×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

After 7 Years, MyDoom Worm Is Still Spreading

timothy posted more than 2 years ago | from the at-least-it-kills-clippy dept.

Security 133

An anonymous reader writes "Researchers at Sophos have revealed that the MyDoom worm, which spread via email and launched denial-of-service attacks against websites belonging to SCO and Microsoft, is still spreading on the internet after more than seven years in existence. The firm suggests, tongue-in-cheek, that it would be nice if computer users updated their anti-virus software at least once every 5 years to combat the malware threat."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

133 comments

7 years ago? (2, Funny)

Anonymous Coward | more than 2 years ago | (#36484334)

Hello dear christian friend,

In the year of 2004 it is with great pleasure that I leave to you the sum ...

Windows is nothing if not backward-compatible (1)

lseltzer (311306) | more than 2 years ago | (#36484372)

But if you got a MyDoom message in any modern software you'd get tons of warnings, and many e-mail programs would strip the attached executable as a matter of policy.

Re:Windows is nothing if not backward-compatible (1)

jimicus (737525) | more than 2 years ago | (#36484472)

Stuff the MUA, the MTA should be stripping executables - and it should be doing so using the file signature, not the extension.

Re:Windows is nothing if not backward-compatible (4, Interesting)

Lord Byron II (671689) | more than 2 years ago | (#36484490)

Yes, because there's never a legitimate reason to send/receive executables. My university does this stripping crap and it's annoying as hell. They even yank out archive files. I eventually had to switch to Gmail from the university system, because I would send a colleague a zip file and they would email me back that I forgot to send an attachment (or vice-versa).

A better option than blindly modifying emails is to look for virus signatures in the files. At least that way, you're only eliminating the things that are known to be harmful.

Re:Windows is nothing if not backward-compatible (2)

MichaelSmith (789609) | more than 2 years ago | (#36484504)

One shot windows executables are pretty much a standard espionage tool these days. Used only once a virus checker will never recognise them.

Re:Windows is nothing if not backward-compatible (1)

PsychoSlashDot (207849) | more than 2 years ago | (#36484526)

If only there were a dozen or so other ways to transfer potentially harmful data that coincidentally require user intervention.

E-mail is fine for passive data, but it's too easy for executables. Users should have to jump through some hoops when handling executables, just like chemists have to take extra precautions when handling unknown or potentially hazardous substances. Handling protocol requires you to slow down and treat the material differently. Sounds good to me.

If your users can't handle FTP, or any of the myriad web file transfer systems, perhaps the answer isn't leaving hydrochloric acid in a Pepsi can on their desk. Don't dumb down the process... smart up the users.

Re:Windows is nothing if not backward-compatible (1)

rednip (186217) | more than 2 years ago | (#36484648)

Users should have to jump through some hoops when handling executables

Such as not running as root/Administrator? However, I know plenty of professional SAs who could take that advice; it's just easier to run that way and they (in theory) know how to deal with permissions.

Also, not all attachments are executable, yet most blanket exclude them all, so it eliminates one of the best ways to casually transport files. Worse, those that only go after attachments that appear to be executable miss some and create a false sense of security when dealing with them.

I don't really know the answer to this problem, I only know that all the solutions I have seen are not enough.

Re:Windows is nothing if not backward-compatible (0)

Anonymous Coward | more than 2 years ago | (#36484654)

I think you forgot to close your tag.

Re:Windows is nothing if not backward-compatible (2)

ultranova (717540) | more than 2 years ago | (#36485248)

E-mail is fine for passive data, but it's too easy for executables. Users should have to jump through some hoops when handling executables, just like chemists have to take extra precautions when handling unknown or potentially hazardous substances. Handling protocol requires you to slow down and treat the material differently. Sounds good to me.

Like the infamous UAC messages of Windows Vista, which popped up whenever any application tried to do anything, and did nothing but annoyed people and conditioned them to click allow on any message that pops up?

Modern computers don't have any security. Yes, this includes Linux, which isolates users from each other (to some extent) but doesn't give a single user any way of isolating his processes from each other and data. It's difficult to figure out what's happening in your system, and it's impossible to roll back any changes, besides reformatting and restoring from a backup. Even such basic functionality as letting a program change what it will, but only applying the changes only to said program's context - pretend-admin, in other words - is missing; you need to run a full virtual machine to get that.

Why can't you just create a context, and run programs in that context, letting them do what they will while preventing any effect outside the context? We do that with memory, and everyone agrees that memory protection is a good thing - yet when it comes to the filesystem, it's no can do?

The fact that computers operated by professionals for pay keep on getting pwned is irrefutable evidence for these facts.

If your users can't handle FTP, or any of the myriad web file transfer systems, perhaps the answer isn't leaving hydrochloric acid in a Pepsi can on their desk. Don't dumb down the process... smart up the users.

Since a Pepsi can is made of aluminium, it would simply dissolve in HCl (and blow up if it was closed due to the build-up of hydrogen). And the rest of your statement is just as nonsensical - what, transferring files through FTP is somehow more dangerous than through HTTP?

Re:Windows is nothing if not backward-compatible (0)

Anonymous Coward | more than 2 years ago | (#36485862)

The fact that computers operated by professionals for pay keep on getting pwned is irrefutable evidence for these facts."

Yeah, and the number of "accidents" on the road is irrefutable evidence that drivers really, truly are tested to know what the fuck they're doing before they're even illegible to get their license.

These "professionals", in most cases, barely know or give a shit themselves--it's their job, they come in, do what they're supposed to do, take their money and leave. Why do anything above and beyond the bare requirements of the job position? The fact that there are computers still spreading this worm means that their owners are sure as hell *not* professionals.

Not to mention, that word gets thrown around so often, it's lost its meaning. It almost seems like anyone who can get on a computer, log in, do more than just access the Web (such as use a specialized program for their job), and log back out are labeled as "professionals". Real high standards these days, eh?

