The “Money Section” in USA Today recently had a cover story about the exploding negative influence (attacks, whatever) of Botnet scams and related evil-doings. The thrust in part seems to be that our current malware and virus protections may be woefully inadequate. Do you have an opinion about this expanding threat that you’d like to share with your faithful readers? How might we give ourselves greater protection from what is clearly an insidious attack by those who wish to use the Internet for their own gains – illicit in the extreme?
The article in question, “Botnet scams are exploding” gives a fairly broad overview of how botnets operate, and the massive amounts of illicit activities that occur because of them.
My opinion? Simple:
Computer users don’t take security seriously enough.
Become a Patron of Ask Leo! and go ad-free!
Please understand that I’m not trying to blame computer users. Far from it, botnet operators and the people that profit from them are the real culprits here.
But the fact of the matter is that computer users are, in general, too unaware, too lax, and too unwilling to be educated about or inconvenienced by security measures.
I totally understand that in an ideal world, they shouldn’t have to be. But the fact is this is not an ideal world. The pragmatic reality is that users must become more security conscious.
I believe:
- … that the number of machines that are unprotected by any kind of firewall is surprisingly large.
- … that the number of machines unprotected by any kind of anti-virus and anti-spyware software would also surprise you.
- … that the number of people who have anti-virus and anti-virus software installed whose databases have never been updated would shock you.
- … that the number of machines that have not once taken any update to Windows or Windows components is huge.
- … that the number of people who’ll click on links or open attachments from unknown sources is also depressingly large.
All those factors, together, make for what can only be described as a “target rich environment” for malware and botnet operators out there. It’s really no wonder that the problem is as bad as it is.
I also believe that the people who need to know about all this are the folks least likely to be reading this article. They have no interest in learning about this stuff – which, as I said, I totally understand. They just want to get their job done; they just want to use, not maintain, their computer.
But there’s simply no substitute for knowing enough to keep your computer safe. In my opinion, it’s an absolute requirement to using a computer these days. It’s “part of the job”.
I look at it like owning an automobile. I would love to have a car that never, ever needed maintenance, would never be broken into, and would always work flawlessly. That car doesn’t exist. You must maintain your car, or it will break down. You must lock your car when you visit an unknown neighborhood, or you run the risk of vandalism or theft. Sometimes things on your car break, and you have to get them fixed.
The same is true with your computer. You must take steps to keep it safe.
And too many people do not.
As a result, we have massive botnets, tons of spam, and constant virus and spyware attacks.
•
So what, pragmatically, can be done?
I know a lot of people lay the blame on Microsoft for writing sloppy software. I do and I don’t. They’re a big and easy target, both for nay-sayers and for malware authors, but to point the finger at only Microsoft is both naive and unrealistic. Could they do better? Should they do better? Of course. But expecting perfection, from any software, expecting Microsoft to “just fix it” … well, that’s not a very realistic solution to the problem we’re facing today.
In my opinion the real, pragmatic response is to keep educating computer users on what it means to operate their computers securely. As computer users we are the first line of defense. We’re also the ones that ultimately pay the price when things go wrong, so it’s in our own best interest to make sure we’re being as secure and safe as we possibly can be.
If everyone followed all of the commonly accepted practices for computer security:
- get behind a firewall
- run anti-virus software and keep it up to date
- run anti-spyware software and keep it up to date
- keep their computer software, particularly their operating system, as up to date as possible
- take responsibility for their own actions and get educated, learning to recognize what is and is not “safe”
botnets and other threats would not disappear. But they would be dealt a serious blow, and the problem would not be nearly as massive as it appears to be today.
And even though it seems daunting, it doesn’t have to be. Most everything in that list is one-time, and/or automatic. And I can tell you with certainty that it works.
The hardest part? Getting folks to accept the need for a little education.
Amen Leo! The fact that people do, or don’t do, I should say, the things you mention, and I take for granted, is beyond my comprehension. The worst part is they insist on attempting to contact me. All correspondence is immediately deleted.
Great article for the lazies out there. It’s strange there are so many good articles on how to protect your computer but really nothing on how to get rid of hidden code on your computer that makes it part of the botnet. Strange indeed.
10-Dec-2008
Does this article apply only to Microsoft operating systems?
Is the GNU/Linux subject to these attacks and intrusions?
09-Sep-2009
I was reading the question and your answer to someone wantiing to know about how to hide or maybe “spoof” their IP address. Which led to spamers and bots that infect unprotected computers which become the mechanism for sending the spam. My uestion is, the bots get their instructions from the bot “master” who has an IP address. Would it be possible to get the IP address of the instructing machine. I would suspect that the bot master may put some kind of “security” in his bot to insure that the bots instructions are comming from the right controller. Possibly a password, security code inbeded in the instruction, hash code, etc. But at some point the instruction has to originate from some point.