Talk:Stuxnet

This is the talk page for discussing improvements to the Stuxnet article. This is not a forum for general discussion of the article's subject.

Put new text under old text. Click here to start a new topic. New to Wikipedia? Welcome! Learn to edit; get help. Assume good faith Be polite and avoid personal attacks Be welcoming to newcomers Seek dispute resolution if needed Article policies Neutral point of view No original research Verifiability

Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL

Archives: 1, 2Auto-archiving period: 90 days

	Stuxnet was a Engineering and technology good articles nominee, but did not meet the good article criteria at the time. There may be suggestions below for improving the article. Once these issues have been addressed, the article can be renominated. Editors may also seek a reassessment of the decision if they believe there was a mistake.
Article milestones Date Process Result January 11, 2011 Good article nominee Not listed
	A fact from this article appeared on Wikipedia's Main Page in the "Did you know?" column on September 28, 2010. The text of the entry was: Did you know ... that Symantec claims that the majority of systems infected by the computer worm Stuxnet were in Iran?

This article is rated B-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Military history: Technology / Weaponry / Middle East / North America / United States C‑class This article is within the scope of the Military history WikiProject. If you would like to participate, please visit the project page, where you can join the project and see a list of open tasks. To use this banner, please see the full instructions.Military historyWikipedia:WikiProject Military historyTemplate:WikiProject Military historymilitary history articles C This article has been rated as C-class on the project's quality scale. This article has been checked against the following criteria for B-class status: Referencing and citation: criterion not met Coverage and accuracy: criterion met Structure: criterion met Grammar and style: criterion met Supporting materials: criterion met Associated task forces: /  Military science, technology, and theory task force Weaponry task force Middle Eastern military history task force North American military history task force United States military history task force Iran This article is within the scope of WikiProject Iran, an attempt to build a comprehensive and detailed guide to articles related to Iran on Wikipedia. If you would like to participate, please join the project where you can contribute to the discussions and help with our open tasks.IranWikipedia:WikiProject IranTemplate:WikiProject IranIran articles ??? This article has not yet received a rating on the project's importance scale. United States Low‑importance This article is within the scope of WikiProject United States, a collaborative effort to improve the coverage of topics relating to the United States of America on Wikipedia. If you would like to participate, please visit the project page, where you can join the ongoing discussions. Template Usage Articles Requested! Become a Member Project Talk Alerts United StatesWikipedia:WikiProject United StatesTemplate:WikiProject United StatesUnited States articles Low This article has been rated as Low-importance on the project's importance scale. Computing: Software / Security Mid‑importance This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing articles Mid This article has been rated as Mid-importance on the project's importance scale. This article is supported by WikiProject Software (assessed as Mid-importance). This article is supported by WikiProject Computer Security (assessed as High-importance). Things you can help WikiProject Computer Security with: edit history watch purge Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information... Review importance and quality of existing articles Identify categories related to Computer Security Tag related articles Identify articles for creation (see also: Article requests) Identify articles for improvement Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc. Find editors who have shown interest in this subject and ask them to take a look here.

The contentious topics procedure applies to this page. This page is related to post-1978 Iranian politics, which has been designated as a contentious topic. Editors who repeatedly or seriously fail to adhere to the purpose of Wikipedia, any expected standards of behaviour, or any normal editorial process may be blocked or restricted by an administrator. Editors are advised to familiarise themselves with the contentious topics procedures before editing this page.

The excessively lengthy introduction seems to be downplaying the extent with which Stuxnet caused damaged well beyond its intended target. There is also little in the article itself. This needs to be correctedRoyalcourtier (talk) 07:07, 1 January 2016 (UTC)[reply]

There was little to no actual collateral damage actually done. Stuxnet infected a great many computers sure, but once on the machine it literally did nothing but propagate to other computers then it shut down and became inactive. The only incident where it actually had unintended consequences to my knowledge was when it was first discovered and this was caused by a wierd interaction between a small antivirus protection software and the virus causing the computers to reboot. The infection and subsequent shutdown of the program is hardly damage. Learncraft (talk) 07:21, 25 January 2016 (UTC)[reply]

One could make the argument that the time & cost of removal Stuxnet and protecting systems from future infection, changing procedures, closing security holes, updating virus definitions, could be considered "damage". Also whatever costs to Siemens' reputation. i.e. "intangible". However, there's also an argument to be made that a company (Siemens) and a state (Iran) that are using the PLCs to manufacture enriched uranium, possibly for nuclear weapons (and the potential cost in human lives as a result of those efforts), should have, and possibly could have done a better job of protecting their hardware and software from attacks like this. Obviously the creators of Stuxnet knew these vulnerabilities existed, and the manufacturers of possibly weapons-grade uranium either did not, or the did but failed to address them. So one response to the allegation of "damage" might be to instead hold the entities affected responsible for whatever "damage" they incurred. People involved at the extreme end of the "danger" scale need to be extreme on the "security" scale also. It's an interesting assertion ("damage"), but very complex, and would need extensive discussion.Tym Whittier (talk) 18:29, 26 April 2019 (UTC)[reply]

The comment about Stuxnet doing little to no collateral damage is simply shilling for the people who wrote stuxnet and is likely motivated by ideological or patriotic support for the nation which created this virus. The article should be edited to say, right at the top, that this was a piece of malware which infected a high proportion of the worlds computers at a particular time. Anything less is sheer bias; plus it frankly hard to know for sure what stuxnet did beyond attacking centifuges and proliferating itself through a the computers of innocent people. Clearly one cannot reference harms which one does not know about but we SHOULD say stuxnet was a piece of malwre which infected a high proportion of the worlds computers and, ideally, put a number on that proportion, right at the top.

There should be a section on legality. At the minimum this was an illegal act of sabotage, but it was quote possibly an act of war. This should be addressed in the article.Royalcourtier (talk) 07:09, 1 January 2016 (UTC)[reply]

I agree with this. A simple statement might suffice however, vs. an entire section.Tym Whittier (talk) 18:17, 26 April 2019 (UTC)[reply]

First I'd like to say this Article is very-will written (one of the best I've read), and with the idea that "better is the enemy of good", I'd like to suggest great caution in changing it. Having said that, this is the relevant passage in the Lede:

"The worm then propagates across the network, scanning for Siemens Step7 software on computers controlling a PLC. In the absence of either criterion, Stuxnet becomes dormant inside the computer. If both the conditions are fulfilled, Stuxnet introduces the infected rootkit onto the PLC and Step7 software, modifying the code and giving unexpected commands to the PLC while returning a loop of normal operations system values feedback to the users."

I understand one of the two conditions is the presence of "Siemens Step7 software", but I am uncertain as to what the other condition might be. I arrive at a theory that Stuxnet might scan for both the software and the presence of hardware (device driver, maybe), but this is not explicitly stated. The Article would be improved if "both conditions" were explicitly described in the Lede. Also the statement "in the absence of other criterion" make me wonder what that "other criterion" might be.Tym Whittier (talk) 18:15, 26 April 2019 (UTC)[reply]

According to MOS:LEADLENGTH we should be enjoying a lede of about 4 paragraphs. The wording here appears to be much longer, and with some specific details that are perhaps unnecessary to readers trying to obtain an overview. Are there arguments against making the lede shorter? Chumpih. (talk) 00:02, 20 September 2021 (UTC)[reply]

Have moved some paragraphs from lede into History which appeared to be an appropriate place for the information. That said, the text moved could perhaps be given a more encyclopedic tone. Chumpih. (talk) 02:03, 5 November 2021 (UTC)[reply]