MS doing good?
Wow... MS doing something that is actually useful for people. And for no money...
A federal magistrate judge has recommended that Microsoft be given ownership of 276 internet addresses used to control “Waledac,” a massive botnet that the software company has been working to bring down. The recommendation by Magistrate Judge John F. Anderson of the US District Court for Eastern Virginia is a victory in …
Shouldn't ICANN be pulling domain names used to control botnets without anyone having to tell it to do so? The legal system, after all, can take days or months to do something. The response to attempts to compromise computers should, ideally, take place in microseconds - as fast as possible, at least, to minimize the damage done.
"Shouldn't ICANN be pulling domain names used to control botnets without anyone having to tell it to do so?"
How would you like that if you had invested years of you life and thousands of £ in developing a site to find it on a large list of names which spammers program into a bot and which will enable the zombies to be controlled by malware if such were to run in future on your clean and legitimate site ? Sorry, it sounds like a nice idea, but you would make every legitimate and honest site potentially blackmailable or capable of being DOSed by those with criminal intent regardless of anything they could do about it.
Change that to a policy of having a domain name capable of being temporarily suspended if provably misused for long enough without the WHOIS registered domain owner responding to complaints to remove the malware e.g. command and control software active on their website, and this is more likely to be supported by domain owners who have invested greatly in their brands and Internet presence. But that is not going to be an instant process.
Even that isn't simple, because supposing there are a million sites hooked off different subdomains of example.com each seperately managed and one of these, averybadone.example.com is used as a Botnet C&C server, are you going to suspend the entire domain: example.com or have some process where the owner of example.com is asked to suspend averybadone.example.com within a given response period ?
Also, supposing each DNS zone in a label chain of say a.b.c.d.e.f.example.com were given a reasonable response period of say 2-3 weeks, doesn't that give an arbitrarily long time for the spammers to relocate ?
The terms and conditions of using the Internet would include giving up your right to sue ICANN about this sort of thing. (Basically, ISPs sign something that makes them make you sign something.) But ICANN would exercise due discretion to avoid putting legitimate businesses off the 'net - and if a slip-up is made, a system would have to be in place to ensure that no outage lasts for longer than a few minutes.
Of course, legitimate businesses in Russia might find clearing up issues a bit more awkward than legitimate businesses in the United States. When we can trust their government to truthfully tell us who the legitimate businesses really are, though, that problem will go away.
What I want is improved anti-spam options that will at least give me the feeling that I am doing something about the spammers. I'm thinking about something like SpamCop, but with more rounds of iteration, including human confirmations of the targets, and pursuing more of the accomplices and victims. For reference, SpamCop just traces the source and sometimes finds the host of the spammer's website. I think it should go after harvesting and reply email addresses, link redirectors, and Joe job victims (as in the legitimate companies whose reputations are slammed by the spammers).
Spam is clearly the #1 problem of the Internet. I'm not saying that we can or should eliminate all bad behavior. I'm just saying we should keep the bad people crawling from more visible, profitable, and annoying rocks to less comfortable rocks. You'll never convince me that spammers don't live under ugly rocks.
Back in the 1990s I was lobbying for ISPs to get together and come up with different MTA protocols that would not allow spammers to hid behind anonymity or forged headers. None of them saw it as their job.They, of course, were quite happy to make money without actually doing any work. A more responsible attitude then might be saving us a lot of grief now.
We won't crack security problems while we are still using code designed for ARPA. Perhaps the time has come (is overdue) for the CCITT or some other telecoms body to define a new method of sending/recieving email that cannot be abused like this. It would not be so hard to migrate everyone: people interested in avoiding spam would be the trailblazers, and I reckon in 2 years pop3/smtp would be as dead as fidonet.
