Are Computer Crooks Renting Out Your PC?

An anonymous reader writes "Brian Krebs recently posted an interesting piece looking at an invite-only service marketed on shadowy underground forums that lets crooks 'rent' or 'buy' access to individual botted PCs that can be used to tunnel traffic. The story looks at the mechanics of renting out bots, and the author traces some of the infected systems back to real businesses. From the post: 'The Limited; Santiam Memorial Hospital in Stayton, Ore.; Salem, Mass. based North Shore Medical Center; marketing communications firm McCann-Erickson Worldwide; and the Greater Reno-Tahoe Economic Development Authority.'"

Are Computer Crooks Renting Out Your PC?

[WrongSizeGlass]

No. I'm so busy surfing /. that I don't have any spare CPU cycles to rent out.

Re:Are Computer Crooks Renting Out Your PC?

[Tablizer]

That "Web 2.0" /. interface indeed is a CPU hog, full of polling JavaScript. Fortunately, they still allow the old-style as an option.

Re:

[socsoc]

I'm sure that they've noticed a single person, and his boat, have stopped modding. Just like voting with your wallet works to show retailers!

Re:

[bemymonkey]

Interesting, the modding is the only thing that's gotten better/easier with the addition of Javascript - no more scrolling down to the "Apply Moderation" button (which I'd forget more often than not)... are you doing this because you find instant moderation so appalling? Or just as a general protest against all the Javascript?

Re:

[bemymonkey]

Moderating works without problems across all my browsers (Chrome, IE, Firefox, Android). Maybe turn off NoScript? ;)

Re:

[Plunky]

Moderating works fine with scripting disabled for slashdot.org. The only thing is that you need to do it the old way, you select the moderation in the drop down box and then at the bottom of the page there is a "Moderate" button. Click it and your moderations will be applied. In truth, I never noticed that there might be a new way to do it because I never allowed scripts to be run..

If you want to apply it immediately, just open the comment in a new tab, moderate and close the tab..

If you want to reload the

Are Computer Crooks Renting Out Your PC?

[1s44c]

Are Computer Crooks Renting Out Your PC?

No, I don't run windows and I set it up right.

Re:

[rockfistus]

Oh god, here come the douche bag linux comments. If you can't secure a windows box enough to stop this sort of thing then yes, you might want to use an alternate OS. It ain't Windows' fault.

Re:

[1s44c]

Oh god, here come the douche bag linux comments. If you can't secure a windows box enough to stop this sort of thing then yes, you might want to use an alternate OS. It ain't Windows' fault.

Actually it is window's fault that it's insecure by design. Sure you can work around the problems but it's not 100% effective. Adobe also deserves some of the blame and their flash nightmare is more or less the same on all OS's.

Re:Are Computer Crooks Renting Out Your PC?

[fuzzyfuzzyfungus]

Don't forget Adobe Reader. I've lost count of the number of Reader security advisories that apply to basically every OS they release binaries for. It isn't often you see news of an exploit vector for Solaris; but Adobe manages it.

Re:

[Mashiki]

Don't forget about java. I mean who was the genius who thought that code that's remote should be executable outside of a sandbox? Oh and .net too. Personally it seems like the entire software industry needs a swift kick in the face.

Re:

[zach_the_lizard]

There is a .NET plugin, it's called Silverlight, available for Windows and Mac OS X, plus it's basically what you have to use to write WP7 apps.

Re:

[judeancodersfront]

Silverlight includes a subset of .NET, it doesn't require a framework to be installed. Installing the .NET framework does not put you at risk for web attacks. As for Silverlight I haven't heard of a single drive-by attack.

As for WP7 you don't need .NET to write applications but if anything it is safer than Win32 applications due to using managed code. .NET in no way should be lumped in with Java when it comes to security. Don't smear .NET with Java's problems.

Re:Are Computer Crooks Renting Out Your PC?

[Nerdfest]

I actually have an RSS feed [adobe.com] just for Adobe security updates. It's kind of sad.

Re:Are Computer Crooks Renting Out Your PC?

[PopeRatzo]

Actually it is window's fault that it's insecure by design.

It's not so much that Linux is necessarily more secure, just that the botnets can't get their software to run on it. Something about not having the right drivers, is what I heard.

Yep, that's what I heard all right.

Oh, take it easy...

Re:

[PopeRatzo]

Son, a bit of advice. If you want better Karma, complaining about your Karma is not the way to go.

It's that way in life and it's that way on Slashdot.

