Virus Writers - The Enemy Within 380
Slob Nerd writes "An interesting read from todays Observer "He's 21, he's got dreadlocks, likes punk bands... and his hobby could wreck your computer in seconds. Clive Thompson infiltrates the secret world of the virus writers who see their work as art - while others fear that it is cyber-terrorism.""
It's the fucking USERS, not VIRUS WRITERS' fault! (Score:0, Insightful)
But I can't help but feel helpless. Virus writers will get bored again and write another killer virus. These fucking viruses can easily invade Windows PCs and then use them to attack other machines. I don't blame the virus writers -- it's just a hobby. I blame people who LOAD the viruses!
We need firewall education. We need anti-virus education. We need fucking stricter email controls.
I hate myself for saying this, but let's stop being so fucking naive. Windows is a security nightmare and it practically invites viruses in. But most people use Windows, even though there are two families of computers that are much safer -- Apple's OS 10 and the many types of Linux machines. Microsoft has a grip on the PC market by the balls that even the government can't shake loose, and so, like the family that's stuck with an unwanted brother-in-law, we're stuck with Microsoft's Windows and its many frailties.
So stop blaming the virus writers. It's not their fault. It's YOUR fault. By that I mean your friends and family and co-workers need to be education -- and by YOU if no one else will do it. Tell them Windows is a piece of fucking shit, but also SHOW THEM how to avoid viruses. You can't just talk crap and then do nothing. It's more effective to suggest alternatives and best-practices(TM).
Computer security is in a poor state of affairs, but (relative) geniuses like us can help things. We really can. Just put Linux down for a fucking second (yes, it's better than Windows) and show your mom how to avoid catching viruses.
Virus Writers (Score:5, Insightful)
Deftones aren't a punk band (Score:5, Insightful)
Re:Virus Writers (Score:5, Insightful)
Easy problem to find, harder problem to solve.
Dupe, or no dupe... (Score:5, Insightful)
With quotes like this: 'This guy,' he proclaimed, 'is the best at Visual Basic.' I really understand the level of these guys... Show me an 1 k, auto-replicating, ASM-written worm spreading like the lightening through an undocumented hole and I'll be impressed. These are nothing more than wannebe punks.
Re:It's the fucking USERS, not VIRUS WRITERS' faul (Score:4, Insightful)
But the lion's share of the blame has to rest on the virus writers' collective shoulders. The vast majority have no pretensions of "educating the masses," or "simple curiosity." No, most of them just want to either a) screw people over for the hell of it, or b) get their (hopefully anonymous) 15 minutes of fame. These are the same types of people who will eventually be hired to write adware, spyware, and spamming apps. They are not heros. They are not admirable. They are degenerates and sociopaths, and they gives nerds and hackers horrible images with the very same "stupid users" that we have to interact with (and often get paid by) every day of our lives.
Re:Hmmm (Score:2, Insightful)
There's no risk in it and they get to feel so tough. Those people simply need a proverbial kick in the ass.
Re:Virus Writers (Score:4, Insightful)
There aren't that many high tech jobs in eastern Europe. I know a guy who moved to the US from Bulgaria and he said that all his friends were bored with life and wrote viruses for fun. Nobody there would hire them to do tech work.
Ironically, now that outsourcing is targetting Eastern Europe, one of your problems (viruses, etc) might be subdued a bit (a bit!) by one of our other problems (jobs leaving the country). Of course, people elsewhere will always be around to write them.
Wreck MY computer? (Score:4, Insightful)
Sorry, no, all my computers run Linux, FreeBSD and Mac OS X.
I wish that, just for once, articles aimed at the public would be a little more accurate."
"He's 21, he's got dreadlocks, likes punk bands... and if you use Microsoft software, his hobby could wreck your computer in seconds"
Re:Dupe, or no dupe... (Score:1, Insightful)
Hell. I laugh about that when someone says that in the office right here in the US!
Re:Hmmm (Score:5, Insightful)
Not to mention that people do not understand that they should not run arbitrary email attachments. Every few weeks we have a major worm outbreak because millions of people happily run every piece of malicious code they find.
As for "real" worms that don't require a collaborative user to spread, it can hardly get worse than it is now, with all the knowledge and awareness we have. The really ugly ones spread in minutes, faster than anyone can react. (Also, they never seem to die, Nimda for example is still active.)
Re:Virus Writers (Score:5, Insightful)
These aren't virus writers, these are just regular script kiddies. Nothing interesting.
Re:Just an idea! (Score:2, Insightful)
cannot kick-start? (Score:5, Insightful)
Hacks are art. (Score:2, Insightful)
It's easier to destroy than to create.
Some other hobbies... (Score:5, Insightful)
2. Cars
3. Boats
4. Trains
5. Swords
6. Guns
Just because you do them, doesn't mean you test them out on innocent people. How are these virus writers any different?
*Applies to slashdot readers, only.
