Downadup Worm — When Will the Next Shoe Drop?

alphadogg writes "The Downadup worm — also called Conflicker — has now infected an estimated 10 million PCs worldwide, and security experts say they expect to see a dangerous second-stage payload dropped soon. 'It has the potential to infect about 30% of Windows systems online, a potential 300 to 350 million PCs,' says Don Jackson, director of threat intelligence in the counter threat unit at SecureWorks. The worm, first identified in November and suspected to have originated in the Ukraine, is quickly ramping up, and while Downadup today is not malicious in the sense of destroying files — its main trick is to block users from accessing antivirus sites to obtain updates to protect against it — the worm is capable of downloading second-stage code for darker purposes."

what will it download?

[Anonymous Coward]

the worm is capable of downloading second-stage code for darker purposes."

So it might download vista?

Keep spreading lies

[Anonymous Coward]

Windows is actually far more secure than Linux. Get the facts [getthefacts.com], people.

Re:

[Anonymous Coward]

Yeah as if a Microsoft website isn't going to show a bit of one-sidedness and in doing so leave out a metric ton of facts that don't exactly keep their product at best interest.

Re:Keep spreading lies

[Anonymous Coward]

I prefer this [zoy.org] site, its facts are far more accurate ;-)

Don't click that link!

Re:Keep spreading lies

[Anonymous Coward]

Be warned - in case you are tempted...

This is a pretty ingenious script that

• Opens up windows (or tabs, depending on how you open the link) as fast as your computer can - 100% CPU
• Each window displays gay porn
• Plays a loud sound "Hey everybody I'm looking at gay porno"
• Behind the scenes it also copies the contents of your clipboard to this guy.

It works in IE and firefox. It is simply a page with an image, a flash movie, and a javascript that copies your clipboard to a field then 'submit()'s' the form, reloading the page.

Very simple and bypasses popup blockers (at least the ones I have on).

This has got to be a security hole in firefox, both on the ability to open windows/tabs, and copying the clipboard.

If you want to have a look, use:

wget http://getthefacts.on.zoy.org/index.php

WARNING: dont click on this link, just copy the wget command to a shell. Dont say I didn't warn you...

Re:

[darkpixel2k]

Damnit. When will Chrome be available for Linux? Do you know how long it takes to reopen 150 tabs on an old Compaq Presario 2300 laptop? Good thing I have a second brower installed. It'll take me a week to get firefox loaded back up.

Re:

[DMUTPeregrine]

Exactly. Noscript is the best counter to crap like this.

Re:Keep spreading lies

[Spit]

A better counter is not to click links posted by anonymous idiots.

Re:Keep spreading lies

[jesser]

Firefox doesn't let web sites access your clipboard directly. Flash does. The Flash guys consider it a feature, while the Firefox guys consider it a security hole in Flash (or at least I do).

I bet the site is using Flash.

Re:

[lordsid]

I don't know where you guys get your information but its pretty easy to access the clipboard from javascript even in firefox.

Try searching for "javascript clipboard functions" the first link gives an example. All he would have to do is paste the content into a hidden div and wait for it to resubmit itself.

Re:Keep spreading lies

[nog_lorp]

I don't know where you get your information, but

Error: document.getElementsByTagName("textarea")[0].createTextRange is not a function
Source File: javascript:%20document.getElementsByTagName("textarea")[0].focus();%20alert(document.getElementsByTagName("textarea")[0].createTextRange());%20void(0);
Line: 1

Yah know why? Because "Firefox doesn't let web sites access your clipboard directly. Flash does. The Flash guys consider it a feature, while the Firefox guys consider it a security hole in Flash"

Re:Keep spreading lies

[danwesnor]

Free porn? SWEET!

Re:

[calmofthestorm]

I love noscript:-)

Remove the link then.

[HoppQ]

If you're warning against clicking the link, don't include it in your own post. Thank you.

Re:

[Anders]

I prefer this [zoy.org] site, its facts are far more accurate ;-)

At least it wasn't a rickroll ...

Re:Keep spreading lies

[Penguinshit]

It's a dickroll...

The zookeeper says: ...

[Savage-Rabbit]

Windows is actually far more secure than Linux. Get the facts, people.

... Please don't feed the trolls.

