Years-Old Conficker Worm Still a Threat 71
RedEaredSlider writes "The Conficker worm is still a threat, even though it is more than two years old and nobody has used it in a botnet attack yet. The problem is that so many machines are infected (largely because many don't realize it) and it's such a flexible piece of malware."
The real issue: (Score:5, Insightful)
The Average User is still a threat in his path to ignore one and all security measures.
Re:The real issue: (Score:5, Interesting)
The real issue: software industry releases insecure products and blames ordinary users for not being IT security experts which is what it takes to be truly secure.
Don't forget the anti-virus companies. (Score:3)
They have a vested interest in maintaining the status quo.
Not to mention plain incompetence on their part. Such as McAfee mistaking a core Windows file for a "virus" last year.
Still no threat to Linux, Android, iOS or BSD (Score:1)
Re:The real issue: Users do matter. (Score:1)
Dude, At least, In my company. Mails were sent providing patches and explanations of how to deal with the conficker virus. How to treat your removable drives, etc.
Few listened and we were annoyed for some months by each infected computer. Somehow, the virus managed to get into the network and lot of employees wasted valuable time reinstalling their OSes only to be infected immediately for not taking the necessary measures (being offline, patching).
Re: (Score:2)
What kind of company do you work at where they can't afford an IT professional to coordinate a virus cleanup? A Conficker clean up is something a $30 an hour network tech can handle if given the right instructions, time and leeway to take care of it.
Re: (Score:1)
A goverment company in a third world country with 350+ employees and a lazy IT department (of which I'm not a part of).
That being said, the users have no regards for computer security. They care about their cars, their paperwork, the keys to the office, but always fail to recognize the vulnerabilities of a computer system.
Re: (Score:2)
Sounds about normal then. I did some work last year for a South Korean government department and every single memory stick that they tried to pass data to me with had some sort of virus on it. Don't know (or care) if it was Conficker or something else. It would seem that every one of their laptops was infected too - copy the data off a memory stick, clean and re-format it, re-load the data. 2 hours later, the stick is i
Re: (Score:2)
Yeah, and from your perspective as (I assume) an IT guy, that was sufficient. But from the perspective of a random employee for whom computer is just a tool to get their actual job done, dealing with patches and explanations about "worms" (or is it snails) is an annoying and time consuming distraction. Especially when there is one update or another asking you to install and reboot just about every day, forcing
Re: (Score:2)
Re: (Score:2)
Re:The real issue: (Score:5, Insightful)
The real issue: software industry releases insecure products and blames ordinary users for not being IT security experts which is what it takes to be truly secure.
The bar could be raised far higher than it is now without even beginning to approach expertise. That's the part that is often underappreciated.
"Truly secure" in an absolute sense is rarely if ever attained by anyone, and almost never necessary. What you really need to achieve is "unprofitable to compromise". It's security in a relative sense and much more realistic.
I don't really disagree with your assessment of the average quality coming from the software industry. The users are not typically blamed for that, even though they're collectively responsible for creating a market where shoddy quality sells. That responsibility is indirect and spread out among large numbers of people.
The users are more often blamed for not even trying to protect themselves, for not making even a token effort to understand the risks. That decision is more immediate and individual. For this reason average users are often characterized as stupid.
I'm personally more inclined to believe that they could do better if they wanted to. I've seen the mentality many times because there is such an overabundance of examples (and not just in computing). It's not stupidity in the normal sense, though you could call it a kind of stupidity because it tends to act against one's own interests. It's more like an intellectual laziness combined with an entitlement mentality which insists that things like security must always be "someone else's problem" even though it won't be "someone else" who suffers any insecurity.
Like any entitlement mentality it has to have an excuse to function, to seem like a believable position one does not wish to abandon. In this case it's the excluded middle: the notion that users are either drooling idiots or highly skilled experts with no intermediary states. That enables the afflicted to respond to recommendations for how they may improve by becoming offended instead of assessing the feasibility of the suggestion. The intellectual laziness component comes from institutional schooling's lesson that learning is hard and full of toil and cannot be a joyful process of discovery and fascination.
You combine those things and you get a user who is nearly impervious to even the most basic, most easily understood advice especially concerning topics like security. Even when it's in their own interests to listen to it. Even when implementing it would be easier than their current practices. The rest of us get a degraded Internet in the form of spam and DDoS attacks and worse that so many compromised machines facilitate, thanks to network effects.
The case against the mentality of the average user has a solid foundation, primarily because most of them could choose differently.
Re: (Score:3)
"Truly secure" in an absolute sense is rarely if ever attained by anyone, and almost never necessary. What you really need to achieve is "unprofitable to compromise". It's security in a relative sense and much more realistic.
