Page 1 of 2 12 LastLast
Results 1 to 20 of 26

Thread: Notifying the infected?

  1. #1
    Davej
    Guest

    Notifying the infected?

    Several times every hour my firewall announces a port scan. Usually
    when I check the IP it is local to my own internet provider. I'm
    supposing these are infected machines which are trying to spread their
    disease? This makes me wonder if some sort of warning message could be
    sent back to such a machine? Is that possible? Has that ever been done
    by a product?

  2. #2
    Chih-Cherng Chin
    Guest

    Re: Notifying the infected?

    On 2010-01-16, Davej <galt_57@hotmail.com> wrote:
    > Several times every hour my firewall announces a port scan. Usually
    > when I check the IP it is local to my own internet provider. I'm
    > supposing these are infected machines which are trying to spread their
    > disease? This makes me wonder if some sort of warning message could be
    > sent back to such a machine? Is that possible? Has that ever been done
    > by a product?

    I suggest that you report the events to the ISP, and remember providing
    your firewall logs to them. Without the loggs, the ISP probably can
    not do anything.

    --
    Chih-Cherng Chin
    Botnet Detection with Greylisting
    http://botnet-tracker.blogspot.com/s...el/greylisting

  3. #3
    Ansgar -59cobalt- Wiechers
    Guest

    Re: Notifying the infected?

    Davej <galt_57@hotmail.com> wrote:
    > Several times every hour my firewall announces a port scan.


    So what?

    > I'm supposing these are infected machines which are trying to spread
    > their disease?


    Why? A portscan is a perfectly valid means to discover what services (or
    rather listening sockets) a host provides. There's nothing wrong with
    that in itself.

    > This makes me wonder if some sort of warning message could be sent
    > back to such a machine? Is that possible? Has that ever been done by a
    > product?


    I'd hope no vendor would be *that* braindead. OTOH there's always
    Symantec, of course ...

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  4. #4
    Davej
    Guest

    Re: Notifying the infected?

    On Jan 18, 4:45*am, Ansgar -59cobalt- Wiechers
    <usenet-2...@planetcobalt.net> wrote:
    > Davej <galt...@hotmail.com> wrote:
    > > Several times every hour my firewall announces a port scan.

    >
    > So what?
    >
    > > I'm supposing these are infected machines which are trying to spread
    > > their disease?

    >
    > Why? A portscan is a perfectly valid means to discover what services (or
    > rather listening sockets) a host provides. There's nothing wrong with
    > that in itself.


    A host? Since when am I a host?

  5. #5
    Ansgar -59cobalt- Wiechers
    Guest

    Re: Notifying the infected?

    Davej <galt_57@hotmail.com> wrote:
    > On Jan 18, 4:45*am, Ansgar -59cobalt- Wiechers
    > <usenet-2...@planetcobalt.net> wrote:
    >> Davej <galt...@hotmail.com> wrote:
    >>> Several times every hour my firewall announces a port scan.

    >>
    >> So what?
    >>
    >>> I'm supposing these are infected machines which are trying to spread
    >>> their disease?

    >>
    >> Why? A portscan is a perfectly valid means to discover what services
    >> (or rather listening sockets) a host provides. There's nothing wrong
    >> with that in itself.

    >
    > A host? Since when am I a host?


    http://en.wikipedia.org/wiki/Host_(network)

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  6. #6
    Davej
    Guest

    Re: Notifying the infected?

    On Jan 18, 1:27*pm, Ansgar -59cobalt- Wiechers
    <usenet-2...@planetcobalt.net> wrote:
    > Davej <galt...@hotmail.com> wrote:
    > > On Jan 18, 4:45*am, Ansgar -59cobalt- Wiechers
    > > <usenet-2...@planetcobalt.net> wrote:
    > >> Davej <galt...@hotmail.com> wrote:
    > >>> Several times every hour my firewall announces a port scan.

    >
    > >> So what?

    >
    > >>> I'm supposing these are infected machines which are trying to spread
    > >>> their disease?

    >
    > >> Why? A portscan is a perfectly valid means to discover what services
    > >> (or rather listening sockets) a host provides. There's nothing wrong
    > >> with that in itself.