Re:

[nmb3000]

By contrast, my wife's laptop which was running Windows XP...required constant de-spywareification and resource intensive anti-virus programs always on alert.

Then, as they say, you're doing it wrong. Running XP/Vista securely is pretty easy:

• Most importantly: don't run as admin.
• Stay updated.
• (Optional) Use a browser like Firefox with addons like NoScript. Makes browsing new sites painful, but more secure.

That combined with a little common sense means you don't even need any realtime anti-virus software. If

Re:

[blind monkey 3]

(MANDATORY) do not use Internet Explorer.
as an example, this? [microsoft.com]
Yes, December was last year so you can argue it is a year old....
Your suggestions are good and will minimize risks. The UAC nagware needs to be addressed so that people don't get the urge to through a brick through their "Windows" though.
I am also a little nervous about the "don't need realtime anti-virus software" with Windows - I think that Windows security has been improved but it could do with some more improvements - hopefully Vista S

Re:

[Kneo24]

Part of your moms problem, and the GP's wife's problem is education. Did you guys bother to teach them that the internet isn't safe and that they probably shouldn't click on every link they see?

And if they'd rather not listen, let them educate themselves; do not help them. I had to do this to my mom and sister and they've been virus/spyware/malware free for a year now. They know to keep Windows up to date and run a scan at least once a week for any suspicious. They've also learned to not click on every fool

Re:Keep spreading lies

[ozmanjusri]

They know to keep Windows up to date and run a scan at least once a week for any suspicious. They've also learned to not click on every fool link there is just because they can.

Why bother?

Linux is free, and it's easier to learn Linux than how to keep Windows clean.

Re:

[symbolset]

They've also learned to not click on every fool link there is just because they can.

Did you explain to them that it has open login ports they can't see that are by default open to the Internet, and a bot army has immense resources to bang on the default "administrator" account all day until it picks the lock (assuming the admin account even has a password), opening them up to remote control from anonymous badguys, complete loss of private information, keyboard information capture like credit card numbers and online banking access information?

Did you mention that autorun unless carefully d

Re:

[Kneo24]

bang on the default "administrator" account all day

I set these boxes up myself. All default accounts are disabled. They can bang on those accounts all day, it doesn't matter. They're not on. They're not going to turn on.

Did you mention that autorun unless carefully disabled, will automatically run programs in the root of any new media they insert, including music CDs, DVD videos, LCD picture frames, pen drives, cameras and so on?

Autorun doesn't work specifically like that anymore. It at least asks you what you want to do on XP and Vista. If you just want to explore the contents of the media that's connected to your PC, you can do that instead of it automatically trying to run everything inside of it.

This is relevant because those are the precise features being used to spread the worm in TFA.

Irrelevant for my family as long as they keep their boxes up to dat

Re:

[Kneo24]

When was the last time you used Windows? It does not work like that anymore. Not for XP or Vista. Just to test this theory I grabbed some really old games and some really new ones. Popped in the discs and sure enough, none of them actually opened the disc, just asked me what I wanted to do with it. My choices were either a.) use autorun, or b.) explore the contents of said disc

The fact that someone modded you informative just shows that they too don't know what they're talking about.

Re:Keep spreading lies

[NeverVotedBush]

The both of you should probably add "that you know of".

The reality is that Linux boxes are highly prized. Their owners frequently have high speed connections and Linux can do all sorts of fun things.

Linux isn't perfect. There have been any number of security issues that would allow a knowledgeable hacker easy access. It all depends on if you kept your systems up to date and patched, didn't set up and allow unnecessary services, had a good firewall policy with a default deny/drop stance, etc.

Linux comes out of the box now pretty secure but it hasn't always. And individual user habits can also compromise a system. Add to that the fact that one of the big ways into a system now is through add-on things like flash and such, and the knowledge that there have been kernel bugs that let user applications get root with a single command (things like vmsplice), and there is a possibility that your Linux boxes are rooted and you just don't know it.

For the record, I run Linux almost exclusively and am no fan of Windows. But people need to understand that just running Linux is not a guarantee of safety. I'm also not questioning your capabilities. It's just that blanket statements about Linux security should probably be qualified.

Re:Keep spreading lies

[mlwmohawk]

Linux isn't perfect. There have been any number of security issues that would allow a knowledgeable hacker easy access.

