Top Viruses, Worms and Malware in 2006 74
An anonymous reader writes "HNS is running an article with a list of those malicious codes which, although they may not have caused serious epidemics, stood out in one way or another. Some of the categories are: the biggest snooper, the most moralistic, the worst job applicant and the most tenacious. From the article: 'The most competitive. Once the Popuper spyware has installed itself on a computer, it runs a pirate version of a well-known antivirus application. Far from trying to do the user a favour, it is actually trying to eliminate any possible rival from the computer. It seems that the fight for supremacy has also reached the world of Internet threats.'"
Top Viruses of 2006... (Score:1, Insightful)
Re:Top Viruses of 2006... (Score:5, Insightful)
And well, saying that WIndows is bad because almost all viruses are designed for them is like saying that houses are bad, because thieves might try to break in...
Re:A bit of bias from the press? (Score:4, Insightful)
Re:Top Viruses of 2006... (Score:5, Insightful)
Re:Top Viruses of 2006... (Score:3, Insightful)
No, Windows is a target because it is widely used and vulnerable.
Windows is bad because there are so many obscure ways to hide malware and restart it on subsequent boots.
Re:Top Viruses of 2006... (Score:3, Insightful)
My stone house, on the other hand, is not very susceptible to fire. That means it's better.
*Notice that I'm convienently ignoring how difficult it is to run anything through the walls, compared to that wooden house, in addition to how cold the stones get during the winter (and the subsequent lack of insulation), etc.*
Re:Top Viruses of 2006... (Score:5, Insightful)
[0] http://www.google.com/search?hl=en&q=vista+virus [google.com]
[1] http://www.google.com/search?hl=en&lr=&q=vista+se
[2] http://it.slashdot.org/article.pl?sid=06/11/16/01
Malware's ever expanding talents (Score:1, Insightful)
Nor does the average joe take the steps necessary to slow the onslaught:
The three S's (Score:4, Insightful)
The few viruses (they were actually non self-replicating trojans -- most were modified versions of Opener) that affected people on rumour forums required people to give the trojan/script admin (sudo) privileges. I'm sorry, but no matter what OS you're on, giving a virus sudo means game over.
Re:Top Viruses of 2006... (Score:5, Insightful)
But that's not really an issue is it? What Linux distribution has the default user as Root these days? In fact, it's more difficult to run as root in some distributions instead of as a normal user, in that the "root account" is never enabled. Attempt to login to (X,K,Ed)Ubuntu as root at the login screen and it won't work.
How to get a Windows computer infected:
Connect to the 'net without a firewall or run IE and visit a bad page. Or, run OE (interesting that Outlook Express has the same initials as "Operator Error") for your mail. Or run p2p software and download a "song" that doesn't play (but is instead an executable file). In fact, I've got a friend whose daughter did exactly the latter, and I'm going to fix it after the weekend. I beginning to think that these days, that's the most common vector of infection, as I see it time and time again.
Windows gives execute permission based on the file name extension. For this utterly stupid idea held over from the frickin' CP/M days, users are being hosed left, right, up, and down. This bogosity should have died with Windows 3.1 or at least after Bill Gates discovered the 'net and put out Win98. However, the concept is still with us in Vista, so techs everwhere are going to be guaranteed a paycheck for at least the next 5 years.
How to infect a Unix or Linux machine:
Automatically through mail? Impossible to do without user interaction, since everything that comes down the pipe doesn't have the execute bits turned on. Anyone who writes an MUA that does that autmatically will be taken out back and hit with the clue bat.
Visit a web page? There's no such thing as a drive-by install. The user has to download the file and manually set the execute bits high again, through chmod or by right-clicking on the file.
Use p2p? Everything downloaded has no execute bit. What data file _ever_ deserves an execute bit? Indeed, I have yet to ever receive a file from the wire that has execute bits turned on except when they're contained within an installation package, and for that to work, I need to pause and use root permission if it's an install for the whole machine and I still have to unpack it even if it's going in my home directory.
In fact, the simple act of user interaction, even if it's the typing of the current user's password (OS/X) prevents a whole lot of evil. It's that short pause that gives the user the chance to _think_, if even for half a second, and say _no_ to random malware. If you're a malware writer and you give your victims the chance to think, your bit of evil goes nowhere. There are only so many times that people are going to install a fucking purple gorilla.
This ignores the population that will run silly "cupholder" executables and trojan filled "free screensavers," at every opportunity whether in Linux, Unix, or Windows, but then real stupidity trumps artificial intelligence every time. You can only do so much if a user is determined to blow each toe off his foot with a
If this means that Unix and Linux are more difficult, (as if typing the current user's password is complex) so bloody what? It's damn inconvenient when a computer gets infected, isn't it?
--
BMO
Re:Top Viruses of 2006... (Score:3, Insightful)
Re:Top Viruses of 2006... (Score:3, Insightful)
Because if a spambot is running as an ordinary user, it's ridiculously easy to kill and remove. A userland spambot is next to useless, because it will have a very short life. Where does it get launched? In
Fer crissakes, I can run Bagle in Wine, but then all I have to do is kill the process, which doesn't hide from me like it does in Windows. Poof. Gone.
But it's not just privelege separation alone, it's combined with the fact that stuff imported into a system from outside doesn't have _execute_ permission in the first place. Windows attaches execute permission to files because they have the supposed correct extension, and this sin is doubled because _windows hides file extensions by default_ so as to "not confuse the user".
I'm sorry, but that is just stupid.
Explain to me why it's beneficial to the user to hide extensions, to hide processes, and to hide files with attributes instead of simply putting a dot before the filename? EXPLAIN TO ME WHY AN OUTDATED CONCEPT FROM CP/M RESIDES IN WINDOWS? WHY DETERMINE THAT A FILE IS A PROGRAM SIMPLY BECAUSE IT ENDS IN THREE MAGIC LETTERS LIKE 'COM' OR 'EXE' OR THE REST OF THE EXECUTABLE FILE EXTENSIONS, OF WHICH THERE ARE TOO MANY?
Gah...
Whatever. Vista will continue to use filename extensions to determine executability, so Windows users are hosed for yet another 5 or so years until Microsoft gets its freakin' act together, if ever.
The security biggies:
1. Privelege separation
2. Frugal execute permissions.
3. User interaction in granting executability and privelege escalation.
4. No hidden processes.
You cannot have security until you have all four. If you give execute permission willy-nilly, a file that shouldn't have execution turned on can exploit a buffer overflow and now you've got privelege escalation and a process that can hide itself. If you take away user interaction, you have drive-by installs, as seen all over the Windows world. If you take away privelege separation, everyone is administrator, and we've seen where that's gotten us. If you hide processes, like is done in Windows easily, how do you even know if a bit of malware is running or not? Indeed, since Microsoft has bent over for the entertainment industry, we'll be seeing more Windows rootkits because they'll be using the same hooks that DRM uses to hide itself from the user and system administrator. Good luck with that.
Windows has done a piss poor job of implementing security in any shape or form. It's about time Microsoft got off its collective ass and done something responsible instead of shoring up its dubious hegemony.
--
BMO