the purefinder - archives - Sun, 2004-09-12
« managing the transition | Main | We didn't notice the photographer. »September 12, 2004
an pwned machine
My sister's computer was totally pwned. Indeed, one of the viruses tried to send it to a webpage named thus.
Before I'd had anything to do with Linux, I used to read the rantings of the more fervent Microsoft bashers with a little disbelief. I regularly patched my software, was sensible and informed about the integrity and security of my computer and though I knew that other people got viruses, I didn't - literally.
My sister and her partner brought their (XP) machine up this weekend- it was, they said, a little slower than it used to be...
It was actually so compromised by keyloggers, trojans, backdoors, worms and viruses that it was close to impossible to do anything on it. As soon as I managed to get it online (to try and d/l some remedies) it was assailed by messages from ladies telling us that we should look at their bits. I worked on it for hours, peeling away at the layers of corruption and getting it *close* to useful functionality by the time they had to leave.
They hadn't considered that they were likely to have been infected with anything as they had, what they considered to be working versions of, Norton Internet Security and Norton Anti-Virus on their machine.
They are very intelligent and capable people who use computers routinely in their demanding, responsible and well paid jobs. I sent them away insisting that they took a more resonsible approach to their online security in the future - so that they didn't break the Internet for the rest of us. However, I was left thinking that there was something inherently wrong about the products they had bought. If their operating system and software required regular attention, updates and maintenance, as they obviously did, then those needs should be communicated in a way that it is overt and difficult to ignore.
A year ago, when I bought this domain, I was delighted to have a *new* address - one that wasn't just free of spam, but one that hadn't actually existed until I had made it. Within a month - when I received my first batch of worm-made nonsense emails, I realised that it wasn't just a matter of being careful where I left my address on the Internet (specifically, nowhere) but that I also had to use some discretion to make sure that I didn't use my address to talk to people whose machines were likely to become compromised.
My sister and her partner have never really tried seriously to solve any problem on their computer. They have *never* googled an error message to see what it means and to see what they need to do. Indeed, they have never even thought that an error message required any action other than to press the "ok" or the "x in the corner". I'm not eager to become one of the people who like to wave their big Linux penises around, but companies like Microsoft and Symantec are at least open to criticism for encouraging the passivity of most computer users - irrespective of whether their products work well or not.
Posted by padraig at September 12, 2004 06:35 PM