Log in

Microsoft's new MyLiveBotNet might just work

  • Mar. 23rd, 2010 at 10:32 AM
ibm phd fellowship 2
Breaking news: "Microsoft asking users to install Botnet to go after malicious hackers". I can't believe nobody tweeted it, put it on their Facebook status, shared it on Google Reader or Buzz or Wave, or texted it to me. It only came to me from Matt, in my dream this morning. I hope the Onion picks up the story, but hopefully not Slashdot, I don't think my server could handle that kind of load.

So the story is that Microsoft has recently released its first Botnet project codename "iBotNet", which it will give away to all users of any version of Windows, "including all those running pirated copies in China", Microsoft correspondent Phil said. The project will be officially release as Microsoft MyLiveBotNet 2010 as part of the patch Tuesday set of updates, but "users will have an opt-in" said Phil (now on the OneNote project at Microsoft), specifically, the next time they visit a search engine they will receive a pop-up asking "Are you feeling lucky enough to help save the world from botnets and malware? (with a big red "click here" button across the bottom)". Variations, for other search engines include "Bing me, save the world! Yo." and "Don't be an evil Yahoo! save the world from malware".

Microsoft intends to use their new botnet software as a jumping off point to find and get rid of other real malicious botnets. Their command and control will be secure and only allow specific users to be able to connect to it. All the details have not been fully released, but Microsoft is confident that "it should work. We'll be cleaning up the botnet problem as soon as people start installing our MyLiveBotNet software".

Security companies across the world got early access to the software and have tried it out. They found that, not only will specific Microsoft employees have access to the command and control, but there is a recently released open source module (the module can be found on Microsoft's Codeplex open source software hosting site) that will allow former twitter users, now using StatusNet, to post special updates to send commands to the botnet master's command and control. Marty, from Sourcefire commented that the licensing provided by Microsoft isn't open enough for his taste, and that he won't be installing it on ALL of his computers, maybe just his laptop, so he'll have something fun to do on his plane trips.

Others with early beta access include many in the federal government. President Obama stated "my computer runs a lot faster now!", just after he had smoked a celebratory cigarette after signing the health care bill, this afternoon. The NSA had also had early access to the software, but they wondered why Microsoft didn't just go through the Windows Firewall, "it still has a lots of holes" said correspondents Jeff and Kathy, who pulled out their MIB-style memory erasers just after making that comment.

Apple, aka Steve Jobs, said that Apple already has this technology in iPod, iPhone, iTunes, and iPad. "We're not going to stand for this blatant copying of our intellectual property" stated Jobs. Although it is installed in those Apple products, it has not been enabled yet since, Mac OS doesn't have the botnet and malware problem that the PC does, since "I'm a Mac" stated Wozniak. Apple for its part has filed suit against Citrix, for including the MyLiveBotNet software in their XenDesktop product. Stephen, our Citrix correspondent, told reporters that "this is good for the community" and that he's working with Simon and Ian to get this included, in binary form, in their open source Xen.org project.

VMware signed a deal this morning to get a special version of Windows with the botnet pre-installed and included as a virtual appliance, which will run on all versions of VMware's suite of products. Microsoft's only clause was that the appliance must include a self-destruct mechanism for the case when the MyLiveBotNet is ever uninstalled. Paul had Steve and Kyle working on the code overnight to get the release out there. The virtual appliance had to include the latest in TPM and trusting computing technology to get the self-destruct option to work properly, however. Just after completing the special virtual appliance, Steve and Kyle went back to work at their normal jobs at VMware, trying to keep their heads out of the Internet Cloud.

The biggest complaints about MyLiveBotNet, however, are coming from the European Union. An EU representative said that this is just another Microsoft stunt to stifle competition. EU officials have copy and pasted from the browser choice law suit document and are editing it to include botnets as well. "We want users, in Europe at least, to have a choice on what botnet to install". A noble effort, most agree.

IBM, for their part, has received numerous complaints about distributed denial of service (DDOS) attacks coming from Microsoft and other security companies, we were told by IBM correspondent Mike. In response, Mark Shuttleworth, from Ubuntu, and Eli worked on a open source package that is already available in the Ubuntu repositories that works just as good as Microsoft's MyLiveBotNet software.

