CastleCops Anti-Malware Site Closes Down 68
Fortran IV writes "Volunteer-powered anti-malware site CastleCops appears to have closed shop. As of Tuesday, December 23, the CastleCops home page notes: 'You have arrived at the CastleCops website, which is currently offline. . . . Unfortunately, all things come to an end.' It was reported back in June that Paul Laudanski, founder of CastleCops and its parent Computer Cops LLC, was taking a full-time job with Microsoft and was 'looking for new management' for CastleCops. The site has also long had problems with funding and with hostile action from spammers. The actual shutdown seems to have taken the security community by surprise; as late as Tuesday evening Brian Krebs was still recommending CastleCops on his Security Fix blog."
Ditto (Score:3, Interesting)
The look of that site always made me nervous and I could never really tell if it was legit. Correct me if I'm wrong, but isn't CastleCops the ones who distribute HijackThis? I think so, because I'd always get nervous about downloading it from that website.
It must be hard to use AdSense on a security site like that because most of the ads would be "you may have blah blah blah". One of the flaws in AdSense, I suppose.
Re:the community (Score:1, Interesting)
Posting this as AC because I'm the one who made up the design for that site... back when it was Computer Cops and not Castle Cops... and this was also about 7 years ago when that "look" was fresh for the internet.
Imagine my surprise when browsing around I stumbled there and saw the same design, just kind of more raped and pillaged for the CMS. Not saying it was great to begin with, but that's one of the few sites that was probably Web 0.5b, and decided to stick it out.
It's one of the sites I don't tell people I designed anymore, that's how I feel about it ;)
Too bad the site went under though, Paul is a good guy and I wish him all the best in his future endeavours. I'm sure someone will bring it back under a different name.
A big LOSS for no acceptable reason (Score:2, Interesting)
This seems to have been such a badly handled shutdown. I've been tracking it since Dec 24th. and I was wondering if anyone at slash-dot would even comment. Now finally there is a thread.
By just shutting down CC, Paul Laudanski has destroyed the work of many many volunteers. All the reference pages on malware, illegitimate & legitimate dll's etc are just GONE. Additionally pages on specific projects like proximotrom (sp?), etc have just been vaporized. From what I have been able to find NO ONE was offered even the chance to archive any of these items.
It's a pretty BAD act by Paul. And while people have speculated on the reasons, Paul has not even had the decency to post any explanation. The reports of his being forced to close CC by MS, having pressures of a third child are all just speculations by others. And his defenders get very aggressive. BUT No response from Paul.
Additionally the choice of Dec 23rd to shut the site off, sure looks like it was planned for a time when fewer people might be watching.
So as to the once respected Paul Laudanski, it seems that he has displayed an arrogance adn a total disdain for DD'd supporters, volunteers and the work a lot of us contributed. Cc was a valuable resource and to have it sneakily destroyed with out any recourse is not acceptable. Paul might have had the right to do this but that does not make his actions the right thing to do.
This would definitely damage any credibility he might have had. Perhaps we should remember this ifs he ever puts his head up again. No credibility. But plenty of arrogance and disdain for others. Not very good additions to his resume.
But some will say that he may have had good reasons. OK. But that does not count unless he discloses what why. By saying nothing publicly, he has now negated the value of any good reason he might have had.
And on top of it all he managed to block any archiving. Even getting the site out of the "way back machine"
A very disgusting set of events. All done by the formerly respected Paul.
but this is just one "unbiased" opinion. :(
Re:Your premise is wrong (Score:5, Interesting)
Spamming V1aG4 isn't were the money is at. The big money is in identity theft, espionage and pump & dump schemes. These crimes are committed by using botnets that host phishing sites, send out phishing spam, and use scripts to log into bank accounts and broker accounts.
It is an economic problem, yes. It is *not* analogous to prohibition. This stuff *is* criminal and the crimes committed cost tens billions of dollars each year. The solution is *not* to just toss your hands up and say "we give up", the solution is to lock these fuckers up and toss the key. We, as a society, need to clamp down on these fuckers before they do something that really screws with us. And don't kid yourself either, these people are sitting on top of some of the most powerful distributed computers on the planet.
Chicken Bone Spammers, V1agr4 and R0l3x W4tches is old school 1998 thinking. That crap is the little leagues. The big money is in "professional," massive, highly organized, sometimes government funded crime. This is the big leagues and the assholes playing in it need to be stopped.
