“Storm”

Column published on Saturday November 17th 2007 in The Guardian “Dork Talk” – The Guardian headline

Gazing into the techno-future can be fun. We all dream of utopias involving benign robots, food for all and fusion power that is free, safe and unlimited, but then there are the cacotopias too – nightmare visions of malevolent machines that turn on mankind. It has been usual to suppose that the two-pronged threat to our liberty and our privacy would emanate from big business and government, from untrammelled corporate and bureaucratic greed, stupidity and wickedness. But let me paint another scenario…

I expect all of you have heard of the risks posed by the various forms of attack code that go under names like virus, Trojan horse, worm, malware and so on. These are little bits of clandestine code that your computer picks up, usually through email attachments, designed to infect the host (your PC), raid its address books, send out copies of themselves to all your friends and contacts and then either spitefully screw with your operating system, rendering it inoperative or, more likely these days, record your keyboard input and send back to the malicious code’s originator a log of such keystrokes which can be used to determine your passwords, credit card numbers and other sensitive data. Well, such attacks have been well enough publicised, and companies like Symantec, Norton and McAfee have grown up, offering self-updating protection against these horrors; Microsoft, whose Windows operating system has been the victim of 99.9% of all such attacks, stuffs newer and newer wads of digital kitchen towel into the holes in its leaky old system and has now brought out a new one, Vista, which is so front-ended with dialogue boxes and “are you sures?” that it’s safer, but maddening to use. A nuisance, but many of us live in burglar –alarmed houses and work in swipe-card protected offices: we cope with it. Panic over. Virus scare stories are a thing of the past.

But, and here I finally come to my nightmare scenario, imagine malicious code written by cunning, ruthless criminals from … oh, Russia let’s say, that could turn your computer into a kind of slave machine, a zombie PC which can connect with other zombie PCs to create a whole network of robot computers which would grow almost exponentially in power and bandwidth. Such a robot network, or ‘botnet’, would soon overtake all the supercomputers on earth in might and reach. Let us further imagine that this botnet learned to defend itself against the security forces by moving the location of its command and control centres so fast and so randomly that the head could never be cut off. Let us even further imagine that the criminal masterminds in charge of this colossal entity divided it up into sections which could be sold, leased or rented to other criminals (along with instructions for use) who could use it for spamming, share scamming, phishing, identity theft, fraud, DDoS and any other kind of lucrative enterprise they chose. The fiendish nature of the code would mean infected PC’s wouldn’t freeze or slow down noticeably, so individual computer users like you and me would have no idea that we were enslaved players in this vast criminal conspiracy, the transmission routes would change literally daily from porn sites to cheerful links or witty birthday cards and friendly pointers to interesting blog pages – anything. Those profiting would be almost impossible to catch and the entity itself, the botnet, would grow and refine itself until it became the very stuff of science fiction: the neural nets of William Gibson, Skynet in The Terminator films, the Borg collective in Star Trek, you know the genre.

We must do something surely, to stop this hellish vision from turning into a hellish reality before it’s too late? Well, my (not very surprising) kick in the teeth is this. It is already too late. Such botnets exist and one of them, the Storm botnet, has grown so fast, so terrifyingly and so cunningly, that in the last eight months it has overtaken all the others. Storm is an amalgam of millions (no one knows quite how many) of slave PCs. It sends out billions of spam messages, stock market scam mails and appears to be behind many examples of what are known as Distributed Denial of Service attacks, which for reasons of malice, politics or criminal extortion close down or threaten to close down legitimate servers by flooding them with more data traffic than they can handle. Using sci-fi sounding techniques like Fast Flux, Storm evades capture and surveillance and recent evidence leads those who know about these things to conclude that parts of it have indeed been leased or sold as ‘botkits’ to less technically savvy criminals. And yes, all the evidence points to clever young Russians coding away for big money: one nerdski will write the backdoor code in isolation from others who will be writing code for the keylogging software and the address book lifter and so on.