Re:Windows is nothing if not backward-compatible (2, Insightful)

Anonymous Coward | more than 2 years ago | (#36485898)

impossible to roll back any changes, besides reformatting and restoring from a backup

Btrfs snapshots. Fedora already has support for automatic snapshotting with yum so that you can yum install or yum remove something and, hey, unintended change? Rollback.

Even such basic functionality as letting a program change what it will, but only applying the changes only to said program's context - pretend-admin, in other words - is missing

Google for cgroups and isolation... there's a more specific term that will get you there immediately, but I can't think of it at the moment, as I've never used it, only read about it. It's basically a better, Linux-only chroot capability.

What the grandparent is trying to say about FTP vs. email is that FTP clients won't automatically execute the viruses they download (unlike Outlook.)

Re:Windows is nothing if not backward-compatible (0)

Anonymous Coward | more than 2 years ago | (#36486078)

Since a Pepsi can is made of aluminium, it would simply dissolve in HCl (and blow up if it was closed due to the build-up of hydrogen). And the rest of your statement is just as nonsensical - what, transferring files through FTP is somehow more dangerous than through HTTP?

Aluminum cans have a lining that prevents the acid from eating away at the inside of the can [stevespanglerscience.com] .

Re:Windows is nothing if not backward-compatible (3, Interesting)

jimicus (737525) | more than 2 years ago | (#36484566)

And your university is broadly doing the right thing. (Though it's wholly unnecessary to yank archives unless they contain executables, any self-respecting mail scanner will be able to read more-or-less any archival format).

Scanning for "known-bad" things stopped being a good idea years ago. Frankly, unless you take a very hard line to block everything even remotely risky you are more-or-less guaranteeing a lot of clean-up work dealing with exploits. Every time something gets through, your staff can look forward to several hours of clearing up the resulting mess - and that's with a relatively small organisation.

Google have the resources to effectively crowdsource much of this, and they don't have to deal with the fallout of anything that slips the net.

What you should be doing is working with the system rather than against it - and the system should be set up to make it easy for you to do this. Services like yousendit.com are a rather more satisfactory solution for most endusers than an FTP server; I daresay a university should be able to put something similar together inhouse.

Re:Windows is nothing if not backward-compatible (1)

Randle_Revar (229304) | more than 2 years ago | (#36485540)

>Services like yousendit.com

Please don't encourage those assholes. The spread of services that make their name include their TDL and come up with the rest of their name by describing what they do is one of the most irritating computer-related trends to come along in recent year. It might not be quite as bad if users didn't fall for it - "gotomypc.com? They can do that now? I'll try it, sounds useful!"

Re:Windows is nothing if not backward-compatible (2)

houghi (78078) | more than 2 years ago | (#36484574)

You are on /., so I assume you have access to at least a website and the ability to upload files there. Copy and paste the URL.

As you are using email to send those files, security should not be an issue. If you want some minimal security, you could link to a page with a login and/or password. Several more methods are available to make it secure.

Re:Windows is nothing if not backward-compatible (2)

donaldm (919619) | more than 2 years ago | (#36484688)

Yes, because there's never a legitimate reason to send/receive executables. My university does this stripping crap and it's annoying as hell. They even yank out archive files. I eventually had to switch to Gmail from the university system, because I would send a colleague a zip file and they would email me back that I forgot to send an attachment (or vice-versa).

A better option than blindly modifying emails is to look for virus signatures in the files. At least that way, you're only eliminating the things that are known to be harmful.

Yes we do know that is a a problem but "think of the children" :)

On a more serious note. The best way is to take off the .exe or .zip or .whatever and send the binary as a simple file or even enclose the binaries in an compressed archive and take off the extension so you can send it. The problem is the person who is going to receive the binary must know how to put it into a format that is usable and it is amazing the number of people who have no idea how to do this even when you explicitly tell them in the email.

Actually I use Gmail as my main mailer and can easily operate in Corporate environments. The only issue I have in the particular place I working at the moment is the firewall stops my Kmail client so I just use Web Gmail during the day and when I get home i transfer all mail to my local folders.

Re:Windows is nothing if not backward-compatible (0)

Anonymous Coward | more than 2 years ago | (#36485454)

Actually I use Gmail as my main mailer and can easily operate in Corporate environments. The only issue I have in the particular place I working at the moment is the firewall stops my Kmail client so I just use Web Gmail during the day and when I get home i transfer all mail to my local folders.

If your company allows gmail, I'm surprised they know enough about security to have antivirus at all, let alone a firewall...

Re:Windows is nothing if not backward-compatible (0)

Anonymous Coward | more than 2 years ago | (#36485266)

Why not just send encrypted zip files and put the password in the body of the E-Mail (and rename the .exe to something else and put the explanation in the e-mail as well). That way no scanner can sniff it.

Re:Windows is nothing if not backward-compatible (1)

Anonymous Coward | more than 2 years ago | (#36485736)

Because any security gateway worth its subscription fees will be scanning for file signatures and blocking anything that is 'malformed'. An encrypted zip file with no extensions will certainly attract attention on anything I've setup, just because of the risk that a user is trying to bypass something.

Win7 question (-1)

Teun (17872) | more than 2 years ago | (#36484380)

I hear from users and fanboys that Win7 is much more hardened than say WinXP

So my question is does this old virus still run on Win7?

Re:Win7 question (1)

walternate (2210674) | more than 2 years ago | (#36484622)

I hear from users and fanboys that Win7 is much more hardened than say WinXP

So my question is does this old virus still run on Win7?

If you actively run it and give it permission, yes. Since you mention fanboys, the Mac variety always claim malware doesn't count if users have to do that. Compared to XP it helps that Win7 have UAC, but the best defense against PEBKAC malware like this is running antimalware software like Security Essentials, which you also can do on XP.

