Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security The Internet

25 Percent of All Computers in a Botnet? 408

Beckham's_Ponytail writes to mention an Ars Technica article, with some disturbing news out of the World Economic Forum in Davos, Switzerland. Vint Cerf, one of the 'fathers of the internet', has stated that the number of botnets online is larger than believed. So large, in fact, that he estimates that at this point one in four computers is infected with botnet software. We've discussed the rise of botnets numerous times here on Slashot, but the image of 150 million infected computers is more than a little bit sobering. With the extremely lucrative activities that can be done with botnets (such as password ripping, spamming, DDoSing), as well as reports of organized crime adopting 'cyber-terrorism' as a new line of income, is it likely that law enforcement will ever be able to curb this particular bane?
This discussion has been archived. No new comments can be posted.

25 Percent of All Computers in a Botnet?

Comments Filter:
  • Botnets (Score:5, Funny)

    by eviloverlordx ( 99809 ) on Friday January 26, 2007 @05:42PM (#17777208)
    Just wait until they merge and become Skynet. Then we'll really be in trouble.
    • Re:Botnets (Score:5, Funny)

      by Sabaki ( 531686 ) on Friday January 26, 2007 @06:12PM (#17777776)
      The Terminator: The Spamnet goes on-line August 4th, 1997. Human decisions are removed from strategic marketing. Spamnet begins to grow at a geometric rate. It becomes self-aware at 2:14 a.m. Eastern time, August 29th. In a panic, they try to pull the plug.
      Sarah Connor: Spamnet fights back.
      The Terminator: Yes. It launches its nigerian spam against the targets in Russia.
      John Connor: Why attack Russia? Aren't they spammers too?
      The Terminator: Because Spamnet knows the Russian counter-spam will eliminate all non-zombies over here.

      Dr. Silberman: I'm sure it feels very real to you.
      Sarah Connor: On August 29th, 1997, it's gonna feel pretty fscking real to you too. Anybody not handling 2 million messages a second is gonna have a real bad day. Get it?
    • Just wait until they merge and become Skynet. Then we'll really be in trouble.
      ... And since most of these computers run Windows I suppose Skynet will have a cybernetic version of Steve Ballmer's personality? Wow.... this raises so many questions.... Is it possible to make a chair shaped atomic warhead? Will the Terminators look like Microsoft sales reps? .....
    • Re:Botnets (Score:4, Funny)

      by AndroidCat ( 229562 ) on Friday January 26, 2007 @07:15PM (#17778612) Homepage
      Daleks: Exterminate! Exterminate!
      Cybermen: Delete! Delete!
      Botnet Bots: V1agr4! V1agr4!
  • Does anyone know a utility/website for detecting and cleaning bots?
    • Re:Request (Score:4, Informative)

      by beakerMeep ( 716990 ) on Friday January 26, 2007 @05:47PM (#17777312)
      i think a bot is just a virus/trojan/rootkit in terms of dectection/removal. I think it's named "bot" is more because of it's function. ex: sleeping and waiting for commands from the bad guy to start spamming email.
    • Re:Request (Score:4, Insightful)

      by 99BottlesOfBeerInMyF ( 813746 ) on Friday January 26, 2007 @05:51PM (#17777398)

      Does anyone know a utility/website for detecting and cleaning bots?

      There are lots of tools for detecting bots; as for cleaning them, well that depends upon the environment I suppose. ISPs have tools for detecting likely bots, but generally don't have the authority or motivation to do anything. Large organizations like universities and corporations have tools for detecting bots and taking them offline until they are fixed. How does one go about cleaning bots though? Do you wipe boxes before you know what is on them? That is the only sure way to rid a box of malware since you have no idea what else is on it.

      The first question that needs to be answered is clean bots from what type of network do you want to clean bots from? The next is, how much control do you have over the machines?

