Comments on: 1000 days of Conficker http://www.welivesecurity.com/2011/08/17/1000-days-of-conficker/ News, Views, and Insight from the ESET Security Community Mon, 03 Feb 2014 08:49:00 +0000 hourly 1 http://wordpress.org/?v=3.7 By: Aryeh Goretsky http://www.welivesecurity.com/2011/08/17/1000-days-of-conficker/#comment-3520 Thu, 18 Aug 2011 01:29:14 +0000 http://blog.eset.com/?p=9052#comment-3520 Hello Lyecdevf and David,
 
While I am a Microsoft MVP, I do not have any special insight into Microsoft's future plans for Conficker remediation in Windows 8, or, for that matter, Windows 8 itself.  Sorry if I gave you any other impression.
 
As I mentioned in the article above, Microsoft, security vendors, ISPs and many other parties have gone to extraordinary lengths to combat this worm.  Check out the Lessons Learned document hosted at the Conficker Working Group's web site.  A large part of the problem as I see it is that computer users—including those responsible for them—have not taken the proper measures to implement the prescriptive guidance, tools and education aspects needed to move Conficker from its status as a kind of "super worm" to extinction.
 
Microsoft did change the behavior of AutoRun in Windows 7, and that was due to USB-borne malware such as Conficker.  Given the continued prevalance of this worm, I hope that Microsoft can take additional steps to actually prevent the worm code from being executed by computers running the next version of Microsoft Windows.  The actual method used does not actually matter to me; I had mentioned blacklisting the password algorithms and dictionary attack used by Conficker, but some kind of software restriction policy would be fine, too.
 
I am enough of a realist, though, to know that even this will not kill the worm.  Such a change would only spread at the rate the operating system was adopted   For that matter, if you ask a tier-one ISP about legacy threats you will find out they are probably still seeing traffic from nearly decade-old worms like Blaster and SQL Slammer still transiting their networks from old, unsecured computers. 
 
What I think could be done with such a change is to create a type of digital herd immunity, lowering the number of infected hosts over time so that the outbreaks of the worm diminish to the point where Conficker can be considered extinct.  In the past 100 years, we have done this with a human disease, smallpox, through a combination of treatment and education and we may see the eradication of polio in our lifetimes.  It seems to me that with the lifetimes of computers being so much shorter than people due to technological change, we should be able to confer such extinction even sooner for malware.  After all, when was the last time you heard about a computer being infected by the Pakistani Brain, Scores, nVIR or Jerusalem viruses?
 
 
Regards,
 
Aryeh Goretsky

]]>
By: David Harley http://www.welivesecurity.com/2011/08/17/1000-days-of-conficker/#comment-3519 Wed, 17 Aug 2011 20:48:00 +0000 http://blog.eset.com/?p=9052#comment-3519 I don’t know if Microsoft is specifically focused on rescuing all those machines that are still infected with Conficker (Aryeh would know better, given his ties with the company), but MS continues to work on aspects of OS code intended to reduce its susceptibility to known threats. I agree that users should take some responsibility for their own safety, though.

]]>
By: lyecdevf http://www.welivesecurity.com/2011/08/17/1000-days-of-conficker/#comment-3518 Wed, 17 Aug 2011 20:17:22 +0000 http://blog.eset.com/?p=9052#comment-3518 I can not believe that microsoft is taking steps in future versions of windows to prevent conficker to spread.  I think users should take the proper measures to ensure there safety on the net.  

]]>