Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×

194 comments

Tweaking liability laws (5, Insightful)

Harmonious Botch (921977) | more than 7 years ago | (#18453247)

These bots could be greatly limited with proper tweaking of liability laws. Under current laws, if I leave a pool or a car unsecured and somebody else gets injured or killed, I can be found totally or partially liable. But if I leave my computer unsecured and someone else uses it to cause harm to third parties, I'm in the clear.

Re:Tweaking liability laws (5, Insightful)

Watson Ladd (955755) | more than 7 years ago | (#18453279)

It would be hard to determine what constitutes appropriate security. And how are you supposed to know about a zero-day or a subtle misconfiguration? A pool is easy to secure. A car is easy to secure: Both have small threat models and physical protection is all you need. A computer is much harder to secure.

Re:Tweaking liability laws (3, Insightful)

Anonymous Coward | more than 7 years ago | (#18453339)

True but life is hard. This is the solution to this "problem", just as having a 1 cent cost per an email sent is the solution to the spam "problem".

ISPs should immediately pull the plug too on infested machines to limit damages.

There's no reason to let innocent bystanders to suffer from the criminal neglect of some.

Re:Tweaking liability laws (5, Interesting)

mrbcs (737902) | more than 7 years ago | (#18453589)

I work for a small ISP and that's exactly what we do. You get two strikes. First is a warning to clean up your machine and put on antivirus software. Next time, we kick you off the network and terminate your account. Problem totally solved. We've had two people get the first warning. None kicked yet.

Re:Tweaking liability laws (4, Interesting)

penix1 (722987) | more than 7 years ago | (#18454187)

Although it gives you a "warm fuzzy feeling"(TM) that your company isn't contributing to the bot problem, too many kicks and you soon have no customers. All that you are doing is forcing that customer to go to an ISP that won't give them the boot. It does nothing to actually solve the problem.

An alternative would be instead of cutting them off completely, offer them an antivirus solution. Although I hate them, this is what companies like AOL and NetZero are doing.

B.

Re:Tweaking liability laws (3, Interesting)

erroneus (253617) | more than 7 years ago | (#18455407)

A better solution would be to simply restrict their outgoing port access rather than to kick them. If they are on dialup, you just set up a dialup pool just for that (set of) logins that does not allow port 25 to go out.

All over Japan, I have found, they are blocking outgoing port 25 and it's annoying as hell but I understand why they do it.

Re:Tweaking liability laws (1)

evought (709897) | more than 7 years ago | (#18453853)

"Reasonable" is linked with "customary", which changes over time and is also informed by regulation and case-law. It used to be "reasonable" in many places to put railings around pools, balconies, etc., Now it is considered necessary in many places to have rails be within certain distances of each other (to prevent children falling through or getting heads stuck) either because of codes or because of successful law suits. "Reasonable" postings about danger and liability (e.g. "No lifeguard on duty") also develop over time.

The same sort of thing would happen with computer liability, and, in fact, we will see it happen with HIPAA where very little guidance is given as to what a "reasonable" precaution is. There will be a lot of confusion at first, but it will slowly settle out. It is now considered "standard" precaution to keep your system patched, run anti-virus and run a firewall. Maybe avoiding 0-day vulnerabilities is not "standard", but you can actually reduce threats by tightening down your services, hardware/software firewalls, being paranoid about email, and changing browsing habits (e.g., no javascript). Over time, I expect those precautions would begin to be more standard. The test will be when someone gets sued and a jury finds that their caution was not "reasonable". As such, it generally pays to be more cautious than the current standard.

(IANAL :) )

Re:Tweaking liability laws (1)

Yartrebo (690383) | more than 7 years ago | (#18454289)

I'm not so sure. My best estimate is that running anti-virus software would increase the risk of hacking, at least in the case of Linux. There aren't exactly many Linux viruses (and none that I know of loose in the wild), and anti-virus software, which is proprietary, is a real easy way to get something like Magic Lantern or any other approved virus/trojan on your system.

Open Source Virus Protection (1)

evought (709897) | more than 7 years ago | (#18454495)

I use ClamXAV [clamxav.com] on OS X, which is based on the GPLed clamAV [clamav.net] anti-virus engine. I have also used clamAV embedded in the PostFix mail server on Linux to scan incoming email for sites I maintained. It gets decent reviews against other packages and I have been happy with it. I use a Windows variant when I am forced to deal with XP as well. Anyway, it is completely open source and all above-board. I would not touch Symantec software with 3.048 m pole these days.

The reason I use AV software on OS X is not just masochism. For one, I have a rarely used XP/bootcamp install and it is safer to scan it from OS X which a Windows virus cannot easily affect. For another, I avoid unwittingly passing virii from one Windows user to another. Lastly, I am paranoid and want to stay in good habits. It is quite likely that viruses will eventually appear on OS X as it grows in popularity, even though it is not as good a host. The practice costs me nothing and may save me something in the end.

Re:Open Source Virus Protection (4, Insightful)

Gareth Williams (536468) | more than 7 years ago | (#18455029)

I run a gnu/linux based operating system, and I don't forsee that I will ever run antivirus software on it. Yes, even if people actually start writing viruses that target it.

I don't look at automated breaches of security as any special case. A security breach is a security breach. Crack attempts, spyware, adware, malware, viruses, trogans, blah blah... it's all the same problem: stopping unauthorised code running on your machine.

If my mail client has a bug that allows remote code execution, the mail client is faulty and must be patched. If my browser has a bug that allows a remote site to snatch files off my local filesystem, then my browser is faulty as must be patched. If I, FSM forbid, stupidly download and run some malicious application then I am faulty and must be "patched".

I have all non-essential services turned off, I run a firewall, I keep all my applications up to date with security patches, and I only install software from my distribution's repositry.