Pages: single page 1 2 >

This blog was posted in Guardian column

35 comments on ““Storm””

  1. Flookwit says:

    As I am sure you are only too aware, those of us who have previously crowed about the security of Mac/Apple OS’s can no longer do so. The first Trojan has snuck into the Mac OSX giving new meaning to the ‘dirty mac brigade’. ( See http://www.theregister.co.uk/2007/10/31/in_the_wild_osx_trojan/). Alas, it seems that the rising popularity of the wonderful Apple Mac (and I do use Windows PCs as well, but oh how I love my Mac) has shown these malicious programmers another potential dollar lined avenue they can take.
    I was awakened to Storm not by their original email warnings about the storms predicted over northern Europe, but by the sudden incredible number of e-cards from old school friends. Since I never liked anyone at my schools and don’t like myself much either, my only conclusion was that they were malignant; my immune system (brain) at this point in my life is not so dottled that I cannot fend them off. There is more to be read about the fake e-cards at the following url for those who care to read (http://www.theregister.co.uk/2007/08/07/storm_worm_spike/).

    I’m glad you have written about this, Mr Fry. My parents and parents-in-law might now understand the dangers of clicking on anything that sparkles/promises $100,000/moves!

  2. robertas says:

    Hm should that be constant vigilance as good old Moody would say? :P Sorry I simply could not resist… :)
    Once upon time I did click somewhere where I was not supposed to which in turn resulted in spyware, deformatting and all sorts of nonsense and since then I have been cured of the impulse to click where I am not supposed to… although in my defense a)I am blond and b)somewhat technically challenged…

    But I did have a problem with my computer at work which was not my doing… see I worked nights, but so did the security guards… and boys being boys… well lets just say I could not open even a word document with some sort of female showing her vayay in full glory… tssss but thats civil service for you :)
    You know I tried to log in yesterday and I couldnt so I presumed another blessay was up…

    Mr. Fry I love Guardian (it was my favorite paper while I was in England) but you know you could throw us a bone here, although I love your rumminatings on all things technical I’m sure I’m not the only one that misses the blessays… so would you be a doll and chop, chop get writing… even a 2000 words one will do, no pressure… :)

  3. Baz says:

    “But let me paint another scenario…”

    Arrgghhh! Stephen, Stephen, Stephen, this is worthy of a flashing screen and a bell ringing. Scenarios are written, scenes are painted. Painting a scenario is as wrong as drawing a novel. It’s the dread management–speak that used to make me cringe and part of the drip-drip that made me get out of it.

    So now the safety vent on my spleen has automatically reset…

    Talking in generalities, many people, perhaps the vast majority, who consider themselves sensible act like mentally demented old people when it comes to computer use. They tut-tut when they find out an elderly neighbour as gone out and left their front door wide open, not replaced faulty locks or allowed in someone just because he said he was from the water company. Phrases such as ‘ getting forgetful’, ‘careless’ or ‘too trusting’ trip of their lips. Then they go and sit down at a PC that has no or out-of-date antivirus apps while going ‘Ohh (insert the celebrity of choice) naked I must see that’.

    Perhaps we need some ‘you wouldn’t do that’ ads comparing the two to get people to think. Perhaps thought is a lost cause.

  4. ArchAsa says:

    I am seriously starting to advocate internet-drivers-test. No one who has not taken a short course and been fully informed of the do’s and don’ts of the web should not be allowed to use anything else but a heavily restricted “clicking links deactivated” version. We don’t allow people to get into a motorized potential killing machine withou som basic instructions. How come we allow any doofus with a paycheck to wreck havoc on our entire computerized world?

    For me the main frustration is that the computer-technicians on work places allow this small percentage to destry our flexible use of the pc’s, since in an attempt to control the uncontrollable we are not allowed to even upgrade acrobat reader on our own. I know there are morons that still actually send their account number to “Nigeria” in order to receive £ 2.000.000 – but why should I not be entrusted with changing the settings of when my work pc is allowed to go into hibernation!?