    >
    > > A host? Since when am I a host?

    >
    > http://en.wikipedia.org/wiki/Host_(network)
    >


    So just what legitimate services would anyone be hoping to find at
    some random node?

    http://en.wikipedia.org/wiki/Port_scan

  7. #7
    Ansgar -59cobalt- Wiechers
    Guest

    Re: Notifying the infected?

    Davej <galt_57@hotmail.com> wrote:
    > On Jan 18, 1:27*pm, Ansgar -59cobalt- Wiechers
    > <usenet-2...@planetcobalt.net> wrote:
    >> Davej <galt...@hotmail.com> wrote:
    >>> On Jan 18, 4:45*am, Ansgar -59cobalt- Wiechers
    >>> <usenet-2...@planetcobalt.net> wrote:
    >>>> Davej <galt...@hotmail.com> wrote:
    >>>>> Several times every hour my firewall announces a port scan.

    >>
    >>>> So what?

    >>
    >>>>> I'm supposing these are infected machines which are trying to
    >>>>> spread their disease?

    >>
    >>>> Why? A portscan is a perfectly valid means to discover what
    >>>> services (or rather listening sockets) a host provides. There's
    >>>> nothing wrong with that in itself.

    >>
    >>> A host? Since when am I a host?

    >>
    >> http://en.wikipedia.org/wiki/Host_(network)

    >
    > So just what legitimate services would anyone be hoping to find at
    > some random node?


    Whatever service that random node is providing? This may come as a shock
    to you, but probing a host's ports really is the only way of discovering
    which service(s) that host provides.

    > http://en.wikipedia.org/wiki/Port_scan


    So?

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  8. #8
    D. Stussy
    Guest

    Re: Notifying the infected?

    "Ansgar -59cobalt- Wiechers" <usenet-2010@planetcobalt.net> wrote in
    message news:7rk2avFemcU1@mid.individual.net...
    > Davej <galt_57@hotmail.com> wrote:
    > > On Jan 18, 1:27 pm, Ansgar -59cobalt- Wiechers
    > > <usenet-2...@planetcobalt.net> wrote:
    > >> Davej <galt...@hotmail.com> wrote:
    > >>> On Jan 18, 4:45 am, Ansgar -59cobalt- Wiechers
    > >>> <usenet-2...@planetcobalt.net> wrote:
    > >>>> Davej <galt...@hotmail.com> wrote:
    > >>>>> Several times every hour my firewall announces a port scan.
    > >>
    > >>>> So what?
    > >>
    > >>>>> I'm supposing these are infected machines which are trying to
    > >>>>> spread their disease?
    > >>
    > >>>> Why? A portscan is a perfectly valid means to discover what
    > >>>> services (or rather listening sockets) a host provides. There's
    > >>>> nothing wrong with that in itself.
    > >>
    > >>> A host? Since when am I a host?
    > >>
    > >> http://en.wikipedia.org/wiki/Host_(network)

    > >
    > > So just what legitimate services would anyone be hoping to find at
    > > some random node?

    >
    > Whatever service that random node is providing? This may come as a shock
    > to you, but probing a host's ports really is the only way of discovering
    > which service(s) that host provides.


    That doesn't mean that anyone has a right to scan for open ports on some
    random machine; a prelude to exploits (including attempts). Some places
    have laws against such action.



  9. #9
    Ansgar -59cobalt- Wiechers
    Guest

    Re: Notifying the infected?

    D. Stussy <spam+newsgroups@bde-arc.ampr.org> wrote:
    > "Ansgar -59cobalt- Wiechers" <usenet-2010@planetcobalt.net> wrote:
    >> Davej <galt_57@hotmail.com> wrote:
    >>> So just what legitimate services would anyone be hoping to find at
    >>> some random node?

    >>
    >> Whatever service that random node is providing? This may come as a
    >> shock to you, but probing a host's ports really is the only way of
    >> discovering which service(s) that host provides.

    >
    > That doesn't mean that anyone has a right to scan for open ports on
    > some random machine;


    It most certainly does. You connected the machine to a public network,
    and - repeating myself - in any TCP/IP network probing ports is the only
    way of discovering what services a given host offers.

