Google Bug

First the Google bug. At about 9.00am Central time this morning every search on Google I did came back with the message “This site may harm your computer.” It was clear that this was probably happening at every Google site  all over the world. It wasn’t clear immediately what the problem was. Two possibilities immediately suggested themselves:

1. Someone had hacked Google
2. It was a bug buried somewhere in the Google Search Engine

It could have been be a combination of both I guess, but it has now emerged that it was the second of these two. It was also quickly corrected – news reports suggest that the problem lasted for an hour. Google has a program routine that detects sites that try to infect you with malware and, as a public service, it highlights the danger in its search results and directs you to a page that explains why the site is being blocked. Clearly this program had been changed but inadequately tested.

The Value of Twitter

So when I was surfing this morning it proved impossible for me to get to any of sites through Google Search although it was possible to get to News sites using Google’s News search. News sites at the time had no postings describing the problem so I went to the Twitter/Yahoo mashup site which marries news postings to recent tweets and there was one story that explained simply what I knew; that Google was Donald Ducked in some way.

So I then went to Twitter and followed the “Google is broken” conversations, which were mostly a display of schadenfreude, complete with claims that “commercial operations would never trust Google again.” Guess I better sell my Google shares.

A later posting on Twitter told me that:

“Google blogged that they added a “/” to the list of bad sites. So all sites matched the bad site list.”

So it wasn’t even a software error, it was a simple human error. I’m just glad I’m not the person who made that simple error.

The phrase comes from a poem by W B Yeats, which is worth repeating one to another until every man with a heart has heard it. If it does not touch you today, it will surely touch you some other day….

Sailing To Byzantium

That is no country for old men. The young
In one another’s arms, birds in the trees
- Those dying generations – at their song,
The salmon-falls, the mackerel-crowded seas,
Fish, flesh, or fowl, commend all summer long
Whatever is begotten, born, and dies.
Caught in that sensual music all neglect
Monuments of unageing intellect.

An aged man is but a paltry thing,
A tattered coat upon a stick, unless
Soul clap its hands and sing, and louder sing
For every tatter in its mortal dress,
Nor is there singing school but studying
Monuments of its own magnificence;
And therefore I have sailed the seas and come
To the holy city of Byzantium.

O sages standing in God’s holy fire
As in the gold mosaic of a wall,
Come from the holy fire, perne in a gyre,
And be the singing-masters of my soul.
Consume my heart away; sick with desire
And fastened to a dying animal
It knows not what it is; and gather me
Into the artifice of eternity.

Once out of nature I shall never take
My bodily form from any natural thing,
But such a form as Grecian goldsmiths make
Of hammered gold and gold enamelling
To keep a drowsy Emperor awake;
Or set upon a golden bough to sing
To lords and ladies of Byzantium
Of what is past, or passing, or to come.

“Thou hast shown us terrible things and wonders in the deep.”

A Sorry Tale

Quite a while ago I worked on trading systems in the City of London, so I got to observe the banking world in action. The golden boys of banking were the traders, who (in the 1990s) were often “barrow boys” rather than college graduates – in those days, the markets were “open outcry” rather than “smart algorithm.”

The financial world was – it seemed to me – only mildly corrupt. For example, it was common knowledge that many of the golden boys regularly snorted coke. It was even said that a good proportion of bank notes in circulation in London had traces of cocaine on them, because snorters would roll up bank notes to improvise a straw. But hey, boys will be boys. No doubt the golden boys of Wall St were also enthusiastically “chasing the dragon” and “sinking the 8 ball” .

The financial gladiators liked coke because it raises blood pressure, increases energy and promotes mental alertness. Also they could afford it. The longer term effects of cocaine are: restlessness, hallucinations, mood disturbances, erratic behavior and financial collapse. The financial collapse is usually preceded by antisocial behavior – to wit;  lying, cheating and stealing.  Can you see where I’m going with this…

Bank of America, the new owners of Merryl Lynch, having received tens of $billions in TARP bailout funds, i.e. tax payer dollars, signed off on $4 billion worth of Merryl Lynch executive compensation (in a quarter where Merrill suffered a $15 billion loss.)

There are actually no words in our language to adequately describe the behavior of the CEOs of America’s banks. Their behavior is so breathtaking, that we are struck silent, like Bedouin caught in a blizzard.

In December, the major US banks paid an estimated $18.4 billion in bonuses while making record losses.

Struck silent.

In the last 12 months, the major US banks posted losses exceeding the profits they made in the last 25 years.

So much for the golden boys. They’re golden only in their capacity to receive wealth. And they’re not done losing money yet. The banks will certainly pile up more losses as the current credit crunch crunches away. However, it wasn’t the golden boys of Wall St who destroyed the US economy and put the global economy in peril, it was their chums in the GOP.

Prologue

I received an email which began…

I was poking around on your site and found a pointed-to G-Drive article interesting and then subsequently realized that the site provides no obvious place to comment on such, as for blogversation.  Am I missing some kind of comment board page or am I correct in thinking that at this time the only response space is that in each blog entry?

Response: Right now it’s article by article. I hadn’t thought of having a “general comments” area.

The email was from Tim Negris and I’m posting his comment here because I thinks it merits it.

About the G-Drive

As is so often the case, a perfectly good common technical epiphany, one with many angles and opportunities, gets perverted into the same old Google versus Microsoft versus Apple story.  Google is the fattest ape in the cage, OK, we get that.  But Moore’s Law says that the size of bananas is exponential.

