The NYT on the Proliferation of Botnets 244
ThinkComp writes "The New York Times has a up a story on the proliferation of botnets. The article cites a number of security researchers who paint a depressing picture of the state of internet security, and concludes with the suggestion that for home users, buying a new 'updated' PC may be the only real solution. Unfortunately, as most of us know, given the number of outstanding flaws in software and the ingenuity of malicious software authors, that might not even help."
Re:Not a flaw, but a feature (Score:3, Interesting)
Welchia (Score:4, Interesting)
Re:Make Microsoft liable (Score:3, Interesting)
And what if it's a GPL'd chainsaw that you made in college, put on the internet for people to copy and use if they want, but never took the time to test thoroughly?
Re:I want a big red button (Score:2, Interesting)
Re:Welchia (Score:2, Interesting)
Re:Yes! Buy a new PC... (Score:3, Interesting)
"Same old," Arthur says. "How's the writing thing going?"
"Harder than I expected," I say. "But thank God for computers. I can't imagine typing this all out on a typewriter."
"Computers are great," Arthur says. "Until they go wrong."
"Ain't that the truth."
"My old computer was so infested with porn I had to throw it out," Arthur says.
"No way," I reply, taking a sip from my martini.
"I'm not kidding."
"Couldn't you reformat the hard drive?"
"My ex brother-in-law tried to fix it," Arthur says, wiping down the bar with his towel. "He's a computer geek and even he couldn't do it."
"What the hell were you looking at?" I ask.
"Nothing illegal," the bartender says, suddenly defensive.
"Sure."
"I swear," Arthur says. "I'm surfing the net, minding my own business...."
"Looking at naked women."
"Perusing all the wonderful smut the internet has to offer," Arthur continues, "When a porn demon possesses my laptop."
"Porn demon?"
"Yeah," Arthur says, throwing up his hands. "A million pop-ups start exploding on the screen."
"Oh no," I mutter.
"So," Arthur says, pulling a frosted glass out of the freezer, "I had a millions pop ups. It took me forever to close them. My ex-wife saw them."
"I'm not gonna even ask what she was doing there."
Arthur just smiles. "So the computer's completely fucked," he says. "Ran slow, acted weird - the works."
"Didn't you run a virus scan?"
"This isn't a virus," Arthur cautions. "It's a porn demon. Virus scans are powerless against it."
"I don't think the church exorcises computers," I say.
"You sure?"
I chuckle to myself. Every Catholic diocese has an official exorcist. I used to know the one from mine. It's a secret, mostly ceremonial post. Despite what you see in the movies, Linda Blair scenes are few and far between. Something tells me the Church isn't gonna whip out the bell, book, and candle to save a Duo-Core processor.
"I'm sure," I say.
"That's too bad," Arthur says. "My brother-in-law gave up. I had to throw the damn thing in the trash."
"I don't know what's worse," I say. "You buying a new computer or your ex brother-in- law trying to fix it."
"I learned my lesson," Arthur says, pouring my drink into the frosted glass. "I had to spend a grand on a new computer. No more internet porn for me."
Seems drastic but it did solve the problem. - i make no comment about the tech but thats a user for you.
Re:Make Microsoft liable (Score:2, Interesting)
And i was thinking about this the other day. Thats why software typically isnt bought by end users but licensed on an "as is" bases.
A Simple Solution: power off when not using a PC (Score:1, Interesting)
I work with a Cisco VPN concentrator at a Medical/Dental/Nursing school, and every day a co-worker comes in early and forces off the users that have been connected all night and more. Usually it is 30-40 people but over weekends and holidays the number climbs to 70-80. Why stay connected, why leave your computer on all the time?
I'll leave the M$ bashing to others, the "open any email you get" bashing to others. I run an OpenBSD firewall on an old Dell at home, and I tell my kids to turn off the computer when they are done. I'm doing my part.
Re:Welchia (Score:2, Interesting)
It failed because the measures it was taking where far too soft. The worm should've disabled the machine with instructions to take it to the repairman (who could've done a proper job of cleaning the machine) and a message that indicated MS was to blame.
The problem is that people who think "Car accidents never happen to me" (most of us) mistakenly think: "Virii will never happen to me"[1], if they even know virii exists. Getting a hundred or two in repair costs might make them think for once.
Footnotes:
[1] Virii [wikipedia.org]
Re:Well, that's sorta backwards (Score:5, Interesting)
Re:Push for Windows CDs (Score:3, Interesting)
I had suspected that my Windows 2000 installation may have been compromised in some way so I wanted to reinstall it. Unfortunately, it took me several days to find one of my two original installation CDs. I found both of them, then I remembered that they were both Windows 2000 upgrade disks, so I will also need to find either my Windows 98 disk, my Windows ME disk or one of my two Windows NT 4.0 disks, none of which I could find. So I couldn't reinstall Windows. If that had been Linux I would have just download the free iso and burned a new CD. Fortunately, the computer is set-up to dual-boot between Windows 2000 and Ubuntu Linux so I was still able to keep using Linux instead. I prefer Linux anyway.
