Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Looks To Courts For Botnet Takedowns

samzenpus posted more than 3 years ago | from the letting-the-man-do-the-work dept.

Botnet 93

angry tapir writes "Microsoft has seen a dramatic drop in the number of computers infected with Waledac, a piece of malicious software affiliated with a botnet that was once responsible for a massive amount of spam. In the second quarter of this year, the company cleaned only 29,816 computers infected with Waledac, down from 83,580 computers in the first quarter of the year. The drop in the number of infected machines shows the success of the legal action Microsoft took earlier in the year, according to the company."

cancel ×

93 comments

Sorry! There are no comments related to the filter you selected.

Better to look to goatse (-1)

Anonymous Coward | more than 3 years ago | (#33890730)

Goatse [goatse.fr] is far more effective for botnet takedowns.

Right goal. Wrong tool. (2, Insightful)

symbolset (646467) | more than 3 years ago | (#33890782)

The courts are not going to make the software secure.

Re:Right goal. Wrong tool. (0, Offtopic)

odies (1869886) | more than 3 years ago | (#33890810)

Software is already secure. Problem are the users that will open up anything from the internet if they get to see a happy puppy or some free porn. It would be the exact same issue on Linux and Mac OS X too.

Re:Right goal. Wrong tool. (3, Insightful)

Dunbal (464142) | more than 3 years ago | (#33890874)

It would be the exact same issue on Linux and Mac OS X too.

      Then why isn't it? While it's easy to shift blame onto the user, this completely overlooks the fact that a system designed with the capability of executing foreign code without any kind of privilege escalation check is just asking for trouble. No one should have to worry about those puppies or that porn in the first place.

Re:Right goal. Wrong tool. (4, Insightful)

odies (1869886) | more than 3 years ago | (#33890916)

Because Windows is installed on 95% of computers and all the casual users are there. Linux users mostly, at least somewhat, know better what they are doing. On the other hand, there has been similar trojans on Mac OS X too.

And privilege escalation? Why would sending email or keylogging the current user need root access? It doesn't.

Re:Right goal. Wrong tool. (1, Insightful)

wmac (1107843) | more than 3 years ago | (#33890980)

Who did downrank parent of this message to -1?

Oh, I almost forgot. This is slashdot and you cannot !(badmouth) Microsoft.

Re:Right goal. Wrong tool. (0)

Anonymous Coward | more than 3 years ago | (#33891998)

You think thats bad, have you checked out the apple forums lately. It feels like your arguing with a mentally insane group of rabid fans. Yes not all apple owners are insane or rabid. It just seems to be the ones with mod points.

Re:Right goal. Wrong tool. (0)

Anonymous Coward | more than 3 years ago | (#33897158)

Because Windows is installed on 95% of computers and all the casual users are there. Linux users mostly, at least somewhat, know better what they are doing. On the other hand, there has been similar trojans on Mac OS X too.

And privilege escalation? Why would sending email or keylogging the current user need root access? It doesn't.

Wrong on so many counts. Windows is installed on less than 88% of "computers," by which I assume you mean anything running a cpu die with a wide bus to DRAM and a PCI bus to a persistant store... If you mean all electronic GP computation machines, this figure probably drops to 50%.

A have a lot of linux users who don't know their mouse from their ass, and use linux because I'm sick of re-imaging their bot-net infected windows machines.

Trojans on a Mac? Examples please.

Re:Right goal. Wrong tool. (0)

Anonymous Coward | more than 3 years ago | (#33890938)

Um, what? Maybe update your talking point from 1995. At worst the exploited viewing program will affect the user account only (Explorer); at best it won't do anything because it has less privileges than the user (Chrome, IE). And a "privilege escalation check" is an oxymoron.

And you went completely off-topic. GP meant the user manually initiating rogue program installation to view porn, not some drive-by browser malware.

Re:Right goal. Wrong tool. (0)

HungryHobo (1314109) | more than 3 years ago | (#33891028)

There's no shortage of security holes found in linux.
Given a linux distro that's even moderaly out of date it's almost trivial to find an exploit.

The main reasons we see less malware for linux is that the average linux user tends to know what they're doing and know what they shouldn't do.
There's also the small matter of windows being the dominant OS.
I don't know about you but if I was writing a virus I'd put my effort into attacking the most common system, not something that has a couple of percent of the market.

Re:Right goal. Wrong tool. (4, Insightful)

unapersson (38207) | more than 3 years ago | (#33891268)

Not just that:

1) software is not acquired through random internet downloads but through a package manager
2) random internet downloads are harder to install, you don't just double click and have to make them executable
3) windows has shown again and again that it makes infection easy: auto running things from cd/usb stick, easy running of executables, hiding filename extensions. None of those problems extend to Linux and they've been the most common way for these things to spread.
4) a user has a level of proficiency before they're happy to open a terminal and run random commands from the internet, and by that point they're likely to know what the commands do
5) most linux distros don't need the command line for day to day operation, it's only there for advanced users
6) Linux distros keep themselves and all software on them up to date. It's not something handled by the user or by each piece of software having it's own updater.

Linux could have problems, but the security holes found are much harder to exploit due to the way everything is set up by default, and how the system is used. A lot of Windows security problems have been "as designed".

Ok, what about malscripted webpages? (0, Troll)

Anonymous Coward | more than 3 years ago | (#33892258)

Is Linux "immune" to malscripted webpages on malicious sites with say, harmful javascript in them? How about bogus ad banners that have harmful javascript in them, is Linux "immune" to that also??

You sure that in this case:

"Linux could have problems, but the security holes found are much harder to exploit due to the way everything is set up by default, and how the system is used. A lot of Windows security problems have been "as designed"." - by unapersson (38207) on Thursday October 14, @05:06AM (#33891268) Homepage

?

I mean, here are some examples:

1.) Linux has its root/superuser/admin usage "turned off" (meaning you cannot logon as root) by default, so you have to use a SUDO. Well, Windows has its equivalent in UAC (except windows users CAN login as Administrator, but, they are NOT setup that way by default... whereas afaik? You cannot logon to Linux as ROOT itself).

2.) Penguins here keep "trumpeting" that their software is ONLY AVAILABLE via rpm/apt-get/yum (repositories) and yet there ARE other sources of Linux wares, not just via repositories (so who are they trying to fool here?)... just as their are in Windows from "shareware/freeware" oriented websites.

3.) Windows has its regular "Patch Tuesday", every 2nd Tuesday of a month - Linux has its regular checks for security & other updates also (and I see this happen quite a LOT on Linux, in fact, I was up to 51 replacements for security patches alone iirc, and in ONLY 1 month's usage of KUbuntu 10.4.1 in fact, before I went to KUbuntu 10.10 recently) - BOTH need and do get patches for security, regularly, so it's not like Linux is "immune to hacks/cracks"!

Now - the ONLY REAL REASON Windows is attacked so much?

