Conficker: Cyber security hype?

Randall — Wed, 01 Apr 2009 18:33:36 GMT

Insurance companys used to burn barns to make the point that you need our product.drug companys tell you you'll die without our product. goverments tell you the bad guys are gonna get you if you dont die for your country. sleazy bastards all

Conficker: Cyber security hype?

P Ricky, St. Louis Park, MN — Wed, 01 Apr 2009 19:35:33 GMT

Like most people, I also am in favor of staving inflictions of a 35 yrs old social deprived nerd residing in mother's basement, also suffering from a mild case of megalomania. But the needless need to up sell the less informed consumers with 360-degree-full-frontal-end protections is just flat out wrong. I've been working in information technology for some time and as long as you have a firewall (Cisco, Linksys, SonicWall, or what have you.) of some sort, you really only need a very basic anti-virus protection. Admittedly, there is a selection of free-based anti-viruses that work really well and provide to what could now be named as rudimentary-protections-without-the-dorky-bike-helmet-and-reflective-tape.

Although I’ve been as the wayside witnessing all these computer prevention infection suites filling in, I have to slightly chuckle, because I’m really holding out for the day when anti-whatever compilation exceeds a threshold consuming all the computers resources, rendering it useless and we go back to hammering on typewriters and fax machines. That’s when karma’s long-over-due proverbial hand rightfully whops each CEO in their engine compartments for carelessly taking advantage of those looking for a sense of security. We really have this enact ability to hollow out our own consumer market.

Conficker: Cyber security hype?

Amy Z, Philadelphia, PA — Wed, 01 Apr 2009 19:44:00 GMT

I think the only way it could cause a 'Network Crisis' is if major companies (like an electric company for example) doesn't scan it's computers for viruses with newly updated definitions frequently. And if something seems amiss, they should download new updates from a clean PC and install them on a PC suspected of being infected.

If companies are responsible and do daily virus scanning and updates then it shouldn't be something to worry about. Also they should be responsible enough to not open anything that they don't know what it is.

Even if they virus manages to evade all possible defenses, I don't see it getting so out of control that the general population notices before IT specialists stop it.

I think it's been very hyped up. A new, unknown virus could be created and invade several computers undetected and wreak havoc at any time...so why aren't we constantly on guard of a major Network Crisis?

I've never had my computer infected with a virus. I have had files that contain a virus on my computer maybe 2 or 3 times, but my anti-virus software (free by the way) immediately noticed them and deleted them before I even had a chance to open them. I've been using Vista since the Release Candidate 2 and before that I used XP.

If the user is responsible and careful there is no reason to get so worried about getting a computer virus.

Conficker: Cyber security hype?

kindred industrialite, Albany, NY — Wed, 01 Apr 2009 20:55:15 GMT

Well, I have been in the IS field for almost 20 years now, and I have combatted a fair share of the evil things. Thinking a little about both sides, Its really tough to say how "Bad" the thing can get, and just say the obvious.
As most have mentioned already, the best bet is a "Good" anti-virus and anti-spyware product, and it is Current, and up to date. And I don't just mean with the latest definations either! I know there are people out there with 4 year old anti virus products, and they have been, "Updating" their virus definations regularly, but to the best of my knowledge, there are new worms, mail-ware, and viruses, that the "old" engines will not pick up. So the Scan engine I would recommend, be under a year old as well, not just the latest "Definitions" they will not cover it all!

My blurb on the "Free" software is... Well, what recourse is there really? I mean is free? So what "SteakS" does the company really have in "Getting it right?" If the financial Security of their "Company" dosen't Hinge on "Getting it right" there is little, if any motivation for them to worry about weather it catches everything or not? So how anyone could trust in such a program, when there is no "Good" reason to "Get it right" other than out of the goodness of their hearts?
No, these are often people who have the same motivational drives as the people who Write the nasty things to begin with, and their only "reward" is trying to outsmart the "bad guys"... But I would not stake my Security on that basis. But you are welcome to if you like? But who are you going to complain to if it fails? I'm sure they will be "sorry".

