Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security The Internet

Computer Security Still Totally Inadequate 452

Several news sources are running articles detailing the lack of computer security on all platforms. Symantec foretells a dark future for Firefox and Mac users describing their security as a "false paradise". Kernel developer and Red Hat fellow, Allan Cox stated in his recent interview with O'Reilly that "even the best systems today are totally inadequate". He goes on to say that "We are still in a world where an attack like the Slammer worm, combined with a PC BIOS eraser or disk locking tool, could wipe out half the PCs exposed to the Internet in a few hours," Cox said. "In a sense we are fortunate that most attackers want to control and use systems they attack rather than destroy them."
This discussion has been archived. No new comments can be posted.

Computer Security Still Totally Inadequate

Comments Filter:
  • by Musteval ( 817324 ) on Monday September 19, 2005 @06:46PM (#13600023)
    No agenda here. Move along.
  • OSX Virus (Score:3, Interesting)

    by Fahrvergnuugen ( 700293 ) on Monday September 19, 2005 @06:47PM (#13600038) Homepage
    I've been an OSX user for nearly 5 years. Still waiting...
    • Re:OSX Virus (Score:4, Insightful)

      by qw(name) ( 718245 ) on Monday September 19, 2005 @07:16PM (#13600270) Journal

      The primary problem with OS X is the indiscriminate use of the administrative password. Mac users are so used to typing in that password that if an installation ask for it the user automatically types it in. Instant root-kit installation. Now, let's see if Symantec, with all their ridiculous doom and gloom crap, detects it.

      • Re:OSX Virus (Score:5, Insightful)

        by Metzli ( 184903 ) on Monday September 19, 2005 @07:32PM (#13600369)
        I'm not trying to shift the discussion from OS X, but it's not the only OS with that potential user issue. How often does a Linux user click on a program on their desktop that asks for a password? This is a user education issue, just like the "don't click on files that you weren't expecting" Windows problem. Unfortunately, it's darn-near impossible to protect the user from his/her own stupidity, regardless of the operating system they're on.
      • Re:OSX Virus (Score:5, Insightful)

        by arminw ( 717974 ) on Monday September 19, 2005 @10:48PM (#13601344)
        .....Mac users are so used to typing in that password that if an installation ask for it the user automatically types it in.....

        That assumes the Mac user knows the admin password. In a business or school environment the password could be kept only by a few administrators and in a home the parents could keep it. Everybody else is just an ordinary user and the computer is therefore safe from any attack that needs adminsistrator access.

        In Windows that is much harder and often impossible to do, because so much software for mostly stupid reasons will not run correctly if the user is not an adminsitrator.

        Restricting users like this would go a long way to reducing the spread of malware. Only those clueless computer users that are running as as adminsitrators could be affected if they type in their password after they have downloaded something from the Internet.

        Unlike Windows, there are NO known exploits that can come over the Internet that DON'T require some action on the part of a user. If the action involves an unknown admin password, then that stops the nast stuff right then and there.
    • Re:OSX Virus (Score:2, Insightful)

      by Ubernurd ( 648801 )
      How is this "informative", mods?

      The article's point is that as "alternative" (read non-MS) OSs and browsers gain popularity, they will garner proportionately more attention from crackers. The "dream world" they speak of is the notion that certain products are more secure because there are less attacks launched against them.

      Not that I agree with TFA, but the point it is trying to make is that because these products have fewer deployments they are a less juicy target for crackers (opportunists). That will c
    • Re:OSX Virus (Score:5, Insightful)

      by drsmithy ( 35869 ) <drsmithy@gm[ ].com ['ail' in gap]> on Monday September 19, 2005 @09:35PM (#13600995)
      I've been an OSX user for nearly 5 years. Still waiting...

      So am I, but I don't kid myself the lack of OS X viruses is because of something in the OS making them impossible (or even difficult) to create.

      • I don't kid myself the lack of OS X viruses is because of something in the OS making them impossible (or even difficult) to create.

        Actually, I think it is pretty difficult to create an internet worm or virus that will infect OS X machines and propagate. Some of this is due to circumstance and some of it is due to a better design. Circumstantially OS X machines are still not common, so any worm or virus that wanted to quickly spread to them would have to be cross-platform or very intelligently targeted. E

  • by account_deleted ( 4530225 ) on Monday September 19, 2005 @06:47PM (#13600044)
    Comment removed based on user account deletion
  • by orangeguru ( 411012 ) on Monday September 19, 2005 @06:48PM (#13600048) Homepage
    With security suites like that you don't need any hackers or viruses. Bloated Symantic software makes your computer unusable and unstable anyway ...
    • by MikeFM ( 12491 ) on Monday September 19, 2005 @07:18PM (#13600289) Homepage Journal
      I hate that. I've fixed more people's computers by simply removing these crappy security suites than I ever have needed to fix viruses and hacks. A firewall, reasonable use restrictions (not installing Chinese software cracks), not using IE/Outlook, and running an occasional anti-virus anti-spyware scan are plenty.