There is much more to be said about the Consumer Storage Cloud than that Google will own it.  For starters, they won’t.  They will just own a big piece of it, as will Microsoft and Apple, and if Google can really mount a credible desktop/runtime, a bigger piece.  Much of the discussion of this topic focuses on storage and its econometrics, ceding an edge to Google because of their server mass.  A more interesting question than who can manage your storage is who can manage your virtuality.

The Virtuality Tease

At the moment, it might be hard to tease the two apart because the extant cases all repeat the crime of basing a new interface on the mechanics and semantics of the previous one.  In this case, a LapLink cable.  (Remember Traveling Software and their brightly colored parallel and serial cables in your giant laptop bag.)  Virtualizing personal information assets across devices through synchronous archiving and replication of files is, like Windows and Boy George, so 1980’s.

It doesn’t take much account of the differences between devices regarding purpose and capacity, nor does it have any notions of place, connection modality, and others.

The winner will be the one who does the best job delivering a seamless experience, not just in terms of files and messages, but also in terms of:

• time (calendar)
• task (to-do list)
• place (Twitter/GPS)
• activity (blog/Facebook)
• etc.

E.g. I take a picture or make an entry on my smartphone and it simultaneously goes to a storage archive, a Facebook page, an email message, and/or the LCD display on my Samsung refrigerator.  That would be getting somewhere.

You probably know the answer already, but before I go into the sorry state of affairs in the IT Security world, let’s have some facts:

The Conficker worm a.k.a. Downadup and Kido, is an RPC attack that emerged last October. As viruses go, it is a well-written and well-conceived using multiple attack vectors and hiding itself well. It exploits a Windows server service (SVCHOST.EXE) vulnerability which can allow remote code execution when file sharing is enabled – hence the virus is a worm. In October 2008 Microsoft released an emergency patch (MS08-067) to fix the problem, but here we are in January 2009 and estimates suggest that about 30% of Windows machines have still not had the patch applied, which means that there are over 100 million PCs still vulnerable.

Conficker can also spread via removable drives and it also does a little bit of brute force password cracking to gain access to machines across a network.  Aside from that, it a polymorphic worm just like the Storm worm of early 2007 (polymorphic means that it keeps changing itself so that it’s difficult if not impossible to detect by signature. Also like the Storm worm, which it clearly looks up to, it is building itself a botnet. But get this; infected PCs are instructed to contact one of 250 Web addresses and the list keeps changing so ISPs can’t block it. The worm also disables some security products and some system services including email. Microsoft has made a cleanup tool available to fix infected machines, but the worm blocks any attempt to get at this via the Internet.

How many machines have been infected?

“Who knows” is the answer. Initial reports suggested 1 million, then another source suggested 2.5 million, but that was quickly trumped by claims of 9 million soon to be outdone by reports of 10 million, which may just have been someone rounding the 9 million up for the joy of printing an 8 digit number. F- Secure then steamed in and estimated that the figure was in fact 15 million and it wasn’t long before everyone and his pet parakeet were claiming that 20 million computers had been infected.

Antivirus experts now agree that the number is definitely big, so their PR machines are working over time as they try to get the names of their companies mentioned in stories about the worm. I wonder, for example, how much F-Secure paid to get mentioned in this posting? I wonder if I’ll get mentioned in other postings, if I say that the number of computers infected is actually 25 million. Yep. That’ s the probably the figure.

So: 10 Reasons Why Another Internet Worm Was Even Possible

You may be thinking that the billions of dollars paid every year to AV vendors (at least $4 billion) results in the best IT security minds in the world working on the problem of preventing worms like this ever getting to infect a thousand computers, never mind tens of millions of them. So why didn’t they stop Confiker? Here’s 10 reasons why:

1. They best IT security minds in the world don’t work for AV companies.

2. Companies that could have and, perhaps, should have downloaded Microsoft’s patch didn’t. They hesitated to do so because the patch might have interfered with other software that they run. They chose to wait for other companies to be the crash-test dummies. In this instance, that was the wrong call. It’s not always the wrong call. There’s something wrong with this system. Kick the tires and a wheel falls off.

3. Many companies depend upon AV technology to stop this kind of infection. AV technology is an inadequate defense. Signature based AV technology is completely inadequate to combat this worm. Other AV products that have behavioral features may be able to stop it.

4. As an aside have you ever read reports of an AV test where any of the products stopped 100 percent of the viruses used in the test? What does that tell you?

5. Unfortunately, virus writers are just as able to buy AV products as everyone else – although doubtless they steal them rather than buy them. They test their viruses against these products before releasing the virus so they know they’ll get past the initial virus defense.

6. Worms are particularly pernicious in their ineffectiveness because they work at software speeds. This means that when they find an opening they infect at a very high rate. Meanwhile the AV vendors who are trying to combat the latest threat may spend days getting something into their product that works. The worm works faster than they do.

7. Botnets are very valuable. You can rent them out to other cybercriminals at roughly 20 cents per PC per day if you’ve got a Black Hat business network in place. And no-one’s going to be surprised if the authors of Conficker have such a network. A sustainable botnet of a million computers is worth roughly $10 million per year in recurring revenue – not in the league of  a Bernie Madoff Ponzi scheme, but still “a nice little earner.”

8. The perpetrators of Conficker will not get caught. Say, when was the last author of a major virus that cost companies a fortune in remediation expenses actually caught?

9. There is technology that stops this kind of malware stone dead. It’s called whitelisting technology and it comes from companies like Bit9, CoreTrace and Lumension. The take-up of this technology has been relatively slow, but it is gaining traction. Some AV companies like Kaspersky and Symantec are using it. Once it becomes widespread, it will stop this sorry mess.

10. Too few people and businesses use MACs.

For more information on the failure of AV technology follow this link: AVID.