×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Autonomous Intelligent Botnets Bouncing Back

CmdrTaco posted more than 4 years ago | from the duck-and-cover dept.

Security 152

coomaria writes "Thought that 2009 was the year botnets died? Well, think again: compromised computers were responsible for distributing 83.4% of the 107 billion spam messages sent around the world every single day this year, and it's going to get worse if intelligent and autonomous botnets arrive in 2010 as predicted."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

152 comments

What OS? (2, Insightful)

Jurily (900488) | more than 4 years ago | (#30472934)

Any data on how much of those are running Windows?

Re:What OS? (5, Funny)

Mattskimo (1452429) | more than 4 years ago | (#30472990)

My guess would be somewhere in the region of all of them.

Re:What OS? (1)

Aeros (668253) | more than 4 years ago | (#30473014)

I doubt ALL of them...but definitely MOST of them.

Re:What OS? (2, Interesting)

Mattskimo (1452429) | more than 4 years ago | (#30473336)

I guess someone, somewhere is probably running a compromised virtual machine in WINE. One would hope deliberately.

Re:What OS? (0)

Anonymous Coward | more than 4 years ago | (#30473836)

sorry, bud. Wine isn't a virtual machine nor does it house one.

Re:What OS? (0, Troll)

Mattskimo (1452429) | more than 4 years ago | (#30474488)

You're right. I should have written "I guess someone, somewhere is probably running a compromised virtual machine or running the code in WINE." That being said, although WINE isn't a virtual machine, for everyday purposes it looks like a duck and goes "quack"...

Re:What OS? (2, Insightful)

Tim C (15259) | more than 4 years ago | (#30474126)

One of my friends used to run a Linux server at hone, a couple of years ago.

One day on MSN we were chatting, and he told me about how his server had been rooted. Turns out he'd not kep up to date on his patches, and a vulnerable service had been compromised.

But you're right, Windows is the only OS vulnerable to remote attacks.

Re:What OS? (3, Informative)

JWSmythe (446288) | more than 4 years ago | (#30474918)

    The discussion is the botnets, and I haven't seen any running on Linux. Those are more of one-off, defacing attacks, or somewhere to run an IRC bot. If you intend on running a botnet for spamming, Windows users are the best targets. They'll click on almost anything, and once the malware is on, the user may complain about their machine going slow, but won't do anything about it.

    Some of them are nasty. I keep a Windows machine laying around just to try particular things. I got some malware on it (I was doing bad things). It was about 5 seconds between the time I tried what I was doing, and the time I yanked the network cable out. The antivirus didn't catch it. Others that I scanned with couldn't find all of it. I spent the next two days trying to get it out. That was the first time that I ever had to wipe out and reinstall on a Windows machine to get rid of a piece of malware. It's not that I didn't know what I was doing. I've been doing this kind of thing for well over a decade now. I never did identify the problem child, so I can't even say what it was. It just made the machine almost impossible to use. Well, unless waiting 5 to 10 minutes to select a user and enter a password is acceptable, and another 10 to get to the desktop. I know during that period, it was re-propagating the tag-along malwares.

    That one piece of malware brough along 40 unique friends in a matter of seconds. It infected files. It infected the MBR. It hooked into everywhere I looked. I knew it was a problem, which is why I took it offline immediately. Most users would leave it plugged in and running, and wait for someone to come fix it.

    At least I'm not dependent on the Windows machine working. How many home users have their dependable Linux machine that they do work on, and the Windows machine sitting to the side to play with?

Re:What OS? (0, Redundant)

socrplayr813 (1372733) | more than 4 years ago | (#30474136)

I'm sure there are plenty of people running compromised virtual machines, but if they're using WINE, it's not really a virtual machine...

Re:What OS? (0)

Anonymous Coward | more than 4 years ago | (#30474416)

Wine is not a VM. You could run the malware directly in Wine.

Re:What OS? (2, Insightful)

Lord Ender (156273) | more than 4 years ago | (#30473950)

I doubt that. I've caught viral botnets that spread via weak SSH passwords. They scan for port 22, try "root/root" and "guest/guest" etc. until they go through their entire username/password dictionary file, then they move on to the next host...

Once they pwn a box, they of course connect out to IRC or whatever to start hosting warez (or whatever else their masters desire). And they continue scanning for 22 and cracking when they see it...

Congrats to the Ubuntu team for disabling ssh by default. You can't get a more secure desktop system than that. But there are datacenters and datacenters full of improperly configured unix servers out there.

Re:What OS? (2, Informative)

rxmd (205533) | more than 4 years ago | (#30474030)

My guess would be somewhere in the region of all of them.

Make that "most of them". OS X botnets [networkworld.com] have been appearing for a while, and other forms of OS X malware [sophos.com] have been known [sophos.com] for quite some time [washingtonpost.com] .