So how did a computer literate user like me end up with a Windows installation that I could not trust. Well, until recently, 26.4K dial-up Internet connections were all that was available where I live. I installed Windows 2000 several years ago, and after installing the ZoneAlarm firewall, I immediately began to download the security updates. I did that before going anywhere else on the Internet. On my 26.4 K dial-up connection, downloading the updates took all night. The trouble was that for the first few hours of downloading the security updates, I was unpatched and not sitting behind a router. Within minutes I was subjected to numerous advertising pop-ups, at least one every few minutes. They typically said things like that I had spyware or that my registry was corrupted and that I needed to go to some webpage to get some product. I ignored those pop-ups messages and spent much of the night closing the pop-up boxes. At one point I rebooted and the pop-ups finally stopped, presumably because the security update needed to block them was finally installed. When it was finished, Windows 2000 worked great but, I always had doubts that I might have already been compromised during the hours before the patches could all be installed. For that reason, I had always planned to reinstall Windows 2000 whenever a high-speed Internet connection became available where I live and I could quickly download the security updates while sitting protected behind a router.
Inexpensive high-speed DSL connections finally became available in my neighborhood several months ago. I hadn't used Windows in months but the installation CD for my DSL modem/router was a Windows only CD so I booted up into Windows. I was told by QWEST that only Windows and Macs were supported, not Linux. After doing the QWEST DSL installation, the MSN Premium installation started. If I remember correctly, while doing that, my ZoneAlarm firewall started warning me that Internet Explorer was recording my keystrokes and mouse movements. I hope that was some kind of false warning but, I freaked out, and stopped the MSN Premium installation, and soon shut down Windows and rebooted into Ubuntu Linux. Ubuntu immediately automatically connected to my DSL router and I had high-speed Internet access. I then logged into the router configuration program through my browser, changed a few default passwords and setting, tightened up a few security settings. Then I went to grc.com to use their "shield-up" feature to verify that all my ports were closed and stealth and that my computer would not even respond to pings. I also had someone else in this household who wanted to connect a Windows XP laptop wirelessly, so I changed the routers default use of the insecure WEP encryption to WPA encryption instead and soon had her hooked up to the router wirelessly with 802.11g and WPA. I did not use the QWEST installation CD to configure her computer, I just set the configuration settings manually.
I decided to do a fresh clean install of Windows 2000 so that I could finally have confidence that it really was secure and perhaps even use Windows some occasionally. That was when I couldn't find the Windows installation CDs. I am stuck with a copy of Windows that I don't trust. My only easy solution is to just keep using is to stop dual-booting and just ke
Re:Not quite.... (Score:4, Interesting)
I cannot believe people are still saying this. How many stories about botnets do we have to have on Slashdot before people realise that UNIX is not secure either.
Look. The vast majority of this crap comes in via browser exploits these days. Running malicious attachments etc is not such a favoured technique anymore. There is nothing in UNIX that stops applications from being written in an insecure fashion, there is nothing in UNIX that stops apps hooking each other to hell and back (which is largely what these bots are doing when they steal data), there is nothing in UNIX that even makes it hard to install a rootkit. Just phish the password out of the user, or wait until an authentication dialog appears and overlay your own, or wait until a privilege escalation attack is found (new ones appear all the time). But as you don't need root to steal data, send spam, display popup ads or any of the other things bots do this is really just a nice-to-have bonus, it's not essential.
The fundamental architecture of Windows NT is no different to UNIX these days. They are both seriously flawed because they are based on a threat model from the 70s, when the world of computing was totally different. Having an administrator user and also a "regular" user who are really the same person is a nasty hack that doesn't solve the problems at all. Apple don't have the answers ... have you seen how easy it is to suck SSL protected form data out of Safari? Neither does the Linux community. SELinux has gone down the route of totally static policy, which is fine for servers but worthless for desktops.
MacOS and Linux are statistically insignificant, but if people keep recommending them as a "solution" then soon they won't be and then we'll find, oh look, it's just as easy to create Mac botnets as it is Windows botnets. What little trust is left in computer security people will then be gone.
The fact is, residential computing is fucked. Utterly, utterly fucked. The guy quoted by the NYT is right, the war was already lost a long time ago, and people keep pretending it wasn't. The war was lost when the computing community decided that user based DAC security models could stop malicious software. They can't, they don't, and they never will so please stop saying MacOS or Linux are somehow inherantly better, when they aren't! They are at best temporary band-aids.
Re:Firewalling them is not the same as closing the (Score:3, Interesting)
Firewalls are bandaids, there is no replacement for well written, secure code.
Re:Firewalling them is not the same as closing the (Score:3, Interesting)