      If you need more then switch to Linux.
    • Completely true. Anti-virus software is itself a hugely invasive, expensive, destabilizing chunk of voodoo that alters your system's behaviour in countless poorly-documented ways. Unless your virus risk is absurdly out of control (ie, you're running Windows), anti-virus software is vastly worse than the problem it supposedly solves.

      The only thing I find amazing is that a large number of people somehow find it okay that their systems are broken enough by default that it's reasonable to think you need some ad
      • Anti-virus software is itself a hugely invasive, expensive, destabilizing chunk of voodoo that alters your system's behaviour in countless poorly-documented ways. Unless your virus risk is absurdly out of control (ie, you're running Windows), anti-virus software is vastly worse than the problem it supposedly solves.

        So much for the legendary robustness of $ALTERNATIVE_OS, then. If Linux or MacOS X is so much better designed than Windows, how can some anti-virus software destabilise the system as you desc

    • by Moraelin ( 679338 ) on Tuesday September 20, 2005 @03:59AM (#13602331) Journal
      Well, I won't disaggree with you on the whole. It in fact mirrors my own thoughts and observations.

      I once got a computer virused intentionally. (That was the only Windows virus I ever got, btw, so if anyone wants to start with the canned "Windows has viruses, use Linux instead" answers, spare your breath.) I was installing Windows 2000, had no firewall handy, and thought I'm too lazy to go buy a firewall or go burn Zone Alarm on a CD on someone else's computer. Also, I didn't know yet that I could just activate the built-in poor-man's firewall (yes, you can tell Windows 2000 to not allow incoming connections) to stay safe until I download the updates and a firewall. So, anyway, I thought I'd let it get virused while I download the firewall, then format and reinstall. It's not like 20 minutes extra are a major catastrophe.

      So predictably it does catch an RPC buffer-overflow virus while downloading Sygate Personal Firewall. Then I block it from connecting to the network and play with it a little. It got me curious.

      You know what was sad? It actually slowed the computer a lot less than Norton. You know what's sadder? Installing Norton and running a full scan didn't catch it anyway. It just slowed down the computer some more.

      But still, Symantec isn't _the_ worst. Try McAffee sometime if you're masochistic. Not only it was even less efficient and slower, but also had such gems as:

      - needed IE to download its updates, because it used some ActiveX crap, but it was too stupid to just launch IE, then. It launched the default browser, in this case Opera, and then couldn't get itself updated. That sad.

      - it was installed on D: but the updates proceeded to install themselves in the default directory on C:. Worse yet, I wasn't just left with just an extra copy on the hard drive, but had two versions running in RAM at the same time.

      - this got even funnier later when I uninstalled it, because one of the two versions remained installed and auto-loaded. I had to edit the registry to stop it. (If you thought only spyware has to be removed that way, McAffee is obviously the counter-example.)

      - their "privacy" protection basically did nothing but try to protect me from cookies, including temporary login cookies on web sites. I suddenly couldn't use any sites that required login. Not even in a consistent and predictable way. E.g., Gamespy's Fileplanet got terminally confused and different pages thought that I was logged in and not logged in at the same time.

      And so on and so forth. That was a rather non-funny experience.
  • by diegocgteleline.es ( 653730 ) on Monday September 19, 2005 @06:50PM (#13600066)
    1. No activex
    2. Automatic updates

    The nightmare IE/windows users have suffered for years is pretty much derived from these two points.

    BTW, gotta love how the IE guys [msdn.com] are adding a "new" feature to IE7:

    Building on the security features released at beta 1, upcoming new features will include ActiveX Opt-in: To reduce the attack surface and give users more control over the security of their PC, most ActiveX controls (even those already installed on the machine) will be disabled by default for users browsing the Internet

    I already can read the press: "IE7, with new ActiveX Opt-IN technology which protects you from the threats of the Internets"

    it's amazing how they're trying to get rid of one of their major security mistakes by converting it in marketing crap. "IE7 adds activex opt-in". No, IE7 doesn't "add" that feature. It just removes/limites a already existing feature
    • by khasim ( 1285 ) <brandioch.conner@gmail.com> on Monday September 19, 2005 @07:21PM (#13600308)
      The "experts" writing these "articles" will be out of a job as security increases.

      From TFA:
      According to the latest edition of Symantec's Internet Security Threat Report, 25 vulnerabilities were disclosed for Mozilla browsers and 13 for Microsoft Internet Explorer in the first half of 2005.
      And that statistic means absolutely nothing. Simply counting the vulnerability ANNOUNCEMENTS does not tell you anything about the vulnerabilities themselves.

