Federal authorities will not seek a further extension to a DNSChanger safety net, meaning an estimated 360,00 security laggards will be unable to use the internet normally unless they clean up their systems before a 9 July deadline. DNSChanger changed the domain name system (DNS) settings of compromised machines to point surfers …
If you think about it.
"DNSChanger changed the domain name system (DNS) settings of compromised machines to point surfers to rogue servers – which hijacked web searches and redirected victims to dodgy websites as part of a long-running click-fraud and scareware distribution racket."
Considering all the website that beg their users to "please click on our ads" it becomes apparent that clickfraud is one of the basic bulwarks of the internet. I understand that this is probably not in accordance with any enacted, legal definition of clickfraud but it's clickfraud nonetheless.
When they first set up the alt DNS servers they didn't actually have the balls to deadend the DNS requests to a holding page (with limited onward links to removal sites))until the virus was removed? No fix no useful Internet.
Harsh but fair in my book.
Then again I wonder how many of these machines are lightly used mail servers and the like that don't have active browser sessions?
I had to clean up a network infested with this recently.
Had their internet been dead-ended like you suggest, the people whose network it was would not understand the page they'd been given. No matter how readable and easy to follow you made it, it doesn't matter.
Their internet would have been broken, things not working as expected, simple as that. Their ISP would have gotten called, with all due 'table-meet-fist thumping' and 'I want it fixed now' threats, when there would be nothing the ISP could do.
Honestly, doing what Google and now Facebook are doing is far more effective, because it gets people to notice there's a problem - they didn't understand the instructions posted and asked me to come take a look instead. People don't care why something isn't working, they just want it fixed quickly and easily.
So.... what's your answer? "What Google and Facebook are doing" has been doing for a non-trivial amount of time. Those that remain infected are so oblivious that it's not cleaning up more anymore. That's the whole point. These at the fist-thumpers you talk about but I don't see options other than forcing them to fix it on the pain of firing them as a customer. And no, you DON'T need every customer you can get because if they're too expensive to keep over this, they're costing you money in other ways already, that your management may or may not see as obvious, but will come out in the end. And, clearly, there's 360,000 of them spread all over the world, so they're obviously not all yours.
People who own/drive cars are expected to keep the tyres inflated, check the oil level (+ change it every 15000 km or yearly), keep enough gasoline in it to keep going -- all this while circumventing potholes the size of a moon crater and pesky pedestrians.
Certain precautions have to be taken when hooking up to the internet. That is unlikely to change. If I send your clients an e-mail with an executable attachment, they need to understand the risks involved in saving that attachment and play with its contents (no matter how many naked boobs I promised them in the e-mail).
Some tough love now might save all of us some major headache in the future.
Meanwhile... Last week I sent a colleague a link to dilbert.com. MSN blocked the URL until I prepended "www." to it... I fail to fathom what events must have taken place for someone to introduce such a moronic block. (a few years ago it blocked URLs containing "download.php" -- sigh).
Which part of you and your colleagues email system uses MSN o_O?
They can see who is hitting their DNS, why not contact the company next along the line.
If they contact the end users direct it will cost a packet and no one will believe them.
But give each ISP a list of users (ok, IPs vs timestamps) and remind them they need to get their users sorted or their phones will be ringing constantly on switch off day.
But as time draws near, its a little too late.
Charlie Stross has it right
Having suffered only one unintended malware infection (my own stupid fault and a strong lesson learned) in 18 years of internet use, it used to be my position that users who fell victim to these things had nobody but themselves to blame. That the net was a lawless frontier where only those with experience and savvy and a healthy streak of paranoia should be comfortable.
To some extent that's still true. But given how everyone from individuals to organizations and governments have been encouraged to throw their entire existences onto a web that was doomed with security holes from the start, I wonder if it's fair to blame users any more. It is more or less impossible now for anyone in the West to live their life "off the grid". Internet access has become a utility, and almost a life essential, in the same way as gas or water. Is it any fairer to expect end users to keep on top of IT security news than to expect fridge users to understand how heat exchangers work? They've been sold a product, and their expectation is that it should work, and that they should be able to call on someone to fix it when it goes wrong.
I used to call that attitude ignorant, even stupid. Now I'm not so sure. Many of these people didn't ask for all this technology to become part of their lives in the way we early adopters did. But now it's there anyway and they're stuck with it, and the consequences of its shortcomings.
Go back and read the first two paragraphs of this article. It reads like the opening prelude to a Gibson or Suarez novel. But this isn't speculative fiction like it might have been just a few short years ago. This is the world. Everyone's world.
In a recent intervew Charlie Stross stated, "The world we live in is the future of the 1980s cyberpunks. This is not necessarily a good thing."
Situations like this ongoing DNSChanger SNAFU just underscore that point. Those of us who dreamed of living in this sort of future are no doubt loving it. But for everyone else, forced to live in it just to get by, many aspects of it are clearly not "a good thing."
Re: Charlie Stross has it right
"They sent a slamhound on Turner's trail in New Delhi, slotted it to his pheromones and the color of his hair. It caught up with him on a street called Chandni Chauk and came scrambling for his rented BMW through a forest of bare brown legs and pedicab tires. Its core was a kilogram of recrystallized hexogene and flaked TNT."
Signed off by a colored progressive POTUS wielding a Nobel Peace Prize.
Re: Charlie Stross has it right
"Is it any fairer to expect end users to keep on top of IT security news than to expect fridge users to understand how heat exchangers work? They've been sold a product, and their expectation is that it should work, and that they should be able to call on someone to fix it when it goes wrong.
I used to call that attitude ignorant, even stupid. Now I'm not so sure. Many of these people didn't ask for all this technology to become part of their lives in the way we early adopters did. But now it's there anyway and they're stuck with it, and the consequences of its shortcomings."