If you really were interested, there is a lot of information out there about the security differences between XP and Windows 7, they are quite extensive (ASLR, DEP, UAC, improved firewall (with multiple active profiles), Windows Service Hardening, Protected Mode browser, etc.)

Re:Win7 question (1)

Teun (17872) | more than 2 years ago | (#36484796)

As a non-Win7 user I was interested, yes I saw reports of such an infection but your explanation it needs to get permission explains a lot.

About the users :)

Re:Win7 question (1)

Opportunist (166417) | more than 2 years ago | (#36484900)

Any malware that gets executed by the user and granted privileges runs on any system that the executable format it is in can run on. That's true for Windows 95, Windows 7, MacOS of any version and Linux of any flavor.

No system can defend against the stupidity of its owner. Unless the system is actually "protected" from its owner. For further reading, look up DRM and TCPA.

Maybe people should have to register their PC (0)

crusty_architect (642208) | more than 2 years ago | (#36484386)

Maybe people should have to register their PC before they connect it to the Internet?? Maybe people should have to get a license to use a PC on the Internet? It might reduce the carnage on our roads ^H^H^H^H^H^H^ Internet....

Re:Maybe people should have to register their PC (1)

pandrijeczko (588093) | more than 2 years ago | (#36484418)

Yes, AND they can get off my bloody lawn as well, before I set the dogs on them.

Re:Maybe people should have to register their PC (4, Insightful)

Anonymous Coward | more than 2 years ago | (#36484424)

I'll support that.
Right after we require a license to have children.

That would fix alot more stupid thanjust a computer worm problem.

Re:Maybe people should have to register their PC (0)

Anonymous Coward | more than 2 years ago | (#36484486)

Anyone detected running MyDoom should be sent to the holding facility and executed. All family members sterilezed to prevent reproduction

Re:Maybe people should have to register their PC (1)

donaldm (919619) | more than 2 years ago | (#36484720)

Maybe people should have to register their PC before they connect it to the Internet?? Maybe people should have to get a license to use a PC on the Internet? It might reduce the carnage on our roads ^H^H^H^H^H^H^ Internet....

Excuse me while I press my brown uniform and shine my jackboots, the DRM people are making me work overtime again :)

Re:Maybe people should have to register their PC (1)

Opportunist (166417) | more than 2 years ago | (#36484968)

I'm not really happy with the idea of handing the government even MORE say of what I may do with my computer and what I may not, it's not like they already take more than enough liberties (pun intended) in this matter.

But how about a radical idea: Make people responsible for what their computers do. Make them legally liable if their machines spew out spam and participate in DDoSs, at least if a reasonable amount of precaution has been taken. I'm aware that you cannot easily defend against all threats out there, and I am willing to accept that people should not be required to get an IT degree just to be allowed to join the internet, but I think it's not asking too much to keep your system up to date and patched (especially considering how pretty much every current system does it automatically) and at least TRY to protect themselves against malware. Use whatever AV suite and I'm already happy. You took reasonable precautions, as much as could be expected from a computer illiterate, you're off the hook. You decided to click away every warning your system presented to you, then take responsibility for your stupidity.

Re:Maybe people should have to register their PC (0)

Anonymous Coward | more than 2 years ago | (#36485278)

Spam could be reduced 90+% overnight if we just apply the same precedent of law as we do with prostitution.

Not only do we arrest the prostitutes, but we arrest anyone that attempts to purchase a prostitutes services.

Simply arrest the spammers, and heavily fine if not arrest anyone who purchases anything from spam.

We can even use the same illegal entrapment methods! Just as cops can dress up as prostitutes and try and get a person to pay for their services, then arrest them... They can send out spam selectively and arrest anyone who responds with a payment.

Personally I feel both situations are morally and legally wrong for law enforcement to do, but as I said, we have decades of precedent of law enforcement doing it and getting away with it despite its illegal nature, so that shouldn't bother or stop them any.

I also personally feel this would be equally as bad as being forced to register your PC, just as you seemingly feel. But it is the only real method of attack that could succeed.

Re:Maybe people should have to register their PC (1)

Opportunist (166417) | more than 2 years ago | (#36486122)

Unfortunately, unlike with hookers, you don't know if the one spamming is the one who wants to sell. Under your law, if I want to put you out of business, all I had to do is to send out spam advertising your product.

Re:Maybe people should have to register their PC (1)

sjames (1099) | more than 2 years ago | (#36485906)

How about we actually hunt down and prosecute the people who release these viruses and use them to spam and DDOS

It is EXTREMELY dangerous to start attaching criminal responsibility to people who had no criminal intent and took no criminal action due to their victimization by (harder to catch) criminals. Eventually, the police would just stop trying to get the actual criminals (too hard) and would focus exclusively on the easy to catch victims.

If someone buys a computer with "anti virus" software on it that turns out to be fake, should they have known better? How about if it only cost $50 for the AV in a world where it usually costs $500 because "your freedom is too valuable to risk"?

An, of course, once the principle is established, overeager DAs will be only too happy to expand it to cover practically anything you might own. How much care is 'reasonable' to make sure your kid's baseball bat isn't used to beat someone to death?

Yes, in an area where for all practical purposes there is no law enforcement, people should use more caution. No, they don't deserve criminal prosecution if criminals victimize them. I'd rather law enforcement concentrate their efforts on the actual criminals.

Re:Maybe people should have to register their PC (1)

Opportunist (166417) | more than 2 years ago | (#36486162)

Because the internet is an international world where national borders mean jack, while that's not the case with law enforcement. The people writing and operating malware rarely sit in the US or France. They usually hail from a country the name of which ends in -stan, where law enforcement gets a good chuckle out of it if you ask them to prosecute someone spamming or phishing in your country. They have real crimes to prosecute, and they don't give a rat's behind about your problems. I mean, do you care about theirs?

