25 Percent of All Computers in a Botnet? 408
Beckham's_Ponytail writes to mention an Ars Technica article, with some disturbing news out of the World Economic Forum in Davos, Switzerland. Vint Cerf, one of the 'fathers of the internet', has stated that the number of botnets online is larger than believed. So large, in fact, that he estimates that at this point one in four computers is infected with botnet software. We've discussed the rise of botnets numerous times here on Slashot, but the image of 150 million infected computers is more than a little bit sobering. With the extremely lucrative activities that can be done with botnets (such as password ripping, spamming, DDoSing), as well as reports of organized crime adopting 'cyber-terrorism' as a new line of income, is it likely that law enforcement will ever be able to curb this particular bane?
Law enforcement? (Score:3, Interesting)
I spent two frickin' hours cleaning and protecting my sister's and niece's XP laptops over xmas. Pain in the ass, but at least they're running clean and happy now. This is after I said I'd never help them because they made the mistake of buying XP laptops instead of a Macs. What can you do? Gotta clean it, even if it's partially the cause of the problem and the people using them are not of the highest technical ilk.
Re:How to stop the bots (Score:5, Interesting)
Accountability (Score:2, Interesting)
If I leave my car unattended with all doors opened, engine running in front of a bank. If this bank gets robbed, and my car is used by the robber as a getaway car, I'm accountable in front of a judge
Why not the same with computers left unprotected and unattended ?
Re:Use the poison as the cure. (Score:1, Interesting)
But then, maybe just DOSing the bot will work (since checking public key signatures is computationally expensive). As a "bonus", the user may notice that he's in a botnet because all his bandwidth and/or CPU power is being tied up.
Class action (Score:3, Interesting)
Among the victims of the easily infectable Windows platform are:
1) Large internet service providers, who suffer tremendous bandwidth costs due to DDoS attacks and spam
2) Sites that have been forced offline or had skyrocketing costs due to DDoS attacks
3) Businesses which suffer downtime due to networks congested with worm activity
I think it is time for an ambitious group of lawyers to start barking up this tree. It wouldn't be so big a concern if it wasn't for the fact that Microsoft has made a specific effort to rollout their operating system as a foundation of the world's business computing. They are providing faulty infrastructure.
Re:Bogus Numbers (Score:3, Interesting)
Now, to say that 1 in 4 machines are bots I would have to whole heartedly disagree with. This just isn't very likely. Especially since the lifetime of a specific botnet has gradually been decreasing. Faster AV responses, increased patching, and more bot competition will inherently decrease these odds. Sorry but the daddy of the internet or not.. I think he's off the mark.
I haven't found any sources for the data he cites, but I just happen to have some data in front of me that represents a significant chunk of all internet traffic and the best estimates I have show about .5% of all traffic is botnet traffic. When active bots send abnormally large amounts of traffic for a host, lets just say ten times as much to be very conservative. That would mean each bot would have to be actively spamming or sending an attack about 15 minutes a day on average assuming the 1 in 4 number he cites. Now these are really, really rough numbers, but that is not outside the realm of possibility.
I'll wait until I see real numbers and sources before judging his assertion.
Yes it is possible to eliminate (Score:4, Interesting)
You want to cure it? Have ICAAN come up with a set of standard, simple guidelines. Not censorship, just simple things like "No sending out spam emails", "No Zombie Bot". Then have ICAAN rule that failure to pass laws enforcing these guidelines (individual countries get to decide what the actual law would be) or failure to cooperate to enforce them results in disconnect for that country from the rest of the internet. That would be ICAAN's sole enforement power
Give people a 3 month warning, then start disconnecting the countries that are the worst violators, giving the secondary violators another warning. In one month, if they pass new laws or fund new enforcements, they get a trial hook up again.
I predict one year of nastyness, during which all countries scramble to create and enforce real laws.
The worst of the worst of the offending countries, might split off and form a secondary, 'dangerous' internet. But who would care.
EVEN MORE SCARY it's 1 in 2 windows computers. (Score:5, Interesting)
Next remove all the server clusters and the majority of computers in highly active IT bussiness envirmonments. We can probably exclude most military computers. That takes out another quarter of the machines.
So basically your personal computer at home or poorly maintained bussiness machines are carrying the bulk of the infection and it's not entirely way off to say the botnet rate is 1 in 2 for windows.
