Comments on: Conficker worm – The Return? http://www.p2pnet.net/story/19036 p2pnet.net - reader powered Sat, 21 Nov 2009 14:58:33 -0600 http://wordpress.org/?v=2.8.4 hourly 1 By: Mike Acker http://www.p2pnet.net/story/19036/comment-page-1#comment-970180 Mike Acker Tue, 24 Mar 2009 10:20:54 +0000 http://www.p2pnet.net/?p=19036#comment-970180 It is not so much that security is impractical in a "generative" environment as it is that the security issue just has not been addressed sufficiently. When the IBM/PC and AT were initially marketed they were regarded as nuisance systems. Tee hee. See _The PC that ate Armonk_. I have been active in IT and software during that entire time. The little nuisance PC has become the mainstay of computing all around the world. The PC was a totally open system when it was created, and this "generative" (if I may) aspect of that system was the direct cause of its explosive growth and adoption. The first viruses were boot sector virus that were passed around on diskettes. And these were just a harbinger of things to come. But, enamored with the glitter and dazzled by the possibilities in these new available computers we have charged ahead making terriffic progress -- but exposing vulnerabilities at the same time. Today, the security issue is drawing considerable attention. Microsoft launched a massive initiative to address the problem, resulting in the deployment of firewalls in XP (at SP2 if I remember right). This effort continues in Vista and in W7 with the UAC which will continue to be refined. The central issue remains clear however, that being that we must establish the practice of distributing and operating software in such a manner that un-authorized modifications are not made. This is possible and can be done by simply using digital signatures to authenticate distributed software. remember always that computer security is like a balloon: a pin-prick and pop! it's gone. the system owner must win by a shut-out. the new vulnerability in intel chips / poison cache for example must be activated from a program running in ring0 on the x86. There should not be any un-authorized code running in ring0. It is not so much that security is impractical in a “generative” environment as it is that the security issue just has not been addressed sufficiently.

When the IBM/PC and AT were initially marketed they were regarded as nuisance systems. Tee hee. See _The PC that ate Armonk_. I have been active in IT and software during that entire time. The little nuisance PC has become the mainstay of computing all around the world.

The PC was a totally open system when it was created, and this “generative” (if I may) aspect of that system was the direct cause of its explosive growth and adoption.

The first viruses were boot sector virus that were passed around on diskettes. And these were just a harbinger of things to come. But, enamored with the glitter and dazzled by the possibilities in these new available computers we have charged ahead making terriffic progress — but exposing vulnerabilities at the same time.

Today, the security issue is drawing considerable attention. Microsoft launched a massive initiative to address the problem, resulting in the deployment of firewalls in XP (at SP2 if I remember right). This effort continues in Vista and in W7 with the UAC which will continue to be refined.

The central issue remains clear however, that being that we must establish the practice of distributing and operating software in such a manner that un-authorized modifications are not made. This is possible and can be done by simply using digital signatures to authenticate distributed software.

remember always that computer security is like a balloon: a pin-prick and pop! it’s gone. the system owner must win by a shut-out. the new vulnerability in intel chips / poison cache for example must be activated from a program running in ring0 on the x86. There should not be any un-authorized code running in ring0.

]]> By: Sukasa http://www.p2pnet.net/story/19036/comment-page-1#comment-970158 Sukasa Mon, 23 Mar 2009 20:13:55 +0000 http://www.p2pnet.net/?p=19036#comment-970158 greenpete: Generally, the servers and DNS entries for these servers are set up in countries that couldn't give a damn, for example (and I apologize for reinforcing a stereotype), but Russia for example can host many malware-industry 'companies' because it's so incredibly difficult to get those servers taken down. greenpete: Generally, the servers and DNS entries for these servers are set up in countries that couldn’t give a damn, for example (and I apologize for reinforcing a stereotype), but Russia for example can host many malware-industry ‘companies’ because it’s so incredibly difficult to get those servers taken down.

]]> By: greenpete http://www.p2pnet.net/story/19036/comment-page-1#comment-970153 greenpete Mon, 23 Mar 2009 19:21:11 +0000 http://www.p2pnet.net/?p=19036#comment-970153 How come the record industry etc can get IP address's and chase loads of people to insanity but we can't do the same with the servers/hosts what have you for these bot nets? It seems we can or did block them before, therefore we knew the servers IP addy and therefore could trace them to a phisical place and owner, it seems very odd to me! How come the record industry etc can get IP address’s and chase loads of people to insanity but we can’t do the same with the servers/hosts what have you for these bot nets?
It seems we can or did block them before, therefore we knew the servers IP addy and therefore could trace them to a phisical place and owner, it seems very odd to me!

]]>