Depending on the methodology of access this is potentially true. There are philosophical differences between the development of Linux, BSD, and Windows.

I've been around the industry for a while and I have seen first hand the systemic differences. At Microsoft, things like adding executable code to TIFF images and metafiles is neither challenged nor audited. On Linux and FreeBSD the developers wouldn't even dream of doing something idiotic like that, and even if they do, there are legions of people who will scream bloody murder.

Then there is the nefarious code purposefully put into Microsoft's proprietary code. Be it the NSA key, WGA, or other methodologies of accessing machines remotely. If these systems are in Windows, they WILL be exploited by external entities.

Re:

[Baseclass]

I love how Windows apologists always qualify their answers with "I like Linux too but...". It's a bit like saying "Some of my best friends are black but..."
You're obviously an experienced Windows user and understand the importance of discretion when clicking links, installing software, etc.
The difference is, Linux users don't have exercise nearly as much caution. My wife and kids know nothing of what lies beneath their pretty GUIs yet since upgrading every system in the house to Slackware (yes upgrading)

Re:

[Kneo24]

Did you try educating them the importance of safe browsing habits? If that failed, did you try allow time for them to learn on their own so they see how much trouble you go through and really learn a lesson?

You can install whatever you wish, but you've really done nothing to stop their bad browsing habits. All you've done is seemingly hide it. It doesn't matter what your OS of choice is, everyone should exercise some caution when online.

Re:what will it download?

[hobbit]

while Downadup today is not malicious in the sense of destroying files

How quaint! The idea that someone might infect millions of PCs just to delete people's files is so 20th century.

Re:

[Darkness404]

Well, deleting files doesn't really do anything. Sure, if someone was going to write a quick script to make someone mad I'd make it delete a few files. If I was going to create a worm that is advanced (such as the storm worm) I'm going at least make a buck or two on it.

Re:what will it download?

[Anonymous Coward]

One of the big areas hit by downadup is in the corporate world where PCs are "managed". A lot of those have not been patched and are infected already or probably will be soon. Once it gets a foothold behind a firewall, it uses multiple other strategies to spread - weak passwords, etc.

In a lot of business environments, deleting files could be crippling because those often times have people who don't back up their files, there isn't really a company policy, etc. It's bad enough when somebody loses a hard drive. Try having everyone "lose their hard drive".

Another issue is this is the first time I have seen the infection attributed to a Russian-area site. Everywhere else it has been attributed to some one or some group in China.

Regardless, one of the uses of a botnet is for cyber warfare. In this case the cat is out of the bag and people are watching it closely to see what it is going to do. But if the people who built this are sophisticated enough, or maybe this one spreads laterally and more stealthily than people have yet noticed, it could have a real purpose much more sinister than just deleting files or snagging myspace passwords. Downadup could also just be a decoy.

It's been said that the first clues that war is coming will be people's computers not working properly as infrastructure and services are knocked out. Anyone starting a war will want a crushing first blow and taking out files, doing DDoS, etc, would be typical.

Not trying to scaremonger but obviously this thing is illicit and almost guaranteed malicious. It would be naive to disregard a government's hand in it.

Re:what will it download?

[Zadaz]

Well of course deleting files could be crippling. Which is exactly why it would be a stupid thing for a hull breach app to do.

A modern virus/trojan/worm/etc doesn't want to be noticed. It wants to be an available node to be sold to the highest bidder. Just like a biological virus it can't spread if it kills or incapacitates its host.

Deleting files was something a virus did back in the 80's because hackers didn't have much imagination. That's not to say a terrorist organization couldn't buy the next payload and send out a "secure reformat on boot" app, but it would be a massive waste of a resource (a massive botnet is incredibly powerful/valuable tool not to be thrown away) and a foolishly indiscriminate target, even for terrorists. In any case they'd have to outbid the ordinary criminals who want it to spam, hijack, DoS, keylog, skim and blackmail.

...[This] is the first time I have seen the infection attributed to a Russian-area site.

You really don't get out much, do you.

Re:

[account_deleted]

Comment removed based on user account deletion

And now we rediscover

[causality]

And now we rediscover why monocultures don't work (and are generally not found) in nature.

Re:And now we rediscover

[Dzimas]

Hmm. Are you alluding to the dominance of computers or humans?