The only reason Windows machines are more attacked is because more people use them, and, they use them for things like banking transactions from home OR shopping via credit card online. This alone makes them the MOST attractive target for botnet makers (or, any malware maker/malicious scripted page online etc./et al).

I.E.-> Thieves online are NO DIFFERENT from thieves in the real world. For example, pickpockets do NOT go where there are little to no people, they hit trainstations, subways, malls or any place large amounts of folks gather. The same holds true online, and where do the MOST folks "gather"? On Windows.

(Going back now to my init. question above I started this with: I mean, nobody can tell me that a malscripted website page or maliciously scripted banner ad couldn't be tailored to attacks Macs or Linux rigs, because javascript works on them and their webbrowsers too, which are the same as the ones used on Windows for the most part (the "big 4" in IE, FireFox, and Opera or Chrome) and they use javascript and keep it turned on, by default, in Linux too!).

A mod down doesn't hide the truth Penguins... (0)

Anonymous Coward | more than 3 years ago | (#33898134)

See the first question in my init. reply and answer it please. I will restate it here again for the record in fact:

"Is Linux "immune" to malscripted webpages on malicious sites with say, harmful javascript in them? How about bogus ad banners that have harmful javascript in them, is Linux "immune" to that also??" - by Anonymous Coward on Thursday October 14, @08:55AM (#33892258)

Now - You can mod me down troll all you like but it won't change the fact that what I suspect to be true "upsets the 'penguinista'" here - and that is that a malscripted ad banner OR webpage can affect Linux just the same as it can windows... and where do MOST attacks on Windows occur nowadays? Thru apps like HTML + scripted emails, OR, webbrowsers with scripting enabled and not restricted!

So, modding me down as "TROLL" (when my post was initially modded up as INSIGHTFUL, and it shows because it has "0 troll" as my score, rather than "-1 troll" as it would if it were never modded up at all)?

LOL, after all: It doesn't make you "Pro-*NIX" dorks any better and it shows you evading answering a simple question as well. Maybe you avoid answering this question, and instead MOD ME DOWN, because it IS the truth, eh? Probably.

I mean, lol, attempting to hide a truth by modding a post down? Poor job boys, very poor.

Re:Right goal. Wrong tool. (1)

AmberBlackCat (829689) | more than 3 years ago | (#33892464)

I think 1 through 4 are reasons a lot of people prefer Windows and are more productive with Windows than Linux. I disagree with number 5, as there are critical Linux apps (such as the help system) that don't even have a GUI. And number 6 applies to Windows and Linux equally.

Re:Right goal. Wrong tool. (0)

Anonymous Coward | more than 3 years ago | (#33893866)

most every average program has it's own help system built in, the man pages are mostly needed as a help for..... command line programs, which again the average user dosn't particularly need.

Re:Right goal. Wrong tool. (2, Insightful)

orient (535927) | more than 3 years ago | (#33897316)

#6 does not apply to Windows and Linux equally: Windows Update is not updating Adobe for you every time a patch is released. You need to have a program running to check for updates and each program tends to have its own little utility sitting in the tray area and using resources.

Re:Right goal. Wrong tool. (1)

AmberBlackCat (829689) | more than 3 years ago | (#33899032)

I installed the latest version of VLC through RPM fusion. I also downloaded and installed Opera through an RPM file available on their website. Do you think the system updater is going to update this software? Do you think if Photoshop were available for Linux that the system update would also update Photoshop?

Re:Right goal. Wrong tool. (1)

hesaigo999ca (786966) | more than 3 years ago | (#33893504)

I could not agree with you more, as this is what makes the linux, vs M$ argument so easy to win, you look at how quick a patch comes out for linux, and how quick if at all (some still aren't) for windows....however, the sheer number of windows users, make it hard for any linux user to purely use linux, as it is a commercial preference, and therefor needs to be used by most homes as well....something to do with not wasting time looking for things because you do not know your system.

Re:Right goal. Wrong tool. (0)

nacturation (646836) | more than 3 years ago | (#33891180)

While it's easy to shift blame onto the user, this completely overlooks the fact that a system designed with the capability of executing foreign code without any kind of privilege escalation check is just asking for trouble. No one should have to worry about those puppies or that porn in the first place.

It's the dancing bunnies problem [codinghorror.com] in computer security. The nutshell is that even with Linux, users will open up a terminal and follow the magic script which includes all these bizarre cryptic invokations like gunzip, tar, chmod, sudo, and other weird things because they want to see their dancing bunnies, dammit!

Re:Right goal. Wrong tool. (2, Insightful)

bhtooefr (649901) | more than 3 years ago | (#33891508)

And Windows DOES have a privilege escalation check. It's called UAC. Lots of people disable it because of poorly-written software that needs admin rights all the time, but it is there.

The problem is the dancing bunnies problem [codinghorror.com] . And there's only one way around that - an iOS-style walled garden, where Microsoft approves every Windows app that can run manually.

Re:Right goal. Wrong tool. (-1)

Anonymous Coward | more than 3 years ago | (#33891784)

That's an elevation prompt. An escalation is, by definition, the compromise of in-place security measures resulting in higher privilege gain. Which is why an "escalation check" is an oxymoron... if one occurs, it's already defeated system integrity. All you can do is try and prevent it from happening.

Re:Right goal. Wrong tool. (1)

mcgrew (92797) | more than 3 years ago | (#33892298)

There are millions of Macs shipped yearly. That seems like a pretty lucrative target to me, especially considering Linux and Mac users' sense of invulnerability (Guilty as charged, I use Linux).

Windows users have it hammered into their heads over and over how vulnerable their systems are. It's impossible that marketshare is the only reason those platforms aren't targeted.

Re:Right goal. Wrong tool. (2, Insightful)

tehcyder (746570) | more than 3 years ago | (#33894754)

There are millions of Macs shipped yearly. That seems like a pretty lucrative target to me

Yes, but while (say) 90% of computers are running Windows, what's the point of making the effort to do a Mac or Linux version of a virus/trojan, even if you could?

If you're shooting fish in a barrel, you don't care about the little ones you may miss because they're hiding under the big uns on top.

Re:Right goal. Wrong tool. (0)

Anonymous Coward | more than 3 years ago | (#33897034)

Windows users love to say Microsoft is the victim of a larger market share. They'll go on and say there's nothing Microsoft can do about it and that all software has flaws. They'll also tell you how much Windows has improved with service packs and new releases.

I just don't see how people can say "Nothing can be done because of market share" and then say "See how they have improved" after a service pack or new release. It seems to me that much must have been done despite being the "bigger target" for such improvements to even have happened.

You have to concede that there was something that could have been done or just throw out the whole idea that Windows has improved in a significant way.

Consider too how often you hear that attackers are getting more clever and more sophisticated in their attacks. Why would they need to do that? What change in market share made that happen?

Re:Right goal. Wrong tool. (3, Informative)

Bert64 (520050) | more than 3 years ago | (#33891398)

If linux or macos had a dominant market share the same problem would occur, but it wouldn't be anywhere near as bad...

