One of the bigger firms could launch a counter botnet, it could reside in uninfected computers and actively stop nasty worms and trojans coming in. They could call it something catchy like "anti-virus" or something..

Anybody with the privilege to run infected software on unprotected machines deserves to have their Internet cut to protect the Internet and the more responsible users of it. So, being slightly more serious than above, Norton, Mcafee, Sophos et al. should actively target infected machines using the same methods the original botnet teams did and install software that disables the Internet. The only way to reinstate the Internet would be through disinfection of the machine. A flashing pop-up could tell you to call a free number for a free disc to clean your machine and maybe also offer discounts against anti- products or internet awareness lectures.

Perhaps stronger measures than recommendations are needed.

"Do not open executable files." Slap!

"Ow!"

"Do not open executable files." Slap!

"Ow!"

"Do not open executable files." Slap!

"Ow!"

"Do not open executable files." Slap!

"Ow!"

"Do not open executable files." Slap!

"Ow!"

"Do not open executable files." Slap!

"Ow!"

Stupidity and naivity are certainly both drivers here but more importantly, your average user is totally unaware of the problem.

Nobody wants a compromised PC and almost everyone would take the appropriate steps if they know about it - but it's pretty near impossible to get the simple answers required from the literature of the "security" software vendors.

Here's a simple question from a typical user:

"I am running AVG anti virus and Zonealarms - both up to date - is there any way that my PC could be comrpomised and actively pumping spam without my knowledge?"

Answers on a postcard please....

"You have opened an executable file that was infected. To protect the Internet your machine has now sustained a full system wipe...

************ In future, Please pay attention to warnings************

************************Have a nice day *******************

I have promposed the same solution on numerous occasions. I suspect that it is the only silver bullet for this problem.

Rather than a full system wipe, perhaps just deleting the windows directory, and replacing it with a simple Bootloader that outputs the words "Please take your machine to a local PC repairer and tell them you are an idiot"

"You have opened an executable file that was infected. To protect the Internet your Windows installation has been overwritten with a Linux distribution"

OT: Need those penguin icons...

"Anybody with the privilege to run infected software on unprotected machines deserves to have their Internet cut to protect the Internet and the more responsible users of it."

When you install Windows XP, you're automagically given the status of Computer Administrator. It might seem trivial to us IT types to go and swap the account type, but to someone who's just about capable of sending a few emails, using the basics of Word and Excel, surfing the web for pr0n and watching funny videos on youtube/facebook etc (ie the vast vast majority of Windows users) it's above their level of understanding.

The problem is that when they click a dodgy link to an infected site, they don't realise that they're installing stuff. This is one thing that Vista addressed with the UAC prompts... And everyone complained that it was intrusive and turned it off (although how this is different from having to enter your su password with sudo in Linux I don't know)

It's very simple for people like us who deal with IT and these issues on a weekly/daily/hourly basis to say "Don't click this, don't press that and for God's sake don't type this" but for your average homeuser who has AVG and ZoneAlarm installed and still can't work out why their computer's grinding to a halt it's no good.

We need education - and this needs to stem from both the classrooms (I've worked in a school as IT Support and when the IT Teachers can't figure out to plug the USB printer back in to get it to work there's obviously issues) and from industry (get all your staff who use the internet on SOME sort of IT Training course)

Perhaps el Reg or someone could do a beginners guide to protecting your PC that we can forward to all our family and friends and maybe claw back some of our evenings and weekends. Something in the vein of Idiots Guide or something... I would - but I'm not a technical writer with a sense of humour ;-)

(And yeah, I know Ubuntu is *almost* ready for the average home user... *almost* but it's not quite there yet... And I just take offence at Macs for personal and historic reasons... ;-))

the thing is, even after you've opened attachments promising nude pictures of your favouriate celebrities, you're still no closer to having the nude picture, thats the biggest disappointment here.

it would be so worth the virus infection for a genuine nude picture of say, Kirsten Dunst or Britney Spears; although I think the tabloids have mostly already covered that last dead sheep (beaver?).

****

even more annoyingly though is that recent versions of popular mail clients display several hundred warnings about attachments before you're allowed to do anything. It doesn't really protected anybody taking this stance though, all its done for me is train me too click "yes" to every single box that pops up without reading the messages contained within.