    > a prelude to exploits (including attempts).


    A portscan is not necessarily the prelude to an attack. And a portscan
    most certainly isn't an attack in itself.

    > Some places have laws against such action.


    Fortunately most places have legislators with at least half a brain and
    don't.

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  10. #10
    D. Stussy
    Guest

    Re: Notifying the infected?

    "Ansgar -59cobalt- Wiechers" <usenet-2010@planetcobalt.net> wrote in
    message news:7ro9pdF843U1@mid.individual.net...
    > D. Stussy <spam+newsgroups@bde-arc.ampr.org> wrote:
    > > "Ansgar -59cobalt- Wiechers" <usenet-2010@planetcobalt.net> wrote:
    > >> Davej <galt_57@hotmail.com> wrote:
    > >>> So just what legitimate services would anyone be hoping to find at
    > >>> some random node?
    > >>
    > >> Whatever service that random node is providing? This may come as a
    > >> shock to you, but probing a host's ports really is the only way of
    > >> discovering which service(s) that host provides.

    > >
    > > That doesn't mean that anyone has a right to scan for open ports on
    > > some random machine;

    >
    > It most certainly does. You connected the machine to a public network,
    > and - repeating myself - in any TCP/IP network probing ports is the only
    > way of discovering what services a given host offers.


    That's like saying that spammers have a right to spam you - and you must
    accept their crap.

    > > a prelude to exploits (including attempts).

    >
    > A portscan is not necessarily the prelude to an attack. And a portscan
    > most certainly isn't an attack in itself.


    More often than not, it is.

    > > Some places have laws against such action.

    >
    > Fortunately most places have legislators with at least half a brain and
    > don't.


    ....And don't what?



  11. #11
    Davej
    Guest

    Re: Notifying the infected?

    On Jan 18, 3:32*pm, Ansgar -59cobalt- Wiechers
    <usenet-2...@planetcobalt.net> wrote:
    > Davej <galt...@hotmail.com> wrote:
    > > On Jan 18, 1:27*pm, Ansgar -59cobalt- Wiechers wrote:

    >
    > >>http://en.wikipedia.org/wiki/Host_(network)

    >
    > > So just what legitimate services would anyone be hoping to find at
    > > some random node?

    >
    > Whatever service that random node is providing? This may come as a shock
    > to you, but probing a host's ports really is the only way of discovering
    > which service(s) that host provides.
    >
    > >http://en.wikipedia.org/wiki/Port_scan

    >
    > So?


    So, it is completely legal to conduct port scans, but -- why conduct
    port scans when you won't have permission to use the services that you
    may discover? Your argument seems to be that you can freely use any
    service that you can find, but can you perhaps cite some evidence for
    that?


  12. #12
    Ansgar -59cobalt- Wiechers
    Guest

    Re: Notifying the infected?

    Davej <galt_57@hotmail.com> wrote:
    > On Jan 18, 3:32*pm, Ansgar -59cobalt- Wiechers wrote:
    >> Davej <galt...@hotmail.com> wrote:
    >>> On Jan 18, 1:27*pm, Ansgar -59cobalt- Wiechers wrote:
    >>>> http://en.wikipedia.org/wiki/Host_(network)

    >>
    >>> So just what legitimate services would anyone be hoping to find at
    >>> some random node?

    >>
    >> Whatever service that random node is providing? This may come as a
    >> shock to you, but probing a host's ports really is the only way of
    >> discovering which service(s) that host provides.
    >>
    >>> http://en.wikipedia.org/wiki/Port_scan

    >>
    >> So?

    >
    > So, it is completely legal to conduct port scans, but -- why conduct
    > port scans when you won't have permission to use the services that you
    > may discover?


    Who says I don't? Besides, even if I don't, what exactly would that
    change about port scans still being perfectly legal? (which in turn
    renders your whole "notifying the infected" point moot)

    > Your argument seems to be that you can freely use any service that you
    > can find, but can you perhaps cite some evidence for that?