    Time to start issuing “driver’s” cards for different kinds of computer vehickes. From the equivalent of the tricycle to the armoured tank…
    And heterosexual men should not EVER be allowed to click on ANY link in an email – face it: they just don’t have the brains not to react with their *beeeeep* ;o)

    LOVE your columns Mr Fry

  5. pauldwaite says:

    > Vista, which is so front-ended with dialogue boxes and “are you sures?” that it’s safer

    If it’s safer, I don’t think it’s because of the “are you sures”. People invariably click straight through them. They’re just an annoyance.

  6. Baz says:

    Flookwit – The Mac DNS Changer Trojan [OSX.RSPlug.A - OSX/Puper] is not the first trojan. Being a trojan, it doesn’t self-propagate, but relies on the user installing it. This is no different to allowing in the bogus water company official. To blame OS X for allowing this to happen is like blaming the front door lock for not preventing you opening the door to the con man. The way it works, by rerouting users to bogus web sites in an attempt to steal personal data, implies that the trojan writer can’t simply install a keylogger or plunder the Address Book, so similarly implies better security than Windows.

    The rising popularity of OS X has nothing to do with it I’m afraid. There have been 20+ million OS X systems for a few years now and the largest botnet before Storm was just 500,000. Even Storm is only estimated to be between 1 and 10 million. So ‘security through obscurity’ remains the myth it is. OS X is not perfectly secure, no system can be and remain usable, and so no system can prevent the user being conned.

  7. Baz says:

    ArchAsa – I know someone who is an IT manager and he’s quite open about such things as why you shouldn’t be entrusted with changing minor settings. Officially he says it’s because the user could make inappropriate changes which then cause the IT support people more work. In reality, it’s because they don’t want any work taken away from them. I still remember his comments when Vista was announced – more secure, more stable, etc. – well that would never do, because it’s the flaws in Windows that keep him in his job.

  8. GadgetGav says:

    Thank you Stephen for writing about this in the general media. I consider myself a bit of a geek and read a few technology / gadget blogs (though not slashdot) and I was unaware that Storm existed or was so big. I’ve heard of ‘zombie computers’ of course, but never really paid them much attention as I use a Mac and haven’t worried about the latest Windows worm. Not to say I’m not conscious of online security – I’ve had plenty of phishing emails and fake ebay account lockdowns.
    It may be too late to stop Storm, but maybe with more awareness we can stop the next generation.

  9. Flookwit says:

    Baz- (or perhaps I should address this to Stephen too), a thousand apologies for showing in public my lack of knowledge of the first ever Mac OS trojan. I had been reliably informed, so I thought; just shows that one should never trust anyone or anything.

    I am quite well aware that there is no such thing as a perfectly secure system and that for every code-maker there will be an equally clever code-breaker. I hope that you can see that here I am generalizing and that in my previous comment, I was not “…blame(ing) OS X …” as you put it, but in an idiosyncratic manner playing on the theme and words contained in the Trojan attack I referred to. I know too many people who have spent years believing that Mac OS X and Apple computers are indeed safer than their Windows neighbours. Even some of the top selling Mac magazines have propagated this view in the past. I don’t entirely agree with your comment that “..’security through obscurity’ remains the myth it is..” for a number of reasons, mainly using parallels coming from my knowledge of public health and epidemiology, however, I do not want to clog up Stephen’s post with this.

    Sorry Stephen, I guess I got the wrong end of the stick and spoke up out of enthusiasm rather than keeping quiet as I should have done. I better go and find some more reliable sources of information than those I used previously!

  10. Baz says:

    Flookwit – I’m afraid that I’ve fallen into the trap of speaking aside and ignoring our host. My apologies Stephen and I hope that these asides are useful.

    Your lack of knowledge is not so bad when you consider that there are many out there who are paid to comment and who ought to be better informed, but who are not and mislead. Even The Wall Street Journal called it a virus. I’m sorry if I appeared to say that you were blaming anything, I didn’t intend to give that impression.