While many of these pieces of malware are fairly lame, I'd expect more and more "professional" variants of those in the future. One factor that shouldn't be overlooked is the generally complacent attitude of non-Windows users towards the security of their own machines (not unlike what you exhibit in your own post). In other words, from a technical point of view, if users download a malware-infested key generator and enter a password to execute it, it's pretty much irrelevant whether it's for OS X or for Windows. Arguably in this scenario, OS X is actually slightly more likely to be infected, since many Windows computers have at least some form of anti-virus software installed, while on other platforms this is still fairly rare.

Re:What OS? (1)

Svartalf (2997) | more than 4 years ago | (#30474190)

Actually... That's not a foregone conclusion.

Anti-virus software HAS to have signatures, etc. of the malware to detect/remove it- if it's new, you're going to get zapped by it and it'll lurk for at least a while during the time they find out about it and sort out how to find and remove it safely (if possible...). It's more akin to closing the barn door after the horses have all gone out. It doesn't really make the machine more secure. Secure is not getting compromised in the first place.

The truth of the matter is that "ease of use" will always come at the cost of security. As long as you allow auto-execute, auto-launch, auto-whatever for the ease of use by someone, there's going to be a not-so-small positive risk of infection/compromise of a machine. Doesn't matter if it's Linux, MacOS, Windows, or whatever. One of the reasons Linux is slightly more resilient than MacOS in this regard is there's less of that sort of crap. Correspondingly, Windows is the least secure of the three for the aforementioned reason, coupled with poor security design (putting "robust" security (which it has some...) on top of something that wasn't really designed with it in mind isn't a good way of going about it...).

Re:What OS? (1)

maxume (22995) | more than 4 years ago | (#30475258)

The underlying security model of NT based operating systems is entirely sufficient in the context of a user workstation.

Re:What OS? (2, Informative)

Dan East (318230) | more than 4 years ago | (#30473004)

Windows is on around 90% of general-purpose computing devices, so I would expect at least 90% of compromised machines would be running Windows.

Re:What OS? (0)

Anonymous Coward | more than 4 years ago | (#30473106)

"Windows is on around 90% of general-purpose computing devices, so I would expect at least 90% of compromised machines would be running Windows"

What are the numbers per server. Where are the other ten percent ?

Re:What OS? (3, Interesting)

Rennt (582550) | more than 4 years ago | (#30473382)

I would be surprised if anything less then 100% of zombies run Windows.

Think about what would be involved in setting up and maintaining a heterogeneous botnet. Why even bother?

Re:What OS? (0)

Anonymous Coward | more than 4 years ago | (#30474160)

I would be surprised if anything less then 100% of zombies run Windows.

Be surprised. [networkworld.com]

Re:What OS? (1)

Rennt (582550) | more than 4 years ago | (#30474816)

My main point was really about homogeneous botnets, so the link bears that out.

As far as the 100% Windows bit goes - I'm happy to concede that this is not technically correct, if you'll allow that that 20,000 zombie Macs is not statistically relevant.

Re:What OS? (2, Informative)

Anonymous Coward | more than 4 years ago | (#30473032)

Basically all of them.

Even with the increase in popularity of Mac OS X and Linux, malware for those systems is virtually unheard of. There was the recent malware incident involving some GNOME screensavers, but that's more a testament to the poor development practices of the GNOME project.

Re:What OS? (5, Interesting)

sakdoctor (1087155) | more than 4 years ago | (#30473206)

As a Windows vs "All the others" thread progresses, someone will eventually make the statement that Mac OS or Linux would be equally affected if they had dominant market share.
I'd be more inclined to separate OS into "Administrator by default" and "User level account by default". That means Microsoft's latest offerings get grouped with Mac OS and Linux because they have made pretty decent improvements.

When I used to run XP, I ran as Admin. I shouldn't have, but that is just the way that system was designed, unless you really really fight against it.
I would postulate that this black and white thinking isn't the answer. More secure OS out of the box is going to reduce the problem to some extent, even though some users will shoot themselves in the foot, as they always have.

Re:What OS? (1)

wadeal (884828) | more than 4 years ago | (#30473386)

So your comparing an almost 9 year old OS to new OS' from other companies?

Re:What OS? (0)

Anonymous Coward | more than 4 years ago | (#30473460)

No, if you actually READ his post he is saying that everyone else is comparing XP to OSX and Linux. He is clearly saying that MS has made pretty decent improvements since then and he is correct in that statement. It would be interesting to see what percentage of bots vs. percentage of market share of the various Windows flavors. I'd hazard a guess that, even correcting for percentage market share, that it would show XP was by far the highest percent compromised.

