Love of Money is the Root of all Evil

Again we read that that other OS has allowed thieves to take total control of systems of PCs, exploiting several vulnerabilities of that other OS simultaneously to spread a sophisticated key-logger to transfer funds from bank accounts. The gory details according to Symantec are here. Read it if you dare.” When an unsuspecting user comes across a website which has code pointing to the exploit attack toolkit website, the visiting computer is subjected to various application exploits which if successful will drop and run the Qakbot file without user interaction. A user may also become infected via a network share or removable drive.

Qakbot attempts to increase its chances of session riding by preventing users from logging out and invalidating the session authentication tokens. Qakbot does this by simply removing graphical user interface elements from the HTML page such as the link to sign out or preventing URL requests that initiate sign off and redirecting the user to pages to make it appear they did sign off.”

The state of MA, whose IT is run by that other OS even fell prey to this thing and, for weeks, account information and access to accounts was given to a band of thieves. The malware hid itself and used multiple APIs of that other OS to infect PCs on the LAN and every USB drive inserted. Isn’t it time for this nonsense to end? Use Debian GNU/Linux and take control of your PC.

About Robert Pogson

I am a retired teacher in Canada. I taught in the subject areas where I have worked for almost forty years: maths, physics, chemistry and computers. I love hunting, fishing, picking berries and mushrooms, too.
This entry was posted in technology. Bookmark the permalink.

31 Responses to Love of Money is the Root of all Evil

  1. oldman says:

    “OK, suppose I am in a school with a budget for $40K for everything IT. ”

    Why should I assume such a thing Pog? My point was that your situation is not necessarily the norm.

  2. OK, suppose I am in a school with a budget for $40K for everything IT. The budget is made in February in many jurisidiction and the money is available in May. If you/students/teachers conceive a project in October they either have to cancel some item(s) in the budget, beg/borrow/steal or wait until next May when the item may or may not be approved. With FLOSS, software is not a budgetary item, at least for licences and in an educational setting, students can learn to install stuff as part of their practical work so labour is not much of an issue unless tradesmen (building codes, etc.) are needed. Where I teach, most schools are semesterized so the project might be implemented with a different batch of students who conceived the project. That does not support education which thrives on positive feedback. With FLOSS we can implement just about anything even on junkers just to demonstrate the solution even if it is not the final hardware system.

    I have only once had a principal deliver money for a project promptly in all my years of teaching. A project that costs little is much more likely to go forward. That principal was a little crazy and took $1K from some flexibility in his budget. That project was the design and construction of our first terminal server. Using that other OS it likely would have cost $thousands, retail, for hardware, licence, CALs and not been funded. Probably I could have shopped around and obtained some discounts but that would have taken time and lost momentum. With FLOSS we did design in a few days, construction in one day and implementation over a weekend. The only delay was purchasing. Kids loved it and it blew away the whole lab which we used as thin clients.

  3. oldman says:

    “Do you really think that students should have to wait until next year’s non-budget before a system they design can be implemented? ”

    You just made my point. You assume a non-budget. Elsewhere there may be a operational budget. Not everyone shortchanges computing the way that the institutions that you have worked in do.

    “The curriculum does not call for indoctrinating students in the cult of M$ nor does it call for students to be made familiar only with M$’s products but that is what has been happening.”

    Nor does it require them to be indoctrinated in the cult of FOSS, but that is what you have been doing, Pog.

  4. Education is a pretty general application of IT: creating, storing, finding, changing and presenting information. The same usage found in business or schools or homes can be interchanged. Regardless, IT is important in schools and that other OS and many of its partners are not. The curriculum does not call for indoctrinating students in the cult of M$ nor does it call for students to be made familiar only with M$’s products but that is what has been happening.

    I have shown that GNU/Linux works very well in education, better than that other OS and provides rapid and flexible deployment to meet any need. Do you really think that students should have to wait until next year’s non-budget before a system they design can be implemented? That’s bizarre but that’s what using that other OS entails just because “extra” licences are not in the budget and the EULA forbids multiple installations. That other OS can work in schools but at a terrible cost if anything like the performance GNU/Linux gives is obtained.

  5. oldman says:

    “How come when I recount problems I have seen, folks blame me? ”

    Because you represent them as being symptomatic of all use cases of windows, as opposed to the use cases that you have seen.

  6. How come when I recount problems I have seen, folks blame me? I didn’t make that other OS.

  7. Zombie Chan says:

    “Why does that other OS need an expert to operate the system? ”

    My mom can operate a Window Machine just fine, no malware or errors. She’s no where near a computer expert.

