Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)

[Ron DuFresne <dufresne () winternet com>]

On Thu, 6 Sep 2001, Markus Kern wrote:

> "Alexander Sarras (SEA)" wrote:
> > It might be discussable installing a - easily uninstallable - routine
> > which send emails and (broadcast) messages to admin account
> > accessible from the infected box, stating very clearly what to do 1)
> > to get rid of the worm 2) to get rid of that utility afterwards. But
> > surely not another virus.
> >
> > The only correct way IMHO is to shut of the access to the networks
> > for offenders. Via the direct ISP or the upstreams. This has been
> > done before, and this works.
>
> Ron DuFresne's <dufresne () winternet com> post indicates that this method
> doesn't always work as well as we'd like it to.
>
> Personally I prefer a technical solution to begging and court orders.
> http://www.technocracyinc.org/images/cbusses.jpg illustrates my point
> quite accurately.


I'm certainly not advocating that a bunch of bofh's or internet
counter-terrorists put on greyhats and unleash a storm of their own code.
The process is not so broken it can't be fixed, or enhanced with some
teeth.

I do think part of the problems is a standard of the IT industry, too few
knowledged souls responsible for far to wide a base of systems to control
and manage.  It's certainly hinted at in the canned replies that abuse
complaints generate:

        From: Sprintlink Abuse <abuse () sprint net>

...

We are not usually able to respond personally to each message
received, but wish to assure you that we investigate each report,
and will take appropriate action in accordance with our policies.

...

        From: abuse () verio net

...

Please note that due to the volume of e-mails we receive, we are not
able to respond personally to each message received.  We do
investigate each incident brought to our attention and will take
corrective action, if appropriate.  Please feel free to review our
Acceptable User Policy:

...

        From: abuse () corp bellsouth net

...

Unfortunately, although we take all complaints seriously, due to the
volume
of mail that we receive, we are not able to respond individually to each
message sent to this address.  Rest assured, however, we will respond to
any
matter that concerns eminent threats of bodily injury or damage to
property.

...


And yet, one might think with the current state of the economy, the IT
infrasctructure of such organisations might be taking advantage of events
and doing some discount hiring.

A broken process does not have to be tossed away for lawlessness and
outrage.  If it's broke, fix it.

Thanks,

Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.