don't fix it'.
    • As someone who is responsible for 600+ computers I have to take strong exception to your attitude. And I can't agree with the implication that Windows update doesn't work. The only time I've ever had problems with it is on XP64 beta - and I don't really expect it to work on beta software.

      The whole point is that Windows is "broke" (indeed I'd challenge you to find any OS that isn't broke in some way). But if you keep it up-to-date with the latest patches it is at least a little less broke than before.

      When

  • What are we going to do? (Score:4, Insightful)

    by LO0G ( 606364 ) on Sunday May 08, 2005 @11:20AM (#12468145)
    What are we going to have to do to convince "ordinary users" to visit WindowsUpdate once in a while?"

    I dunno. Maybe we should stop running all those stories about how evil WindowsUpdate is, and how Microsoft is spying on your computer?

    And proclaiming to the heavens that <insert my linux distro> doesn't need updates because it's secure?

    • Re:What are we going to do? (Score:4, Insightful)

      by Technician ( 215283 ) on Sunday May 08, 2005 @11:49AM (#12468348)
      Maybe we should stop running all those stories about how evil WindowsUpdate is,

      Are you kidding. When a hosed machine is rebuilt from the CD, that un-installs all the updates.. Have you tried to re-update mom's machine after a rebuild.. on a modem?

      How about all the MS updates and patches on a rack at the local Best Buy? It would save a ton of re-update time on the modem. Then the real MS update could be used for this months updates instead of the last 2 years updates.

      Why doesn't MS update offer to save a local copy of all patches and updates and prompt the user to either save it to a floppy or burn it on a CD to keep with the original manufacture's recovery CD set?

      MS assumes the user will never rebuild the box after the hard disk is replaced and they assume the user has broadband so an update won't be a problem. (they assume Dell should take care of it)

      WRONG!

      • Not too long ago I walked into a little computer training "shop" in a supermarket near me (in Dublin, admittedly the shop is probably 2-3 miles from MS main Dublin headquarters) and there in amongst all their brochures extolling the wonders of their courses was a small cd display stand with Windows XP2 update cds.

        If the world was sane, the payback to MS customers (including the indirect ones getting Windows pre-installed) for "Product Activation" should be simple access to new installation CDs! So if you

  • Someone needs to publish a list of ISPs that refuse to keep their virus definitions up to date. Boycott everyone on that. I'm not talking about a software blacklist, I'm talking about a financial boycott. Make sure gramma is using someone else. Let the good ISPs use that list to target their customers for migration. This is just like the spam problem. Their negligence is hurting the Internet as a whole.

    This is imperfect, though. I bet a lot of the trouble relays are small business mail servers without the
    • The slight problem is that the Internet is just that - an International Network.

      In order to stop a particular type of traffic going out on it (eg. viruses), you'd need to guarantee that EVERYONE who's got any form of Internet access (from small users right up to Tier 1 ISPs) has exactly the same minimum security configuration.

      Perhaps more common use of the "evil" bit will help here.

  • Interestingly? (Score:4, Interesting)

    by merdaccia ( 695940 ) on Sunday May 08, 2005 @11:23AM (#12468168)
    Interestingly, patched machines are not vulnerable to the exploits used by this worm.

    Isn't life is full of little surprises!

  • What are we going to have to do to convince "ordinary users" to visit WindowsUpdate once in a while?
    Better yet, what are we going to have to do to convince "ordinary users" not to run executable email attachments? Some users are smart enough not to run executable attachments. Some users are too dumb to know how to open any attachment. It's all the other users that cause most of the problem. Unfortunately, there are a lot of them.
  • on a related note.. has anybody else noticed a decrease in
    spam the past week or so? I've done nothing new on my side
    but volume is down at least 50% if not a bit more.

  • But... But... "It Just Works!" (Score:3, Insightful)

    by localroger ( 258128 ) on Sunday May 08, 2005 @11:38AM (#12468269) Homepage
    Non-computer-oriented users have no idea what is possible or what is necessary or, usually, even that their system is compromised and is spamming the crap out of their neighbors. As long as it puts up the pretty desktop and does the few things they have always understood, why should they do something they don't understand that will have no obvious benefit (to them) and might make it stop working?

  • The only way to wake people up (Score:5, Interesting)

    by NtroP ( 649992 ) on Sunday May 08, 2005 @11:39AM (#12468277)
    Remember the good old days when viruses did real damage? Remember when they actually did format your hard drive or screw up you boot sector? That made people sit up and take notice.

