South Korea Wants To Mandate Everyone Must Install 'Security' Software To Prevent 'Zombies'

from the and-maybe-open-your-computer-up-a-bit dept

Wed, Mar 23rd 2011 10:08pm — Mike Masnick

Amelia Andersdotter alerted us to a story coming out of South Korea, where there's an ongoing effort to pass a "Zombie PC Prevention Act," which would require every citizen to install special "security software," on their computers. But, some are worried about the unintended (or secretly intended?) consequences of such an act. The Korean government will officially designate which security solutions are allowed, leading to questions about what might be in or not be in such software. On top of that, this law also has quite a backdoor for government agencies to spy on pretty much any company, because it would empower the Korean Communications Commission to "examine the details of the business, records, documents and others" of anyone, without a warrant, based merely on the suspicion that an employee or the company as a whole did not use such mandated security software.

An interesting sidenote in all of this is that just as the push to pass this Zombie PC Prevention Act came about, suddenly a hard-drive destroying malware started making the rounds, and some have noted that it acts in a manner that doesn't make any sense when you look at typical malware. Instead, it acts sort of like a "zombie," but whereas typical zombies try to remain hidden, this one does a lot to make itself known. The suggestion -- though, admittedly, with little proof -- is that perhaps someone has released such an attack in order to build up support for the law.

That may be too much of a conspiracy theory for some, but it is still worrisome that the government might mandate a particular brand of security software. It's obviously a good thing, in general, for people to secure their computers, and to try to ward off malware such as zombies. But should it really be the government's job to step in and mandate what software you put on your computer?

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: south korea, zombies

46 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 23 Mar 2011 @ 10:20pm

I think it should be from a different angle. ISP's should have more behind them in disconnecting people from Internet access until they can demonstrate that their computers are clean. Not instantly. Perhaps after three warnings. Ah, what's the point. There will always be sucker born every minute. Knock one down and a million more rise up. *sigh*

I'll just sit in a corner grumbling about forcing people to sit an exam to get on the Internet in the first place... :P
[ link to this | view in chronology ]
- Anonymous Coward, 23 Mar 2011 @ 10:24pm
  
  Re:
  But then how will we get AC's?
  [ link to this | view in chronology ]
- scarr (profile), 23 Mar 2011 @ 10:50pm
  
  Re:
  How exactly do you suggest you would prove that you don't have a virus? It's very hard to prove the non-existence of most anything.
  [ link to this | view in chronology ]
- Anonymous Coward, 24 Mar 2011 @ 3:40am
  
  Re:
  ISP: Excuse me sir. I am a representative from your ISP. Please prove to me that your computer is clean, or be forced off the 'net.
  You: Oh, it's shiny clean. I have Windows Vista you see and...
  *ISP cuts your connection*
  [ link to this | view in chronology ]
  - abc gum, 24 Mar 2011 @ 5:43am
    
    Re: Re:
    ISP: ... and there will be a $50 reconnect fee.
    [ link to this | view in chronology ]
    - Cowardly Anon, 24 Mar 2011 @ 9:14am
      
      Re: Re: Re:
      You: If I give you $100 right now can we just pretend like everything is good?
      [ link to this | view in chronology ]
  - Josh in CharlotteNC (profile), 24 Mar 2011 @ 9:13am
    
    Re: Re:
    >>*ISP cuts your connection*
    
    Well, now they can't download virus definitions or any security updates.
    [ link to this | view in chronology ]
    - harbingerofdoom (profile), 24 Mar 2011 @ 10:04am
      
      Re: Re: Re:
      pssst...
      
      ....he was saying that vista was the virus...
      [ link to this | view in chronology ]
- FuzzyDuck, 24 Mar 2011 @ 5:59am
  
  Re:
  With an exam to be allowed to get kids maybe a sucker wouldn't be born every minute?
  [ link to this | view in chronology ]
Anonymous Coward, 23 Mar 2011 @ 10:43pm

I don't know that that is much different than what legislators here have been trying to do. Just not as secretive.
[ link to this | view in chronology ]
kyle clements (profile), 23 Mar 2011 @ 10:46pm

alternate OSes
I wonder how this would affect users of alternate Operating Systems.

Would Linux be outlawed until there is an approved program for it?

What if the approved software isn't compatible with your distro?

Will this software slow down StarCraft at all?
[ link to this | view in chronology ]
- Nom du Clavier (profile), 23 Mar 2011 @ 11:03pm
  
  Re: alternate OSes
  Just run the 'scanner' in a VM so your computer knows and sends the correct secret handshake, do your real work outside of it.
  
  The question also arises what they'd classify as a computer. Would a phone (development board) at e.g. Samsung also need to have this software installed?
  [ link to this | view in chronology ]
- Anonymous Coward, 24 Mar 2011 @ 3:59am
  
  Re: alternate OSes
  Linux still has a chance of getting this "security software" ported to it, since it is popular enough. Linux on x86, that is.
  