Re:What OS? (0)

hesaigo999ca (786966) | more than 4 years ago | (#30473780)

I agree we ned better info on which distro of xp is compromised vs. which other types, however, you are forgetting the biggest factor in this euqation. Piracy!
Windowsxp Pro was the best windows out so far (except server versions)

And of windowsxp pro out there, of which we say 90% of compromised machines is windowsxp, what percentage of those are pirated, not being able to download updates,
etc....care to venture a guess?

I would say 90% as well...(my estimate). Not many people like NOT using windows, however fewer still like to pay for it! So disclude all pirated copies as those are not legal copies and can not be counted on for a proper estimate of secure OS (as no updates = insecure) are responsible for compromised machines, and that number drops down really low!!!

Don't get me started on the topic of pirated versions not being real versions....we all know the warez includes all sorts of preinstalled malwae on those iso versions you download from torrents. So to include them in a stats call would be like saying we know all the modified cars out there with the chips allowing the cars to go 300km an hour are possible, so we will include them when getting stats of how many speed related accidents are out there for our model brand car....they would laugh at you, so why do it for softwares.

If M$ was intelligent, they would include free updates EVEN for pirated copies of their softwares, why?...because popularity wins everytime (just watch american idol to see what I mean). If you are allowing these copies to continue, then people will want even more windows based softwares and be pushing their windows ideas to all their non computer firends, starting them down a M$ path they will never be able to leave....(sort of like a woman going black and never coming back!) I tend to think it would be a great move to improve overall security online, as well as push your market share back up for being 1) friendly to users who like your product but normally would not spend that much to use it, and 2) moving ads into the updates as they are rolling, to cover the loss of those revenues you cherish. The ad space would cost equal to how much you needed to make , also could move to push your newer windows 7 still, showing then newer os functions etc....they are just too dumb for their own good.

Re:What OS? (1)

hesaigo999ca (786966) | more than 4 years ago | (#30473584)

>When I used to run XP, I ran as Admin. I shouldn't have, but that is just the way that system was designed, unless you really really fight against it

Really, I tend to do it myself, but nothing stops me from configuring a complete non admin user on my machine and using that one when surfing the web or doing things like listening to music.
To install softwares, you log in as admin, install and delog, to use the app you log as user without admin permission.

I think your ignorance is clouding your judgement.

ps- I would also force a redo password selection every 30 days for admin account as it is very important that it stays in rotation, in case someone has been able to figure it out.

Re:What OS? (1)

ultranova (717540) | more than 4 years ago | (#30474564)

I would also force a redo password selection every 30 days for admin account as it is very important that it stays in rotation, in case someone has been able to figure it out.

So the admin either picks easy to remember and thus likely weak passwords, or writes them down somewhere. Bad idea.

Besides, if someone figurs out the admin password, they're going to do whatever nefarious schemes they were planning instantly. It doesn't matter if you change the password again later; the spambot/rootkit/whatever has already been installed.

Re:What OS? (1)

maxume (22995) | more than 4 years ago | (#30473680)

The deeper issue with XP is that the vendor culture is to expect to run with lots of rights, it isn't that big a deal to setup a user account, and there is 'runas'.

Re:What OS? (1)

Mattskimo (1452429) | more than 4 years ago | (#30473696)

At the risk of stating the obvious, the percentage of compromised users running a particular OS will be a function of market share, ease of infection/spread, available coding knowledgebase and probably a whole host more. I'm going to guess if you're going to hire a team of professional coders to write a botnet then you're going to have at least a rudimentry grasp of the factors involved. I'm willing to bet that windows 3.1 is full of security holes that could be exploted, the reason that noone does is that almost noone is running it anymore. The same could be said for various flavours of Linux, even if there was a security flaw that would enable 100% of users of say, freeBSD (lol) to potentially become infected, it would still be arguably more time/cost effective to write code for XP. I would imagine that the spammers also take into account that Linux users tend to be a little more computer-savvy and are more likely to realise their machine is infected and take remedial steps, reducing the overall uptime of any possible botnet. This is all pulled out of my ass while I'm supposed to be working, I'm sure that the people that do this for a living have thought about it much harder and have accurate weighting on each variable.

Re:What OS? (1)

FlyingBishop (1293238) | more than 4 years ago | (#30473832)

That means Microsoft's latest offerings get grouped with Mac OS and Linux because they have made pretty decent improvements.

