i hope
that the guy lunch a total attack to microchoff in response.
i would like to wacth a cyberbattle of that magnitude.
i could not care less of the fate of both side.
Microsoft is offering a $250,000 reward for information that leads to the arrest and conviction of the virus writers behind the infamous Conficker (Downadup) worm. The bounty, announced Thursday, represents a revival of Microsoft's mothballed Anti-virus Reward Program, launched in 2003 and virtually moribund since 2004. In …
How about they secure their flawed operating system(s) instead of offering a "reward" for someone who simply manages to show how badly written / insecure it was ?
When it comes to updates, i'd love to see a court rule that Microsoft need to send a free update CD to *every* registered user for each and every security flaw - they'd take a whole different approach to security after that !
"the possibility of betrayal will give the authors of the worm pause for though before they activate the monster botnet their malware has established."
What have they got to lose? May aswell deliver a devestating package as opposed to a profitable one.
On the plus side if the author nukes 10 million systems just think about all the windows vista licenses MS will be able to push.
"Microsoft is partnering with security researchers, the Internet Corporation for Assigned Names and Numbers (ICANN), and operators within the domain name system to disable domains used by Conficker"
So all you have to do is program a botnet worm so it can be controlled by the domains you want to get disabled. Then blackmail the owner of said domains to get these removed from your list.
Good to see that MS' virus protection involves waiting for the virus to infected millions and then try and find the guy that made it. Most companies would just fill software holes quickly and maybe even develop an embedded antivirus that works, but it's good to see that MS do it the modern way.
Linux isn't actually that hard nowadays - try booting from a live linux CD (I use Ubuntu) and see if all your hardware works first of all (if it doesn't you'll know where you might need to investigate further before installing to enable a smooth transition).
It might "sound" hard for a new user to get to grips with, but if you install it alongside windows using the wubi installer (the middle option in Ubuntu if you put the CD in while windows is running) and dip into it regularly, you'll soon get the hang of it - I often go a couple of weeks without loading windows on the laptop i'm currently typing this on.
There can be some "tricky" issues with some hardware - for instance I can't get this laptop to suspend and resume when I shut the lid - but it boots quicker than Windows anyway, so I can live with shutting it down (takes ~10 seconds) and booting up again as needed. For many people everything just works as you'd expect without any hassle at all.
From a Windows users' point of view if the hardware is working ok, the hardest thing is probably getting to grips with the names of different applications so you can install them.
Some "problems" may need what look like messy command line entries, but you can usually find help with the exact command you need to enter via google, but you may well find you don't need to use the command line (aka terminal / shell) at all.
Nearly all of the machines (Close to %97) are pirated copies that have had code checking hacked out of them to circumvent the activation process, which means that any update code will be useless on those systems, so its not that the code is written badly, its the code used to exploit.
@Joe - If MS was to include an Anti-virus into the OS then the EC will be up their Ass in no time complaining that they are destroying competition, at which point all the Rabid Fanboys will be saying how evil Microsoft is, etc. BTW there is an anti-malware application in the OS already the MSRT, which has had the code to protect against [Conflicker, downadup] since Nov of last year, people just didn't appl it in time to prevent infection.
Legacy code, legacy attitudes, and legacy skills.
Didn't I once read a comment from a Microsoftie to the effect that Windows now comprises some 4 billion lines of code and no one really understands it all?
Then look at the security hole last year related to the handling of WMF files (Windows Metafiles, a graphic file format). Turned out the code goes all the way back to Win3.1 and has been retained in every version of Windows since then.
It's quite clear to me that the Windows kernel is mal-designed and only by rebuilding the beast from the kernel on out is there any hope of achieving a secure version of Windows.
But even that wouldn't help because the Microsoft mindset wouldn't change: the marketers would still be allowed to interfere with technical issues, as would the Hollywood studios. Microsoft have neither the skills nor the warm bodies to rebuild the beast from scratch. Yet that appears to be the only solution to the unending discovery of holes, holes, and more holes.
Let's face it: Windows has long since passed its best-before date and is now so old it's moldy. And, to continue the food analogy, toxic as all get-out.
The funny thing is that the Unix kernel (and that of it's kid cousin Linux) seems to be pretty close to bulletproof. Yet Unix is considerably older than Windows.
Is it possible we can blame a lot of the Windows mess on Bill Gates' inferior programming skills?
You're right, Linux is much easier these days, so that just makes it bloody unpleasant as opposed to arcane and requiring you to sacrifice a live chicken so you can drip it's blood onto the keyboard while you recite the magic incantations.
