Feeds

Cockney duck catches viral confusion

Oh, and we got flamed...

  • alert
  • submit to reddit

Business security measures using SSL

Letters Regular readers will know that our security man, John 'Bin' Leyden, is usually pretty much on top of the virus gossip mill: which virus is where and doing what to who, and which celebrity it was seen out with at the Met Bar and so on. So he was most upset this week when two of the leading virus publicity agencies, sorry, anti-virus companies, couldn't agree on the status quo.

One said infections were up, the other said down. Or something. It was all very confusing.

Subject: Why Trend and Sophos don't agree

John,

The general rule in AV is, "you hear most about the problems that your product has."

So, if Sophos says Sasser was a bigger problem than Netsky, and Trend says the reverse, then Sophos has a bigger problem with its products when it comes to Sasser than Trend.

As for the virus numbers going up or down in May, I think Trend is correct. The arrests in Germany took the Agobot/Phatbot author off the air, and he was responsible for hundreds of those thousand virus variants last month.

And the Netskys are also done (in terms of new variants). And add the general effect of a number of arrests in May. So, for the short term, the count ought to decrease a little.

Jimmy

Sophos, meanwhile, could not resist taking the opportunity to bop Trend over the head a bit. Carole Theriault is a security consultant there, and she writes:

I don't think too much should be read into the numbers of new viruses added to either vendor's product. What is more relevant is which viruses are breaking into the wild, which are spreading quickly, which are dropping off the chart, etc.

It's very curious - however - to see what Trend are saying about the Sasser worm. They say that Sasser caused Trend's first "Red alert" of the year, and yet it only makes position 8 in their chart.

Indeed according to Trend's stats, Sasser was beaten by the Nimda worm which first appeared in September 2001! I think this calls into question whether Trend's statistics are really representative on the threat out there.

No-one has a truly accurate picture of the virus battleground, but I think Sophos's is probably more in line with reality than Trend's this month.

Trend was not going to leave the question open either, and suggested different tracking methods could account for the differences. Trend's PR company forwarded the following remarks from Raimund Genes, President of European Operations:

Trend Micro uses its Housecall service to trace all virus activity. This method provides a "Real World" picture of virus infections, as it tracks only malware that has actually impacted on computers.

Other methods of virus tracking, as used by other antivirus companies, count the number of e-mails sent containing malware. This method therefore, does not reflect the number of PC's actually infected, but the number of malware transmissions.

As a result Trend Micro's virus top ten reflects actual levels of infections, whilst other vendor top ten lists reflect levels of malware transmissions. This accounts for the discrepancies seen between virus levels recorded by different vendors. Raimund Genes

Still confused? We are, too. Let's move on, before it gets any worse...


Shiny things and stuff with LEDs on will always go down well at Vulture Central. Maybe we are part magpie? Only a very small part, mind you. Anyway, Nokia's wave messaging system seemed to fit the bill. It tugged on a few memory strings too, and not just in this office:

While amazing, magnific, etc., Nokia's "wave messaging" feature has been shown in prototype by Wildseed for at least 18 months.

I can't tell from the Nokia website whether this is a licensed SmartSkin product, or if they've developed it in parallel. In either case, you might wish to compare these products in the article.

All the best,

Alex Pournelle


I may be 35, my brain may be only slightly engaged, maybe I don't recall the name, but I *do* remember a little device from my childhood here in the United States that did exactly the same thing....

It was a red paddle-like affair with a mini keyboard on one side and a row of red LEDs on the other. The idea being, as you might guess, that at night you program your message and wave the contraption overhead - not very unlike this Nokia TOY.

Maybe there's an Intellectual Property lawsuit just waiting to happen?

Michael


Of course the fact that its dark in Finland for 6 months of the year may have something to do with this

"I'm over here" would be a popular message

Michael Clegg

Nice one Michael. Good to see practical applications of new technology.


Last week's piece on software piracy drew more than a few comments, as you would expect. We ran some last week, but this one arrived in the second post, missing the mailbag.

Lucy,

I just can't let this one slip without saying something...The quote that has so irked me was by Tim Scoff when he said:

> "Stealing software by pirating serial numbers is no different than me > walking into your house tomorrow afternoon while no one is home and > taking your TV, computer, and stereo system. It's also no different > than walking into a computer store and shoplifting the same piece of > software."

Now, I'm no lawyer - but, from my understanding of the UK legal system he is utterly incorrect. The definition of theft implies the permanent deprivation of an object by someone else. Software pirates do not deprive anyone of legitimate copies of software - they infringe copyright, yes, but that IS NOT theft! You don't pay Microsoft for the software - you pay them for a licence to use the software.

If the pirate in question was breaking into Microsoft's premises and stealing the master copies (which Microsoft were incapable of replacing) - then the example given by Mr Scoff would make sense. But, they aren't and it doesn't... Software has no physical presence (unlike the electronic goods and boxed software he mentions stealing in his example) - so it's duplication can't be considered the same as theft of more tangible goods.

> "Anyone who pirates software deserves to face the same penalty that I > would face if I was caught shoplifting that same piece of software > from a retail store, and Microsoft has the legal right and moral > obligation to see to it that pirates face those penalties."