But that's exactly why new laws aren't going to work. What you're talking about there is fraud. Fraud is fraud; it's not something new just because the means of communication was a networked computer. Fraud is already universally illegal (everywhere or nearly everywhere) and this hasn't stopped the type of spam that you mention. Why? Because these criminals are finding it to be very profitable.
The laws that imprison or execute people for things like rape and murder have some deterrent effect on would-be criminals because there is generally no enormous economic incentive to rape and murder people and the desire to do those things is widely recognized as aberrant and pathological. Contrast that with spam (any kind) where there is a strong economic incentive (it's only getting worse so it's obviously profitable) and the desire to make money is generally valued and encouraged by our society -- the problem with spam is the destructive method by which that desire is satisfied, not the desire itself. In my mind, that's the difference between enforcable laws and unenforcable laws.
I believe that my previous point was sound and still applies here. The only thing your clarification changes is the application of the term "demand". Whereas before, demand constituted people who purchase items from spammers, now it also describes people who want to connect a computer to a network that is known to be hostile without learning how use it securely (botnets), people who want to make transactions without careful authentication (phishing), and people who want to get rich quick or who think that some random spammer with a stock tip really has their best interests at heart (scams). Whether such people are genuine victims or merely suffering the consequences of poor decision-making makes no difference to the spammer. A large (enough) number of people who keep doing these things despite all of the warnings against them and all of the information available is indistinguishable from the usual sense of the word "demand" as far as spammers are concerned.
What I am telling you is that so long as this is the case, you can make the penalty for this type of fraud as severe as you like and it will make no difference, for all of the reasons I have outlined in my previous post. It is prohibition because there is a large enough demand to make $ACTIVITY profitable and you are trying to eradicate $ACTIVITY by punishing $SUPPLIER in an effort to destroy $AVAILABILITY. It will fail for all of the reasons why more traditional forms of prohibition have failed.
Remember that you don't need perfectly knowledgable users running perfectly secure systems so that online fraud is completely impossible; you just need knowledgable enough users running secure enough systems to make fraud difficult enough that it's no longer profitable. Accomplishing this is merely very difficult; catching, prosecuting, and punishing enough spammers to achieve anything resembling "stopping spam" is utterly impossible.
Re:I agree (Score:3, Interesting)
I think much of that comes from the "artificial scarcity" nature of copyright and the repeated extensions to both the duration and severity of copyright law. Our legislators are not carefully evaluating whether or not technology has made this model obsolete and using the results of that evaluation to make any necessary adjustments. Instead, they are applying more and more "brute force" to the law by turning formerly civil matters into criminal matters to appease various monied interests, as though such complex problems could be solved so easily. Not surprisingly, the reaction to this has not been a good one.
Part of it too is that the reason why you should have reasonable laws that are not weighted too heavily in favor of any particular group is because when people lose respect for the law, they tend to lose respect for the entire institution. It is trendy these days to "make an example of" people who commit certain crimes and sometimes the question of whether the punishment fits the crime is well-founded. There is also the possibility that a free-for-all network where all forms of computer intrusion are legal will result in more secure systems than would a regulated network where such people are prosecuted. This boils down to a form of Darwinian natural selection. I'm not saying it's a good or desirable possibility, only that it may be true regardless of anyone's personal feelings about it. A spammer getting 10 years doesn't bother me, so long as this is for actual fraud/ID theft and not merely because otherwise legitimate business offers were unsolicited, and so long as we aren't releasing violent offenders early to make room for them like we do in the War on (Some) Drugs. I am not agreeing with or defending the views you mention. I simply find it edifying to understand where viewpoints come from, especially those with which I disagree.
Let's just say for the sake of argument that an Ultimate Solution to the Spam Problem has been found and that this Solution can be absolutely rigorously proven with 100% confidence. If it turns out that the Solution is for the users to alter their computing habits, would you say someone was "blaming the user" if they advocated it? I believe that too much concern for who is at fault, for at whom we can point the finger, is counterproductive. There's a certain visceral satisfaction to it if you need that but it's not good problem-solving, especially if your goal is prevention. It can cause good ideas to be discarded for no reason except that they affect someone other than the perpetrator.
Switch-Hitter..... (Score:2, Interesting)
"It was reported back in June that Paul Laudanski, founder of CastleCops and its parent Computer Cops LLC, was taking a full-time job with Microsoft"
-And this turncoat joins *MICROSOFT"?!
I though he was *ANTI-* malware!