Botnets claim 7-fold increase in victims Botnets used in banking credential theft and other criminal enterprises made huge gains in 2010, claiming more than seven times as many victims as the previous year, according to a report issued by a security firm that follows the large networks of infected machines. The dramatic increase was fueled by improvements in DIY …
The government give £63m to police to combat £1.8bn+ of e-crime
NHTCU was scrapped
National Police e-crime had 20 officers (2 of them computer forensics types) at set up
UK Employers don't educate staff on security threats, and the ICO has only just got fines up and running
There is no disclosure law in the UK (e.g. SB1386), or company law requiring breaches to be reported in the audit or shareholders reports.
Is anybody surprised?
And yet in competitions OS X and Linux are often cracked more quickly than Windows.
OS X and Linux depend on security by obscurity, the same thing their proponents ridicule in Windows.
Windows has been examined and tested far more thoroughly than OS X and Linux, simply because it is the most popular OS by far.
There are bugs in OS X and Linux, just they haven't been discovered, and those that have been discovered are less likely to be published widely. OS X and Linux security depends on those bugs not being well known, in other words, security by obscurity.
but security by obscurity means that Microsoft and Apple for that matter, are hiding their code from you hoping you'll never have the chance to see the flaws thus hoping they are secure. On the other hand Linux is not hiding at all. You may say that nobody wants to look through the FOSS code for whatever reason they might have but you can't claim the FOSS community is obscuring it. It really makes a difference, isn't it ?
More useful questions are:
What precautions the average home user can take to avoid being "recruited" by a bot?
How can an average home user tell whether his/her machine has been recruited by a bot?
What can an average home user do if his/her machine is infected by a bot?
If there are no satisfactory answers *not requiring specialist knowledge or equipment on the part of the user*, then we have lost.
Actually my post is more use than you might think, but it's akin to admitting that "the Emperor has no clothes". I would hazard a guess that the answer to my question is: Windows = 100%, Linux = 0%, and OS X = 0%. So if you look at the bottom left corner of your screen and you don't see a button called "Start", then you can relax for the time being. If not, then you may well have been recruited by a botnet, and because of the insidiousness of the infections there is no easy way out of it. But all is not lost - use something other than Windows if you have a choice.
Are you trying to win prick of the year or something? Your posts are not useful in any way. People that want to use linux already do and the rest of us that want to use windows have also made that choice.
Everyone hates the apple fanbois yet somehow the linux fanbois are treated differently. But they shouldn't be, they are equally the most annoying beings known to man.
If the only addition to the conversation you can make is "derr, I are teh use linux and you well below meh cos i are amazing" then please do us all a favour and get back under your rock.
@yoinkster
Sigh, this wasn't personal until you made it so, which is symptomatic of fanboism so maybe you should look in the mirror. Actually I use all of the OSs I mentioned so I'm not particularly a fanboi. I'm just aware that a Unix/Linux system is inherently more secure and stable than a WIndows system, and it's architectural design rather than obscurity that helps makes it so. So I use Windows for things that Windows does better than Unix/Linux, and Unix/Linux for everything else, including my online activities. It's not like it's really hard to set up a Linux system for doing online stuff, takes about 15 minutes with just a few mouse clicks. Hell, even boot a live Linux CD if nothing else.
If you'd step back from your own clear windows fanboism and look at the big picture, you'd maybe see that what I said is true, although I'm not optimistic on that front. When 100% of the zombies in a botnet are based on a single OS architecture, then what other conclusion is there than it's better to avoid it if you care about your online security? This is common sense, not fanboism.
You envy them because they are free from malware and, on top of that they don't have to spend one single dime for that. I might be a Linux fan boy but I can't stop myself guffawing when my friends come to me with their pox-ridden machines equipped with fully paid Internet security suites from the McAfees of the industry.
As soon as you finish scanning your Windows PC for viruses, rootkits, trojans (man, there are millions of them!) and if you feel you're ready for a pain-free computing experience, just let us know. We'll be under that rock.
Sadly does the home user care or worry if they are? Yes they should but as long as "FaceSlap" and "Twatter" keep working, and they can sync their iPhone, what do they care?
