North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Fixing stuff (was Re: short Botnet list and Cashing in on DoS)

  • From: Stephen J. Wilcox
  • Date: Sat Oct 09 10:23:13 2004

On Sat, 9 Oct 2004, Sean Donelan wrote:

> Why don't people want to fix their computers?  And even worse, why are
> so many people unsuccessfull fixing their computers? 

I had a thread on this a month or two ago (i think it was nanog).. the simple 
answer that I find is they just dont care and/or are incapable. 

They dont care in that for many people, providing the computer still works, 
you're not getting charged (like you would be for pbx hacks) and they dont 
consider their PC to be critical to their daily lives they have no motivation to 
find the information and start to care.

And they are incapable in that many recent worms/malware have spoofed being from 
authorities such as banks, microsoft, their ISP and they cannot distinguish 
between real and spoof and therefore ignore it when windows pops up to tell them 
they need to install the latest security patch. Coupled with this, they dont 
understand what virus scanners, firewalls, security patches are and think that 
by having one of these it will (a) be an all round security solution (b) not 
need their intervention to setup and maintain it.

> If virus writes are smart enough to infect their computers with one-click,
> perhaps the good guys can come up with ways to fix their computer with
> one-click.

Of course the good guys are constrained by the law which the bad guys arent, we 
have seen instances of worms designed to close holes on computers but they are 
illegal (and didnt work). 

Also, the good guys always seek user authorisation (eg the window which pops up 
asking you if you want to install the latest dat) and I suggested above this is 
problematic for several reasons (user confusion, not wanting to install at that 
moment etc) .. the bad guys just go ahead and infect - and usually their payload 
is tiny compared to the Mbs we have to download each month in defenses.

And of course, the final blow .. our OSes and apps will inevitably have holes in 
them, thats a consequence of complexity and I'm not sure how you can overcome 
that even with much more stringent testing and programming rules.. some of these 
hacks are pretty damn clever, abusing systems and having one system exploit a 
weakness in another system (eg using IE to circumvent OS security levels) in 
ways their designers never imagined and catered for. You only need to find one 
chink in the systems to produce malware but you need to find all the bugs to 
produce security apps.