But the last, and I think the most troublesome aspect of the "Hyper's" is the fact that the last place I worked in, Was a State Agency...and Sadly enough, not enough of those machines were "up to date". Though many did have a current Virus Definition File, Most had not seen updates to Microsofts "Security" vulnerabilities since 2006! Basically they had about Service Pack 1 installed, and thats about it... With so many glaring Holes, they are still just as vulnerable, if not more so. Also, the Scan Engins, as I mentioned before, were aslo several years old, and did not pick up MANY mailware items that were spread "Socialably" from person to person. The computers were "Constantly" infected by Links that were sent to the users in E-Mail that appeared to be from people they know... But it would surely infect their pc, and start sending messages to other co-workers. In the best case, an item was identified by the anivirus software, but it would not clean it, or diden't keep it quarentined. So... It was a HUGE and never ending cycele... And the only way they "Fixed" it? Most would just "re-image" the computer with a couple year old Ghost Image, and re-deploy the computer... Just to have it re-infected again, some time later....And if this is the current "Statis Quo" for this state agency, you can bet, most others are just like it.
I also will say, that the only maleware that we got notified of too... were he ones that caused "Pop-ups" that annoyed the users... if there was no "Visable" effects of an infection? I would not have been notified about it. So, I can clearly see, how such a threat Coficker would seem to some people.
I am also sure that these "agencies" would not admit to the fact that they are that "undefended", and they go through some pains to make sure that the people they "hire" are not smart enough to be aware of the real threats that effect the network. I'm sure if it were not for my background, experience, and history with these things, I would not know the "True" extent of the threats....But they are there.. and are real.

Conficker: Cyber security hype?

Doug, Western Mass — Wed, 01 Apr 2009 21:24:46 GMT

Proof of concept I think. Malware is about making money. As integration actually is beginning to happen extend yourself a few years down the road. If you can bury a piece of undetectable code in the OS that checks home for instructions now and then and is spread by IPods, flash drives etc then what happens when it does get instruction? Never mind the obvious devices like computers, Ipods, cell phones etc but what about your vehicle with the IPod dock, your TV with the digital tuner, your security system, your fridge with the digital windows based controls?
Think BIG and Longer Term, these guys are, no question of that in my mind.

Conficker: Cyber security hype?

Daniel — Wed, 01 Apr 2009 21:32:08 GMT

Who was surprised? A virus with no apparent instruction was meant to do something unspecified on April Fool's Day? Give me a break. Just another fear-mongering story for the media to ravage on like vultures.

Conficker: Cyber security hype?

E. M. Rural, NC — Wed, 01 Apr 2009 21:44:14 GMT

So, when the nightly news reported last night that we all had 45 mins to protect our computers from the virus that was going to take over the internet, I thought, wasn't so nice of the virus authors, way over in China, Eastern Europe or Hackerzstan for all we know, to set it to activate at midnight Eastern Standard Time, even with the change to the new Daylight Saving Times.

This was a global threat, almost seems a little myopic. Is there evidence that the code specifically identified activation at 12am est?
Is it just me, or just part of the scare tactics and fear mongering that have effectively ruled the citizens of this great country for the last 8 years.

Conficker: Cyber security hype?

Don M, Oakland, Calif. — Wed, 01 Apr 2009 22:26:41 GMT

The only prevention being recommended by Microsoft or any of the news reports I've seen is to check with Microsoft for security updates, which are free. And if you read into the news stories, they give specifics about what engineers are finding out about the malware. It seems clear that it was a carefully planned attempt to cause damage.

Conficker: Cyber security hype?

Justen Robertson — Wed, 01 Apr 2009 22:34:23 GMT

There's nothing to be terrified about. There is nothing, I repeat nothing, that malware can do to you that you can't get around with some basic tools, most which are provided by your operating system and the rest are available for free or very cheap. Prevention is even cheaper: keep your system up to date and don't do stupid things on the web.