Finally, Google said they had thought of this idea a long time ago and that they decided that it would be just too evil, so they only use this type of technology internally on their Googleplex Labs beta software site. Sergey said that Google won't just sit idle and watch Microsoft impose its will on the world, they decided this morning and have begun filtering all Google searches from Microsoft and its employees. On what seems to a possibly related note, many Bing.com search queries are returning either no results at all, 42, or "Guess you weren't feeling lucky on that one?". Steve Ballmer says "we'll kill Google", right after they figure out a way to get their MyLiveBotNet software running on the Microsoft Coffee Table, which runs the fancy Microsoft Surface software.

So there you have it, you heard it here first, go ahead, you know you want to tweet it (or buzz it) :)

The license below allows anybody to take this and modify it for their own use. Change the story, change the headlines, changed the names, have fun. You don't even need to say where you got it from. Have fun and if you happen to be running Windows, be on the look out for the botnet software update.

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 United States License.
ibm phd fellowship 2
I just finished reading a book called "The Invisible Computer". It's a really good book. Published in 1998 and still very relevant. The author, Donald Norman, seems very smart and seems to be somewhat of a visionary. The basic argument of the book goes something like: the Personal Computer (PC) is a general purpose device and since it tries to be everything to everyone, it fails at being usable. Further, the solution is to replace the PC with information appliances, or single purpose devices, such as digital cameras, printers, document writers, etc. that do one job and do it well. The idea is that special-purpose devices can be made to be much more usable. For a good analogy think of the comparison of information appliances to kitchen appliances, each have an individual function and can be made to do that specific function well. Information appliances together would then make up all the functions of the PC and the computer itself would become invisible (behind the scenes). Computers already play this role in part, but getting the computer industry to make the last big leap to a world of information appliances is a challenging one. The book goes into many aspects of the problem, from the market and business side of things to the complexities of large programming projects and operating systems. All at a very accessible and well-explained level with lots of good stories that help to make the points even more clear. The book is well written and I would except that it would be very accessible to non-technologists.

Two key points that I would like to take away are the concepts of disruptive technologies and the process of technology maturity. Disruptive technologies are those technologies that change the game, disturb or break entire industries. Some well-known examples of such technologies include the automobile (displacing the horse and carriage industry), airplane travel (displacing train travel, for the most part at least). More subtle disruptive technologies include personal computers and hydraulic machines (such as the backhoe). The reason that these and other technologies are disruptive is that the current marketplace didn't see them as a threat. Often the disruptive technologies put the existing market leaders out of business before even the big companies that are selling the current technology even have time to realize or do anything about it.

Information appliances are becoming a disruptive technology and the reason lies in the second concept (technology maturity). When new technologies come out they are expensive and the only people who buy them are the technologists, or those that have a very specific niche use, those that are willing to pay higher costs and deal with some difficulties in use for the gain that they get from the technology. As the technology matures though, more people can afford it and the companies gain a market of people who are looking for ease of use, the companies, generally, then need to focus more on usability and less on features. With the PC, and other similar computing technologies, technologist, and therefore features, have driven the industry for quite a while. The PC is finally maturing in a way that will eventually lead to an evolution to the next stage of maturity and to information appliances.

A Christmas Card

  • Dec. 9th, 2009 at 2:12 PM
ibm phd fellowship 2
To all my family and friends (and anyone else that reads this),

Merry Christmas!

May God bless you in this season. I know that not everyone believes in God. I pray that God reveals Himself to those that don't.

For you all, I pray that Jesus comes into your life in a meaningful way this year. That you may understand for the first time, or understand more deeply, the meaning of Christmas, the birth of God's one and only Son.

It was an incredible year for me. I married a true blessing, the most wonderful woman in my life, Patty. We were married on Valentine's day of this year. We spent our honeymoon in Martha's Vineyard (an island off the coast of Massachusetts). I am blessed each day that I get to spend with my wife. God is working in our lives, drawing us closer to Him and to each other. We have been through so much together. There were other weddings that we went to this year and more to come. We have been attending a weekly Monday night Bible study (with a recently added Facebook group). Through these experiences and through our daily lives we are learning so much. We have been strengthened in our never-ending pursuit of balancing spirit, mind, and body.

