Windows reality - The Torpig botnet and LOTS of others out here

Jeff Richards wrote:
> You are quite correct - I don't get it.
>
> I particularly don't get why you are posting news about Torpig and Sinowal
> when there is no evidence that these can affect W98 systems.
>
> I also don't get why you still refuse to post the references you are using
> for the evidence that this software can affect W98 systems.
>
> And I don't get why you won't simply agree or disagree with my suggestion
> that the references to Torpig and Sinowal were a mistake and you really
> meant to refer to rootkits and keyloggers in general, which, of course,
> would be relevant to W98 (although very out of date).
>
> The bit that I maybe I do get is that you seem to imply that the failure to
> discover this software on W98 systems is simply proof of how silent and
> sneaky it really is, and how the researchers' attention is focused only on
> current operating systems and they therefore miss (or don't bother
> reporting) all the W98 infections that are really out there. This is right
> up there with the best of the paranoid conspiracy theories such as how the
> failure to get concrete evidence of a UFO proves that they exist because it
> demonstrates how clever the aliens are at avoiding capture, and fully
> justifies my earlier claim of scaremongering.

Well, sorry you still miss the point of the postings and discussion.
Tried my best to explain it, if that escapes you, there isn't much more
I can do to help you understand.

The governments, Microsoft, and the like are all struggling to
determine HOW and WHY, though the supposed signatures are known, the
supposed IPs and prior methods have been addressed, and all of the known
aspects have basically been taken care of, they still can't control or
re-take control of infected systems, nor deter the infection of others.
There's a few missing pieces of the puzzle.
The morphings continue and the attacks are effectuated at the whim of
the controllers. The billions in financial enrichment that is being
enjoyed should AT LEAST cause reviewers to have come to the
understanding these parties are NOT stupid.

Unless the method is extended to include ALL variables, there will be
no success. The sophistication of these botnets and "worms" demands a
different method of analysis. Thinking within the box leaves one WITHIN
that box. Dismissing the historical usage of other OSs certainly leaves
a viable usage and connection un-address. As as I have said before:
"Appearances can be and generally are deceiving".

Your continued statements bring cause for the "stick your head in the
sand" analogy.
Still got all your IRA and benefits?
How's your stock portfolio doing?
YOU are a prime candidate for the numerous schemes being employed.

--
~
--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Diagnostics, Security, Networking
http://peoplescounsel.org
The *REAL WORLD* of Law, Justice, and Government
_______

 

So what you are now saying is that the point of your post was to warn that
Rootkits and KeyLoggers are dangerous, are difficult to deal with, have
caused a lot of trouble for security people, have resulted in significant
losses for some banks, and will continue to be a problem because PC
operating systems have inherent vulnerabilities that have proved very hard
to remove.

That's hardly news. In fact, it's very old news. It's barely relevant in a
newsgroup concerned with an operating system. But in any case your post
doesn't say anything like that. It simply lists a bunch of sites, many of
them quite old, and most of them relating to threats that cannot affect W98.
The comments you have attached to some of the references do not offer any
explanation as to why the information at those sites might be relevant to
the message you were trying to send.

Also, please note that much of your analysis is either wrong or
unsupportable.

For instance: "The governments, Microsoft, and the like are all struggling
to determine HOW and WHY, though the supposed signatures are known, the
supposed IPs and prior methods have been addressed, and all of the known
aspects have basically been taken care of, they still can't control or
re-take control of infected systems, nor deter the infection of others."
Where is the evidence for this? The sites you have posted make it quite
clear that at least some people understand quite clearly why they still
can't control or re-take control of infected systems or prevent new
infections, and there is no reason to believe that this understanding is not
widespread. That they have not been able to counter it does NOT demonstrate
that they do not understand the reasons for their difficulties.

Or this: " The morphings continue and the attacks are effectuated at the
whim of the controllers. The billions in financial enrichment that is being
enjoyed should AT LEAST cause reviewers to have come to the understanding
these parties are NOT stupid." The sites you have referenced indicate
clearly that the reviewers do not regard "these parties" as stupid They
repeatedly comment about how clever the code is. They sometimes comment
that some of the code is blindly copied without thorough checking, but their
acknowledgement for the cleverness of these people is a recurring theme.