Re:Deftones aren't a punk band (Score:2, Insightful)
Oh God not this again. Are people so goddamned lacking in imagination that if they see a word being coined they have to shoot it down in flames?
Have a good look at the jargon file. There are many words there which are corruptions of "normal" words used in reference to modern technology. That doesn't make them wrong. It makes them new. How many of you numbnuts would have hated Shakespeare for all his neologisms? Here's a word I'd like you to read up about: 'hypocrisy'.
Re:My Hero (Score:1, Insightful)
Do I take seriously an article published in it about virus writers? You bet I don't. I don't think anyone in their right mind can take that newspaper seriously.
You cite two massive successes of the Observer, as opposed to one massive mistake they have made.
And on that basis, you deduce that they lack all credibility?
So one misguided campaign against child porn not only trumps one major international charity campaigning for human rights and the end of one pointless war, but utterly cancels them out, tramples them into the ground, and renders them completely meaningless?
Don't you think maybe you're over-reacting slightly?
Users vs Software (Score:3, Insightful)
We should be striving to create systems that just do what the users needs them to do without requiring the user to jump through hoops or take a course entitled "Best Practices in Computer Security". I don't need to be a mechanic to drive a car, I don't need to be an astronomer or astrophysicist to look through a telescope, and I shouldn't have to be a network security expert just to surf the web and send & receive email.
It is very definitely Microsoft at fault here and not the 'less than expert computer users'. After all, if they made the product to suit those users instead of just to sell well to them, the rest of the world would have far fewer issues.
Re:... and his homepage ... (Score:5, Insightful)
Anyway, anybody who thinks this qualifies as elite virus writing needs their head examined. There is really nothing elite about a script file. Not to mention that it should be apparent in this day and age that trashing other people's computers is not only very uncool but incredibly likely to get you thrown in federal pound-me-in-the-ass prison.
Re:My Hero (Score:3, Insightful)
Here is a fantastic new concept: how about people submit ORIGINAL stories to slashdot, not just pointers to stories published elsewhere on the web? Citing references to support your points is fine, but how about /.ers creating some original content for a change?
Karma penalty ? (Score:5, Insightful)
Re:Dupe, or no dupe... (Score:1, Insightful)
These virus writers need to turn this stuff out quickly. They've got deadlines just like those of us that write 'good' programs.
I agree that this kid seems like a turd. But just the same, it also sounds like he is using the right tool for the domain he's working in.
Re:Virus Conspiracy (Score:5, Insightful)
Re:Writing poor articles for fun and profit (Score:3, Insightful)
It's your comprehension skills that are called into question the most here.
Because that wasn't your only mistake.
Nowhere does it call Iron Maiden a punk band. The young one who lived at home with his parents was listening to Maiden. The 21-year old VB-er was the one who was into punk.
Engage brain before posting, please.
YAW.
Re:Why don't mailers auto-zip and block executable (Score:2, Insightful)
Re:Society and business are good? (Score:5, Insightful)
And Europeans, maybe eight percent of the world's population, consume at least another third, so get off your high horse. The fact is that anybody in the developed Western world uses resources at a far greater rate than a Third World peasant. Self-righteous moral preening about how your car gets five miles per gallon more than mine is of little meaning in the great scheme of things.
Much of that consumption is used in building things that end up in other countries anyway. If America builds a machine tool or sewage treatment plant or airplane that ends up in some third-world Ickystan, have we really taken anything away from the Ickystanian man, or have we actually done him a favor?
Plague of locusts indeed. If you subscribe to such idiocy, at least recognize that you are one too.
-ccm
Re:Users vs Software (Score:3, Insightful)
Well, think about it for a second.
When you learned to drive a car, you probably knew a little about it. There's an engine, it burns gas, that causes the wheels to go around. The gas pedal must have something to do with that burn rate. The brake makes the wheels stop.
Now, imagine that we all treated that "under the hood" as a black box, and that typical people commonly confused the engine with the carburetor. Some cars would even come with holographic stickers closing the hood shut, so you couldn't open it without voiding the warranty. When someone teaches you to drive a car, they say:
"Turn that key. Now, press in this button and move this lever until it clicks four times. Turn the wheel about 60 degrees, and slowly press on the right pedal. Turn the wheel back 60 degrees, but slowly... SLOWLY! See, you almost ran into that car! Now give it a little more gas... I'm sorry, I didn't mean to fall into jargon. Press harder on that right pedal. Use the big one on the left when we get to that white line on the pavement up there."
This is how people are taught to use computers. Click this, press that, drag here, type there. Meanwhile, when the computer tells them it's running out of memory, they start deleting stuff from their hard drive to free up space, because they don't know the difference between RAM and the C: drive.
If we (meaning, those of us who know this stuff) all took a different tack, instead of teaching people procedurally how to get through a particular function or application, we might have a much easier time educating folks about not running trojans. But as long as we (again, speaking to the community that has the knowledge) keep acting like people can't and shouldn't be taught this stuff in the way that we learn EVERYTHING ELSE, we'll keep having this problem.