We took and were in a lot of pictures this year:
http://www.flickr.com/photos/deshantm/sets/72157622050335244/ <-- Deanna's Wedding
http://www.flickr.com/photos/deshantm/sets/72157622510469240/ <-- Sugar Island
http://www.flickr.com/photos/deshantm/sets/72157622929303002/ <-- Ampersand Mountain
More still to come, Picasaweb is running low on space and Flickr has an monthly upload limit that we somehow always seem to hit :)

I even wrote a few blogs:
On the wedding
On looking back at high school after 10 years
On changing hearts vs. changing minds
On being nice
On Google Chrome OS
And also on other things and saved lots of links on my blog.

I am also trying to write more, including on my dissertation, and in a prayer journal. If you have any prayer requests, let me know.

Have a wonderful Christmas season and a Happy New Year!

With lots of love,
ibm phd fellowship 2
In case you hadn't heard. Google released the source code for an operating system they are developing. The source code they released is for Chromium OS, an open source operating system based on various open source projects (such as Linux, Ubuntu, Chromium (the browser), and quite a few others). There is a distinction between Google Chrome OS and Chromium OS. Google Chrome OS is specifically will be officially Google branded and will have to meet various constraints decided by Google. Chromium OS is the open source project that Google will base its Google Chrome OS directly on. For now, Google Chrome OS is specifically targeting netbooks (small laptops) and Google is working with various partners to make official netbook devices available on the market in about a year.

So, why is this all so exciting? Lots of reasons.

Google is pushing open source and open standards, allowing more people to get involved and allowing other projects (such as browsers, messaging programs, and HTML5 applications) to be compatible. Google is also pushing cutting-edge web technologies to the mainstream. They are innovating on what computers can and should do today. Operating systems environments were originally developed when the Internet was not as pervasive as it is today. The usage model of most people has changed dramatically. Current browser and OS models are out-dated and lead to slower, less secure, and less user-friendly environments than are possible given the technology that is available.

Another really big reason this is exciting is that Google has really great brand recognition and has a legitimate chance of taking significant market share from Microsoft in the netbook space. Netbooks are just the start. Actually, smartphones (cell phones that have more advanced/rich functionality such as Internet access - Email, Facebook, Twitter etc.) were the actually start. Google released an open source mobile platform called Android (also based on Linux), which is running on various smartphones (for examples see: http://www.androphones.com/). Google taking market share is really exciting because they push open source and open standards. Having Linux-based devices available is a good thing. Sean Dague explains this general concept well in his Google Chrome OS post.

One reason for me, more personally, to be excited is being able to use Chromium OS as a very good browser virtual machine appliance. My research involves creating a more secure desktop experience for average users. It makes use of virtual machine technology (the ability to run more than one operating system simultaneously on the same computer). Chromium OS is just one great example of something that could run on our system in a locked down environment. The great thing about Chromium OS is that it is designed from the ground up to be fast and secure. They take a lot of security into account by default. We would just need to translate their rules to our system.

I've read up on Chromium OS quite a bit (the design documents etc.) and plan to use any of my (currently very limited) spare time to try to contribute to that project. It has some interesting parallels to my research.

If you have questions or comments about Chromium OS, feel free to bring them up here. I may likely need to refer you too the Chromium OS discussion group, but adding discussion specifically related to virtualization as comments to this post is greatly appreciated. For some of my thoughts see this discussion thread on a topic related to virtualization:

Being Nice is Contagious

  • Nov. 13th, 2009 at 11:51 AM
ibm phd fellowship 2
 What really changes? What stays the same?

Consider the statement "We live in interesting times". Is that true? But was that also true 10 years ago? 20 years ago? 100 years ago? 1000 years ago? you get the point. Do we really face harder challenges today than they faced 100 years ago? The challenges are different, but there are also so many commonalities. Let's consider first some of those commonalities that I think are too often ignored. We are so quick to notice the differences (in technology, etc.), but I think we don't put enough thought into the things that stay the same. First, and one of the most important things that are very common throughout history is people. People haven't really changed all that much. There has always been people that have tried to be helpful and people that have tried to hurt. Human nature is there, we all have strengths and weaknesses, and so it has been with the people that have gone before us. People need to interact with others; that hasn't changed. The types of interactions may change, but people still need to communicate with others in one way or another (If only simply to get food or other goods at the store). 