      Is a vulnerability that causes FireFox to crash the same as a vulnerability that automatically installs an ActiveX control? Nope.
      Graham Pinkney, head of threat intelligence EMEA at Symantec, said that switching from IE to Firefox as a way of minimising security risks was no longer valid advice.
      Yeah. Whatever. How about you do a survey and find out how many FireFox machines have been compromised via FireFox? Huh? How about that?
      "Cross-site scripting attacks have been used to attack more vulnerabilities in Mozilla browsers over the last six months than IE," Pinkney told an IDC security conference last week ahead of the publication of Symantec's threat report today.
      And he has determined that ... how?

      Seems to me that IE's still being hit by spyware and such crap. Or didn't he mean those attacks?
      John Cheney, chief executive of email filtering firm BlackSpider, replied that the release of Firefox had "helped Microsoft to raise its game" in terms of browser security.
      "We sincerely thank the person who killed our daughter because it makes us appreciate our son so much more now." Does that make sense to anyone?
      As well as making comments that will doubtless irk Firefox fans, Symantec has renewed its assault of the perceived security advantages of Apple Macs.
      Hmmmm, Symantec sells anti-virus software and the like.

      Macs don't seem to be having massive virus/trojan/worm problems.

      Something doesn't look right.
      "Mac users may be operating under a false sense of security as a noteworthy number of vulnerabilities and attacks were detected against Apple Mac's operating system, OS X," Symantec said, reflecting comments in the previous edition of its threat report that OS X was an emerging target for attack.
      When "emerging" becomes "successfully attacked and cracked" it will become an issue. Until then, the "threat" is purely theoretical.
      "While the number of vendor-confirmed vulnerabilities in OS X has remained relatively constant during the last two reporting periods [12 months], Symantec predicts this could change in the future."
      Again, it isn't the number of vulnerabilities, it's how they can be exploited.

      Yet I keep seeing references the the NUMBER of vulnerabilities announced.
      Symantec's analysis on a rootkit (OSX/Weapox) reveals it is designed to take advantage of OS X.
      #! /bin/bash
      cd /
      rm -R

      Oh my GOD!!! It's a trojan that is designed to exploit the bash shell on LINUX!!!
      "This particular trojan demonstrates that as OS X increases in popularity, so too will the scrutiny it receives from potential attackers."
      As does my example with regards to bash and Linux.

      It isn't whether someone can write a virus/worm/trojan. It's whether they can get such onto your box.
      Away from the desktop, Microsoft enterprise applications remain the top hacker target.
      Why "away from"?

      Aren't they also the top target on the desktop?

      How about "As well as the desktop, Microsoft's enterprise apps are targets for attack"?

      Nothing but more crap from a vendor who's seeing their gravy train getting ready to leave the station on its last run.
    • by quazee ( 816569 ) on Monday September 19, 2005 @07:21PM (#13600309)
      This, in fact, should reduce the IE's attack surface several-fold.

      MS has made a huge mistake when IE 4.x-6.x relied on CATID_SafeForScripting/CATID_SafeForInitializing COM component categories to make decisions whether it's safe to use the COM component from a JavaScript/VBScript.

      CATID_SafeForScripting is not needed when the COM component is accessed from a stand-alone .VBS/.JS script stored on the local machine (which is trusted to do anything anyway), yet a lot of MS and third-party components is in CATID_SafeForScripting for no reason at all.

      IE has a kill bit [microsoft.com] feature which allows disabling certain scriptable COM components based on their GUIDs. And most IE security fixes are, in fact, just registry updates adding more of those "kill bits".

      Examples: http://www.microsoft.com/technet/security/bulletin /fq99-032.mspx [microsoft.com]
      http://www.microsoft.com/technet/security/bulletin /fq99-037.mspx [microsoft.com]
      http://www.microsoft.com/technet/security/Bulletin /MS02-055.mspx [microsoft.com]
      http://www.microsoft.com/technet/security/Bulletin /MS02-065.mspx [microsoft.com]
      http://www.microsoft.com/technet/security/bulletin /ms02-055.asp [microsoft.com]
      http://www.microsoft.com/technet/security/bulletin /ms03-038.asp [microsoft.com]
      http://www.microsoft.com/technet/security/Bulletin /MS03-038.mspx [microsoft.com]
      http://www.microsoft.com/technet/treeview/?url=/te chnet/security/bulletin/MS03-038.asp [microsoft.com]
      ... and many-many-many more of these holes (just search for "kill bit" with the quotes)
      • And to make matters worse, IE running on Windows XP SP2 now blocks lots of ActiveX objects whether or not they are in CATID_SafeForScripting... which might be a kind of blanket security, except now an ActiveX object merely has to correctly implement IObjectSafety to get around that. So I suppose Microsoft isn't protecting us from malware writers, they're just protecting us from really lazy ones.
        • Good point about IObjectSafety in SP2. MS has raised the "bar" a bit further up by this, leaving old buggy code behind the bar.

