Feds To Remotely Uninstall Bot From Some PCs

CWmike writes "Federal authorities will remotely uninstall the Coreflood botnet Trojan from some infected Windows PCs over the next four weeks. Coreflood will be removed from infected computers only when the owners have been identified by the DOJ and they have submitted an authorization form to the FBI. The DOJ's plan to uninstall Coreflood is the latest step in a coordinated campaign to cripple the botnet, which controls more than 2 million compromised computers. The remote wipe move will require consent, and the action does come with warnings from the court that provided the injunction against the botnet, however. 'While the 'uninstall' command has been tested by the FBI and appears to work, it is nevertheless possible that the execution of the 'uninstall' command may produce unanticipated consequences, including damage to the infected computers,' the authorization form reads. FBI Special Agent Briana Neumiller said, 'The process does not affect any user files on an infected computer, nor does it ... access any data on the infected computer.' The DOJ and FBI did not say how many machines it has identified as candidates for its uninstall strategy, but told the judge that FBI field offices would be notifying affected people, companies and organizations."

That's ok

[Dunbal]

If it damages my system I'll just re-install from a back-up image I made. Oh wait...

Re:

[Samantha Wright]

I'd be more worried about, you know, the owners of the botnet reading this article and taking preventative action? I mean, if it's already too late for that (which past articles assert, it is), then it's not really "crippling", is it?

Re:That's ok

[hellkyng]

The botnet owners can't take preventative action against the uninstall because they don't have valid Command and Control servers running. Since the FBI is controlling those at the moment, the individual bots are hanging in limbo doing nothing. If however the malware is actively looking for new C&C servers to be spun up to receive commands again, there is the potential that the FBI could lose control again. Hence why it is necessary to remove the infection while they maintain control, and only one step in their strategy to cripple the botnet.

Re:

[Redlazer]

They could, but it would be a dick move. As much as I'd like to think so, it's just not true that everyone at the FBI is a dick.

Re:

[RobertM1968]

They could, but it would be a dick move. As much as I'd like to think so, it's just not true that everyone at the FBI is a dick.

Some are asses. ;-)

Re:

[Aeternitas827]

Dicks and asses, eh? And where they meet, a whole lot of people get fucked?

Re:

[PraiseBob]

Remotely uninstalling malicious software from an unsuspecting persons machine is a dick move? If someone was passing out cupcakes and put one on your desk without asking, would you call that a dick move also?

Fixing somebody's computer is a gift. Fixing their machine because it is attacking mine, is something I appreciate. If you don't trust a federal agency to have the authority to remove the virus, then whom do you trust? Rival hackers? Microsoft? They've done such a great job so far in containing

Re:

[postbigbang]

Not if it leaves the machine in an unclean or unusable state. If you thought anti-American attitudes are bad now, imagine the FBI disabling a couple hundred thousand key machines abroad-- just to get rid of a virus.

Re:

[postbigbang]

Sweet.

A bit draconian, are you?

If there'd been sufficient investment, someone could just shut off the port. Rootkits mean you get a new kernel after you've rendered what rooted it permanently dormant.

So sure. Let's say you render a couple hundred thousand machines unbootable by wiping their partition tables, MBR, or whatever. They wake up the next morning, and do they love you? Can they do business? Can they read x-rays? Will their their stuff work?

Your method might be nice for screwing up extractors in Ira

Re:That's ok

[mysidia]

A bit draconian, are you?

Maybe. Apparently you aren't one of the guys they send massive amounts of unwanted spam to?

So sure. Let's say you render a couple hundred thousand machines unbootable by wiping their partition tables, MBR, or whatever. They wake up the next morning, and do they love you? Can they do business? Can they read x-rays? Will their their stuff work?

The problem is the malware/rootkit leaves their stuff seeming to work; and it's invisible to them, so they don't even bring someone in to look at it, let alone repair it.

Your average organization with malware crawling around has no IT management, there's no active directory, group policy, or technical restrictions against employees running software -- everyone runs as admin, any anti-malware/antivirus software is hopelessly out of date, and they're probably still running Windows XP at the moment.

You're not going to be able to "turn off the port", because there are way too many of them, they don't have static IPs, and WHOIS is basically useless. Their ISP won't even tell you (or law enforcement) who their technical contact is (if they have one) without subpoenas.

The most expeditious way for anyone to handle this is to nuke from orbit by reversing the behavior of the malware author's backdoor. Make the software shout about its presence instead of hiding.