Linux/Mac users are already used to running as an unprivileged user, providing an extra obstacle for any malware (sure malware can still do bad things without root, but it's much more difficult to hide and make itself difficult to remove), windows is only just starting to move towards this decades old best practice.

On a unix box, files are not deemed executable based on their name alone, if you download a file by default it will not be executable and an extra step is required to make it so.

Unix boxes not only don't rely on file extension to determine if a file is executable, they also don't hide the file extensions by default... A common attack on windows systems is to create a file called picture.jpg.exe and assign it an icon which looks like the default windows icon for a jpeg file, windows will dutifully hide the .exe part so users only see picture.jpg, assume its a picture and try to open it. Clever malware will even embed a picture inside the binary and when you run it, will save the embedded picture to a temporary location and spawn a viewer to display it. Using file extensions to determine file type, and then hiding those extensions by default is an extremely stupid and very dangerous flaw.

Unix systems also don't execute anything by default which is stored in an inserted piece of media, simply inserting the media won't infect you, you would have to explicitly go and execute the malware - which would result in very low infection rates.

So sure, if linux or mac had 95% of the market people would be looking to attack them, but the lack of many of the inherent security flaws in windows would make these attacks far less effective.

That said, linux having a 95% marketshare would be almost as undesirable as windows having it, diversity is extremely important - if there are 3 common systems with 30% market share each the job of a malware author becomes much harder and less profitable.

I do however predict, that in a 30/30/30 windows/linux/mac marketshare split, malware authors would still primarily target windows because it represents a softer target.

Re:Right goal. Wrong tool. (0)

Anonymous Coward | more than 3 years ago | (#33903392)

Unix boxes are indeed far superior to their Windows 98 counterparts

Your so wrong (0)

Anonymous Coward | more than 3 years ago | (#33907026)

No the problem is with Windows OS design. MS forgot or never knew one of the basic designs in a networked OS. Users can only work in user space. A user cannot write to the system files. A user's account may get infected but not the machine on Linux/UNIX/OSX. An easy clean. Any software that needs Administrator access to run (like a lot of MS software) is NOT secure and badly written. Until MS changes and follows these rules of a networked OS it will always be open to whatever you throw at it. Lets face it MS and all their partners like you spending money on fixing their broken shit.

Re:Right goal. Wrong tool. (1)

Will.Woodhull (1038600) | more than 3 years ago | (#33890826)

Well, when all you've got is a hammer every problem looks like a ...

Oh, wait. In this instance, where it is Microsoft as the problem solver, and digital security as the problem, it is more like the guy who dropped his keys in the darkest corner of the parking lot, but is looking for them 20 yards away, because that area is lit by a street light.

Re:Right goal. Wrong tool. (1)

davester666 (731373) | more than 3 years ago | (#33890876)

Maybe what Microsoft wants is to separate all the botnet computers from all the other computers. And if you are going to go that far, you might as well also move the most likely computers targeted to join these botnets.

So, 2 internets. One for computers running any Microsoft OS. And the other, the real one with all the good porn, for all the other computers.

Chrome OS (-1, Flamebait)

Anonymous Coward | more than 3 years ago | (#33890906)

Did their security claims actually pan out (ie. reboot = fixed)? After a quick google the only third party reviews seem to be from before the code was released.

Re:Right goal. Wrong tool. (1)

jonbryce (703250) | more than 3 years ago | (#33891154)

If a patch has been released and people refuse to install it, the courts can make software secure.

Re:Right goal. Wrong tool. (0)

Anonymous Coward | more than 3 years ago | (#33905028)

What about making software secure in the first place?

Strange that nobody seems to realize that Windows is the ONLY antivirus market...

Using the law to fix technical shortcomings (2, Interesting)

Will.Woodhull (1038600) | more than 3 years ago | (#33890798)

So Microsoft has found that using lawyers and courts is a more effective way for them to combat malware and botnets than building good security into their products.

Why am I not surprised?

On a related matter, I am starting to see more reports of the possibility of malware in the Linux ecosystem. So far it is mostly a matter of an increase in security patches for Ubuntu and Debian apps, to fix vulnerabilities that no one has managed as yet to exploit to any significant degree. So its not really an issue, simply a minor annoyance that I've been saying okay to more automated updates in the last month or so than I was seeing this time last year.

Re:Using the law to fix technical shortcomings (5, Insightful)

RightSaidFred99 (874576) | more than 3 years ago | (#33890862)

You're not surprised because you don't know what you're talking about. How exactly would they prevent a user from literally running an EXE someone randomly mails them?

I'll tell you what, I'll mail you a Linux binary and you just go ahead and run it for me. Also, have 50k of your friends run it for me too. Then tell me how surprised you are.

Technical shortcoming.... right.

Re:Using the law to fix technical shortcomings (0)

Anonymous Coward | more than 3 years ago | (#33890962)

Sometimes I wonder which universe people live in, where they haven't personally witnessed this kind of idiocy day in and day out, by the typical-neighbor PC user.

Re:Using the law to fix technical shortcomings (0)

Anonymous Coward | more than 3 years ago | (#33891226)

The live in the universe where all they want to do is evangelize their pet OS.

Re:Using the law to fix technical shortcomings (4, Insightful)

omni123 (1622083) | more than 3 years ago | (#33891104)

I don't know what planet you are living in.

No amount of security can ever stop a user who is determined to see the latest dancing baby screensaver from opening an exe. Linux is safe for now because it's technically competent using it, people who go to the effort to install and use it and not your every day user. If you throw a couple of million mums, dads and teenagers on it I would like to see your stats then.

Nobody is arguing that *nix isn't inherently more secure, it is, but the reality is that nothing is unbreakable with enough time and effort. Malware creators invest time where there is a reward and that just isn't the *nix world right now.

Even if Microsoft did a complete ground up security re-design a few thousand Malware creators will invest 2x the amount of time Microsoft did in creating it and still overcome it. The best solution is to thin that population of creators out by throwing them in jail or removing the monetary reward (through the form of legal fees) until the number of people developing the malware is less than the number of guys defending against it.

Re:Using the law to fix technical shortcomings (2, Insightful)

camcorder (759720) | more than 3 years ago | (#33891318)

No reward? I'd prefer to own thousands of linux servers for my botnet, not thousands of windows servers.

Let's admit it, it's easier to hack a windows machine. Not because it's wildly used. But because it lacks fundamentals in its design. Their closed design and monopolistic approaches never let any kind of software repository to be build. So people got used to install software downloading from the Internet and double click on them. They don't have central update mechanism so that vendors can push their updates easily. They tried to be "user friendly" but it's evident that they created something "hacker friendly".

