RSS
Twitter
Suggestions For Cleaning Up Botnets: Internet Licenses, Credit Scores, Money And Gov't Cleanup Clinics
from the take-your-pick dept
By now it's pretty clear that the "bad guys" have been fairly successful in carving out quite a portion of the internet for their own uses through viruses, trojans and botnets. But what to do about it? Well, at a "Counter e-Crime Operations Summit" there was no shortage of ideas -- though plenty of skepticism over whether or not any of them would work. The old idea of internet "driver's licenses" was suggested, though that's been discussed for years without any evidence that it would actually help matters. Some of the other ideas included offering ISPs monetary rewards for cleaning up botnets hosted by subscribers' computers and government-backed cleanup clinics. The clinics would supposedly help users get rid of botnets on their machines, with the inspectors instructed to ignore things like unauthorized software and music, so as not to scare people off from bringing in the machines. Of course, that ignores the fact that there's really no incentive for people to bring their computers to such clinic in the first place. One of the more creative suggestions would be to assign every computer a "credit score" based on the security of the system in place, and then any data sent from that computer would be transmitted with the score attached. That way, other systems could decide whether or not they accept packets from a low-scoring system. That's interesting, but actually implementing such a system would be quite difficult, and it would probably be only a matter of days before scammers figured out how to spoof high scores, rendering the whole system useless. It sure would be nice to clean up the internet a bit, but are there any suggestions out there that actually have a chance of working?
Reader Comments
(Flattened / Threaded)
Answer.
It sure would be nice to clean up the internet a bit, but are there any suggestions out there that actually have a chance of working?
Yeah, teach people how to use a computer.
(reply to this comment) (link to this comment)
Re: Answer.
What do you mean?
(reply to this comment) (link to this comment)
Operating Systems
Operating systems (I'm looking at you, Microsoft) need to be more inherently secure. Almost all viruses, trojans, and botnets seem to take advantage of vulnerabilities in operating systems. Almost all of these vulnerabilities could be avoided with more careful programming, but of course that would increase costs and decrease profits.
(reply to this comment) (link to this comment)
Answer2
I've not had a virus, spybot, spyware, or anything to malfunction on 4 computers in 8 years. The reasons are simple.
I use freeware that works and when I see that they DO work, I donate. I'm not pushing anyone's stuff, but if you get freeware from reputable sources, there are NO problems.
(reply to this comment) (link to this comment)
RE:Operating Systems
So if every user attached to the internet had mac or linux OS. Viruses and internet crime would stop. Right-O lol
(reply to this comment) (link to this comment)
Re: RE:Operating Systems
(reply to this comment) (link to this comment)
Re: Re: RE:Operating Systems
No.
Everything would be exactly the same. The only reason viruses are targeted towards windows system is because its something like 80% of all PCs, so why would they engineer a virus that only works on 10% of all PCs in the world.
(reply to this comment) (link to this comment)
Re: Re: Re: RE:Operating Systems
(reply to this comment) (link to this comment)
Re: Re: Re: RE:Operating Systems
In that case then I would expect a proportional number of viruses to target non-windows computers. They don't. Not by a long shot.
(reply to this comment) (link to this comment)
Re: Re: Re: Re: RE:Operating Systems
A point that is being somewhat overlooked is that; most Linux users are savvy to begin with. They would have to be to get the box up and running. Barring the handful of Dells and the ones that a savvy person set up for a friend or relative, the hackers have to get by an above level of operator skill. Now throw that at the masses, make a version that has an exquisite Hardware list and an intuitive guey, so any idiot could install it and operate it effectively, then lets see how many attacks there are.
(reply to this comment) (link to this comment)
Re: Re: RE:Operating Systems
What people don't realize is that linux and I am sure Mac OS have there own set of vulnerabilities. I run web servers off linux and I see plenty of attempts to gain unauthorized access. the vulnerabilities are not so much in the OS but the services run on it. What most people don't realize it is actually pretty easy to "own" a linux server if the admin has not locked down any features that can be exploited such as the ability to execute code from an untrusted server. The problem is not the OS but usually the applications. The Reason people like OpenSource is that they can eyeball the code and make sure it is safe.
So my point is that if you want security on your PC then buy a generator, a faraday cage, cancel your internet subscription. that is the only TRUE security you can get.
(reply to this comment) (link to this comment)
Re: RE:Operating Systems
Just when WAS the last time you saw a linux virus and how does the number of linux viruses compare to windows?
(reply to this comment) (link to this comment)
Re: Re: RE:Operating Systems
Ok, lets say no one used a Windows based OS any more. Then all that would happen is people would create spyware and Trojans and all other kinds of nasties for the OS's that are being used.
Sure, Windows OS's have more vulnerabilities then other OS's, but think of it this way, how many people are looking for them in lets say, XP, as opposed to Ubuntu? whats the point of having an exploit for a system that no one uses?