It's also not criminalizing the victim, it's criminalizing someone who is criminally careless. I don't know about your country, but in mine it is considered "incitement to crime" if you leave your car keys in your unlocked car or your entrance ajar while you're not home, and both can be fined (not to mention that your insurance will certainly not cover any losses). Why should criminal neglect be unpunishable in the vicinity of computers? Why is every law suddenly completely different when you add "done with computers"?

It's common sense to lock your car and house when you leave it. It's common sense not to let anyone in your home. It's common sense to not believe someone who offers to give you some money for nothing. Why is everything different when it comes to computers?

Re:Maybe people should have to register their PC (1)

sjames (1099) | more than 2 years ago | (#36486688)

If the U.S. can start extradition for a college kid in the U.K. over a few LINKS to allegedly pirated material, we can find a way to get at massive crime syndicates in other countries attacking millions of citizens here. If some other country won't curb their criminals (at least to the point of keeping their crimes within their own borders), cut them off (or filter them heavily) until they change their minds.

The Senate can't seem to keep their machines secured, more than one police department has failed as well (and much more seriously than accidentally relaying some spam). The DoD and even the CIA have had their failures as well. Multi-billion dollar corporations have plenty of failures there. Why should Aunt Tilly with her much more limited resources (including access to expert advice) be expected to do any better?

Next problem is who decides what is adequate? Must run anti-virus software? Where will I get that for my Linux, *BSD, or experimental MyOS (and why should I)? How about for Minix? If you decide to make exceptions, guess what major OS vendors will spend gadzillions in lobbying dollars to get their OS exempted and make sure *BSD and Linux are not.

There is also a big difference between a misdemeanor fine for failing to adequately secure a system (presuming agreement can be reached on what is adequate and it can be expressed in reasonably simple terms) and being held responsible for whatever it does when infected.

Re:Maybe people should have to register their PC (1)

sjames (1099) | more than 2 years ago | (#36485790)

So, do you have a license to sell hair tonic to bald eagles in Omaha Nebraska?

XP Mode? (1)

Anonymous Coward | more than 2 years ago | (#36484410)

Sure it's not XP mode?

I don't run antivirus software in the VM because the VM almost is never up, but I wonder about people using it for significant amounts of time on a non-firewalled system. XP versions before SP1 would get root'd by simply having internet access.

Re:XP Mode? (2, Insightful)

pandrijeczko (588093) | more than 2 years ago | (#36484458)

Look at it another way...

If spammers suddenly discovered that sending out millions upon millions of unsolicited emails generated no revenue whatsoever because nobody ever opened them, then spam would stop overnight as the spammers would have to go and find new ways to make money.

On the basis that spam has not stopped, I think it's safe to assume that there are still lots of people out there interested in buying viagra or bigger willies from some complete stranger on the other side of the world, even though very few (if any) of those knuckle-draggers ever probably ever come here on Slashdot. (Fanbois, zealots and geeks - yes. Pedos, knuckle-draggers and estate agents, no.)

Stated in those terms, do you see now why it is perfectly feasible that there are computers out there with absolutely no virus checking on them that haven't been updated for nigh-on a decade.

Re:XP Mode? (3, Informative)

rhook (943951) | more than 2 years ago | (#36484520)

Stated in those terms, do you see now why it is perfectly feasible that there are computers out there with absolutely no virus checking on them that haven't been updated for nigh-on a decade.

You wouldn't believe how many systems I have worked on that have anti-virus installed that came with the system but hasn't been updated since the free trial expired. I really wish manufacturers would stop shipping systems with anti-virus software that is only good for 60 days. Almost nobody ever pays for the subscription after the trial expires.

Re:XP Mode? (2)

MichaelSmith (789609) | more than 2 years ago | (#36484542)

Computers should be safe to operate without expensive add on software.

Re:XP Mode? (0)

Anonymous Coward | more than 2 years ago | (#36484886)

I sometimes wonder how we ever reached the point that software is shipped with hundreds of security holes in it, followed by a race between programmers trying to patch the holes and those trying to exploit them. Would this be acceptable in any other field?

Re:XP Mode? (1)

realityimpaired (1668397) | more than 2 years ago | (#36485256)

Seems to work for DHS... and it has worked for the aviation industry for more than 50 years.... Do you have any idea how many regulations exist today in aviation specifically because somebody tried doing it differently, and people died as a result?

Re:XP Mode? (2)

GIL_Dude (850471) | more than 2 years ago | (#36484942)

Computers should be safe to operate without expensive add on software.

That's an interesting thought. How about "cars should be safe to operate without expensive add on software / hardware". Guess what? They are! It is the idiot drivers that crash the cars by going too fast in poor conditions, tailgating, and other poor decisions and unsafe usage. This is the same thing as with computers. All major operating systems ship now with security features in place that help to keep users safe. Firewalls (on by default), ASLR, DEP, etc. have become pretty standard. The thing that hasn't changed is the user. Just like the driver that makes unsafe lane changes, the computer user runs untrusted code that was sent to them by strangers. Often times they "have to install this special video codec to watch [insert celebrity name here] boobs". Not only do they install this "codec", they give it admin rights.

Computers are safe to use without add on software. It is the user who isn't safe because they don't pay any attention to the myriad of warnings they are given and continue to practice unsafe computing.

Elevation in codec installers (1)

tepples (727027) | more than 2 years ago | (#36485564)

the computer user runs untrusted code that was sent to them by strangers

Then how should code become trusted?

Often times they "have to install this special video codec to watch [insert celebrity name here] boobs". Not only do they install this "codec", they give it admin rights.

As I understand it, codec installers require the user to elevate because operating systems' multimedia frameworks offer no easy way to install a codec to a single user's account. Instead, codecs must be installed to the system for all users.

Re:XP Mode? (1)

asdfghjklqwertyuiop (649296) | more than 2 years ago | (#36485812)

All major operating systems ship now with security features in place that help to keep users safe. Firewalls (on by default), ASLR, DEP, etc. have become pretty standard.