We can make a difference in the world. Individually we make choices everyday that affect others, in positive or negative ways. If you keep an eye out, you will notice so many friendly people in the world. People that help others, that are polite to one another, that hold doors or simply caution others of possible dangers. Even if you don't keep an eye out, you will probably see people that don't seem so friendly, those that are angry with things, frustrated, in a rush, busy, and just not happy with the situation that they are in. They may just be having a bad day and are not reacting well to it. They may in general feel bad about there circumstances. You know what I mean. We are all like these people from time to time. Hopefully not all the time though. Both of these types of people affect the world.

Our surroundings change, technology advances, but people are not that much different than people thousands of years ago. We still all have a choice each day to positively or negatively affect those that we come in contact with. Both or contagious. Contagious like the cold or the flu :) We can pass friendliness to others and they may not catch it, but a lot of people will. And that alone can make the world a better place to live in. 

These are my thoughts, but I draw inspiration from others that I come in contact with, things I read, and simply by living. I don't remember everything or everyone, but that doesn't mean that those things or person's didn't have an effect on me. Some things that come to mind related to this specific topic. Nathaniel LaGarry, who goes to my church, once gave a nice speech on society and specifically mentioned the concept of how we think we live in the hardest times, etc. and how that probably isn't necessarily true. I have read the blog of Bruce Schneier, a respected security professional, and I really think he makes some good points on people's perception of terrorism. For a good example of his opinions take a look at this article titled Beyond Security Theater. The basic idea is that terrorism has been very much made into movie plots and the actually reality of terrorism is much harder to accomplish than is perceived. And that simply taking away freedoms and acting different is not helpful compared to using old fashion investigation, emergency response, etc. My explanation is a very oversimplified, but hopefully enough to get you to want to read more. Finally, another story from the Bible comes to mind. The story of the first people born. God created Adam and Eve, but they had kids. Their first kid was Cain and there second kid was Able. Cain killed Able. The first man born was a murderer. Adam and Eve probably tried to be the best parents they could be. They (literally) talked to God. Cain and Able talked to God too. Able made an offering that was pleasing to God, but Cain's offering was not pleasing to God. Cain got upset and although he talked with Able, he ended up killing him. I think the reason that I am reminded of this story is that people are just people, doing the best they can with what they have. We all make mistakes and get angry with others. How we react to things really matters. Obviously we can see that Cain reacted very badly, but we can affect others just as much, both negatively and positively, simply with our words and our actions. I had a math teacher in high school that said "10% of life is what happens to you and 90% is how you react". There is a lot of truth in that. There's a song by John Lennon that has the words "Life is what happens to you when are busy making other plans". 

Make the most of life. When life gives you lemons make lemonade. Being nice is contagious :)

Free as in salvation

  • Nov. 1st, 2009 at 6:56 PM
ibm phd fellowship 2
In the software world the word free is confusing. Free software doesn't mean the same thing to everybody. Let me give you an example to help you understand what I mean. There are lots of programs that are freely downloadable from the Internet with no strings attached. Now many of you may read that and consider those programs to be free software. And in one sense (in terms of cost) you would be correct. However, there is another definition of free software that doesn't count all of these programs, but only counts software that is not only free to download, but also free to modify. The free software foundation uses the word free to refer to freedom and not to cost. They believe that software should be distributable in such a way that the source code that makes the program work is also available for those that are able to make changes to it and then redistribute those changes. Making the source code available has others benefits. For example, if more people are able to see how something works, they might be able to find ways for it to work better or find flaws or security vulnerabilities etc. Some of the best examples of free (as in freedom) software are Mozilla's Firefox web browser and the Linux operating system, which was created by Linus Tovalds. There are countless other fee software projects that have had very good success as well.