          However, if malware ever gets installed and gains admin access, it is quite pointless to defend against it.
          Even the new IE7 opt-in system is going to be fooled - but *until* your system is rooted, you are in control of the COM components that can be used against you - and that's the point.
    • it's amazing how they're trying to get rid of one of their major security mistakes by converting it in marketing crap. "IE7 adds activex opt-in". No, IE7 doesn't "add" that feature. It just removes/limites a already existing feature

      Windows Server 2003 already have this "feature". Actually, what they did was increase the restrictions in the "Internet" security zone, and *presto!* And you can't even download on this zone by default. Even Windowsupdate requires you to add it manually to the "trusted sites"
      • It is not a brand new IE feature, it is just a set of locked-down default security settings probably too harsh for average home user (a.k.a. 'Enhanced Security Configuration' - you can revert to WinXP default settings in 10 seconds if you want).
        This is reasonable on servers, but too restrictive to put that in Vista.

        The ability to control (and disable by default) the loadable COM components without the Registry Editor (browsing through 1000's of COM GUIDs) is new in IE7, and that is a welcome improvemen
  • I am surprised that it has not yet happened that a disgruntled IT worker has not launched such an attack targetted at a specific company. I still think it is a matter of time until a company suffers such a severe attack that it is forced under.
  • by Anonymous Coward on Monday September 19, 2005 @06:50PM (#13600072)
    One of the links appears to be new. The other was posted like a week ago. Since the 'editors' don't actually read the site, why don't they just have a short script which checks whether the same link has been posted in another story. That would really cut down on the dupes, and wouldn't take long to implement.
  • by bcrowell ( 177657 ) on Monday September 19, 2005 @06:51PM (#13600081) Homepage
    I first heard this ca. 1990: if your system is connected to the internet, and it hasn't been hacked yet, it will be soon. Still hasn't happened to me.

    We are still in a world where an attack like the Slammer worm, combined with a PC BIOS eraser or disk locking tool, could wipe out half the PCs exposed to the Internet in a few hours
    Well, actually, I wonder what percentage of PCs are currently infected with malware? I'd guess way more than 50%, and the world hasn't come to an end. Actually, it would probably be a good thing if the hypothetical disk-erasing worm would come along -- it would probably prompt a lot of dumb users to make backups, take some basic security precautions, and maybe consider switching from MS-ware to more secure OSS.

  • by Sheetrock ( 152993 ) on Monday September 19, 2005 @06:51PM (#13600082) Homepage Journal
    Not good enough he's a kernel developer and Red Hat fellow, now he had to go and add an l to his name?
  • I'm delusional (Score:4, Interesting)

    by toupsie ( 88295 ) on Monday September 19, 2005 @06:52PM (#13600086) Homepage
    Symantec foretells a dark future for Firefox and Mac users describing their security as a "false paradise"

    I have been happily living in a "false paradise" since 1984 using Macs.

    P.S. Fair disclosure I was laid off by Symantec when they bought Fifth Generation Systems in the early 90s.

  • by argent ( 18001 ) <(peter) (at) (slashdot.2006.taronga.com)> on Monday September 19, 2005 @06:56PM (#13600122) Homepage Journal
    Symantec makes their money by producing an amazingly complex set of tools for patching up a security failure after the fact. It's in tehir interest to convince as many people on as many systems as possible that this is the best way to deal with security problems.

    They have been pulling this kind of thing for years, predicting floods of malware on Palms, Pocket PCs, mobile phones, and I'm sure that game consoles and internet connected coffee machines will be next.

    I'm glad they're working on the problem, so if it ever happens that Apple pulls a stupid trick like ActiveX they'll be there, but in the meantime more people have lost data due to false positives from antivirus software on these platforms than have lost data to actual viruses... so I'll steer clear and take everything they say about it with a grain of salt.
  • what's real? (Score:5, Insightful)

    by catwh0re ( 540371 ) on Monday September 19, 2005 @06:59PM (#13600140)
    Although a lot of attacks are technically possible(ideal conditions being that the computer can manage to stay alive and the user doesn't notice the security issue), they aren't very practicle. For example a lot of worms do their most damage because they are left unattended(and unnoticed) for large amounts of time, hence by including things to destroy the infected system this will render the system unusuable, this will result in the owner interferring or the system being so destructed that it is already unable to spread the virus. It's a gentle balance that mimics the actual spread of real diseases. More serious diseases don't spread far because they become noticed sooner and are contained naturally (i.e death.) While more subvert diseases are easily spread as the host can live, move about, give it to others unwittingly.