(reply to this comment) (link to this comment)
Re: Re: Re: RE:Operating Systems
(reply to this comment) (link to this comment)
Mac malady.
If every user attached to the internet were mac or linux, then those special people who write viruses would just start writing them for those Operating Systems. Don't kid yourself-- stop pushing your OS on everyone and enjoy life under the radar while it lasts.
(reply to this comment) (link to this comment)
Internet Drivers License
Some Government is not going to magically clean this up by handing out usage licenses. Either to organic users or headless users. And besides, doesn't this throw privacy out the window?
It doesn't take long on the Driver's License metaphor to run into problems.
Will registration be easier or harder than getting a Driver's License?
Do you take it away if someone is "Computing Under the Influence" or "Typing While Intoxicated?"
(reply to this comment) (link to this comment)
It's like gun control
As with the gun laws; people who rob, murder and kidnap are very unlikely to obey what ever silly law gets passed preventing them from having a gun. Any law they make to control this will be a major hindrance to normal people and a minor inconvenience to criminals.
"The United States is a nation of laws: badly written and randomly enforced."
- Frank Zappa
(reply to this comment) (link to this comment)
Re: It's like gun control
Nice quote, Zappa was a legend.
(reply to this comment) (link to this comment)
Re: It's like gun control
In the case of an internet license it could be easily arranged that your PPPoA login is your license number; tie dthat into a smart card system backed by a PIN and it would take significant effort to bypass this; just check out what Directv has done to the satellite pirates with their card and you'll see what I mean: 4 years and they still have no significant hack for it. No license number = no interweb for you.
And I personally think it's a great idea, it would prevent the dumbing down of the internet, and we would no longer be allowing just anyone to do as they please here. Lowering standards helps no one!
This would also reduce the costs of ISPs since they wouldn't have to hire such a large tech support company to teach all the dumb users how to use their computers, clean viruses, configure their wireless router, etc. All that adds up to a LOT.
(reply to this comment) (link to this comment)
Get a Mac, running one since 1990 with NO issues! Windows is a piece of crap, but if people did not consume this crap I would not have any work at all.
(reply to this comment) (link to this comment)
Re:
Get off you're high horse. OSX had more problems in its first 90 days then Vista did and when you think of the amount of users who would actually but OSX as opposed to people who use MS products that makes it a huge achievement.
As Mike said above, why write these exploits for a OS that only 10% or less of the billions of machines on the internet run?
(reply to this comment) (link to this comment)
Re: Get a Mac
The only reason that works is "security through obscurity". If Mac or Linux were suddenly to have a 51% share their alleged security would show up as the swiss cheese it is.
(reply to this comment) (link to this comment)
they have been using this stupid excuse for years and they nave never made any viruses or malware that caused any issues, now go back to that piece of crap (Windows) and keep telling yourself you need to consume more.
(reply to this comment) (link to this comment)
I need to consume more.
Assuming makes an ass out of you.
The fact is, making a virus for something not main-stream isn't profitable by any definition of the word. It's cold, hard logic-- not opinion. If I wanted to infect as many people as possible, I'd write a virus for the OS that the majority of people have. How does that *not* make sense?
Who knows, maybe I *am* retarded. :P
I'd like to point out that I never said there was anything wrong with any OS. It's just personal preference-- like I care what OS anyone but I am using. Seriously, why do you care what OS I run? I really want to know.
(reply to this comment) (link to this comment)
Re: I need to consume more.
To the various people saying that MacOSX (and Linux) would instantly have viruses if virus writers had more incentive to write viruses for those platforms. There have been numerous bounties offered (up to $25,000 IIRC) to anyone who could write a self-replicating virus targeting a base MacOSX system. To date, no one has ever claimed any of those bounties. If MacOSX security were "swiss-cheese" wouldn't these bounties have been readily snapped up?
(reply to this comment) (link to this comment)
Re: Re: I need to consume more.
Not really -- the "talented" virus writers can make a lot more than that writing a Windows attack. This is only true becuase Windows is the biggest target. ANY monoculture is susceptible to a single attack. With *nix and Mac OSes, it may require more social engineering to get users to install bad stuff.
You have to look at mainframe OSes to get truly secure environments -- and that is because installs are done by the central admin team of system programmers.
If the Internet users were an eclectic mix, with no OS having more than 10% to 15% market share, then the virus writers would have a huge challenge. Unfortunately, the money is enough that the organized groups will still attack and take over individual PCs.
We have to figure out how to choke off the money flow to get these criminals to go away.
(reply to this comment) (link to this comment)
Re: Re: I need to consume more.
No the bounties do not help, read the fine print. Very few viruses infect Windows (the BASE OS), most use IE, file sharing software, P2P, email, or other 'non base OS' vectors to get installed.
