Forum Thread: The Botnet Threat

The Botnet Threat

Many in the security industry (including yours truly) estimate that over 1/3 of all home computers are infected with bots and are part of a botnet. This enables someone to remotely control and use that system for good or ill. If these estimates are correct, over 100 million computers in the U.S. are part of some botnet. Sometimes these bots are used for spam, DDoS attacks, password cracking, proxying attacks, etc.

In a world where cyber warfare is raging every day across the planet, how dangerous are these botnets? What if these bots were used to launch a cyber warfare attack?

Imagine a scenario where a belligerent nation took control of a few million of these bots and used them to launch an attack against the infrastructure of another nation. Imagine the damage could they do to the infrastructure including communications systems, the electrical grid, e-commerce, water and sewer systems, etc.

Should these computer owners be required to clean their systems for the public good?

8 Responses

I think that whoever is infected should be required to clean out their machine(s). Whether this be just uninstalling a few files to a complete restore of the machine. How would someone know that they are part of a botnet attack before the authorities start knocking at the door? What would be some precautions to take for someone to see if they are compromised?

Joshua:

It is very hard to detect bot software on your computer and even harder to remove it. It imbeds itself in the system files and sometimes the only way to clean it is to reformat the hard drive and start all over. Prevention is really the only viable solution.

OTW

too many average computer users are just click happy and don't understand what happens when they install things to their systems from the internet. It should be required that all users both have and run (that second one is the problem, I believe) basic security software. It seems to me that the problem here is finding a way to enforce a policy such as this that doesn't infringe upon user's rights to privacy.

Matt:

I agree with you. We want everyone's machines to be clean, but how do we do that within infringing upon their privacy? Its a tough one.

OTW

I was discussing this topic with my professor the other day. Imagine the serendipity in finding this topic.

I believe there is no righteous answer to this problem. Sometimes the rights of the few outweigh the needs of the many. To that end, I'd offer an opt in program that allows the state/your ISP to routinely clean your computer of any bots.

please note, I said opt in, meaning you willingly request this service. There is an obvious double-edged sword to this system, but it does keep the country safe and minimize the threat. As everyone should be aware, the fall of infrastructure in the United States would be devastating across borders.

"For The Greater Good"

I like the idea of the opt in plan. I see 2 challenges with it though:

  1. Convincing the masses that it's a good idea. It seems as though many of them don't have a clue about basic security measures, and explaining botnets to them may not end well (I recently tried explaining cloud computing to somebody, they still don't get it)
  2. ensuring that the powers that be don't abuse it. They could then use the people who opted in and scan their systems for other things, which could be potentially deeply personal things. The other thing is ensuring that whoever is in charge doesn't try to install it on everybody's systems without telling people (IE disguising it as a windows update?) Sure, there are a few who would find out what's going on, but how long would it take?

Don't get me wrong, I do like the idea and I think it's one of the better ones. As with most things though, it'll be difficult to find an administrating group that will be honest about it.

I completely agree. It is a great idea (after all, it was mines), but it's nowhere near perfect. As long as there is the loose screw behind the wheel, no system will be perfect and I don't expect this one to be either.

I can imagine such a system being implemented in a massive bureaucratic wave that would legally require systems across the states to have it installed, but again, this is not a flaw with the system, just the men and women behind it abusing it. I generally try not to make Human nature my problem.

Use of trickery to have people install it would be illegal so I doubt that would happen, however in my lifetime, I've noticed that the United States has a tendency of making whatever they're doing (no matter how unethical and illegal) legal.

Jerallian:

Good analysis and welcome to Null Byte!

OTW

Share Your Thoughts

  • Hot
  • Active