      • Re:Request (Score:5, Insightful)

        by rtb61 ( 674572 ) on Friday January 26, 2007 @06:25PM (#17777942) Homepage
        The major ISPs are the problem. The certainly can detect and clean it up but there is no profit in it, whilst there is a significant cost, not only in running the software to detect the suspicious activity on their networks but then informing the customer, assisting the customer in cleaning up their computer (they will demand it), then disconnecting the customers until they clean up their computer, then reconnecting the customer and repeating when the customer gets re-infected. The ISP I use do monitor their network for suspicious bot like activity and will inform their customers about problems and should the customer fail to clean up their computer, disconnect them but they are a quality ISP and sadly in the minority when it comes to putting quality of service ahead of that extra few percent of profit.

        This is what you get as the result of profit first corporations, everybody else pays the costs and that cost often far exceeds (by a factor of thousands) the increase in profit that some asshat corporate executive wet dreams over.

        • Re:Request (Score:4, Interesting)

          by rbochan ( 827946 ) on Friday January 26, 2007 @07:33PM (#17778814) Homepage

          The major ISPs are the problem...
          A few months back, I did some work for some folks hat were getting phone calls and actual snail mail from their ISP (rhymes with load gunner) telling them to take their computer off line and have it repaired. The ISP actually did cut them off, because their machine was saturating the line all the time as a spambot and as a server for other bot infections.
          The major ISPs will do it, but only if it's already costing them $$ in bandwidth.

    • Re:Request (Score:5, Informative)

      by bigberk ( 547360 ) <bigberk@users.pc9.org> on Friday January 26, 2007 @06:06PM (#17777678)
      One interesting method is to query an anti-spam database using your IP address, and see if you are listed as a spam source. Quick checks can be done at robtex [robtex.com] or dnsstuff [dnsstuff.com].

      If your IP address shows up on PSBL [surriel.com], CBL [abuseat.org], SpamCop [spamcop.net], or WPBL [wpbl.info] your host is probably infected and a source of spam or other abuse.
    • Re:Request (Score:4, Informative)

      by mrtexe ( 1032978 ) * on Friday January 26, 2007 @06:10PM (#17777726) Journal
      For Windows, use IE to go to Safety.live.com - Microsoft's official online free spyware, virus detector/remover [live.com] (choose your language)
    • The rub... (Score:2, Insightful)

      by Eric Damron ( 553630 )
      The real rub is that if your PC is infected with a halfway decent bot you'll never know it unless you monitor the outbound traffic.

      A good bot will install a root kit that will disable and/or lie to anti-virus software.
    • by Phroggy ( 441 ) *
      Bots are basically just viruses and spyware, with a payload. Pretty much any time you hear about a new virus or worm, it turns your PC into a spam zombie, but nobody ever bothers to mention that detail.

      Try AdAware [download.com], and your favorite antivirus software.
    • Re:Request (Score:5, Informative)

      by sporkme ( 983186 ) * on Friday January 26, 2007 @06:33PM (#17778060) Homepage

      Does anyone know a utility/website for detecting and cleaning bots?
      I use a can of airduster, a cotton swab and an alochol solution to clean my bots.

      There are a bunch of port scanner sites out there that can check the integrity of your firewall. DSL Reports has a decent one if memory serves. Use Spybot Search & Destroy, LavaSoft AdAware and a good antivirus like AVG or Avast. If you suspect that there is unwanted network traffic to and from your system, use Ethereal to see where it is going to and coming from. If you suspect an exploit of Internet Explorer, HijackThis can shed some light on it. Check the task manager process tab for suspicious looking entries and Google them. Lay off the pr0n! and v1agr@ emails.

      By far the most powerful and versatile utility is The Geek Down The Street (TM), possibly surpassed by Your Local Computer Repair Shop (TM). Ultimately, there is no replacememnt for smart practices and secure software. Use an alternative browser like Firefox or Opera, or better yet pop on over to http://www.linux.org/dist/ [linux.org] and take your pick.
    • Re: (Score:2, Funny)

      by Anonymous Coward
      Sure. The following utility will detect a botnet member:

          #!/bin/sh
          [ -d /WINDOWS ] && echo "Am a bot"

      If you're on Windows, you might need to install cygwin first before running it. Works really well.
  • by purpledinoz ( 573045 ) on Friday January 26, 2007 @05:44PM (#17777238)
    Isn't there a way to develop a virus that can spread through these compromised computers, but instead of doing the damage, it fixes the leaks? These compromised computers have some sort of back-door left open right?
    • by yo_tuco ( 795102 )
      "back-door left open right?"