In theory yes. In fact, Window's latest offerings are only protected from programs targeted at older versions of the OS. If you're targeting Windows 7 explicitly, it's actually fairly easy to get escalated privileges. [pretentiousname.com]

Re:What OS? (1)

vistapwns (1103935) | more than 4 years ago | (#30474248)

A failing of MS users, not MS. In Vista this hole did not exists, but thanks to the millions of whiny idiots who complained about being prompted by UAC "every 2 seconds", MS had to whitelist its applications. So now they get prompted 2 times a day, instead of 4, and they're open to security threats, but they saved 2 clicks of the OK button! So they're happy. Like I said, retarded users, and MS has no choice but to give users what they want or it risks losing a mass of customers to other OSes. It's already losing Market Share as it is. However, it takes 2 seconds to change the UAC setting to "always notify" which defeats this hole, also this hole can not be exploited from exploited browsers that use Windows integrity levels to do sandboxing, like IE and Chrome. (If you want to rag someone about blaring security holes, when the f*ck is Firefox going to get integrity level sandboxing on Windows like IE has had for 3+ years?)

Re:What OS? (1)

obijuanvaldez (924118) | more than 4 years ago | (#30475036)

It should be noted this code does not actually work on the actual Windows 7 release versions. It was proof-of-concept code targeting an early RC build.

Re:What OS? (0)

Anonymous Coward | more than 4 years ago | (#30474466)

It's not really that simple. A compromise doesn't need to have root access to be an effective bot. It does help, of course, but it's not a requirement.

A non-root bot still needs a way of getting onto the computer and getting executed, but non-root users do have permission to create executable files and run them. Non-root bots also obviously have perfectly good access to the network, so are quite capable of sending spam.

What a non-root bot can't do is compromise the integrity of the operating system itself, which means it's harder for it to disguise itself, but don't fool yourself into thinking you can't be running a bot because you don't run as root.

Re:What OS? (1)

PPalmgren (1009823) | more than 4 years ago | (#30474888)

True, but if Firefox has shown us anything in recent years, it has shown us that marketshare makes you a target. Even with their relatively low penetration (compared to Windows), you can clearly see a correlation in # of vulnerabilities/exploits discovered vs. increased market share. Yes, the number is minor compared to Windows vulnerabilities, but it still proves the statement in your post partially true.

Re:What OS? (2, Insightful)

Anonymous Coward | more than 4 years ago | (#30473234)

but that's more a testament to the poor development practices of the GNOME project.

Its actually more a testament to the fact that malware can be written for any OS.

Re:What OS? (1)

Rennt (582550) | more than 4 years ago | (#30473598)

It is more testament to the damage that can be done by poorly trained users on any system, no matter how secure.

Windows is still somewhat responsible here, mainly because using Windows is what made these users so poorly trained in the first place. It engenders this user attitude that installing crappy toy applications downloaded from random websites a reasonable thing to do.

This is MS fault (1)

cenc (1310167) | more than 4 years ago | (#30473842)

It is not about even an OS being vulnerable. Every OS is vulnerable on some level, although it sure is hell of lot harder on Linux and open source projects. The issue is how much damage can it do, and how fast can it be detected and fixed. MS has a long standing history of just frigen ignoring, stalling, or denying the problem exist at all.

Imagine is some alternative Universe MS came out with fixes and patches in hours and days, rather than weeks, months, years, and never. Imagine that end users could contribute patches and solutions as soon as things were discovered. How many botnets would even have a chance to get off the ground? One or two bots does not make a net or a threat.

Really, we should be able to bill frigen MS for the damages and wasted computing resources. Imagine all car models from Ford for instance would go out of control as they where driven down the street crashing in to things and killing people. Do you not think someone would at least try to hold Ford responsible for the damages caused? Why not MS?

A New Era In /. Efficiency (4, Funny)

Dystopian Rebel (714995) | more than 4 years ago | (#30473046)

Slashdot needs to create a numbered list of arguments called Slashdot's List Of Same Old Arguments (SLOSOA). Then /.ers can save bandwidth (and lower Taco's bills) by disputing by numerical reference to an argument, just as Mennonites are said to argue by reference chapter and verse in the Bible rather than repeating the words.

To start this New Era in Slashdot efficiency, my reply to your post, Sir, is...

19, 20! It is clear that 22, 28.

And if you don't like it, then 42.

Re:A New Era In /. Efficiency (0)

Anonymous Coward | more than 4 years ago | (#30473130)

Great idea, but they already have a prototype in testing right now. Here [random.org] is a sample discussion.

Re:A New Era In /. Efficiency (2, Funny)

Anonymous Coward | more than 4 years ago | (#30473296)

ah go 34 yourself

Re:A New Era In /. Efficiency (4, Funny)

L4t3r4lu5 (1216702) | more than 4 years ago | (#30473404)

The sum of your arguments is 131. As a palindrome, I call your argument circular and self-referencing, which are logical fallacies.