    Our most effective viruses will be the ones that allow the system to live long enough to spread the virus, and as soon as it can't spread it anymore, or the rate of infection drops below a certain level, the self destruct button can be hit. Allowing maximum transfer, and then maximum destruction.

    In the time between these two phases human interference should be able to pick up the CPU/network drain. (Or perhaps a software developer can make a program that realises when cpu usage + network activity is uncontrolled.)

    • Re:what's real? (Score:5, Interesting)

      by Requiem Aristos ( 152789 ) on Monday September 19, 2005 @07:30PM (#13600350)
      The problem with the "Kill the host and the virus can't spread" counter-argument is that it assumes one of two goals:

      1) You are trying to keep the virus active indefinitely, or...
      2) The virus requires a significant amount of time to saturate the population.

      If the writer is interested in making a name for himself neither of the two may apply. Some of the recent big-name worms have been able to infect a significant percentage of the vulnerable population in a matter of minutes or hours. This means that after the first 4 hours or so your rate of infection will level off, and you may as well start killing hosts. Which would get the greater publicity, just infecting 3/4ths of the Net, or infecting 2/3rds the Net but permanently killing the machines?
  • by NatteringNabob ( 829042 ) on Monday September 19, 2005 @06:59PM (#13600144)
    According to Symantec, this is an enormous untapped market for them since we are all very attractive targets and living in a security dream world. And those products, particularly for Linux, are where exactly? Actions speak louder than words, and if Symantec really thought there was an enormous threat here, they would be pushing out products to address it, because that is what companies that want to maximize profit do. Instead, of products, they produce press releases. Once Microsoft's lapdog, always Microsoft's lapdog I guess, even after they have decided to have you put down.
  • No-no-no-no (Score:5, Funny)

    by HangingChad ( 677530 ) on Monday September 19, 2005 @07:01PM (#13600158) Homepage
    Symantec foretells a dark future for Firefox and Mac users describing their security as a "false paradise".

    If it was a false paradise it would come with a tropical island, Nicole Kidman and bathtub full of champagne.

  • In other news (Score:3, Interesting)

    by C_Kode ( 102755 ) on Monday September 19, 2005 @07:01PM (#13600160) Journal
    The sky would be falling but the bad guys don't really want it too.

    Seriously, how are we "fortunate" that they only wish to take control over your server and not destroy it? If one of my servers are compromised it's as good as destroyed. If they didn't do it, I will as I wouldn't trust any part of the system. (drives wiped and hardware flashed)
  • by Anonymous Coward on Monday September 19, 2005 @07:02PM (#13600169)
    I think I'd rather exist in a false paradise than a certifiable hell.
  • by SQLz ( 564901 ) on Monday September 19, 2005 @07:03PM (#13600179) Homepage Journal
    Well, I bought Norton for mac and when I ran it, it said:

    "Updating Virii Signatures......"
    "0 Signatures updated, there are no virii for mac you idiot"

    Can I return it?
  • by Soul-Burn666 ( 574119 ) on Monday September 19, 2005 @07:05PM (#13600198) Journal
    It doesn't even matter how secure your "system" is, stupid users will always break the system and allow infections.

    Where I live, there was a huge scandal about some company that sent other companies "demo discs" which the employees at the other company obviously ran, trusting some random company. This caused a trojan/backdoor to be installed, eventually costing the companies a lot of data which was viewed by their competitors.

    Even in the army, they have a network completely (physically) disconnected from the public internet, with very strict rules on what's allowed to move inside and usually everything is ok. One time there was a large outbreak of a virus, obviously it was disconnected from the outside, but still an outbreak.
    The source? A high ranked officer thought he's above the rules and connected his infected laptop to the inside network.

    No matter how strong are your means of security, stupidity will always prevail.
  • As long as humans are part of it, it will happen no matter how good security is. Heck, spam gets sent because *someone* out there is dumb enough to buy something advertised as\/14gR4

    On the other hand, a clued-in user with "commonly recommended security tools of the times" (currently a firewall and AV if they run windows, future who knows?) will typically defeat most things.
  • by Uhlek ( 71945 ) on Monday September 19, 2005 @07:07PM (#13600212)
    Yet further proof that almost all "security professionals" have about as much intelligence as a gnat.

    I'm really tired of mediocre systems guys passing a CISSP exam (thousand miles wide, quarter inch deep) and being declared experts on securing things they don't even understand to begin with.

    For one, quantative analysis of the numbers of vulnerabilities doesn't equate to determining if a system is more or less secure than another. It's also meaningless if you don't compare how the systems are configured in what kinds of environments. Even simple things like Linksys routers greatly contribute to additional security on a personal computer (Windows or otherwise).