I don't care how much money they are making for some big security companies, these "anti-virus" applications that people are so obsessed with running on windows are just an ambulance at the bottom of the cliff.

There is something fundamentally flawed with the idea of waiting until your security has already been breached and then trying to clean up after the fact. Once it's breached that's it, game over - reformat, reinstall O/S, and replace data with last known good backup.

Re:Tweaking liability laws (5, Funny)

gregleimbeck (975759) | more than 7 years ago | (#18453329)

If my unsecured computer causes somebody to get injured or killed, I will take responsibility. OTOH, if my car starts spreading malware and spamming, you're SOL.

Re:Tweaking liability laws (1)

jcr (53032) | more than 7 years ago | (#18453847)

Does your car run WINCE?

-jcr

spam for your bot (1)

Gary W. Longsine (124661) | more than 7 years ago | (#18455515)

If your computer is sending me spam, it's killing me by taking away, say, one second of otherwise useful life. It's doing that millions of times a day. If we total those seconds up, you've killed several people and you're still not liable for anything.

Re:Tweaking liability laws (1)

Yvanhoe (564877) | more than 7 years ago | (#18453383)

I am pretty sure that if someone gets physically harmed because of a negligence on Joe's computer, someone can be found liable. Maybe Joe, maybe Microsoft, maybe Dell, maybe all of them.

Re:Tweaking liability laws (3, Insightful)

NeverVotedBush (1041088) | more than 7 years ago | (#18453385)

But if I leave my computer unsecured and someone else uses it to cause harm to third parties, I'm in the clear.

You would think the legal case could also be made to hold Microsoft liable for stolen personal information, illegal charges to credit cards, raided bank accounts, etc., when known but unpatched (i.e. no patch available) exploits to their software allow people's computers to be compromised.

Re:Tweaking liability laws (1)

maxume (22995) | more than 7 years ago | (#18453449)

It's a bit tricky though. I just run AVG Free Edition and Firefox, and I basically don't notice any malware trying to install itself. I guess there could be lots of stuff I just don't know about running on my system, but there isn't(my modem is idle and acting like it, and I do an ok job of paying attention to running processes). It costs me right around $0 to do this, and the 'cost' of acquiring the knowledge to do this is something like $80; anybody claiming Microsoft was at fault would have to demonstrate that they went to great lengths and it still broke.

Re:Tweaking liability laws (1)

Harmonious Botch (921977) | more than 7 years ago | (#18453463)

You would think the legal case could also be made to hold Microsoft liable for stolen personal information, illegal charges to credit cards, raided bank accounts, etc., when known but unpatched (i.e. no patch available) exploits to their software allow people's computers to be compromised.
Which leads us to the inevitable conclusion that the folks who make and interpret laws have no fucking clue as to what the net really is.

Re:Tweaking liability laws (1)

iminplaya (723125) | more than 7 years ago | (#18454965)

...what the net really is.

It is quite simply a system of interconnected electronic devices that has, quite predictably, acquired a life of its own, a mere extension of the biological units that created it. As long as we chase that illusive pot of gold, this is going to continue. The easy money is just too tempting. The net is just another tool in this thousands of years old pursuit. The spammers are the symptom. You need to go to the source of their power. That might be the greed of their customers trying to make a quick buck, just like the spammers.

Re:Tweaking liability laws (1)

mysticgoat (582871) | more than 7 years ago | (#18455317)

You would think the legal case could also be made to hold Microsoft liable for stolen personal information, illegal charges to credit cards, raided bank accounts, etc., when known but unpatched (i.e. no patch available) exploits to their software allow people's computers to be compromised.

I wonder if passing new laws would be necessary? Maybe we already have laws that could be used to get us to the goal of a reasonably safe internet:

Most municipalities have ordinances against "attractive nuisances", and I think the case could be made that Windows is an attractive nuisance and the owner of Windows software (not the licensee, but the actual owner) could be fined for each day of violation until he brings his property into compliance with generally accepted community standards and makes it reasonably safe against becoming zombified.

There are also laws on the books in most jurisdictions regarding reckless endangerment (of 3rd party personal property or safety) that could be brought to bear. Someone who has a habit of leaving their keys in their car in a neighborhood of unruly preteens is recklessly endangering the general public by inviting some 10 year old who would be a menace on the road to steal the car. A company that markets fast motorized scooters to little kids to race up and down the sidewalks is recklessly endangering the general public. Perhaps a company that sells an OS to noobies that isn't safe until someone with a few years of experience configures it, loads appropriate antimalware packages, and configures those, is recklessly endangering all other computer users in the community.

There isn't a need to wait until someone gets hurt; these laws are intended to be used proactively to encourage reckless people and companies from engaging in bad habits.

Maybe all that is needed is the recognition that computing is no longer an esoteric activity, but has now become a necessary part of everybody's daily life. And that the laws we already have in place to protect us in our daily activities now need to applied to this part of our lives.

Re:Tweaking liability laws (5, Insightful)

mrbluze (1034940) | more than 7 years ago | (#18453489)

if I leave my computer unsecured and someone else uses it to cause harm to third parties, I'm in the clear

But if you have a car which injures people because the manufacturer put in lousy breaks, lousy locks, lousy steering etc, then the car manufacturer is in trouble, right?

Whilst I agree with you, the liability laws need changing, "reasonable" attempts at securing a Windows PC (eg: using antivirus software) have proven to be a waste of time, so the onus should be on the manufacturer.

Re:Tweaking liability laws (2, Interesting)

Anonymous Coward | more than 7 years ago | (#18453837)

so the onus should be on the manufacturer.
Ah, your sig [Do it yourself, 'cause no one else will do it yourself.] conflicts with your argument. :-)

Re:Tweaking liability laws (1)

mrbluze (1034940) | more than 7 years ago | (#18454033)

Well, if you compiled your own linux distro, then you did it yourself :) But then you would be extremely unlikely to be unwittingly part of a botnet ;)

Re:Tweaking liability laws (1)

56ker (566853) | more than 7 years ago | (#18454027)

Reasonable attempts include turning the inbuilt firewall in Windows on or running a software firewall as well as antivirus software.