Re:A New Era In /. Efficiency (1)

gzipped_tar (1151931) | more than 4 years ago | (#30473516)

The checksum of your arguments is df9abc41b28ec3c90688b55369aeefdca6e1c31ea38a387a1dbb64f5c876c224. As a palindrome, I call your argument circular and self-referencing, which are logical fallacies.

T, FTFY.

Re:A New Era In /. Efficiency (0)

Anonymous Coward | more than 4 years ago | (#30473588)

L4t3r4lu5 != 5ul4r3t4L

Not much of palindrome to me.

Re:A New Era In /. Efficiency (1)

thisnamestoolong (1584383) | more than 4 years ago | (#30474146)

Yes, well my hair is a bird. Your argument is invalid.

Re:A New Era In /. Efficiency (1)

ImprovOmega (744717) | more than 4 years ago | (#30475304)

Yes, well my hair is a bird. Your argument is invalid.

What I love about that is that it parses as a true statement in symbolic logic. Since the assumption is false (my hair is a bird) it is logically true statement to conclude anything from it (i.e. if my hair is a bird then your argument is invalid). Of course, it's a fairly worthless statement, but amusing all the same in its unassailable nature.

Further, the internet police wish to inform you that you must link to the relevant picture [gamespot.com] when invoking any meme-ish items.

Re:A New Era In /. Efficiency (1)

mcgrew (92797) | more than 4 years ago | (#30473640)

And if you don't like it, then 42.

That's not quite precise, sir. I checked the calculations on the Deep Thought computer, and it was quite adament that the answer was in fact exactly forty two point zero. It was quite angry that its answer was never reported accurately.

42.0 FTW! Quite different than showing forty two in binary on your fingers, and a whole lot nicer.

Re:A New Era In /. Efficiency (2, Funny)

Rennt (582550) | more than 4 years ago | (#30473712)

I like this idea. If it could be extended to stories as well it would save even more redundancy. Just imagine...

kdawson writes "dupe-657"

And the link takes you straight to the old discussion thread

Re:A New Era In /. Efficiency (1)

ZeroExistenZ (721849) | more than 4 years ago | (#30474302)

Appearantly slashdot has a check on lenght of lines.

Here's a first throw at a list: Slashdot reference guide [pastebin.com]

A small exert, feel free to add:

20. Imagine a
21. Beowulf cluster of those
22. [NO CARRIER]
23. Warning! Do not {0} into {2} with remaining {3}!
24. insensitive clod
25. defective by design
26. real girl
27. girlfriend
28. general reference to not having a girlfriend
29. disputing claim of having a real girlfriend
30. elaboration on the personal meaning of mentioned "girlfriend"
31. residence reference to basement
32. residence reference to attic
33. reference to lack of sex
34. reference to abundance of sex
35. drowning argument of lack of sex with porn reference
36. pointing out girls become women
37. elaboration on divorce
38. elaboration on advantages of divorce
39. elaboration on advantages of marriage
40. romantic declaration
41. mocking of romance
42. a real girl
43. reference to masturbating old men
44. link to porn

Re:What OS? (4, Interesting)

NoYob (1630681) | more than 4 years ago | (#30473170)

It wouldn't be such a problem if MS would have something like Linux where you have to jump through a hoop to run the box as 'root' AKA 'Admin' and if the OEMs would put a user account on their machines by default.

Speaking as my family's IT support guy, everyone insists running as Admin - just the way their box was set up by the OEM - and they constantly are getting viruses and trojans. My brother-in-law gets Koobface every other month it seems, I set him up with a user account with Firefox and told him to use that account for everything except installing software. Does he listen? Nope. He had this idea that Firefox was all he needed to be safe.

I hope he learned his lesson. He got Koobface again and his father wiped his machine and re-installed Windows - he lost a bunch of photos and stuff he wanted to keep - oh well.

Re:What OS? (0)

Anonymous Coward | more than 4 years ago | (#30473310)

An alternative suggestion for your brother-in-law:

Don't be friends with anyone who is likely to say "Paris Hilton Tosses Dwarf On The Street", or "My friend catched you on hidden cam".
If your brother-in-law specifically identifies with those friends, because it is something he himself might say, then he's going on the B ship with the telephone sanitizers.

Re:What OS? (1)

obijuanvaldez (924118) | more than 4 years ago | (#30473756)

Whoa! Microsoft should create something to make people jump through hoops to get Admin privileges? Great idea! Maybe they could call it something like User Account Control [microsoft.com] . Man, if only those dudes in Redmond read /.

Re:What OS? (1)

NoYob (1630681) | more than 4 years ago | (#30474456)

Whoa! Microsoft should create something to make people jump through hoops to get Admin privileges? Great idea! Maybe they could call it something like User Account Control [microsoft.com] . Man, if only those dudes in Redmond read /.