  What about FreeBSD? Haiku? Linux on ARM? Or any of the other minority systems? What about other architectures (MIPS, Sparc, OpenRISC, ...)? What if your "Linux" system is a router (running OpenWRT)? Or a phone (like Android - an interesting one since it has completely different user space and a customized Linux kernel)?
  
  And what if you are a Linux developer? As in one who develops Linux, not one who develops using Linux? Would you be restricted in the kinds of changes you can make, so that the so-called "security software" does not stop working?
  [ link to this | view in chronology ]
  - Anonymous Coward, 24 Mar 2011 @ 1:08pm
    
    Re: Re: alternate OSes
    Plan 9
    [ link to this | view in chronology ]
- senshikaze (profile), 24 Mar 2011 @ 4:34am
  
  Re: alternate OSes
  Running Linux should be considered running "security software."
  I love that everyone says computers, but what they actually mean is "Windows computers." 99.99 times out of 100, around the globe, an infected computer is a Windows computer(and most of those are unpatched WinXP machines). The other .01% is OSX and possibly Linux. (Though I think OSX is going to be on the rise soon if Apple doesn't get their ASLR and DEP shit straight.)
  [ link to this | view in chronology ]
  - Chris Rhodes (profile), 24 Mar 2011 @ 8:04am
    
    Re: Re: alternate OSes
    Running Linux should be considered running "security software."
    
    Only if you like living with a false sense of security. When users will click "Accept" on every popup that displays itself, no OS will save you.
    [ link to this | view in chronology ]
  - harbingerofdoom (profile), 24 Mar 2011 @ 10:10am
    
    Re: Re: alternate OSes
    you are also assuming that simply because there has not been a large number of virus and exploits in linux that there would never be.
    
    a large part of why you dont really see that many issues is simply because of the smaller market share. hell, last year depending on the set of numbers you look at, win was around 90%, Apple around 4-5% and nix was round 1-1.5%.
    since most of the stuff out there these days are the rogue variety which is trying to scam you out of money, why would you even bother with dealing with a nix OS when at best you are only going to get a small fraction of the 1.5% of the systems?
    
    If you changed that however and had nix around 50% or greater of the marketshare? things would be totally different and you would then need security software on your nix system.
    [ link to this | view in chronology ]
    - Anonymous Coward, 24 Mar 2011 @ 1:13pm
      
      Re: Re: Re: alternate OSes
      Considering the linux community...if malware actually did something (remember not everyone is running the same kernel revision or even have the affected module compiled into it) a patch would probably be out within hours and most distros would have a new update within a day or so.
      
      And most linux malware doesn't attack the kernel, but rather services or programs, lowering chances even more.
      [ link to this | view in chronology ]
Lawrence D'Oliveiro, 23 Mar 2011 @ 11:10pm

Relying On Machines To Keep Themselves Clean Is A Complete Waste Of Time
- Server to PC: Are you clean?
- Malicious software on PC to server: Yes I am.
- ...now what?
[ link to this | view in chronology ]
- Jay (profile), 23 Mar 2011 @ 11:20pm
  
  Re: Relying On Machines To Keep Themselves Clean Is A Complete Waste Of Time
  PROFIT!
  
  (I couldn't resist...)
  [ link to this | view in chronology ]
  - Anonymous Coward, 23 Mar 2011 @ 11:30pm
    
    Re: Re: Relying On Machines To Keep Themselves Clean Is A Complete Waste Of Time
    This is more than profits this is about government control over its subjects.
    [ link to this | view in chronology ]
Anonymous Coward, 23 Mar 2011 @ 11:11pm

The behaviour of a computer connected to the Internet can be observed. DOS attacks or sending a large amount of email to random addresses can be easily tracked and an email informing the customer of such matters can be automated. The actual cleaning of the system and proof of being cleansed is difficult to prove, but various organisations haven't had a problem with such good faith concepts for a couple of millennia. ;P

Anyway, claims of a cleansed system can be disproved with behaviour monitoring once more. The ISP can cancel the account and the user can go to another ISP where the process can be repeated. Hopefully the user of the infected PC will get the clue eventually.

Could there be merit in such a system?
[ link to this | view in chronology ]
- Anonymous Coward, 23 Mar 2011 @ 11:29pm
  
  Re:
  In a world where distributed computing is becoming important that behavioral surveillance is meaningless.
  
  Further DDoS attacks are not random, they are directed at a fixed target, how will software differentiate high traffic on encrypted channels? also there are countermeasures for time analysis on networks that are being deployed right now.
  
  Also why punish normal people? IT personnel don't know how to deal with those things will they get punished too?
  