This would provide about three warnings that a compromised machine is being used to spam (and I've cleaned a few of these in my time as a freelance computer geek)...

Re:Tweaking liability laws (1)

dattaway (3088) | more than 7 years ago | (#18453519)

I'm sure if someone released a bot to turn everyone's computer into a large distributed mp3/dvd botnet, the entertainment cartels might take an interest in fixing our computer problems.

So who wants to write a script?

Re:Tweaking liability laws (3, Interesting)

freedom_india (780002) | more than 7 years ago | (#18453631)

...and get sued for millions of dollars for hosting "Shakira"?? No thanks.
RIAA/MPAA do not have any idea of technology. They would rather sue you (unwitting hosed guy) rather than sick the Secret Service on bot writers.
Good luck trying to explain child porn to a jury by stating that your XP was compromised....

Re:Tweaking liability laws (3, Funny)

Phroggy (441) | more than 7 years ago | (#18454457)

Good luck trying to explain child porn to a jury by stating that your XP was compromised....
You're forgetting, most of the members of the jury run Windows XP too.

Re:Tweaking liability laws (1)

stratjakt (596332) | more than 7 years ago | (#18454339)

if the **AA was anywhere near powerful enough to push around the tech industry, there would simply be no such consumer device as an "mp3 player" or "divx player", and routers wouldn't pass p2p traffic.

The entertainment content industry is peanuts. Sonys entertainment division is like the pinky toe of the whole operation.

Re:Tweaking liability laws (1)

Bemopolis (698691) | more than 7 years ago | (#18453689)

*coughcough* cognitive dissonance [slashdot.org] *coughcough*

Re:Tweaking liability laws (4, Insightful)

1u3hr (530656) | more than 7 years ago | (#18453767)

These bots could be greatly limited with proper tweaking of liability laws.

There are hundreds, perhaps thousands, of known spammers in the US. (See the ROKSO list, eg.) Barely a handful are ever prosecuted. One or two have been sentenced, trumpeted here as a victory against spammers, but really showing that being caught and punished for deliberate spamming is a very rare event. Considering that, what could a "negligent" spammer get?

ISPs can easily detect and cut off spam spewing robots. They have the right to do so in their TOS, but are just too complacent or perhaps concerned they'd have to deal with hundreds of clueless users complaining about it.

Re:Tweaking liability laws (1)

russotto (537200) | more than 7 years ago | (#18454317)

You can be found liable if a minor gets injured or killed in your non-secured car; that's attractive nuisance law. You can't be found liable if a thief steals your car and uses it in a bank robbery.

Re:Tweaking liability laws (0)

Anonymous Coward | more than 7 years ago | (#18454357)

I am amazed by your stupidity. I hope you get infested and then sued by RIAA.

Re:Tweaking liability laws (1)

fm6 (162816) | more than 7 years ago | (#18454643)

Oh, great, you want to go after all the people who "let" their computers get infested. No problem getting that law passed!

Re:Tweaking liability laws (1)

kihbord (724079) | more than 7 years ago | (#18455051)

In that case, everybody needs to disconnect their cables from the Internet to make our computers secure. ;-)

Re:Tweaking liability laws (0)

Anonymous Coward | more than 7 years ago | (#18455371)

"These bots could be greatly limited with proper tweaking of liability laws."

Good luck with that. From the article:

"Increasingly, computer systems in China have become infected with bot software and used to attack or spam other targets."

Which of us in a position to "tweak" China's "liability laws", insofar as it may have such laws, and what makes you think China, or many other places these bots may be located, has either the will or the means to do anything?

Re:Tweaking liability laws (1)

jonwil (467024) | more than 7 years ago | (#18455525)

If the RIAA can get the Russians to shut down allofmp3.com, why cant we (as a society, as internet users, as ISPs who have to deal with this crap etc) use the same pressure to get the Russians, Chinese or whoever to go arrest the people who are WRITING the malware in the first place and lock them up somewhere where they have no computers or internet access and can't use their malware skills to write even more malware. If the malware is being written in the USA, we can do the same thing there too. If enough of the people with the skills (which are above what your average work-a-day .NET coder would have) can be locked up, wouldn't that make it harder for these networks to keep operating? Also, while we are at it, lets do the same for the "Mr Bigs" that actually FUND these networks. Maybe we need to find a way to convince men like G.W.Bush that said "Mr Bigs" are terrorists :)

Hmmm.... (5, Funny)

groovemaneuver (539260) | more than 7 years ago | (#18453269)

This must be related somehow to Windows being the most secure operating system... :p

Re:Hmmm.... (5, Funny)

glittalogik (837604) | more than 7 years ago | (#18453285)

Damn those 1.2 million Linux users! Bloody hell, when will they learn?

Bat infestation? (2, Funny)

Joelfabulous (1045392) | more than 7 years ago | (#18455535)

Was I the only one whoe read it as "Bat Infestations Reach Nearly 1.2M?"

Man, are my eyes ever going fast. Stupid kerataconus.

Re:Hmmm.... (1)

webweave (94683) | more than 7 years ago | (#18453543)

Is this a Windows only thing? The article does not say.

Re:Hmmm.... (2, Funny)

pallmall1 (882819) | more than 7 years ago | (#18453605)

This must be related somehow to Windows being the most secure operating system...
Yes, this is another KISS* from microsoft.

* Keep It Spamming Stupid!