    I can understand your comments regarding ’security through obscurity’ and epidemiology. I think the difference is that computer viruses these days are created to make money in one way or another, they are a business, so their creators go after the targets that have the best combination of ease and numbers. In the Windows world any virus has stiff competition from other viruses and the various antiviral apps. If OS X was only as secure as Windows, then it would have been attacked as a low-hanging fruit (if you’ll pardon the pun).

    As far as your keeping quiet. No, most certainly not. This is how we all learn and what a dull old world it would be if the only things we ever said were absolute facts.

  11. AxmxZ says:

    Have pity on Russians. They mostly can’t help being criminals. :)

    Gogol once laconically categorized Russia with the word ‘voruyut’ – [everyone] steal. I like the French translation better: ‘on vole’. As destructive as these virtual flibustiers are, there is something vaguely romantic about them. ‘On vole.’ The power of homonyms.

    Coding is one of the relatively few areas left where a clever russkij (or russkaya) can still earn their bread through brainpower. And many demands for coders are unsavory in intent. C’est la vie.

  12. west_haven says:

    Thank you, Mr. Fry, for this. I’ve been hearing about botnets for a bit now and have been trying to alert friends who use Windows & Macs. I run Linux (Debian etch) which Older Son put on my computer a few years ago. While I have some trouble figuring it out at times (I could use gnome or kde, but they slow the computer down, greedy me), I really like it. I’m super careful what sites I go to, where I buy online, and what I open in email – and i get no spam – zero – and no viruses or whatnot either.

    I figure if I can run Linux, pretty much everyone can – certainly if they used gnome or kde. But almost all articles on computer viruses I read in the popular media (including, dear Mr. Fry, this one) don’t mention the fact that – for now – Linux appears to be virus-free. One part of me wants to shout out, “Hey, folks – use Linux!”, but another part suspects that if there were a massive abandonment of Windows (and Mac OS) the “nerdski[s]” would simply start targeting Linux . . . and then I’d be sorry I’d been so helpful!

    Very much looking forward to your next blessay. Hope your American trip/documentary is going along well – and that you’ll be visiting the redwoods of Northern Coastal California!

  13. jamest says:

    Clearly the problem is rather complicated hardware being sold as a consumer product anyone can use without a bit of education or self-education. It’s not easy setting up a broadband router. It’s not easy protecting yourself from internet fraud or viruses. But it’s in the computer manufacturers’ interests to pretend it is. Mac is less culpable than others. Let’s just stop pretending computers are like kettles. Computers are wonderful, even beautiful machines – let’s respect and enjoy that.

  14. Fryphile says:

    Unkie Stephen, I’m skerred.

  15. quixote says:

    AxmxZ, you must be Russian? I’m half Russian myself, and I think I recognize the voice… ;-)

    Two things about bots: we often hear about them, but no word on how to diagnose and get rid of them! That’s not a comment on your wonderful, smile-raising blessays, tech or otherwise, Stephen. I’m carping at the techies who should be giving us all simple, three-step ways of finding and eradicating the bots we can’t fend off. Get cracking, folks! The millions of people with bots would rather not have them. Don’t keep telling us what dweebs we are for clicking on things. Give us ways to cure the disease.

    The second thing is that much botdom could be choked off at ISP servers. The traffic pattern from bots is different from normal traffic. ISPs can identify who’s infected among their customers, and they could help them clean up their PCs. That would involve a little bit of extra processing power to scan the data streams, and a lot of extra support for some of their clients. I wonder why they don’t do it … not.