    You connected your server to a public network, so I'd suggest you cite
    some evidence that I am not allowed to use a service that you made
    publicly available.

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  13. #13
    Ansgar -59cobalt- Wiechers
    Guest

    Re: Notifying the infected?

    D. Stussy <spam+newsgroups@bde-arc.ampr.org> wrote:
    > "Ansgar -59cobalt- Wiechers" <usenet-2010@planetcobalt.net> wrote:
    >> D. Stussy <spam+newsgroups@bde-arc.ampr.org> wrote:
    >>> "Ansgar -59cobalt- Wiechers" <usenet-2010@planetcobalt.net> wrote:
    >>>> Davej <galt_57@hotmail.com> wrote:
    >>>>> So just what legitimate services would anyone be hoping to find at
    >>>>> some random node?
    >>>>
    >>>> Whatever service that random node is providing? This may come as a
    >>>> shock to you, but probing a host's ports really is the only way of
    >>>> discovering which service(s) that host provides.
    >>>
    >>> That doesn't mean that anyone has a right to scan for open ports on
    >>> some random machine;

    >>
    >> It most certainly does. You connected the machine to a public
    >> network, and - repeating myself - in any TCP/IP network probing ports
    >> is the only way of discovering what services a given host offers.

    >
    > That's like saying that spammers have a right to spam you - and you
    > must accept their crap.


    Well, unless there are laws against spam, they do have the right to spam
    you. Sorry to burst your bubble. However, nobody's forcing you to accept
    their crap. Just like nobody's forcing you to accept connections from
    anyone. There's packet filters, there's encryption, there's
    authentication. Heck, there's even the option of NOT PROVIDING SERVICES
    YOU DON'T WANT TO PROVIDE, silly as it may sound.

    >>> a prelude to exploits (including attempts).

    >>
    >> A portscan is not necessarily the prelude to an attack. And a
    >> portscan most certainly isn't an attack in itself.

    >
    > More often than not, it is.


    You have some figures to support that opinion, I suppose? Not that it
    matters, anyway, because even if we assume it to be true, the assumption
    that *every* portscan came from an infected host trying to spread its
    disease would still be invalid.

    >>> Some places have laws against such action.

    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    >> Fortunately most places have legislators with at least half a brain
    >> and don't.

    >
    > ...And don't what?


    Read again.

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  14. #14
    Bit Twister
    Guest

    Re: Notifying the infected?

    On 21 Jan 2010 11:18:19 GMT, Ansgar -59cobalt- Wiechers wrote:

    > You connected your server to a public network, so I'd suggest you cite
    > some evidence that I am not allowed to use a service that you made
    > publicly available.


    Not so, a private business has to have the port open for their
    employees to use.

    A poor analogy follows:
    Think about the Internet as a road. You cannot just
    stop at any building and enter it because it is on the road.

    Several states in the USA have gotten tired of your excuse being used
    by hackers. Any unauthorized access is criminal trespass.
    That means a ping is trespassing.

    Just one example:
    http://tlo2.tlc.state.tx.us/statutes....000033.00.htm
    Read 33.01. Definitions (1) "Access"
    then 33.02. Breach of Computer Security (a)

  15. #15
    Ansgar -59cobalt- Wiechers
    Guest

    Re: Notifying the infected?

    Bit Twister <BitTwister@mouse-potato.com> wrote:
    > On 21 Jan 2010 11:18:19 GMT, Ansgar -59cobalt- Wiechers wrote:
    >> You connected your server to a public network, so I'd suggest you
    >> cite some evidence that I am not allowed to use a service that you
    >> made publicly available.

    >
    > Not so, a private business has to have the port open for their
    > employees to use.


    That's what authentication is for.

    > A poor analogy follows:
    > Think about the Internet as a road. You cannot just stop at any
    > building and enter it because it is on the road.


    Your analogy is indeed very poor, because with TCP/IP any driver on that
    road can only distinguish between a building he can or cannot enter by
    actually trying if the door is locked (port closed), open but declared
    private (authentication required) or open to the public (any other
    case).

    > Several states in the USA have gotten tired of your excuse being used
    > by hackers. Any unauthorized access is criminal trespass.


