Centerfield

Vast Botnets Of Evil

Microsoft negligence has allowed a nasty Internet threat to form: big, criminal botnets. Microsoft created an infection path, a browser script type called ActiveX; it allows web pages to run pretty much whatever what they want, with no effective checking of any kind. Most ActiveX-using pages do vaguely helpful things; others send your personal data to their authors; still others sign you up in a botnet without the courtesy of asking your permission.

If you run Windows and don't take stepe to be cautious about security, there's a good chance that your machine is, as we say, pwned ("owned") by a botnet runner via some kind of sophisticated ActiveX-delivered virus. If so, many/most of your machines' cycles and private data are sucked. If your machine has gotten dramatically slower, there's a good chance you've got more that one infection.

It's not exactly hard to catch these diseases. Research shows that an unprotected newly installed Windows XP attached to a firewall-less broadband connection is infected on average in 15-20 minutes. Windows has an automatic update process that can fix some problems that spyware authors take advantage of, but the average update time is two minutes longer than the average infection time. Feel lucky, kid? It's early to see if Vista has improved matters much. Microsoft has a subsystem that could theoretically (I've got my doubts) cut down on these, but unless you're into bondage, I'd stay away.

What Do Botnets Do?

I don't think you'll be surprised to read that these stolen machines aren't put to good use. No donations of cycles to cancer cure calculations here. No, the stolen data and machine access are resold, or sometimes put to ther owner's bad uses. Uses include what are called Denial of Service attacks, launching some kind of network request or transmission often enough that the target becomes too busy to do anything. Another use is to launder hacking attempts. When the smarter crackers (increasingly employed by Mafiosi) hack machines, they like to hide their activities by doing things from your machine instead of theirs, and they like to do that several times, so there's more than one cutout. Mafiosi often demand payment from businesses with hacked or clogged machines.

Staying Out Of The Botnets

There are some constructive ways to reduce risk. The most important things are to get and install Firefox and Thunderbird, respectively, instead of Internet Explorer and Outlook as browser and mail client. Yes, it is possible to run Thunderbird even with Outlook email servers, though you need to do some googling to figure it out. It's helpful to have anti-spyware software. Traditional anti-virus software, which protects hard disks from corruption, doesn't seem to be as important anymore because it's so much more productive for bad guys to use browser scripts as infection vectors. One good and free one is Lavasoft's Adaware. They have a free version. Stay away from both Macafee and Sympantec products these days - their software cause more harm than good now. Oh, and don't use the Microsoft anti-spyware app, because it mistakes some important apps like VNC for spyware and disables them. Windows XP, as of SP2 has a firewall that helps.

The best ways to stay unhacked, if you're feeling adaptable and Microsoft-independent, are to either shell extra for a Mac or run Ubuntu on your PC. Ubuntu is, at last, a mostly user-friendly of Linux. Here's how to get it. Once you have an Ubuntu CD, you can use it to check out Ubuntu without installation to see how you like it by using the Live Boot option. That will run Ubuntu from the CD without overwriting your hard discs. Google when you have questions; Ubuntu makes a big point of MOSTLY having a friendly and helpful community.

I mostly live in Ubuntu, doing everything that needs trust there. When I want to play Civ or another Windows game, I reboot into my the Windows XP on another disc. My Ethernet devices are disabled in Windows.