  It is a PITA to find fingerprints and collect a database of those(see SNORT or Metasploit)
  
  Also with a single solution for a problem people just need to compromise that single point to have access to everybody else it doesn't enhance security it weakens it. Variation is what will keep people secure in the future not single failure points.
  
  it just don't look that good for me.
  [ link to this | view in chronology ]
Anonymous Coward, 23 Mar 2011 @ 11:13pm

I would laugh but this is serious.
What is going through the minds of people to suggest such a thing?

One single solution is like one single point of failure, it doesn't make it more difficult it makes it easier to compromise and entire set of the internet. That is why I don't really think this is about security but surveillance.
[ link to this | view in chronology ]
Anonymous Coward, 24 Mar 2011 @ 1:05am

I love how people think the internet is "private communication". There isn't a more un-private thing in the universe.

The internet has never been private. In some way, everything has been traceable since day one. Get AFK, go interact face to face, and stop bitching about something that never existed in the first place.
[ link to this | view in chronology ]
- Anonymous Coward, 24 Mar 2011 @ 1:27am
  
  Re:
  Traced after it left your computer not while it was inside your computer that capability never was possible before without you being infected by something nasty.
  [ link to this | view in chronology ]
- Anonymous Coward, 24 Mar 2011 @ 3:48am
  
  Re:
  Really? I have private communications every day.
  
  You see, I use a Jabber client that allows me to use my GPG key to encrypt my messages. Also, my important emails are ciphered using that key too. Only my intended recipients can red those messages. The others, well, let's just say that they'll have to spend a million years cracking a message that says "sup!". It'll be a fun million years.
  
  I also routinely use SSH to "talk" to remote machines. It has a pretty decent encryption.
  
  There can be privacy. Please educate yourself. Knowledge is your biggest strength against the daily assaults against your rights.
  [ link to this | view in chronology ]
  - Anonymous Coward, 24 Mar 2011 @ 4:52am
    
    Re: Re:
    You encrypt? You're on the list.
    [ link to this | view in chronology ]
    - Anonymous Coward, 24 Mar 2011 @ 5:06am
      
      Re: Re: Re:
      Am I?
      
      **Code. Hack. Script. Upload. Run. Curse. Fix bug. Upload. Run. Curse. Fix typo. Upload. Run.**
      
      Check again.
      [ link to this | view in chronology ]
Anonymous Coward, 24 Mar 2011 @ 2:00am

Of COURSE it's a scam
Everyone who has even a rudimentary grasp of the current security environment -- in particular, that pertaining to Windows-based zombies -- knows that it is quite, quite impossible to secure those systems. Any minimally-competent malware author (and there are many of them) will simply code the next release of their software in a fashion that defeats/overrides the "anti-zombie" software...just like they've already coded their software to defeat/override anti-virus software.

So there is no possible way this purported anti-zombie software could actually work as claimed -- and I'm certain those pushing it know this. They're relying on the profound ignorance of the masses in order to push this on the population and thus create backdoors into every computer in the country...which of course will provide handy access for the NEXT generation of malware.
[ link to this | view in chronology ]
- grumpy (profile), 24 Mar 2011 @ 2:30am
  
  Re: Of COURSE it's a scam
  But it's the LAW! The malware will HAVE to comply! It CAN'T not comply! Unthinkable!!1!one!
  
  The thought processes (if indeed there are any) of politicians is a constant mystery to me. Women can do nothing that politicians can't do much, much better. They even fsck us more thoroughly...
  [ link to this | view in chronology ]
Michael, 24 Mar 2011 @ 4:12am

Zombie Computers Attack!
Sounds like Tim will be writing another book soon...
[ link to this | view in chronology ]
- Dark Helmet (profile), 24 Mar 2011 @ 7:29am
  
  Re: Zombie Computers Attack!
  "Sounds like Tim will be writing another book soon..."
  
  If this is in reference to me, my last completed book already dealt w/a digital intelligence utilizing a botnet to distribute brain processing workload.
  
  So...beat you to it :)
  [ link to this | view in chronology ]
expat in Korea, 24 Mar 2011 @ 4:38am

bill sponsered by...
This law is probably sponsored by V3 the really bad virus software that is incredibly popular in Korea. 2 of my past employers required it installed on laptops in order to be able to use the wi-fi. The login program for the wifi checked to make sure you had it installed.

The problem is that V3 fails to catch a large number of viruses that free software such as avast and avira catch. I know because I had a problem with one of my office computers and it was solved once I installed (unbeknownst to the it dept) avast and found 20+ viruses.
[ link to this | view in chronology ]
Shon Gale (profile), 24 Mar 2011 @ 5:25am

If people can think it, people will do it.
[ link to this | view in chronology ]
Bengie, 24 Mar 2011 @ 5:50am

Idea
Instead of cutting a customer off the web, white-list only ports 80/443 and once per hour, have a page redirect to something that says something like:

"Traffic patterns from your network indicate that one or more of your devices have Malware/Trojans. This could lead to sensitive information from your computers to get stolen including credit card and bank info. Please contact customer support on removal. During this time, your internet connection will be limited to only browsing web pages and will be throttled to 1mbit" or something like that.