Re:Hmmm.... (1)

RedBear (207369) | more than 7 years ago | (#18455733)

I see people making jokes about all these bots being Windows-based, and of course I have to assume myself that this is the case based on experience. However, neither the original article nor the site they link to seem to make any mention of any operating system, no less Windows. Are there any actual statistics for how many of these detected bots are running on Windows? It's hard to be smug about other operating systems be so much more secure without having some actual data to point to.

Well?

All those bots must be coming from (5, Funny)

Steve--Balllmer (1070854) | more than 7 years ago | (#18453275)

all those Linux and OS X systems, since Symantec says Windows is the most secure operating system.

ATTN: SWITCHEURS! (-1, Troll)

Anonymous Coward | more than 7 years ago | (#18453951)

If you don't know what Cmd-Shift-1 and Cmd-Shift-2 are for, GTFO.
If you think Firefox is a decent Mac application, GTFO.
If you're still looking for the "maximize" button, GTFO.
If you don't know Clarus from Carl Sagan, GTFO.

Bandwagon jumpers are not welcome among real Mac users [atspace.com] . Keep your filthy PC fingers to yourself.

Forget the spam filters... (2, Insightful)

ShaunC (203807) | more than 7 years ago | (#18453297)

..It's more like "time to put an ad in the paper, an onslaught of new customers is coming!" I wish I still had time to do spyware removals and clean up infested computers. Easy money for those who have the time and are willing to make housecalls.

Re:Forget the spam filters... (0)

Anonymous Coward | more than 7 years ago | (#18454073)

I've often wondered how much of a market there really would be for services like this. I recently had my hours at work cut back significantly, and am in the process of looking for a new job...and the thought of putting an ad in the paper has crossed my mind, especially when I see how much places like Best Buy and Staples charge for virus scans and other basic things....

I suppose it depends on where you live etc...but in general do people who put ads in papers like that make money?

Re:Forget the spam filters... (0)

Anonymous Coward | more than 7 years ago | (#18454795)

(Not the OP...)

I've been doing this more than a year. I charge a flat $50 fee to "clean up" a machine. This includes antivirus sweep and install (AVG configged to update), and an AdAware/Spybot/HijackThis sweep (AdAware gets installed, the others are run from CD as diag only). I do things freelance, house call, max 1 hour onsite, all cash. You give me $50, I will clean your comp straight up in an hour or less. My expense is a CD of Knoppix, and a CD with the latest copies of the other tools on it.

Almost every time I let them off with less than $50. "Well I usually charge $50 for this but you have been so nice and you gave me some lemonade, I am going to cut it down to $40." They think they just worked me over for a deal, when really they are paying out the butt for having me in their home for 20 minutes to get their machine back working right. If you set things up right you can get to where you have 10-20 pending jobs at any given time and you do the ones geographically close to one another on each day. Imagine billing 4 $50 jobs in one day, even giving them discounts, you can still pull in $150 every day.

The real ticket is getting a couple of high profile jobs. Contact your local radio DJ's, or your local television anchors, offer it as a free service to them, holy hell will that pay off. They will talk you up like crazy for free. Then you're set.

Good luck

I, For One... (3, Funny)

NeverVotedBush (1041088) | more than 7 years ago | (#18453325)

Welcome our new botnet overlords...

Re:I, For One... (1)

rhyder128k (1051042) | more than 7 years ago | (#18453635)

How long before these bots link up and become nodes in a larger network? At that point they store information, react to direct stimulus and transmit to the rest of the network. Each cell might be relatively simplistic, with no goals other than self-preservation, replication and transmission of data to the other nodes. Surely, there will be fitness rewards for a node that behaves in a certain way? With a billion of them, I wonder what potential would be for emergence?

[mike begins to buy canned food]

Re:I, For One... (4, Funny)

miro f (944325) | more than 7 years ago | (#18453823)

How long before these bots link up and become nodes in a larger network? At that point they store information, react to direct stimulus and transmit to the rest of the network. Each cell might be relatively simplistic, with no goals other than self-preservation, replication and transmission of data to the other nodes. Surely, there will be fitness rewards for a node that behaves in a certain way? With a billion of them, I wonder what potential would be for emergence?


translation: Imagine a beowolf cluster of those!

How does this sqauare with Vint Cerf's speech? (1)

winkydink (650484) | more than 7 years ago | (#18453475)

Didn't he say at the World Economic Forum at Dovos that as many as 25% of all machines connected to the internet were infected? That strikes me as a whole lot more than 1.2 million

Re:How does this sqauare with Vint Cerf's speech? (1)

Klaus_1250 (987230) | more than 7 years ago | (#18453639)

The summary isn't entirely clear. The 1.2 million are reported/analyzed/confirmed (couldn't find info on Shadowservers exact methodology). The number certainly won't cover all botnets (looking at their botnet map).

Re:How does this sqauare with Vint Cerf's speech? (1)

winkydink (650484) | more than 7 years ago | (#18453665)

You're right. I went back and read the original Shadowserver article. It's the number they are tracking, not their belief of the total number of infected machines.

Re:How does this sqauare with Vint Cerf's speech? (1)

deek (22697) | more than 7 years ago | (#18453931)

Didn't he say at the World Economic Forum at Dovos that as many as 25% of all machines connected to the internet were infected?


You should know that 87% of all statistics are just plain made up.

But my spam is way down from the Dec/Jan peak (2, Interesting)

gvc (167165) | more than 7 years ago | (#18453529)

Perhaps the big SEC bust [informationweek.com] actually had some effect. My personal harvest of spam has dropped recently from 1000/day to 500/day.

Re:But my spam is way down from the Dec/Jan peak (1)

Red Flayer (890720) | more than 7 years ago | (#18454685)

My personal harvest of spam has dropped recently from 1000/day to 500/day.
I noticed the same thing recently, but to use the word 'harvest'?