    Several states in the USA seem to have very poor understanding of how
    the Internet and TCP/IP work.

    Answer me this question: how do you get authorization to use any service
    on the Internet (like, say, Google)? I don't recall ever having
    requested or being granted explicit permission to use their service.

    Also - speaking of Google - you just declared the business of every
    search engine existing to be illegal. If you don't understand why: take
    a look at how spiders work and then ask yourself how *they* get
    permission to do what they're doing.

    IOW you just requested nothing short of the Internet being shut down.

    > That means a ping is trespassing.


    Which is simply ridiculous.

    > Just one example:
    > http://tlo2.tlc.state.tx.us/statutes....000033.00.htm
    > Read 33.01. Definitions (1) "Access"
    > then 33.02. Breach of Computer Security (a)


    "If you have reached this page, the content you are seeking has been
    moved."

    Besides, according to your own logic, I just commited an act of criminal
    trespassing by accessing that page, since I never got express permission
    by its owner.

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  16. #16
    Bit Twister
    Guest

    Re: Notifying the infected?

    On 21 Jan 2010 12:41:09 GMT, Ansgar -59cobalt- Wiechers wrote:
    > Bit Twister <BitTwister@mouse-potato.com> wrote:


    > Your analogy is indeed very poor, because with TCP/IP any driver on that
    > road can only distinguish between a building he can or cannot enter by
    > actually trying if the door is locked (port closed), open but declared
    > private (authentication required) or open to the public (any other
    > case).


    But the human is doing the driving, not the driver. :)


    > Answer me this question: how do you get authorization to use any service
    > on the Internet (like, say, Google)? I don't recall ever having
    > requested or being granted explicit permission to use their service.


    I hear what you are saying. google example would be you going into a
    Wallmart or any business open to the public,

    > Also - speaking of Google - you just declared the business of every
    > search engine existing to be illegal. If you don't understand why: take
    > a look at how spiders work and then ask yourself how *they* get
    > permission to do what they're doing.


    Heheheh, yes I know about spiders. And yes, Technically google is
    breaking the law.


    > IOW you just requested nothing short of the Internet being shut down.


    NO, anyone can drive around on the internet, just not allowed to drive
    onto just anyone's property.


    >> That means a ping is trespassing.

    >
    > Which is simply ridiculous.


    But has to be that way to keep hackers lawyers saying "but system
    allowed it"


    > "If you have reached this page, the content you are seeking has been
    > moved."


    Sorry, I did not check the link. It has been awhile.
    http://www.statutes.legis.state.tx.u.../htm/PE.33.htm
    Texas Penal Code, Title 7, Offenses Against Property, Chapter
    33, Computer Crimes, is quite clear about unauthorised scanning.

    Read 33.01. Definitions (1) "Access"
    then 33.02. Breach of Computer Security (a)



    > Besides, according to your own logic, I just commited an act of criminal
    > trespassing by accessing that page, since I never got express permission
    > by its owner.


    Not my logic. Just a fact of law.

    Your logic is not going to be a defense if you access a power
    substation or water damn/lock control system.

  17. #17
    Ansgar -59cobalt- Wiechers
    Guest

    Re: Notifying the infected?

    Bit Twister <BitTwister@mouse-potato.com> wrote:
    > On 21 Jan 2010 12:41:09 GMT, Ansgar -59cobalt- Wiechers wrote:
    >> Bit Twister <BitTwister@mouse-potato.com> wrote:

    >
    >> Your analogy is indeed very poor, because with TCP/IP any driver on
    >> that road can only distinguish between a building he can or cannot
    >> enter by actually trying if the door is locked (port closed), open
    >> but declared private (authentication required) or open to the public
    >> (any other case).

    >
    > But the human is doing the driving, not the driver. :)


    Har.

    >> Answer me this question: how do you get authorization to use any
    >> service on the Internet (like, say, Google)? I don't recall ever
    >> having requested or being granted explicit permission to use their
    >> service.

    >
    > I hear what you are saying. google example would be you going into a
    > Wallmart or any business open to the public,


    However, the only way to distinguish Walmart (or Farmer Fred's Produce
    Plant) from Joe Average's house is to go looking. Which technically
    means to send packets of some kind.