Good things MS has done:
1. Jiggered Waledac
2. "Freecell"
3. Err...that's it I think
As for disinfecting...perhaps if Windows wasn't the Swiss cheese of OSs it wouldn't have been so easy for the black hats to crack it in the first place. The Windows paradigm is to run as Admin so one can get things done, Win7 has addressed this to a small extent but it still looks like a kindergarten attempt when compare to more mature and capable OSs.
Although one does wonder why MS had to make these moves (or are they indirectly admitting their OS is insecure?), what the heck are ISPs doing? Why are they continuing to fail (bar Cox it seems) to detect and isolate infected client systems (be they home PCs or servers)? Or to report infected PCs/servers to fellow ISPs and then block those ISPs if they do not take action? Surely protecting their primary asset (network bandwidth) is in the interest of ISPs?
Take a look at your calendar - it's 2010.
XP SP2 onwards with AV and running as users rather than as administrators was secure. Vista more so due to the enforced user levels. (which people bitched about as their apps all assume admin rights yet Vista took it away)
And 7 is also rock solid.
Maybe I could put it to you that actually the USER INSTALLED the crap under a social engineering scam? E.g. A toolbar, entering a competition, downloading a torrent, a 'free' add-on to MSN, drive by download because the local computer dick next-door disabled UAC, or a good old-fashioned virus attached in an email claiming to be from DHL...
Get Vista or 7, DON'T disabled auto-updates or UAC and slap on Microsoft Security Essentials. More than adequate security of a consumer PC.
The lengths that some people will go to to try and "beat" Windows (and in doing so make its problems worse) never cease to astound me.
Why is it that people compromise their systems - and worse, convince other people to compromise their systems - by disabling Widows Update, anyway? What exactly are they worried is going to happen there? Will the nasty MS goblins personally crawl down the fiber and start reading your email? Wait, there was never a patch for that.... Will they use it as a way to download all your files, steal your ideas and sleep with your wife? Strangely, none of those patches made the cut, either.
Or maybe they might clandestinely find a way to identify the fact that you've stolen your operating system from them. They did do that one.
Ultimately that's what it boils down to... "I can't use Windows Update, because then they might cotton on to the fact that I'm a thief, and stop me!"
Solution: Stop whining, and stop pretending that your big moral battle over remote patching is about anything other than getting away with theft.
There's nothing wrong with modern versions of Windows except for the people using them. XP? Not perfect. Vista? Dog's breakfast. Windows 7, On the other hand... Absolutely peachy. Remove the blinkers from thine eyes, and admit that just like Linux is no longer the terrifyingly complex beast that it was in 1998, neither is Windows still the piece of rubbish that is was in 2002.
Also, I also have it on good authority from anonymous sources inside Microsoft that Gates and Ballmer don't even rape puppies anymore - scandalous!
Would it be so difficult?
For example:
A sends to B purporting to be C.
Before B's ISP delivers it, it pings some sort of datagram to C "did you send MsgID 5436374747 to abc@xyz with 4735 bytes and CRC 43774 ?
If reply is negative, message discarded. If positive, message delivered maybe 500 milliseconds late.
Cuts out the forged sender, but won't immediately catch a compromised PC. Though if a problem is identified in the message the sender has been positively identified -- so if part of the tracebility requirement was a sender registration, that registration could be revoked until the compromise proven to be fixed.
There's already Sender Policy Framework [1]. This allows a domain, say example.com, to list all the addresses of machines that are allowed to send email from @example.com
The receiving machine can then check if the example.com has SPF records in its DNS, and then reject the email if there is an SPF record and the email isn't from a listed machine.
[1] http://en.wikipedia.org/wiki/Sender_Policy_Framework
I can't believe the US Federal Court can void registrations that belong to the world. As much as I dislike spammers, I don't believe a Federal judge can transfer ownership to another party. Perhaps as a tort in a civil suit ... but still I believe this is an ICANN providence and dislike the precedence it sets.
What happens when a Chinese court awards the Microsoft.com domain name to XIN Tech? Cyber war??
Just my 2 bits.