Make the breakage of the machine VISIBLE so the repair company has to be called, and money has to be spent, so the SMB cannot continue to ignore their workstation infection, even when informed of it.

Re:

[postbigbang]

In the meantime, while a machine is working, it's hopefully serving a useful purpose. Some might be critical, like a point-of-sale or even more critical in a police station or hospital. You can't reach across the Atlantic, grab the machine's hard disk, and crater the machine. No valid SOP does that.

I realize that partitioning the machine by turning off its port is not a valid procedure, because most ISPs or providers in general don't spend money on addressable ports. They should.

But you can't nuke them. You

Re:

[Angostura]

Some might be critical, like a point-of-sale or even more critical in a police station or hospital.

Exactly the kind of machine I'd want a bot running on.

Re:

[tibit]

I don't know about you and so called "security consultants", it's very, very easy to check offline (from a separate host) that a hard drive with a Windows partition on it has legitimate files as released by MS. Digital signatures and all that jazz. This whole reinstall attitude is frankly said getting on my nerves. Waste hours (if you're not in an imaged environment) on reinstalling a system where perhaps a couple files and a dozen or two registry entries are wrong?! Fuck no!

Re:That's ok

[mysidia]

it's very, very easy to check offline (from a separate host) that a hard drive with a Windows partition on it has legitimate files as released by MS. Digital signatures and all that jazz.

No. The System filechecker is trivially defeated, even when checking offline.

The trouble with 'digital signatures' is there are multiple valid signers, and you can't enumerate a priori which ones are valid. The tampering of tampered with files does not even necessarily occur on the files you see on the physical medium offline while rootkit is not loaded.

Lots of Windows systems have a boatload of legitimate non-Microsoft application files and non-Microsoft system drivers for hardware are almost universally present. And what the registry contains is really quite important, especially when malware involves loading a program that contains a rootkit.

The loader may be found as an application, small file, or binary blob in the registry somewhere. The actual payload activated by the malware loader, may not even reside as files on the NTFS volume; as anything running as system user may be able to read code from raw disk sectors (even NTFS disk sectors that are not actually linked to files you can scan/access).

Try as you might, it is basically impossible to enumerate every possible registry content that will cause malware hooks to load into memory and run payload at system boot.

Verification of the content of all known system files does not verify the integrity of the system.

Re:

[c0lo]

Not if it leaves the machine in an unclean or unusable state. If you thought anti-American attitudes are bad now, imagine the FBI disabling a couple hundred thousand key machines abroad-- just to get rid of a virus.

Disabling is the normal course of action taken on an infected machine. In fact, the only method certain to work.

SOP when discovering a backdoored machine spewing spam, participating in a DDoS, running a backdoor, or botnet node, should be: to if possible, use the malware's infiltrated command and control or the published backdoor to render the backdoor or the system useless to further the attack as quickly as possible.

Easy... easy... You know, I wonder how the situation would be seen if China would start to disable US computers only because they are used for serving content that don't fit their policies. I mean, for them that content might be as "aggressive" and "dangerous" as a botnet.

Re:

[BBTaeKwonDo]

If somebody except me or Microsoft can control/disable my computer remotely, then I'm already pwned, an I not? I might not like when I am made aware of this, but it would do me some good in the long run.

Options

[Livius]

"In fact, the only method certain to work."

That and nuking the site from orbit. It's the only way to be sure.

Re:

[Redlazer]

There's just too many variables involved. I'm glad they're doing opt-in instead of opt-out - that's the mainstay of my comments significance.

Right now, there's no precedent that a government organisation could effectively deal with a situation like this without breaking everything. Is it ok if they do a drug bust, and 1 out of 23 innocent people die? Collateral damage by the government has to be mitigated as much as possible.

I'm not saying that we can't trust the government to do anything. I think the F

Re:

[Martin Blank]

The FBI would then be doing what the botnet authors did: making changes to the user's system without the user's authorization. Removing the system from the Internet by requiring the ISP to place a block on the connection until such time as it could be verified as clean would be much more ethical. If the malware removal function has a horrible bug and leaves the system in an unusable state, the FBI is then on the hook for damages, which could make it reluctant to undertake such actions in the future. The

Re:

[clang_jangle]

I would have expected he knows that and is trolling ("linux == leftist 'jack booted thugs'" troll), but one never really knows...

Re:

[cosm]

Which operating system was this again?

EvolutionSoft PEBCAC [wikipedia.org] 2011

Re:

[somersault]

Well, at least somebody is making an effort to stop all the fucking spam. Slippery slopes are nice and all, but that kind of thing can already be done legally via the courts, the PATRIOT act, etc.. at least what they are doing here is beneficial to the world.