    >> Also - speaking of Google - you just declared the business of every
    >> search engine existing to be illegal. If you don't understand why:
    >> take a look at how spiders work and then ask yourself how *they* get
    >> permission to do what they're doing.

    >
    > Heheheh, yes I know about spiders. And yes, Technically google is
    > breaking the law.


    Technically that kind of law is breaking the Internet.

    Keep in mind that this doesn't apply only to Google, but to *every*
    *single* entity using the Internet.

    >> IOW you just requested nothing short of the Internet being shut down.

    >
    > NO, anyone can drive around on the internet, just not allowed to drive
    > onto just anyone's property.


    That's like saying you can drive around public streets, but you can't
    get off (or even look around) anywhere. Makes the whole thing rather
    pointless, don't you think?

    And just in case anyone was wondering: yes, on the Internet "looking"
    does mean sending and receiving packets. That's how TCP/IP works.

    >>> That means a ping is trespassing.

    >>
    >> Which is simply ridiculous.

    >
    > But has to be that way to keep hackers lawyers saying "but system
    > allowed it"


    Only if you believe that people do have the right to remain ignorant.
    Which I resent.

    And, repeating myself, it in turn would mean that nobody can legally use
    the Internet. Ever.

    >> "If you have reached this page, the content you are seeking has been
    >> moved."

    >
    > Sorry, I did not check the link. It has been awhile.
    > http://www.statutes.legis.state.tx.u.../htm/PE.33.htm
    > Texas Penal Code, Title 7, Offenses Against Property, Chapter
    > 33, Computer Crimes, is quite clear about unauthorised scanning.
    >
    > Read 33.01. Definitions (1) "Access"
    > then 33.02. Breach of Computer Security (a)


    Basically this means: unless you can assume the owner's implicit
    consent, every single Texan citizen using the Internet is in violation
    of the law. I'll leave it as an exercise to the reader to decide how
    sensible this point of view is.

    >> Besides, according to your own logic, I just commited an act of
    >> criminal trespassing by accessing that page, since I never got
    >> express permission by its owner.

    >
    > Not my logic. Just a fact of law.


    Not where I live. And AFAICS not in most other places.

    > Your logic is not going to be a defense if you access a power
    > substation or water damn/lock control system.


    *sigh*

    Did you ever ask yourself why that kind of system should have any
    connection to the Internet in the first place? Doesn't the term "due
    diligence" mean anything to anyone except me anymore? In my book, not
    the person accessing that kind of system ought to be prosecuted, but
    those who failed to properly secure it. Tar and feathers come to mind.

    Like I said above: I resent the idea that people have the right to
    remain ignorant.

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  18. #18
    Bit Twister
    Guest

    Re: Notifying the infected?

    On 21 Jan 2010 15:08:25 GMT, Ansgar -59cobalt- Wiechers wrote:
    > Bit Twister <BitTwister@mouse-potato.com> wrote:
    >> Your logic is not going to be a defense if you access a power
    >> substation or water damn/lock control system.

    >
    > *sigh*
    >
    > Did you ever ask yourself why that kind of system should have any
    > connection to the Internet in the first place?


    Profit. Only need the idiot setting in a control room controlling
    remote devices. That dedicated phone line and equipment on both end
    cost too much. :)


    > Doesn't the term "due
    > diligence" mean anything to anyone except me anymore? In my book, not
    > the person accessing that kind of system ought to be prosecuted, but
    > those who failed to properly secure it. Tar and feathers come to mind.
    >
    > Like I said above: I resent the idea that people have the right to
    > remain ignorant.


    I hear where you are coming from. Should everyone have to be able to
    put their car together from scratch to be licensed to drive.

    What about the best damn malware magnet OS being allowed for sale.
    Cars makers can be sued for bad design. I think Micro$loth should be
    made to supply best of breed anti-(virus,ad,spyware,rootkit,..) and
    database subscriptions for as long as user runs M$ OS. :-D

    Of course 55,000 new malware releases a day does keep the user a fair
    distance behind the curve.