If you think Mac OS is safe, try a google search on "safari browser vulnerabilities", I get "Results 1 - 10 of about 911,000" on the returned page (yes, IE is worse, not my point).
(reply to this comment) (link to this comment)
Linux more secure than windows?
This article is from 2005, but still. That's when windows was WORSE than it is now. Click here.
So, you still think linux. errr. unix is more secure than windows? OS X is built of unix too, eh?
(reply to this comment) (link to this comment)
Never use extremes. They're always bad.
Instantly? Nah.. it would take a bit, I'm sure.
Do you think someone writes a virus for money, or for malicious intent? Not to mention that the bounty you speak of was quickly retracted, as most bad ideas should be. :P
OSX may be 'safer' but where there's a will, there's a way. Just enjoy the good thing you'd got while it lasts.
(reply to this comment) (link to this comment)
Concerning the motives of hackers, trojan and virus writers, I have often wondered how many, if any, might have been paid directly or indirectly by the virus software companies who depend on a steady supply of new threats to sell their product...
(reply to this comment) (link to this comment)
No, A Virus is not your big problem, it is
clickhappy users.
It is the trojan that really infects systems.
Virus or vulnerabilities on Windows pale in comparison to a group of clickhappy users willing an able to launch any application that washs up in their email box.
There is only so much you can to to guard rail a user.
It doesn't stop them from driving off the road.
Never underestimate the stoopidity of the masses.
There will always be trojan/spammers
As long as there are clickhappy users.
Applicable Murphy Law:
Make it idiot proof and nature will design a better idiot.
(reply to this comment) (link to this comment)
Re: No, A Virus is not your big problem, it is
I agree. As an IT manager for the last 6 years, I've spent the better part of most of my days cleaning up after "clickhappy" users. I've had maybe 1 or 2 big virus problems on my own personal computer (Windows) during that time, but have several other co-workers whose computers I have to service on an almost weekly basis.
(reply to this comment) (link to this comment)
The old hypothesis "windows has the largest market share of computers so of course viruses are made for it instead of Linux" is a joke. I'm amazed that people are still using it.
Every time you use it, you are exposing not only that you are ignorant (I'm using this term in the literal sense, not the derogatory sense) about the subject, but that you are lazy (now That statement is derogatory :) with regards to researching subjects in which you espouse certainty. Please, do at least a minimal amount of research before posting on subjects in which you would not consider yourself an industry expert (and would thus be the one documenting the research itself).
There are thousands upon thousands of virus propagating in the wild for Microsoft Windows. There are approximately 8 known virus for Linux and none of them have successfully propagated in the wild. The statistics do not add up for your hypothesis. Your hypothesis has been debunked with evidence and math repeatedly over the years. Please stop spreading a myth.
One of the reasons there are so few virus for the Linux operating system is the design of the OS and the fairly strict adherence to using a normal User account instead of the Root/Admin account for daily interactions.
(reply to this comment) (link to this comment)
Billions and Billions (Ok, I'm making this up.)
"There are thousands upon thousands of virus propagating in the wild for Microsoft Windows."
That's simply untrue. I collect them like some people
collect stamps. There aren't even thousands and thousands
let alone one tenth of that many in the wild and I'm
allowing for derivatives.
I have many more than eight Linux viruses not including
their derivatives.
"Please, do at least a minimal amount of research before
posting on subjects in which you would not consider
yourself an industry expert (and would thus be the one
documenting the research itself)."
Yes, good advice.
The non-technical user wants everything to work without
intervention. That puts additional burdens on people
trying to make it secure as well.
Frankly, freeBSD or openBSD is my choice but my grandmother
would get XPpro if I was setting up a machine for her.
Windows is not bad, it's different and it's aimed at
a different user group. Please try to curtail your
contempt of the masses and stop being an OS snob.
Especially when you're woefully uninformed.
(reply to this comment) (link to this comment)
The Great White South Number 7
There are thousands upon thousands of virus propagating in the wild for Microsoft Windows. There are approximately 8 known virus for Linux and none of them have successfully propagated in the wild.
Now, maybe I am ignorant, but doesn't that prove the market share theory?
At the very least, that smart guy who wrote the first comment knows what's up. I don't have any viruses on my system, and I'm ignorant! Just imagine how much less than none I'd have if I knew what I was doing! :)
(reply to this comment) (link to this comment)
If you want to stop spam, tax email at $.01 each.
If you want to stop identity theft, make the bank or credit card company that gives an account to the thief pay huge fines and responsible for cleaning up the credit damage done to the victim.
