Botnet networks of compromised PCs are responsible for 87 per cent of all spam, according to figures released by Microsoft at the RSA Conference on Wednesday. Adrienne Hall, general manager of Microsoft's Trustworthy Computing program, told delegates: "Botnets are the prime suspect in cybercrime, the core of the threat." Hall …
And their vunrabilities
are responsible for many of those PC's being infected in the first place.
Be fair. If Linux had Microsoft's users, they'd be surfing as root.
Obviously Linux software is much less keen on automatically executing data, so these users would have learned the noble art of "following instructions" on web sites, such as "copy and paste these commands into a shell prompt: 'sudo ...' ". But they'd do whatever it takes to let the bad guys take over their machines, because the bad guys are actually quite smart these days. An owned machine carries on working just fine, and the former owner is rewarded with some lame porn, so everyone's happy. If you switch to Linux, the porn sites stop working. Where's the incentive in that?
I think there needs to be, either at the ISP level or higher simple tools that people can use to see if their machine is sending out SPAM. I can't be that difficult for an ISP to profile its users by the amount of traffic on port 25 (or maybe secure SMTP, which I can't remember the number for), and then maybe look a little more closely at the people who are sending unreasonably large amounts of traffic.
Presumably at the higher level, people do notice the IP addresses where much of this traffic is coming from, and there could be a web site like, amIazombie.com or something, which looks at your IP address (in the same way bandwidth checkers do), compares it with a list of known bots/zombies/whatever you want to call them and says yes or no.
Or am I wandering around with my eyes closed and these already exist?
Tux, 'cause there's less chance of a Linux machine being got :-)
Or better still
Wouldn't it be nice if ISPs were more proactive and reminded their customers of the importance of suitable software to protect/prevent (and clean if required) their computers.
Or even made such software more available/affordable* through discount schemes.
It must make some sense to them in that fewer zombies on their network would mean less traffic from the spewing of spam, and more bandwidth available to their customers who might then see performance improvements and less likely to swap to another supplier in the fruitless search for the holy grail of the download speed alleged in the adverts.
(sort of crossed two themes together there - hope it's still understandable)
*yes, I know the cost of AV software is bugger all compared to the cost of losing your computer or having your bank account raided but people are funny like that. Most people wouldn't have their cars MOTed if it wasn't law.
OK In Theory
In my experience no software will ever compensate for users who engage in risky computing. People who download any free software they see or people who click those "Free Malware Scan" links will always get pwned no matter how many layers of protection they have. The most important security tip I know is teaching people to beware of anything "free."
I do think it would be nice if ISPs contacted people and said, "hey we noticed you sent 25,000 emails yesterday, did you mean to do that?" but the problem is that it's not that easy to spot on the outbound end. At the incoming side its typically all on 1 or 2 known ports. At the sending side the mailbot is probably using thousands of different random ports so the ISP would have to do deep packet inspection of all traffic and I can't support that, they will not be able to resist abusing your data.
Ancient history at this point. The world has moved on.
Strange wast of ones and ohs.
You must remember, many "infections" are of the scareware type:
"your computer are infected!!! click here to remove"
Run, Save, Cancel -> Run of course!
"Only run programs you trust. Are you sure you want to run this program?"
Thus, the virus ends up being stuck in Application Data or Local Settings and lauched on startup. The vulerabilities you're referring to are most likely the drive-by-download type that use a flash/reader vuln. Few infections I've seen of late are triggered by a true hack/p0wn, but rather are targetting gullible users. Why? Because it's easy to do, and it works remarkably well.
Large but lethal Microsoft is biggest junk mail facilitator
News! All the News.... Several years old....
'Adrienne Hall, general manager of Microsoft's Trustworthy Computing program, told delegates: "Botnets are the prime suspect in cybercrime, the core of the threat." '
Microsoft wayyyyyyyy behind the curve as always.
What else do you want to tell us? The earth is round? The pope is catholic? Kissing makes you pregnant?
It's nit-picking, I know, but...
"What else do you want to tell us? The earth is round? The pope is catholic? Kissing makes you pregnant?"
The first two suggestions are true. The third is false. The overall effect is, erm, amusing.
Nice start MS!
Nice going MS. Shame that idiot users still download and run pretty much anything that dances across the screen though. Almost as bad as the gov run computer training centre for those not familiar with the interwibble I had the misfortune of being introduced to today. They actively recommended no security software at all since "it's not needed" and slowed machines down. Groups like this, and idiot users need controlling, to make the world safer for everyone else.
Sadly as Einstein said, the limits of human stupidity are without limits. Much the shame :(
More from the Department...
.. of the Bleeding Obvious.