"Truely Secure" is attained by me. I have a windows 2000 server that all the crackers in China and Russia working together could not get into unless they physically took the hardware apart. I simply unplugged the network port.
Re: (Score:1)
In other words, it may work for you, but for the vast majority of people a (secure) computer that's not attached to the network is about as useful as a bicycle is to a fish.
Re: (Score:3)
I raise you one box that doesn't actually have any components inside it. Totally secure, it can't even be hacked with physical access to the machine!
I have an axe that begs to differ.
Re: (Score:1)
Re: (Score:2)
Like any entitlement mentality it has to have an excuse to function[...] : the notion that users are either drooling idiots or highly skilled experts with no intermediary states. [...] becoming offended instead of assessing the feasibility of the suggestion. [...] intellectual laziness [...] schooling's lesson that learning is hard and full of toil and cannot be a joyful process of discovery and fascination.
^-- THIS! a perfect example that a statement can hit many nails in the head with the same blow. Since IT is an illogically successful mix of magic and mystery to older people, they think we are all doctors doing things they can't bother to DISCOVER, as you said. When we push and prod them forward with things like "read this and follow the simple steps" and "never use THAT browser or you'll waste yet another afternoon of my time to clean up after you", they're too lazy to listen, and are offended that we're
Re: (Score:3)
The real issue: software industry releases insecure products and blames ordinary users for not being IT security experts which is what it takes to be truly secure.
Microsoft released the insecure product involved. They didn't ask for or get the approval of the whole software industry before doing so.
Re: (Score:2)
Did you check out that clip of Natalie Portman eating hot grits?
You can download it here.
Of course you'll probably need to install the Conficker codec to watch it but believe me its worth it!!!
Cheers,
Lady Field Marshall Idi Amin Gaga.
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Don't have mod points today, but the OP is dead on.
You look at the Malware scene today, and the first things that better come to your mind is "Social Engineering" and "Trojan Horse". Just about every Malware writer worth their salt knows it's easier to hack the user over the OS. They know the below 4 laws really well and they are not afraid to use them against users.
Laws of Computer Stupidity
1) 99% of computer users do not know what they are doing.
2) Computer users do not read.
3) If a computer user can clic
Re: (Score:2)
Luckily I am fully protected. I have Antivirus 2009, 2010, and 2011 now running all at the same time in addition to AntiVirus Lab 2009 and AntiH4x0r Millenium edition which my ex wife gave me a copy of last week.
No viruses will ever touch my machine.
Re: (Score:1)
Now there is an underrated statement if i ever heard one
Re: (Score:2)
Forget user, the Fortune 500 natural gas pipeline company I left in December got hit with Conficker last year. Their virus defs were WAY out of date, desktops were 100+ Windows updates behind, just a sad state of affairs. Of course, only IT people have admin access (a good practice... strange for that place though) so they cannot run their own updates.
I've heard they still don't have tape backups working properly, nor SCCM pushes to a second domain. And the Sr. Director of IT spent time "writing" (actual
Re: (Score:2)
Re: (Score:2)
My current crop of laptops is not that old yet. Will get back to you ;)
Nobody should be surprised with that one (Score:5, Insightful)
Just wait until Microsoft stops releasing security updates for Windows XP, then conficker will really have a chance to run wild.
Long tail (Score:1)
I'm thinking 2020, 2025 before it sinks below 10%. Still the number one OS in the world, by a long margin.
Windows 98 is still putting more hits than WP7.
Re: (Score:2)
Re: (Score:2)
If the problem is boxes which haven`t had existing patches applied, how exactly does Microsoft ceasing to release more patches make this problem worse?
I guess I thought this was pretty obvious, but perhaps you haven't had a conficker infection run wild on you yet.
If a system gets conficker, the only way to clear the infection for good is to patch the OS for the vulnerability. The infection itself will eventually force the user to take action, because after a while the infected system will reach 100% CPU utilization as the system goes nuts trying to get commands from the botnet (even if it never finds any). On top of that the system will also take as
how novel (Score:5, Funny)
Re:how novel (Score:5, Funny)
Cmon /. you can do better.
[citation needed]
Re: (Score:2)
[car analogy needed]
If security programs dont get it right ... (Score:4, Interesting)
of course it still a problem, especially if you read what happened to me this morning.... .... his is Win7 using Trend Micro (included when buying the dell) . When I turn Trend Micro off it performs well, loads the web-pages at the same speed as mine does.
Our sales directors computer (dell) has real trouble accessing the net (very very slow) whenever he tethers his laptop with his Galaxy S. I have the same laptop and phone but use Fedora14 and tethering gives me real good speed (considering)
So there would be no surprise to me if a lot of machine run without virus/internet security because those machine become a real hog/snail/whatever .... so users cant be bothered!
i confirm this (Score:3, Interesting)
i know someone who works at a huge support center for a certain cellphone carrier. this person has informed me that they spend a good deal of their day telling people to shut off antivirus in order to get their "Modem Cards" (apparently the fashionable name amongst the masses) to work.