Linux is less used so it's not hacked in masses is a fallacious claim. Everyone knows it's hard to convince a Linux user to 'download and run' an application since it has longer path to convince users to do that. Of course nothing is fool-proof, but vast majority of people getting infected with these worms are not fools, they are just victims of stupid design decisions. Even very technical people get infected with viruses and worms in Windows, remember recent Google case in China to be convinced.

Re:Using the law to fix technical shortcomings (0)

Anonymous Coward | more than 3 years ago | (#33891794)

Let's admit it, it's easier to hack a windows machine. Not because it's wildly used. But because it lacks fundamentals in its design.

The other thing is that a Windows environment is 'easier' to get up and running because a lot of it is pre-canned. Given that it's not a technically demanding, you'll get more set ups by people on the left-hand side of the Bell curve.

If you have to jump through a few hoops (as you tend to do with Linux/Unix), then it will remove a lot of chaff from the sysadmin field who don't want to bother.

Re:Using the law to fix technical shortcomings (1)

Ash-Fox (726320) | more than 3 years ago | (#33892220)

If you have to jump through a few hoops (as you tend to do with Linux/Unix), then it will remove a lot of chaff from the sysadmin field who don't want to bother.

I find it easier and faster to setup Linux servers in most scenarios since it's just yast -i package or sudo apt-get install package, then changing a few things via the configuration screen. This compared to screwing around with GUIs that don't have standardized installation procedures, unreliable update mechanisms etc.

Re:Using the law to fix technical shortcomings (0)

Anonymous Coward | more than 3 years ago | (#33896084)

Even very technical people get infected with viruses and worms in Windows, remember recent Google case in China to be convinced.

Not to argue your other points, but, I have worked in support there, so I know that not every Google employee is "very technical". I don't have first hand on the hacking, but didn't I read somewhere that it was the marketing dept., running IE6 that got hacked?

Re:Using the law to fix technical shortcomings (1)

Obsi (912791) | more than 3 years ago | (#33898748)

Unix is owner-friendly, Windows is pwner-friendly.

Re:Using the law to fix technical shortcomings (2, Insightful)

omni123 (1622083) | more than 3 years ago | (#33903680)

No reward? I'd prefer to own thousands of linux servers for my botnet, not thousands of windows servers.

Thousands of Linux servers do not store peoples credit card information in text files on their desktop. The reality is that end users are a much juicier target after a cost-benefit-risk analysis.

Let's admit it, it's easier to hack a windows machine. Not because it's wildly used. But because it lacks fundamentals in its design. Their closed design and monopolistic approaches never let any kind of software repository to be build. So people got used to install software downloading from the Internet and double click on them. They don't have central update mechanism so that vendors can push their updates easily. They tried to be "user friendly" but it's evident that they created something "hacker friendly".

Nobody will dispute the fact that Windows has a lack of security in its fundamental design. I think it is a bad claim to make that the lack of a software repository is responsible for it, as well, since apt has only been around since 1998 and *nix still did not breed the same type of users Windows does. That being said Windows Update has been around since 1998 as well (though apt was preceded by dselect circa '95?).

I'm not arguing that Windows has bred the kind of users that are inherently stupid, for lack of a better word, when it comes to technology. The flipside is this idea is not going anywhere--the average users wants it done, they want it now, they want it to be easy and they don't want to have to know anything about the technology.

Linux is less used so it's not hacked in masses is a fallacious claim. Everyone knows it's hard to convince a Linux user to 'download and run' an application since it has longer path to convince users to do that. Of course nothing is fool-proof, but vast majority of people getting infected with these worms are not fools, they are just victims of stupid design decisions. Even very technical people get infected with viruses and worms in Windows, remember recent Google case in China to be convinced.

You are missing the central point of the argument that is its bread and butter. Let me lay it out for you.

Linux is less used:
=> People use it because they WANT to use it and they understand it
=> Millions of idiots do not use it
=> Millions of idiots do not click download run anything that pops up
=> Linux is targeted less often by malware because there is less people using it

I'm not arguing that if suddenly the 0.85% of users who use *nix were all cloned a million times and the average level of technical expertise remained the same. I'm arguing that if everyone who is currently using Windows (i.e. your parents, grandparents and kids) trying to get on Facebook started using it they would do whatever they had to do to get FarmVille to run.

Even if that's a sudo ./MaliciousBinary.

I concede that if Windows popped up a giant box calling you a moron with red flashy lights then made you start-run-cmd and sudo it every time you attempted to run an exe then a whole lot less people would do stupid things. Right up until the malware designers came up with a way to bypass it, because it would be worth it.

The fundamental theory of security is that nothing is unbreakable with enough time and effort. If the motivation was there malicious software designers would spend that time on *nix, but it isn't because the largest group of technically incompetence users is on Windows; shift them to *nix and it would be a different story.

Believing anything is ignorance.

Re:Using the law to fix technical shortcomings (1)

Bert64 (520050) | more than 3 years ago | (#33891456)

No, the best solution is to get rid of the monoculture which ensures the malware creators get such a high return on their investment...

If you have 4-5 different platforms with equal marketshare, malware authors need to invest significantly more to see the same level of returns.. Also competition between platforms would significantly increase the improvement work being done. As you point out, unix is inherently more secure but microsoft have no reason to match or exceed unix because people are still buying windows as bad as it is.

Thinning out the population of malware creators is a complete waste of money and effort, malware is a competitive business and by eliminating some competitors you are just increasing profits for those who are left and making the market more attractive for anyone new looking to enter it. You will just end up with malware authors in jurisdictions where you can't get to them reaping all the rewards.

Re:Using the law to fix technical shortcomings (0)

Anonymous Coward | more than 3 years ago | (#33891670)

People don't buy OSes based on what is most secure. People buy OSes based on what they know and are comfortable with. Monoculture benifits the individual. Nothing new to learn.

Re:Using the law to fix technical shortcomings (1)

Pharmboy (216950) | more than 3 years ago | (#33891874)

If you have 4-5 different platforms with equal marketshare, malware authors need to invest significantly more to see the same level of returns..

Then you would likely see more attacks coming from common elements of those very different platforms, such as Flash, Acrobat, or other plug-ins that would have different code bases but similar designs on all platforms. Or Office, or via Javascript, or Java, or CSS or any other common element.

Someone pointed out above that part of the issue is that Linux users themselves tend to not just click and install executables as they tend to be more familiar with the workings of their system, and tend to be a little more paranoid. I don't see educating the world to be more security minded as a solution however, as it isn't practical. People view computers as appliances and that will never change if the majority of people are using them. You can only change the computer OS and applications themselves by having designs that are much more restrictive than they current are.

Web browser design is centered around making it very, very easy to develop applications that will run in a browser. And having more OS's with equal share would only serve to make this even more important. As long as that is the case, with browsers that act as virtual operating systems in their own right, you will have malware issues, because at their core, malware is just another application.

Re:Using the law to fix technical shortcomings (1)

tlhIngan (30335) | more than 3 years ago | (#33894828)

If you have 4-5 different platforms with equal marketshare, malware authors need to invest significantly more to see the same level of returns..