Look above. I made a nasty, if joking crack about Linux and didn't get modded down. You gotta learn how to talk to people. I realize this is something that is not stressed in CS programs at the local JuCo, but it's a skill that will pay off in the long run. Plus, really, not that many of the people with mod points here are operating system absolutists or

Re:

[PopeRatzo]

I'm not your son.

Are you sure? It would disappoint me to see my seed diluted so, but I did do a fair bit of traveling back in the day.

Re:

[cheekyjohnson]

"100% effective"? I doubt that anything is.

Re:

[fuzzyfuzzyfungus]

Yo dog, I herd you like zero-days, so I put a zero day in your box so somebody else can compute while you compute...

Re:Are Computer Crooks Renting Out Your PC?

[Gordonjcp]

"Might want to use an alternate OS" because it's less bother to keep Linux secure than Windows?

That's only one of the reasons I use Linux. Why would I go out of my way to use an OS that takes extra work to secure? I'm sure there's a car analogy in there involving buying a Yugo with no doorlocks, or being given a Mercedes with central locking and an alarm already fitted, but I can't be bothered making it.

Re:Are Computer Crooks Renting Out Your PC?

[Threni]

Exactly. "Are Computer Crooks Renting Out Your Windows PC?" would be a better headline.

Re:

[melikamp]

This is trivially true, due to the nature of Microsoft.

For the applications

[sourcerror]

Why would I go out of my way to use an OS that takes extra work to secure?

Because you want it to use for 3D design, music/film production etc.

Re:For the applications

[sortius_nod]

So you're saying you use Mac OS?

Re:

[MobileTatsu-NJG]

So you're saying you use Mac OS?

Not if you're doing 3D work.

Re:

[Gordonjcp]

I use Linux for audio production. There's nothing worth using on Windows.

Re:

[sourcerror]

I use Psycle (OSS) and FL Studio, both are Windows only. (But it's only a hobby for me.)
Can you suggest some good OSS DAW?

Re:

[Gordonjcp]

Ardour. It does damn near everything I need, and as an added bonus has a workflow rather like that of "proper" HDR systems.

I never really got my head around FL Studio but it doesn't really look like Ardour would do the same job. I don't work the way that FL Studio wants you to, so it doesn't really make sense for me.

Re:

[Raenex]

That's only one of the reasons I use Linux. Why would I go out of my way to use an OS that takes extra work to secure?

What distribution do you use? Could you describe, precisely, in what way it is more secure than Windows 7?

Re:

[Gordonjcp]

Well, I've never used Windows 7 and it's unlikely I ever will. The distro is unimportant; the fact that it doesn't have secret closed-source software and therefore is less likely to have hidden sneaky backdoors in it makes it more secure.

The main reason I use Linux is because the software I use simply isn't available for Windows.

Re:

[Raenex]

So in other words, you don't really know if it is more secure or not. You claimed it took extra work to make Windows more secure. The general problems with Windows security hasn't been because of backdoors put in by Microsoft.

Now, installing random software and having unpatched software with security flaws, that's a problem that both operating systems have in common.

Re:

[Gordonjcp]

No, the original poster claimed it took more work to secure Windows than Linux.

 

If you can't secure a windows box enough to stop this sort of thing then yes, you might want to use an alternate OS.

That suggests it takes extra work to secure Windows, beyond the work required to secure other OSes. Who's got time to fiddle about that that stuff? Just get something that works.

Re:

[Raenex]

No, the original poster claimed it took more work to secure Windows than Linux.

And you agreed with it and said that's one of the reasons why you use Linux. So you can't just pass it off now that you can't defend your statement.

Who's got time to fiddle about that that stuff? Just get something that works.

And there you go again.

Re:

[Gordonjcp]

I don't really need to defend anything. People keep harping on about things like virus scanners and firewalls and anti-malware and stuff like that, but they are running Windows. I run Linux on my computers, and have never needed to use a virus scanner since the Atari ST days. If Windows is so secure, why do you need to bother with things like virus scanners and firewalls?

Re:

[Raenex]

Linux has something like 1% of the desktop market. It just isn't a target. Now if everybody switched to Linux because of mythological security, it would be a different story.

I ran for years without a virus scanner on Windows without a problem, but then I know basic computer security. A firewall is just good hygiene, whether it's Windows or Linux, though most home routers have one built-in nowadays anyways.

Re:

[Gordonjcp]

By Microsoft's own figures, Linux has the majority of server market share. Why are there no viruses for Linux, exactly?