Quite some time ago I came up with another interesting personal analogy. Free software has some interesting analogies to Christianity. I wondered if other people had had the same thought, so I searched on Google and one of the things I found was a site called Linux for Christians with a motto "Free as in salvation" referencing the bible verse Ephesians 2:8-9, which says "For it is by grace you have been saved, through faith--and this not from yourselves, it is the gift of God--not by works, so that no one can boast." I thought it was really neat that someone had seen the same the analogy that I had. Just recently I had a conversation with Pat about technology and Christianity and I promised to write up an blog post on this topic in hopes of being included on his new website. We both agree that there is a lot of possibilities when combining technology and Christianity. For instance, we have been discussing the concept of cloud Christianity, which could be understood simply as using the cloud to spread Christianity. 

In conclusion, it is fun to apply different parts of your life together in order to find interesting analogies and you never know what you will come up with. You may also be surprised that others have had the same thought. In Ecclesiastes 1:9, it says "What has been will be again, what has been done will be done again; there is nothing new under the sun." I think it is important not to take such statements out of context however. The author of Ecclesiastes is king Solomon (I wrote about this king before), who was given much wisdom from God and in this book he is trying to share some of those ideas. I don't think it should be read that you can't think of new ideas, but more in the sense that God already knows everything and we can't think up something new that he doesn't already know about. New to us, sure. That is my understanding anyway. Feel free to give your thoughts on it.

Changing Hearts vs. Changing Minds

  • Oct. 14th, 2009 at 9:36 PM
ibm phd fellowship 2
I wonder if too much emphasis is placed on the idea of changing people to think just like we do or to get people to stop doing the things that they do or the way that they do them. Trying to change people in this way is probably not a good idea. Instead, I think we should focus on changing hearts. How? Through our actions. For example, by loving, or caring, or listening. I don't think that everyone should have to agree on everything and things shouldn't be forced on people. Maybe people forget about the importance of the freedoms that we have, especially here in the United States. Having the freedom of speech, freedom of religion (or lack of religion, if we so choose) should be protected. Even if you agree with some policy of the government, doesn't mean that it needs to be forced on others.

Let's consider a specific example. Should "In God We Trust" be printed on all of our money? Does that really matter that much? If individually we trust in God shouldn't that simply show itself in our actions? Conversely, if we don't trust in God that could also show. Does it send a false message to both the world and also to (potential/hypothetical) future generations that might dig up the remains of our civilization and find it on our money? I think it is much more important to live a God-trusting life than to try to force others to even when they choose not to. Arguing close-mindedly against ever removing the phrase from our money probably hurts theism and Christianity more that it helps. Stopping to understand, stopping to think critically, and stopping to be open-minded is bad practice.

The concept of changing hearts doesn't simply have to apply to politics or religion or the like. Changing hearts can also apply to our lives in a general sense, regardless of our goals, mission, vision, or causes. If we simply argue based on ideals and don't actually live up to them or have a character that supports the types of things we support, then we won't be likely to change hearts or minds. People need to see something different before they can ever think about changing their mind on something. Even if they never change their mind on something, they may be able to have a change of heart toward specific situations. Persistence is one key to success. Let's take an example from the Bible. In Luke 18, verses 1 through 8, we find the parable of persistent widow. It reads:

"Then Jesus told his disciples a parable to show them that they should always pray and not give up. He said: "In a certain town there was a judge who neither feared God nor cared about men. And there was a widow in that town who kept coming to him with the plea, 'Grant me justice against my adversary.' "For some time he refused. But finally he said to himself, 'Even though I don't fear God or care about men, yet because this widow keeps bothering me, I will see that she gets justice, so that she won't eventually wear me out with her coming!' " And the Lord said, "Listen to what the unjust judge says. And will not God bring about justice for his chosen ones, who cry out to him day and night? Will he keep putting them off? I tell you, he will see that they get justice, and quickly. However, when the Son of Man comes, will he find faith on the earth?"

So, even though the judge didn't fear God or care about men, he appeased the women so that she would stop bothering him. Being persistence in our love or actions can make a much bigger impact than simply stating a case for something (and then not even bothering to live it out).

Wedding Photo Album

  • Jun. 24th, 2009 at 11:46 PM
ibm phd fellowship 2
The wedding photos are online:

Wedding Album

I commented on most of the photos.

For my earlier reaction to the wedding see:

and in case you missed them, the honeymoon pics:


Prime numbers and age correlation

  • May. 19th, 2009 at 12:20 AM
ibm phd fellowship 2
So, I can't find any other people claiming this, so I thought I would throw it out there (for fun and for discussion).