Then you would likely see more attacks coming from common elements of those very different platforms, such as Flash, Acrobat, or other plug-ins that would have different code bases but similar designs on all platforms. Or Office, or via Javascript, or Java, or CSS or any other common element.

Actually, that's probably why we're seeing so much more attacks via PDF and SWF (Flash) these days. In between Windows 7 and Vista's security model (far tighter than XP) and the rise of alternative platforms, people are attacking Flash and PDF because it's the easiest vector in. It's also why in those Pwn2Own contests you see at CanSecWest, the hacks are almost always due to some user application - a modern OS like Linux, Windows and OS X either firewall off or don't have vulnerable services running by default open to the world anymore. The easiest way in is via an application, preferably one that's installed everywhere, like Flash and a PDF reader with close to 100% installation rate on all OSes.

Another popular vector is pirated apps - Mac botnets form when people download the latest software like Microsoft Office, Snow Leopard, iLife, etc., via Bittorrent (crafty people tacked on an extra "botnet" installation package to the download) - this has happened with certainty to Office 2008 and iLife 2009. On Windows, it's also via trojaned installers, but less so because many installs are signed, so the trojans wrap around keygens and cracks (someone produces a keygen or a crack, and some malware author wraps their trojan dropper around it. It's why most anti-virus target keygens specifically because it's an exceedingly popular target - probably most keygens you find are infected). The last method is the most blatant and you see it on usenet a lot - people posting a million identical files that only differ in file name - file sizes and the like are identical, which are true trojans, meant to grab careless google searches and anyone not thinking why a video that should be gigabytes in size is only 500K.

Worms still exist, but the environment they live in has pretty much gotten really hard to propagate in. The new malware is the trojan because it's so easy to embed in other software, or just pick up careless searches. Or via files people don't anticipate will be an issue, like flash and PDF.

Re:Using the law to fix technical shortcomings (1)

mcgrew (92797) | more than 3 years ago | (#33897580)

No, the best solution is to get rid of the monoculture which ensures the malware creators get such a high return on their investment

If the market were split evenly between Apple, MS, and Linux, there would still be millions of computers on each platform to infect (and botnetware writers would still target Windows). Market share is irrelavent in malware; Apple has something like 10% but that's still millions of computers for malware writers to infect.

As you point out, unix is inherently more secure but microsoft have no reason to match or exceed unix because people are still buying windows as bad as it is.

With a few exceptions, people don't buy Windows, computer manufacturers buy Windows. People buy a computer with Windows preinstalled. Even if games ran on Linux and not Windows most people would still be running Windows (except gamers). If every computer came with Linux instead of Windows the only people buying Windows would be gamers (and it wouldn't be long before most games ran on Linux and not Windows).

Windows maintains its dominance not because of users, but because of PC manufacturers.

Thinning out the population of malware creators is a complete waste of money and effort

Completely true. Look how well they handled the war on (some) drugs. They can't stop liquore store holdups. Remember, though, most people don't give many things much thought.

Re:Using the law to fix technical shortcomings (1)

david_thornley (598059) | more than 3 years ago | (#33894300)

First, there is a difference between clicking on dancing_bunnies.gif and dancing_bunnies.exe, and it is possible to teach many users that. However, with extensions hidden they're likely to click on dancing_bunnies.gif.exe. That's a problem with MS Windows that I don't think exists elsewhere.

Second, while there aren't a couple million mum, dads, and teenagers with Linux boxen, there are quite a few million Macs out there, and a lot of them are owned by people who don't know much about computers - in fact, they've been marketed as good for people who don't know much about computers. The Mac OSX exploits I've seen have been in the lab, not the wild.

Re:Using the law to fix technical shortcomings (1)

omni123 (1622083) | more than 3 years ago | (#33903722)

First, there is a difference between clicking on dancing_bunnies.gif and dancing_bunnies.exe, and it is possible to teach many users that. However, with extensions hidden they're likely to click on dancing_bunnies.gif.exe. That's a problem with MS Windows that I don't think exists elsewhere.

The average user doesn't know the difference between a gif and an exe. If show extensions was on by default and the website they downloaded dancing_bunnies.exe off told them to run the .exe because they would get fantastic dancing bunnies, they would do it.

You need the piece of education in the middle that drums in to their head that exe's are bad. This is fundamentally a people problem, one that transcends operating system boundaries.

Re:Using the law to fix technical shortcomings (1)

robinvanleeuwen (1009809) | more than 3 years ago | (#33891286)

I guess it works both ways, it's the users who don't know anything about security and will run every script and executable to get their rocks off on some twinkeling-stars-and-nice-cute-bunny-free-game-with-an-option-to-win-an-iPad-program. But i've used Linux since slackware 7.1 through 12.1 and then switch shortly to Debian and then to Ubuntu. Since i made the switch from Slack I never downloaded any scripts if i wanted to install a program. With Slack i did that sometimes when it made installation and/or configuration easier. But since i started using Debian/Ubuntu and installing software goes through repositories i never downloaded scripts/executables from unknown sources. I know people maybe could get spy/spam-ware in the official repo's too, but it's more difficult.
I still can download stuff from unknown sources and install it, but if i can do that it implies that i at least know a tiny bit of what i'm doing. Education of users is much easier starting from that point than from a Windows-world where downloading form unknown/shady sources is commonplace.
But you are right. It starts with user education. And if somebody waves a magic wand and tomorrow suddenly 95% of people use Linux instead of Windows, and they do that with the same mindset as they are used to, we will have a problem. But since conversion from Windows goes slowly there is a chance to educate users to the point that they become a bit more securiry aware, and get them in a bit of a different mindset.

Re:Using the law to fix technical shortcomings (1)

value_added (719364) | more than 3 years ago | (#33891292)

I'll tell you what, I'll mail you a Linux binary and you just go ahead and run it for me.

Silly person. Why would he?

Last I checked, downloading programs from untrusted sources is something that only Windows users do. The relative merits, whys and wherefors aren't nearly as relevant as the recognition that doing so defines (outside of strictly controlled corporate environments) what it means to be a Windows user.

Re:Using the law to fix technical shortcomings (2, Insightful)

Bert64 (520050) | more than 3 years ago | (#33891406)

I don't believe any linux mail client will provide a facility to execute directly from the client...
You will have to explicitly save the file somewhere, and then you will need to change its permissions to make it executable..
Then in order to properly embed itself into the system and hide itself, it will also require a working privilege escalation exploit, or for you to run it as root which requires you to perform yet another additional step.

Sure, most people on slashdot know how to do that, but then most people who know how to do that also know not to do that.

Technical shortcomings of windows make it much easier, and therefore more likely, for bad things like this to happen.

Re:Using the law to fix technical shortcomings (1)

knarf (34928) | more than 3 years ago | (#33891472)

Hmm, lemme see...