Seriously though, even Ubuntu (which I use alongside a couple of Windows boxes) still requires the magic chicken waving every now and then but it comes on a live CD with a couple of handy sachets of ready sacrificed virgin chicken blood just to save you the trouble of having to run out in the middle of the night and hunt down a chicken.
As for Conficker, I'm still seeing new infections on sites that should know *much* better... No patches applied, no internal policies to prevent users introducing it to the network and antivirus that's not had a working update mechanism for *months*.
Paris, I'm sure she knows more about safe Hex than some of the muppets who set site update policy or don't bother checking their AV is working correctly.
with this comment you hit it on the head :
"Linux isn't actually that hard nowadays - try booting from a live linux CD (I use Ubuntu) and see if all your hardware works first of all (if it doesn't you'll know where you might need to investigate further before installing to enable a smooth transition)."
SEE IF - average users don't deal with SEE IF , they deal with SEE.
"It's quite clear to me that the Windows kernel is mal-designed and only by rebuilding the beast from the kernel on out is there any hope of achieving a secure version of Windows."
They preety much did , lots of work went into changing it on vista.
and don't forget no-one fully understands the linux distro code either, otherwise it wouldn't have taken years to fix something with keys not being generated, which stayed so long cause sod all people understand it enough to work on it.
"So what will you monkeys have to say when Linux finally gets to MS's market share and now you are the insecure OS. Security through obscurity is not security."
1. I doubt it ever will (not necessarily a bad thing) - are we counting BSD/OSX as part of that said market share, BTW? ;)
2. Yeah, you're right, the Linux security model is based on it's obscurity....apart from it's majority presence in the web server segment which last time I looked, was quite a large one... ;)
Considering that the guys who originally started the whole UNIX thing off didn't have sales & marketing depts yammering in their ears about focus groups and the user experiance, etc it's no surprise that it was a decent system to build upon.
Just an observation though where are the apple fanboys ?
What do you mean "Security through obscurity" on Linux?? It's all open source and peer reviewed. If a flaw is found then it is reported and fixed pretty damn fast. I'm glad you agree that Linux will get to MS's market share.
I'm with Daniel Garcia and would like the "wanted dead or alive" guy to launch an attack on MS, that'd be funny.
"Is it possible we can blame a lot of the Windows mess on Bill Gates' inferior programming skills?".... By RW Posted Friday 13th February 2009 01:27 GMT
RW,
I think you will find that Bill has always said he is first and foremost a businessman, so one cannot really blame the Windows mess on his inferior programming skills, but more accurately on his sub-prime business acumen...... and things appear to have changed not a jot on the Microsoft bridge even Bill has supposedly moved on to better things.
I agree - Chalk me up as another smug Ubuntu User!
The install IS painless and very quick. I just kept a dual boot until i found the scripts i needed to get Ubuntu online (Hardy Heron) via my phone, and since I reclaimed all of my hard drive back for use with Ubuntu I haven't looked back.
And given the amount of praise i hear from friends and family that also switched to Ubuntu it's definitely onto a winner!
Advice for current windows users: start learning. If my parents and children can use Ubuntu so can you!
Not much for the guy who wrote the worm itself. Who, lets be honest, IS the person doing the crime.
Odd.
He should be executed. That'll make these to**ers think again before causing so much grief.
Oh, and I use Ubuntu btw.
And as to the people who want he/she to go ahead and activate...given what might happen are you happy to help pay for the millions of pounds lost because of it? In taxes (Government systems go titsup), insurance (insurance companies systems go tits up), defence (RAF already infected) etc etc etc. Trying thinking of the consequences before asking for things like this - they might not be *really* what you want.
re: Paris, I'm sure she knows more about safe Hex than some of the muppets who set site update policy or don't bother checking their AV is working correctly.
Call them Lemmings, who after years of abuse [yes/no/maybe] [error 35654@54] [contact your system administrator] they figured out that just clicking on something till it maybe works, is the quickest solution. reading the given information is proved to be a loss of time ..... .
Result, switch off updates (you cannot always trust them), remove anti-virus programs else you cannot access your favorite word document of music stick without those annoying messages and overkill popups.
re: I think you will find that Bill has always said he is first and foremost a businessman, so one cannot really blame the Windows mess on his inferior programming skills
That is oh so true, business first, if the product works for you, be happy, if it does not .. wait and pay for the next update. MS does really care about NOT having high quality, else they will never be able to sell an update or new version, and THAT is bad for business.
(yes, there are OSses out there that you install once and forget for the next xx years, like some Novell servers, IBM flavors and that does not make money, thus VERY VERY bad for business)
re: $250.000 ...
