South Korea Wants To Mandate Everyone Must Install 'Security' Software To Prevent 'Zombies'
from the and-maybe-open-your-computer-up-a-bit dept
Amelia Andersdotter alerted us to a story coming out of South Korea, where there's an ongoing effort to pass a "Zombie PC Prevention Act," which would require every citizen to install special "security software," on their computers. But, some are worried about the unintended (or secretly intended?) consequences of such an act. The Korean government will officially designate which security solutions are allowed, leading to questions about what might be in or not be in such software. On top of that, this law also has quite a backdoor for government agencies to spy on pretty much any company, because it would empower the Korean Communications Commission to "examine the details of the business, records, documents and others" of anyone, without a warrant, based merely on the suspicion that an employee or the company as a whole did not use such mandated security software.An interesting sidenote in all of this is that just as the push to pass this Zombie PC Prevention Act came about, suddenly a hard-drive destroying malware started making the rounds, and some have noted that it acts in a manner that doesn't make any sense when you look at typical malware. Instead, it acts sort of like a "zombie," but whereas typical zombies try to remain hidden, this one does a lot to make itself known. The suggestion -- though, admittedly, with little proof -- is that perhaps someone has released such an attack in order to build up support for the law.
That may be too much of a conspiracy theory for some, but it is still worrisome that the government might mandate a particular brand of security software. It's obviously a good thing, in general, for people to secure their computers, and to try to ward off malware such as zombies. But should it really be the government's job to step in and mandate what software you put on your computer?
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: south korea, zombies
Reader Comments
Subscribe: RSS
View by: Time | Thread
I'll just sit in a corner grumbling about forcing people to sit an exam to get on the Internet in the first place... :P
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
You: Oh, it's shiny clean. I have Windows Vista you see and...
*ISP cuts your connection*
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re:
Well, now they can't download virus definitions or any security updates.
[ link to this | view in chronology ]
Re: Re: Re:
....he was saying that vista was the virus...
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
alternate OSes
Would Linux be outlawed until there is an approved program for it?
What if the approved software isn't compatible with your distro?
Will this software slow down StarCraft at all?
[ link to this | view in chronology ]
Re: alternate OSes
The question also arises what they'd classify as a computer. Would a phone (development board) at e.g. Samsung also need to have this software installed?
[ link to this | view in chronology ]
Re: alternate OSes
What about FreeBSD? Haiku? Linux on ARM? Or any of the other minority systems? What about other architectures (MIPS, Sparc, OpenRISC, ...)? What if your "Linux" system is a router (running OpenWRT)? Or a phone (like Android - an interesting one since it has completely different user space and a customized Linux kernel)?
And what if you are a Linux developer? As in one who develops Linux, not one who develops using Linux? Would you be restricted in the kinds of changes you can make, so that the so-called "security software" does not stop working?
[ link to this | view in chronology ]
Re: Re: alternate OSes
[ link to this | view in chronology ]
Re: alternate OSes
I love that everyone says computers, but what they actually mean is "Windows computers." 99.99 times out of 100, around the globe, an infected computer is a Windows computer(and most of those are unpatched WinXP machines). The other .01% is OSX and possibly Linux. (Though I think OSX is going to be on the rise soon if Apple doesn't get their ASLR and DEP shit straight.)
[ link to this | view in chronology ]
Re: Re: alternate OSes
Only if you like living with a false sense of security. When users will click "Accept" on every popup that displays itself, no OS will save you.
[ link to this | view in chronology ]
Re: Re: alternate OSes
a large part of why you dont really see that many issues is simply because of the smaller market share. hell, last year depending on the set of numbers you look at, win was around 90%, Apple around 4-5% and nix was round 1-1.5%.
since most of the stuff out there these days are the rogue variety which is trying to scam you out of money, why would you even bother with dealing with a nix OS when at best you are only going to get a small fraction of the 1.5% of the systems?
If you changed that however and had nix around 50% or greater of the marketshare? things would be totally different and you would then need security software on your nix system.
[ link to this | view in chronology ]
Re: Re: Re: alternate OSes
And most linux malware doesn't attack the kernel, but rather services or programs, lowering chances even more.
[ link to this | view in chronology ]
Relying On Machines To Keep Themselves Clean Is A Complete Waste Of Time
[ link to this | view in chronology ]
Re: Relying On Machines To Keep Themselves Clean Is A Complete Waste Of Time
(I couldn't resist...)
[ link to this | view in chronology ]
Re: Re: Relying On Machines To Keep Themselves Clean Is A Complete Waste Of Time
[ link to this | view in chronology ]
Anyway, claims of a cleansed system can be disproved with behaviour monitoring once more. The ISP can cancel the account and the user can go to another ISP where the process can be repeated. Hopefully the user of the infected PC will get the clue eventually.
Could there be merit in such a system?