Re:

[Raenex]

Servers don't run web browsers and email clients, and in general don't have consumers who know next to nothing about security, like installing random video codes.

However, for sure there are Linux servers out there running unpatched software, and there have been plenty of security issues released over the years for Linux.

Re:

[Gordonjcp]

It must be hard work running around with those goalposts like that ;-)

Anyway, as I mentioned earlier, Windows 7 is irrelevant since it cannot run the software I use daily. That's my main reason for using Linux instead of Windows.

Re:

[Raenex]

Who's moving the goalposts? You are the one who started talking about Linux servers, when before we were talking about desktops. They're different markets with different attack vectors.

However, just search for "linux botnet" if you don't think that Linux servers aren't compromised.

Re:

[Raenex]

What distribution do you use? Could you describe, precisely, in what way it is more secure than Windows 7?

Re:

[Raenex]

Does my answer's precision make or break the accuracy of my statement?

Your statement was unfounded FUD. The question is whether Windows is fundamentally less secure than Linux. Too many Linux fanboys just repeat memes that have been passed around for about 20 years.

Although I suspect that you were responding to Raenex's post

I wasn't talking to myself.

The Linux box and Macs run bareback. Imagine if that was a Windows machine?

I've run for years without a virus scanner, since the DOS days. I've never had a problem. I'm only running Security Essentials now because of work and VPN policy.

But the Windows culture doesn't see their problems as problems. It has to be stupid users, market share, or anything other than Windows responsibility.

That's because it is stupid users and market share that make Windows less secure. That's why I ask what, in particular, makes y

Re:

[Raenex]

Market share and stupid users? There are plenty enough Macs out there to form a nice botnet, especially since so many are unprotected.

But why bother, when there's so many more Windows machines?

Now, since you've thought to make me look like a fool, how about telling me the precise mechanism of how Linux and OSX are equally as vulnerable as the Windows platform?

Simple. They have the same kinds of vulnerabilities and essentially the same security model. Let's say you want to run some random application being offered on the Net. You run it, and it now has access to everything your account does. No, it doesn't have admin access, but it doesn't need to. It can participate in a botnet, spy on your tax documents, etc.

And what about software exploits, where a trusted app has a security bug? Linux and OS X have th

Re:

[Raenex]

Most people probably use the central repositories which mean that they aren't running random code, but rather only code that has been admitted into the repostitory.

Yet there's often software people want to use that is not in the repository, and I see it advised all the time on how to grab a package file from a 3rd party site and run a sudo command to install it. Ditto for things like Firefox Add-ons.

In addition use of the Linux repositories means that ALL your programs get updated as the updates are available, compared to windows where individual software either has to install its own update, or wait for the user to manually check for an update.

And how many people actually update diligently? Is the default in Ubuntu to automatically apply security updates?

Its also worthy to note that until Vista/7 users pretty much had to run as admin to actually use their computers. This left the entire system open to attack rather than just the user account.

Installing all your software as admin isn't much better. Also, if your user account is cracked, it's pretty much game over anyways. You can be part of a botnet.

Re:

[Raenex]

The average home user won't use the command line to install software, if its not in the repositories.

The average user can follow simple instructions. "click here in the menu, type this in".

If I remember correctly, Ubuntu by default is set to pop up the update manager daily.

Which means it'll just get ignored by a large percentage of people.

I think they do some updates automatically in the background as well, but I couldn't swear to it.

There is an option, but I don't think it's enabled by default. It isn't in the 10.10 amd64 version I'm running. I think Microsoft got it right by making security updates happen automatically by default.

As I said, I'm not claiming Linux to be unhackable... just that there are some legitimate areas where it is by default more secure.

The problem is that these days it really isn't. Having the repositories is a bit more secure, but people will always be tempted to install or run random st

Re:

[Anonymous Coward]

Yes, but windows does have some rather lax security out of the box. Linux (for the most part) keeps privileges to a minimum unless needed. Your average user doesn't know how, and doesn't want to know how, to secure his windows box.

Re:

[benjymouse]

Yes, but windows does have some rather lax security out of the box.

Citation needed.

Re:

[MokuMokuRyoushi]

OS and setup notwithstanding, it's entirely possible for you(and yes, even the l33t3s7 of beings) to be tagged by a botnet. People speak the truth when they say that only an disconnected computer is completely safe.

Re:Are Computer Crooks Renting Out Your PC?

[John Hasler]

Possible, but very, very unlikely. Attacking home Linux boxes just isn't cost-effective. There aren't enough of them. Sometimes security through obscurity actually works.