Lemme guess how they're going to get consent...

[jthill]

they're going to send a email, right? Click this link to authorize the FBI to remove an infection from your computer?

Re:

[MrEricSir]

No, it's going to be through popup ads that look like Windows dialog boxes. First it will scan your computer, then find a virus and offer to sell you Virus Remover 2011 at a steep discount!

Re:Lemme guess how they're going to get consent...

[Em Adespoton]

"The FBI has detected a botnet running on your computer. Due to federal privatization initiatives, botnet removal has been subcontracted to Botnet Blaster 2011. Click here to purchase Botnet Blaster 2011 and avoid having your house stormed by an FBI tactical team."

Re:

[timeOday]

Well, there are worse ways [swamppolitics.com] to be notified.

(OK, OK, that might have been the ATF or somebody else, I don't know.)

Re:

[gl4ss]

it'll be more of a chore to submit the authorization than it would be to download an uninstaller..

Release the Company Names

[MoldySpore]

I'd like to see what company's are on the list. Specifically what IT companies. Even more specifically, if any network hardware providers made the list. Always fun to see what companies actually know networking that are selling the products that us in the field buy and put some measure of faith in to protect our networks. Same can be said for some software IT companies for end-users. I would be a bit more wary about considering a company's software protection product if they'd been compromised by one of the

Why not just report the issue to the user?

[SuurMyy]

It would be better to report the issue to the user and provide links to well known antivirus companies. This way the user would be able to trust that the Feds aren't installing anything on their box while they may or may not remove what they tell the user... ;-)

Re:

[ColdWetDog]

Hi! We're from the Government. We're here to help you.

Re:

[XanC]

*BLAM*

*BLAM* *BLAM*

Re:

[cobrausn]

Supposedly Microsoft is pushing out the 'Malicious Software Removal Tool' as part of Windows Update that will actually remove Coreflood if the user machine has already recieved the 'halt' command from the FBI servers. I guess that counts...

Re:

[somersault]

Yeah, idiots with pwned machines are well known for keeping up to date.

Re:

[heypete]

Critical (XP) and Important (7) updates are available to everyone, including users of pirated systems.

The MSRT is listed as an Important update on my Windows 7 systems (don't have any XP ones to check).

Re:

[hellkyng]

I believe Microsoft included detection in their MSRT (Malicious Software Removal Tool) so as long as users and regularly updating they should have this taken care of on its own shortly. I imagine the FBI is probably assuming most users aren't actively updating, or targeting "high value" or infrastructure type computers for a more aggressive removal strategy.

For the tin-foil crowd, if the FBI really wanted to do bad things to your files, they wouldn't have made it public they captured the command and control

The remote wipe move will require consent

[Riceballsan]

Consent?? Does that mean the users infected with the botnet will get "Warning your computer is infected, click here to remove the virus's you didn't know you had from your computer", on one hand it's probably the target of people that were gullible enough to fall for it once to get the botnet in the first place, but teaching them it is actually possible for a legitimate goal to do it, means they will be infected again in a week.

Re:

[x*yy*x]

Well what would you think if the government or any other people would mess with your computer without your consent? What if they decided "utorrent.exe" was harmful and decided to remove it without asking you?

Re:The remote wipe move will require consent

[jd]

As much as I would love the Feds to just run a complete vulnerability scan of the US (not unlike the Internet Auditing Project) and then remotely uninstall every instance without telling a damn person (if the virus doesn't de-install cleanly, that's a bug in the virus so go sue the authors), I get the impression there'd be a few complaints. In part, because the Feds have shown themselves to be ethically-challenged from time to time.

If you want - really, truly want - bots and spyware to be gone forever, it's going to take a Federal agency vulnerability scanning your machine and installing nagware when your machine is shown as both infected and insecure. (Insecure alone might just be a honeypot, it doesn't prove there's a real vulnerability present.)

Nobody is going to trust an agency to do this. Doesn't matter if that's just or unjust, the only just that matters is that it's just not going to happen. In consequence, corporations will fail to secure products, users will fail to secure their machines and the problem will miraculously fail to vanish all on its own. Things won't change without pressure and the only sources of pressure big enough won't and/or can't.

Re:

[jd]

But they trust completely anonymous massive numbers of third parties (that include spammers and ID thieves) not to do whatever the h**** they want, using any open vulnerabilities they find?

