Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

AOL DoS zombies’ favourite ISP – sensationalist claptrap!!

June 15th 2005 in Uncategorized

Hi all,


The subject of this blog is the byline for a news.com.au report today….which says, in part, that:


“AOL and other large internet service providers serve as launching pads for most “denial of service” attacks, according to Prolexic Technologies, which helps companies fend off such attacks.”
http://australianit.news.com.au/articles/0,7204,15620358%5E15318%5E%5Enbv%5E15306,00.html


It then goes on to say that “”Their clients may be exposed differently or they may be doing a poor job of filtering certain things from their clients,” 


Say what?  Their clients are not exposed differently, nor are the ISPs doing a poor job of ‘filtering’, whatever that may mean.  I’d be interested to know exactly what sort of filtering our kind correspondent thinks should be instigated.


Blaming an ISP for malware and virus problems doesn’t help matters.  Zombie-ware can be written to use any of tens of thousands of ports and users can be tricked using social engineering to manually download malware – what is an ISP meant to do? Block everything except for Ports 80, 110 and 25 in a vain attempt to stop Zombie machines on their networks from launching DDOS attacks?  Stop their users from downloading *.exe files? Force their users to use browsers with activex, java and file transfers disabled?  Get real.


Let’s have a look at the original report, available here:
http://www.prolexic.com/zr/


Sure, it says AOL makes up 11.71% of US infected networks, but 11.71% is certainly not “most”, especially when you consider Comcast sits at 10.66%, Bellsouth at 7.46% and Verison at 7.40%.


To add to my disbelief, I read another column during the past 24 hours or so wherein AOL was basically blamed for the death of the old Usenet:
http://www.boston.com/business/technology/articles/2005/06/13/somehow_usenet_lumbers_on/


Let me say from the outset that I have a lot of respect for Hiawatha Bray.  Back in 1999 when the MVP Programme was suddenly cancelled we had a very nice email dialogue, and Hiawatha was very supportive before and after the MVP Programe’s reinstatement.  (information about the infamous ‘kiss off’ can be found here: http://www.mvps.org/about/kissoff.html)  That being said, describing AOL users as “users [who] ravaged Usenet like a Mongol horde“ is just a little extreme.


Y’know, the popular media is *not* helping the spyware fight.  The number one weapon is education.  The second weapon is making sure PCs have the very latest patches installed (which reminds me of another pet hate of mine – far too often I see software providers ‘refusing’ to let their users install XPSP2 because their software will have problems. Well, fix your damned software!!)


It doesn’t matter what defences an ISP puts up if their users don’t know what the hell they’re doing. 


Education is the only thing that works, combined with the conscientious application of security patches as they are released by MS, and protective software such as firewalls, antivirus and anti-spyware protectives.  But, that being said, it is not the ISPs responsibility to ensure all this is done, nor should the blame be placed on their shoulders.  We, as users, have a responsibility to look after ourselves and educate others that we have contact with, because social engineering is the number one weapon the malware purveyors have.


One comment to...
“AOL DoS zombies’ favourite ISP – sensationalist claptrap!!”

Linux User

Just use Linux or Solaris and be done with these ‘problems’ !

Sandi says:

<yawn>  When are the fan clubs going to stop with the simplistic “just use this and you’re safe” misinformation?

The illusion of invulnerability (Linux):
http://msmvps.com/blogs/spywaresucks/archive/2006/05/10/94219.aspx

But but but.. Linux is *safe*:
http://msmvps.com/blogs/spywaresucks/archive/2006/07/13/104654.aspx

A five second Google search for Solaris reveals:
http://www.insecure.org/sploits_solaris.html


Go get it – available via Windows Update
http://www.microsoft.com/technet/security/Bulletin/MS05-025.mspx
More information here:
http://support.microsoft.com/kb/883939
 
 

Previous Entry

The fix is for XP SP2 only, but what the heck.. its a start…http://www.microsoft.com/downloads/details.aspx?FamilyID=6bd9d050-dc56-47bc-9112-023e11c61f9d&displaylang=en&Hash=67HRYG5
http://www.insideoe.com/problems/bugs.htm#acctwatch FIXED!!http://www.insideoe.com/problems/bugs.htm#beginattach FIXED!! (Well, almost) ;o)
Just so y’all know what I’m so excited about  It was at least a couple of Summits ago that I created a Flash movie demonstrating this bug, and I remember a member of the IE dev team telling me during […]

Next Entry

Archives