Re:Are Computer Crooks Renting Out Your PC?

[Anonymous Coward]

You forgot to mention that:
Linux users have a better common sense then the rest.
Linux users use legitimate repos when they install any software.

I think the mac users fit in there as well, but with only linux and windows as experience, I really can't speak for them.

Re:Are Computer Crooks Renting Out Your PC?

[CapOblivious2010]

Linux users have a better common sense then the rest.

True enough, but that doesn't say anything about the security of linux... it merely says that people who are smart enough to get linux to work for them are also smart enough (on average) to avoid all the crap that idiot windows users fall for.

Re:

[setagllib]

The article itself mentions that many of these machines belong to businesses, where Linux has a higher share. And while servers are more difficult to attack in general (well, they don't have Adobe Flash or Reader...) they make better targets, and servers are where Linux is the higher profile target. Its heterogeneity and timely security updates save it a lot there. We can expect more effort given to attacking Linux over time, but for sure it will *take* more effort.

Re:

[JamesP]

Actually, I've seen my share of linux boxes with malware on them

Either scanning my servers or actually being in my servers - saw a CPU surge in a box, lasted an hour before I just 'destroyed' the (virtual) box

So yeah, there are worms that make their way across linux boxes

Re:

[JamesP]

What would be irresponsible is to leave a machine with a CPU and Network surge on

And yes, I checked if it was something else before 'nuking' it. I didn't need what was in there, so erasing it was a no-brainer.

But yeah, take your time to figure out what it is while your machine is spamming the world and scanning other boxes for vulnerabilities.

Re:

[PNutts]

Attacking home Linux boxes just isn't cost-effective. There aren't enough of them. Sometimes security through obscurity actually works.

That doesn't make sense in the context of TFA.

Re:Are Computer Crooks Renting Out Your PC?

[DarkOx]

Right on I am getting real tired of "I run X" where X is most of Linux therefor I am secure. That attitude alone tells me you are probably making big mistakes all over the place. Arrogance does that. Its true people writing those comments are probably safer than Joe Public with his OEM crap ware laden Windows XP installation, out of date virus defs, and default Windows firewall configuration, 3000 never applied updates waiting, and logged in as an Administrator, but that is pretty low bar to be above!

I do IT security for a living, here is a hint. Whatever software you are using take steps we all read about, firewall, antivirus if that makes sense for your platform, don't elevate permissions when your don't have to, keep your box update, and after you have done all those things continuously check to make sure you are still doing them and above all use common sense at all times, always think before you click!

Re:

[MokuMokuRyoushi]

That last part is always the most important. One of my siblings tried to download a game just earlier on a different computer, I'm still trying to dig out the trojan. Even if I've got NOD32 running properly and ports properly secured, that one click will break down any effort made. Wish me luck...

Re:

[CastrTroy]

A lot of these machines could just be beginners setting up Linux boxes, and not knowing what they are doing. They have the SSH server on, and a weak password, and they are easily pwned. I think that most of these computers probably aren't compromised through people installing unknown software, but rather through bad configuration of servers, that are easily broken into.

Re:

[MobileTatsu-NJG]

Are Computer Crooks Renting Out Your PC?

No, I don't run windows and I set it up right.

You left out: "And I check on it once in a while.". You are not running a completely secure OS.

Re:Are Computer Crooks Renting Out Your PC?

[melikamp]

Windows is trivial to secure with a wealth of free services from MSFT SE to AVG to Comodo CIS to Avast.

Wow. Do you realize that AV software is largely ineffective against new viruses? Here is a typical scenario out of my life: a friend wants me to fix a Windows PC infected with a virus. Sometimes the virus is apparently racing the AV, and sometimes the AV is disabled. But there is always AV. So what good is it? The only useful feature of an AV software is that there is a slight chance it will behave unusually after the machine is infected, and so alert a user of an intrusion sometime in the past (that is, of course, only if the virus is destructive or buggy).

So on one hand you acknowledge that Windows is insecure by default, and should be secured. But to secure it, you want to install a piece of software that slows the computer down, while failing to prevent many viral infections.

You also fail to address the biggest issue with securing Windows: it is theoretically impossible. Because the software is proprietary, it is insecure by any sensible definition. It is insecure for you as the user, although it is made to provide "security" for Microsoft. Not for any technical reason, but solely because of Microsoft's greed, you have a backdoor in your OS that only Microsoft (you hope) can use. Whatever other security holes there are, you propose to fix with other proprietary programs, each having its own backdoor.

When Linux becomes a big enough target IT WILL BE PWNED.