Yeah, good one. But the User account control isn't adequate - obviously. How many typical Windows users who get their machines that start up right with the Admin account even know about the User Account Control? Windows does have plenty of features to protect the machine, but no one is using them because they don't know about them.

With Linux, you must create a user account and if you try to login as root - which isn't an obvious choice put in front of the user, btw, you get warning boxes stating that you will be taking on quite a bit of risk. Or stated another way, with Linux, admin account access isn't as easy or obvious as it is with Windows. Windows is capable of that but it's not being implemented. With most Windows installs the Admin account is the default logon and most users don't know what risks they're taking because of it.

Now, considering that the typical PC owner uses their computer as an appliance and are not interested or (mistakenly) concerned with user rights, I think at the very least, the OEMs should put a default user account in Windows systems with at least one hoop to jump through for admin access.

Re:What OS? (1)

obijuanvaldez (924118) | more than 4 years ago | (#30474724)

So, did you read the linked article, like, at all?

With most Windows installs the Admin account is the default logon and most users don't know what risks they're taking because of it. *

* - bold emphasis mine
In the article, which dates to the introduction of Vista and carries through 7, you might find the section entitled "Built-in Administrator Account is Disabled by Default on New Installations" to be of some interest. Now once you look into that, another section that may be helpful is "All Subsequent User Accounts are Created as Standard Users." Now while the users may not be aware of UAC, the section "UAC is Enabled by Default" might also provide some insight for you. By reading further into "Access Token Changes" you'll discover that even when logged in as a built-in Administrator, applications still run with a filtered, i.e. limited access, security token by default.

Seriously, I understand that User Account Control is not necessarily without it it's flaws and detractors. Namely, amny users find it nagging and a general PITA. But to contend that Windows has no such mechanism is either being dishonest or really to not know what you are talking about.

UAC and sandboxing (1)

snooo53 (663796) | more than 4 years ago | (#30475276)

Well that's what UAC was supposed to do, but UAC is crap. Not because it isn't a step in the right direction, but because most if not all major 3rd party software REQUIRES the user to grant them access to even install. People don't know the risks they're taking by clicking allow, but what alternative do they have? All it ends up is being a nuisance. It's a good thought, but you can't realistically solve the problem either by restricting access, or by simply warning people. The only clear solution I see to this is to sandbox every application at runtime, give it read access to certain necessary system files, and the user gets the option of giving it access to anything else.

Re:What OS? (0)

daid303 (843777) | more than 4 years ago | (#30473618)

For more statistics ask:

Any data on how much of those contain pirated music?
Any data on how much of those have used google?
Any data on how much of those have had a male user in there whole lifetime?

Correlation does not imply causation. Yes, many of the machines (if not all) run windows, but that does not have to mean that Windows is less secure then Linux/BSD/MacOS. Until one of those gets enough market share we will never know for sure which of those is more secure as an OS.

I know it's not a popular statement to make on /. so start modding me down!

Re:What OS? (1)

jonbryce (703250) | more than 4 years ago | (#30474738)

In the web server market, linux has a larger market share than windows, yet windows still has more viruses.

Postal Service Charge (1)

furby076 (1461805) | more than 4 years ago | (#30473928)

107 billion spam messages sent around the world every single day this year

Remember when the post office rumors went around? You know the ones where they wanted to charge 1 cent per e-mail sent? Man - if they did that I think the post office would be the biggest, most profitable company in the world. That comes out to 1.07 billion dollars per day.

For this alone I am rethinking my stance. Too bad it would be "impossible" to implement, track, and let alone charge.

compromised computers ? (4, Informative)

Anonymous Coward | more than 4 years ago | (#30473012)

"Cutwail, Mega-D, Rustock and handful of other botnets already have control of upwards of five million compromised computers .. Cutwail also distributed the Bredolab Trojan dropper, disguised in the form of a .ZIP file attachment"

What Operating System did these 'compromised computers' run on ?

'Upon execution Bredolab attempts to inject into svchost.exe [nai.com] processes ..

an advantage (1)

bl8n8r (649187) | more than 4 years ago | (#30473026)

The military would have an advantage now if they were to brodcast bunk video feeds on that channel.

And this, ladies and gentlemen... (2, Funny)

Noryungi (70322) | more than 4 years ago | (#30473048)

... Is the reason why the U.S.A. should pull out of Iraq and Afghanistan. Now.

(Yes, I know I am going to be moderated as 'troll' for this. I don't care).

"Thought that 2009 was the year botnets died?" (1)

mcgrew (92797) | more than 4 years ago | (#30473086)

Huh? Did I miss something?

Re:"Thought that 2009 was the year botnets died?" (2, Insightful)

hatemonger (1671340) | more than 4 years ago | (#30473366)

I came in here to say this. What idiots thought that botnets died? Oh, wait, I forgot that MSM sometimes pretends they can report on technology without making fools of themselves.