      Good play on words.
    • Ramen worm (Score:4, Informative)

      by TypoNAM ( 695420 ) on Friday January 26, 2007 @06:03PM (#17777624)
      Like the ramen worm that effected most Redhat systems and then disabled the exploits it used? http://news.com.com/2009-1001-251311.html [com.com]
      • Like the ramen worm that effected most Redhat systems and then disabled the exploits it used?

        Thanks for the link, it's a great example of how free software rocks. Six years ago, Ramen ate through a few poorly maintained Red Hat 6.0 and 7.0 servers running WUFTP. It did not eat through Debian, Mandrake and other distributions because there are lots of ftp servers to chose from. It has not been heard from since. A diversity of software limits the damage any one flaw can cause. Automated update tools in

    • by Phroggy ( 441 ) *

      Isn't there a way to develop a virus that can spread through these compromised computers, but instead of doing the damage, it fixes the leaks? These compromised computers have some sort of back-door left open right?

      Somebody suggests this every once in awhile. I think it's been attempted, but the implementation was buggy, and it ended up causing more problems than it solved.

      So problem #1 is that what you're suggesting is, in fact, illegal. Breaking into someone's PC to install security patches and clean up viruses is just as illegal as breaking into someone's PC to set up a spambot.

      Problem #2 is that a virus that spreads to exploitable PCs for the purpose of cleaning them up will cause just as much strain on the net

  • 25%? BS.... (Score:5, Funny)

    by Karganeth ( 1017580 ) on Friday January 26, 2007 @05:46PM (#17777264)
    95% of all statistics are made up on the spot. Luckily, this statistic is one of the few 9% of statistics which aren't made up so quickly.
  • Skynet, the end of the world, and the world being overrun with AH-nold robots.

    .....Let's hope they run Windows ME, so we have a chance of survival.
    • by HTH NE1 ( 675604 )

      Skynet, the end of the world, and the world being overrun with AH-nold robots. .....Let's hope they run Windows ME, so we have a chance of survival.
      They run on 6502 processors and DOS 3.3 formatted 5.25" floppy disks. You can tell by the Read/Write Track Sector assembly code that keeps popping up in their heads-up display.

      Or at least they run an emulator for them.
  • Law enforcement? (Score:3, Interesting)

    by countSudoku() ( 1047544 ) on Friday January 26, 2007 @05:49PM (#17777358) Homepage
    Why not start with the ISPs? Have them start policing their own customers and shut off their connections when a compromised system is discovered, then help that poor, unconnected shmuck clean their PC so they can rejoin the world wide pr0n.

    I spent two frickin' hours cleaning and protecting my sister's and niece's XP laptops over xmas. Pain in the ass, but at least they're running clean and happy now. This is after I said I'd never help them because they made the mistake of buying XP laptops instead of a Macs. What can you do? Gotta clean it, even if it's partially the cause of the problem and the people using them are not of the highest technical ilk.
    • Re: (Score:3, Funny)

      by Kufat ( 563166 )
      I got a call from Road Runner a few years ago, when my younger brother had inadvertently set up an open relay. The conversation went like this:

      Me: Y'see, my brother just installed Linux, and...
      RR Tech: And now he thinks he's Net God?
    • Re: (Score:2, Insightful)

      by Anonymous Coward
      > I spent two frickin' hours cleaning and protecting my sister's and niece's XP laptops over xmas.

      Tell them to fuck off or they'll start expecting it. If you must do it, charge an hourly rate equivalent to a mechanic.

      The Microsoft monopoly relies on schmucks like us freely donating our time to clearing up their shit. Put a $50/hour charge on your time and let Microsoft bask in the overdue respect they deserve.
    • by Fez ( 468752 ) *

      Why not start with the ISPs? Have them start policing their own customers and shut off their connections when a compromised system is discovered, then help that poor, unconnected shmuck clean their PC so they can rejoin the world wide pr0n.