Linux kernel will be pwned? As in, once Linux reaches X% desktop share, all of the sudden a bunch of kernel exploits will be found? How? The value of a kernel exploit today, either local or remote, is already enormous. If they are already found at the rate they are introduced, then what does the popularity have to do with it?

Or did you mean, Linux-based OSes will be owned? All of them at the same time? Or one in particular? And then which one? I am not surprised seeing Android in trouble: every android phone sold today is a proprietary platform, and the proprietors happen to be incompetent. This does not mean that we won't be able to install Debian or Slackware on a phone a few years from now and enjoy rock-solid security.

Re:

[MobyTurbo]

Linux kernel will be pwned? As in, once Linux reaches X% desktop share, all of the sudden a bunch of kernel exploits will be found? How? The value of a kernel exploit today, either local or remote, is already enormous. If they are already found at the rate they are introduced, then what does the popularity have to do with it??

I hate to inform you of this, but local root exploits are very common in the Linux kernel. How else do you think Android phones get rooted [google.com]? They have to either via Linux kernel exploits, or Android exploits, and due to the well-known nature of the former, it's usually those when available. (They usually are.)

Re:

[MobyTurbo]

if the reasons android phones get rooted were because of linux kernel exploits don't you think it would be a problem for all linux devices and servers?

No, because these are local exploits, which aren't as big a deal as a remote exploit for a server. They are enough to root an Android phone though. :-)

Re:

[flappinbooger]

AS mentioned above most malware comes from the internet. I have discovered (and I'm sure many other people have too) that the best way to create a secure windows surfing environment is to do the following:

Start with a clean windows install, apply updates, use a limited account if so desired.
Install a reputable antivirus if so desired, such as anything but norton, mcafee or trend micro, (possibly AVG Internet security business edition with the enhanced features turned on to help detect rogues)
Install firefo

Re:

[melikamp]

The grandparent mentioned the words 'AV software' and you lambast him for claiming it's the magical pill.

That was step 1 of his solution to secure Windows. I claimed, it does worse than nothing. It doesn't just fail to be a magical pill, it fails to do anything at all.

And what does 'proprietary = insecure' mean?

I should have said "closed source".

Re:

[Nutria]

Using the CLI ... I have NO doubt?

You're not very good at not doubting. Maybe you don't actually know what the word "doubt" means.

Why? Ubuntu has a completely GUIfied software install and upgrade system. Point, click, drool and it's all done.

Re:Are Computer Crooks Renting Out Your PC?

[syousef]

..FACT...Post Sp2 Windows is trivial to secure with a wealth of free services from MSFT SE to AVG to Comodo CIS to Avast. OOTB post Sp2 is easy to lock down and will NOT get infected simply by hooking to the net as ALL incoming all blocked BY DEFAULT.

..FACT.. Talk to ANYONE that actually repairs machines (such as myself) and we'll be happy to tell you that a good 90% of infections are INSTALLED BY THE USER. REPEAT nearly ALL INFECTIONS are INSTALLED BY THE USERS, with the other 10% divided between outdated Adobe products and using out of date browsers like IE 6. Why would they install bugs?

I almost got pwned the other day through a driveby download googling some medical information. Using the latest Firefox browser. XPSP3 with updates. Latest flash and a slightly out of date version of Adobe reader - 9 (but it doesn't matter which version you use because they never fully fix it and there's always an exploit out in the wild that hasn't been fixed!) I certainly didn't click on any installers or even banner ads. So no it's not just user software. Microsoft Security Essentials is what prevented the virus from executing. Zonealarm would have kicked in next. But this drive by did manage to get past sever of my defenses. And windows firewall is no where near as good a solution as simply sticking a proper router in between for incoming AND a good software firewall for outgoing.

Adding "FACT:" to the start of every paragraph is utterly lame and does not lend any authority at all to your post.

Re:

[moonbender]

Adding "FACT:" to the start of every paragraph is utterly lame and does not lend any authority at all to your post.

The overall gratuitous use of capital letters, random swearing and quotation marks is meant to do that. The ..FACT... is just for decoration!

Re:

[Nutria]

Using the latest Firefox browser. XPSP3 with updates. Latest flash and a slightly out of date version of Adobe reader - 9 (but it doesn't matter which version you use because they never fully fix it and there's always an exploit out in the wild that hasn't been fixed!)

How, then? Do you have FF set to automatically allow 3rd parties to install s/w? Or did it sneak in thru Flash or Acrobat Reader?