  16. Baz says:

    quixote – I suspect that Stephen would agree with me that plenty is said on how to diagnose and get rid of the various botnet viruses. It’s just about all said by antivirus app manufacturers and Microsoft. Antivirus is a huge industry. Their three steps are; buy our products, install them, use them and keep them up-to-date. The (relatively) simple three-step way is to assume that after spending even a few seconds on the Internet a PC will be infected, particularly since you do not have to visit infected sites or open infected e-mails, port scanner viruses can infect an idle PC. These can be protected against by using a software or hardware firewall. Many ADSL routers perform this task. Step two would be to keep an up-to-date backup of all your important data. Three is to do a complete Windows erase and install every time you switch on the PC, cleaning everything off the hard drive and replacing it afresh. There are IT departments that use this technique, usually using protected network boot images to make it practical. Unfortunately, as far as I know Microsoft has prevented this simple method being used for individuals by introducing a registration system that allows only a limited number of reinstalls. I’m sure this has nothing to do with them acquiring an antivirus company.

    It’s true that botnet traffic could be choked off by ISPs and some do have in place traffic pattern monitors and even automatic limiting. However, many of the ISPs that have taken stronger action, even cutting-off identified infected PCs, and have contacted customers have had bad responses. Customers have not said thank you for telling me how do I disinfect my PC, but mind your own business. ISPs are ruled by the laws of the land and the constraints of business and both at present work against choking the traffic to any serious extent. Many do offer reduced-price antivirus apps as an encouragement.

  17. Divinyl says:

    Terrifying stuff!

    My understanding of computers and technology is severely limited, and stuff like this never fails to worry me. In the end, I (metaphorically, of course) put my hands over my ears and say “La la la” very loudly, as my little brain can’t cope with thinking about it all!

    I think this is particularly interesting given the rise of recent trends such as ‘stumbling’, where speedy mouse-clicking can take you through a succession of websites. These could be anything, you really don’t know what page will be coming up next. And this is the point…the discovery; but we have no idea whether any of these pages are trustworthy…it would be an easy way for people to spread malware now I think of it.

    This fear of technology/technology taking over message also makes me think of the film Tetsuo:The Iron Man. The most prominent message in that, to my mind, was about the encroachment of, and over-reliance on, technology.

    Coincidentally, I recently wrote a blog on Tetsuo! Literally less than a week ago. I wonder if you’d like to read it and see what you think? The film itself has me hypothesising no end, and was really seminal for me…the film to alter all film-viewing experiences henceforth.

    Here’s the blog:

    http://divinylblogs.blogspot.com/2007/11/death-by-robo-penis-my-thoughts-on.html

    Catchy title, doncha think? ;o)

    As ever, my warmest wishes Mr Fry. x

  18. TOKYOGAL87 says:

    Mr Fry

    I kow how to use computer but when we’re are talking about protecting it I’m realy bad at it. There something wrong in my computer sometimes I don’t know what to do,it’s all my brothers fault they click every window with free smiles and stuff like that for istant message.

    hear from you soon, tomorrow is my birthday i’m gonna be 20, i’m just a kid.
    have a nice day

    Tky

  19. zfiledh says:

    I sometimes delude myself that I would NEVER fall for those traps, but SOMETIMES I can’t help but open one with a cunningly written subject line. Once I figure out it’s not what I assumed, I delete the thing and set the wrath of Norton or PC-cillin (whichever computer I’m using) on it.

    It’s getting scary. I just hold on to my belief that what goes around comes around and hope those boogers get knocked hard on their arse. Grrr…

  20. AxmxZ says:

    quixote: What can I say… Zastukali! :)

  21. Flookwit says:

    Damn, Damn, Damn! I go and apologise for being a flookwit to you Baz and Stephen, about my apparent mistaken belief that the first Mac Trojan attack happened recently; get told it was not the first Mac Trojan, so I prostrate myself before those who appear to know more……and what do I find?

    I cannot find any article that shows me that there was or were, previous Mac Trojans!

    I know that Microsoft PCs have had Trojans for yonks, but Mac Trojans??

    I know the post on ‘Storm’ was not about Trojans per se, but my reading of the article made me think more widely about Malware, thus the ‘wooden horse’.

    Aghhhh, bugger. I’m off to the pub.