Also: "Unless the method is extended to include ALL variables, there will be
no success. The sophistication of these botnets and "worms" demands a
different method of analysis. Thinking within the box leaves one WITHIN that
box. Dismissing the historical usage of other OSs certainly leaves a viable
usage and connection un-address. As as I have said before: "Appearances can
be and generally are deceiving"." This is just vacuous grandstanding. Post
these comments in a security group and watch the response. There is no way
that you can assess the extent to which those addressing the problem have
unnecessarily limited their thinking or restricted the scope of their
analysis. There is no way that you can reasonably assert that the history
of past attacks on other operating systems has been dismissed. In fact, it
appears that problems in porting the specific attacks that you mention -
Sinowal and Torpig - to Vista indicate that MS has learned some very
worthwhile lessons. And I have no idea what you are trying to say in that
last sentence.

But your last comment says it all. Anyone who is unable to penetrate your
convoluted phraseology, obscure references, emotional insults and irrelevant
commentary to winkle out what you are actually trying to say must, by your
definition, be incapable of protecting themselves from hackers. Yet another
leap of logic that I have a great deal of difficulty in following
--
Jeff Richards
MS MVP (Windows - Shell/User)
"MEB" <meb-not-here@hotmail.com> wrote in message
news:u2mpOaR0JHA.5764@TK2MSFTNGP04.phx.gbl...
> Jeff Richards wrote:
>> You are quite correct - I don't get it.
>>
>> I particularly don't get why you are posting news about Torpig and
>> Sinowal when there is no evidence that these can affect W98 systems.
>>
>> I also don't get why you still refuse to post the references you are
>> using for the evidence that this software can affect W98 systems.
>>
>> And I don't get why you won't simply agree or disagree with my suggestion
>> that the references to Torpig and Sinowal were a mistake and you really
>> meant to refer to rootkits and keyloggers in general, which, of course,
>> would be relevant to W98 (although very out of date).
>>
>> The bit that I maybe I do get is that you seem to imply that the failure
>> to discover this software on W98 systems is simply proof of how silent
>> and sneaky it really is, and how the researchers' attention is focused
>> only on current operating systems and they therefore miss (or don't
>> bother reporting) all the W98 infections that are really out there. This
>> is right up there with the best of the paranoid conspiracy theories such
>> as how the failure to get concrete evidence of a UFO proves that they
>> exist because it demonstrates how clever the aliens are at avoiding
>> capture, and fully justifies my earlier claim of scaremongering.
>
> Well, sorry you still miss the point of the postings and discussion.
> Tried my best to explain it, if that escapes you, there isn't much more I
> can do to help you understand.
>
> The governments, Microsoft, and the like are all struggling to determine
> HOW and WHY, though the supposed signatures are known, the supposed IPs
> and prior methods have been addressed, and all of the known aspects have
> basically been taken care of, they still can't control or re-take control
> of infected systems, nor deter the infection of others. There's a few
> missing pieces of the puzzle.
> The morphings continue and the attacks are effectuated at the whim of the
> controllers. The billions in financial enrichment that is being enjoyed
> should AT LEAST cause reviewers to have come to the understanding these
> parties are NOT stupid.
>
> Unless the method is extended to include ALL variables, there will be no
> success. The sophistication of these botnets and "worms" demands a
> different method of analysis. Thinking within the box leaves one WITHIN
> that box. Dismissing the historical usage of other OSs certainly leaves a
> viable usage and connection un-address. As as I have said before:
> "Appearances can be and generally are deceiving".
>
> Your continued statements bring cause for the "stick your head in the
> sand" analogy.
> Still got all your IRA and benefits?
> How's your stock portfolio doing?
> YOU are a prime candidate for the numerous schemes being employed.
>
> --
> ~
> --
> MEB
> http://peoplescounsel.org/ref/windows-main.htm
> Windows Diagnostics, Security, Networking
> http://peoplescounsel.org
> The *REAL WORLD* of Law, Justice, and Government
> _______
>