Re:

[dov_0]

Very good point. The variety in different distros and user chosen software would give Linux a great advantage over Windows securitywise.

Re:

[Godji]

And that's funny why? Mod informative.

Re:

[philspear]

I at least find it funny that IT joins many other fields in realizing nature faced a similar problem and solved it billions of years ago.

Re:

[timmarhy]

yeah right because computers happen in nature. we did have a diversity of computers in the wild, they happily swung from the trees and shat in the woods, but then the windows computer was introduced and ate all their food and raped their babies.

or maybe not everything has an analogy based on nature, since it's 100% artifical to begin with, and fills an artifical reqirement (like all computers being compatible dictates a monoculture...)

Re:

[Anonymous Coward]

HMPFH.

*YOUR* PC might have shat in the woods, but my Mac was potty trained from day one.

Re:

[Anonymous Coward]

Your mac, like all other macs, will die of extinction because of its stubborn refusal to eat meat and mate with the opposite sex. And if that ain't enough, when Mama Jobs dies, all Macs will also die.

Re:

[The Master Control P]

Compatible emphatically does NOT imply monoculture.

That is the whole point of open standards.

Re:

[timmarhy]

nice point you raise there. unfortunately a monoculture is the most efficent way to deliever compatiblity. it's also the only approch that makes sense from a managability perspective. so while it would be nice to be able to run any OS and communicate with alien technology like geoff goldblum in "independance day", it's unlikely.

its not hard

[madcat2c]

Use a hardware router, use a real anti-virus program that actually publishes updates everyday (Nod32 for me), and use a browser where you can kill anything that tries to auto install itself (firefox, chrome, etc).

And don't forward or respond to chain emails!

Re:

[PrescriptionWarning]

There are worms out there that actually disable your anti-virus updates from actually occurring while telling you that they have updated.

Re:

[phulegart]

Yes there are. And there are simple steps to being able to clear those worms/spyware/malware when you are infected with them. However, those simple steps either require running scans and updates regularly, or paying for software that will do it automatically (although spybot does have a scheduler feature).

The issue right now, is that there is not one cleaning tool that gets them all. That's where it starts to get complicated. A large portion of the worst stuff can be cleared easily and painlessly with M

Re:

[Joce640k]

...except that this spreads via USB sticks and blocks antivirus updates.

A minor nitpick, I know...

Re:

[Godji]

I'm wondering about the method if infecting a USB stick. Is it filesystem-secific? How does it work?

Re:

[ancientt]

It isn't exactly filesystem specific, though it does depend on being a filesystem that Windows will recognize. It infects USB by putting an autorun.inf on the device to install itself. The nasty bit is that, to the average user, it looks like the executable is just the windows dialog to open the device as a folder. f-secure.com [f-secure.com] has a nice writeup on it.

When you see divert fractions of pennies into a ba

[Joe The Dragon]

When you see it divert fractions of pennies into a bank account they control.

You'll All Thank Me

[hksdot]

You'll all thank me when I deploy the second stage to install and run SETI@home and discover alien intelligence.

-Virus Author

Re:You'll All Thank Me

[philspear]

that then comes and kills us all before we advance enough to be a threat to them.

Right before that would happen, he'll deploy "stage three" by handing the aliens a USB drive...

Re:

[will_die]

Won't work.
Everyone knows aliens us Apple based operating systems and Downadup is a windows based program.

Why is it..

[zmollusc]

.. that I can't get windows apps to do what i want without crashing, but it runs teh evil viruses perfectly?

Re:

[John Hasler]

What makes you think it does? Perhaps 10% of all infections fail. So what?

Re:

[Shados]

Virus writers aren't former Visual basic 6 developers without degrees who think they're hot shit for being able to pop a modal dialog, and make a career out of it. Thats why.

Re:

[troll8901]

Too true. The original Internet worm had only 99 lines of source code, yet incorporated encryption, password guessing, vulnerability-injection, and so on.

Except for a bug, I think the author was a genius - a true "hacker" in the original sense of the word.

Of course, both viewpoints were presented by another guy, who included this incident in the last chapter of a book.

Re:Why is it..

