Over a decade of DDOS--any progress yet?

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Thu Dec 9 19:24:42 UTC 2010


On Thu, 09 Dec 2010 06:45:45 EST, Rich Kulawiec said:
> I've been studying bot-generated spam for most of the last decade, and to
> about 6 nine's, it's all been from Windows boxes.  (The rest?  A smattering
> of "indeterminate" and various 'nix systems including MacOS.)
> 
> The botnet problem is a Microsoft problem.

If it's a Flash exploit, and the miscreants only do a Windows version because
that gets them 85% of the targets and they feel the effort of creating a Mac/
Linux version isn't worth the incremental 15%,  then you'll only see hits from
Windows boxes. But how does that make it a Microsoft problem?

You don't see spam from many Linux boxes because there aren't enough Linux
boxes to make it cost-effective to develop malware for.  If you need 5,000
bots, it's easier to find 5,000 Windows targets than finding 5,000 Linux
targets.  And the reason you don't see worms that target Z/OS or VMS or Irix
isn't because of their inherent security. The only way you'll get it to be a
non-Microsoft problem is by changing the playing field enough so that OSX and
Linux and others have enough market share that targeting just Windows is a
losing strategy.  Good luck with that.

Meanwhile, ponder what I mentioned in a previous mail - Windows is *already*
close to "as secure as you can sell to an end user".  Consider these Google
results for SELinux:

SELinux howto - about 96,900 results
SELInux disable - about 178,000 results
SELinux turn off - about 199,000 results

It's pretty obvious that there is a point where most users won't put up with
the inconvenience of security, and SELinux is already on the far side of it,
even for the probably-more-technical users of Linux. How are you going to sell
similar hardening to Joe Sixpack, given that most of the hardening will result
in either additional "are you sure?" pop-ups or breakage of things they bought
the computer to do?  The first time a user gets fragged in WoW or other game
because the security threw up a pop-up at an inopportune time, that user *will*
look for a way to turn the security off.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20101209/4f72a4d9/attachment.sig>


More information about the NANOG mailing list