 

Jeff Richards wrote:
> So what you are now saying is that the point of your post was to warn that
> Rootkits and KeyLoggers are dangerous, are difficult to deal with, have
> caused a lot of trouble for security people, have resulted in significant
> losses for some banks, and will continue to be a problem because PC
> operating systems have inherent vulnerabilities that have proved very hard
> to remove.
>
> That's hardly news. In fact, it's very old news. It's barely relevant in a
> newsgroup concerned with an operating system. But in any case your post
> doesn't say anything like that. It simply lists a bunch of sites, many of
> them quite old, and most of them relating to threats that cannot affect W98.
> The comments you have attached to some of the references do not offer any
> explanation as to why the information at those sites might be relevant to
> the message you were trying to send.
>
> Also, please note that much of your analysis is either wrong or
> unsupportable.
>
> For instance: "The governments, Microsoft, and the like are all struggling
> to determine HOW and WHY, though the supposed signatures are known, the
> supposed IPs and prior methods have been addressed, and all of the known
> aspects have basically been taken care of, they still can't control or
> re-take control of infected systems, nor deter the infection of others."
> Where is the evidence for this? The sites you have posted make it quite
> clear that at least some people understand quite clearly why they still
> can't control or re-take control of infected systems or prevent new
> infections, and there is no reason to believe that this understanding is not
> widespread. That they have not been able to counter it does NOT demonstrate
> that they do not understand the reasons for their difficulties.
>
> Or this: " The morphings continue and the attacks are effectuated at the
> whim of the controllers. The billions in financial enrichment that is being
> enjoyed should AT LEAST cause reviewers to have come to the understanding
> these parties are NOT stupid." The sites you have referenced indicate
> clearly that the reviewers do not regard "these parties" as stupid They
> repeatedly comment about how clever the code is. They sometimes comment
> that some of the code is blindly copied without thorough checking, but their
> acknowledgement for the cleverness of these people is a recurring theme.
>
> Also: "Unless the method is extended to include ALL variables, there will be
> no success. The sophistication of these botnets and "worms" demands a
> different method of analysis. Thinking within the box leaves one WITHIN that
> box. Dismissing the historical usage of other OSs certainly leaves a viable
> usage and connection un-address. As as I have said before: "Appearances can
> be and generally are deceiving"." This is just vacuous grandstanding. Post
> these comments in a security group and watch the response. There is no way
> that you can assess the extent to which those addressing the problem have
> unnecessarily limited their thinking or restricted the scope of their
> analysis. There is no way that you can reasonably assert that the history
> of past attacks on other operating systems has been dismissed. In fact, it
> appears that problems in porting the specific attacks that you mention -
> Sinowal and Torpig - to Vista indicate that MS has learned some very
> worthwhile lessons. And I have no idea what you are trying to say in that
> last sentence.
>
> But your last comment says it all. Anyone who is unable to penetrate your
> convoluted phraseology, obscure references, emotional insults and irrelevant
> commentary to winkle out what you are actually trying to say must, by your
> definition, be incapable of protecting themselves from hackers. Yet another
> leap of logic that I have a great deal of difficulty in following


WRONG as usual.

Let me put it like this, people such as you and 98 Guy are so frakken
intelligent you want the materials posted upon the web so every "kiddie
hacker" and "Nigerian I.D. theft ring" can get their hands on it.
Then when some new form appears, you can't understand WHY it has...

It isn't that you would be able to really understand the import of
what you could review, discussions such as this prove that point. Though
I HAVE provide enough that proper direction has been placed, you are so
intellectually capable, you argue away the very materials that provide
the answer and necessary materials.

I have handled the issue in the form it should be... I shouldn't need
to supply what form that might be so others are advised *you* should be
able to figure that out, though your continued responses also PROVE that
isn't the case.


--
~
--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Diagnostics, Security, Networking
http://peoplescounsel.org
The *REAL WORLD* of Law, Justice, and Government
_______