As far as I can tell, the answer to that is "yes". At some point, psychiatric care will be available to deal with this, but for now - and for reasons I will never understand - said third parties are trusted completely and the government is mistrusted utterly, despite them having roughly the same capacity to abuse whatever

Re:

[Aeternitas827]

With an extra fucking star, nonetheless. Must have been fucking emphatic.

As much as I hate to say this

[teknosapien]

since most of the machines I'm guessing are running a Microsoft product, maybe they should be the ones carrying this out on infected machines. Lets face it they are probably better situated to see this through. the feds should go back to being the agents of the RIAA and MPAA and leave the computer work to the professionals

Re:

[h4rr4r]

Or maybe Microsoft software is what got these users into this mess, so someone else should fix it and Microsoft should just foot the bill.

Re:

[TaoPhoenix]

What else do you think they will do with access to your system besides the botnet campaign? "While repairing the botnet, we discovered 137 copyrighted files. These have been reported to the **AA. Have a nice day!"

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[Aeternitas827]

Create timeouts/failures! Attach a router to your router, forward the requisite port on Router A to go to Router B, who would be configured to forward BACK to Router A!

It's like forwarding my calls to a number that will forward my calls to me. They wait and wait, my phone never rings, and eventually they get pissed and hang up!

Re:

[Aeternitas827]

+1, Insightful response to Jackassery
-1, Jackassery

A far more effective solution...

[Daniel Phillips]

Uninstall Windows.

Re:A far more effective solution...

[Daniel Phillips]

Uninstall Windows.

Or don't uninstall Windows but make computer owners legally responsible for their computers in the same way they are legally responsible for a swimming pool. The resulting fines would either stop botnets entirely or eliminate the national deficit. In short, a tax on the stupid.

Re:

[c6gunner]

Yah, those fines will stop botnets the same way the RIAA lawsuits have stopped piracy. It can't fail!

Re:

[bill_mcgonigle]

C'mon, this is Slashdot. You left your garage unlocked, somebody stole your car and ran down some pedestrians.

Re:

[Daniel Phillips]

C'mon, this is Slashdot. You left your garage unlocked, somebody stole your car and ran down some pedestrians.

C'mon you are an idiot, and you obviously don't own a pool.

Re:

[Daniel Phillips]

So if someone breaks into your back yard, scoops up the water from your pool, transports it to a freezer then drops the resulting ice on people from rooftops, you are morally responsible for their deaths?

Probably not, but your scenario is ridiculous. In the far more likely case that a child wanders into your yard because you left the gate open and drowns in your pool, chances are you will pay for that the rest of your life. [2keller.com]

It does not seem a stretch at all to extend such mandatory responsibility to computers, which may not cause death but are capable of causing a great deal of damage.

Re:

[Daniel Phillips]

The solution isn't to fine the 'stupid', software requires a warranty that is fit for purpose.

And if that doesn't happen, which it won't, then fining people for operating a computer that becomes part of a botnet is the next best thing. Fines don't even have to be large. Just enough to make people realize that running insecure software or buying a computer with the wrong operating system on it may cause harm to others.

uninstall command...

[roc97007]

> 'While the 'uninstall' command has been tested by the FBI and appears to work, it is nevertheless possible that the execution of the 'uninstall' command may produce unanticipated consequences, including damage to the infected computers [...]

I'd say go for it. I mean how is this any different from Windows Update?

Is this

[SnarfQuest]

Is this like those messages emailed from Microsoft about virus detected on my system? Those things never seemed to make my machine run better. You'd think Microsoft would test their fixes better... ;=)

Take away their network connection

[QuesarVII]

They shouldn't be helping to uninstall it for people. They should be getting their internet connections shut off to teach them a damn lesson about computer security.

Why do they need consent?

[jeffeb3]

My common sense would say that if the user already gave up control of their PC to the botnet, why should they have any say in keeping the feds from removing the bot? The reason the feds are interesting is (I'm assuming) because the botnet caused harm to others. Just remove the bot, if there are consequences, and they know what they are, then it's their own fault.

But, the federal government is held to a higher standard aren't they?

Re:

[mr100percent]

I wonder if we could use a car analogy here. If your car rolled into the street unattended, could the police tow it or would they be liable for damages from towing it?

Disconnect from internet?

[aralin]

Why cannot they just ask the ISP to disconnect infected computers from the network? It should be responsibility of each owner to connect with uninfected computer. The company responsible for this whole mess - Microsoft - will likely not be held accountable, but the users should. And when the OS they use start to be liability in their lives, then maybe they will choose based on that as well.