There's a peculiar myth that malware can cause permanent hardware damage, data loss, or perform other mysterious, supernatural feats. While some of these things are technically possible, malware is ineffective at spreading if it destroys the systems it attacks and not valuable to its creators. The truth is the worst it can do is annoy you and render your system temporarily useless. Any technician worth his salt can clean up even the worst infections in a few hours or less if you can't do it yourself and recover any damage - hard though it may be to find a technician worth his salt (protip: avoid big name repair services and irreputable independent shops alike; go for a local guy who has been personally recommended by someone you trust - this is just like picking a mechanic).

I worked in PC support for several years before moving into software development and never met a virus that lived up to its hype. Most of it is ego satisfaction for the creator and cheap marketing for worthless internet security suites. If you're worried, just unplug from the internet, call a technician you trust, and have a little patience. The sky will not fall.

Conficker: Cyber security hype?

Oisin, Dublin — Wed, 01 Apr 2009 22:42:52 GMT

It's interesting that I see so many people with security problems, and these people actually have paid money for anti-virus software and have the MS auto-update system activated.

Considering I de-activated auto-updates from the start (disagree with the whole malware/spyware system personally) and have a free anti virus system (Grisoft's AVG) and use Firefox and have NEVER once had some kind of nasty code enter my system.

Hype is not the word. Complicity perhaps. It seems the hype is necessary to instill fear in people, so they are willing to depart with their hard earned cash buying 'trusted' packages that are then 'provided'.. for a price.

Conficker: Cyber security hype?

TW Carroll, West Hartford, CT — Wed, 01 Apr 2009 23:05:42 GMT

You're right on the mark with your concerns.

While potential security threats are real, and reasonable steps need to be taken to address them, much of what passes for "critical" security needs is fed by hype like this latest round of Chicken Little nonsense.

It's very analogous to what happened before January 1, 2000 when all the "experts" predicated that the countries that didn't get fooled into spending the obscene sums of money this country did were going to crash and burn. Remember what a farce Y2K turned out to be?

Conficker: Cyber security hype?

D. Scott, Buffalo, NY — Thu, 02 Apr 2009 01:49:00 GMT

Using a computer with multiple antivirus, antimalware, antiscumware, antiyounameitware applications is like making love while wearing 4 condoms....it kinda dulls the experience.

Conficker: Cyber security hype?

John Doe, Central Oregon — Thu, 02 Apr 2009 03:39:03 GMT

I think this shows how addicted we are to our computers.

Conficker: Cyber security hype?

samantha — Thu, 02 Apr 2009 06:38:04 GMT

If you need an all in one solution that I would look at something like unified threat management also known as a UTM.Cyberoam firewall is the only UTM firewall that embeds user identity in firewall rule matching criteria, enabling enterprises to configure policies and identify users directly by the username rather than through IP addresses. Cyberoams powerful hardware firewall provides stateful and deep packet inspection, access control, user authentication, network and application-level protection.

The ICSA-certified Cyberoam firewall is available along with VPN, gateway anti-virus and anti-spyware, gateway anti-spam, intrusion prevention system, content filtering, bandwidth management and multiple link management, providing comprehensive security to small, medium and large enterprises, including remote and branch offices. Cyberoam is a Check Mark Level 5 certified UTM solution.

Key Features

1.Stateful Inspection Firewall
2.Centralized management for multiple security features
3.Embeds user identity in rule-matching criteria
4.Multiple zone security
5.Granular IM, P2P controls
6.ICSA certified

Conficker: Cyber security hype?

Daniel Tobe, Placentia CA — Thu, 02 Apr 2009 08:05:00 GMT

Conficker out nothing, and let's all be glad this was just that, nothing as we have enough problems to worry about. Who doesn't love freeware, it's the best for the price and you can simply Re-image your PC once a month using a disk key or Google documents for security reasons and peace of mind. In case there is confusion, Reimage is done by scanning, copying and saving all of your important data.

Conficker: Cyber security hype?

