Re: botted hosts

[Sean Donelan <sean () donelan com>]

On Mon, 4 Apr 2005, Brad Knowles wrote:
>       Microsoft will solve all problems.  You just have to trust them
> and use their DRM and their "trustworthy" computing initiatives.

DRM isn't about keeping your computer secure.  DRM is about letting other
people install stuff on your computer they control, i.e. wait until DRM
meets Bots (more than it already has).

Although Microsoft probably did more to create the problem than
anyone else, they finally have stepped up to the plate.  In the last
year they have been more successful than anyone else at fixing their
piece of the problem.  XP SP2 reduced the brand-new computer zombie
problem. I think auto-update has helped a bit, but its harder to
quantify.  Microsoft hasn't fixed the "click here" to install bot problem.

If you can track sources, rather than noise level, the bot graph is
looking better.  Most of the security vendors prefer to publish noise
graphs.  Although the noise level was increasing, the absolute number of
bots has been amazingly constant for the last 12 months. That is good
news because the overall infection rate declined.

Some people are worried its "too quiet" and we're due for big incident
soon.