Gives me the shivers, a vision of thousands of spamfarmers toiling in underground caves carefully tending their spam crops until harvest-time.

I much prefer the term 'cull', since it implies getting rid of the chaff (to mix a farm metaphor or two) as well as refers to the 'meat' connotations of spam.

Eh? (1)

mcrh (1050542) | more than 7 years ago | (#18453561)

The report back from the drop in holiday season '06 predicted a surge in Windows XP SP2 installations and slightly better security coming with it. However, at least the latter part of that doesn't appear to be the case.

...So, what happened? Was there, in fact, a sort of mass-migration afterward, which made the more homogeneous operating system landscape a more inviting target than before? Did the operating systems change, but not to XP SP2 --- and if that's the case, what operating systems are the new computers running?

Computer bots (0)

Anonymous Coward | more than 7 years ago | (#18453563)

How does one know if their computer (or relative's, etc.) is infected by a bot? Are there special diagnostic tools for that?

Re:Computer bots (1)

mrbcs (737902) | more than 7 years ago | (#18453615)

Usually the computer runs like shit and the network is transferring traffic like crazy when you haven't done anything.

Re:Computer bots (2, Interesting)

winkydink (650484) | more than 7 years ago | (#18453643)

Not true. Most modern bots are designed to stay under the radar. A zombie PC is worth money and it makes sense to keep control of it as long as possible. So most newer malware uses system resources sparingly.

Re:Computer bots (1)

goarilla (908067) | more than 7 years ago | (#18453765)

tcpdump (nix), ethereal/wireshark (nix+win), netstat (nix), iptraf (nix), htop (nix), lsof (nix), antivirus
adaware, psybot, process explorer autoruns TCPview RootKitRevealer (windows -- Sysinternals) http://www.microsoft.com/technet/sysinternals/defa ult.mspx/ [microsoft.com] , etc ...
if your computer isn't supposed to do anything and it's opening connections to ports 6667 (irc), 25 (smtp), 20 & 21 (ftp) then
it would be a good assumption that your pc has been zombified
there are people over here who have more experience in this area and they will comment :D

Re:Computer bots (0)

Anonymous Coward | more than 7 years ago | (#18454161)

windows has netstat.

Re:Computer bots (1)

gvc (167165) | more than 7 years ago | (#18453787)

Look in the incoming/outgoing connection log on your Linksys (or whatever) broadband router. If you see connections to all sorts of places you shouldn't -- especially on port 25, yank your ethernet cable and consult a professional.

No broadband router? Go buy one. They're free (after rebate, of course!)

Re:Computer bots (4, Funny)

Technician (215283) | more than 7 years ago | (#18454905)

How does one know if their computer (or relative's, etc.) is infected by a bot? Are there special diagnostic tools for that?

There are 3 things to look for.
1 Is it running Windows?
2 Is it connected to the Internet?
3 Has it been on for more than 20 minutes?

ISPs take action? (1)

pembo13 (770295) | more than 7 years ago | (#18453669)

Why don't ISPs start sending automated physical mail to home of obvious spam bots?

Re:ISPs take action? (0)

Anonymous Coward | more than 7 years ago | (#18454413)

Will you pay for the postage stamps?

Battle is now greylisting versus IP address spread (3, Interesting)

RonBurk (543988) | more than 7 years ago | (#18453685)

IMO, the real battle here is caused by greylisting. Greylisting plus a honeypot database of fake email addresses is clearly the most effective, automatic, general-purpose anti-spam mechanism to come along. Spammers are starting to feel the pinch (even though lots of people are still struggling with old-fashioned "filtering" mechanisms, and are still easy and fun targets).

The spammers who are starting to take on greylisting are doing so by two main mechanisms: massive distribution across IP address space, and direct use of infected PC MTAs.

The IP address spread is fairly simple to understand. If you have 100,000 zombie PCs with 100,000 IP addresses, then clearly you can send 100,000 pieces of spam without ever using the same IP address twice. That makes the honeypot database of greylisting useless, since I rely on waiting to see a given IP address send email to a known "bogus" email address to correctly identify that IP address as a spammer (in the short term, at least).

The direct use of infected PC MTAs is more difficult. If the zombie PC can programmatically use the unspecting owner's own ISP MTA to send the spam, then it becomes very difficult to distinguish that spam from real mail send from a real person (just as botnet click fraud is very difficult for Google to do anything about without also discounting some "real" clicks).

To respond to the massive distributed IP address spammer, I think a drastic increase in bogus email addresses would help, so that they have to transmit to 10 or 100 times more addresses in order to hope to reach the same # of real people. It's easier for website owners to create more bogus email addresses than it is for the spammers to infect more PCs. You basically always "drop" mail sent to a bogus address so that the spammer is convinced it went through and is getting to a "real" person (and probably even sells that address to other spammers as "verified").

That would push the spammers squarely into focussing on using the infected owner's own ISP's MTA for transmission, giving those ISPs an ever-increasing workload of bogus mail to send. Sorry, but that's where this war is headed anyway: to the point where ISPs will start charging customers to disinfect their PCs once they've been identified as botnet spam transmitters.

I'm going to start slowly increasing my spamming of spammer address databases today (e.g., by injecting more hidden text email addresses onto websites). Note that this is not a "solution" to spam (so please don't post that cute little form :-). This is just an effort to push the problem where I think it's going to end up eventually anyway: on the backs of ISPs that have not yet come to view infected customer PCs as "their" problem yet.

Re:Battle is now greylisting versus IP address spr (5, Interesting)

Anonymous Coward | more than 7 years ago | (#18453859)

The IP address spread is fairly simple to understand. If you have 100,000 zombie PCs with 100,000 IP addresses, then clearly you can send 100,000 pieces of spam without ever using the same IP address twice. That makes the honeypot database of greylisting useless, since I rely on waiting to see a given IP address send email to a known "bogus" email address to correctly identify that IP address as a spammer (in the short term, at least).