[nathan.fulton]

".. that I can't get windows apps to do what i want without crashing, but it runs teh evil viruses perfectly?"
Because there is a 100% correlation between a virus crashing and a virus writer's lost profit. With most legitimate software, a crash leaves only one practical option: keep using the crapware and hope it doesn't crash again.

Re:

[brusk]

Actually no. If a virus works only 50% of the time, no big deal, the author probably doesn't even know.

Re:

[Yvanhoe]

Let's be fair, the virus only works on 30% of the machines. Still impressive for a windows app though...

Could it be hijacked...

[TexVex]

If this thing is a malicious software delivery system, wouldn't it be possible to hijack it and have it download something that removes it?

Re:

[Kifoth]

Good question... Since we know that the virus checks 250 formula based URL's every day for 'updates,' what's to stop someone from registering one of the upcoming url's and hosting code there that'll cause the virus to uninstall or cripple itself?

Re:

[John Hasler]

I would imagine that it requires signed code.

Re:

[nathan.fulton]

only if the virus writer is doing it wrong. There are about a million ways to prevent this, including encrypting the code.

Re:

[Fnord666]

If this thing is a malicious software delivery system, wouldn't it be possible to hijack it and have it download something that removes it?

Unfortunately the virus writers already thought of that. The article didn't give details but I would guess that the downloaded payload is digitally signed and the virus code verifies the signature.

Re:Could it be hijacked...

[upuv]

Aside from the potential protections the virus may have for this.

White hats have a few extra rules to contend with. Since going into someones computer and changing stuff without there approval is illegal in most parts of the globe the white hats would be just as guilty as the virus writer.

God forbid the white hat actually makes a mistake and the cure is worse than the disease. An analogous problem occurred when Sony installed a root kit that prevented people from breaking the law. Sony thought it was protecting it's IP rites. What really happened was that Sony effectively gave complete and total access to any one who wanted to do stuff on the computer. Sony got slapped hard for this and it cost them a bundle. Many people lost there jobs and the damage to personal computers around the world was rather staggering.

So it's not as simple as someone taking over the comms with the virus and sending back clean up routine.

----
As an aside. If or when the world comes to accept that white hats are allowed to attack virus in this manor we will see an almost instant response from the virus writers.

A double payload mechanism would be very effective for example.
1. Virus infects.
2. 2nd payload is delivered and hides in stealth.
3. white hat antivirus clears first virus. As it would take time for the aggressive anti virus to be written. The 2nd payload could easily be delivered well in advance of the white hat action.
4. 2nd payload is now on the hardware with no need to talk to command and control.

That is just one possible vector change that would appear.

----

More likely is that if white hats where given the go ahead to attack. The "Bad guys" would simply move to the next soft target. I suspect the next soft target to be the vast numbers of networked devices that are multiplying all running Linux variations. Also since next to no one ever updates the firmware on these appliances once vulnerable they will remain for ever vulnerable.

----
So in the end no it's a BAD idea for the white hats to aggressively attack these things. It's an arms escalation that we simply don't need.

Re:Could it be hijacked...

[arkhan_jg]

According to this [symantec.com] analysis, the writers anticipated the daily domain-generation algorithm it uses to check for updates being reverse engineered, and they put in additional protection so that it would only download code from the original authors - presumably using some kind of key signing.

conficker - conflicker - downadup

[e**(i pi)-1]

"The Downadup worm - also called Conflicker - has now infected an estimated 10 million PCs worldwide,

Ashamed of being fucked with [wikipedia.org], victims call "conficker" now "conflicker" or with the euphemism "downadup". It does not matter, it all adds up down there if you are screwed with.

Technical examination

[Prune]

There's a more technical examination of the virus at https://forums.symantec.com/t5/Malicious-Code/Downadup-Small-Improvements-Yield-Big-Returns/ba-p/381717 [symantec.com]

Microsoft...

[ConceptJunkie]

"From where do you want to get pwned today?"

It's 2009... I can't believe we're still dealing with this crap in 2009.

Re:

[ConceptJunkie]

Well, since the DoJ (as well as Congress) is their bitch, no one at Microsoft will ever suffer for anything the company does.

it's my worm

[Errtu76]

And I'm using it to 'infect' their pc's with Linux. It'll stop all future virii as well as creating a wave of happiness. Dark purposes, it's all how you look at it. Sure they'll hate me for a while, but then they'll love me and i'll reveal my identity and be a hero!