Re: (Score:2)
So there would be no surprise to me if a lot of machine run without virus/internet security because those machine become a real hog/snail/whatever .... so users cant be bothered!
I know that problem. People that turn off security updates because they are too important to be bothered with reboots should be kicked somewhere it hurts.
China loves Conficker (Score:5, Interesting)
The college (part of a larger university, but separate for IT purposes) I work at in Beijing has a choice between two different free (Chinese produced) antivirus/antimalware products. The one that detects Conficker is on the computers of the people designated "sysadmins" (discussion for another day as to what qualifies as a sysadmin at this school) and any computer I am required to use as a function of my work (not including my personal notebook, which the admins aren't allowed near). The software that doesn't detect Conficker (or quite a few other 2+ year old baddies, in spite of being "up to date") is on everyone else' computer. As best as I can determine, this is to give the appearance of justifying the positions of the 5 sysadmins needed to support less than 50 computers (not including the lab computers which require minimal support because they suck so badly the students would rather go to an internet cafe to do their work, if they can't afford to use their own computers). Someone let me know when an opening at Tsinghua U. is available.
yay government (Score:1)
in order to keep your job you have to keep your power base in the bureaucracy.
in order to keep your power base in the bureaucracy, you have to keep your budget.
in order to keep your budget, you need to keep it at the same, or higher, level as last years budget.
in order to do this, you have to snowjob any penny pinching meddlers into thinking it's absolutely necessary.
Re: (Score:3)
... this is to give the appearance of justifying the positions of the 5 sysadmins needed to support less than 50 computers (not including the lab computers which require minimal support because they suck so badly the students would rather go to an internet cafe to do their work, if they can't afford to use their own computers). .
I visited China a few years ago. Correct me if I'm wrong, but it certainly seems clear that it's part of the Chinese culture to prevent idle hands (for better or worse). It would seem that it is better to employ numerous individuals who each have possibly inadequate tools rather than a few with exceptional training and/or equipment -- above all, everyone's got a job, even if that job is next to mindless and minuscule, something that would never exist in the west. I get the feeling my karma will take a hi
Re: (Score:1)
Re: (Score:1)
Similar to what I've seen. (Score:2)
When you think about it, it makes sense. They have lots of people. It's more cost efficient to use man-power for most tasks than it is to train one person in specialized equipment.
You get lots of people working and
Re: (Score:2)
I think that the OP's point was that they are manufacturing a situation that requires more people rather than giving 5 people a job that one could do, which is more like the West than the East.
Guess which way is better?
Re: (Score:2)
WGA/pirated copies of Windows (Score:3, Interesting)
One problem is the low-end users who have systems they have bought from a "friend" which turns out to have a WGA-failing pirated copy of Windows. Windows Updates refused to allow it to be patched, leaving it to sit there waiting to be infested.
What Windows needs to do with WGA is give a grace period (60 days?) and warned if you do not get this copy legally licensed within X days then it will stop working (just like beta demo copies). After that time, have it just start up, explain the error and shut back down after 60 seconds. Not popular, but it would keep the bad machines offline. It would force the users to either get legit Windows installs which would have patch support, and/or they'd move to Linux which would also have patch support.
Re: (Score:1)
OK, so the last one isn't a reason why MS won't do what you suggest, but it is important because even invalid copies aren't left unpatched - that would be disastrous.
Re: (Score:2, Informative)
One problem is the low-end users who have systems they have bought from a "friend" which turns out to have a WGA-failing pirated copy of Windows. Windows Updates refused to allow it to be patched, leaving it to sit there waiting to be infested.
Bzzt, Wrong.
WGA only prevents optional updates being installed not security patches. (It only prevents installing Internet Explorer 7/8/9, Windows Media Player 10/11, etc). Microsoft knew that would be stupid from the beginning so they never tried it.
They did toy with the idea of preventing Service Pack 3 from installing without WGA [but not the individual patches themselves] but I don't think they went through with that due to the outrage from the security community about how that would harm everyone else
Re:WGA/pirated copies of Windows (Score:5, Informative)
This is not true. [microsoft.com]
"The Automatic Updates feature is not affected by the WGA validation check. Therefore, you can use the Automatic Updates feature to make sure that you receive critical Windows updates."
Only some updates are marked as "genuine only," and this doesn't include security updates (which are all critical).
Re: (Score:1)
Re: (Score:3)
You can still get critical updates through XP's Automatic Updates.
Re: (Score:2)
I'd Be Worried, But... (Score:1)