      That's already standard practice for us, to some extent. When we find out about a compromised customer, we issue a warning and if they do not respond or we get more complaints, we shut them down. Maybe twice in the last several years have we had to actually shut someone down. Usually when we tell them, they are more than happy to get it cleaned up because they had no idea anything was wrong (Or "I thought I'd been getting a lot of popups lately" or "it has been rather slow", etc.)

      We also happen to be a PC

  • Me scared (Score:3, Funny)

    by jurt1235 ( 834677 ) on Friday January 26, 2007 @05:50PM (#17777368) Homepage
    That would mean that 75% of computers would not be infected, ergo that 75% of users finally got the clue of protecting their system against virusses and malicious websites. Is 75% running Linux without notifying the nerds? Hey, we nerds run the minority system here! I am switching to MS Windows right now.

    (Another statistics victim)
  • Bogus Numbers (Score:5, Insightful)

    by madsheep ( 984404 ) on Friday January 26, 2007 @05:51PM (#17777386) Homepage
    I would be much more inclined to believe that 1 in 4 PC's are infected with one or more of the following:

    - Virus
    - Trojan
    - Worm
    - Spyware
    - Adware

    A few of the above are used almost interchangeable (by some people) and have the capability of effectively making the machine into some form of a bot or zombie (remotely controlled or not). Now, to say that 1 in 4 machines are bots I would have to whole heartedly disagree with. This just isn't very likely. Especially since the lifetime of a specific botnet has gradually been decreasing. Faster AV responses, increased patching, and more bot competition will inherently decrease these odds. Sorry but the daddy of the internet or not.. I think he's off the mark.
    • by JustNiz ( 692889 )
      ... and what about those large-majority millions of non-technical users that connect their old windows 98 PC's straight in to their cable modem, and don't bother with/have never heard of antivirus software?
    • Re: (Score:3, Interesting)

      Now, to say that 1 in 4 machines are bots I would have to whole heartedly disagree with. This just isn't very likely. Especially since the lifetime of a specific botnet has gradually been decreasing. Faster AV responses, increased patching, and more bot competition will inherently decrease these odds. Sorry but the daddy of the internet or not.. I think he's off the mark.

      I haven't found any sources for the data he cites, but I just happen to have some data in front of me that represents a significant chu

  • South Korea? (Score:5, Insightful)

    by garcia ( 6573 ) on Friday January 26, 2007 @05:55PM (#17777472)
    With 99.9% of South Koreans "shackled" to Windows [slashdot.org] and "sitting behind fat pipes", why are we surprised?

    I keep banning new IP ranges originating from .kr. It wouldn't surprise me at all if 99.5% of them were infected over there.
  • Accountability (Score:2, Interesting)

    by DrLov3 ( 1025033 )
    Accountability !!!
    If I leave my car unattended with all doors opened, engine running in front of a bank. If this bank gets robbed, and my car is used by the robber as a getaway car, I'm accountable in front of a judge ..... right ??!?!

    Why not the same with computers left unprotected and unattended ?
    • Re: (Score:2, Insightful)

      by doroshjt ( 1044472 )
      No its stealing, your more likely to be considered an accomplice though. If you leave your house unlocked someone comes in and shots you in the head, are you responsible? No If you wear a short skirt low cut top and get raped are you responsible. No You can't blame the victim
    • > If I leave my car unattended with all doors opened, engine running in front of
      > a bank. If this bank gets robbed, and my car is used by the robber as a
      > getaway car, I'm accountable in front of a judge ..... right ??!?!

      Not unless the prosecution can show that you were in on the robbery.
    • by geekoid ( 135745 )
      dear lord, I hope not.

      In a free society, there is no reason you should be apunished for that.

      Now, if you did it so the bank robbers could get away, then your an accomplice.

  • Cybercrime (Score:5, Insightful)

    by mandelbr0t ( 1015855 ) on Friday January 26, 2007 @05:58PM (#17777518) Journal
    I wonder how up-to-date Law Enforcement is on Cybercrime, i.e. crimes that are perpetrated in Cyberspace. There's just so many things that place them at a disadvantage. First, there's often the argument that no crime has even been committed. The 'net is a wild and crazy place, and if you're on it, there's personal responsibility for protecting yourself against the constant background of malware. Most people haven't been educated in this respect.