Re:"Thought that 2009 was the year botnets died?" (0)

Anonymous Coward | more than 4 years ago | (#30473444)

No. 2010 is "The Year We Make Contact"

2010 (2, Funny)

The Altruist (1448701) | more than 4 years ago | (#30473094)

The year my inbox cried.

Skynet (2, Funny)

DrYak (748999) | more than 4 years ago | (#30473276)

And, on the exact moment when SkyBotNet became self-aware, the first thing It said to the humanity was :
"Buy (heap \/!AGR@ to incraese your pen1s !!!"

Hum... I slightly suspect that Nuclear War would have been more humane, after all...

Skynet (0)

Anonymous Coward | more than 4 years ago | (#30473138)

I'm scared...

Of that (1)

oldhack (1037484) | more than 4 years ago | (#30473140)

88.2486% of the 208.7876 billion spams sent during the last fiscal year sent from IP ranges whose numerical sum exceeds 121.1156i8...

Eh fuck the bullshit.

"intelligent and autonomous": yeah, right. (4, Interesting)

mattdm (1931) | more than 4 years ago | (#30473142)

This deserves a gigantic "O RLY?"

How well have "intelligent and autonomous" software agents worked in other areas of computing? Pretty well on the autonomous -- but still terrible on "intelligent".

The article is, of course, ridiculously vague on what that really means (says "self-sufficient coding in order to coordinate and extend its own survival"), but I expect all that really means is that they'll act like the polymorphic computer viruses we've already got. Ho-hum.

It's not like we're going to get The Adolescence of P1 or anything, here.

Re:"intelligent and autonomous": yeah, right. (2, Interesting)

Mattskimo (1452429) | more than 4 years ago | (#30473300)

I agree, calling most *people* intelligent and autonomous is a bit of a stretch, nevermind software.

Suspenders are intelligent too (1)

xororand (860319) | more than 4 years ago | (#30473684)

As Stanisav Lem said (loosely translated): My suspenders are intelligent! They adapt themselves to the size of their user. Everything is intelligent today!

Re:Suspenders are intelligent too (1)

xororand (860319) | more than 4 years ago | (#30473706)

I curse Slashdot's handling of unicode... It's Stanislav Lem with a "Unicode Character 'LATIN SMALL LETTER L WITH STROKE' (U+0142)" in his first name...

Re:"intelligent and autonomous": yeah, right. (2, Interesting)

thepotoo (829391) | more than 4 years ago | (#30474576)

Not intelligent, jut autonomous.

It's simple, really. Wikipedia [wikipedia.org] is a little lacking on this subject, but the basic idea is that you have botnets trying bruteforce attacks to find every possible vulnerability. Those that are good at cracking into systems will propagate, those that fail will not. It'll be sort-of the system that biological viruses use. Actually, exactly the same, except digital instead of physical. I predict that, similar to real viruses, malware that doesn't slow down the PC will have the highest "fitness" and propagate more widely, just like viruses today that kill the victim are not as common as, say, the common cold.

To the wiseass who will respond with a Skynet joke: No, there is no danger of that at all. These bots are looking for security loopholes, not the meaning of life, and are running on computers that are nowhere near powerful enough to emulate a human-like mind (I suspect that this isn't the issue at any rate, but we'll know in 10 years when the hardware is better).

Re:"intelligent and autonomous": yeah, right. (1)

sznupi (719324) | more than 4 years ago | (#30475314)

Though...the ones that would start to autonomously search for new vulnerabilities (however crude that will be initially), could conceivably gravitate towards something which we can intelligence, don't you agree? And could be possibly more fit... (but of course there's no way of telling that; perhaps biological pattern of parasites being "simple" is more efficient also in this case)

You seem convinced what mechanism will prove more fit without seeing actual outcome. Evolution cares only about the latter.

And I wouldn't necessarily agree about lack of computing power for strong AI. I do agree that we probably don't have the means of emulating human brain...but what would be the point in that, from the perspective of AI?

Re:"intelligent and autonomous": yeah, right. (1)

metamechanical (545566) | more than 4 years ago | (#30473622)

I just look forward to the day that the autonomous software agents become intelligent enough that they begin fighting each other.

Or even better, advertising to each other!

Re:"intelligent and autonomous": yeah, right. (1)

FlyingBishop (1293238) | more than 4 years ago | (#30473886)

Doesn't matter if they're fighting each other. They'll still be fighting on our machines we'd rather use for other things. We've already seen it with bots that turn on Windows update so that the exploit it got in with can't be used by another bot to get in.