Re:

[nathan.fulton]

I knew it! Those linux folks are all virus writers! They even infect the copyright system with their dirty viruses [wikipedia.org]!

Re:

[Eudial]

And I'm using it to 'infect' their pc's with Linux. It'll stop all future virii as well as creating a wave of happiness. Dark purposes, it's all how you look at it. Sure they'll hate me for a while, but then they'll love me and i'll reveal my identity and be a hero!

Here I was hoping the virus would start correcting the spelling in you tube comments. Maybe the next virus that comes along will realize my grammar nazi utopia, then...

Re:

[El_Oscuro]

1. Rent a bot net with the worm on it.
2. Instruct each zombie to Bittorent and install Wubi. [wubi-installer.org]
3. ???
4. Profit!

A small niggle...

[rickb928]

But it's "Ukraine", not "The Ukraine".

At least, that's what Ukrainians say [wsu.edu].

Just sayin... And that's what the Ukrainian rocket scientist I know says also.

Re:

[Cyberax]

Don't worry. Ukraine is going to split into several parts real soon or at least become a federation. And then you'll be able to call it "the Ukraine" again. :)

Re:

[feelbad_feelsgood]

If you wonder why people (esp. Americans) insist on referring to Ukraine as "The Ukraine," I believe the answer lies with the Parker Bros. board game "Risk". Their wikipedia entry http://en.wikipedia.org/wiki/Risk_(game)#Territories [wikipedia.org] doesn't say this, but I'm pretty sure older boards had a space that was not called Ukraine, but "The Ukraine". Corroboration from Seinfeld: http://www.seinfeldscripts.com/TheLabelMaker.html [seinfeldscripts.com] If you're wondering if Americans learned geography from any source more reliable than a

Re:

[rickb928]

I knew where Ukraine was before I knew about Risk.

American public education wasn't always such a failure.

Remove it script?

[brxndxn]

Where do I go to get a script that searches for it and removes it?

I'm sure I have coworkers that need this removed from their computers at work..

Re:

[anss123]

I'm sure I have coworkers that need this removed from their computers at work../quote The hole the virus exploits was closed last year, before Conflicker started spreading, so if your company machines are up to date they should be safe. Microsoft also has a "malicious Software Removal tool" that can remove the virus.

Re:

[techno-vampire]

Microsoft also has a "malicious Software Removal tool"

Is that a tool for removing malicious software, or a malicious tool for removing software? Enquiring minds want to know!

Re:

[transporter_ii]

bleepingcomputer.com - combofix.exe. Used this at work to remove it from multiple laptops. Works good and didn't have any trouble with it. Leave the USB thumb drive in while you run it, and it will clean the infection from it as well.

Complacency is a disease

[David Gerard]

A computer worm that spreads through low security networks, memory sticks, and PCs without the latest security updates is posing a growing threat to users blitheringly stupid enough [today.com] to still think Windows is not ridiculously and unfixably insecure by design [philosecurity.org].

Despite many years' warnings that Microsoft regards security as a marketing problem and has only ever done the absolute minimum it can get away with, millions of users who click on any rubbish they see in the hope of pictures of female tennis stars having wardrobe malfunctions still fail to believe that taking Windows out on the Internet is like standing bent over in the street in downtown Gomorrah, naked, arse greased up and carrying a flashing neon sign saying "COME AND GET IT."

Microsoft cannot believe people have not applied the patch for the problem, just because they keep trying to use Windows Genuine Advantage to break legally-bought systems. "Don't they trust us?" asked marketing marketer Steve Ballmer.

Millions of smug Mac users and the four hundred smug Linux users pointed and laughed, having long given up trying to convince their Windows-using friends to see sense. "There's a reason the Unix system on Mac OS X is called Darwin," said appallingly smug Mac user Arty Phagge.

"It can't be stupid if everyone else runs it," said Windows user Joe Beleaguered, who had lost all his email, business files, MP3s and porn again. "Macs cost more than Windows PCs."

"Yes," said Phagge. "Yes, they do."

Ubuntu Linux developer Hiram Nerdboy frantically tried to get our attention about something or other, but we can't say we care.

It simply does not matter!