[ link to this | view in chronology ]
Re:
Further DDoS attacks are not random, they are directed at a fixed target, how will software differentiate high traffic on encrypted channels? also there are countermeasures for time analysis on networks that are being deployed right now.
Also why punish normal people? IT personnel don't know how to deal with those things will they get punished too?
It is a PITA to find fingerprints and collect a database of those(see SNORT or Metasploit)
Also with a single solution for a problem people just need to compromise that single point to have access to everybody else it doesn't enhance security it weakens it. Variation is what will keep people secure in the future not single failure points.
it just don't look that good for me.
[ link to this | view in chronology ]
What is going through the minds of people to suggest such a thing?
One single solution is like one single point of failure, it doesn't make it more difficult it makes it easier to compromise and entire set of the internet. That is why I don't really think this is about security but surveillance.
[ link to this | view in chronology ]
The internet has never been private. In some way, everything has been traceable since day one. Get AFK, go interact face to face, and stop bitching about something that never existed in the first place.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
You see, I use a Jabber client that allows me to use my GPG key to encrypt my messages. Also, my important emails are ciphered using that key too. Only my intended recipients can red those messages. The others, well, let's just say that they'll have to spend a million years cracking a message that says "sup!". It'll be a fun million years.
I also routinely use SSH to "talk" to remote machines. It has a pretty decent encryption.
There can be privacy. Please educate yourself. Knowledge is your biggest strength against the daily assaults against your rights.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
**Code. Hack. Script. Upload. Run. Curse. Fix bug. Upload. Run. Curse. Fix typo. Upload. Run.**
Check again.
[ link to this | view in chronology ]
Of COURSE it's a scam
So there is no possible way this purported anti-zombie software could actually work as claimed -- and I'm certain those pushing it know this. They're relying on the profound ignorance of the masses in order to push this on the population and thus create backdoors into every computer in the country...which of course will provide handy access for the NEXT generation of malware.
[ link to this | view in chronology ]
Re: Of COURSE it's a scam
The thought processes (if indeed there are any) of politicians is a constant mystery to me. Women can do nothing that politicians can't do much, much better. They even fsck us more thoroughly...
[ link to this | view in chronology ]
Zombie Computers Attack!
[ link to this | view in chronology ]
Re: Zombie Computers Attack!
If this is in reference to me, my last completed book already dealt w/a digital intelligence utilizing a botnet to distribute brain processing workload.
So...beat you to it :)
[ link to this | view in chronology ]
bill sponsered by...
The problem is that V3 fails to catch a large number of viruses that free software such as avast and avira catch. I know because I had a problem with one of my office computers and it was solved once I installed (unbeknownst to the it dept) avast and found 20+ viruses.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Idea
"Traffic patterns from your network indicate that one or more of your devices have Malware/Trojans. This could lead to sensitive information from your computers to get stolen including credit card and bank info. Please contact customer support on removal. During this time, your internet connection will be limited to only browsing web pages and will be throttled to 1mbit" or something like that.
There. An annoying pop-up stating to contact customer support, still having web access, but also locking down the network a lot to help reduce the zombie's ability to communicate.
[ link to this | view in chronology ]
IIRC, the Koreans rely heavily upon activeX. On a list of attack vectors, this is at the top.
[ link to this | view in chronology ]
http://www.kontraband.com/pics/19559/Sheep-Dog-Conspiracy/
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Not much harder to write an app for Linux that can by-pass security to elevate to root and take over your machine. The only difference is Linux tends to be limited to Computer literate users and virtually no one makes Linux malware.
Give a reason to make Linux malware and it will come.
OSX is similar, but different in that it's more of a "walled garden" and the users tend to only install what's provided via Apple.
The one big thing going for Linux/Opensource is the plethora of applications that can be installed with a distro. A typically user would more than likely have an Opensource alternative instead of having to download some random app off the net from some unknown 3rd party.
You still have the issue of educating an computer illiterate user on how to search for Opensource applications that they want.
[ link to this | view in chronology ]
Re: Re:
But the issue at hand here is the intrusion caused by this software that supposedly protects computers from becoming "zombies", in which case I think my method still works fine.
[ link to this | view in chronology ]
Yes!
And the government should mandate that the software be open source.
And not controlled by a world wide monopoly.
[ link to this | view in chronology ]
@kyle clements
I'm not very conspiratorial but I do see bad legislation when it's heading right for me.
[ link to this | view in chronology ]
I suspect that the program will also be proprietary software (not freedom-respecting, see http://www.gnu.org/philosophy/free-sw.html), because otherwise users could fix the malware by removing the back door. To force South Koreans to allow nonfree software on their computers is itself an injustice.
It seems more and more of what I predicted in 1997, in the Right to Read (http://www.gnu.org/philosophy/right-read-read.html), is coming true.
[ link to this | view in chronology ]
parental control
[ link to this | view in chronology ]