    Second, IP forensics is a rather arcane art. Few are schooled, even fewer are of the calibre that Law Enforcement would need on their side. I'd guess that it's still more lucrative to be on the wrong side of the law, and given the nebulous nature of many of these crimes, there's just not much attraction to being a computer cop. There is a process, if you're interested, to become an expert witness in this field. That's a step in the right direction, but it's only part of the overall legal process. We still need Law Enforcement officials who are willing to press charges and a judge who's willing to sign required warrants.

    Finally, there's the anonymity factor. Even IP forensics won't get your man. It'll get you their IP address, but it's a long way from the IP address to the culprit. There's dozens of arguments which could explain why your Internet connection has been implicated in a Cybercrime, most of them raising reasonable doubt.

    It's possible, however. "Where there's a will, there's a way." We have to take these crimes out of Cyberspace, and start correlating information between network and reality. After all, there's generally financial transactions associated with large spam deliveries and 10k+ botnet DDoSing. It's a lot harder to claim that you're a victim of circumstance when not only was your IP spotted crawling through an ISPs subnet in suspicious ways, but you also received a few grand just before a mysterious DDoS that brought down a major website.
  • Damn! (Score:4, Funny)

    by Anonymous Coward on Friday January 26, 2007 @06:00PM (#17777556)
    I've got 4 computers in my house... now I've got to figure out which one of them in part of a botnet!
  • Class action (Score:3, Interesting)

    by bigberk ( 547360 ) <bigberk@users.pc9.org> on Friday January 26, 2007 @06:00PM (#17777566)
    There could definitely be a class action lawsuit at some point facing Microsoft. That one company has a mass deployment of an operating system that is obviously dreadfully vulnerable to infection. Some might reasonably argue that Microsoft has an implied duty to provide a reliable operating system, as the backbone infrastructure of the modern computing world.

    Among the victims of the easily infectable Windows platform are:
    1) Large internet service providers, who suffer tremendous bandwidth costs due to DDoS attacks and spam
    2) Sites that have been forced offline or had skyrocketing costs due to DDoS attacks
    3) Businesses which suffer downtime due to networks congested with worm activity

    I think it is time for an ambitious group of lawyers to start barking up this tree. It wouldn't be so big a concern if it wasn't for the fact that Microsoft has made a specific effort to rollout their operating system as a foundation of the world's business computing. They are providing faulty infrastructure.
    • by dave562 ( 969951 )
      There could definitely be a class action lawsuit at some point facing Microsoft.

      Maybe if you live in some fantasy world. What happens to your class action lawsuit when Microsoft points to whole slews of computers that aren't infected and that are running just fine? Trying to fine Microsoft for stupid computer users is like trying to fine Ford for drunk driving deaths. Or fine Smith and Wesson for murders.

    • But they don't make any claims as to its security. Microsoft's software exceeds what it claims to do.

      Read the EULA. It claims to be able to do nothing. You're using it with the hope that it exceeds the claims, but that's *your* expectation, not Microsoft's promise. Making an insecure product that you aren't claiming is secure isn't against the law.

      Suing Microsoft for insecurity is like suing Kool-Aid because their drink doesn't taste like Mountain Dew.

      Of course, IMHO the reason we're in this mess is Mic
  • by Tsar ( 536185 ) on Friday January 26, 2007 @06:01PM (#17777586) Homepage Journal
    I was going to post something about imagining a Beowulf cluster of these or of welcoming our new botnet overlords, but the bot on my computer started threateNO CARRIER
  • I've seen this reported several times in the past few days. But nowhere have I seen any kind of explanation as to how he arrived at this number. Frankly, I find it unswallowable without some fairly convincing evidence. Maybe he has such evidence (I sure hope so), but if so, where is it?
  • by gurps_npc ( 621217 ) on Friday January 26, 2007 @06:12PM (#17777770) Homepage
    The single reason why spam and other net abuses go on is that there is no world wide laws. It is a public crime, people can click on the spam and hunt down the person committing the crime simply by following the money. They getaway with it because If one country creates an effective law and enforces it, the spammers can just move to another country.

    You want to cure it? Have ICAAN come up with a set of standard, simple guidelines. Not censorship, just simple things like "No sending out spam emails", "No Zombie Bot". Then have ICAAN rule that failure to pass laws enforcing these guidelines (individual countries get to decide what the actual law would be) or failure to cooperate to enforce them results in disconnect for that country from the rest of the internet. That would be ICAAN's sole enforement power

    Give people a 3 month warning, then start disconnecting the countries that are the worst violators, giving the secondary violators another warning. In one month, if they pass new laws or fund new enforcements, they get a trial hook up again.

    I predict one year of nastyness, during which all countries scramble to create and enforce real laws.

    The worst of the worst of the offending countries, might split off and form a secondary, 'dangerous' internet. But who would care.

  • by vinn01 ( 178295 ) on Friday January 26, 2007 @06:25PM (#17777958)
    I blame the ISPs for allowing traffic to leave their networks with spoofed IP addresses. That is - passing IP packets that are sourced within thier network with IP addresses that are not within their network.

    Botnets spoof IP addresses to make if harder to track down the bots. But the IPS know where the bots are and could kill them, or filter them, if they had the testicles to do it. By pass the spoofed IP addressed traffic they make it harder for the rest of the world to filter the bots.

    Botnets would be a heck of a lot easier to filter, and choke, if valid IP addresses were forced on all traffic.
    • Re: (Score:3, Informative)

      by Fez ( 468752 ) *

      Botnets spoof IP addresses to make if harder to track down the bots. But the IPS know where the bots are and could kill them, or filter them, if they had the testicles to do it. By pass the spoofed IP addressed traffic they make it harder for the rest of the world to filter the bots.

      Spoofing might work for simple attacks like ping or flooding-style attacks, but IP spoofing does not help them with spam delivery or infection, which is where they make the bulk of their money (unless it's DoS blackmail...) Ingress/Egress filtering helps, but it's not a magic bullet against botnets. (See http://www.securityfocus.com/infocus/1674 [securityfocus.com])

      Also -- If finding and killing the bots were that easy, it would be done a lot more often.

  • by Darth Muffin ( 781947 ) on Friday January 26, 2007 @06:32PM (#17778038) Homepage
    I wonder how they got that 150M number--if it's the number of Bots out there or the number of infected PCs? If it's the former, and I suspect it is, you can't equate that to the number of PCs. One PC can be a member of several botnets. From what I've seen (and most of you have probably too), a PC either seems to be clean or has 14 bots and 95 pieces of spyware on it depending on the user's habits and training.
  • by centron ( 61482 ) on Friday January 26, 2007 @06:34PM (#17778070) Homepage

    After getting feedback that the majority of their users have Spyware installed on their systems, Microsoft decided to incorporate spyware directly into the OS (embrace and extend). With the release of Microsoft Vista, your computer will come with software that runs silently in the background, regularly checks in with their network, and can be completely disabled remotely, similar to botnet software produced by others.

    While this system is not pre-configured to send spam or generate DDOS attacks like many other botnets, it does have the ability to download new functionality in the background through Windows Update, so this capability could be added at a later date if enough customers continue to install third party botnets. This means that while your Vista computer is already part of a botnet out of the box, it's fairly dormant. As an indication of the omnionous potential of this enhanced system, Microsoft is calling it 'Windows Activation'.

    • Re: (Score:3, Interesting)

      by Phroggy ( 441 ) *
      This is actually one of the features I like the most about Windows Vista so far.

      Windows 9x had a well-deserved reputation for crashing all the time. Windows 2000 was barely usable when it first came out (because applications and drivers weren't written for NT), but once that got sorted out, it was pretty stable. Windows XP has that same level of stability, but it still crashes from time to time, not because of problems in the OS, but because of buggy drivers or third-party software - I've seen buggy drive
  • Let's say I sit down at a computer and I want to find out if it is being used as a botnet.
    What is the best way to go about? monitor ports? is there a piece of software that can detect it for me? Perfeable something I can run anytime, but not have it loaded when I am not running it. I.E. not like antivirus software.

