• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Interesting topic over at Ars Technica

An interesting discussion, yes, but that road of legislation (a la the [H]) has many pitfalls. I am of the opinion that the way things currently work (informal guidelines and recommendations) works well enough. Consider what happened with this "Neo project" and the Xbox cracking thing. The project was mismanaged, the client sucked, the stats sucked, the goal of the project was not legal, and people (at least no one in Team AnandTech, the last time I checked) don't participate.
 
I would like to think that the members of TeAm Anandtech have enough sense to control their machines and the projects they chose to run on those machines theirselves without having to be told how to by anybody else
 
OK. But what concerns me is if someone takes control of an assignment server say at F@H or SOB or some other project and they
download a trojan package instead of a WU. It would seem to me If I was writing the virus or worm that is the path I would want to take.
It would give me access and control over thousands upon thousands of computers in an extremely short time.

I have read the {H} idea of DC and do not agree with it either. Yet I do not see any form of continuity on how DC projects are developed.
The events of the past week or so with the blaster worm has caused me to rethink how I protect my computers. Yet even if
I protect my computers with firewalls and updates I see the DC client as the hole in my defenses and I do not see where
the DC projects are doing what they can to protect me the user of their software. If I'm not there their project suffers. Am I wrong in this?
 
but the thing is DC users amount for a very very small percentage of overall PC users.
i just dont think that would be a target for hackers or virus writer, personally. i think they would chose to exploit something that would affect more users than a particular DC project, i think the only one that can reach even a small percentage of PC users would be SAH, possibly FAH, but other than that the overall participation is a tiny percentage.
i think they will stick to exploiting MS products.
 
Originally posted by: YellowRose
OK. But what concerns me is... ...I see the DC client as the hole in my defenses and I do not see where
the DC projects are doing what they can to protect me the user of their software. If I'm not there their project suffers. Am I wrong in this?
Click to expand...

You are absolutely correct. It is a 2-way street and communication is one of the answers...

Just the other day without thinking much about it, I d/l'ed an "updated" client to a project and fired it up...after just glancing at the forum, it didn't seem to have the official blessing of management and yet they weren't saying stay away from it either...how would I know, I just glanced...just thought I'd give it a try and just figued it had been out long enough that if there was a problem it would have reared it's ugly head by now...and the link appeared to be from the official project site...but what if...what if it was a problem child just released and I didn't have enough sense to at least put it on an unconnected stand-alone...what if someone had just made it look real enough and it would probably only take a couple of people to snag it and let it loose...

(I tend to mumble a lot - for those that didn't hear, I did NOT find any malicious program, I was just saying what if...)

I would venture to say that the all of us reading this thread have enough common sense not to clik on the attachment we're not suppose to but think of the thousands of DC'ers (not to mention the unknowningly borged machines) that are run by people that *to this day* still open up that strange looking email attachment)...anywho...point being, it would be simple for a sick someone who knows what they are doing to set up and send out an official looking email with an upgrade of your favorite DC project attached for your convenience...no fuss no muss...the question isn't if it will happen but when. Sad but probably true...I don't think it will be in the start up of a project but after one has been established...I can just see the "Distributed Computing Prohibited" sign now, just over the "No Smoking"...

In any case, would it make a difference if those running any given project make it a practice that upgrades and client releases are announced and come from a specific source? I know that pretty much happens now, but other than post the official this is the hardware we have and the steps we take to prevent attacks...what else can they do for us...

patrick.

 
You may be right. I will be makeing some changes here at the hous. I will be putting together my first Linux
box. It will be the system between the net and my home network. Hopefully that will add to my security.
 
Originally posted by: gistech1978
but the thing is DC users amount for a very very small percentage of overall PC users.
i just dont think that would be a target for hackers or virus writer, personally. i think they would chose to exploit something that would affect more users than a particular DC project, i think the only one that can reach even a small percentage of PC users would be SAH, possibly FAH, but other than that the overall participation is a tiny percentage.
i think they will stick to exploiting MS products.
Click to expand...

it will happen, sooner or later...whether it be some key punch happy kid or someone who's just had a bad day at the office or even some kid mad at his school...it wasn't that long ago that you wouldn't have thought that the ny times (or whoever it was) would have shut down their entire system even for a little while because of a worm or virus...

it's not that they might cause trouble at a local leval or even put a big dent in a project...it's the far reaching rumblings that are the problem...in today's society...sheese, lot's of jerks would latch on to the fact that this DC virus screwed with their corporate and/or school computers...lot's of jerks would use it as an excuse for job security not to mention the innocent heads that would roll and we'd probably find out just how many many borrowed machines there are out there...I'm just convinced that it would be much more far reaching than we imagine...don't misunderstand, I don't think it's like going to upset the economy or anything...I do think it ruin DC as we know it...somebody would e determine to regulate and/or commercialize it...

(not sure if any of that made sense...long days)

patrick.



 
Originally posted by: YellowRose
You may be right. I will be makeing some changes here at the hous. I will be putting together my first Linux
box. It will be the system between the net and my home network. Hopefully that will add to my security.
Click to expand...

good idea actually...always said I would'nt do XP...maybe it's time to look at that other critter...kinda ironic...switching to IBM's favorite of the month to get away from Microsoft...does that mean we've come full circle?
 
Running a DC client will never be risk-free. A firewall is a mis-guided effort that - though it will help with many other things - will not be of any use with the concerns in question here. A good, up to date Antivirus program will be of some use.

The problem is that if you come up with "guidelines" (laws) such as those suggested by an Ars member (open source, reputable backer, available point of contact, assurance of server security), you instantly outlaw a great portion of the projects that we (Team AnandTech) run. S@H, F@H, and more are not open source; DPAD and others are run by a single person; with server security, you just have to take their word for it that they're patched up and properly secured (still, new vulnerabilities are found at a regular rate in both Windows and the Unices, though the rate at which they are found in the former is higher, and those new vulnerabilities that nobody knows about yet are going to get somebody screwed when the first hacker finds them). But why am I restating this? It's pointless, considering that all these points have already been made in the aforelinked thread.

So, if you want to get something done in this regard, you're first going to have to get the support of some official or semi-official people around here. Forget Anand, because he rarely shows interest in the DC team any more, and efforts to contact him regarding more important matters have not been quickly fruitful. Learn who the project leaders are around here, and try to get ahold of them via PM. Oh, BTW, try to make sure that your "rules" don't "outlaw" the projects they help with, and they might be more willing to consider your points. :sigh;
 
Oh I wouldn't bring something like that up here. I found the thread interesting in light of the effects of the blaster worm .
I agree it would be something that couldn't be applied to present projects that are up and running . Yet it would seem that
any new project should be judged against some guidline to insure basic safety for those running the project.
Its something I need to think about before I run a DC project. I think the older more established ones are worth looking at
and as far as any future ones I'll let you guys be the test sample. If you say the water is fine I'll think about taking a swim.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top