  22. quixote says:

    AxmxZ: ;-)

    Baz: yes, I don’t mean buying some damn software (that in the case of Symantec, at least, acts a lot like a virus itself). Why should the victim have to pay for the solution! I’m talking about a utopian idea of having somebody actually make it *easy* for us to find and get rid of problems when we’re saddled with them despite our best efforts. :-(

    That said, the poster talking about Linux has it exactly right — for now. I run Ubuntu myself.

    As for ISPs trying to stop botted-up computers, I’ve never heard of them doing anything helpful. Comcast, I think it was, just halted service without even a warning message. You had to call them up to find out that they’d done this. I could see an unknowledgeable user going out and buying a new computer or something, before realizing it wasn’t anything to do with broken hardware! Small wonder they didn’t get a very appreciative response.

    I’d like to see ISPs actually *help* their customers. (Hah!)

  23. robertas says:

    Well everyone I have finally finished the latest installment of Stephen Fry Appreciation Monday… so feel free to pop by… since there is no blessay in sight… tsssss Mr. Fry… and Tokyogal happy belated birthday :)
    And Divinyl really catchy title :) I will have to check it out…

    Anyhow people here is the link
    http://www.couchslobs.com/2007/11/stephen-fry-appreciation-monday-have.html
    Cheerio :)

  24. TOKYOGAL87 says:

    THANKS ROBERTAS
    I’VE BEEN FRY-ED AS WELL AND YOUR WEBSITE S COOL I REALLY LIKE IT

  25. Stevyn Colgan says:

    And I always thought that a Botnet was a specialist Norwegian fishing aid used to capture the dangerous and slippery Arse-flounder.

    http://stevecolgan.blogspot.com/

  26. Baz says:

    Flookwit – most of the Mac trojans and worms were on older OSs. None were serious and that’s probably why this one is thought of as the first. It’s really geeky and really not something worth worrying about.

  27. Baz says:

    quixote – Symantec. Yes, well, um, moving on… Virus writers use everything in their power to make it as hard as possible to remove viruses. Not least because many viruses try to kill off competitors so they have the infection all to themselves. This meddling is one of the things that causes problems on infected PCs.

    Ubuntu – good idea.

    My old ISP had a monitor system in place and I could only send e-mails at a ‘manual’ rate. This was a minor nuisance since once a month I had a mail-out of an opted-in newsletter which needed to be sent individually. If I’d been sending as a group and letting the ISP do the distribution, I could have sent thousands out in the one e-mail. Unfortunately, that ISP had a terrible attitude of ‘now we’ve hooked you with a reasonable cost we can up the charges’ and even tried to block my new ISP from taking over my BT line to stop me leaving. I stopped that easily enough. One of the problems is good small ISPs being taken over by larger ISPs who have a terrible attitude. My first was, my second was, my third was bad on its own and now my forth has been.

  28. How do we know this blog isn’t being written by a botnet, perhaps called Deep Thought?

    I would consider myself reasonably PC savvy, and yet I am sure it is only a matter of time before I consider myself sure about something on Vista, click the button and then moments later question my wisdom. Perhaps it is only a matter of time before Bill comes up with an Undo button for things like that.

    What is wrong with “painting a scenario”, it’s a metaphor isn’t it?. The phrase “if a picture could paint a thousand words” would have you in apoplexy presumably. After all words can’t be painted and a picture can’t pick up a brush.

  29. Ralph Corderoy says:

    For those unfortunates using Microsoft Windows XP, have a look at AVG’s free anti-virus offerings. They’re widely recognised to be high quality and unobtrusive compared with competitors that are forever asking you to upgrade to a non-free version. http://free.grisoft.com/ Note, I’ve no connection with AVG, I’m just trying to provide some advice to those that may not know how to protect themselves.

  30. slinkoff says:

    in my opinion the threat of viruses is vastly overrated, i don’t even bother with AV anymore, it’s a real killer on performance, even the smaller footprint software like AVG or nod32. It only takes a bit of common sense to recognise spam and to not open any strange attachments.