YACA: If someone installed randomly firing machine guns in the trunk of your car, I doubt FBI response would be a letter asking you if they could please uninstall those for you.

Re:

[Bob9113]

> Why cannot they just ask the ISP to disconnect infected computers from the network?

Maybe a good idea, maybe not. One risk: If they did this and people did not scream bloody murder, it would be a matter of days until the DoJ started shutting down people suspected of copyright infringement.

Helping people do the pro-social thing, good. Fining them for anti-social behavior (like we do with copyright), good(*). Disconnecting them from the Internet is less obviously good. The Internet is like public sewer sy

Cooperate America strikes again

[devent]

Now the DOJ and the FBI do the job to secure Windows. Must really suck to live in a country where the government is run for cooperations paid by tax money. (If anyone wonder, it's the job of Microsoft to secure their system not the DOJ or the FBI to do that for them).

"FBI field offices would be notifying affected people, companies and organizations."

yeah, that's why you have the FBI. Not to hunt for criminals like murders, raper or the organized crime, but to go to people and companies and secure their comp

Re:

[DCFusor]

It's at least some benefit out of all that fear induced money they got rolled up into homeland security, rather than some other use of it.

If this is a joke,

[ronmon]

it's not funny. If it isn't a joke it is insanely stupid.

A big fraction of them are probably government

[DCFusor]

Machines, so it shouldn't be too hard to get permission. Who else has so many clueless users with great connections to the net all concentrated in one set of outfits?

A legal backdoor to gov't monitoring

[hessian]

I am far from paranoid of government, but if you give government a privilege, they will expand its role.

Today, removing Coreflood. Tomorrow? Other dangerous software, like BitTorrent or DC++

It's not paranoid to suggest that if you give a strong central authority a delegated power, they will expand their use of it to justify their salaries/funding.

The "secret" uninstall command

[Lost Penguin]

deltree c:\windows

a total solution to infected Windows PCs

[doperative]

Ubuntu [ubuntu.com] is a fast, secure and easy-to-use operating system used by millions of people around the world.

Re:

[Dunbal]

Oh come on - tanks are driven by people who have volunteered to get shot at. How hard can it be? Certainly no harder to drive than the old 1970's caterpillar D-6C (a bulldozer for those not in the know) and actually much easier. I've seen them with handlebars and a throttle just like a motorcycle. Add a brake pedal for each side and an automatic transmission and you're set.

Re:

[Qzukk]

You know the first thing they're going to push is the big red button marked "Fire".

Re:

[codegen]

You know the first thing they're going to push is the big red button marked "Fire".

The tank driver can't reach that button. It's for the back seat driver.

Re:

[somersault]

OpenOffice? TuxRacer? This analogy is feeling a little laboured.

Re:

[Jaysyn]

Not until I get onto I-10.

Re:

[vijayiyer]

The hard part is driving it while you're being shot at.

Re:

[DarwinSurvivor]

I'd say the REALLY hard part is walking next to it while being shot at because your "buddy" got the long straw.

Re:

[ae1294]

The hard part is driving it while you're being shot at.

You must not have driven in any major U.S. city in awhile...

Re:

[avgjoe62]

You've obviously never driven in Los Angeles. Being able to drive a car while being shot at is part of the driver's license test.

Re:

[CrimsonAvenger]

Oh come on - tanks are driven by people who have volunteered to get shot at. How hard can it be? Certainly no harder to drive than the old 1970's caterpillar D-6C (a bulldozer for those not in the know) and actually much easier. I've seen them with handlebars and a throttle just like a motorcycle. Add a brake pedal for each side and an automatic transmission and you're set.

Ever notice how a lot of people who know nothing about a subject think it must be easy?

Re:

[Dunbal]

I've actually driven a tank - a british Challenger 1. How many tanks have you driven?

Re:

[shentino]

Don't diss our troops man.

Re:

[Dunbal]

Your troops, not my troops. Costa Rica does not have an army, so I don't "have" any troops.

Re:

[plover]

. Sure, they won't get hurt, but they'll probably never even figure out how to start it.

That's pretty much the whole freakin' point. These are people too stupid to own computers.

Re:

[somersault]

Uh.. if they wanted to do that, they could do. What exactly do you think they'd find so interesting about the average person's web browsing habits? Do they perhaps need credit card details for extra funding? I don't think so.

Re:

[jd]

Stop and think. If they've already scanned these machines, any keylogger will already be installed. Besides, there's a Firefox extension for jamming keyloggers.