Buffer overflows in browsers, Flash, PDF readers, media players and more have all become pretty standard too. Merely browsing to a particular web site should not cause a computer to become overrun with malware, but sometimes it can.

Re:XP Mode? (2)

sjames (1099) | more than 2 years ago | (#36485944)

Not necessarily. In a car, driving too fast, running a light, tailgating, etc are never appropriate.

Clicking OK is quite often the correct answer with a computer. You can't install software without it. The computer shouldn't make opening a data file and running an executable look and feel exactly the same.

Re:XP Mode? (2)

Opportunist (166417) | more than 2 years ago | (#36484990)

No problem. We'll lock the computer down to the point where you may only install approved applications from an approved source. Sure, there'll be some exploits, but they'll be closed and you'll be forced to update (you automatically get them pushed onto your machine next time you connect to the internet, before any other connections are allowed). If a problem is detected your machine is shut down to prevent it from damaging other machines, the only connection possible is to the approved source and it will stay that way until a fix has been pushed that ensures your machine is safe again.

Sounds good? I hope so, because it's the only way your goal can be accomplished.

The main reason is that computers are all purpose devices that MUST execute what the user wants them to execute. They may warn you that the operation you are trying demands elevated privileges, but they are helpless against a user that ignores that warning for the promise of dancing pigs. Unless the user does not have the final say in what should and what should not be executed, your goal cannot be accomplished.

Personally, I prefer freedom to security. Judging by the success of Apple lately, I'm a dying breed.

Re:XP Mode? (1)

ColdWetDog (752185) | more than 2 years ago | (#36485572)

No problem. We'll lock the computer down to the point where you may only install approved applications from an approved source. Sure, there'll be some exploits, but they'll be closed and you'll be forced to update (you automatically get them pushed onto your machine next time you connect to the internet, before any other connections are allowed). If a problem is detected your machine is shut down to prevent it from damaging other machines, the only connection possible is to the approved source and it will stay that way until a fix has been pushed that ensures your machine is safe again.

Your ideas intrigue me and I would like to subscribe to your newsletter, please sign me up.

Steve
Sent from my iPhone

Re:XP Mode? (1)

tepples (727027) | more than 2 years ago | (#36485578)

We'll lock the computer down to the point where you may only install approved applications from an approved source.

Are you referring to video game consoles, where only established companies are approved sources? Or are you referring to iOS, where any Mac owner with $100 a year is an approved source?

Re:XP Mode? (2)

pandrijeczko (588093) | more than 2 years ago | (#36484582)

Any time I'm asked to set up a new desktop or laptop PC for friends or family, the Norton Trialware in the first thing I remove and install free anti-virus like Microsoft Security Essentials or AVG.

I'm sick off TV ads where Symantec and other commercial security software vendors give the impression they are a one-stop solution to user ignorance with their over-rated bloated packages designed to do little more than to get you to hand over a credit card number for their subscription.

Frankly, I've had much better results installing the free stuff and then sitting down with the new PC owners for a 1/2 hour explaining the perils of downloading and running warez or opening an unknown email attachment.

Re:XP Mode? (1)

donaldm (919619) | more than 2 years ago | (#36484842)

You wouldn't believe how many systems I have worked on that have anti-virus installed that came with the system but hasn't been updated since the free trial expired. I really wish manufacturers would stop shipping systems with anti-virus software that is only good for 60 days. Almost nobody ever pays for the subscription after the trial expires.

Yes I would believe since the PC's I have brought came with the wonderful 60 day virus scanner trial. My latest laptop (HP dv7 i7) came with Windows 7 however I just blew it away and installed Fedora 14 (now 15) and I use this machine for home and corporate use.

Before people say that using a private machine in a corporate environment can aid in espionage I would answer yes it can, but unless the firm you work for provides a corporate machine you have no choice but to use your own. Anyway there are so many other devices (smart phones, usb sticks, portable disk drives ...) that can better aid in corporate espionage.

Re:XP Mode? (0)

Anonymous Coward | more than 2 years ago | (#36484632)

Amazing that such a machine could still run at all given all the junk that must be on it.

Re:XP Mode? (1)

Opportunist (166417) | more than 2 years ago | (#36485018)

These people don't care, the 3 applications they use (internet, mail, some word processor) are working and they're happy with that. Chances are they don't even notice how much of their CPU time is already clogged with trojan work since the tasks they want to run would require at best 10% of the CPU's capacity. Whether the trojan eats 50% or not, i.e. whether the idle task runs at 90% or 40%, they don't know, care or notice.

Flash CPU use (1)

tepples (727027) | more than 2 years ago | (#36485592)

the 3 applications they use (internet, mail, some word processor) [...] require at best 10% of the CPU's capacity.

If by "internet" you mean the web, then I've seen sites using Adobe Flash or HTML5 new features use far more than 10% of a core.

Re:Flash CPU use (1)

Opportunist (166417) | more than 2 years ago | (#36486184)

You're looking at someone like my dad in such a scenario. They have their set of pages they keep visiting, they have their set of people they communicate with and that's pretty much what they do with computers. If a flash app doesn't run, it does not bother them. They might even blame their "old" computer that it's not running right, but since it's nothing they're interested in, they just patiently wait for it to go away or search for the "skip" button. They're used to slow computers, chances are their machine at home is about as fast as the one at work, if not faster (yes, even if it's 3+ years old), and they won't question why it's stuttering.

Re:XP Mode? (0)

Anonymous Coward | more than 2 years ago | (#36484994)

If spammers suddenly discovered that sending out millions upon millions of unsolicited emails generated no revenue whatsoever because nobody ever opened them, then spam would stop overnight as the spammers would have to go and find new ways to make money.

This is false simply because there are new spammers being born every minute. Nigeria alone is 180 million people. It will take some time before they all have understood spam doesn't pay. By that time, there is a new generation or two, that hasn't learned.