(Flashblock should protect you against such attacks, since you must actively click on window areas to get each Flash script to run.

Re:

[Raenex]

The amusing thing about your post is you just confirmed what he said. You didn't get infected by just hooking up to the Net (as was the case in the old days -- no browsing required), and you fell into the category of an outdated Adobe product. You were even saved by Microsoft Security Essentials.

What more do you want? By the way, as for Adobe Reader, disable browser integration. Seriously. I'm also pretty sure the latest Reader products check for updates automatically, so if you're running an older product

Re:

[syousef]

The amusing thing about your post is you just confirmed what he said. You didn't get infected by just hooking up to the Net (as was the case in the old days -- no browsing required), and you fell into the category of an outdated Adobe product. You were even saved by Microsoft Security Essentials.

You need a basic lesson in logic if you think that confirms what he says. I've demonstrated one instance of what he says BUT also demonstrated that several of the defenses I used were defeated. If my antivirus had not picked the file up as a trojan my PC would have been trashed. No antivirus has a 100% detection rate. So having an exploit get so far as to actually start a process that Security Essentials blocked is downright scary.

What more do you want? By the way, as for Adobe Reader, disable browser integration. Seriously. I'm also pretty sure the latest Reader products check for updates automatically, so if you're running an older product with known and fixed bugs, what's your excuse?

Are you kidding me????? What do I want? An environment where browsing to a we

Re:

[Raenex]

You need a basic lesson in logic if you think that confirms what he says.

The facts are what they are. You were running an old Adobe and Security Essentials saved you. The best security is layered and not an all-or-nothing proposition.

Are you kidding me????? What do I want? An environment where browsing to a web page doesn't automatically execute anything outside the browser. A product that is patched well enough so that new exploits aren't discovered every other week. Are you seriously telling me a product that requires updates every week to stay safe is a good one?

Yet if you installed Adobe Reader on Linux, or at the very least Flash, as many people do, you'll get the same bugs. In this case it isn't particular to Microsoft.

I agree, the huge amount of trust you give to running something like a PDF reader or Flash is a problem. However, it isn't unique to Microsoft. In the meantime, all you can do is stay up-t

Re:

[flappinbooger]

My mother managed to get some nasty installed on a *limited account* in a fully updated install of XP with SP3.

It doesn't surprise me the GP is a retailer. They usually have the biggest mouths in defense of MSware but, ironically seem to know next to nothing about what a computer is, what it does and how it works. The above rant is almost pure nonsense.

I saw a fake A/V get installed on a limited account on a domain. These users cannot change even their own clock, yet this rogue was able to get installed and start surfing to porn sites. Scared the lady half to death as she was in a medical office.

Not all of the registry changes were allowed to happen, but it still was running, still disabled things like taskmgr, still able to make some registry changes to the local profile such that I had to remove them from the admin profile.

I've even seen where a limi

Re:

[sco08y]

.FACT... is trivial ... with a wealth of ... is easy ... will NOT get infected ...

Those are three opinions, and one guarantee, none of which are facts.

..FACT.. Talk to ANYONE...

That's conventional wisdom, not a fact.

..FACT...Linux without IT personnel IS WORTHLESS.

That's an estimation of worth, not a fact.

..FACT...When Linux becomes a big enough target...

That's a prediction, not a fact.

So your entire argument is based around several fallacies.

Nope, none of them were fallacies, they're all false assertions.

... this econ 101 question "What am I doing wrong, that my competitors are doing right?"

Econ 101 is about microeconomic equilibria, such as opportunity cost, supply and demand, etc. Your question sounds like some kind of management seminar.

Re:

[judeancodersfront]

Another fascinating retort. Perhaps next time you could include "M$"? It's a crowd favorite.

I knew it

[fwarren]

Windows Vista was not that bloated. Microsoft was just monetizing spare CPU cycles on the Russian Black Market.

Re:

[Anonymous Coward]

And they have the cheek to STILL sell at that price! The greedy bastards! Honestly!

Re:

[zill]

I'm just glad Microsoft didn't charge extra for this involuntary cloud computing client feature.

Warning: Safety Protection Must Be Worn

[Haedrian]

Tinfoil hats on.

Are Computer Crooks Renting Out Your PC?

[Greymoon]

If you outlaw renting computer bots only criminals will rent computer bots. ...profit

I smell a rat

[tloh]

How did Krebs get access to an "invite only" service? I can't help but feel this is someone's shrewd way of advertising the illegal. Either that or someone is getting whacked for bragging about knowing too much.