  8. No, I am not calling you a liar but you certainly are not a typical user either. Why does that other OS need an expert to operate the system? They typical consumer purchasing a PC will take whatever M$ gives by default and it is lacking in performance and reliability in my experience.

  9. oldman says:

    “M$ has spent decades earning its reputation as a producer of second-rate software needing exclusive dealing to keep it on the market. That reputation will not be expunged by a few anecdotes. M$ is spending $billions trying to do that but it’s not working.”

    I Dont care about Microsofts reputation with you and others like you. I speak facts, not anecdotes.

    Unless you are calling me a liar,

    Are you Pog?

  10. M$ has spent decades earning its reputation as a producer of second-rate software needing exclusive dealing to keep it on the market. That reputation will not be expunged by a few anecdotes. M$ is spending $billions trying to do that but it’s not working.

  11. oldman says:

    “It’s also much easier to find a vulnerability in that other OS because there are so many.”

    At my place of employ I run Windows 7 x64 on a system that is on the wide open internet. Nothing between me and the baddies by the firewall in windows. I have in been running for going on two years now this way…

    Without viruses.
    Without malware.

    If you were right Pog, I should have been pwned long ago, yet I am not.

    Pog, You steadfastly refuse to have as little to do as possible with Microsoft, yet you continue to make statements like this that imply that the current version of windows is some sour of bug ridden mess that will collapse at any moment. I often read your blogs and look with wonder at the system that I am running. What am I doing right? How could I be so lucky?

    Its not luck Pog. What is happening is a combination of experience and vigilance with the fact that windows is now even better than before in many ways, security being one of them. In my experience, It is secure enough that as long as you are not stupid, you can go without any problems.

  12. It’s also much easier to find a vulnerability in that other OS because there are so many.

  13. Perhaps “7” has too little share yet to bother. I have read about many malwares effective on “7”. It could be that other layers in your system supply sufficient protection. I once worked at a place that had no malware on that other OS. It turned out that two levels up in the uplink, there was a whitelist and no one could browse to a site not on it. Someone was charging money for that. I found out it blocked access to my favourite Linux-related sites and the owners were ex-M$ people…

  14. Zombie Chan says:

    “I have worked with hundreds of PCs running GNU/Linux and have never seen malware on them. I have worked with hundreds of PCs running that other OS and it is not unusual to find multiple malwares on them. Something accounts for that. Effectively GNU/Linux is more secure. It is true there are millions of malwares for that other OS and only a few thousand for GNU/Linux.”

    Could it be your knowledge of Windows OS isn’t that great. On my network at work, all the machines running Win7 have yet to see any malware. Same goes for our Windows Servers running 2008R2

  15. Linux Apostate says:

    “there are millions of malwares for that other OS and only a few thousand for GNU/Linux.”

    In other words, I’m right?

    Why don’t you see more Linux malware? We have both said it now! In the first response I said “It is only the small market share of Linux that protects the users”. And later on you said “There are hundreds of millions of users of XP… If you are a bad guy looking for easy marks you will choose that other OS over GNU/Linux every time.”

    But this is *not* a feature of Linux, it is a feature of the current Linux market share. It does not prevent Linux malware being written, it just prevents it being profitable. The sole exception to this, again mentioned by me in the first response, is a targeted attack intended for a specific person or company. It may not be profitable to install a keylogger on your Linux computer, but it probably is profitable to install one on Sergey Brin’s. (Though he most likely uses a Mac.)

    Speaking of Mac users, they’re another group who thought they couldn’t get viruses. Even people I’d expect to know better were saying that OSX was somehow secure because of its Unix heritage. They don’t say that any more.

  16. I have worked with hundreds of PCs running GNU/Linux and have never seen malware on them. I have worked with hundreds of PCs running that other OS and it is not unusual to find multiple malwares on them. Something accounts for that. Effectively GNU/Linux is more secure. It is true there are millions of malwares for that other OS and only a few thousand for GNU/Linux.

  17. Linux Apostate says:

    That’s a different matter. You asked “Do you think all security could be bypassed in a drive-by?” and that’s the question I answered.

    Yes, security could be. No, using Linux is not in itself a defense.

  18. Nope. There are hundreds of millions of users of XP. There are tens of millions of users of XP with Internet Exploder 6. That does matter.

    If you are a bad guy looking for easy marks you will choose that other OS over GNU/Linux every time, at least for a year or two. That is an addition layer of security that users of GNU/Linux have. Another is that no version of GNU/Linux that I have ever seen executes images like that other OS. That other OS has had multiple exploits where it interpreted some graphic to be executable. That’s an open door.

  19. Linux Apostate says:

    The only “nonsense” here is the idea that Linux users are somehow protected from exploits by the heterogeneity of their platform. You’re completely ignoring the cleverness of the black hats, who find no special difficulty in targeting (say) multiple releases of Chrome. All in a day’s work.