As a typical IT techie I spend at least 1 weekend every 3-4 months fixing friends and relative's PCs, but only when they become so unusable being bogged down by crud, usually nothing as nasty as a bot but just full of plugins and background cack that keeps phoning home. Why do you think PC World make a killing "cleaning" Windows O/S at £275 a throw?!
So long as it works and allows the things they need to work, they're not that worried about much else. To most users a PC is a tool, like a drill, an iron, a TV or even their car, so long as it works, so what!
The usual precautions about always using an anti-virus, maintaining all the security updates, not visiting untrusted site, only running reputable software from reputable sites.
Since bots are being designed to not disrupt the computer they are installed upon, there will be less and less sign of bots being installed as black hat technology improves.
It is possible to remove a bot, but not for an average home user.
We are not lost. Acting individually, we can't defend against muggers and blackmailers. Individually, banks can't prevent their vaults being penetrated. We haven't figured out how to manufacture vandal proof battle tanks yet.
But as a society we can use criminal investigations and the justice system to put muggers, blackmailers and bank thieves behind bars.
And the people who design and distribute cracking tools are more like those who break into bank vaults or pick locks. There are not that many people with both the expertise and the lack of morals. It is a matter of putting a few hundred hackers behind bars. The prospect of being behind bars will act as substitute morals for the remainder of the designers.
Fundamentally we need to break the economic models used by the scammers. They have actually managed to do that for the stock-market pump-and-dump scammers, and you may have noticed that there is almost no stock market spam these days.
Even though the credit card scams are potentially quite profitable, I think that they are mostly being handled by the banks. Not completely effectively, but there are two important points here. One, there are plenty of laws on the books and we are reading reports of the arrests. Second, the banks are basically obliged to protect the victims from the fraud. If not, people would become too afraid to have credit cards, and the banks certainly don't want to lose that part of their business.
There are new threats from identity fraud, but so far they have not become major problems. Again, I think the economic factors predominate. It's hard to steal an identity that has value that can be converted into cash for the scammer. There's also the problem of coverage by existing fraud laws.
That leaves the old-fashioned email spammers who need those zombots to spew their garbage and sustain the illusion of dividing their costs by zero. Their broken economic model is to throw the very real costs on other people, and if another million spams finds one sucker who sends $27 for herbal viagra, then they think the RoI is infinite. There also seems to be increases in the spam for the old 419 scams.
The best way to break those old economic models is with simple math. There are LOTS of people who hate spam. There are only very FEW suckers who send money to the spammers. We need better tools to let the MANY people get between the spammers and their victims. I firmly believe that Google could do this--except that I also think Google has already become so evil that they've reached a 'comfortable' equilibrium with the spammers.
Most PC users are interested in security otherwise the botnets would be far more successful.
There are so many PC users out there that it is really a small drop in the ocean.
You can't also lump social engineeering - such as 491 - in to the equation as they are not O/S dependant, only the security build of the nut on the keyboard.
Law enforcement needs to apprehend the creators and users of this malware.
There is no way for humans to author infiltration proof general purpose operating systems plus a variety of complex applications. Heck, we can't even make infiltration proof firmware for our hard drives.
We do need to keep trying to make better software, software that requires more time and expertise to crack.
But that will be pointless unless law enforcement takes action to apprehend those trying to crack our hard ware and software.
We need to put black hat hackers, and their business partners, behind bars for several years.
Sure, we'll check your computer for speed, back up your head drive, file your taxes, let you make calls through the net, even make a legal will - all for free. (Of course, we will use your computer to sell porno tapes, sex toys, prescription drugs without a prescription, and imitation Viagra without your knowledge). What did you expect when you use free services ? Someone has to pay for them. Stop whining.
Grenade - for the freetards who let their systems accumulate malware and trojans by using dodgy free "services". They can have the grenade - I'll keep the pin.
This article points out that the "the biggest spam network with an estimated 250,000 zombies"
In another article a few days ago http://www.theregister.co.uk/2011/02/14/internet_crash_cyberweapon/ It says that "Attackers would be required to have a botnet of about 250,000 infected machines"
So if we add these together does this mean that the SPAMMERS have the means but not the know how to take the Internet down??
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
