Neil Turner's Blog

Blogging about technology and randomness since 2002

Not something to be proud of

Symantec have announced that the UK has the highest proportion of zombie computers in the world. 25.2% of compromised machines are here, ahead of the US with 24.6% and China with 7.8%.
These machines are used for sending out spam, hosting phishing web sites, launching denial of service attacks and other kinds of malice, almost always without the knowledge or consent of the computers’ owners. As more people get always-on broadband connections, the problem will only get worse, unless something is done about it. Here’s my suggestions:

1. More readily available anti-virus solutions

When my parents bought their new computer in November, it came with Norton Antivirus 2004. This is a good start, but it only had 3 months of definitions – after those 3 months it would become useless. This seems to be part of a trend – companies selling the product cheaply but charging an arm and a leg for updates. What we need is new computers provided with an anti-virus tool that will work for at least a year before the subscription needs to be renewed.
ISPs should also offer virus protection with their packages. By this I mean installable desktop anti-virus tools as well as scanners for incoming email which will block any messages with viral attachments. Furthermore, their SMTP servers should be monitored for outgoing viruses, although most viruses now have their own SMTP engine so that might not be so effective.

2. Disconnecting of infected users

If a user has certain ports open that would imply infection, or is sending virus infected email, then their connection should be blocked. All requests could be directed to a page notifying the user of the problem and remedies suggested – sites like Windows Update and those of major anti-virus vendors could be exempt from the block. The ISPs could also make quick disinfection tools like McAfee’s Stinger readily available for customers to use.
This would actually benefit the ISPs themselves as they would have less traffic to route, and also benefit the wider internet at large.

3. Microsoft should ship Antispyware and an antivirus tool with Windows XP SP3

I’d bet good money that 99.9% of the infected machines are running Windows. While it’s not necessarily Microsoft’s fault that people have opened attachments that they shouldn’t have, or browsed dodgy web sites which use social engineering to get the user to install a trojan, they are in a very good position to put a major dent in the problem. When Microsoft Antispyware is out of beta, it should be made freely available to download for all users and be included in the next Windows service pack for XP. While I’m unsure if spyware is responsible for the specific problems of DoS attacks and spam, it’s certainly not a nice thing to have on your computer.
There should also be some kind of anti-virus solution included for free. It doesn’t have to be all singing and dancing, just do the job. Those who want something a bit more powerful could still buy a commercial product, like they do with personal firewalls.
If Microsoft and the ISPs did something like this, the internet would be nicer for everyone.

7 Comments

  1. Zombie computers

    Neil has a good breakdown on what needs to be done to stop a growing epidemic in the computer world: zombie computers. All of his suggestions are great, but I think he left out a few things:
    I would these to his list:
    Improved education: Right n…

  2. Zombies in the UK? That’s not news. I mean, I saw Shaun of the Dead.

  3. In my experience it’s firewalls that make the biggest difference. When big ISPs automatially install a software firewall as part of the package or at the very least link to a free firewall (e.g. Zonealarm) on the security section of their homepage we might get somewhere.

    I’m on Blueyonder & according to Blueyonder I should buy Symantec’s firewall at £55!

    Admittedly in the months since I last looked at the homepage a link to XP SP2 has been added but that’s little use to the legions on older versions of windows (I’m on Win 2K & the XP start menu makes me swear almost as much as the £120 price tag every time I think of upgrading but that’s another rant 😉 ).

    I’ve got to say that the service from Blueyonder has been pretty good but rather than making a half hearted effort to make money from preventing zombies they could make a concerted effort to get their customers secure. On my firewall log there is a ping from a bradford blueyonder PC every 30 seconds or so…

  4. If Microsoft does include their antispyware tool in Windows XP SP3, I hope it is an optional component. There is nothing I hate more than having to remove software which some company assumed I wanted, but refused to give me a choice about. I would prefer that they made it optional but selected by default, like the Automatic Updates dialog after installing Windows XP SP2.

  5. Firstly, Michael – you don’t need to add the paragraph tags – just leave a blank line between paragraphs 🙂 . And Chris – MT automatically removes the target=”_blank” attribute (since I don’t like it) so there’s no need to add it.
    Martey: That is a good point.

  6. OK I’ll know next time. I was using the preview function with only one carrige return & nothing seemed to happen so I thought I’d use the HTML I’m trying to learn which seemed to work. BTW I’ve just uploaded a Gravatar (thanks for the link to the south-park theme website a few articles ago) & it hasn’t appeared yet. Have I done something wrong or was it just because the upload was about 5 minutes before the comment?

  7. Gravatar have to approve the image.
    I’m not surprised we do badly in the infection rates as hardly any isps take a proactive role heras quite a few US isps will do port scans (although often to stop users runing their own server.) Freevav software wuld go along way but it also needs auto updates and the ability to remove. I guess they have to make money somehow – by value added services such as reports, spam filtering etc. Having said that, the Norton security suite is awful for ease of use and stability. 1 tip would be to not force users to turn off system restore to remove viruses as that is one of the reasons people have system restore points – to roll back if they are infected.