That isn't greylisting at all (though it is useful against spam).

Greylisting is giving a "new" incoming SMTP connection a 400-series error message the first time they try to send email to you. A 400-series error means a temporary problem - please try again. When they try a second time they try to send email, you accept.

Since all legitimate email servers will retry when they get a 400-series error, a legitimate message will go through, at a cost of a time delay.

However, most spammers don't bother retrying (although some do), so you can block a lot of spam with greylisting, with very little bandwidth or CPU cost.

If only more ISPs added their net blocks to PBL... (1)

bcc123 (550310) | more than 7 years ago | (#18453703)

http://www.spamhaus.org/pbl/index.lasso [spamhaus.org]

How hard is that?

And if all major providers did it, then zombie spam would die out pretty quickly.

Re:If only more ISPs added their net blocks to PBL (1)

ampmouse (761827) | more than 7 years ago | (#18454675)

The Spamhaus PBL is bad for maintaining a decentralized Internet. It forces users to send mail through ISP relays, which is an unnecessary and insecure process. It does little to prevent spam as any good spammer will just relay through the ISP's server anyway.
This page [tesco.net] goes into grater detail explaining why DULs (the old name for PBLs) are bad.

Re:If only more ISPs added their net blocks to PBL (2, Insightful)

bcc123 (550310) | more than 7 years ago | (#18454925)

Absolute majority of spam now comes from desktops infected with mailing software. So no, in this case, the spammer won't simply relay through the ISP's mail servers. The reason they infect boxes in the first place is so that they can mail directly from all those IPs. The reasoning in your link is really outdated.

Re:If only more ISPs added their net blocks to PBL (1)

jonwil (467024) | more than 7 years ago | (#18455519)

What the bots are doing is instead of directly sending spam out to the wide world from the zombie machine, they are reading the SMTP server settings from mail clients like Outlook and relaying mail through that instead (to avoid blocks on port 25 by ISPs)

Most of these "upgrades" were to Vista... (1)

FMota91 (1050752) | more than 7 years ago | (#18453721)

...and they have the nerve to call it the most secure Operating System.

Re:Most of these "upgrades" were to Vista... (0)

Anonymous Coward | more than 7 years ago | (#18454201)

Most of these "upgrades" were to Vista...

Do you have ANY real data to back that up?

Re:Most of these "upgrades" were to Vista... (1)

FMota91 (1050752) | more than 7 years ago | (#18454411)

Do you have ANY real data to back that up?

Yes. 67% of computer "upgrades" (meaning people who bought a new computer or upgraded an existing one) were to Vista. I know this because out of a sample of three people who "upgraded" (me, my mother, her husband), two of them bought Vista PCs.

What? It's not like Symantec did much better with their data...

"systems" euphemism (3, Insightful)

allin (146835) | more than 7 years ago | (#18453755)

The article speaks of "bot-infested systems". Call a spade a spade. These
are bot-infested PCs running MS Windows. They make life hell for the rest of
us.

ZEN DNSBL (1)

the_flyswatter (720503) | more than 7 years ago | (#18453763)

Make sure you update the RBL on your spam blocker to include zen.spamhaus.org. It contains the PBL (Policy Block List) which helps to filter out home internet connections. Zen includes the SBL and XBL, making it the replacement for sbl-xbl.spamhaus.org.


See http://www.spamhaus.org/zen/ [spamhaus.org]

Who's buying the crap? (1)

mightyQuin (1021045) | more than 7 years ago | (#18453811)

Who are the idiots that buy the crap that make it worthwhile for spammers to install the bots that send out the spam? Shouldn't the people that create this financial incentive somehow be to blame too?

Re:Who's buying the crap? (0)

Anonymous Coward | more than 7 years ago | (#18454299)

I'm really really sorry! I don't think I'll do it again. But I did once and as a result I was able to migrate to another country. Were it not for spammers I'd most likely still be stuck at my dead-end job in my country of origin but I got an email about these lawyers that handle migration applications. I investigated them and they were legit so I gave it a shot and now I'm here. I'm not defending spam, but this is the reason it works. Not all spam is selling Bee4gr4 or phony stock. Hey and some people buy even that.

Re:Who's buying the crap? (0)

Anonymous Coward | more than 7 years ago | (#18454399)

Good point! There should be "honeypot" spam too and if someone would answer it, they would be shot on the spot. In my country at least...

Maybe this idea could be refined a bit for more general use.

Re:Who's buying the crap? (0)

Anonymous Coward | more than 7 years ago | (#18455023)

"...they would be shot on the spot.In my country at least...."

And your country would be reviled and isolated. You would be labeled a despot and if you weren't assassinated by your own people, you would eventually be hanged in the town square.

Re:Who's buying the crap? (1)

Nethead (1563) | more than 7 years ago | (#18455611)

If it cuts down the spam....

Tiny detail concerning shadowserver world map... (0)

Anonymous Coward | more than 7 years ago | (#18453845)

It's bit outdated. http://www.shadowserver.org/wiki/uploads/Stats/cci p.jpg [shadowserver.org]
Let's play the game "find name missing/new countries (sorted by alphabet)".

A) Afganistan
B) Bosnia
C) Croatia
...

An easy fix (5, Insightful)

davmoo (63521) | more than 7 years ago | (#18453905)

In another reply I saw someone suggest ISPs sending automated snail mail notices to users who's machines have been owned.

I'll go one better. Cut the fucking thing off the net until the user fixes the problem.

I fail to see why it seems to hard to detect these things. When an ISP sees a machine go from sending out 4 or 5 emails a day to spitting out thousands of emails every hour, it should be obvious there's a problem.