    If virus writers ever changed their tactics from one of "sneak in and just borrow their CPU cycles and bandwidth for my bot-net" to one of "let's infect, spread, then kick them in the nuts" people would take notice once again.

    Several years ago there was a virus that went around replacing jpegs with copies of itself (or something). My friend had a struggling web-hosting business where he hosted websites for about 100 different small mom-and-pop shops. Even though I warned him about the risks of viruses and that he should run his site with Linux/Apache he didn't listen. That virus wiped him out.

    No, he didn't have up-to-date backups. But guess what? He keeps meticulous backups now and keeps his computers patched with up-to-date virus software and only connects to his web server via ftp (no mounted shares any more).

    Alas, he still hasn't embraced Linux or OS X, but at least he's not part of the problem any more.

    Just think what would happen if a virus spread around and just looked for .xls files and quietly changed all the 3's to 7's? How far back would companies have to go into their backups to be sure they had a known-good copy? D'ya think they might take viruses and security more seriously then?

    The last major hassle we had with a worm was primarily due to the enormous amount of traffic it generated, bringing our networks to their knees. That was an annoyance to management, but they saw it as a network problem - not a virus/worm/security problem.

    One of these days some one or some group is going to unleash a virus that really IS going to do real damage. Maybe then people will realize that they aren't sitting in front of an internet toaster, but sophisticated computing device that has a tremendous impact on many aspects of all of our lives.

    • Remember the good old days when viruses did real damage? Remember when they actually did format your hard drive or screw up you boot sector? That made people sit up and take notice.

      When they got infected, yes. Trouble was, the more destructive viruses had a tendency to self destruct as part of their destruction, so they had a limited opportunity to spread.

      Then, as now, people didn't sit up and take notice until it was THEIR data that was lost.
    • The open source community should do this.

      Step 1: Develop the ultimate virus/worm platform -- include a bytecode engine, polymorphism, have it jack into something Freenet-like so users could manually update the network.

      Step 2: Get lots of press for your examples of honeynets completely nuked, and how long it took. Show estimates of how long it would take to destroy every computer on Earth with Internet access (including flashing the motherboard, etc.) and predict a Y2K-like apocalypse if terrorists ever g

  • Too many people are still on dial-up. Updates can take a significant ammount of time while tying up your connection on dialup. Now that I've got broadband, and I see the little thing that says "updates are available" I don't hesisitate. When I had dialup I would have had to set aside time late at night to let the computer do its thing.

    How much do you want to bet that the worms are finding their way from a (low bandwidth)*(lots of machines) to (high bandwidth)*(fewer machines)?

    Of course, if MS didn't

  • What M$ really needs to do. (Score:3, Interesting)

    by MrEcho.net ( 632313 ) on Sunday May 08, 2005 @11:46AM (#12468320)
    We all know microsoft has alot of money. Why dont they just send out a s*** load of Patch CD's just like what AOL does.
    Also keep a numbering system on the CD's that any moron can keep track of.
    Hell im sure you could get away with putting them in common places.. like bestbuy, wallmart, Safeway, etc.

  • What are we going to have to do to convince "ordinary users" to visit WindowsUpdate once in a while?"

    The answer is actually quite simple, a better OS software is needed and Microsoft seems to be having problems making it.

    Would anyone buy a car that needed a repair each week to keep us safe?

    Would any of us buy a TV that had to get it's software updated each week or you could not watch your favorite show?

    Would you hire a driveway paver when you knew you would have to patch it once a week?

    This isn't

  • What are we going to have to do to convince "ordinary users" to visit WindowsUpdate once in a while?"

    Simple...don't give them a choice. Don't give people the option to turn off automatic updates. Or at least not on the Home edition of XP. Why in the world should a novice computer user be asked whether or not to install a security update? 99% don't even know what Windows Update does and won't download the updates becuase they don't want to wait for their computer to restart. And in that respect....why

  • Users with illegal copies are afraid of W. Update (Score:3, Insightful)

    by bhalo05 ( 865352 ) on Sunday May 08, 2005 @11:48AM (#12468341)

    What are we going to have to do to convince "ordinary users" to visit WindowsUpdate once in a while?

    From what one can read on online forums and personal experience, many people are afraid to use windows update because they do not have a valid serial, or in other words, they're using windows illegally. Unlicensed copies keep windows monopoly, but it is also giving it bad fame because people are afraid to update their system.