"So, being slightly more serious than above, Norton, Mcafee, Sophos et al. should actively target infected machines using the same methods the original botnet teams did and install software that disables the Internet."

I hope you meant to use the joke icon with that... Yes, Muppets that install malware need a slap (well said Anonymous John), but encouraging Symantec and the likes to install begware on peoples PCs is one of the dumbest things I have ever heard! It’s bad enough having to install the crappy antivirus applications in the first place.

BTW: Click here for nude Angelina Jolie game.

You'd think that being sent nude pictures of your favorite celebrity by "John_ax323dz@ups.net" would be enough to make people go "Hmm, do I know this John person? No? Why are they sending me pr0n? I think I'll not open this message." Especially since the subject lines are all "F/R/E/E P_R0_/\/!!!!!", I mean, it's been a bit since I was fluent in aol speak, and maybe they talk like that now... but really..? The big thing is emails from trusted sources. Like when your friend gets his inbox haxx0red and spams his contact list.

That being said, I've got 3 email accounts I use daily, 1 work and 2 personal. I get almost -no- spam. Gmails blockers are kick ass, and what ever my work uses works really well. The only spam that slips through gmail is the very rare weak ass phish from Bank of America where it is like:

"Dear Customer, please visit the address below and enter your username and password: http://123.35.121.41/somejibberish.php"

where they don't even bother to spoof the address.

"better still :-)

"You have opened an executable file that was infected. To protect the Internet your Windows installation has been overwritten with a Linux distribution""

Please tell me you don't really think that idiots running Linux are in less danger of being compromised than idiots running Windows.

Your Link didn't work !!

Debian 64 here as well so please can you ensure it works properly on 64 bit too ?

hehe

/me fed up of stuff not working on 64 bit ...yet.

And smugly calling them idiots won't solve anything - least of all, reducing the levels of infection. What they are is less savvy about computer security than you. The mechanics, pilots and brain surgeons who don't have time for IT security might think that the nerd elite are a bunch of self-satisfied wankers, y'know.

Anyway, most links to nudie pics on the net do actually take you to nudie pics. In that respect, their behaviour is nothing unusual.

More seriously, the antivirus companies can't infect people with goodware. That is just as much an unauthorised use of the PC as malware. Imagine the backlash when buggy goodware brings down an important machine.

>> It is a concern to us that so many computer users are still being taken in by what

>> we would consider to be an obvious subterfuge as 'check out this nude Britney

>> Spears game'.

Is that people still would want to see Britney Spears nude. Unless of course the aim of the game is to put some clothes on her.

For anyone interested in nude Britney Separs pictures, http://upload.wikimedia.org/wikipedia/commons/a/af/Homelard.jpg

A few years ago, during the code red days, I did something similar. I told my linux box to go ahead and answer all those windows IIS queries, and respond by contacting the originating ip address and issuing an delete *.com and delete *.exe.

Don't know how many machines probed for IIS on my linux box, but it made me smile every time.

Perhaps it's time for email to return to boring old plain HTML with no executable content or better still, we could return to rich text with nothing executable. In the chase to make things easier for users we have instead swapped ease of use for ease of abuse.

Instead of fighting a losing battle to prevent this crap from coming in through email, lets simply cut them off. The same thing goes for all that whizz bang interactive crap on the net. We haven't in fact made anything easier to actually use, all we have done is made it easier for advertisers and black hats alike to push stuff we haven't requested on to our screens and hard discs.

"Please tell me you don't really think that idiots running Linux are in less danger of being compromised than idiots running Windows."

I'd have thought that people who are smart enough to install an OS (be it Windows or Linux) would be smart enough to not do stupid things.

Then again the smartest people tend to have the least common sense.

To solve the problem of dialers, what would be needed is for modems to be designed so that you have to dial out manually to connect your computer. To solve the problem of worms, browsers shouldn't be able to write files with execute permissions - to give a file execute permissions, you have to go into the Control Panel and do something like "activate application". That would work.

""Please tell me you don't really think that idiots running Linux are in less danger of being compromised than idiots running Windows.""