    From the article: "Symantec chronicled 1,862 new vulnerabilities during 1H2005 - an average of 10 new flaws a day - 73 per cent of which it categorises as easily exploitable. The time between the disclosure of a vulnerability and the release of an associated exploit was just six days. Half (59 per cent) of vulnerabilities were associated with web application technologies."

    Can anyone tell me where in that statement is a shred of useful, meaningful information? Of course not. Because there is none.

    Insofar as Firefox and and OS X being "in for surprises." Sure, Firefox is an evolving application, bugs will be introduced and squashed, and later on more will be introduced. Some of those will be security vulnerabilities. Any application who's sole job is to pull data from untrusted sources and parse it will be vulnerable to security problems resulting from buggy code. Period. End of sentence.

    OS X ... please. The "it's not as popular" theory as to the lack of OS X viri and worms has been beaten to death over and over. Simple fact is the difficulty would make the first creator of an OS X virus or worm famous beyond anything another Windows worm would cause -- even if the spread wouldn't be nearly as bad. And yet, here we are, five years after the release, and not a single virus or worm that directly affects the operating system. Surprised?

    Despite that incentive, it has yet to be done. A rootkit is being touted as "proof of OS X's insecurity." Give me a break. If you can trick a user to type in their admin password with an application, it doesn't matter if you're running Windows, Linux, BSD, OS X, HP-UX, or Solaris -- you're going to get owned.

    Jesus, I hate security people. I just want to choke them.
  • dark future (Score:5, Funny)

    by Anonymous Coward on Monday September 19, 2005 @07:14PM (#13600252)
    Symantec foretells a dark future for Firefox and Mac users...

    Whew, good thing I'm running IE 5.5 and Windows 98.
  • by Progman3K ( 515744 ) on Monday September 19, 2005 @07:14PM (#13600254)
    If all the infected machines were erased, there would be no more bots to spam me with e-mail. There would be no more ddos armies either... http://en.wikipedia.org/wiki/Ddos [wikipedia.org]
    • You're not the only one thinking about that. A friend of mine considered the same scenario once. I think it wouldn't be too bad if someone released a killer worm. The insecure machines would be erased, while the properly secured ones would remain.

      In fact, it's the standard policy at home: I let my folks do whatever they want with their PC, if it starts acting funny, though, it gets reformatted and reinstalled (with a previous DATA ONLY backup, strictly). I don't let them choose the basic software (mozilla o
  • by Yossarian45793 ( 617611 ) on Monday September 19, 2005 @07:17PM (#13600278)
    It should come as no surprise that computer viruses and worms tend to aim for control rather than destruction. This exactly parallels what happens with biological viruses and worms. A virus that destroys its host cannot propogate very far before becoming extinct. Viruses that damage their host but leave it good enough condition to continue transmitting it to other hosts are much more successful. The most successful viruses of all are those that go largely undetected and manage to spread to a majority of the population (think of sexually-transmitted diseases such as HPV).
  • by King_TJ ( 85913 ) on Monday September 19, 2005 @07:17PM (#13600281) Journal
    It makes me cringe whenever I hear Symantec making these "predictions" about potential attacks on computers.

    I have run into *countless* numbers of damaged Windows installations, directly attributable to Symantec's own products. Just last week, I struggled for hours with a customer's XP Home Edition because he was "having problems getting any streaming audio to work properly".

    Upon closer examination, the XP firewall was in a corrupt state, refusing to allow connections for his Internet radio stations. I was unable to view the advanced firewall properties, etc. After looking up event log error codes and trying several methods that repaired the problem for some people, it became obvious that I was looking at the result of a botched uninstall of a Symantec Personal Firewall or "Internet Security Suite" product.

    Not only can these things happen, but you'll often see computers with errors with the "32-bit subsystem" when going to an MS-DOS command prompt, due to Norton products screwing up system registry settings due to an improper/incomplete uninstall or installation/upgrade.

    Furthermore, when their anti-virus and "security suite" products do work properly, they still bring older, slower PCs to their knees in many cases. The "on-demand scanning" feature lags far behind the rest of the system when working with large numbers of small files (extracting a ZIP or the like), causing a window to constantly pop up, informing you to "please wait" while it scans them... And their "activation" process they now require for their AV products in Windows is every bit as bad as Microsoft's XP activation procedures! I remember purchasing a 25-pack of OEM Norton AV licenses last year, only to find that 6 or 7 of the key codes refused to work, claiming they were "used too many times" or the like. (I guess pirates with keygens hit upon them already or something?) Thiis is *not* the type of B.S. you want to fool around with when you're on a client site, getting paid by the hour to fix a virus problem for them!

    I won't even go into the disk corruption their "Disk Doctor" for Macintosh did to MANY customers after they upgraded to newer versions of OS X and Symantec didn't keep up with needed changes/patches to the product!