What an awfull cheap offer, but again business is MS-business, they don't really care about 250k, but it covers the FREE advertisement/name-recognition in several magazines, newspapers, etc
As long as MS does not loose $$$$$ they are not really trying to invest $ in training users/administrators to keep their systems running clean.
They rather sell you a new update/version,whatever
For me:
I prey that MS does not go down, because all the sh$t that comes with them makes for me $$ to fix it, and that pays the bills.
But at my places everything is MS free, so i have at least some place to work relaxed without being afraid for the next crash.
My coat .. filled with OS/2,OpenSuse,Ubuntu for relaxed work and a xp-ue copy to make $$
to capture Bill Gate ... because he let it happen.
Ballmer is taking the P. BG is worth a little bit more.
@Rob Crawford: I'm here but I shut up, because it good monies for me even if I have to put with the RDC pooh to access M$ crap. I'm drinking heaven smoothies at the moment so no inclination to rant ;o)
The article is fairly unremarkable but the pictures are of outstanding quality: First, "anyone with information is urged to contact the police" - and a good way to find such information might be to go looking for fingerprints with a magnifying glass, for example. I'm not sure which is worse, this or one of those nonsense "cyberspace" graphics. Secondly, "Millions of computers have been hit by Conficker" - and as this photo of discarded electronics shows, the only way to deal with the virus is to throw away your monitor, keyboard and/or TV now! I'm not sure what to say about the other two pictures, as they appear to just follow the BBC norm of adding essentially no value or information to the article, and have no real humour value except in this respect. Anyway, article here: http://news.bbc.co.uk/1/hi/technology/7887577.stm?lss
"Bull, I mean Bill, may claim to be a business man, but what he really is is an astute poker player, just like he was back when he dropped out of college." ..... By Tom Posted Friday 13th February 2009 14:26 GMT
Thanks for the info., Tom. It has raised the Game to a higher level, knowing he likes to play poker and take chances/calculated and/or calculating risks.
You wouldn't happen to have his email address, would you, just in case I wanted to tempt him with some aces to bankrupt the casino and/or take it over.
Good astute poker players are as rare as hens' teeth and thus are able and enabled to command and deliver a priceless premium to elevate the stakes to something worth playing for/losing.
Their was malware before Conflicker and their will be after. Just because someone was smart enough to take advantage of an idiot who will click on anything is no reason to get your panties in a twist. The problem is between the seat and the keyboard.
You just can't fix stupid!
"Linux isn't actually that hard nowadays - try booting from a live linux CD (I use Ubuntu) and see if all your hardware works first of all (if it doesn't you'll know where you might need to investigate further before installing to enable a smooth transition)."
Dude I appreciate what you're trying to tell us, but hardware problems PLUS command-line just isn't where it's at for a lot of people. And that's assuming that a solution actually exists - they could go through all that only to discover, as I did, that there was no way to make the stupid thing work correctly. Printers in particular were troublesome, computer wouldn't sleep, monitor wouldn't sleep and couldn't be set to anything higher than 1024 x 768 (all those things worked just fine under Windows), and then if a person still has some energy left over they can try to figure out how to properly and *safely* set up a good Linux firewall without a bunch of complicated-sounding iptables stuff that require animal sacrifices on the night of a full moon. ;) Just too much for the normal user to deal with. Linux had better continue to improve, and fast, otherwise Windows or Mac (not sure which is worse - I use both) could yet overrun the world.
@ AC:
"...this photo of discarded electronics shows, the only way to deal with the virus is to throw away your monitor, keyboard and/or TV now!"
LOL that's funny... and sad. The person who selected that BBC clip-art probably is the same type of dimwit who has always thought the monitor *was* the computer - you know, like those people who get mad at their computer so they shoot the monitor, or toss the monitor out the window, while the computer tower sits under the desk untouched. Looks like the BBC pic is predominately old CRT monitors...
And what's that dark thing on the right side, could that be a... a... large old black electric TYPEWRITER??! I'll have to get my glasses...
I heard a radio interview with some Microsoft spokesman or other (I was driving down the M4 at the time so missed the name) - and he said two things:
1. That the flaw had been patched, and those affected hadn't updated.
All fair enough.
2. Microsoft is the only company that automatically sends updates to its users - every second Tuesday.
Now this is at best misinformation - at worst an outright lie.
How many anti-virus (and other) vendors out there auto-update daily (if not more often)?
How many Linux distributions do exactly as Windows does and tell you there are updates available?
The simple answer - not just Microsoft. So was this a poorly briefed spokesman, or pure and simple untruth?
(Aside: when did "Patch Tuesday" become "Patch every other Tuesday"? I must have missed that announcement - I'm surprised it wasn't trumpeted all over the media as a great leap forward in security)