Christophe — Thu, 02 Apr 2009 08:07:01 GMT

I saw that 60 minutes piece while at my mother's, and it was the most alarmist, irresonsible, one-sided, silly piece of journalism I've seen, possibly ever (outside of Fox News' everyday reporting).

She's already afraid of going to sites like "amazon" and "youtube" and now I can't even get her to plug in her modem. RIDICULOUS. Do your homework 60 minutes, these bugs have been around forever, and they are SO EASILY FIXABLE, if that is necessary at all. Uggghhh.

Conficker: Cyber security hype?

Kevin, Philadelphia — Thu, 02 Apr 2009 12:20:57 GMT

"Major companies (like an electric company for example) doesn't scan it's computers for viruses with newly updated definitions frequently"

What are you stupid amy? Major companies like the electric company, (which I happen to work for in philadelphia) are one of the things that help a situation like this. I cant turn on my computer anymore without getting security updates from our security department. The problem is the general public that doesnt update or have virus software.

If backup you computer weekly, keep your software up do date, hardcopy anything of major importance and clear your history you will never have any problems.

Conficker: Cyber security hype?

Vance Shearer — Thu, 02 Apr 2009 13:00:38 GMT

I am amazed at the comments here. For those that profess to "never" have been infected, hope you are right, as most fools are oblivious to their fooldom.

3 - 7 million bots. Yeah, gross overreaction.

Conficker: Cyber security hype?

Jim — Thu, 02 Apr 2009 13:26:04 GMT

LMFAO!!!!!! I CREATED IT

Conficker: Cyber security hype?

HD, Wash. DC — Thu, 02 Apr 2009 14:29:38 GMT

Anyone who think these alerts are just hype may (or may not) be right. But any IT guy, who tells you that you do not need much protection has never experienced the infection of an entire server farm. Network operations centers literally quarantine remote offices and labs, shutting down every possible connection route, until inoculation is completed. Thousands, if not millions of dollars are lost every minute the servers and connectivity remain down. And you can have all the tools in place, and yet it only takes one idiot to decide they are going to download the latest U2 or Limp Bizkit song from a shared site, and now everyone is infected. It took me 4 days to clean off my home computer, because my wife downloaded some malware and didn't know it. And I had everything.

Writers of malware are getting better, not worse. Unfortunately, companies like Symantec are on the lucrative side of this and will exploit it as much as possible. But make no mistake, these are real threats. Many of these "hackers" are hi-tek nuisances, or maybe they are auditioning for a high-paying job with the CIA or some tech company.

Conficker: Cyber security hype?

Murphy, Oklahoma — Thu, 02 Apr 2009 15:40:05 GMT

The hype that has seemed to be going around as of late with all these viruses seems to be more hype than worry. Consumers have yet realized it's almost like selling a boat cruise. The more you spend the better the trip will be, but with the minor things in small wording that you never read over.
Viruses and Spamware only seem to go out as fast as you seek them out with downloading programs that are PtP (Peer To Peer). Even a public computer is at risk, but only if the users do something they know will be a threat for what they are doing. As for the "Conflicker" virus. The industry caught it soon enough, atleast for most known purposes. Why worry if you keep your stuff up to date?

Conficker: Cyber security hype?

Tonah — Thu, 02 Apr 2009 17:59:23 GMT

They should put him here when they finaly find him!

http://www.flickr.com/photos/toledocaindude/3307629479/sizes/l/

Conficker: Cyber security hype?

John Doe, Seattle, Wash — Thu, 02 Apr 2009 18:12:23 GMT

OK, so the media once again warns everyone about a threat, millions of people listen, get ready, and by doing so, stop the threat from doing much damage. Then some @sswipe in the media turns right around and accuses the media of over hyping things. Y2K all over again.

Conficker: Cyber security hype?

Vince Dumond, Toronto Ontario — Thu, 02 Apr 2009 22:27:46 GMT

Is there a time-date for a worm to activate? What if you ajust your computer clock to 2007 or earlier date? I guess the worm would wither and die.