Re:XP Mode? (2)

downhole (831621) | more than 2 years ago | (#36485328)

I'm not sure if it's true, but i have heard that a lot of the spam is a result of the spammers themselves being scammed. They find some less bright guy running some sort of shady small business and convince him that spam is a legitimate form of marketing. He buys into it and pays to send some spam. Whether or not it works at all, the spammers still make money. Which means that spam will keep going as long as there are no consequences for the spammers and there are stupid people running shady businesses.

Don't forget "HOT" copies of WindowsXP (0)

Anonymous Coward | more than 2 years ago | (#36485562)

" that haven't been updated for nigh-on a decade." - by pandrijeczko (588093) on Saturday June 18, @08:02AM (#36484458)

That doesn't help either on what you note, but, staying on that track/line-of-thinking?

Well, I've read online that for instance, the communist block (think China, Russia, etc.) has TONS of illegal copies of Windows XP in use, AND going around for "sale".

Not good!

Most especially in regards to what you are alluding to in your post I have replied to now.

I.E.-> You can't update stolen/illegal copies of Windows XP via Windows Update! At least not typically & "automagically" via Windows update...

So, they're most likely sooner or later going to become "malware nests" as well - which IS exactly what I call them here personally!

Bit "off track" here but trying to make another point on ignorance of end-users (which is excusable, as nobody is "all-knowing", plus, they are expert in other things, & in this case medical know-how)

E.G.-> A pal of mine's a security guard/PI - he works a large complex where young doctors & interns live nearby a local hospital where they work.

Sometimes when he's on duty, I go & hang out w/ he (lots of idle time in those jobs until he does rounds or documentation) & play chess when I have time.

There, doing his rounds, He finds computers that these often fairly wealthy folks just "toss out" to the dumpster area, & guess what?

THEY ARE LOADED with malware, & I mean way, Way, WAY LOADED...

Case-in-point example: Once on 1 system we salvaged for my buddy to use - upon testing it, I think I sent enough infestation samples to ESET (via NOD32) that must have made their signatures table WAY more effective & off of only 1 system we found!

(Once cleaned, that system was perfectly FINE too, no less, but just so "lagged" by malware, it would take 10 minutes for it just to boot up).

APK

P.S.=> So, imo @ least? The worst part of the equation, & this holds true on ANY Operating System platform, are the users that don't give a hoot, or are just ignorant, of how to keep safe online & also to secure their computers beyond the default!

Personally, were I Microsoft (or really, ANY OS maker)?

FIRST - I'd ship the system TOTALLY "security-hardened" & I don't mean "playing around" Firewall + AntiVirus reactive technology hardened only! Odd part here is, that MS does make such a build, for the U.S. Military & has for almost a decade now in fact.

SECOND - I'd also ship it 'shut down' on a LOT of things in it initially: By that, I mean anything (think services, disk/file shares, & remote access possible apps onboard etc.) that could potentially be a vector for infestation...

Then, the user themselves would have to "open the doors" themselves. When they do, & start trying to?? A help message would pop up & have SOLID as easily understood as possible explanations of what the thing does they are opening up/enabling AND MORE IMPORTANTLY, potential downsides (& how to avoid them).

This also would put MORE of the liability ONTO THE USER, and give them a "schooling" @ the same time!

(Especially the irresponsible OR ignorant/uninformed users that keep this stuff on their systems for years-to-decades & keep getting more as well)

That also would take some the "heat" off the OS vendor also, to an extent, as well!

Just a thought.

... apk

Re:Don't forget "HOT" copies of WindowsXP (1)

jmottram08 (1886654) | more than 2 years ago | (#36485614)

Security updates work fine, even if the copy of XP is pirated. Either way, anti wirus / malware software is free.

Not via Windows Update (0)

Anonymous Coward | more than 2 years ago | (#36485684)

Which IS what most "ignorant/unaware" OR uncaring end-users utilize typically, because they are NOT aware of anything else & typically want - "automagically done for they" (or again, just don't care)...

Now, THAT was my point!

Perhaps you missed "catching my drift" is all!

(OR perhaps I did not express myself as well as I should have & was not clear enough on that - even though my posts are VERBOSE as all "get out" admittedly, & that's why: To make points, via details & examples, usually)...

Per this:

"Security updates work fine, even if the copy of XP is pirated." - by jmottram08 (1886654) on Saturday June 18, @12:03PM (#36485614)

If applied manually... grabbing them from say, here:

http://www.microsoft.com/technet/security/bulletin/ms11-jun.mspx [microsoft.com]

Each "Patch Tuesday"...

In that case? Yes, I may agree. Otherwise, & per MY point (which I don't think you got)?? Well... there you are.

APK

P.S.=>

" Either way, anti wirus / malware software is free." - by jmottram08 (1886654) on Saturday June 18, @12:03PM (#36485614)

Agreed, & thank goodness (alongside firewall tech as well), but... it's REACTIVE TECHNOLOGY (mostly, unless you consider heuristics "best guess" tech (ala "smells like a duck, tastes like a duck - it must be a duck") but, that opens up the possibility of FALSE POSITIVES).

Which is why I put in the part I did in my "p.s." in my last post... super-harden the OS by default, ship with anything that can be accessed remotely off by default also!

I think THAT would do a hell of a job for end-users education, security, AND for OS vendors also!

... apk

Re:XP Mode? (0)

Anonymous Coward | more than 2 years ago | (#36485576)

Look at it another way...

If spammers suddenly discovered that sending out millions upon millions of unsolicited emails generated no revenue whatsoever because nobody ever opened them, then spam would stop overnight as the spammers would have to go and find new ways to make money.

On the basis that spam has not stopped, I think it's safe to assume that there are still lots of people out there interested in buying viagra or bigger willies from some complete stranger on the other side of the world, even though very few (if any) of those knuckle-draggers ever probably ever come here on Slashdot. (Fanbois, zealots and geeks - yes. Pedos, knuckle-draggers and estate agents, no.)

