The “Money Section” in USA Today recently had a cover story about the
exploding negative influence (attacks, whatever) of Botnet scams and related
evil-doings. The thrust in part seems to be that our current malware and virus
protections may be woefully inadequate. Do you have an opinion about this
expanding threat that you’d like to share with your faithful readers? How might
we give ourselves greater protection from what is clearly an insidious attack
by those who wish to use the Internet for their own gains – illicit in the
extreme?
The article in question, “Botnet scams are exploding” gives a fairly broad overview of
how botnets operate, and the massive amounts of illicit activities that occur
because of them.
My opinion? Simple:
Computer users don’t take security seriously enough.
Become a Patron of Ask Leo! and go ad-free!
Please understand that I’m not trying to blame computer users. Far
from it, botnet operators and the people that profit from them are the real
culprits here.
But the fact of the matter is that computer users are, in general, too
unaware, too lax, and too unwilling to be educated about or inconvenienced by
security measures.
I totally understand that in an ideal world, they shouldn’t have to
be. But the fact is this is not an ideal world. The pragmatic reality is
that users must become more security conscious.
I believe:
-
… that the number of machines that are unprotected by any kind of firewall
is surprisingly large. -
… that the number of machines unprotected by any kind of anti-virus and
anti-spyware software would also surprise you. -
… that the number of people who have anti-virus and anti-virus software
installed whose databases have never been updated would shock you. -
… that the number of machines that have not once taken any update
to Windows or Windows components is huge. -
… that the number of people who’ll click on links or open attachments from
unknown sources is also depressingly large.
maintenance, would never be broken into, and would always work flawlessly. That
car doesn’t exist. … The same is true with your computer.”
All those factors, together, make for what can only be described as a
“target rich environment” for malware and botnet operators out there. It’s
really no wonder that the problem is as bad as it is.
I also believe that the people who need to know about all this are the folks
least likely to be reading this article. They have no interest in learning
about this stuff – which, as I said, I totally understand. They just want to
get their job done; they just want to use, not maintain, their
computer.
But there’s simply no substitute for knowing enough to keep your computer
safe. In my opinion, it’s an absolute requirement to using a computer these
days. It’s “part of the job”.
I look at it like owning an automobile. I would love to have a car
that never, ever needed maintenance, would never be broken into, and would
always work flawlessly. That car doesn’t exist. You must maintain your car, or
it will break down. You must lock your car when you visit an unknown neighborhood,
or you run the risk of vandalism or theft. Sometimes things on your car break,
and you have to get them fixed.
The same is true with your computer. You must take steps to keep it
safe.
And too many people do not.
As a result, we have massive botnets, tons of spam, and constant virus and
spyware attacks.
•
So what, pragmatically, can be done?
I know a lot of people lay the blame on Microsoft for writing sloppy
software. I do and I don’t. They’re a big and easy target, both for nay-sayers
and for malware authors, but to point the finger at only Microsoft is both
naive and unrealistic. Could they do better? Should they do better? Of course.
But expecting perfection, from any software, expecting Microsoft to “just fix
it” … well, that’s not a very realistic solution to the problem we’re facing
today.
In my opinion the real, pragmatic response is to keep educating computer
users on what it means to operate their computers securely. As computer users
we are the first line of defense. We’re also the ones that ultimately pay the
price when things go wrong, so it’s in our own best interest to make sure we’re
being as secure and safe as we possibly can be.
If everyone followed all of the commonly accepted practices for computer
security:
-
get behind a firewall
-
run anti-virus software and keep it up to date
-
run anti-spyware software and keep it up to date
-
keep their computer software, particularly their operating system, as up to
date as possible -
take responsibility for their own actions and get educated, learning to
recognize what is and is not “safe”
botnets and other threats would not disappear. But they would be dealt a
serious blow, and the problem would not be nearly as massive as it appears to
be today.
And even though it seems daunting, it doesn’t have to be. Most everything in
that list is one-time, and/or automatic. And I can tell you with certainty that
it works.
The hardest part? Getting folks to accept the need for a little
education.
Amen Leo! The fact that people do, or don’t do, I should say, the things you mention, and I take for granted, is beyond my comprehension. The worst part is they insist on attempting to contact me. All correspondence is immediately deleted.
Great article for the lazies out there. It’s strange there are so many good articles on how to protect your computer but really nothing on how to get rid of hidden code on your computer that makes it part of the botnet. Strange indeed.
10-Dec-2008
Does this article apply only to Microsoft operating systems?
Is the GNU/Linux subject to these attacks and intrusions?
09-Sep-2009
I was reading the question and your answer to someone wantiing to know about how to hide or maybe “spoof” their IP address. Which led to spamers and bots that infect unprotected computers which become the mechanism for sending the spam. My uestion is, the bots get their instructions from the bot “master” who has an IP address. Would it be possible to get the IP address of the instructing machine. I would suspect that the bot master may put some kind of “security” in his bot to insure that the bots instructions are comming from the right controller. Possibly a password, security code inbeded in the instruction, hash code, etc. But at some point the instruction has to originate from some point.