  • That's why you need Cisco Security Agent. It stops Day 0 attacks, virii, spyware, worms, etc.. Does not use signatures and has never been compromised yet.

    www.cisco.com/go/csa

  • ISPs should take some responsibility (Score:3, Insightful)

    by realmolo ( 574068 ) on Sunday May 08, 2005 @11:54AM (#12468387)
    It's not hard to lock down a mailserver, and it's not hard to make it scan all incoming/outgoing mail for spam and for viruses. Hell, it's free if you use Postfix/Mailscanner/ClamAV/Spamassassin.

    No ISP should be running an SMTP server that doesn't scan for viruses. It's just irresponsible. There are a few viruses that setup their own SMTP server on the users machine, yeah, but that's easily solved by blocking outgoing connections to port 25 on the network, except from the ISP's own mailserver. If all ISPs did those 2 simple things, e-mail viruses would almost be wiped out.

    It's basic stuff, and it drives me nuts that precious few ISPs do any of it.
  • Why not just force them to get security updates when ever Microsoft puts out a patch. Even if its not tested or causes other troubles.

    Hell, why not just force them to upgrade when the new version comes out. And have them monitor what you are running ' for your protection '. User are lusers right? They shouldnt be allowed to make their own decisions, and perhaps not be a future serf-customer.

    How about the ISPs just do their damened job, and if someone is apparently infected with something, they cut them of
  • "What are we going to have to do to convince "ordinary users" to visit WindowsUpdate once in a while?"

    How about we first try to teach users not to run executables attached to emails? This virus only infects machines when the attachment is run. It then starts emailing itself to everyone in the user's address book, but if you don't run the attachment to begin with it can't harm you.

    Unless Microsoft have a patch for user's brains to make them not run executable attachments, sending them off to Windows Updat

  • One big problem with Windows Update (Score:3, Interesting)

    by suitepotato ( 863945 ) on Sunday May 08, 2005 @12:49PM (#12468836)
    It can and often will break your machine's current state and render multiple applications inoperative.

    I've had a lot of Windows patches kill applications. Most notably Adobe Premiere, Internet Explorer, Visual Studio, and a load of older third party shareware/freeware apps. Often enough a reinstall of the application fixes it, sometimes... not.

    The biggest problem isn't a lack of patches being applied although it is a big problem. The biggest problem is that people still insist on using e-mail as a way of conveying web-like information without regard to its origin or nature. I know a lot of people, some family, who would never ever visit shady porn sites and the like who nevertheless, display all their e-mails in full HTML format with Active X, Javascript, and the rest turned on full blast. Then they select each e-mail in turn, opening it by default in the preview pane of MSOE and just to make sure it really is spam, will also click on the attachments as well.

    Of course, I was seeing this same thing more than seven years ago in corporate offices never mind home PCs. Absolutely nothing has changed. Any time a user allows code to run, they take the chance that code will be designed to undo their protective shields including anti-virus, anti-spyware, and firewall services. Those services are not designed to act like viruses themselves and resist deactivation (with the exception of NAV which acts that way by an idiot structural flaw rather than purposeful design) at all costs. Oops.

    What Microsoft could do is create a bootloader that worked from a separate partition and scanned the as yet not activated main OS partition for rootkits and viruses and removed them before the OS could be started along with them. Problem is, we can't ever know that MS didn't fark the system up with spyware of their own to check that DRM wasn't messed with, that we weren't using warez'd MS products, or even working on behalf of the *AA agencies to root out and destroy MP3s and so on.

    Another solution is to make all web applications including and especially MSIE work only inside a virtual machine within Windows where it was quarantined from outside system interaction and had to pass a fine-grained security checkpoint to interact in any way with the outside short of mere audio-visual output. In other words, scripting that was doing something with a web page would generally work, something that wanted to browse the file structure would have to be signed, the user would have to constantly say yea or nay and enter a password. Anything to slow down the interaction, log it, control it.

    I seriously doubt we will ever see it of course.

  • Stop running as admin! (Score:3, Insightful)

    by Malc ( 1751 ) on Sunday May 08, 2005 @05:16PM (#12470686)
    When will people learn to stop running as admin? Limited users cannot disable the firewall. Just running as a limited user restricts these things. If you have apps that require admin righrs, right-click on it and choose "runas". Google for Aaron Margosis and use some of his advice.

Slashdot Top Deals

"If it ain't broke, don't fix it." - Bert Lantz

Close