Not surprisingly, the emphasis of the NYT coverage is on the impact on the commercial aspects of the internet. Secondarily, they bemoan the failure of security vendors to solve the problem.
I am glad they are covering such an important issue but I am afraid it doesn’t do a good enough job informing those it most needs to, end user, on how they’re habits and actions may be enhancing if not outright enabling the problem.
I also prefer to see constructive criticism to hand wringing and hair pulling. How about recommending users with always on broadband connections consider physically turning off their machines when not used? Or concentrating on the better security products rather than moaning about the industry as a whole?
Look, as long as crime pays, criminal techniques, online and off, will evolve and advance. We may, at some point, make botnets extinct but they will just be replaced by a smaller, fuzzie, smarter alternative. Unfortunately, I believe there is always at least a small degreed of self interest on the part of security companies to lag a bit behind these problems. After all, if they solve it perfectly, what would they sell?
Regardless, why aren’t we seeing people suggesting and exploring alternatives to signature based systems? It seems to me that botnet software will always have qualities that can be exploited to attack it. If it did not communicate with a command-and-control channel it would be valueless. Isn’t there something we can more effectively latch onto, there?
Really, though, I am just exasperated at the missed opportunity to preach to someone other than the converted.