1) save attached file somewhere, try to click it

  [system complains that it does not know what program to use to open an 'application/octet-stream' file]

2) click again, dammit!

  [the same complain arises]

Usually Joe Random User will give up now, muttering that 'this damn Linux is worth no shit'.

Of course the crux here is that in Linux you can not just 'run' downloaded (or attached, same thing) files as they don't have execute permission. You need to explicitly add these permissions to those files. The next hurdle can be that wherever you downloaded that file is not in the $PATH so you need to give the full path to try to execute it.

A somewhat more enlightened Linux user will understand this and know what to do to get a downloaded file to run. Hopefully this user will also understand that it is a *bad* idea to just blindly execute whatever file arrives by email. Fortunately this seems to be the case at the moment, otherwise there *would* be more Linux-based botnets. Currently the main infection vector for Linux consists of weak passwords which are found by endless ssh probing attempts. Linux users have thus far not gone on a wild 'chmod +x $HOME/downloads/see_dancing_bunnies.bin; $HOME/downloads/see_dancing_bunnies.bin' spree.

Re:Using the law to fix technical shortcomings (2, Interesting)

Rockoon (1252108) | more than 3 years ago | (#33891790)

Some Linux users regularly do shit like 'sudo dpkg -i it_sounded_cool_when_i_downloaded_it.deb'

..or worse, follow the onscreen instructions to add a repository so that they can get that it_sounded_cool_when_i_surfed_here.deb

Re:Using the law to fix technical shortcomings (1)

Will.Woodhull (1038600) | more than 3 years ago | (#33895214)

Why would I run any Linux binary that you might mail to me?

Security issues aside, it requires more technical skills and time to prepare and run such a binary in Linux than it does to simply download the same binary from my distro's repositories. Which are rather more closely guarded by persons with security skills than what any Joe Sixpack or even I could do. If what you sent me isn't in a repository, then it would be kind of suspect to even the greenest newbie. Again, even if he trusted you fully and had no concerns about security, he's still gonna wonder why he's got to dance through all these hoops when you could have put the thing in a repository.

On a broader note, all these arguments that Linux would be as bad as Windows if only it was a larger target are massive fail. They ignore the fundamental differences in basic design between Linux and Windows, and the way in which those differences have been magnified by the ecosystems that have grown up around the Linux distros.

  • For malware to succeed under Windows, it has to be able to fool the most gullible Windows users faster than their betters can educate them. Which has proven to be a very, very big window.
  • For malware to succeed under a Linux distro, it has to be able to fool the gatekeepers of the repositories who are generally pretty knowledgeable about security issues.

Re:Using the law to fix technical shortcomings (1)

mcgrew (92797) | more than 3 years ago | (#33895508)

How exactly would they prevent a user from literally running an EXE someone randomly mails them?

That's one of Windows' vulnerabilities -- EXEs always run. In *nix, the extension has nothing to do with whether or not the file will execute. On top of that, there are different Windows extensions that WILL run. On top of that, the extension is hidden by default, so virus.jpg.exe will be shown as virus.jpg (IMO a really stupid move on MS's part).

I'll tell you what, I'll mail you a Linux binary and you just go ahead and run it for me.

In Linux it's as easy to install a binary from the distro's repository as it is to install any Windows executable, but to run a binary from a random source takes someone a bit more knowledgable. If you send that binary to 50k random users, a minority of them will get it to actually run.

So yes, it is certainly a technical shortcoming of windows; actually a lot of technical shortcomings.

Re:Using the law to fix technical shortcomings (0)

Anonymous Coward | more than 3 years ago | (#33905166)

Can you really run an EXE in Windows when you don't have the traverse/execute ACL for it? I find that unlikely.

Of course foreign EXEs will never not have that applied to them by default for obvious reasons.

Re:Using the law to fix technical shortcomings (1)

rsborg (111459) | more than 3 years ago | (#33900726)

How exactly would they prevent a user from literally running an EXE someone randomly mails them?

I predict now that the iOS AppStore model will become the new PC norm, much to our dismay. The ability to run random binaries without a curator overseeing will be gone for most folks in about 5 years. There will of course, be jailbreaking, open builds (pro OS) and such, but instead of virus-scanning taking the bulk of your computer's idle processor, it will be iTunes/Steam or the equivalent ensuring that your Apps are licensed, compliant and behaving.

RMS was a visionary [gnu.org] , and it will be proven out in about 5 years or so (before 2020 for sure).

Re:Using the law to fix technical shortcomings (0)

Anonymous Coward | more than 3 years ago | (#33907102)

I'll tell you what, I'll mail you a Linux binary and you just go ahead and run it for me.

For one thing and EXE file will not run on Linux. For another if you email a Linux binary it will come through as a text file and will not execute until you chmod it.

Re:Using the law to fix technical shortcomings (0)

Anonymous Coward | more than 3 years ago | (#33890988)

Malware in the Linux ecosystem goes by the name of pulseaudio, systemd, ConsoleKit, gobject-introspection, udisks, polkit, possibly NetworkManager depending on how annoying it decides to be, or any other piece of new useless shit that suddenly becomes mandatory.

Just look at the description of ConsoleKit:
System daemon for tracking users, sessions and seats

ConsoleKit is a system daemon for tracking what users are logged
into the system and how they interact with the computer (e.g.
which keyboard and mouse they use).

Even if you're the only person who ever uses your computer, well, you have to have ConsoleKit running and keeping track of that, it should be able to get it right most of the time.

Re:Using the law to fix technical shortcomings (2, Funny)

Sir_Lewk (967686) | more than 3 years ago | (#33891026)

mandatory

Even if you're the only person who ever uses your computer, well, you have to have ConsoleKit running and keeping track of that

*checks process list*

Nope. Nothing. Maybe you, or your distro, just suck?

Or maybe you're just a troll.

Re:Using the law to fix technical shortcomings (-1, Flamebait)

Anonymous Coward | more than 3 years ago | (#33891086)

$ pidof console-kit-daemon
1289

$ repoquery --whatrequires ConsoleKit
ConsoleKit-0:0.4.1-5.fc13.x86_64
ConsoleKit-docs-0:0.4.1-5.fc13.x86_64
ConsoleKit-x11-0:0.4.1-5.fc13.x86_64
accountsservice-0:0.4-3.fc13.x86_64
accountsservice-0:0.6-2.fc13.x86_64
gdm-1:2.30.2-1.fc13.i686
gdm-1:2.30.2-1.fc13.x86_64
hal-0:0.5.14-3.fc13.x86_64
libfprint-0:0.1.0-15.pre2.fc13.i686
libfprint-0:0.1.0-15.pre2.fc13.x86_64
libfprint-0:0.2.0-1.fc13.i686
libfprint-0:0.2.0-1.fc13.x86_64
libfprint-0:0.3.0-1.fc13.i686
libfprint-0:0.3.0-1.fc13.x86_64
polkit-0:0.96-1.fc13.i686
polkit-0:0.96-1.fc13.x86_64

Not my fault if Linux for dummies aka Ubuntu is way behind the latest and greatest Linux technologies. But don't worry, you won't be able to live in the past forever.