Re:

[Haedrian]

I would expect just like policemen have contacts in the criminal underworld, I would assume security researchers would do the same thing.

Nice to see the bad guys facing the facts...

[fuzzyfuzzyfungus]

The news on computer security is usually relentlessly bad. It is nice to see an instance where the economic realities of non-targeted attacks make the bad guys slightly more vulnerable. Even if our antivirus overlords are pitifully incapable of keeping us from getting 0wn3d, which seems to be the case, they are in a fairly good position to monitor the 'underground' marketplace and reduce the value of compromised PCs. That won't save the strategically valuable targets; but anything that reduces the rental value of Joe Broadband's horribly compromised porn box is good for Joe, and for the internet generally.

Hospitals are no surprise

[HangingChad]

>Santiam Memorial Hospital in Stayton, Ore.

I used to provide tech support for doctors offices and hospitals and I can tell you for a fact that their computer security ranges from "bad" to "OMFG!!". Seriously, there were places I wanted to take a shower after leaving because their workstations were so riddled with spyware and trojans.

There are reasons for that...

[damn_registrars]

Santiam Memorial Hospital in Stayton, Ore.

I used to provide tech support for doctors offices and hospitals and I can tell you for a fact that their computer security ranges from "bad" to "OMFG!!".

That happens for several reasons:

• The software they use as part of their work requires admin access (bad vendor programming)
• The hardware they need to access requires admin access (more bad vendor programming)
• They consider needing an additional password for admin function to be "too inconvenient" (bad user education)
• They didn't need to do it when they used 3.x/NT/98/etc ... why should they need it now? (also bad user education)
• They were told that their anti* software would protect them, even without ever updating it - or anything else (bad vendors meeting up with badly educated users)

also some vendor hardware / systems block updates

[Joe The Dragon]

also some vendor hardware / systems block windows updates / are setup so they can't be installed / the vendor has to do the admin work on them.

Re:There are reasons for that...

[dwarfsoft]

Most of the "Bad Vendor Programming" I've seen in this situation did not actually require Admin Access, but required specific permissions set for Users to be able to get the programs to function. The reason that these users were ever added to Local Admin was due to "Bad IT Admin" more than anything else.

After I re-trained the one guy who kept adding users into Local Admin on how to determine (regmon/filemon/procmon) which folders/files/regkeys needed additional permissions (and how to manage a local group for those settings) and he continued to do it, I was only too happy to remove his access to be able to change any security settings or add any users to any groups. Problem was solved.

It wouldn't surprise me if far too many people in those Workstation Admin roles don't fully understand security, particularly in places like Hospitals where Doctors think they have the authority to tell everybody how things should be done.

Re:

[pedestrian crossing]

Most of the "Bad Vendor Programming" I've seen in this situation did not actually require Admin Access, but required specific permissions set for Users to be able to get the programs to function. The reason that these users were ever added to Local Admin was due to "Bad IT Admin" more than anything else.

While I would agree that just granting admin access is Bad IT Admin, the fault still lies with the vendor, who usually shrugs and says that admin access is necessary even though they are the ones in the position to know exactly what folder/file/regkey access is necessary.

Since we are usually talking proprietary software, the Good IT Admin's only option is to apply reverse engineering (regmon/filemon/procmon).

So the fundamental problems are "Bad Vendor Programming" and especially "Bad Vendor Documentation an

Re:

[jd2112]

And any patches applied to computers attached to medical equipment must have FDA approval.

Re:

[swb]

The other reason left out are the number of doctors who are prima donna assholes and insist that going to med school has made them CERTIFIABLE GENIUSES IN EVERY FIELD.

I work for a small consulting firm and we've had a half-dozen clients in the medical & dental fields and without exception they have all been complete assholes, the dentists worse than the doctors.

One guy literally tried to physically intimidate me to the point I had to actually push him away. I walked from the office 20 minutes later an

Re:

[damn_registrars]

It sounds to me that you were doing consulting for physicians in private practice. By my experience they are egotists to a much larger degree that those associated directly with hospitals. I attribute this in part to the dilbert factor that plays in when a physician pursues private practice - now they are business managers as well as physicians. By my experience most physicians who work primarily at or with hospitals are much better grounded (especially teaching or research hospitals).

On a related obse

Re:

[hedwards]

It depends how they're set up, but I wouldn't be surprised if that was often the case. The computers that they use at the clinic I go to are pretty locked down, they only seem to run one program, and they don't seem to do anything else. It's a lot easier to harden a system if there's only one application that's allowed and it's one that you control.

