jnazario writes "As a computer security professional, one of the things I notice is that for our proposals to be effective, they often require the participation of the vast majority of computer users out there. Almost all of them are not computer security professionals, so it's imperative that our methods be usable by the non-professionals. What makes this even worse is that most computer users are not terribly savvy about what they're using. Terms like hard drives and memory don't mean anything to them, and a browser is just a window to the internet. A computer is a tool for information use, not an end in itself. So, a book like Security Alert: Stories of Real People Protecting Themselves from Identity Theft, Scams and Viruses sounded like it had real promise." Read on for Nazario's review of the book.

michaelzhao writes "The ALA (American Library Association) recently published the new 100 most frequently banned books list of 2003. Of the banned books, Harry Potter was in the number 7th place in the most frequently banned. Also included were 'Where's Waldo' and 'The Giver' along with 'Goosebumps' and 'How to Eat Fried Worms.' These books were banned from various public institutions. This means that they were banned from various public libraries and public schools around the nation. (private schools, libraries, and institutions of higher learning don't count) The ALA encourages the people of the United States to fight against the book bans and read a banned book today!"

Raymond Lodato writes "Where do I begin? Oh yes! If you are a teenager who uses computers, or the parent or guardian of a teenager who does, buy Always Use Protection, by Dan Appleman! Let me take a little time to explain why." Read on for the rest of Lodato's review.

UnderAttack writes "The Internet Storm Center published a graph showing historic trends for the "Survival Time" of unpatched, unprotected (windows) computers connected to the internet. Turns out, this number dropped from about 40 minutes last year, to 20 minutes this year. The survival time is calculated as the average time between reports for an average target IP address. If you are assuming that most of these reports are generated by worms that attempt to propagate, an unpatched system would be infected by such a probe. The data is collected from a large number of networks with different types of upstream protection. So if you are on an unprotected cable/DSL line, you may see probes much more frequently. Either way, 20 minutes is not long enough to download patches. The Honeynet Project did publish a paper with some stats back in 2001."

arpy writes "According to a report produced by anti-virus software provider Sophos, 70% of anti-virus activity in the first half of this year can be blamed on Sven Jaschan, an 18-year-old German who wrote the Netsky and Sasser worms. According to the report, "Sasser claimed the top spot of the virus chart, in spite of the raging battle between the widespread Netsky and Bagle worms." The Register has a good summary of the report."

Chuck1318 writes "MSNBC reports the discovery of a species of bone-eating worms that live on whale carcasses on the sea floor. The female worm grows "roots" into the whale bones, which contain bacteria that help the worm digest fats from the bones. The tiny males live inside the female, sometimes over a hundred inside a single female. Whale falls provide important oases of nourishment on the sea floor, somewhat analogous to the communities of life around hydrothermal vents."

andrew_ps writes "Amit Singh has published on his KernelThread.com a paper (mini book really) on computer security. A Taste of Computer Security is a VERY comprehensive paper in what it covers, but is remarkably easy to read. This is not some list of "sploits" though! Topics covered include popular notions about security, types of mal-ware, viruses & worms, memory attacks/defences, intrusion, sandboxing, review of Solaris 10 security and plenty of others. Most notably it includes probably one of the most fair and intelligent analysis of the Unix-Vs-Windows security issue that I have ever seen."

gwernol writes "Slate has a well-written article on 'white knight" worms like Nachi that attempt to automatically patch security holes; Nachi try to patch the hole that MyDoom exploits. The article calls for Google and others to incent White Hat programmers to create better White Knights. But are 'good viruses' really a good idea? Nachi created almost as much bandwidth congestion as MyDoom. Do we really want programs jumping onto our systems and 'fixing' them without permission? What about a socially engineered worm that claims to be doing good?"

CWitz writes "I'll be honest: I'm not terribly technical. In fact, I'll probably have to get someone to help me add in the tags necessary to convert this review to readable HTML. But what I lack in technical skills, I more than make up in apprehension about the darker aspects of the internet. When I get an unexpected e-mail, I'm sure it's from some identity theft villain full of virtual lock picks just dying to snatch all my private information. John Bigg's new book Black Hat: Misfits, Criminals, and Scammers in the Internet Age is an entertaining and educational book that provides me with more than enough information about how to protect my vulnerable computer." Read on for the rest of his review; it's not aimed at experts, but Scott makes it sound like a good read for the interested layman.

Tuxedo Jack writes "The Register reports that the new Atak worm cannot be analyzed or debugged by antivirus companies without quite a bit of work, due to the author being sloppy with his or her code. Windows machines, as per the norm, are the only vulnerable ones, and it still requires user intervention to infect. Perhaps future worms will start including this 'bug' in their releases. We can only hope not." It doesn't sound like a bug at all, from the virus writer's perpective.

narzy asks: "To me one of the most important steps to keeping a computer secure is keeping the systems software up to date. The problem I run in to is that more and more of the applications in everyday use are web enabled in some context or another, making them high targets for attack and exploitation. I am beginning to find it difficult to keep clients computers completely up to date. I find that applications that have an auto update such as my anti-virus Nod32 which updates every day on its own a real blessing. It's a feature that is an option but and option that I personally wish was in a lot more software. Windows has this feature (so does Linux if you want it to) however in the case of Windows it's not exactly all that consistent. Unfortunately it opens another can of worms that isn't so enjoyable that being companies who abuse such a system for advertising purposes, modifying the software in such a way to reduce or change its functionality either because of internal decisions or external pressures from 3rd parties, compromise and abuse of the server the company uses to distribute the updates. But is it worth the added risk to know that 95%+ of the time your software is up to date? It's not a cure all but is it or is it not better then a reactive approach?"

Thanks to Yahoo!/Reuters for its story revealing videogame publisher Acclaim Entertainment has announced a quarterly loss of $25.4 million, and warned of possible bankruptcy, since "needs new cash to replace a financing agreement... that expires on Aug. 4." Apparently the company "has signed a letter of intent with a different lender to borrow up to $30 million but the deal has not yet been completed." The long-standing publisher has also recently been sued by the Olsen Twins, although it still lists upcoming titles as including 100 Bullets, The Red Star, Worms Forts: Under Siege!, and Interview With A Made Man. Update: 07/03 01:34 GMT by S : Acclaim's 10-K financial statement reveals "notification from The Major League Baseball Player's Association (MLBPA) that we were late in making certain royalty payments and our license was terminated", and "due to failure to make certain royalty payments relating to the videogame title Turok: Evolution... our [Turok intellectual property] license agreement with Classic Media was terminated."

bernie writes "It seems the US is not the only country with spyware legislation in the works. According to this Computerworld article, a bill outlawing the 'harvesting without consent corporate or personal information via a Web site or with software applications for marketing purposes will be classified as 'spyware'' and is set to go before parliament later this year. In addition to making all 'spyware' opt-in the bill will cover 'malware' such as viruses, trojans, and worms. Interestingly, the article cites lack of 'international cooperation' as a barrier to effective enforcement of cyberlaws. Also included is a statement from the EFF that it 'would like to see a more serious effort made to use existing laws against unfair trade practices, misrepresentation, computer fraud and abuse, before new technology-specific laws are passed'."

wdebruij writes "According to this source (unfortunately in dutch), a number of dutch ISPs are bundling their forces to fight the spread of worms. The technology, called virbl, blocks all accesses from IP addresses from which at least 2 worms were sent for 24 hours, naturally excluding known large email servers. Background info on the project can be found at the developers' project site. So, does anyone have useful remarks on why this may succeed or fail? It appears to me as a simple to implement yet powerful, albeit stopgap, solution."

Mz6 writes "InformationWeek reports that Sophos has analysed and protected against 959 new viruses in May, this is the highest number of new viruses discovered in a single month since December 2001. From Sophos' own TopTen list they continue on to say that the 'Sasser and Netsky worms may have captured the headlines. ...May has seen a noticeable spike in cybercriminal activity, suggesting that even the arrest of Sven Jaschan ...has done nothing to curb the problem.'"

applemasker writes "Slate.com has an article titled Feed The Worms Who Write Worms to the Worms which argues based on economic theory (and somewhat tongue-in-cheek) that it is a 'better investment' to execute the creators of worms, virus and trojan authors, than murderers. Anyone who has tried to resurrect a network or computer after a nasty infection may agree. Although the author does not seriously argue for capital punishment for the script kiddies, it does raise some interesting issues about how much 'value' society puts on certain types of harm and the author's view of a government's role in protecting us from it."

latif writes "Microsoft has set aside a $5 million fund for paying off informants on malware authors. In my opinion a good chunk of this money deserves to be paid to individuals who help catch the Microsoft employees behind the design of Windows Registry and Windows Update. As I found out, the two mis-features work together to deprive Windows users of all protection from malware. The details of my experience are in the article Why Windows is a Security Nightmare." In a related story, Anonymous Wussie writes "This guy had family with a problem: A Windows XP computer hit by worms that couldn't stay on-line long enough to get patched. His solution? A CD. This article describes the custom made CD he sent to his family member with patches, tools, and instructions to make a fresh install of Windows XP Home Internet safe. I know I'll be doing this in the future."

This almost turned into a "State of the Wine Project" discussion, but that's where your highest-moderated questions led, and Jeremy responded with his usual wit, wisdom, and candor.

Auzy asks: "Originally I thought that the implementation of a system in Linux which could automatically locate and install drivers would revolutionize Linux usability, however, there has been some strong negative feedback, including comments such as that it will kill open source drivers in Linux, and that even a system which employs digital signatures could never be secure enough to stop worms. I believe the opposite, and now I want to know from the Slashdot crowd, if they think I should drop the project now and potentially save Linux from possible security problems, or if I am right in saying that potential problems can be avoided, and that this system can become successful."

tritone writes "According to this article on CNET, it was a reward from Microsoft that led to the arrest of the perpertrator of the Sasser Windows Worm. This is the first success for Microsoft's Antivirus Award Program, a $5 million fund to reward people for coming forward with information about those who release major worms and viruses."