    Their company went down the tubes ever since Peter Norton quit coding their products and started getting royalties for having his photo thrown on the front of the packages.
    • Haha, I'm so glad I don't do tech support any more.

      So, I'll tell you something for nothing -

      Actually, more often than not, the "32bit subsystem error" is caused by a missing autoexec.nt and config.nt in the windows\system32 directory.

      No joke... check out MS KB 305521 (yes, I have a few favourite KB articles memorised...)

      You can recreate these as zero-length files or just copy them from the restore\ directory (created during initial XP install - may not exist on OEM images).

      Unfortunately, a certain number of
    • Yu, sounds about right. I had much fun with NIS 2001, which, for some strange reason, decided to stop working after we had reinstalled the computer's ISDN card. Not only did the process refuse to respond to any kind of input, it could also not be terminated in any way (which subsequently made proper deinstallation imossible). Also, it blocked 100% of all Internet traffic.
      We had to boot from a rescue floppy and delete the NIS folder before the system got usable again (yay for FAT32). Of course, a few weeks
  • by DECS ( 891519 ) on Monday September 19, 2005 @07:20PM (#13600303) Homepage Journal
    Symantec is publishing a self serving press release full of intentional lies as a news item, and idiot news outlets like the Register are publishing it without criticism.

    Shame on both!

    How about reporting:

    "Symantic issued an official sensationist panic warning to Mac users who have not bought their product. It is unclear how Symantec's products will secure the Mac platform from exploits, since they do nothing to secure a system from a user with physical access. The company may also consider selling volcano insurance and eating babies"

    From the actual Register story:

    "While the number of vendor-confirmed vulnerabilities in OS X has remained relatively constant during the last two reporting periods [12 months], Symantec predicts this could change in the future. Symantec's analysis on a rootkit (OSX/Weapox) reveals it is designed to take advantage of OS X. This particular trojan demonstrates that as OS X increases in popularity, so too will the scrutiny it receives from potential attackers."

    So Symantec:
    - is shy to report that there are no exploited vulnerabilities
    - analyzed a OS X root kit and determined it ran on OS X
    - thinks the adware/malware market, driven by demand for easy to zombify PCs, is somehow poised to launch specialized attacks on inherently secured systems via non-replicating trojans that require root access to install.

    Which is worse, Symantic's bullshit misinformation, or the Register's uncritical dissemination?

  • I'm surprised no seriously mallicious attacks haven't taken place yet. You'd think hardware vendors would perpetrate such things: they'd see huge sales.
  • Going Nuclear (Score:5, Interesting)

    by Doc Ruby ( 173196 ) on Monday September 19, 2005 @07:28PM (#13600340) Homepage Journal
    We haven't reached the tipping point yet. The tipping point from "blacklist" to "whitelist". People's computers still trust transmissions unless they are explicitly told not to. After the tipping point, on the other side of whatever puts us into the new track, we'll all accept traffic only from people we know, according to degrees of membership in our validated "web of trust". When an associate's own risk goes up, either through proximity through intermediaries with another associate that's not demonstrated uncompromised, or through failing vulnerability tests, or matching profiles vulnerable to newly identified threats, our systems will quarantine transmissions from them. Tainted info that's interacted with their transmissions will not be depended upon for any writeable operations. All our updated mitigations and responses will be brought to bear on the threat's local extent of transmissions. But the big difference will be that every system's default will be "distrust", and all systems will communicate their trustability as status changes.

    This change will be as important to infosystems as was the transformation of life on earth from "prokaryotes", cells without a defined nucleus within a nuclear membrane, into prokaryotes, nucleated cells. Their DNA and other infosystems are compartmentalized from the other machinery of the cell, including those that interact with signal-carrying chemistry from the extracellular environment. That change is the basis for most of life on Earth, for most of the lifetime of the world. The changes in infosystems will likely be as epochal. And until the infodynamic boundary between humans and machines is no longer mediated by non-nervous tissue (like typing fingers and seeing eyes), it will primarily define our machines, as well as ourselves.
    • Re:Going Nuclear (Score:3, Interesting)

      by Sven Tuerpe ( 265795 )

      After the tipping point, on the other side of whatever puts us into the new track, we'll all accept traffic only from people we know, according to degrees of membership in our validated "web of trust".

      Nonsense. Or perhaps an attempt to spread some propaganda here to prepare the ground for so-called trusted computing [lafkon.net]? Or a misunderstanding of some high-level discussions between people who never had to deal with real-world security issues?

      There is an obvious flaw in your argument: What you describe r

  • Totally. You have zero security. Zilch. None. Seriously. That firewall you have? Nada. It doesn't protect you at all. That unprivileged user you're using? Nope, not gonna cut it. There is no security. Seriously. Nothing is adequate. Nothing. Your security, regardless of what system you run, is Totally Inadequate.