OK, this is just disappearing into cloud cuckoo land. Microsoft are probably sensible enough to realise that there is absolutely nothing to be gained in trying to prosecute every single person using a Microsoft product without an appropriate licence. What would they gain? And at what cost? Is a slight sense of moral superiority worth the billions and billions (probably a slight underestimate) that it would cost? I seriously doubt even Bill Gates has sufficient cash to pursue that many legal cases worldwide.

They ought to target the people who are making a living from selling large quantities of pirated software or running their business using pirated software - not individual users with a dodgy copy of Word or Excel.

My main objection regarding Microsoft's whole licensing scheme is the lack of decent home user support. As a home user should I really be paying the same for a copy of 2K3 server for home use as the company I work for pays for my office use? (actually, as my office probably has a decent bulk purchase discount I probably pay more for home software) Personally, I'd love to see a "free for non-profit use" type licensing scheme so that people who are making money from Microsoft products have to pay a fair percentage whilst those with more academic interests can work freely without restraint.

> "Software pirates are criminals and deserve to be treated as such. > If their computers cause damage because they're not patched and they > get taken over and used for DDOS attacks or spam relays they need to > face the penalty for that also."

Oh yeah, that's sensible - let's make the end user guilty for running software with security vulnerabilities. It's their fault - not the company that produced the software in the first place or the person carrying out the attack against them.

In my experience, naturally, software pirates are extremely technically competent (where exactly do you think the whole reverse engineering field started off?) compared to "average" home users (my parents, for example). Despite repeated warnings, my parents still can't manage to work out WindowsUpdate. If you're talking about punishing people whose machines are attacked - I'm guessing it's going to be mainly people like my parents who get hit - not someone who knows enough about the underlying technology to patch around or otherwise mitigate the problems of which they are aware.

And, ok, so - copyright infringement is against the law - but, I think it's only civil law, not criminal - so it's hardly a serious offence. I'd personally rather see effort spent catching real criminals rather than trying to make the world's richest man (if he still is) a few more dollars. Although - if Bill Gates wants to spend billions trying to prosecute people, I'm sure our courts could make good use of his cash... ;-)

Rant over,

Thanks for listening,

Steve.

No problem. Just like Dr. Krane, we are always listening.


We wrote this week that women download more ringtones than do men, while men download more games for mobiles than do women. Seems some of you with a more statistical bent had a couple of quibbles with the piece:

Ohh, a majority because they are 'responsible for just over half'!

I guess that's correct, just as 2+2 is equal to 4, but why is this news?

Are the girls a small minority of mobil phone users and still download half of all ringtones? Or are around 50% of the user responsible for around 50% of the ringtone downloads? The latter would hardly be a a surprise to anyone.

"Men, or should it be boys, are far more likely to download games: 58 per cent of people who have downloaded a game in the last three months are men."

A very sharp division indeed (not) with less than a 10% lead in downloads of games by boy vs. girls. Or is there some third sex, or perhaps it's gremlins, that account big precentage of answers. This use of superlatives is poor journalism period. I suggest reading a good book on statistics and thinking a moment or two about what the numbers actually mean.

Regards /Håkan

This is the closest we've had to a flame in a while, and although it doesn't have the full range of features, it is not devoid of the hallmarks of a good roasting.

Look closely: "mobile" is missing its final "e", a word misspelled in such a way as to indicate hasty, and therefore angry, typing; the classic use of "not" to indicate sarcasm; criticism over use of superlatives that were never actually used and finally, the careful lack of punctuation in a sentence containing advice on journalism.

Good work. Keep it up.


Dax Farrer puts his point rather more succinctly:

This acticle is crap

Oh. Er, Sorry. But what is an acticle?


Hang on, this is another one from Dax...about ducks this time.

Hmm maybe just tall story, but Im pretty sure the following is true ...

"A ducks quack does not echo, and nobody knows why .." So you never know there could be another story to follow...send out a roving reporter, get those carrion arses out of the comfy chairs and away from the pretzels.

Not after your little outburst above, matey...

Now, we need to get back to work, so we'll leave it there for today. Could someone pass the pretzels? Thanks. ®

Update: This is an interesting link for anyone who was wondering about those duck quacks. In a nutshell: yes, quacks do echo. End of story.

Website security in corporate America

More from The Register

next story
Oi, London thief. We KNOW what you're doing - our PRECRIME system warned us
Aye, shipmate, it be just like that Minority Report
WRISTJOB LOVE BONANZA: justWatch sex app promises blind date hookups
Mankind shuffles into the future, five fingers at a time
Apple's Mr Havisham: Tim Cook says dead Steve Jobs' office has remained untouched
'I literally think about him every day' says biz baron's old friend
Every billionaire needs a PANZER TANK, right? STOP THERE, Paul Allen
Angry Microsoftie hauls auctioneers to court over stalled Pzkw. IV 'deal'
Oz carrier Tiger Air takes terror alerts to new heights
Don't doodle, it might cost you your flight
Cops apologise for leaving EXPLOSIVES in suitcase at airport
'Canine training exercise' SNAFU sees woman take home booming baggage
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.