"I'd have thought that people who are smart enough to install an OS (be it Windows or Linux) would be smart enough to not do stupid things."

Regardless of the OS you use, you're forgetting one basic thing: the grand majority of (legal) Windows users have probably never installed an OS in their lives! They most likely wouldn't even know how to, and would mistakenly assume the setup partition screen is a BSOD and reboot. Most of those people out there get it preinstalled and preconfigured (for good or for evil) when they buy a machine. Using doesn't mean making - just like how I buy my cars with the engine installed. If it breaks down, I don't have the first clue of what to do: I didn't build the damn thing.

Doesn't Outlook Express still default to having the preview pane, which, essentially, "auto-clicks" on whatever message is on top when you launch it?

And before everybody says "Well, don't run OE", take a deep breath and consider the poor sod who, y'know, has to work for a living, in one of the (vast majority of) offices that use Exchange for everything and whose boss is always "pushing the envelope" in ways that make only bug-for-bug compatible with Outlook usable at all.

Any half-decent botnet software is going to be largely transparent to the infected machine. The only obvious symptoms are the large amounts of email being sent out, and since the average home user doesn't monitor their own network traffic, they won't be any the wiser. Equally, since the infection doesn't actually cause any trouble, the average home user probably has no incentive to become any wiser.

The ISP, on the other hand, probably does have the know-how and the infrastructure to perform such monitoring. It also pays the cost (in network congestion) so it has the incentive. Any legal or privacy concerns could be disposed of in the service contract, and there could be an option for "power users" (Ooh, yes, flatter me some more.) to dispense with the filtering. It could even be sold to non-power users as a "we keep you safe" feature. So why isn't this more common?

I read the following somewhere recently

"The average user would not recognize a security issue if it was marching down the main street naked carrying a large sign saying "I am a security issue" "

Aint it the truth!

A good many XP home users don't know that they have an admin account - or even that one exists.

They certainly wouldn't cope well with having a different log in to install stuff from.

Added to that, there is some pretty badly written software that will only add itself to the start menu of the current user, so it's no good installing it from an admin account. Then, the fact that most users don't want to do anything to their computers whatsoever, and the machines are actually sold as commodity items, alongside the vacuum cleaners, why would they take any notice of computer security tricks..

And also there's stuff that only runs from an admin account anyway.

Personally I fond it hard to believe that the multimillion $$ industry can't find ways to track down the spammers and deal with them and their lousy customers.

"A few years ago, during the code red days, I did something similar. I told my linux box to go ahead and answer all those windows IIS queries, and respond by contacting the originating ip address and issuing an delete *.com and delete *.exe."

Considering Windows doesn't let you delete files that are in use, this probably only deleted stuff they *didn't* need.

Isn't that, you know, illegal? And what makes you so smug when you are essentally lowering yourself to the level of a malware pusher?

Destroying some poor familys home computer because some 12 year old dosn't understand email is a bit harsh.

And to all those "people who arn't security experts are morons" grow up. I know a few really smart people who only know what they have to on computers and do important jobs like saving lives.

I agree with the ISP monortering. If they can send me an email saying I have used 95% of my d/loads for the month why can't they tell me I have send 1000 emails in the last hour.

i had a friend who worked at APACS - the british credit/debit card security type firm. They would always be sending out stuff saying "dont give out your phone number/date of birth etc on social networking sites" but still send me "look at this its r3lly funneee" type emails with powerpoints, word docs etc in there. No matter how many times I explained about 0-day exploits, it seemed they'd just open files from friends because it had "scanned by blammo-virus scanner and found safe" at the bottom of the mail.

what does this say? the average worker is so bored they couldn't care less about security over taking their mind off the crappy work they have to do. I'd sack anybody who do that....

So the secret is dont run executable attachments from people you dont know. OMG please, let the idiots suffer and die - its called evolution and if they need to be told something as basic as that, then just let them die in peace.

http://upload.wikimedia.org/wikipedia/commons/a/af/Homelard.jpg

its not a br1tany 5pears. It's the self executing JPG!. its not fake, my mum got attacked by one recently at her hometown shopping center! to for disinfectant of this image send this comment to 149 people, and [click here] lol.