Stated in those terms, do you see now why it is perfectly feasible that there are computers out there with absolutely no virus checking on them that haven't been updated for nigh-on a decade.

Spam and worms are both problems and similar in using the SMTP network structures. But they are vastly different in terms if what they do. In the case of spam you have the option of wanting more information or to buy whatever is advertised. A terrible thing but still not destructive. Worms and other virus' on the other hand want to get you to click on their "ads" not to sell you something to to provide you with more information about the service or product. They mislead people to get the click and install destructive material on your computer. This is much, much worse then spam!!

Re:XP Mode? (1)

houghi (78078) | more than 2 years ago | (#36484600)

I don't run antivirus software in the VM because the VM almost is never up

That is like never using a condom, because you hardly ever get laid.
The protection is not to protect the world from you. In first instance it is to protect you from the rest of the world. Only AFTER you are infected is it to protect the rest against you.

(I pull the trigger in Russian roulette, because there are almost no bullets in the pistol. What? Why should I use a revolver?)

Re:XP Mode? (1)

flappinbooger (574405) | more than 2 years ago | (#36484812)

But you can't just get to xp mode and be an idiot, I doubt it is the cause of this. Also the XP mode VM that comes with win7 Pro and Ult is SP3.

There are some scenarios where it could be possible to go unpatched for that long and then suddenly get infected:

Bubba picks up "one o' dem dare computer thingies" from a garage sale. "ain't nebber been on der inter-tubes, momma!" "Plug 'er in, bubba! The tubes man was here and said it's all hooked up!"

The computer HAS been on the internet for 7 years and has gone unpatched completely, but Peggy Sue only gets emails from Grandma Jane and only plays solitaire and hearts on Yahoo. After 7 years grandma dies and she goes looking for casket polish (or some other innocent term) - bam, infection.

Jimmy learned all about "fixin computers" from uncle roy, the smelly old timer with food and tobacco spit in his beard and tinfoil stuck in his hat so the black helicopters won't read his thoughts. When Jimmy crashed ma and pa's computer by trying to look up goat sex, (but he was just curious so it's ok,) he popped in the 8 year old CD from the bottom of the drawer and "fixed it right up in a jiffy!"

Here's one I've seen many times: Johnny Ray lives in the country over by the holler, but the DSL just made it out that way. Johnny Ray had been using dialup (except when it rains since the line noise is bad then) but he switches to DSL. "Yeee HAAA! Look at all them titties pop right up!" Since he had dialup for the last 8 years he never did "any o' dem dare winders updates cuz it would take too long," but now with DSL he has a whole new world to explore. BAM, infection city.

There is an unlikely scenario, but it might just be possible for someone to blindly traipse around the internet unpatched and never catch anything serious, but that person is either exhibiting some sort of fantastic idiot savant abilities or are truly so lucky they must also tend to find winning lottery tickets in gumball machines.

Re:XP Mode? (3, Insightful)

rvw (755107) | more than 2 years ago | (#36485318)

XP versions before SP1 would get root'd by simply having internet access.

If I run a VM (XP or something else), that VM must have a different ip-address than the host, and to have internet access, there must be some kind of router or routing system. To reach the VM from the internet, port forwarding must be configured. Maybe the host IP is directly accessible from the outside, but the VM is not. Even if no firewalls are active, there is no way that the VM can be infected simply by starting it up and giving it internet access. So for an infection to occur, you need to start a browser to visit a website that infects the OS of the VM. (And of course the host could be infected, and then spread the virus to the local network, but that's something else.)

So can you explain how this VM will be infected after it started up without doing anything else on the machine?

mama said to always wear protection (-1)

Anonymous Coward | more than 2 years ago | (#36484414)

and to insist on a shaved pussy so no such problem here.

Re:mama said to always wear protection (-1)

Anonymous Coward | more than 2 years ago | (#36484502)

Long live AC...

Oh, I see! (4, Insightful)

Ross R. Smith (2225686) | more than 2 years ago | (#36484430)

The only thing that comes to mind is 'PEBKAC'.

Re:Oh, I see! (3, Interesting)

Opportunist (166417) | more than 2 years ago | (#36485062)

Responsible for about 90 to 95% of all new infections.

I'm not kidding here, when you look at the current threats, you'll notice that most do not target exploits. Why should they? There is a very good reason not to target exploits but target the big layer-8 exploit sitting in front of the machine.

1. Exploits get fixed. Users don't.
2. Exploits are sometimes hard to craft. It's way easier to create a "click here to see the pig dance" executable.
3. It's easy to adapt social engineering to a new "exploit" (e.g. when a new catastrophe hits, "click here for gory details") rather than adapting an exploit to circumvent AV tools and patches.

If you're trying to break into a machine, use the biggest security hole that no software maker can ever patch: The user. Since most blanket attempts at phishing don't care whether they hit Joe Random over there or you, it wouldn't even matter if 90% of the users were smart enough not to click, it still wouldn't warrant the additional expense of writing code to exploit a security hole in the system.

The Definition of Ignorace. (3, Insightful)

geekmux (1040042) | more than 2 years ago | (#36484562)

Is this really any surprise to anyone? People still believe that Bill Gates is going to pay you for forwarding email. Most attacks (malware, trojans, viruses, etc.) feed on the ignorance of the average person. It's sad really, but I don't expect anything different 27 years later, much less 7.

Re:The Definition of Ignorace. (1)

discord5 (798235) | more than 2 years ago | (#36486006)

People still believe that Bill Gates is going to pay you for forwarding email.

Well, there goes that lucrative 2nd income. I hope Santa doesn't skimp this year, I could really use some money.