(reply to this comment) (link to this comment)
Re: Antarctica7
actually, what you said is false. the entire virus population for xp cannot be entirely accounted for due to usage size, but using basic logic one can easily deduce that a virus' ability to successfully propagate depends upon the amount of available hosts. it's a simple fact that even falls into the realm of real biological viruses, and it's entirely applicable to computer viruses. mere propagation aside, when looking at intent of virus creation, it's done for profit. so if you can write a virus that has a high probability to propagate compared to one that doesn't, which would you write to try to make money?
sorry to burst your bubble, but the majority of viruses for windows is due mostly to its rather large market share. so please, don't be offended that nobody uses your os of choice. it's still a fine os i'm sure. but, please, don't try to bring in your illogical ramblings here.
(reply to this comment) (link to this comment)
Re: Re: Antarctica7
Oh boy, let me take this one piece by piece:
Well, in a way you're kind of right. Propagation does depend upon having "available" hosts. "Available" as in being "easily infected", not just being present. Most of the other computers that windows computers connect to on the Internet are not other windows computers. Rather, they are various flavors of Unix-type systems. Yet these Unix-type systems seem to remain largely uninfected. Imagine that.I'm beginning to wonder if you know the difference between a virus and other types of malware. If one looks at the many computer viruses that have been created it is easy to see that very few of them were created for profit. If one even bothers to look before speaking, that is.
Don't worry, the only bubble bursting you've done has been in your own imagination.
That market being "easily infected" computers on the Internet which, admittedly, windows pretty much owns.
That almost sounds like you were writing a note to yourself. But in any case, if you really want people to believe that you have at least a modicum of intelligence you should at least learn how to capitalize. It isn't that difficult, really.
(reply to this comment) (link to this comment)
Oh yes, OS.
I still don't get why people feel the need to defend their decision on an OS with such passion, or feel the need to force their decision on other people. Maybe I never will.
It still seems, despite all contrary arguments, that simple market share is at the root of it. Sure, most people on Linux are techno-savvy, it is required for the OS, for the most part-- hence why my grandmother doesn't run a Linux machine. OSX is making a valiant charge at becoming mainstream, but from the admittedly scant research I have done in the matter, the software I want isn't always available on OSX-- so it doesn't suit *my* needs-- and it seems it doesn't suit the needs of a lot of 'average' users. And there is the point-- read again if you missed it, I'll wait. Done? Sweet.
The average person on the internet is looking for an OS that works (haha) out of the box.. usually something that they would use at work, something 'easy'. Sure sure, OSX is easy, but it's not mainstream-- it's *way* easier to find a PC to buy than a Mac walking around the mall-- grandma doesn't like to wait for things to come in the mail. Grandma, bless her old bones, also likes to install any ol' thing on her PC-- I mean, it's just two clicks and a few "Next" buttons and Presto! It's done. Also, any link emailed to dear old grandma gets clicked-- the little man took the time to crawl in the monitor to put it there, she might as well click it!
So, now that you have background on my grandmother, if you were in the business of writing some type of malware that would send infected email to the entire bridge club-- what platform would *you* write it for? Linux? Pfft, those guys know what they're doing. OSX? Why? So I might infect a couple of college kids and a few 'enlightened' others? Or Windows.. the haven for those who just want it to [presumably] work?
That's right, Windows wins again. (Or loses, depending on how you look at it.) You get a lion's share of the market, and the highest probability that your 'software' will make it to a box being run by someone with no more than very basic skill. (And thus, little to no 'good internet habits')
Also, I highly doubt that proper capitalization is a judge of intelligence any more than using rare words is... only a fool would think otherwise, if you ask me. ;)
(reply to this comment) (link to this comment)
Re: Oh yes, OS.
Joe,
While an apparent inability to capitalize properly may call one's intelligence into question, the ability to do so doesn't necessarily prove anything beyond a subnormal level of intelligence either. You are yourself the perfect example of this.
(reply to this comment) (link to this comment)
Re: Oh yes, OS.
(reply to this comment) (link to this comment)
Windows not bad? Your kidding right?
"Windows is not bad, it's different and it's aimed at
a different user group."
What "different" user group are you talking about and how is OSX and Ubuntu not targeted at this same market?
"Please try to curtail your contempt of the masses and stop being an OS snob."
It is kinda hard when we have people outright lying and saying crap like Windows isn't bad. This is pure BS. Windows is horrible and everyone who has used it on regular basis comes to understand it.
I constantly curse the bugs and errors that crop up in Windows with little or no workaround and don't even try to run some legacy software unless you have a evening to get it working. Not to mention that MS invented spyware because of their deliberate back doors throughout their code. Malware wasn't a "accident" is was planned from the beginning.
"Especially when you're woefully uninformed"
I guess uninformed is in the eye of the beholder.
(reply to this comment) (link to this comment)
It's kind of funny to note some of the names riding to Window's defense are the same ones that religiously defend copyrights, patents, the RIAA, the MPAA and so on.
(reply to this comment) (link to this comment)
Add Your Comment