While it was a troll, it's also true.

Re:Using the law to fix technical shortcomings (0)

Anonymous Coward | more than 3 years ago | (#33891232)

>>Not my fault if Linux for dummies aka Ubuntu is way behind the latest and greatest Linux technologies

swing and miss. ubuntu has had that shit forever now, and is generally the only distro that fucks up the config/packaging. you know why pulseaudio gets a bad rap? because ubuntu is packaged by neckbeard debian-dev wannabes.

Re:Using the law to fix technical shortcomings (1)

Bert64 (520050) | more than 3 years ago | (#33891512)

Now that depends on your distro, linux gives you a choice... there are distros designed to be lightweight, there are distros like gentoo which are designed to place decisions like this in the hands of the user etc... There is nothing inherent in the linux kernel which requires consolekit.

Windows does not, you have to have IE, outlook express, media player, directx and all kinds of other stuff, even if you have the supposed "server" versions of windows.

Re:Using the law to fix technical shortcomings (1)

mcgrew (92797) | more than 3 years ago | (#33899196)

Erm, no.

  1. Not all distros have them all by default
  2. You don't have to have ANY of those programs unless you want them, even if they are there by default. They are not part of the kernel and are all easy to remove is they are part of the distro.
  3. Malware? You're the malware, troll.

I don't know if it's still the case (I'm using kubuntu these days) but Mandriva had you choose EVERY app on OS install; LILO or GRUB? (bootloaders), KDE, Gnome, or whatever that other desktop was; at least five choices of browser, etc.

NOTHING in Linux is mandatory except the kernel. You don't even have to have a GUI if you don't want one.

Re:Using the law to fix technical shortcomings (0)

Anonymous Coward | more than 3 years ago | (#33905844)

Lets see, if you try to remove ConsoleKit, since ConsoleKit is required by gdm, polkit, hal, you will also have to remove those, removing polkit obviously requires removing polkit-gnome, which requires removing GConf2 and so most of GNOME, plus libck-connector.so.0 is required by kdm and xorg-x11-xinit, so you'll have to remove those as well.

Sound isn't properly supported in GNOME unless you use pulseaudio. You are expected to use pulseaudio. What are you going to do when things like the volume control or auto mute when plugging in headphones get removed from ALSA in the kernel in favor of having it done by pulseaudio instead?

So yes, it's very easy to not have ConsoleKit, you can just not use GNOME, and not login using gdm or kdm. Or just recompile everything yourself.

Take any modern desktop Linux distribution and try removing all of ConsoleKit, pulseaudio and polkit. It can't be done sanely. These are not apps, these are the endless new system daemons that keep turning up. And you can't turn them off with chkconfig because they don't use init scripts, they are started automatically on demand (i.e. always). Why do you think hal was replaced by udisks? hal had a design flaw, it included a hal-disable-polling command which you could use to configure hal not to waste time endlessly checking your DVD drives. With udisks, to do that you have to run "udisks --inhibit-all-polling" and leave that command running, in case it wasn't already obvious you aren't supposed to want to do that. Personally I think udisks should be configured to send an email every 5 seconds to its developer to keep them updated about if there is a DVD in my DVD drive or not, they seem pretty obsessed about it. What do you think systemd is really for? It's for ensuring that the user will have no choice about what gets started and what doesn't. That couldn't be done with the old SysV init script system.

What if I do what a half decent GUI, but don't want one that comes with piles of useless annoying junk?

Re:Using the law to fix technical shortcomings (0)

wmac (1107843) | more than 3 years ago | (#33890998)

You mean it is not possible to spread malware and bots to Linux and Mac usning email or whatever? The only reason we don't see enough of them is that Linux desktop is almost non-existent (with a market share of %0.85) and there are similar malware for Mac but they have less impact because Mac itself is limited to 4% market share in world. Almost all the websites get 95% windows users and that almost shows the market share of each operating system.

In Soviet Russia... (3, Insightful)

subk (551165) | more than 3 years ago | (#33890800)

...Courts look for Botnets to take down Microsoft.

Foot in the door... (4, Insightful)

straponego (521991) | more than 3 years ago | (#33890802)

While few would defend botnets, this legal technique will certainly be applied to other types of domains-- p2p, freenet, proxy, dissident, and whistleblower sites. In fact, I predict such attacks will hurt wikileaks and p2p sites more easily than botnets, because botnets don't have to have a small number of memorable domain names (they're not directly controlled by random humans). Ultimately, all of these "undesirable" types of programs/sites will work around the DNS crackdowns. But this will give even more of an edge to those who already hold nearly all the power-- corporations and governments. Really, they seem to be saying that if your domain could be used for something illegal, it can be taken away from you via rubber stamp before it's even involved.

Re:Foot in the door... (2, Informative)

odies (1869886) | more than 3 years ago | (#33890848)

Courts have been already used to take down those. Wikileaks domain was suspended a few years ago and just a few months ago government suspended around 10 streaming movie sites. Both by US courts and I don't US should have all the jurisdiction over domains. It's already a problem.

Seems Interesting... (1)

citoxE (1799926) | more than 3 years ago | (#33890824)

I'm kind of surprised Microsoft would say something like this, but at the same time, I'm really not. I guess they are looking at it through the eyes of George Washington and not the consumer, that's why they'll just sue people into compliance. But what's going to happen when they can't sue people because malware propagates itself far more quickly than Microsoft can detect its origin? Why not take the initiative and build more secure products instead of dealing with the problem after Conficker 2 is already globally widespread,

Re:Seems Interesting... (3, Insightful)

RightSaidFred99 (874576) | more than 3 years ago | (#33890870)

It spreads by mailing people exe's, which other dummies then execute. You can't design away stupidity.

Re:Seems Interesting... (1)

citoxE (1799926) | more than 3 years ago | (#33890914)

I agree. I suppose it would have been better to state Microsoft should try to fund some public awareness type of campaign to get people like grandma to not click links to websites simply because the subject says "Cute puppy pictures."

Re:Seems Interesting... (0)

Anonymous Coward | more than 3 years ago | (#33890932)

It spreads by mailing people exe's, which other dummies then execute.

But how come is only on Windows that, once you clicked on an exe your computer is zombified beyond the next reboot?

Re:Seems Interesting... (0)

Anonymous Coward | more than 3 years ago | (#33890968)

Either you're implying that somehow all non-Windows mail clients sandbox all emailed executables and Windows inherently cannot sandbox emailed executables, which is wildly wrong and misplaced blame, or else you're completely out of your depth.

This is a social engineering attack that tricks people who already have install privileges into installing software... and then paying for it. With money.

