Five reasons DNSChanger victims deserve to lose the internet
Summary: The FBI's shut-down of temporary DNS servers will rid the internet of those infected by DNSChanger, and it will be a better place because of it.
DNSChanger tricks computers into connecting to rogue DNS servers, which point certain domain names to IP addresses of their choosing. For instance, these rogue DNS servers could point Google.com to a malicious site without the user knowing. Those infected with the malware rely on these servers for their connection. Although the FBI commandeered the rogue servers and corrected the DNS records, it isn't fair to expect it to do this forever, and at 2pm AEST on 9 July, it will rightfully shut them down. According to the Australian Communications and Media Authority (ACMA), this will leave around 6000 infected Australians in the dark.
And you know what? These users probably deserve it. I'll give you five reasons why.
1. Users have been given fair warning
We've known about this issue for ages now, and the amount of groups that are warning users is absolutely staggering. The FBI has obviously made some noise, but in Australia, the ACMA has chimed in, and technology sites like ZDNet have been canvassing the issue for months.
You also can't say that only the technologically savvy have heard of DNSChanger. Both of Australia's own mainstream media outlets have published articles on DNSChanger in the past, and, internationally, there has been action by Google and Facebook to warn users.
If they've never used Google or Facebook on the internet before, I doubt they'll miss it much when it's seemingly gone.
2. There are free tools for DIY detection
It's not difficult to detect. ACMA, the Computer Emergency Response Team Australia and Stay Smart Online have created a DNSChanger diagnostic site that tells you (with a certain margin of error) whether you're infected in a single click. Need another language? Fine. How about the same thing in German, Finnish, Swedish, double Dutch or French?
And when it comes to removal, just about every antivirus firm has a free, automated tool to fix the problem.
3. The deadline has been extended
There's no excuse for not being prepared. The original date for the plug to be pulled on the commandeered DNS servers was 8 March, but this was extended by four months. Four months is more than enough time for someone to download a free patch.
It's not a complicated problem; it doesn't actually require any working knowledge of how DNS works, or even what DNSChanger is to fix it, and it certainly doesn't take ages to implement.
4. DNSChanger victims are dangerous
So far, we know this: DNSChanger victims either don't use the internet themselves, or they ignore warnings that they're infected. They've ignored the huge number of free tools for detecting it, and in all likelihood don't run a good antivirus application. Had the deadline not been extended, they wouldn't have done anything about it in the first place.
This means that they're the sort to not know they're part of a hacktivist-controlled denial-of-service botnet, an email-spamming scheme, a host to malware that can be passed to other users or a combination of all of the above. In short, they're a danger to others on the internet. On the highway, they're the owner of that unmaintained vehicle that has parts falling off, oil leaking everywhere, broken signal lights and high beams on all the time.
Everyone has a right to access the internet, certainly, but when they become a danger to everyone else and refuse to take action to ensure the safety of those around them, they deserve to lose their licence.
5. This is a wake-up call
At the end of the day, no one will be "banned" from the internet. Almost everyone has an alternative method of connecting to the internet, or, at the very least, knows someone else who does. So all this really does is send a lesson to an entire group of people who think that the "if it ain't broke, don't fix it" approach to security is acceptable with few repercussions.
Like the vehicle in my earlier example, these users need a huge disruption that interrupts their normal routine before they do anything. There's nothing like fines from the state government for operating an un-internet-worthy computer or mandatory annual inspections, but there is the equivalent of a breakdown from malware. The removal of the commandeered DNS servers is just that breakdown.
What I hope happens on Monday afternoon is that the DNSChanger victims sit in their internet darkness and start to wonder whether that darkness has anything to do with those warnings they've been seeing for months on end. And if that's enough for even a few to change their ways and become more responsible when they do come back online, I'd say it's worth it.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Absolutely correct Michael!
Absolutely correct Michael!
Dangerous Sentiments
dangerous people
they have no intention of helping to solve the problem JUST make it harder for those who want and need a solution...
I can think of stronger words to use BUT that is not the issue...
we have a problem LETS fix it...
personally I would have pulled the plug on day one....
mmmm a very dangerous person...
You're kidding, right?
Idiot - results from ignoring information. These are the apathetics you speak of.
Which one has the right to jeopardize the experience of others on the internet? Let's go back to the wonderful vehicle analogy. Reckless driver or dangerously clueless driver which one should the police give a free pass to?
You need to do a little reading on NAZI's
Uh-huh...
ignorance is not an excuse
Many are ignorant who don't understand, and won't take the time to learn or ask for help. Many _are_ idiots, who know that something is wrong, but will keep acting recklessly until something breaks for good.