[erroneus]

It doesn't matter how bad and unsafe Windows is. Microsoft Windows is like the air. People are going to keep breathing it no matter who farted in the room. People live in the most polluted places because that's where they live, that's where they work, that's where they play. I could tell you all day long about this other place... with clean air, that's safe, that's stable and all that... and most people might be intrigued but very few will vacation there and even fewer will actually move there. This is how people work.

Linux needs an Apple logo before the masses will move to it.

Re:

[RAMMS+EIN]

Linux has a logo, and it's cute and cuddly, so I think that's all good. It's just nowhere to be seen.

Computers (and embedded systems) coming with Linux carrying the penguin logo on their packaging, hardware that works with Linux and software that works with Linux (but what version of what distro?) carrying the penguin logo would be a start.

The logo alone isn't enough. It would be great if it were out there, but people also need to know why they want it. Something like Compiz's spinning cubes works wonders h

Re:

[mlwmohawk]

People live in the most polluted places because that's where they live, that's where they work, that's where they play.

Within reason, of course. When there is no place to go, they stay. However, history shows that where there are alternatives, people migrate to cleaner/better environments. The Navaho and Anaszi would pack up and leave a whole city and build a new one. In the 1800s people flocked to the west for a better life. Europeans flocked to the Americas for a cleaner/better life.

Re:

[Computershack]

When will Windows be ready for the desktop? Srsly.

Microsoft patched this and issued the fix through Windows Update a month before the worm was even in existence. It's only stupid fucks who don't update their OS that've got infected.

Re:

[JohnBailey]

Microsoft patched this and issued the fix through Windows Update a month before the worm was even in existence. It's only stupid fucks who don't update their OS that've got infected.

Ahh.. that's all right then.. So you are saying more than the thirty percent mentioned will be getting it..

Re:

[nurb432]

And dont use email, or browse or or or..

Only way to be 100% safe is to not be online at all.

Re:

[Kneo24]

Interestingly, security through obscurity is not real security.

Re:

[symbolset]

Yeah, but good practices like having "no open ports" and "don't execute files in every damned media you mount" are good security practices. Practices that Windows fails at. Still.

Re:

[Kent Recal]

And how does that relate to the point I made?
By using OSX or linux you get both, the benefit of a system that was designed with security in mind and the benefit of a system that isn't targeted much by worm writers.

Re:

[Kneo24]

That's 15% between the two (I'm sure Apple probably has the larger slice of that 15%), and they still don't make up the overwhelming majority. Call me when either one hits a market share of 30%. Those operating systems have holes too. Just because the majority of the people in the virus scene ignore them doesn't mean they aren't there.

Re:The sick truth.

[couchslug]

"If we were a proper country like Soviet Russia they would get the Siberian wolf blowjob by now."

Thanks to the internet, not only do I know that for some people that would not be a punishment,
but that others wish they were the wolf.

Re:

[pxlmusic]

3/10

Re:

[Breakfast Pants]

Moot point unless the only way you do anything as root is through a shell in one of the virtual terminalsor xdm. If you ever give your root password in a logged in X session, or as your user (su or sudo) your machine can be compromised. su, bash, etc. can all be replaced with sinister versions, and the next time you su to root, your password is captured.

Re:

[Atlantis-Rising]

And yet, the exact same security model is present in Windows Vista- users need to provide an administrative password to elevate security privileges for a process that requires administrator-level access, or, even if you are logged in as administrator, you need to provide confirmation to conduct administrator-flagged actions.

This is the premise behind Vista's UAC.

Notice how universally it is panned as being useless, despite being exactly the type of security model you advocate?

Re:

[techno-vampire]

Notice how universally it is panned as being useless, despite being exactly the type of security model you advocate?

I've never had to deal with it, and as I don't "do" Windows, I probably never will. However, I get the impression that Vista's UAC is hated because it pops up that dialog for every, single, solitary change that's made while you're installing a program, even though you've already given the Administrator password. And, while I'm thinking of it, UAC may be based on the Linux security model, b

Re:

[drsmithy]

If you were truly a Linux power user, then you'd know that the Linux/UNIX security model is not conducive to the spread of viruses since any program attempting to modify system files would require root access first.

There's not much the average virus needs to do that requires "modifying system files".

It's not the "security model" that's non-conducive to viruses spreading in Linux, it's the users.