Botnets and Web 2.0
It's nice, sometimes, to have the big guns like John Dvorak on your side. He doesn't much like the Web 2.0 fetish, as I don't, and never have. His point is one worth meditating on: Microsoft itself, the Big Kahuna, tripped over its own feet recently and lost the use of its WGA system for an entire day, infuriating millions of people and implying that many of them were software pirates when they are not.
In this case, the problem was a bug in WGA. However, like all server-side systems, WGA is vulnerable to DDoS attacks. I get twenty or thirty emails linking to some variant of the Storm Worm every day, and they are getting cleverer all the time. The botnets are growing, and virtually nothing is being done about it. It may be the case that nothing can be done about it.
Nobody knows how many bots are out there, and most client-side people don't care, because there's no downside for them personally. The bots are careful not to call attention to themselves, and don't noticeably degrade system performance. More is better here, for both the botmasters and for their feckless PC victims: The more bots you have at your command, the less each individual bot has to do to accomplish the botnet's mission, whatever it may be. Command ten million bots (and if that isn't possible now, it soon will be) and an individual machine only has to send a server request every few seconds for the botnet as a whole to render a server unusable. This looks so much like ordinary user activity that it would be difficult or impossible to spot an individual bot by examining what it requests. If more than one attack is underway at once, a clever botnet could rotate the server target among the individual bots so that it doesn't look like a user is requesting the same server every five seconds. The old botnets were cancers. The new ones are parasites, and becoming gentler and more careful parasites all the time. Future bots could become symbiotes, but that's another discussion, one I hesitate to take up here. (Got some great ideas for a Phil Sydney novel, though, assuming anybody remembers Phil Sydney.)
Microsoft should be glad that there's so much money in spam and penny stock scams. A 2008-class botnet could shut down WGA for as long as the botmasters might desire, for the pure spite of it-and still leave plenty of bot bandwidth for pushing penis pills. The same is true of any Web 2.0 site out there, including the biggies like GMail. Nobody's immune, and if there's any master plan for reducing or eliminating the power of botnets, I have yet to see it.
So while I use Web 2.0 apps here and there, I've made a conscious decision not to be dependent on them, especially for my paying tasks. They add numerous points of failure to a path that for many years has led from my keyboard and monitor to my hard drive and back. Some things may require a Web 2.0 architecture-social networking and online collaboration, as my recent research has been telling me-but beyond that, heh: I'll stick with the stuff sitting right here on my own desk, with the CDs on the shelf and spare parts in the closet.