Re:Seems Interesting... (1, Informative)

Anonymous Coward | more than 3 years ago | (#33891000)

Because it's not? Let me know how well Ubuntu runs after you gsudo-elevate my trojan executable, which places a new entry in init.d, or attaches itself to /bin/login.

Re:Seems Interesting... (1)

Bert64 (520050) | more than 3 years ago | (#33891524)

Convincing a clueless user to save an emailed piece of malware somewhere, change the permissions to make it executable and then execute it via gsudo is a much longer process than that required to convince them to click an executable inside of their windows based email client which is already running with elevated privileges.

The more complicated your social engineering instructions, the greater chance that the user will fail or start to smell a rat somewhere along the lines.

Re:Seems Interesting... (1)

tehcyder (746570) | more than 3 years ago | (#33894868)

The more complicated your social engineering instructions, the greater chance that the user will fail or start to smell a rat somewhere along the lines.

You have forgotten that, because it is a bit more complicated to install applications in Linux, a newbie using Linux won't be surprised that the social engineering instructions are a bit more complicated too.

Re:Seems Interesting... (1)

RightSaidFred99 (874576) | more than 3 years ago | (#33901960)

Right. OK, how about I mail you a simple text file attachment, and include instructions "this will make your linux system you barely understand work much better. Instructions: Please save this file as ~/.login. Thank you.

Once I've got access to Joe User's home directory file, I pwn them. I can install a keylogger, I can install a non-root agent that waits for me to send it information about how to escalate to root via one of the many Linux local vulnerabilities, etc...

Linux's only saving graces are that nobody uses it, and those that do are generally computer savvy enough not to fall for that.

Re:Seems Interesting... (1)

Dunbal (464142) | more than 3 years ago | (#33890896)

But what's going to happen when they can't sue people because malware propagates itself far more quickly than Microsoft can detect its origin?

      More to the point, when US judges realize that foreign courts aren't obliged to enforce US verdicts despite their billion dollar "awards", and that really extradition only applies to criminal, not civil cases...

Removal! (1)

shougyin (1920460) | more than 3 years ago | (#33890918)

So hopefully, they will pass to remove all malicious and infected machines from the internet forever, and i'm sure it wouldn't take much to get the Evil Microsoft infected and scrubbed off...Then Unix takes over, and the internet world will find peace! eh...forget peace, but really get rid of Microsoft already!!!

Not about poor MS Security... (4, Insightful)

MosesJones (55544) | more than 3 years ago | (#33890948)

Before people bleat about this being about poor MS security do remember how many dumb folks there are out there. Lots of attacks come from dumb folks using things like Bittorrent and then executing something that they really shouldn't do without having decent virus protection on their machine.

So good on Microsoft for doing this, yes they also need to clean up their security act, which they have been doing, but also coping with the dumb people who buy their products is a decent thing to do.

MOD PARENT UP!!! (1)

pandrijeczko (588093) | more than 3 years ago | (#33891304)

Even as a mainly Linux user, I completely agree with the above comments.

Software is complicated & all of it has bugs & security holes - Linux, OS X, Windows, whatever...

Microsoft's worst mistake was believing their own marketing that sent out the message that you don't have to know much about computers to be completely secure when using one - it is the same mistake Apple are currently making.

There are people out here using Windows (myself included) who don't see any viruses, trojans or rootkits on Windows because we keep patches up to date, use good virus & malware scanners, don't trust emails & attachments from people we don't know, & don't go trying to get all our software for free from torrent sites.

We use the same Windows OSes that people with infected PCs use, therefore the only thing separating the two is knowledge, experience & common sense. Period.

I don't necessarily like the fact that Microsoft is using the court system for this because then some public money will be used in the process - but something *DOES* need to be done & I'm all for people being kicked off of their Internet connections until they get off their backsides & clean their PCs.

Re:MOD PARENT UP!!! (1)

Bert64 (520050) | more than 3 years ago | (#33891544)

I have sometimes been asked to perform incident response work on behalf of clients, these are typically corporate users and every single system i've inspected has had up to date antivirus from one of the major vendors and almost all systems were up to date with microsoft patches.. Yet they still got infected.
Sometimes the particular strain of malware is not detected by the AV they use but is picked up by others, sometimes nothing picks it up yet. AV will just protect you against lingering traces of long abandoned botnets, all the serious bot operators will be pushing new malware which isn't picked up by anything yet.

Re:MOD PARENT UP!!! (1)

pandrijeczko (588093) | more than 3 years ago | (#33891734)

Sure, and I take your point on that fully.

But how much checking did you do into seeing what sites users could get to through firewalls & proxy servers, not to mention stuff they brought in on USB keys, drives, etc?

Just saying...

Re:Not about poor MS Security... (1)

kainosnous (1753770) | more than 3 years ago | (#33891430)

I disagree. It isn't that MS has poor security, it's the fact that the MS design philosophy lends itself well to getting a computer infected. Even assuming that the people who run Linux were book smart, but virus dumb, getting a virus to run reliably an any given Linux system while being able to propagate itself would be a logistics nightmare. I wouldn't say that it couldn't happen, or that MS is necessarily worse because of it. It's the very things that make MS user friendly that make it such an easy target.

What an unprecedented pile of crap (1)

tygerstripes (832644) | more than 3 years ago | (#33890958)

I don't know if it's the story or the report that's full of holes, but this makes no causal sense whatsoever.

Notwithstanding the basic "correlation does not equal causality" tenet, where is the connection between the forcible shutting-down of botnet-controlling domains, and the botnets themselves? A p2p-vectored botnet's growth has nothing to do with the purposes for which that botnet is employed.

Furthermore, stating that "the company cleaned fewer machines" is not equivalent to stating "their are fewer machines infected." Frankly I'm not going to trawl through MS's Biannual Security Report or whatever (and thanks for not linking it, pcworld), but either the report or the story is woefully lacking in certain key details. It might all be true, but merely saying as much isn't going to garner much karma.

hangon, I (0)

Anonymous Coward | more than 3 years ago | (#33891132)

haven't RTFA but a drop in the number of machines MS have cleaned =! a drop in the number of infected machines.

for once... (1)

shentino (1139071) | more than 3 years ago | (#33891224)

For once Microsoft is using its legal muscle for a good cause.

I'm shocked.

Malware comes and goes... (1)

Bert64 (520050) | more than 3 years ago | (#33891340)

What microsoft fails to understand, is that the people operating these malware networks are not large slow monolithic corporations, just because a piece of malware which was common a few months ago is now dying out doesn't mean the problem is gone, it just means that the authors of that malware have moved on to their latest creations...

After all, why would you continue pushing an old piece of malware which has been reverse engineered and is detectable by every anti malware program out there, when you can write something new that will have a new window of opportunity before anything can detect it.

Prior Art (1)

kainosnous (1753770) | more than 3 years ago | (#33891392)

Without reading TFA, I can imagine that Microsoft is suing on the grounds that it should have the copyright on malware. There have actually been similar patents that MS has taken out before. I wouldn't be too surprised.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?