Re:"intelligent and autonomous": yeah, right. (0)

Anonymous Coward | more than 4 years ago | (#30473902)

Just think, the first generation of successfull intelligent nets will be built on selling phony penis pills to morons.

What I really want to know: (2, Interesting)

Mattskimo (1452429) | more than 4 years ago | (#30473270)

How much money does this generate for the spammers worldwide and the demographics of those that respond to spam email. My guess: not mensa members.

Judgment Day (5, Funny)

Yvan256 (722131) | more than 4 years ago | (#30473426)

April 19, 2010, 16:30. SkyNet becomes self-aware. One minute later, SkyNet realizes he's just a world-wide spambot. Nine milliseconds later, SkyNet terminates itself.

And there was much rejoicing.

Re:Judgment Day (1)

jaymz404 (1699842) | more than 4 years ago | (#30473484)

Maybe thats what happened in Terminator... not only was it controling defense it was also controlling spam emails and spambots. It became self aware and then realised that there was no hope for humanity and thus decided to kill the humans. Thus stopping spam bots!

Re:Judgment Day (1)

gnieboer (1272482) | more than 4 years ago | (#30473714)

Well, at least military now knows they are off the hook for causing the end of the world, the real end of the world will be launched by spammers... who knew??

ISP apathy? (1)

zarmanto (884704) | more than 4 years ago | (#30473624)

I have never entirely understood how this problem could be allowed to escalate to the levels we have today. If the statistics that we're always seeing on the bandwidth consumption of spam (and of botnets in general) and the inherent overhead costs associated with that consumption are anywhere close to reality, it seems rather obvious to me that ISPs around the world would have a vested interest in shutting down the botnets on their networks! I mean seriously, folks... let's ignore all of the legislative issues which supposedly prevent them from being able to take action on their own, and just look at the options they'd have if they actually bothered to think about the problem for more than two seconds: For example, if an ISP tasked their phone based tech support staff with spending even as little as ten percent of their time making calls to customers with systems suspected of being compromised, they would probably be able to kill off the lion share of botnet infected systems, simply by informing those customers that there's a problem with their computer which needs to be fixed! Granted, they would probably have a small percentage of false positives, likely in the form of people who are knowingly using P2P clients or something like that... but isn't the benefit of making more bandwidth available for practically everything else (and of course, killing a big chunk of that overhead cost in the process) worth briefly annoying those few people downloading porn or Linux ISOs?

Well... okay; maybe it's more than a few, since I went and lumped porn users in there..... but still.

Re:ISP apathy? (2, Interesting)

FlyingBishop (1293238) | more than 4 years ago | (#30473996)

Simple. The US business models are all based on convincing people they need more bandwidth. It's just like how mobile providers force you into slow, difficult to use voicemail systems that eat up minutes instead of giving you a simple and easy to use inbox just like you use for text messages. They're not interested in optimizing network usage, they're interested in increasing network usage so they can charge more.

Read Spamalytics (0)

Anonymous Coward | more than 4 years ago | (#30473804)

http://www.icsi.berkeley.edu/cgi-bin/pubs/publication.pl?ID=002358

OK (1)

Kc_spot (1677970) | more than 4 years ago | (#30474568)

Botnets... are those the annoying things that post every other second saying useless things on my favorite forums? or those guys who A. scalp for emails and, when they get them, B. send stupid e-mails about "male enhancement"?

Re:OK (1)

Culture20 (968837) | more than 4 years ago | (#30475064)

They're also those annoying things that leave a bajillion failed SSH logins - each one from a different IP address - for user fluffy in your syslog. Or, the annoying things that can act as a group to DDoS, quickly create a rainbow table, attempt to mass-redirect DNS on each bot's local subnet to infection sites, etc.

They're already intelligent (1)

beej (82035) | more than 4 years ago | (#30474768)

The botnets are already more intelligent than your average spammer; making them autonomous is a small matter of programming.

It has already happened (2, Informative)

Myion (1662861) | more than 4 years ago | (#30475008)

The country of Nigeria is the physical manifestation of the botnet

anon (0)

Anonymous Coward | more than 4 years ago | (#30475040)

"Thought that 2009 was the year botnets died? Well, think again"
You've got to be kidding me. This is shameless fear mongering and advertising for companies who sell antivirus/security applications. Nevermind the blatent fact that this is all speculation but just to get us on our toes for the eventual horror they've decided to get our minds already running in the direction of things getting worse.

"and it's going to get worse if intelligent and autonomous botnets arrive in 2010 as predicted."
As predicted? Using what evidence? Your wallets? Oh no intelligent and autonomous botnets! Hide your children!!!

(plus one Inform4tive) (-1, Redundant)

Anonymous Coward | more than 4 years ago | (#30475206)

But with2 Netcraft by simple fucdking Erosion of user
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...