Also, close the damn mail ports off. If a customer wants to host their own email server at home, fine...but make them call in and request that the port be opened. And make it clear that if their machine gets owned, they get cut off and fined before access will be reconnected.

And finally, spam has been a problem for years...how come the MTAs haven't been rewritten to not allow header forging, etc, in all that time? Isn't this supposed to be one of the big advantages of open source and open protocols?

Re:An easy fix (4, Insightful)

metlin (258108) | more than 7 years ago | (#18454473)

In another reply I saw someone suggest ISPs sending automated snail mail notices to users who's machines have been owned.

I'll go one better. Cut the fucking thing off the net until the user fixes the problem.
That's not really fair.

Most users are not technically sophisticated to do anything, even if they were told that their computers were affected.

Computers and the internet are far too prevalent today to simply cut somebody off because their boxes were compromised. If you must, blame the manufacturers for designing systems that can so easily be taken over by bots and viruses.

Most people don't really care, because to them the computer is just like the TV or the microwave - a tool that lets them do something. If the tool gets messed up and causes problems because of something, they can't be held responsible because face it, they have no clue whatsoever. If you are designing a system that you think even an idiot can use, then make sure that it is idiot-proof.

But companies want to sell $OS to your grandma, but do not want to take responsibility for what happens when things go to hell. If you are selling something to grandma, make it grandma-proof. She will open attachments, she will not have a clue about what's out there on the web -- if you are selling her a tool, make sure that it is protected against the mistakes she most likely will make.

Somehow, in the software industry, it is considered acceptable to call the users idiots and let go. Now here's the thing -- even some of the very smart people have trouble using computers simply because it is not their thing. Not everybody can be a computer geek, and nor should they expected to be.

If anything, the software manufacturers should be held responsible. Stop blaming the users already, please.

Re:An easy fix (0)

Anonymous Coward | more than 7 years ago | (#18455127)

I believe it was Douglas Adams who said, the problem with making something idiot-proof is you always "misunderestimate" the idiots.

(paraphrased and then enhanced by a term coined by GWB)

Re:An easy fix (1)

AK Marc (707885) | more than 7 years ago | (#18455211)

That's not really fair.

I don't blame Mary for carrying Typhoid, I just won't let her prepare food. I don't "blame" the user, but they should be kicked off the Internet until they get their computer fixed. I don't understand why you are bringing up "blame." The user is responsible for fixing their computer, regardless of who is to blame for infecting it.

Re:An easy fix (1)

toadlife (301863) | more than 7 years ago | (#18455233)

The only way to make a computer idiot proof, is to make it so that new binaries cannot be loaded onto the system. Computers are not toasters.

Re:An easy fix (0)

Anonymous Coward | more than 7 years ago | (#18455349)

If you design an idiot proof computer, someone will create a better idiot

Re:An easy fix (2, Insightful)

mysticgoat (582871) | more than 7 years ago | (#18455417)

I agree with parent.

I also want to point out that the automotive industry went through a similar period about 35 years ago, when new cars were required to have pre-installed seat belts. It is now generally accepted that seatbelts, airbags, and less visible things like collapsing steering columns and controlled crumpling are GOOD THINGS TO HAVE IN A CAR. But at the time these were introduced, the sometimes strong argument against them was that none of these things were necessary for a well trained driver. Whatever your opinion about that, the truth of that time was that driving had become a necessary daily activity for a lot of people who had no real desire to do the training: they just wanted to get the kids to the soccer game; do the shopping; get to and from work without having to sit among the coughers and hackers in a germbox (bus)...

Computing is at this same place now. The number of people who have to use a computer to get things done, but who have zero interest in the computers themselves, now far outnumbers the number who are willing to do any training.

It is time to use some legal enforcement to make the network environment safe for the computing public. I think this could be done by applying existing laws regarding reckless endangerment, indiscriminate distribution of attractive nuisances, and so forth to the software industry.

Where is Ralph Nader when we need him? Preparing to run for President again?

Re:An easy fix (1)

pavera (320634) | more than 7 years ago | (#18454533)

I completely agree with the sentiment of your post. And, there are some ISPs who do just that. I worked for one and implemented the policy. It is easy to do, and easy to implement. The problem is this: unless all ISPs do it, it will never stick. We lost every single customer we cut off. We would disconnect there service and redirect their browser to say "You have a virus, please remove it and call us to restore your internet access".

Well, we would always get an incredibly pissed off customer who would call, scream at us for 10-20 minutes about how they couldn't possibly have a virus or a trojan, how they run antivirus every day (my favorite was to ask "When was the last time you updated your virus software?" The usual response to that is a very confused "Oh, you have to update it?"). Invariably they would cancel their account and we'd never hear from them again. But I'm sure 2 days later they were back on the internet without fixing the virus problem.

Re:An easy fix (2, Informative)

Phroggy (441) | more than 7 years ago | (#18454673)

I fail to see why it seems to hard to detect these things. When an ISP sees a machine go from sending out 4 or 5 emails a day to spitting out thousands of emails every hour, it should be obvious there's a problem.

Also, close the damn mail ports off. If a customer wants to host their own email server at home, fine...but make them call in and request that the port be opened. And make it clear that if their machine gets owned, they get cut off and fined before access will be reconnected.
You can't look at these as two separate issues.

Currently, most ISPs are not monitoring what you send out on port 25. They have no technical means to do so, and acquiring that ability would be prohibitively expensive. ISPs can monitor what you send out through their SMTP relay server (most don't analyze the patterns proactively, but they can review the logs when they get a complaint) but generally botnets don't relay through the ISP's server.