Hang on a minute. No, people don't need to know how heat exchangers work to own a fridge. But if it breaks they should expect to have to buy another. People who buy cars expect to pay to have it serviced. They expect it to break if they don't bother servicing it (or at least they should). Yet they expect computers, which they don't understand, just to work forever?
As for technology being part of people's lives, yes it is. But it doesn't need to be. People don't need to be on twatbook every waking minute. Outside work, nobody actually needs computers. They help, yes, but they're not necessary.
Most people who do have computers only use them for the web and web-based stuff anyway, which is why locked-down tablets, phones, and games consoles work well for most people and they're willing to pay a premium for them, just as people who can't cook are willing to pay for shitty ready meals.
Re: Charlie Stross has it right
"Hang on a minute. No, people don't need to know how heat exchangers work to own a fridge. But if it breaks they should expect to have to buy another. People who buy cars expect to pay to have it serviced. They expect it to break if they don't bother servicing it (or at least they should). Yet they expect computers, which they don't understand, just to work forever?
I don't think it's that they all expect them to work forever, although some do, I grant you. And they think that you volunteering to fix one problem gives them free lifetime support for everything else, but that's a discussion for another day.
The problem is that a brand new fridge can still pack up after a week. A newly serviced car can still break down. And a well-maintained computer can still fall victim to a subtle drive-by or a zero day exploit. The difference is that people know when, and to a certain extent understand why, their appliances or vehicles have gone wrong. The food spoils or the wheels won't turn. It's different with IT, and especially well-crafted malware. The thing does keep on working, at least as far as the user can see.
That's part of why it's so difficult to understand. Telling someone their machine is infected with something that could be causing damage to others, and may already have compromised their credit card details, is often met with incredulity at best and indifference at worst. Because they don't understand, and in many cases can't understand. When their fridge breaks it doesn't spoil next door's food. Problematic cars don't sneak off in the middle of the night, infect other cars with the same defect then return to the driveway looking all innocent.
Computers do. And you need a reasonable level of knowledge to understand why they do. Is it fair to expect every user to have that level of knowledge? I used to believe so, but now I'm not so sure.
"As for technology being part of people's lives, yes it is. But it doesn't need to be. People don't need to be on twatbook every waking minute. Outside work, nobody actually needs computers. They help, yes, but they're not necessary."
We're in a transition phase, so right now there are perhaps arguments to be said for that. But it's changing all the time and the pace of change is increasing. Are computers necessary? Perhaps not for everyone, depending on how you define necessity. But many of the things they allow us to do are certainly convenient and the inconvenience of not having access to this technology, even at home, is becoming more significant every day. Schoolwork, bargain hunting, local government administration, customer services, service contract renewals. All things that can be done without access to the internet but for which the internet offers a much more convenient, time-saving route.
Very soon that convenience will transition into necessity. Doing things online is convenient for the parties at both ends and costs less, which makes such a transition inevitable. It's already here for a lot of cases. Have you tried shopping around for motor insurance without a browser recently?
Not everyone asked for this, but it's what we got.
"Most people who do have computers only use them for the web and web-based stuff anyway, which is why locked-down tablets, phones, and games consoles work well for most people and they're willing to pay a premium for them, just as people who can't cook are willing to pay for shitty ready meals."
That's certainly true. Tablets are definitely the way forward in the short term, and although their target profile for the bad guys is increasing as they become more popular, the more security-conscious operating systems that they ship with are helping to keep the problem to a minimum for now. At least compared with the free-for-all that exists on the more traditional platforms.
But tablets aren't without their own issues. I argued here that Apple's choice to go for a simplified, non-configurable, pretty user experience on the iPad may ultimately shift the bad guys' focus away from clever malware and back to good old fashioned social engineering. I'm still not sure which way that's going to play out.
Re: Charlie Stross has it right
I do have to ask, is "colored" really necessary? Unlike everything else in that description, it has no purpose and brings up an irrelevent point that normally is only negatively contexted. After all, the rest portrays him as a hypocrite. His ethnic background is irrelevant, and since white is still a colour, I fail to see why it matters. Unless of course anyone here thinks Jimmy Carter is the lord high executioner of drones. With apologies to <a href="http://www.cagle.com/2012/06/the-lord-high-executioner">Malcolm Evans</a>
Products or Appliances ?
Who's to blame for these things being treated like appliances that 'Just Work' tm ?
I could quote reams on how things used to be, and ought to be now, but instead I'll just stick with the lack of proper training (it costs too much money ....)
Re: Products or Appliances ?
ahhh yes, the good/bad old days....
I remember the days of computers before plug and play (pray), when you had to set jumpers on cards, and set addresses and interrupts in autoexcec.bat.... the days when you had to understand what your computer was doing to get it to do anything....
once plug and pray came along, along with windows xp, then the great unwashed could start building and installing windows on the computers and found warez sites for "free" software....
All without learning to walk before they can run....
there should be some sort of test, like a driving license before anyone is allowed to use the interwebbynet... it would make everyones life a lot simpler !
@Marty: I also used to be very much in favour of an "internet driving licence" ... until Big Brother started talking about it, and I realised that it would also mean the end of anonymity. Not good.
- World's OLDEST human DNA found in leg bone – but that's not the only boning going on...
- Lightning strikes USB bosses: Next-gen jacks will be REVERSIBLE
- Pics Brit inventors' GRAVITY POWERED LIGHT ships out after just 1 year
- Facebook offshores HUGE WAD OF CASH to Caymans - via Ireland
- Microsoft teams up with Feds, Europol in ZeroAccess botnet zombie hunt