    I haven’t had a virus since sometime in the 90s and nobody i know has either so running something that scans every file each time I access it is a relatively pointless use of my system’s resources.

    Even if I was infected, it really isn’t that bad I could install AV software and clean it, restore my system from a backup (system restore/ghost image) or worst case, reinstall the OS, doesn’t take as long as you think and a good opportunity for a spring clean.

    The problems that people do experience are really that of spyware embedded in some dodgy shareware downloaded from somewhere less than reliable or by allowing a website to install something. The solution? Don’t install anything but the minimum you need (flash, quicktime alternative, real alternative etc.) and then refuse everything else. Do a spyware can every month or so if you’re really paranoid and if you have other members of your household who are think that Smiley Central is cool then give them a Limited computer account and explore system policies to lock them down even more!

  31. John Steed says:

    Essentially one feels as though the average computer user (such as myself) is more or less the equivalent of a toddler left home alone with a bottle of bleach, a box of matches, exposed power points and a boiling pot on the stove.

  32. Minty says:

    Dear Mr Fry, this is my first ever entry so I wish to get a few things out of the way first. Just the usual stuff. I’ve been a fan too long to remember how long and I will always be very fond of Jeeves and Wooster and Lord Melchet (sp?). Then again who isn’t? This is a wonderful website you have yourself here especially your own personal contributions via this blog. Love it, don’t stop I could read you forever. Also as someone who loves words I want to thank you for giving us ‘Blessay’. I find that such an endearing and memorable word.
    My partner is also a gadget freak, more so computers these days. I was wondering what your views on Vista may be? We haven’t actually used it yet though my other half as usual is dissing it before he’s even tried it saying its worse than XP. Take care

    Safe travels

    Hugs xxx

  33. Hyeraim says:

    It may be a very strange thing that I’ve gotten only a few keylogger or spyware kind of things. I bought a router ADSL-modem for my internet connection five years ago, and never have I been sorry for paying a so much more for it back then. A hardware firewall is truly the best defence against hijacking. Perhaps I might give an example: using a condom is the greatest defence against STD:s and unwanted pregnancy. Using only a foam or magic is a great way to get STD:s and children.

    A router with hardware firewall should be your condom, a software firewall is always up you. You will get what you want. And the children in this case are the zombie spam servers; but it’s not as bad as it seems, as long as you’re protected atleast with a software firewall; it does the job more than well.

  34. JulesLt says:

    A little delayed, as for some reason I’d not correctly set up the RSS feed for the blog.

    Firstly, I’d like to say hats off to Mr.Fry for avoiding any mention of the Mac in his article, because it would have been both a distraction from the piece, and perhaps also detracted from the message (‘ooh, look, it’s one of those Mac users banging on about how secure the Mac is again’).

    Also because there have been Mac and Linux systems that have been found in botnets. How, you may ask?

    Well, while your basic operating system may be secure, there are a number of programs you can install that can make that irrelevant – for instance, if you’re running a web server or database exposed to the Internet, you have a piece of software that’s (a) sitting their listening to requests from the Internet (b) capable of running programs (not native Windows or OS X programs, but programs nonetheless. Some d/b and web servers can, for instance, send email).

    Now luckily, this is software that domestic users are currently unlikely to run. It’s also unfair to blame the operating system in this case, but it does show that using OS X or Linux does not proof you against such things entirely.

  35. Stephen R says:

    So… where the heck are we supposed to find the giant condoms that fit over our iMacs?

    (Though they have been making “keyboard condoms” for years now. Is that enough protection, Mr. Fry?)

Leave a Reply

Read Stephen’s previous blogs

AUDIO BOOK

Available from Apple iTunes Store.

Audio Book Link

The Dongle of Donald Trefusis

Dongle of Donald Trefusis

The new audio series of Professor Donald Trefusis.