Learn the rules of the the road, or pull over. We don't need to waste more time and money for a DNS crutch. The interwebz will not miss the spam, pings, and probes. And no-one will care that there will be a few thousand fewer votes for cute kitty videos, or a drop in tinfoil-helmet forum trolls.
Same thing will happen...they'll trash their computers and go buy another zombie-to-be computer.
Rules?
Your'e comparing using the Internet to using the road? You only know the rules of the road because you HAVE TO in order to get a driver's license. It's organised, there are teaching procedures, control procedures, awareness campaigns, and finally repressive measures. And we all know how that works out for the number of people killed or injured on the road every day (are all of them also "ignorant idiots" to you? )
What the FBI is doing now and what you all seem to be applauding, is basically applying just the repressive measure to an issue that what was in no way made sufficiently clear to the general public.
I beg your pardon!
A better example is not driving with a dangerous car. It's having your house catch fire because of a bad fuse box, which the power company warned you was a danger, yet you've been "making do" by using multiple extension cords plugged into each other to get around the bad circuits. And as the fire department is hosing down your house, you blame the power company for starting the fire!
Blatantly wrong
Contrary to what you may think, many (I mean tens of millions) of people around the world DO NOT use the internet for blogging and getting tech updates. They use it to access the incredible amounts of knowledge found online, that they then apply in their everyday lives.
I'm talking about people who sometimes don't know how to drag and drop, connect to Wifi or any other thing you seem to think justifies writing them off as idiots. Mind you, these people often have very successful careers, interesting lives (granted not in the IT industry), and tell me about stuff they found online I never knew existed.
Believe me, these people have no idea of what DNSChanger is, and no interest in it whatsoever. And why would they? Why would a writer, a farmer, a policeman, even a nuclear scientist all be expected to follow IT blogs in order to know what malware is on the loose this month? Computers and the Internet are their tools, they expect them to work.
Personally I think we should just acknowledge that making technology REALLY user-friendly (as in safe) is still far off from being done and we should continue working on its issues instead of blaming users who are in no way responsible for any mess caused by something they couldn't possibly understand and shouldn't need to.
End the coddling
We're talking about a tiny number of machines worldwide. The largest number is in the US and is less than 70K systems.
Keep in mind, the FBI had no obligation to set up those replacement DNS servers. The entire base of infected systems could have lost their connections quite a long time ago and the natural course of events allowed to proceed. At the time the number was in the millions. The logic behind the plan was that actively used machines were bound to be repaired within a given time frame due to the sheer annoyance level of the malware. Many of them would be repaired without anyone ever knowing they were infected, as part of being reimaged when put back in active use.
This leads to the question of just what these remaining systems are and how they're used or if they're used at all. Several thousand are likely monitoring or logging systems that are never touched directly and either automatically dump to a remote system or are logged into from a remote system manually. The infection could go completely unnoticed in that case and will be easily dealt with when the owner is forced to deal with the issue.
Another major portion of those systems are likely sitting in empty offices, unused for months at a time but still powered on in standby mode because nobody has looked at it in all that time. That happens a lot when companies reduce their head count in a bad economy. Some IT shops like having all of their machines left on for monitoring purposes. Many of these shops have inactive workstations, often elderly machines kept around just in case a particular bit of legacy hardware or software needs to be accessed before being eliminated entirely.
The list goes on. Out of all the estimated 350K infected systems the number to leave some entirely unsuspecting person with no internet access on the machine they use daily is exceedingly low. That person would have to have a remarkable amount of tolerance for a malware infested system.
Wrong
Are you joking? It's an extremely simple concept. I could explain it to a 4 year old. In order to find another computer to connect to, you need to use a name. Computers don't work based off of letters, they work based off of numbers (like 12 or 134). In order to make it easier for humans to find things, we "map" names to numbers. Some bad people switched the normal mechanism for converting names into numbers with their malicious version. The FBI replaced it after catching them, but they are legally not allowed to continue doing it after July 9th.
How is that IN ANY WAY difficult to understand? Also, nuclear scientists are expected to have a lot of knowledge of computers, as are ALL scientists (any physics student can tell you that they are required to learn programming languages like Fortran and C). "Computer techies" are not the only ones required to have a good knowledge of how computers work.
this is what you get
Hmmm
rubbish
Bet you cant change oil in a car and you definitely deserve to walk.
rubbish
You are clueless, arn't you.
Solutions.....
I believe it won't be much longer, and white hat hackers will begin to build pro-active worms that will spread through exploited vulnerabilities, correct issues, notify the user, ask permission to search for other exploitable machines locally, then destroy themselves after a period. There are more steps that we can take as a community to protect ourselves from ignorant users than to just pull the plug on them.
I was going to suggest the same thing
The page had an explanation, some links to appropriate software (which were allowed through) and a telephone number to call if they still couldn't figure it out.