It seems that prime numbers very much correlate with ages of prime. Prime ages, for different things of course.

Some examples:

2 is a prime age (anybody that has met most 2-year olds knows why this is true)
3 is still prime age to be a little kid
5 is a prime age to start school
7 is a prime age, 7 is a great time to be in second grade, 7 is also a lucky number and good second grade teachers are most common.
11 is prime time to get good at math and memorize multiplication tables.
13 is a prime age to become a teenager.
[Notice nothing prime between 13 and 17]
17 is prime age to be in high school, hanging out.
19 is a prime age to play sports (athletic prime), be in college, and all that goes with that.
23 is a prime age to go to grad school or finish college and get a job.
[Notice again nothing prime between 23 and 29]
29 is a prime age to be married.

I'll stop here for now. I am not yet 29 even, but my wife is.

Notice that interestingly enough 16, 18 and 21 are not prime, I bet a lot of people would consider these key/prime ages...

Ok, so as far as I know (I couldn't find anything with a google.com or searchme.com search), you heard it here first - prime numbers seem to very much correlate with prime ages. Your mileage may vary of course and as always, feel free to comment, disagree, or give your personal experiences.
ibm phd fellowship 2
Not being on the computer and doing brain dumps can be very useful and productive. I have started a notebook for ideas and work in progress. I was thinking about how the cloud fits into my research area (Virtualizaiton+Security), you might say I had my head in the clouds, but thinking about hot topics, even if they are just buzzwords and may or may not turn into anything, can be very fun and insightful.

Before I get started, let me first give a rough definition of "the Cloud", some people like to call it software as a service (SaaS), others simply refer to anything that is on the web/Internet (i.e. the Internet Cloud), and some think of it as a cluster. All can be true, the cloud to me is simply a place where things can exist, run, happen, and it is not managed/maintained by me.

So, back to my question, How do virtualization and and security fit into the cloud?

One of the first things that comes to mind is Virtual Desktop Infrastructure (VDI) also called Desktop Virtualization. I don't really care for the later term, but that seems to be what we are stuck with. VDI seems to simply be thin clients that have a virtualization server at the back end (Citrix XenDesktop, VMware View, SUN VDI etc.).

Some of the major companies that come to mind are Microsoft, VMware, Cisco and the like that seem to be the traditional proprietary companies that want to at least talk open standards and open source so that they don't lose their savvy customers. On the other hand, the open source and open standards-based players are likely to be IBM, RedHat, Xen, KVM. There are also so other companies, both startups and specialty companies and even smaller companies like Sun, Oracle, Vyatta, etc. that could potentially play a role (being bought or merging with other companies or the like).

Other interesting things that I was thinking about include: CloudAV (a paper I haven't read yet), Amazon EC2/S3, etc., Dell, HP, Acadmics/Research, startups like Neocleus. Bios players like Phoenix, slashtop, Intel+Citrix offerings.

Then I thought to myself, who else should be in this space?

How come Google doesn't come to mind?

How does social networking facebook, myspace, twitter, youtube, hulu, etc. fit in?

There does seem to be a blurring of desktop and web, but how far can it and will it go and how does that fit back into Virtualization+Security?

What about Yahoo!? Could they play a role?

I am also wondering how the server and desktop can play together, can they be more blurred together or should they try to remain distinct? Are we moving back to the concept of a single big server that serves many people (think big mainframes)? Privacy concerns?

How do browsers such as Chrome, Mozilla, IE, Safari, Opera play a role? Similarly what other research browsers exist, how do things like Google gears, Mozilla Weave and the like play in? Can JavaScript on the desktop (like Sean had mentioned something about before) really take off?

What does the market want/need? I guess that depends on the market are we talking about end users that just check email and surf the internet or enginners, office workers, education/academics, gamers, technology hackers and enthusiasts, graphic designers, art, video etc.?

Finally, I'd like to leave you with a word cloud that I built on Wordle with the theme of "The Culture of the World will Also Play a Role":

Wordle: The culture of the world will also play a role

Will Wordle exist long enough into the cloud era for this to still be here? :)