There. An annoying pop-up stating to contact customer support, still having web access, but also locking down the network a lot to help reduce the zombie's ability to communicate.
[ link to this | view in chronology ]
abc gum, 24 Mar 2011 @ 5:53am

Possibly there is a shortage of human brains in Korea and the zombies are simply looking elsewhere.

IIRC, the Koreans rely heavily upon activeX. On a list of attack vectors, this is at the top.
[ link to this | view in chronology ]
Matt Polmanteer (profile), 24 Mar 2011 @ 5:58am

If you don't think that our governments would pull something like this you are crazy. The internet is to free and leading to more democratic society so they have to find someway to control it.

http://www.kontraband.com/pics/19559/Sheep-Dog-Conspiracy/
[ link to this | view in chronology ]
DS78 (profile), 24 Mar 2011 @ 6:20am

It all boils down to this. The only true means of zombie prevention is a shotgun. Doubletap kiddies.... doubletap...
[ link to this | view in chronology ]
Prashanth (profile), 24 Mar 2011 @ 6:58am

Solution: use Linux, install Microsoft Windows in a virtual machine, install that "zombie protection" in the virtualized Microsoft Windows system, and never touch it again. You have correctly and successfully installed the software, yet it is totally impotent against you. (I suppose this works on Apple's Mac OS X as well.)
[ link to this | view in chronology ]
- Bengie, 24 Mar 2011 @ 8:51am
  
  Re:
  As long as everyone doesn't go Linux/OSX. Linux and OSX both have lots of local security issues, nearly as bad as Windows.
  
  Not much harder to write an app for Linux that can by-pass security to elevate to root and take over your machine. The only difference is Linux tends to be limited to Computer literate users and virtually no one makes Linux malware.
  
  Give a reason to make Linux malware and it will come.
  
  OSX is similar, but different in that it's more of a "walled garden" and the users tend to only install what's provided via Apple.
  
  The one big thing going for Linux/Opensource is the plethora of applications that can be installed with a distro. A typically user would more than likely have an Opensource alternative instead of having to download some random app off the net from some unknown 3rd party.
  
  You still have the issue of educating an computer illiterate user on how to search for Opensource applications that they want.
  [ link to this | view in chronology ]
  - Prashanth (profile), 24 Mar 2011 @ 9:06am
    
    Re: Re:
    The issue is that Apple is even worse than Microsoft about patching security holes; they deny it for far too long. I know the Pwn2Own contests are debatable, but at least they are something: anyway, in every single Pwn2Own contest, Mac OS X is the first to get hacked, while Linux never gets hacked. That said, you are certainly right about recent malware that automatically gets root access; that's always bad.
    But the issue at hand here is the intrusion caused by this software that supposedly protects computers from becoming "zombies", in which case I think my method still works fine.
    [ link to this | view in chronology ]
Anonymous Coward, 24 Mar 2011 @ 9:43am

But should it really be the government's job to step in and mandate what software you put on your computer?

Yes!

And the government should mandate that the software be open source.

And not controlled by a world wide monopoly.
[ link to this | view in chronology ]
Amelia Andersdotter, 26 Mar 2011 @ 3:33am

@kyle clements
well, the thing is, 98% of all computers in ROK run Windows. It's an incredibly locked-in place. All the government, all the users, all the everyone use Microsoft Windows and it's already difficult just accessing government material if you don't run MS Windows. >_it doesn't really matter who released the worm, because it did go out there. If it were released by RBN it would /still/ help the government push a law it really really wants to push.

I'm not very conspiratorial but I do see bad legislation when it's heading right for me.
[ link to this | view in chronology ]
Richard M Stallman, 28 Mar 2011 @ 2:16am

Calling that imposed program "security software" is blackwhiting (a la 1984), since it is malware itself, with a backdoor that gives others entry into the user's computer.

I suspect that the program will also be proprietary software (not freedom-respecting, see http://www.gnu.org/philosophy/free-sw.html), because otherwise users could fix the malware by removing the back door. To force South Koreans to allow nonfree software on their computers is itself an injustice.

It seems more and more of what I predicted in 1997, in the Right to Read (http://www.gnu.org/philosophy/right-read-read.html), is coming true.
[ link to this | view in chronology ]
bela, 8 Jul 2011 @ 2:11am

parental control
Care4Teen helps you make sure your children stay safe while using the Internet. Our program monitors their activities and prevents access to harmful or suspicious websites. Make sure your children are protected even when you are not watching them.
[ link to this | view in chronology ]