Platt Perspective on Business and Technology

Botnets and social networking, and the two sides of automated systems

It often begins when you or a member of your family clicks to download a game online, or it can come from opening an attachment in an innocuous looking email, or simply from clicking to the wrong web site and having your browser set to automatically accept java and other functionally enabling web add-ons. There are a lot of ways it can happen and when it does, a small piece of software is installed on your computer and an unintended (by you) doorway into it is created. Once there, all sorts of other software can be added in too, including proxy server software for using your machine as a conduit for sending out online content – spam emails, viruses or simply bandwidth demanding bits and bytes for use in denial of service attacks. This same capability can also be used to upload software into your computer to directly attack you, such as keystroke loggers to try and capture your login and other confidential information that you might enter in through your keyboard. Computers so compromised are called zombies and collections of them are called botnets, that term derived from the expression robot networks or nets.

One of the key features here is that this extra unwanted software is cryptically named and that it is installed in out of the way places, often in the operating system where computer users do not generally go to make changes. And these files usually include software designed to limit or inactivate anti-virus and other protective software but without notifying that changes there have been made.

And botnets are formed and grow from pools of independently, opportunistically infected computers – opportunistically at least from the perspective of the specific, individual computer so infected. But at a statistical modeling level this is all planned for and for rates and levels of infection it is all but certain.

This all connects into and capitalizes on some of the basic features of how desktop computers are used and maintained and on basic human behavior. And any effective approach for limiting the development and use of botnets by their owners and handlers is going to have to do the same – be grounded in basic desktop (and also laptop and handheld) computer design and use, and at the software and human interface and usability levels and in human behavior.

Think of botnets as the user-unaware and unwilling counterpart to social networking where connectivity into networks, and sharing of information and computational capabilities takes place entirely below the surface of computer owner awareness and against their will– tapping into many of the same features of automated software update, configuration and maintenance that makes it possible for the average user to use a modern computer at all. In this regard the average home computer, or desktop or laptop office computer holds more than 100,000 software files, between operating system and software application support. The seeming straightforward simplicity and ease of ongoing functionality at the user interface depends on a virtually endless complexity of automated and transparent-to-the-user processes. Botnets capitalize on this, in infecting wide ranging collections of computers and in keeping them infected and available for outside use by tapping into these same processes.

Social networking as a conscious, choice-based process can also mean developing networks of connections, and for intentional, overt grid and shared computation efforts that can mean bringing large and even vast numbers of networked computers together to function as if one large supercomputer. Think SETI@home – the networked computer based search for extraterrestrial intelligence and similar projects for screening and examining vast numbers of potential anti-cancer drugs for predictable chemical properties.

The question here is one of how users can easily fend off unwanted botnet participation while allowing and even actively supporting intentional activity and participation in social networks and socially positive shared computational efforts.

Proxy servers in and of themselves are not always benign but they are not always malevolent either, and that same duality applies to the basic principles behind most all the other basic components of the botnet software armament as well – automated systems management and maintenance with automated patching and updates included. This brings me back to a side comment made above where I noted “having your browser set to automatically accept java and other functionally enabling web add-ons”.

• How do we get more and ideally virtually all computer owners and users to practice more prudence in what they connect to and download to their computers in stemming initial infections?
• How do we prompt those owners and users to select to automatically update their computers with security patches and other protective software updates, and particularly where they do not understand more than the basics of how their computers work?

Effective solutions to these and related problems have to be automated and would probably have to begin with the default settings and options built into the computer and its core operating system. Any solution that would require the user to be more proactive and directly, actively involved cannot work as it is a failure of so many users to take current steps to protect themselves and their computers that make botnets both possible and inevitable as things now stand. So I would argue against some of the commoner proposed solutions that are cited as necessary to this such as:

• Improved user education and
• Increased user compliance with user-directed best practices.

Advances have to be made in automating our response to the botnet problem and I add that this means actively entering into an ongoing arms race as the people and organizations behind botnets will continue to evolve their systems in response to any efforts to block them.

Social networking can help in sharing best practices information and so can reasoned, educated user decision-making in what computer owners and users do and allow. But the real issue is not with people who make basic efforts to safeguard against botnet infection and who would participate in such networking exchanges. It is with those who do not.

This is a complex and important issue and I will probably come back to it in another posting.

4 Responses

Subscribe to comments with RSS.

  1. Kelvin Froese said, on December 21, 2009 at 1:34 pm

    Really well-written article, thank you for writing about this. You have a lot of really good information on your site, thanks again! I found a brief primer on Software Testing, do you think it is any good? I’m curious about such introductory articles for someone who is thinking about getting into Testing. Visit my site if you’d like to read more.

  2. Timothy Platt said, on December 21, 2009 at 3:24 pm

    Hi Kelvin and thanks for sharing the link to this resource. It looks to be fairly good. I want to pick up on it by citing two very specific areas of software testing that I see as crucial.

    One is testing for security vulnerabilities and that is done with approaches like penetration testing. Here, you look for software that works, but that supports unintended types of activities along with the intended ones. A simple example here would be SQL injection, where text strings of the wrong length can be entered into an online form, and where it might even be possible to enter in executable code that will function in the site database, doing mischief. There are a lot of aspects to this and I will share a link with you too: http://www.owasp.org – the web site for the Open Web Application Security Project. I recommend this group very highly if you are interested in the online and software security sides to software testing.

    The other side to software testing that I would mention here is usability testing. I have a fairly significant amount of experience with this and add that one of my favorite software pejoratives is to say that a piece of software was “written by programmers and for programmers.” That is to say that it works and is bug-free at that level but that it is so awkwardly designed for its user interface and it is so unforgiving in its functionality that if you do anything besides that one functional path the programmer envisioned it will crash and burn. Real users get creative and do the unexpected. Good programmers account for that and design and build their user interfaces accordingly. I am pretty good at finding ways to break things and finding where interfaces lead users over the edge of cliffs. I see that as an increasingly important side to the larger issue of software testing per se, noting it is sometimes referred to as quality assurance or QA testing too.

    I learned the essentials to this, I add, in running a community college networked computer lab part time for a school year and working with and teaching the students there. I probably learned more than they did by studying how they used those computers and the software on them and I learned to take those lessons to QA testing situations when presented with software to evaluate and report on.

    So here is one back-end, under the hood software testing area and one front-end, user interface side to it. Software testing is an interesting, rapidly evolving area and please feel free to add more comments involving that and other areas of interest.

    Tim

  3. Fabian Cassette said, on January 2, 2010 at 12:21 am

    Thank you for the awesome post. I hope you had an amazing New Year!!. Hopefully you didn’t have to to put on your tactical body armor with all those idiots firing their pistols into the air.

  4. Bret Geibig said, on January 13, 2010 at 1:48 am

    Thank you for the well-written article. I liked it. You have a very nice website.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: