To stop that you need better antivirus tools, or better yet.. switch everyone to Linux.
Compromising most modern flavors of Linux is usually a Samurai duel, a grueling fight between an intruder and a single computer system.
Now there is no such thing as a perfectly secure system, but when you have to go sword to sword in a minutes or hours-long battle with a SINGLE system, it's just not worth it, ESPECIALLY when it comes to creating the kind of botnet that you need to carry out a DDoS. There is no "fire off an internet Trojan/worm/wtf-ever and sleep while 1 million PCs are zombified" with Linux. You do it one at a time, an hour long fight per PC. Nut-uh. Hackers will take that fight to break into a website or maybe a bank, but not millions of user PCs. No botnet for Linux... at least not under current conditions. You can never predict the future with that stuff. As I said, there is no such thing as a perfectly secure system. Linux just makes a horribly poor candidate for a botnet zombie.
On the other hand, making botnets from Windows machines is like dragnet fishing. You can catch a million Windows PCs with a single net and turn them into botnet zombies. Fire off a virus now, sleep tonight, have a million infected PCs awaiting your command tomorrow. Easy cheesy. Newbs can do that: we're at the point of "idiot who works for McDonald's today, comes home, looks up botnetting on the web, downloads a tool, customizes, and fires into cyberspace, wakes up tomorrow with a million Windows PCs at their command."
100 million Americans using Linux instead of Windows would make botnets not so much completely impossible (once again, to stress: no system can be perfectly secure) as it would make it so ridiculously impractical that botnet makers would give up on the United States for years, until someone found a way to introduce a virus into Linux that would be able to propagate.
Note, it is not impossible to hit Linux with a virus. It has been done. It's just stupidly difficult and hackers would be delusionally optimistic to think it's merely difficult to make such an infection propagate. But Linux does have issues that make for potential vulnerabilities... ironically, issues that arise from giving it Windows-like features!!! The Java engine is one oft-repeated weakness. Even the libraries that let you read JPEG files have been a security flaw in the past. And that damned SQL/XML injection and cross-site scripting (XSS) bullshit? That has the future potential to make botnets from ANY system, Linux or otherwise.
Just so no one becomes COMPLACENT about Linux's resistance to botnetting, here is a long video about Linux vulnerabilities.
Those guys who made STUXNET? They probably could zombify a million Linux machines.
In closing: the key to stopping botnets is not to make it impossible. You can't do that. The key is to make it so difficult to compromise a single PC that you'll be dead of old age before you finish up infecting enough of them to launch a DDoS attack. Linux achieves that...
for now.
= new reply since forum marked as read
