Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: [News] Estimated Number of Windows Zombies: up to 47 Million

__/ [ BearItAll ] on Monday 24 April 2006 15:46 \__

> Roy Schestowitz wrote:
> 
>> Malicious-software spreaders get sneakier, more prevalent
>> 
>> ,----[ Quote ]
>> | Tim Cranton, director of Microsoft's Internet Safety Enforcement
>> | Team, calls bot networks "the tool of choice for those intent on
>> | using the Internet to carry out crimes."
>> | 
>> | Estimating the number of bots is difficult, but top researchers who
>> | participate in meetings of high-tech's Messaging Anti-Abuse Working
>> | Group often use a 7% infection rate as a discussion point. That
>> | means as many as 47 million of the 681 million PCs connected to
>> | the Internet worldwide may be under the control of a bot network.
>> | 
>> | Security giant McAfee detected 28,000 distinct bot networks active
>> | last year, more than triple the amount in 2004. And a February
>> | survey of 123 tech executives, conducted by security firm nCircle,
>> | pegged annual losses to U.S. businesses because of computer-related
>> | crimes at $197 billion.
>> | 
>> | [...]
>> | 
>> | Diabl0 designed Zotob to quietly seek out certain Windows computer
>> | servers equipped with the latest compilation of upgrades, called a
>> | service pack. But he failed to account for thousands of Windows
>> | servers still running outdated service packs, says Peter Allor,
>> | director of intelligence at Internet Security Systems.
>> `----
>> 
>>
>
http://news.yahoo.com/s/usatoday/20060424/tc_usatoday/malicioussoftwarespreadersgetsneakiermoreprevalent
> 
> 
> Someday MS will be held responsible for their actions. Thats what you'd
> like to say, but its hard to say it with conviction. We all know the answer
> and so does MS, but it isn't going to happen.


I am a sufferer of DDOS attacks, which are carried out by Windows botnets.
Yet, I could never come up with a case against Microsoft or the ISP's. I
asked in the legal newsgroups and it's thumbs down.


> I really find it depressing, I'm a jolly person really, but this grates on
> me because MS weaknesses, deliberate weaknesses, are holding us all back.
> The internet isn't what it could have been by now, the security issues that
> UNIX/Linux blocked quickly, MS couldn't give a toss about. Look around you
> at your own family and friends, after a quick play with the internet, they
> drift away from it. Why? Because not everyone wants porn in their house.
> People are scared of messages such as 'This page is attempting to....'.
> People are frightened to shop, bank, put family pictures up so that sister
> in America can see them because they know that even if you have to log in
> to the picture site to see them, all of your pictures and videos will turn
> up on a search engine eventually.


Actually, that's an entirely separate issue. Search engines have meta data
and robots.txt, from which to get exclusion instructions. In the absence of
these, they are just thirsty for information, which puts them ahead in the
game (industry).

What you neglected to list among your point is the fact that 80% of the
world's spam is despatched from hijacked Windows computers. Spam has become
a deterrent for the use of E-mail, let alone the disclosure of E-mail
addresses publicly. This hinders everyone and makes people harder to
contact. No-one wants to be found by the nonsensical prolific spammer with
verbal jungle or aimless eloquence, which drains time and costs businesses a
lot of money (tens or hundreds of billions annually).

To combine the factor of search engines and flawed Windows machines, come to
consider spam which is sent from proxies (or zombies) to hit guestbooks,
blogs and so forth. The consequence is links that bear no power as they are
inclined to the <code>rel="nofollow"</code> 'link condom'.


> The Internet is crap, and its made crap because MS lack of interest in
> security have meant that many that would have used it have tried, not liked
> it or were scared to make use of it and have gone away.
> 
> If I (or someone much better than me) was put in charge of MS now, I would
> start with plowing our vast sums of money in to the security fight.


What about AIDS?


> Team One, your job is to enforce what security we currently have on our
> users, yes they will kick and scream, but this battle is real so some
> people will get hurt. Call in Symantec and/or McAfee, get the anti-v and
> firewall in at the kernel level, the users have no choice, if they don't
> accept the security MS Win will not run. (I know, there isn't a kernel to
> speak of, but they will be when I have finished).
> 
> Team Two, concentrate on the next generation MS Win OS's. Split the view,
> the application and system levels. I want three distinct parts each fully
> capable of doing it's job independant of the others. From now on MS Win
> front end will be a shell on top of a kernel. I don't care if the kernel is
> Linux,  Mac, UNIX, in house kernel or even ZXSpectrum, but it had better be
> rock solid. Every function tested with good/bad data (as programmers are
> taught to do in the first year at college, but is so easily forgotten),
> nothing at all can crash the kernel, it most always act gracefully. Then
> once ready, nothing from outside can get in there except via the API
> messaging system if the initiator has permission to do that.


The scale of the pig has made it tremendously arduous to manage. The code is
built in a non-modular fashion. 60% of the code in Vista needs to be
re-written, according to Microsoft. You are being overly optimistic here.
The only thing protecting the O/S at the moment are third-party enhancements
and the fact that all code is sheltered in a safe, away from public sight.


> Team Three. You are on our servers, make as much use of third party
> software as necessary to lock our servers security. Once bolted down, wait
> for tean two to provide the base kernal, now add the server side kernel
> services. Then add a shell to control it.
> 
> I want there to be no platform that a virus can not execute on.  No code is
> capable of automatic execution unless it is heavily caged.


What then happens to backward compatibility, which Microsoft are very
obsessed with?


> With the size of our market the only direction we can go is down, unless we
> can come up with a system that is so good that users are not interested in
> other OSs. Such a system is certainly not impossible, the user can still do
> their work and play their games, but in absolute safety.
> 
> Now we can get on and develop the internet.


Sadly, due to the prevalence of Windows and the difficulties users have
migrating away (due to shrewd lockins), Windows on the Internet cannot be
banned. Users can be fined or disconnected once their computer misbehaves on
a shared network, but you can't practice prejudice and make a policy of
exclusion for Windows. Microsoft may continue to extract the urine (take the
piss) from the Internet's butt, but as long as they possess a majority, they
will be harder to convict.

Best wishes,

Roy

-- 
Roy S. Schestowitz      | United States: #1 in spam export, China near
http://Schestowitz.com  |    SuSE Linux     ¦     PGP-Key: 0x74572E8E
  4:35pm  up 2 days  1:32,  9 users,  load average: 0.97, 0.95, 0.68
      http://iuron.com - Open Source knowledge engine project

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index