Re:Au contraire, viruses already affect medical ca (Score:2, Insightful)
He's 21, he's got dreadlocks, likes punk bands (Score:4, Insightful)
Sounds like we now know who to send the mobs with torches and pickforks after.
Re:My Hero (Score:3, Insightful)
These kids sound like ... (Score:1, Insightful)
I mean, come on, VB for gods sake ?
Does anyone remember why BASIC was called BASIC ?
It's BEGINNERS all symbolic instruction code. Like it says, it's for beginners and no-hopers that will never be able to write good OO or structured code, or for people who don't yet grasp that the computer stores data as a series of 1's and 0's.
There is nothing smart about a keystroke grabber. Hell, we were doing this 15 years ago on dumb terminals connected to Vax's via terminal servers, and in those days it was trivial too.
These kids don't do anything positive because they can't. They wrap themselves with other gloating morons ("this guy is the best at VB") - helluva compliment I'd never like to get.
And how the fuck does this virus sit in your registry after it just formatted C: ?
I suspect these kids are just piss poor script kiddies that have all chipped in the pocket money to get a 384k DSL and invited the local rag round to watch them gloat, get drunk on a can of cider and agressively smoke (and them presumably puke everywhere)
Not that I'm a fan of Microsoft or anything, they should tighten up the code (the worst is yet to come - source in the wild), but these kids are not "dangerous" but just a minor irritation, a boil on the ass of civilization if you please.
This is becoming idiotic. (Score:2, Insightful)
Personally, I'd rather see just one vicious email virus rip through the mass of click-happy idiots that cause these epidemics. Every major case thus far has been, at most, a minor inconvenience at the enduser level.
After losing their entire system to one of these viruses, something tells me the number of people that go about clicking every attachment they receive would significantly decrease.
Before anyone bleats about the innocent suffering: too bad. Do children ever listen when they're told not to touch boiling water? No, they only learn it the hard way. But the one advantage is that it's a lesson not soon forgotten.
Fix, or blame? (Score:3, Insightful)
Fixing the problem requires stepping back and noticing some root causes.
WHY do we have a situation where a quick double-click can destroy a software installation or transfer ownership of the computer to a spammer?
Imagine a comparable situation in meatspace. Imagine a chemical plant with a big red button on the main floor which would set the plant on fire and release poison gas in the nearby city.
Management might try educating the workers, putting up signs saying "don't push the big red button", disciplining workers who bump it accidentally, and so on. The fix is not to have the stupid button in the first place.
Our situation on computers is even worse. People have to double-click attachments all day to get their jobs done. It's as though the big red button were small, green, necessary, and only destroyed the plant one time out of a thousand.
The most solid fix is to run MUA's chrooted or under systrace jails. The next best is sensible defaults that don't allow executing candy from strangers.
>Windows is a security nightmare and it practically invites viruses in.
There are probably installations out there that still execute active content in the Preview pane, allowing things like Klez to spread without any user action other than looking at email. Trying to compensate for that with user education is, well, ambitious.
Re:My Hero (Score:4, Insightful)
Unix is not inherently less vulnerable to viruses than Windows is. No, user/root separation does not hinder e-mail viruses designed to DDoS web sites. Yes, there is software running on your Unix box right now that has buffer overrun vulnerabilities.
Re:My Hero (Score:5, Insightful)
Also, while my box may well have overrun vulnerabilities (doubtless true), I disagree completely with your statement that if *NIX machines had the marketshare there would be as many virus for them. I think you are vastly underestimating the user/root separation. At the very least it prevents a single user infection from affecting the entire machine. Yes, a single user could infect his own home directory tree and of course this could be used to DDoS someone. However, there would not be a situation similar to the Outlook/Outlook Express situation where simply recieving a viral mail would infect the system; *NIX apps aren't designed that stupidly.
I have no doubt that if/when *NIX becomes more common there will be more *NIX virus, but to say that its "just as bad" is to buy into MS's own FUD.
My case in point here is Mac OS X, it has a fairly large userbase, and most of that userbase is not computer expert (one of the Mac selling points is that it is (theoretically) simpler to use than Windows). Yet there has not been a significant number of Mac OS X virus (virus for older Mac OSes are more common by far). Why? Because Mac OSX is mostly BSD UNIX.
Re:My Hero (Score:5, Insightful)
If you spray paint your crap over my building, you are a vandal. I don't care if you have the skill of Michelangelo, Da Vinci, and Rembrandt combined, you don't have the right to paint on things that belong to other people. If you do, you are a vandal. Period.
True artists can find legitimate outlets - they even get paid. Graffit art is done by gang members and other scum. Virus writers are simiply their online equivilent.
Re:My Hero (Score:2, Insightful)
Good graffiti art brightens the urban landscape. Thankfully the morons in the cities that used to remove it from trains finally acquired a clue and made the trains available for painting by artists of demonstrable ability. No more ugly urban trains.
These guys who do graffiti are exactly what art is about, not some commercialised nonsense.