Helping people with computers... one answer at a time.

Botnets seem to be everywhere, and have become the single greatest source of spam and other malware transmission. Is it hopeless? Not at all.

The "Money Section" in USA Today recently had a cover story about the exploding negative influence (attacks, whatever) of Botnet scams and related evil-doings. The thrust in part seems to be that our current malware and virus protections may be woefully inadequate. Do you have an opinion about this expanding threat that you'd like to share with your faithful readers? How might we give ourselves greater protection from what is clearly an insidious attack by those who wish to use the Internet for their own gains - illicit in the extreme?

The article in question, "Botnet scams are exploding" gives a fairly broad overview of how botnets operate, and the massive amounts of illicit activities that occur because of them.

My opinion? Simple:

Computer users don't take security seriously enough.

Please understand that I'm not trying to blame computer users. Far from it, botnet operators and the people that profit from them are the real culprits here.

But the fact of the matter is that computer users are, in general, too unaware, too lax, and too unwilling to be educated about or inconvenienced by security measures.

I totally understand that in an ideal world, they shouldn't have to be. But the fact is this is not an ideal world. The pragmatic reality is that users must become more security conscious.

I believe:

  • ... that the number of machines that are unprotected by any kind of firewall is surprisingly large.

  • ... that the number of machines unprotected by any kind of anti-virus and anti-spyware software would also surprise you.

  • ... that the number of people who have anti-virus and anti-virus software installed whose databases have never been updated would shock you.

  • ... that the number of machines that have not once taken any update to Windows or Windows components is huge.

  • ... that the number of people who'll click on links or open attachments from unknown sources is also depressingly large.

"I would love to have a car that never, ever needed maintenance, would never be broken into, and would always work flawlessly. That car doesn't exist. ... The same is true with your computer."

All those factors, together, make for what can only be described as a "target rich environment" for malware and botnet operators out there. It's really no wonder that the problem is as bad as it is.

I also believe that the people who need to know about all this are the folks least likely to be reading this article. They have no interest in learning about this stuff - which, as I said, I totally understand. They just want to get their job done; they just want to use, not maintain, their computer.

But there's simply no substitute for knowing enough to keep your computer safe. In my opinion, it's an absolute requirement to using a computer these days. It's "part of the job".

I look at it like owning an automobile. I would love to have a car that never, ever needed maintenance, would never be broken into, and would always work flawlessly. That car doesn't exist. You must maintain your car, or it will break down. You must lock your car when you visit an unknown neighborhood, or you run the risk of vandalism or theft. Sometimes things on your car break, and you have to get them fixed.

The same is true with your computer. You must take steps to keep it safe.

And too many people do not.

As a result, we have massive botnets, tons of spam, and constant virus and spyware attacks.

So what, pragmatically, can be done?

I know a lot of people lay the blame on Microsoft for writing sloppy software. I do and I don't. They're a big and easy target, both for nay-sayers and for malware authors, but to point the finger at only Microsoft is both naive and unrealistic. Could they do better? Should they do better? Of course. But expecting perfection, from any software, expecting Microsoft to "just fix it" ... well, that's not a very realistic solution to the problem we're facing today.

In my opinion the real, pragmatic response is to keep educating computer users on what it means to operate their computers securely. As computer users we are the first line of defense. We're also the ones that ultimately pay the price when things go wrong, so it's in our own best interest to make sure we're being as secure and safe as we possibly can be.

If everyone followed all of the commonly accepted practices for computer security:

  • get behind a firewall

  • run anti-virus software and keep it up to date

  • run anti-spyware software and keep it up to date

  • keep their computer software, particularly their operating system, as up to date as possible

  • take responsibility for their own actions and get educated, learning to recognize what is and is not "safe"

botnets and other threats would not disappear. But they would be dealt a serious blow, and the problem would not be nearly as massive as it appears to be today.

And even though it seems daunting, it doesn't have to be. Most everything in that list is one-time, and/or automatic. And I can tell you with certainty that it works.

The hardest part? Getting folks to accept the need for a little education.

Article C3325 - March 19, 2008 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

4 Comments
Steve
March 23, 2008 1:28 AM

Amen Leo! The fact that people do, or don't do, I should say, the things you mention, and I take for granted, is beyond my comprehension. The worst part is they insist on attempting to contact me. All correspondence is immediately deleted.

Jimmy Anderson
December 10, 2008 12:34 AM

Great article for the lazies out there. It's strange there are so many good articles on how to protect your computer but really nothing on how to get rid of hidden code on your computer that makes it part of the botnet. Strange indeed.

Not strange at all. The problem is that there is no single guaranteed way of removing an infection, short of reformatting and reinstalling everything from scratch. You can try running anti-malware software, and there are sometimes instructions for manual removal of a specific infection, but each is different, and there's no guarantee that it'll work. Protection is by far the less costly, least time consuming approach.
- Leo
10-Dec-2008

James
September 8, 2009 8:04 AM

Does this article apply only to Microsoft operating systems?
Is the GNU/Linux subject to these attacks and intrusions?

Yes and no. Windows is by far the biggest target, and therefor the one most likely to get hackers attention. However other OS's are not immune. In fact the only time I've personally ever been hacked was my Linux based server some years ago.
Leo
09-Sep-2009

rehelton
July 23, 2012 6:25 PM

I was reading the question and your answer to someone wantiing to know about how to hide or maybe "spoof" their IP address. Which led to spamers and bots that infect unprotected computers which become the mechanism for sending the spam. My uestion is, the bots get their instructions from the bot "master" who has an IP address. Would it be possible to get the IP address of the instructing machine. I would suspect that the bot master may put some kind of "security" in his bot to insure that the bots instructions are comming from the right controller. Possibly a password, security code inbeded in the instruction, hash code, etc. But at some point the instruction has to originate from some point.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.