    *yawn*

    Sure... whatever.
  • Rootkit? (Score:3, Informative)

    by imunfair ( 877689 ) on Monday September 19, 2005 @07:39PM (#13600414) Homepage
    First I saw them talking about Mac... then I thought well - it's BSD based now, which has been around practically forever.

    Then I saw them mention a root kit for OSX and wondered to myself what good that would do without actually having a way to gain control in the first place.

    (See definition of rootkit from wikipedia: "A root kit is a set of tools used by an intruder after cracking a computer system. These tools can help the attacker maintain his or her access to the system and use it for malicious purposes."

    Note the words "after cracking" and "maintain" ... not "hack into" and "gain")

    Sounds like a bunch of malarky disguised as solid information to scare people who aren't aware of more advanced computer concepts.
  • Seems you need a haircut.

    Oh, and Symantec says you aren't safe, and some guy in England who competes with open source software says it is going to ruin his industry without government help.

    Anyone see a pattern?
  • by Ernesto Alvarez ( 750678 ) on Monday September 19, 2005 @08:13PM (#13600605) Homepage Journal
    Even assuming firefox has as many vulnerabilities as IE, there is still a matter of design that is advantageous to firefox (and detrimental to IE): Firefox is relatively isolated from the rest of the system, while IE is fully integrated. That allows a vulnerability in one part (say IE) to affect others (like Office or Outlook). It's not the first time a vulnerability in IE can be exploited via malicious e-mail. In the case of firefox, most of the damage tends to remain in the same place (firefox). Even if you somehow use firefox applied to incoming mail, a vulnerability would mostly leave the intruder/malware with firefox's capabilities and usually not with the MUA's.

    It's just a matter of modular design.
  • by suitepotato ( 863945 ) on Monday September 19, 2005 @09:52PM (#13601098)
    No one thought the Unix systems of yesteryear were so vulnerable. They were. No thinks the Unix systems of today are as vulnerable. They are. In years past it was naive lack of understanding of the basic nature of the user base. These days, naive lack of fear.

    I've seen people have that same attitude before someone draws down and leaves them a crumpled mess on a bar rooom floor. It didn't help them and doesn't help the OSX, BSD, and Linux crowd. You cannot underestimate the danger of the average users' whimsy and inexperience, the truly committed crackers, and the legions of script kiddies who learn their tools from the first two. It isn't Windows that is insecure and dangerous. Windows does nothing it isn't told to by people stupid enough to tell it so by accident or on purpose.

    The future is pointed at self-contained encrypted containers of both interpreted and compiled code objects flitting about the global net and this future will be embraced by Microsoft and the only way that Microsoft will not entirely control it is if the major vendors arrayed against them co-opt the paradigm with standards themselves. The law of unintended consequences being what it is, there is no way that the non-MS community can say credibly that the sheer combinatoric explosion of possibilities for system interaction in this future will not affect them, no matter what their safeguards. It's like trying to guess the outcome of a mating based on a glimpse of a few genes of one parent.

    Assume the worst or the worst will happen to you. Hold true in survival on the streets, in the jungle, or on the Internet. Blowing off the very idea is foolhardy in the extreme. The only option for Linux for its part to avoid it is to remain a sado-masochistic wrong and hard is better than right and easy platform which scares away the average user. In that case, Microsoft's hegemony is assured simply through the incompetence of their opponents, not that it isn't close to that already.
  • by redelm ( 54142 ) on Monday September 19, 2005 @10:19PM (#13601224) Homepage
    Nothing new in this article. The big question remains: if the potential is that large, why hasn't it happened already?

    I suspect it is for one of two reasons: Either doing physical damage to the PC (BIOS/MBR wipes) isn't that easy; or the machines are better protected than we think. Many people have hardware firewalls as part of their home routers. AOL can't be trusted to pass any packets..

  • by sdedeo ( 683762 ) on Monday September 19, 2005 @11:29PM (#13601495) Homepage Journal
    The only problem I've had with my Mac came, surprisingly, not from some unknown and undiscovered internet vulnerability, but from Symantic.

    That would be the "Norton Utilities" for Mac OS X they wrote and sold, that corrupts your hard drive because Symantic didn't bother to figure out how our filesystem works. Wonderful. I had to buy Diskwarrior to sort it out.

    If you go to the Amazon page for the Norton Utilities they sold, it's still there, but along with the dozens of one-star reviews, there is a suggestion that Symantic has quietly stopped shipping it.

    It will be a long time before Mac users trust Symantic again.

Put your Nose to the Grindstone! -- Amalgamated Plastic Surgeons and Toolmakers, Ltd.

Working...