The ISPs could help stop this (Score:5, Interesting)
Botnets spoof IP addresses to make if harder to track down the bots. But the IPS know where the bots are and could kill them, or filter them, if they had the testicles to do it. By pass the spoofed IP addressed traffic they make it harder for the rest of the world to filter the bots.
Botnets would be a heck of a lot easier to filter, and choke, if valid IP addresses were forced on all traffic.
Teenage Drivers (Score:3, Interesting)
ISP connection fees should be regulated so that if you own a windows computer you are treated as astonomically more likely to poison the internet than if you don't.
Note I'm not saying that because that windows machines pay more because there are more windows botnets. That would not be fair since there are more windows machines out there so naturally they have more instances of botnets. The second thing is that windows Bot's hurt other windows users more than they hurt the rest of us. So they cant be penalized for that either.
What I am saying is that
1) per captita windows machines have more bots than other systems
2) that bots don't just hurt windows user but do affect others.
Re:How to stop the bots (Score:1, Interesting)
Re:Request (Score:2, Interesting)
Re:Request (Score:4, Interesting)
The major ISPs will do it, but only if it's already costing them $$ in bandwidth.
Re:This will change with Vista (Score:3, Interesting)
Windows 9x had a well-deserved reputation for crashing all the time. Windows 2000 was barely usable when it first came out (because applications and drivers weren't written for NT), but once that got sorted out, it was pretty stable. Windows XP has that same level of stability, but it still crashes from time to time, not because of problems in the OS, but because of buggy drivers or third-party software - I've seen buggy drivers for a wireless NIC send a laptop into an endless BSOD loop, and video card drivers are notorious for causing problems.
Of course any OS will have trouble with bad hardware. I've killed a Linux box just by trying to read a scratched CD.
Anyway, in Windows Vista, whenever a program crashes, or you get a BSOD, Vista sends an error report to Microsoft, and a couple of days later, you get a little popup message that they've identified the problem. It tells you what caused the problem, and what to do to fix it. It actually works!
Please note that I am not a Windows fanboi - I'm typing this in Firefox on my iBook running Mac OS X, and there are three Slackware servers, an iMac, and an old laptop with Ubuntu in the next room. Also note that I wouldn't recommend Windows Vista to anyone for their primary computer until Service Pack 1 has been out for at least a month or so; not only is the OS currently rather broken, but third-party support is crap right now. By the time SP1 comes out, things should generally work (and the extra month is to account for problems and incompatibilities introduced in SP1).
Re:This is a feature of WINDOWS - fix summary (Score:3, Interesting)
Re:You Are Required by Law (Score:4, Interesting)
Re:How to stop the bots (Score:3, Interesting)
What about a broadband users license? (Score:4, Interesting)
Or at least require ISPs to provide minimal security training to their broadband customers. As has been said: Most infection is self inflicted through ignorance. Some people might welcome the chance to learn. I know I did not want to scuba dive without some training. A lot of parents would be motivated to learn about filtering software etc. A license should be grandfathered in of course. This problem will worsen in direct proportion to bandwidth. And certainly there should be citizens' band speeds. (TBD)
People might grumble, but if it is sold as a community responsibility a license track might fly. Most (well, many) people are motivated by a sense of community responsibility. I had a young friend whose computer was a viral soup. Infected beyond redemption. Ruined. I reinstalled Windows for her, which cleaned up the mess, but she was resistant to the idea of anti-virus software because she claimed she did not do anything serious with the computer and did not want to hassle. Her current mess had taken years to build. And, she asked, couldn't she just redo the box again when it tanked? But I pointed out to her that it wasn't just her that suffered, it was the whole community that suffered when she left her computer vulnerable. (I explained a little about bots) The idea that she could be hurting others through inaction really upset her (she had never thought it through) and so we were downloading Zonealarm, AVG and AdAware in no time. In the end she bought a subscription to a suite. McAfee I think.
Before anyone starts screaming about rights and freedoms being taken away, please think about this: A license is a way that a civil society makes its members accountable, from food vendors to electricians. I am less free because of all the bots out there. If people can't get on the highway without demonstrating some knowledge, Why should they get on the information highway in a state of ignorance, especially now that we are banking and shopping there?
Re:Request (Score:2, Interesting)