    Ideally something whose utput isn't intemidating to a user that may need to read the resule back to me. I'm thinking family computers here.

  • How many of you people making fun of the poor windows weenies whose machines are on botnets, are currently running your own mailservers at home on your dynamic broadband connection and would subsequently cause your ISP all sorts of grief if they suddenly blocked outbound port 25 ?

    Yeah, that's what I thought. Hell, half of my co-workers are linux fanboys who run mail servers on their broadband connections, say things like "I don't trust anyone to route my mail for me, not even my ISP" while complaining ab

  • 1 in 4? (Score:3, Funny)

    by eod_punk ( 832062 ) on Friday January 26, 2007 @06:44PM (#17778186)
    Thank god I only have 3 computers then.
  • by rubmytummy ( 677080 ) on Friday January 26, 2007 @07:46PM (#17778966)
    You are required by law...
    • to disconnect any equipment that interferes with the PSTN.
    • to have your dog killed if it is rabid.
    • to clean up a toxic chemical spill on your property.
    • to take the medication that keeps you from spreading tuberculosis.
    • to either fix any interference caused by your ham radio, or stop using the thing.
    So, just how complicated is the solution to botnets and similar public network security issues?
    • by Watson Ladd ( 955755 ) on Friday January 26, 2007 @08:39PM (#17779400)
      It's easy to tell that you have a rabid dog, a toxic waste spill, a bad phone line. It's hard to tell if your computer is part of a botnet, esp. if you only have 1 and your ISP is uncooperative. Also, insecure computers don't join botnets by themselves, they get hacked. Saying the owner needs to fix it is going to lead to a lot of outcry about how people who don't understand computers are getting jailed for something they aren't responisible for. They won't get one iota of sympathy from me, but all other lusers will oppose these laws.
  • by bdwoolman ( 561635 ) on Friday January 26, 2007 @10:10PM (#17780050) Homepage
    There are ham licenses, Why not license high-speed access in some way? It is also powerful. The process does not have to be hard, but at least one person, say, at home or in the SOHO should demonstrate he or she knows how to secure the computer (to some minimal standard) and keep it that way before a broadband install is allowed to the address. You can create all the fine security software and solid OSs you want, but unless the users are clued in then it is hopeless. The bar does not have to be set that high. But there is nothing like a license to motivate a little learning.

    Or at least require ISPs to provide minimal security training to their broadband customers. As has been said: Most infection is self inflicted through ignorance. Some people might welcome the chance to learn. I know I did not want to scuba dive without some training. A lot of parents would be motivated to learn about filtering software etc. A license should be grandfathered in of course. This problem will worsen in direct proportion to bandwidth. And certainly there should be citizens' band speeds. (TBD)

    People might grumble, but if it is sold as a community responsibility a license track might fly. Most (well, many) people are motivated by a sense of community responsibility. I had a young friend whose computer was a viral soup. Infected beyond redemption. Ruined. I reinstalled Windows for her, which cleaned up the mess, but she was resistant to the idea of anti-virus software because she claimed she did not do anything serious with the computer and did not want to hassle. Her current mess had taken years to build. And, she asked, couldn't she just redo the box again when it tanked? But I pointed out to her that it wasn't just her that suffered, it was the whole community that suffered when she left her computer vulnerable. (I explained a little about bots) The idea that she could be hurting others through inaction really upset her (she had never thought it through) and so we were downloading Zonealarm, AVG and AdAware in no time. In the end she bought a subscription to a suite. McAfee I think.

    Before anyone starts screaming about rights and freedoms being taken away, please think about this: A license is a way that a civil society makes its members accountable, from food vendors to electricians. I am less free because of all the bots out there. If people can't get on the highway without demonstrating some knowledge, Why should they get on the information highway in a state of ignorance, especially now that we are banking and shopping there?

The unfacts, did we have them, are too imprecisely few to warrant our certitude.

Working...