    To indicate how absurd the reasoning here is, I could claim that Windows users are safe because (1) there are many versions of Windows and (2) not all Windows users are using the same version of the same browser with the same Flash plugin. Windows is a heterogenous platform, therefore there is no malware for Windows, QED.

  20. Nonsense. Chrome web browser comes in several releases and versions. I am using stable on one system and unstable on another and manually trigger updates with APT. People do use many different versions of Chrome. Same goes for Flash. Chrome brings along the current version.

  21. Linux Apostate says:

    Railway, there may be vulnerabilities even in the most recent and up-to-date versions of Linux software which are currently known only to the black hats. In fact, almost certainly.

    So much complacency here!

  22. Linux Apostate says:

    No Dann, all of those things follow the actual drive-by exploit. Once the exploit code is running on your computer, you have already lost. It controls your user account. It can do whatever you can do.

    Linux is not nearly as heterogenous as you think, and furthermore this heterogeneity does not actually provide much protection. For instance there is only one version of Flash and one version of Chrome for x86. And all up-to-date Ubuntu users are using the same Firefox. (I just picked Firefox as an example. It’s not the only one.)

    In short… that sense of security you’re enjoying is completely false.

  23. Dann says:

    “could be used to install a program that runs under my user account”
    “might use a privilege-escalation bug in the kernel”
    “might wait in the background”
    “it could modify something executed on startup”
    “could connect to a C&C server for remote commands and updates”

    That’s 5 POSSIBILITIES for an exploit. Now, factor in the number of distributions, configurations, applications (some don’t use firefox, chrome, etc) and things look pretty unlikely. Compared with visiting a website with Windows and getting compromised completely, GNU/Linux is looking pretty damn secure

    “The only part of this that’s hard to write is the Firefox exploit, but a Firefox exploit that works on Windows probably has an equivalent on Linux. ”
    And no.
    Firefox is vastly different on both architectures.
    Vista/7 have hardware acceleration. XP doesn’t. They use different toolkit versions. Some use 64-bit, some 32bit.
    Sounds like someone just doesn’t like firefox. Which is a shame, because it comes with adblock, flashblock, javascript block…

  24. Railway says:

    “as Sony is well aware”@.
    The Sony attack happened because of an unpatched version of apache (probably the system wasn’t properly mainteined at all) , why you don’t try to use an windows version this way? (without patching, continuous control, and all the other so called protections).

  25. Linux Apostate says:

    “Do you think all security could be bypassed in a drive-by?”

    All the security that matters. An exploit in Firefox could be used to install a program that runs under my user account. It might use a privilege-escalation bug in the kernel to gain root, or it might wait in the background, logging keystrokes until it sees a root password. But even without doing this it could modify something executed on startup to make itself persistent. And it could connect to a C&C server for remote commands and updates, and connect to other machines on the LAN. The only part of this that’s hard to write is the Firefox exploit, but a Firefox exploit that works on Windows probably has an equivalent on Linux.

    “Do you think in that event your box could then be instructed to install the malware on every other machine on the LAN?”

    Sure, why not. There have been remote holes in Linux software, this has bitten Sony recently.

  26. Richard Chapman says:

    There is a minimum level of security awareness that all computer users must possess to stay reasonably safe. GNU/Linux users with that awareness will be reasonably safe, Microsoft Windows users will not. I base that statement on the fundamental differences in the architecture of both operating systems and the differences in how they are maintained.

  27. Do you think all security could be bypassed in a drive-by? Do you think in that event your box could then be instructed to install the malware on every other machine on the LAN? That’s what this thing did. It’s not just “an exploit” but a cascade of failures, all made by M$.

  28. Linux Apostate says:

    It’s not impossible on Linux though. It could happen to you or me. A security hole in the browser, a plugin or an email client would allow it. (I do use Linux, Debian 6.0 in fact, and while this makes me feel somewhat safer than the average Windows user, I know I’m never completely safe.)

  29. Read the report. This thing exploited dozens of holes in that other OS. Everything from the Registry to the multiple APIs was exploited. Social engineering was not required. It was a drive-by exploit. There is no other OS that offers so many opportunities for malware-artists. The malware is like a virtual machine that hides behind the bloat of that other OS. The guys even patch their wonder…

  30. Linux Apostate says:

    These things are possible on Linux too. A hole in Flash or Firefox or Chrome is just as dangerous for Linux users. It is only the small market share of Linux that protects the usersm and this is still no protection at all against a directed attack, as Sony is well aware.

    And love of money the root of all evil? Strong statement! Money isn’t the only thing people desire.

Leave a Reply