Re:Hospitals are no surprise

[mjwx]

I used to provide tech support for doctors offices and hospitals and I can tell you for a fact that their computer security ranges from "bad" to "OMFG!!".

I provide tech support for a few local retail chains here, everything I've seen has made me _not_ want to use my CC anywhere. Senor POS terminals run Windows XP on Celeron Processors. Senor recommend turning off Windows update. Staff are typically too lazy to type in passwords so the default "senor" user is often left without a password. Access to USB simply requires you to open the access panel at the bottom (not even screwed into place)

The EFTPOS system is a software client provided by the bank run on a Windows XP box out back which the staff use for general internet access. The client is SSL so it goes over the general internet.

At least the Pronto system is relatively secure, running on AIX or Linux (prefer Linux, fewer things like backup clients run on AIX these days). of course the client wont update the software so I use the term "relatively secure".

Of course the client in this case wont let us tighten security. Password everything, move the EFT client to headless machine, silicon up the USB ports, restrict internet access to 80,110 and 443.

Sticking to cash, the AU banknote has more security measures built into it then Senor POS terminals.

Hey! Mine's for rent -- cheap.

[SlithyMagister]

Well not so cheap, Call me and we can discuss terms. If you're a crook, I don't want to know, OK? Oh, and I do run windows, and its set up right, just sose ya know...

If he can do it, why can't ISPs?

[rudy_wayne]

If Brian Krebs can figure out that The Securities Group LLC, The Limited; Santiam Memorial Hospital, North Shore Medical Center; McCann-Erickson Worldwide; and the Greater Reno-Tahoe Economic Development Authority are part of a botnet, then the ISPs used by those companies can do the same. Which points out the real problem with spam, malware and botnets: ISPs refuse to lift a finger to secure their networks.

Every person or business identified as being part of a botnet should be notified that their Internet access is being terminated immediately and will not be restored until they fix the problem.

Re:

[loftwyr]

Then they go beyond "Common Carrier" status and become responsible for the traffic on their network. That would include all the illegal software/media/etc. downloaded through that.

They'd rather die that have to police your downloads, so they let you have your viruses.

Cut their balls off

[bogie]

There I said it. Cut the balls off enough of these people who treat millions of people's important personal property like a plaything and maybe they'll start having second thoughts. I'm tired of it being so easy to reach out an fuck with something that at this point is so critical to most individuals daily lives. And while we can blame MS and the user, lets not forget who the real culprit is. The time and money and IT frustration that results from the work of these assholes is immeasurable.

You don't see criminals thinking they can walk down the street and then try to break into every single house in a city and then squat in every one that has an unlocked door. I don't know why anyone ever thought it was ok to do the equivalent in the digital domain. I blame not strong enough penalties at the start of pc hacking. If we had started with fingers we probably wouldn't have ever even had to go to balls. But here we are so I vote, balls.

Can you tell I had to deal with with someone's malware infested pc who had no backup recently?

Re:

[gl4ss]

you think some deterrent is going to stop 14 year olds from hacking? because they do hack too. and you can't hold them responsible legally for it.. only for damages, which are pretty hard to convert to cash.

just run your systems better, m'kay? obscurity wont help you when the shit hits the fan for real and it would be pretty harsh to take away fingers just for messing with your library that you left open and connected to other people. sometimes it's hard enough to try to tell which part was supposed to be f

Not MY PC they aren't

[macs4all]

I have a Mac.

Now before you punish-mod me into oblivion; let me explain:

I just happened to look at my security logs about a week ago, and there has been a steady (and I DO mean steady!) stream of ne'er-do-wells banging on my ssh port (yes, I use port 22. Call me smug).

The logfiles (that only went back to January, mind you) had SO many login attempts that I literally couldn't email them to a friend due to a 15 MB email attachment limit!

I gave up trying to convert the logs to PDF at 6,000+ pages (!!!

Re:

[Yaa 101]

Yes... Und?

Re:

[Nutria]

What does it say about Linux, which is responsible for nine out of every ten pieces of spam that arrives at my Inbox?

Why do you say (i.e., what evidence do you have) that 90% of spam you receive is generated by Linux?

Re:

[Nutria]

Guess what, I wrote a keylogger and send it to the dev team, every time when the game patches and installed, the thing will also install. Everytime we encounter a perpertual cheater will turn on the keylogger, colect all his infomation, and fight him back by loggin in to his facebook account and do shit.

I don't know about how things are (not) done in South America, but in the US and Europe is highly illegal.