Virus checker bloat (2)

Twinbee (767046) | more than 2 years ago | (#36484778)

Or alternatively, not have a virus checker at all as it slows down PCs, and misdiagnoses all the time (I don't need it deleting files which I know are NOT a problem).

Just be careful what sites you visit, do backups (using SyncBack of course) and a system restore will usually solve minor problems.

Re:Virus checker bloat (4, Insightful)

Opportunist (166417) | more than 2 years ago | (#36485078)

And if you drive carefully, what do you need safety belts and airbags for?

Re:Virus checker bloat (1)

Twinbee (767046) | more than 2 years ago | (#36485172)

Safety belts don't choke you to death though, and airbags aren't made of lead.

Re:Virus checker bloat (1)

Opportunist (166417) | more than 2 years ago | (#36486108)

Ok, but I'm a safe and careful driver, so according to your theory I don't need either.

Re:Virus checker bloat (1)

dotgain (630123) | more than 2 years ago | (#36486470)

Ok, but I'm a safe and careful driver,

That may be true, but you're a careless analogy-maker. Vehicle restraint systems and anitvirus software are utterly dissimilar.

But let's play your game: How many human lives have been saved as a direct result of antivirus software?

Re:Virus checker bloat (1)

Celarent Darii (1561999) | more than 2 years ago | (#36486536)

But not everyone on the highway is safe or careful. The seatbelt protects you mostly from accidents with other people, not yourself.

Re:Virus checker bloat (0)

Anonymous Coward | more than 2 years ago | (#36486204)

The dumbass who rear-ends you at a high speed when you're at a stop and have cars around you and nowhere to move out of the way.

Re:Virus checker bloat (1)

Opportunist (166417) | more than 2 years ago | (#36486374)

You mean like the webpage you visit regularly and that you trusted which was hijacked and seeded with an exploit?

Re:Virus checker bloat (0)

Anonymous Coward | more than 2 years ago | (#36486656)

There is a point here. When was it that so many AV companies decided that rather than throwing notices it was a good idea to just delete things? I once traced a repeatedly disappearing file to AVG SILENTLY deleting it on scans (now I grant it wasn't the intended behaviour, but nonetheless, any other software doing that would be beyond shocking).

Build cleaners into free entertainment software (3, Interesting)

LoudMusic (199347) | more than 2 years ago | (#36484794)

If you really want to get people to run virus scanners (without making the scanner a virus itself) you'll have to make it beneficial to the individual. Create some really fun game and buried in the EULA mention that the program does a virus sweep each time it launches.

Either that or fight fire with fire.

Re:Build cleaners into free entertainment software (0)

Anonymous Coward | more than 2 years ago | (#36485324)

Good idea. Pay a bounty in bitcoin for each scan made.

Re:Build cleaners into free entertainment software (0)

Anonymous Coward | more than 2 years ago | (#36485338)

Yes, because running a virus scan and playing games go so well together.

Re:Build cleaners into free entertainment software (0)

Anonymous Coward | more than 2 years ago | (#36486186)

Software created as an incentive to run another piece of software that a user would otherwise have not run? What a way to train people to get a virus! Maybe this software should include a promise that it itself is not a virus!

civil war between different factions of the Linux? (1)

at_slashdot (674436) | more than 2 years ago | (#36484834)

Now this is a ridiculous description: "infected computers as part of a civil war between different factions of the Linux community."

Some computers need to be shot. (0)

Anonymous Coward | more than 2 years ago | (#36484870)

If you are a multi million dollar company you can afford to upgrade from IE6, and if you are a computer novice who keeps getting viruses you need to either learn or if like this case you should get your brain examined.

Re:Some computers need to be shot. (2)

Opportunist (166417) | more than 2 years ago | (#36485086)

Actually, if you're a multi million dollar company you might not be able to upgrade from IE6. I know of such a company. Their main application that the whole company hangs on is written for IE6, with IE7+ unable to render it sensibly.

And yes, we're talking about a friggin' HUGE company here. Think Sony. Just big.

Re:Some computers need to be shot. (2)

Dr_Barnowl (709838) | more than 2 years ago | (#36485542)

Just because you're a giant, doesn't mean your brain disease isn't serious.

But the thing about software, is that it costs the same to fix no matter how many people use it. The surgeon still costs the same.

Re:Some computers need to be shot. (1)

Opportunist (166417) | more than 2 years ago | (#36486210)

True, but "it's working, isn't it? Then why change it?"

That was, in a nutshell, the answer I got. And that's also the reason why changes are unlikely to happen any time soon. It's working. Changing it costs at least 6, more likely 7 digits. No chance that you could get that kind of money to change something that "is working".

RE ENAS ADMIN NA TO DII GLIORA (-1)

Anonymous Coward | more than 2 years ago | (#36484912)

RE EKAMATE BAN GIA TO LAG M PERMANETLY XORIS NA ME PITE NA TO SASO -.- KAMETE UNBAN RE
[AMXBans] You are permanently banned.
[AMXBans] Banned Nickname : eXpLaY.-
[AMXBans] Reason : ' lager '
[AMXBans] You can complain about your ban @ www.gamers-cy.com
[AMXBans] Your SteamID : ' STEAM_0 : 1 : 40891246 '

Why give a fsck if Microsoft or SCO are attacked? (0)

master_p (608214) | more than 2 years ago | (#36485420)

Why should the average Joe care if a virus creates a DoS attack on Microsoft or SCO? all that he cares about (and he is right to do) is if his computer does the job he wants. If it is too slow, he can always service it or buy a new one.

Instead of blaming the people actually responsible for the mess (i.e. the developers of the virus or of the operating system that let this happen), it is the users that are blamed? WTF?

clone my doom to make a warning and boot them off (1)

Ex-MislTech (557759) | more than 2 years ago | (#36486302)

I think some ppl should make a mimic my doom virus that simple informs the ppl
they need to patch and until then their tcp/ip files have been removed.

Gets them off the network and educates them.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...