Re: Spammers Jump on Latest MS Hole

DLR wrote:

>>> What is a "bot" program, as opposed to other kinds of computer >>> programs? >> It is a slang term for a program that runs in the background and take >> "orders" from somewhere else on the Internet. Short for robot. If you >> have one, someone else controls your computer. Typically they let you >> think you still have control and just use it to do their dirty work >> without (they hope) you knowing what's going on. Like someone taking >> your car each night from 1 am to 4 am to delivery drugs. > Thanks for your explanation. It mades things clearer. I hope you > won't mind a few more questions. > What is the "background" on your computer? (In S/360-DOS days, we had > a background and foreground partitions.) Why can't we, as the owner > of the PC, control what is and what is not run in the "background"?

In the days you refer to everything but the console control program was background. If you root around in some of the deeper recesses of your Start / All Programs menu on Windows you'll find a program that will show you (if you ask) everything going on at one time. There are literallly at least a dozen or so at a minimum just to make things work, allow you to print, surf, etc ... What the "really good" bots do is insert themselves into one of the "standard" background processes so it's not obvious that they are there. And there are other ways of hiding.

I suspect the answer to my question is that PCs today are highly > automated which allows for much of this junk to happen in the first > place. In its simplest state, a computer would require someone to > physically load and then execute each and every program desired. > Modern machines are automatic. That is, if you're browsing a website > that sends you a .PDF file, your browser program automatically brings > up the Adobe program to read it. I presume there's lot of other stuff > we lay people don't even know about going on, and the hackers take > advantage of that underworld.

A LOT of other stuff. If you're reading email, the email program doesn't really print. It asks another process to do that. If you send email, it hands off the message to an email sending process which hands it off to a TCP/IP process which hands it off in bits to a driver which ...

I heard that M/S's new "Vista" will be _less_ automatic as a safety > measure. I sure hope so.

Yes and no. The core problem with various versions of Windows is that they made a decision 20 years ago to make it easy for a program to access data from across the network and display it on your computer using code from another computer. This is a security flaw that they've been plugging ever since. But to turn it off would break vast amounts of things that consumers use day to day. They're stuck in a hole they dug and now aren't even allowed to fill.

>> What allows and causes a foreign unauthorized program to start >>> execution on a computer where it doesn't belong?

> Three main ways.

>> 1. You are on the Internet without a router or with one but not behind >> a NAT setup which means you are exposed to the outside world. > Could you explain what "NAT" is and does?

In REAL SIMPLE terms it creates a private network on your side of the router. And if you turn off DMZ (don't ask, just do it) then unsolicited traffic from outside your private network are toss aside.

> There are large number of computers probing EVERY address possible >> on the Internet to see if you respond. > Why is this allowed to even happen? This is one of my big complaints > about the Intenet as it's presently set up: It's designed to be so > "open" that anyone can do anything. The computer dreamers and > idealists want it this way. This was fine in a narrow world of the > very early days, but not fine in an anonymous world of today. (Other > explanations would be appreciated).

While I'm typing this I'm also working on two office networks across town. I need to get in via unsolicited traffic. When you surf to a web site, you're sending them unsolicited traffic. You're asking them to send you back a web page. They didn't call you first to ask if it was ok. What I call a probe is when another computer sends you an unsolicited request, say a request for a web page. Depending on the response from your computer if may decide you have a system running with a software bug that can be exploited and it will then try to exploit that code. Stopping all of this would be like asking the phone company to beep out all curse words. It's like looking for needles in needle stacks. What has been done and is being done more and more is to stop allowing residential systems to offer up what are traditionally called server services and block those. But that leads to other problems. Think of the phone company not allowing residential lines to conduct commerce. Well what about yard sales or selling your car?

> In a perfect world your computer would ignore these probes. But due >> to bugs in the various operating systems it is possible to find a >> bug that allows data sent in the probe to overwrite part of the OS >> and when that section of the OS is used the injected code takes >> over. > I don't understand why bugs would allow this to happen. To "answer > the door" means (1) the computer program has to know when the doorbell > is rung and (2) then execute a routine to answer the doorbell, and (3) > respond to the doorbell request. In other words, there is software > intentionally written and included to respond to outside probes. > Since probes are dangerous, why do we allow this? Why don't we > disable the entire "door bell" process? > Again, I suspect the answer is this process makes for easy > automation, but maybe you or others could explain it better.

I go to your house. I ring your door bell. I wait a few minutes. If someone answers I ask for Mr. KLLDJSF and apologize for bothering you. If I get no answer and dogs don't start barking I try the door knob. If it's unlocked I wander around to the service utilities and unplug your phone line. Maybe your power. I then walk in the front door and pick up a few things then leave. If I want I replace your computer router with one of mine which has some interesting things hidden in it. Or maybe put a wireless tap on your phone line so I can listen or sell overseas calls on your line at 3 am.

The key point of all of this is that each and every house I "hack" takes time and money. To break into 1 computer and install a bot takes time and money. To try for 1,000,000 takes only a trivial bit more time and money.

> sets things up to run at startup, > I know computers have a start up routine, I have changed mine for DOS > purposes. But why should the start up routines be allowed to be > modified automatically? Is it that hard to require the human to > modify the routine himself (or authorize said modification)?

It's very hard to design a perfect system. Especially one that does what you want and not what you don't want. DWIM buttons are very very very hard to implement.

And a lot of this comes from the early days of computing. In theory you can design a ring of protections. But early PCs didn't do this as it kills performance and memory requirements and so gets left out of early designs. And PCs which require a full time operator like a S360 don't sell very well.

> And does all of this in a way such that you don't notice it >> happening. > Maybe we need operating systems that make it impossible for the human > not to notice things are happening? Or would that create a flurry of > warning messages? (I must admit I turned off my browser's warnings > about confidential start and confidential stop of data. This comes up > when I log on or enter an order on-line.)

Bingo. People don't want to be bothered. TNSTAAFL They had to scale back on the warning in Vista due to complaints.

> 2. You visit a web site or read an email that does basically the same >> as #1 but is based on bugs in your Internet browsing software. The web >> site (or AD on the web site) or email contains HTML code that exploits >> a bug and allows code to be inserted into your system. > That really bugs me. As far as I know, Internet browsing software > should be READ ONLY with restrictions. It should be extremely limited > in what it allows an external site to do on my machine. I dislike the > idea of any site's -- even a 'trusted one' -- running their programs on my > machine. How do I know their programs are not buggy even from a > "trusted" site?

Turn off all the extended things like Javascript and see how far you get. You can't do online ordering, banking, and none of those fancy dance bear displays will work. Dull loses to dancing bears in the marketplace every time.

Sound like you want a Lunix box. :)

> 3. Social engineering is where a pop up or email says click here and >> you WIN, GET, etc ... a million, prize, etc... and what you are >> clicking is a program (often disguised as a graphic) which install a >> BOT on your computer. > Why do browser writers create this kind of capability?

So you can click on a link and get taken to a web site. You can turn this off but most folks like the results.

> If you surf you may be exposed. The only way to stop this is to >> disable java, activex, javascript, etc ... Which in todays web, makes >> for a very restricted experience. > This is very frustrating. When I got my new machine at work I disabled > all that stuff. Then I found I couldn't browse anywhere since everyone > required it. Why, I don't know, it seemed sites were plenty able to > present information in an attractive way before those fancy features. > Further, my employer has me use sites that require fancy stuff. At > least my browser warned me clearly when I turned that on of the risks. > The rest I'll continue in another reply.
Reply to
Loading thread data ... Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.