Besides, what would they need a keylogger for? We already know (because the Australian Government has said so) that Echelon is real and does exist. The total lack of use of cryptography means that there's nothing you can type that they can't read already.

Re:

[Aeternitas827]

You could, however, type out the alphabet (CAPS and lowers), numbers, symbols, and such into a word editor, and painstakingly copy/paste every letter of your usernames, passwords, and posts. When they keylogger turns up 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789`-=[]\;',./~!@#$%^&*()_+{}|:"?^C^V^C^V^C^V^C^V...', I imagine there would be some crying.

Also, you may be required to wear a tin-foil sombrero. Also, this is probably defeatable in any case.

Re:

[jd]

The government is doing this at the taxpayer's expense because the taxpayer voted in a government that likes the rich having the money and you not. Vote into power someone who doesn't give a damn about the rich next time. Of course, that requires finding one - and then finding one willing to run for office. In general, those with the best ethics are the least-suited to politics and the ones best-suited to politics are the ones with no ethics.

Re:

[Aeternitas827]

I have borderline ethics, think the idea of holding public office is novel (it might get me a Wikipedia entry!), and think CEOs and top-tier professional athletes are overpaid buffoons. I also carry a dagger in my shirtsleeve. Do I have your vote?

Re:

[Aeternitas827]

If an auto manufacturer sold a vehicle that melted in the rain,

Then it might be made of sugar (and delicious) or salt (and good for margarita night or deer hunting).

Re:

[Aeternitas827]

It's a Trojan. It ruins all the fun.

The above would also have been an acceptable response.

Re:

[Aeternitas827]

And while your at name one piece of software or OS that was 100% bug free when released.

How about this little bit of BASIC? 10 PRINT "HELLO WORLD" 20 GOTO 10 Does exactly what I want it to, every time.

Re:

[Aeternitas827]

Goddammit, forgot the line breaks. Imagine 'em.

Re:

[Aeternitas827]

#3 could be a bug...but really, the bug is in the eye of the beholder. What to you is a bug, is to me a feature!

#1 is already resolved, assuming Bugs 2-5 can be considered Enhancement Requests for v1.1 (or v1.0.1, or v2), and the program had the useful purpose of proving that software can exist, at release, without bugs (this would disqualify Bug #1 as a bug, but rather make it a user education issue for the target audience).

Re:

[lasinge]

FWIW, they are stating at this point that they will be asking for consent. Personally I don't like it, I would prefer to take care of it myself, but then again I (like most slashdotters) don't represent the majority of computer users. Someone has to take this seriously and deal with these botnets, and if the government is the only entity willing to step up and handle it, then that's who is supposed to do it. I'd prefer to see this in the public domain, but security is simply not valued in the public sect

Re:

[nurb432]

Someone has to take this seriously and deal with these botnets,

i totally agree, but it should be by cutting off access to infected computers and keep them off-line until they are 'clean'. ISP's can detect 'bad things' and do this automatically.

Re:

[Aeternitas827]

Ok, so we let ISPs have carte blanche on detecting and stopping 'bad things' until said 'bad things' are gone. Who classifies these 'bad things'? What guidelines are used to determine these 'bad things' are happening? How granular should these guidelines be? Who sets those guidelines?

To take a hypothetical example, let's say a botnet crops up that operates on port 43187. Let's also say my torrent client, used only to download the latest Ubuntu image also happens to use 43187. Is the fact that my modem

Re:

[TaoPhoenix]

I have free tickets for you to ski on the slippery slope.

Re:

[Osgeld]

no there are at least a dozen post's above yours saying the exact same thing

if I didn't use my last mod points on one of those threads you would get a redundant

Re:

[mr100percent]

...and by posting (I assume with the same account) you've undid all the moderation

Re:

[Stormthirst]

Why is it that Americans as so paranoid about their government's motives? No other country in the first world has this level of paranoia about their government.

Re:

[catmistake]

Agreed. Clearly, the creator and seller of this inferior operating system should be forced to recall the product— and forced to fix it.

Re:

[Co0Ps]

You're confusing prefixing with verbs and adjectives... "install" is a verb so "uninstall" means to "reverse installation"... just like undo means "reverse what was done". On adjectives the prefix means "not" though.... like "unauthorized" and "ungrateful". And I'm not even a native English speaker.

Uninstall is a much better word than "remove" in this context. Remove implies simply deleting files while the process of uninstalling is often much more complex and refer to restoring the state that the compute