But you're absolutely right about ISPs blocking outgoing access on port 25, unless a customer requests it to be open. The difficulty here is that most customers have dynamic IP addresses, and dynamically updating a firewall to allow access to port 25 from some customers and not others is non-trivial. My recommendation would be, block access to port 25 for all customers on dynamic IPs, and by default for all static IPs, but let customers with static IPs request for access to be allowed. Users running their own Linux boxes can configure their MTA to forward everything to the ISP's relay server. Everyone who needs to relay through a corporate mail server can use port 587.

So what's the problem with port 587? Not everyone has their mail server configured to allow it. But if ISPs start blocking port 25 and telling their customers to switch to 587 instead, I think more mail servers (that have users who need to relay from home) will start enabling port 587.

So how does switching to port 587 help? Won't the spammers just switch to that too? At first, yes, but here's the difference: MTAs can be configured not to allow any connections to port 587 without authentication and encryption. A bot can't just pick your domain name out of a hat, look up your MX, connect to port 587, and start sending crap, if the MTA is configured to require authentication. Port 25 can't require authentication, but if bots can't connect to port 25 because it's firewalled on their end, then we're making some progress.

This is not a change that should be made overnight; it will cause problems for a small handful of users. ISPs need to plan for this, set a date several months in advance, notify their customers of the plan and what they can do if they will be affected, and ideally coordinate with other ISPs so a whole bunch of ISPs all start blocking port 25 at the same time.

It'll never work, of course.

Re:An easy fix (2, Interesting)

Vskye (9079) | more than 7 years ago | (#18454699)

I'll go one better. Cut the fucking thing off the net until the user fixes the problem.
 
This is exactly what we do. The rule at our company is simple. 3 strike policy, and your out. If you send out a shitload of spam, etc we suspend the account. They then call in and bitch, we explain the situation and how they can resolve it by setting up a firewall, anti-virus software, etc. Or, refer them to a local computer tech to reinstall the OS, etc. If it happens again, strike 2. We inform them that they have one more chance to get it correct, or they are history.., no service again. Unfair? Nope. Our NOC watches this crap all the time. OS of choice for this crap is always Windows btw.

Re:An easy fix (1)

CodeBuster (516420) | more than 7 years ago | (#18455481)

I'll go one better. Cut the fucking thing off the net until the user fixes the problem.

Then you will get lots of calls from irrate customers complaining that their "Internet" isn't working and can't you fix it for them by pushing some magic button at your office? If you have spent any time in customer support for an ISP then you know that the level of ignorance people display concerning their PCs is astounding. In fact most people probably know more about their cars, and they don't know much about them either, than their PCs, about which they know almost nothing. If they even knew that they knew nothing then that would be something, but they don't.

They get cut off and fined before access will be reconnected.

Then they will go and buy service from your competitor who is only too happy to get them as a customer. As for collecting your 'fine' well, good luck. It is hard enough to get many people to pay a bill even when they do owe money nevermind a 'fine' imposed for violating the terms of service.

how come the MTAs haven't been rewritten to not allow header forging, etc, in all that time?

How are you going to detect if the headers have been forged? They are just text after all. The only way to tell is to run reverse DNS on the headers and cross reference with your incoming message logs and that gets very expensive, computationally that is, for each message that arrives. In addition, much of the spam these days originates from the bot networks which means that your reverse DNS lookups will match legitimate hosts on major ISPs (i.e. some poor user who has no idea that their machine has been hijacked and turned into a spam zombie). So what then? are you going to block all of Verizon, Sprint, Nextel, etc..just to stop some spam? Subscribe to the Spamhaus block list, run sever side filters such as spam assassin, and encourage users to run their own filters (SpamBayes) on their clients. Other than that there is not a lot that an admin can do about the spam problem without ruining e-mail service completely.

You Fail IT! (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#18453921)

BunCh of retarded Niggerness? And

How's Vista doing on this? (3, Interesting)

Animats (122034) | more than 7 years ago | (#18454689)

The big question: how many infected systems are running Vista? If there are a significant number of infected Vista systems, Microsoft blew it again. (Remember, Microsoft said that Windows 95 was going to fix security. Then Windows XP was going to fix security. Then Vista...)

On the other hand, if Vista systems aren't being turned into zombies, we may be at the beginning of the end.

Spammers have had to resort to more and more desperate efforts to keep spamming. In the late 1990s, spammers could just buy a big pipe and start sending. That's dead. Then there was spamming through open relays. That's essentially dead. There used to be a significant amount of "legitimate spam". That was killed by the combination of CAN-SPAM and spam filters - if it comes from a known spam source, it gets deleted, and if the sender lies about the source, they've committed a felony. China finally cracked down on "bulletproof hosting". (There are some "bulletproof hosting" outfits left [bullet-pro...osting.com] , but most are gone and some of the remaining ones may be sting operations.) Zombies are about the only way left to spam in bulk. And note how few different spams there are. The number of actual spammers left isn't that large. It's small enough for law enforcement to target.

If the zombie problem can be cracked, which ought to be possible, spamming may drop to a minor problem.

Re:How's Vista doing on this? (2, Informative)

gujo-odori (473191) | more than 7 years ago | (#18455299)

China cracked down on bullet-proof hosting? As a person who has been in the anti-spam business for over four years now, all I can say to that is:

BAAAAAAAAAAAAAAAAAAAAAAAAAAAHAHAHAHAHAHAHAAAAAAAAA AAAAAA!!!

Seriously, though, China remains a huge source of spam. Some may be zombies, I'm sure, but commercial spammers in China, operating on IPs with no forward or reverse DNS are very common. They've cracked down on bullet-proof hosting like they've cracked down on pirate DVDs: not really at all, just a little window dressing.

Bullshit (2, Funny)

Tablizer (95088) | more than 7 years ago | (#18454983)

The bot problem is way exaggerated. They are very rare even insi FREE V1AGRA WITH YOUR LOW MORTGAGE!
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...