    Using your rule, there would be no way to prosecute the botnet master
    causing a denial of service.

    Defense lawyer: Your honor, not my client's problem because the
    victim did not buy enough internet capacity/bandwidth and have enough
    horsepower to sustain the load. Also should have had software to
    block my client's net's ip addresses. No law broken here.

  19. #19
    Ansgar -59cobalt- Wiechers
    Guest

    Re: Notifying the infected?

    Bit Twister <BitTwister@mouse-potato.com> wrote:
    > On 21 Jan 2010 15:08:25 GMT, Ansgar -59cobalt- Wiechers wrote:
    >> Doesn't the term "due diligence" mean anything to anyone except me
    >> anymore? In my book, not the person accessing that kind of system
    >> ought to be prosecuted, but those who failed to properly secure it.
    >> Tar and feathers come to mind.
    >>
    >> Like I said above: I resent the idea that people have the right to
    >> remain ignorant.

    >
    > I hear where you are coming from. Should everyone have to be able to
    > put their car together from scratch to be licensed to drive.


    No. But everyone who *does* should be held responsible if they screw up.
    And everyone who doesn't want that should leave their car to a garage.
    Who should be held responsible if *they* screw up.

    > What about the best damn malware magnet OS being allowed for sale.


    What about it? Even Windows can be run in a way that doesn't promote
    malware distribution.

    > Cars makers can be sued for bad design. I think Micro$loth should be
    > made to supply best of breed anti-(virus,ad,spyware,rootkit,..) and
    > database subscriptions for as long as user runs M$ OS. :-D


    Microsoft should be held responsible for the really bad default
    configuration they ship, yes. Everyone else should be held responsible
    for not changing those (well known) bad defaults, though.

    I've been running Windows (as well as other systems) for more than a
    decade now, and I can count the number of infections on one hand. Not to
    mention that a significant number of infections (I'd even go as far as
    saying most of them) could have been avoided by very simple means, like
    timely application of security patches, using a limited user account for
    day-to-day work, or disabling auto-play.

    There really is no technical reason at all why a computer running
    Windows 2000, XP or newer must be more vulnerable than a computer
    running Linux or Mac OS X.

    [...]
    > Using your rule, there would be no way to prosecute the botnet master
    > causing a denial of service.


    That's simply not true (well, not where I live at least). The principal
    of a crime can always be held responsible in just the same way as the
    one actually committing the crime. However, there *is* something like
    gross negligence in virtually any other area. Why are IT systems (and
    particularly the vendor of an all-too-well-known operating system)
    treated so much differently?

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  20. #20
    Regis
    Guest

    Re: Notifying the infected?

    Ansgar -59cobalt- Wiechers <usenet-2010@planetcobalt.net> writes:

    > There really is no technical reason at all why a computer running
    > Windows 2000, XP or newer must be more vulnerable than a computer
    > running Linux or Mac OS X.


    This is indeed correct, particularly so with the additional
    protections afforded by Vista and Windows 7. Kudos as well for
    highlighting that the default configurations are more to blame than
    the OS itself.

    Also worth mentioning that a user also needs to be smart enough to not
    be using Internet Explorer here the past 2 weeks since there's very
    public 0day code available and no fix yet from Microsoft.

    And updating everything with the Adobe name on it twice a week as
    needed.

    Adobe is a bigger threat to internet security than Microsoft is these
    days by probably an order of magnitude. Their **** is pourous as
    hell, and there's still no auto update mechanism that works across
    Flash, Acrobat, and Shockwave Player.









Similar Threads

  1. Infected: virus Net-Worm.Win32.Kido.ih
    By itsallaobutgame in forum comp.security.firewalls
    Replies: 6
    Last Post: 05-10-10, 01:48 PM
  2. New hijack log, new problem :(
    By nodeuce in forum Network Security
    Replies: 1
    Last Post: 01-22-09, 03:40 PM
  3. Problem with opening first page (homepage) in browser.
    By HHawk in forum General Broadband Forum
    Replies: 2
    Last Post: 12-12-08, 08:06 AM
  4. Replies: 4
    Last Post: 11-20-07, 06:32 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •