Slashdot Mirror

← Back to Domains

Domain: sophos.com

Stories and comments across the archive that link to sophos.com.

Comments · 553

  1. Re:Pegasus Mail! by TobiasSodergren · · Score: 1 · on No-Click Phishing On The Way

    mutt is actually vulnerable to the Taliban virus!

  2. Re:And in other news... by gowen · · Score: 2, Informative · on Dozens Charged in Spam Crackdown
    This stat comes up all the time. I still haven't seen their methodology
    You can find the methodologht at Sophos's Spam Site. Its determined by physical location of the last relay (the only thing trustworthy in a spam header), so yes, a large number of those are probably trojaned zombie machines. The rest are the known "pink slip" ISPs in league with Floridian spammers The data set is from a "global network of honeypots". They do no filtering.

    PS : "It's all from trojaned machines" is *not* an acceptable excuse. ISPs have the power to block trojaned machines SMTP engines. The largestof them (comcast, attbi) simply can't be bothered.
  3. So easy to prevent by bigberk · · Score: 1 · on Peeping Tom Worm That Uses Webcams
    As a first measure, running Windows with non-admin privileges would go a long way to limiting the power of viruses to infect and spread. From the description of the worm,
    When first run, W32/Rbot-GR copies itself to the Windows system folder as SYSTEMC32.EXE and runs this copy of the worm . . . will set the following registry entries: HKLM\Software\Microsoft\Windows\CurrentVersion\Run \ . . .
    All impossible to do without admin privileges on an NT-style system. Do yourself a favour, create a low privilege account for yourself :) This measure is obviously not a substitute for a brain, but it's pretty basic and helps immensely.
  4. Isn't this just an updated amish virus? by AnswerIs42 · · Score: 2, Funny · on First Trojan for Windows CE Released
    I mean, if I have to send it to someone, hope they receive it on their PDA, open and install it and have a wireless or wired connection for it to work..

    Wouldn't it just be easier to send them the Amish Virus instead?

  5. Like these ? by Anonymous Coward · · Score: 0 · on 70% Of 2004 Virus Activity Down To One Man

    A chart like this perhaps ?

    or maybe these charts that you can proudly display on your website ?
    or how about a complete industry website dedicated to charts and rankings

    shall we keep looking or do you see a relationship evolving ?

  6. Attention-Seeking Geek by sciop101 · · Score: 3, Informative · on 70% Of 2004 Virus Activity Down To One Man
    And now the rest of the story!

    "...one of Jaschan's schoolfriends revealed the worm author's identity to Microsoft."

    http://www.sophos.com/virusinfo/articles/netskyher o.html

  7. Nachi by jdhawke · · Score: 1 · on Slate On Worms That Plug Security Holes

    True Nachi did download and install the Blaster patch, but some of its varients also did things like overwrite a random help file in the windows IIS install. Sophos Analysis of Nachi-G Not to mention its use of a tftp server leaving yet another opening into the system.

  8. Re:great, re-enforce the myth. by ThePilgrim · · Score: 1 · on Mozilla Developers Respond to Malware

    No linux virii :)

  9. Re:The clueless userbase to propagates the worms. by caffeineboy · · Score: 1 · on ESR's Halloween XI -- Get the FUD
    More of a reply to the original poster:

    Do you remember perhaps:
    • Ramen Worm?
    • Slapper worm?
    • Lion Worm?

    Maybe these would not have been spread if people properly administered their linux boxes, but that is the same problem that causes the spread of worms on Windows. Slapper was designed with the express purpose of using infected machines as attack zombies. You just didn't hear about it as much since there are fewer poorly administered linux systems out there.

    I don't know if a current Redhat default install has as many open services as the last time I installed it (back in the 5.x days) but their security was no better than default NT/2000/XP. If you didn't stay on top of updates, a worm would get you.

    Take a look at the Linux worm site (OK, some of these are rootkits) here.

  10. Sophos, in case you've forgotten... by gumpish · · Score: 4, Informative · on New Viruses Hit 30-Month High

    Sophos, in case you've forgotten, are the same bunch of asshats who asserted to the media that Linux advocates were responsible for the MyDoom worm.

  11. Re:MODS -- GET A GRIP by dustmite · · Score: 1 · on 71% of Spam Servers are Located in China

    http://sophos.com/spaminfo/articles/dirtydozen.htm l, http://www.spamhaus.org/rokso/.

  12. Re:Bayesian filtering is already dead. by Baumi · · Score: 1 · on Google IPO Swami

    I'm using POPfile which tries to extract words from attachments and apples other de-obfuscation techniques, as well. It's maintained by John Graham Cummings who tries to keep up with spammer's tricks. I've been using it for about a year now, and so far it's caught practically all of my spams. (Success rate > 98%)

    (Man, that sounded like one of those late-night infomercials, but I swear I'm simply a happy user.)

    Granted, I only get 4 or 5 spams a day, so maybe you're simply ahead of me in the spam curve and I'll be getting there soon, too... :-/

  13. More links by rduke15 · · Score: 1 · on Sasser Author Under Arrest, Say German Police

    Was just about to submit this story. I see my lins are different, so you may find them useful too (they are in English):

    An 18 year old has been arrested in Germany, suspect of being the creator of the Sasser worm, as reported by Yahoo news and many others. Sophos believes he may also be the author of Netsky.

  14. More links by rduke15 · · Score: 1 · on Sasser Author Under Arrest, Say German Police

    Was just about to submit this story. I see my lins are different, so you may find them useful too (they are in English):

    An 18 year old has been arrested in Germany, suspect of being the creator of the Sasser worm, as reported by Yahoo news and many others. Sophos believes he may also be the author of Netsky.

  15. "fcuk USA Government; fcuk PoizonBOx" by tepples · · Score: 2, Informative · on Worms Jack Up the Total Cost of Windows

    worms/viruses are currently Windows-only problems.

    Emphasis on the "currently." Has everybody forgotten the Sadmind worm, which spread among servers running Solaris OS and defaced web servers running Windows OS and Solaris OS?

  16. These things piss me off.... sorry by Anonymous Coward · · Score: 0 · on Sasser Worm Takes Down UK's Coastguard

    The Sasser worm has recently disabled the computer systems of Britain's Coastguard. Naturally, this event raises even more doubts over the reliability of Microsoft software in critical systems.

    Naturally this event *doesn`t* raise doubts about running unpatched systems that arent even protected by packet filters (which, for al their faults would have prevented this) and connected to way to many other computers (Not limited to but, usually meaning the Internet) and listening on to many ports/interfaces with to much code at to high privileges anywhere (let alone in critical systems).

    Naturally...

    No sir, this is just a microsoft problem. This isn`t another case of RPC gone a little to easily accesable. This has nothing to do with RCP api`s being undocumented (security through obscurity). This isn`t another example of just running the whole piece of networking code with as much privileges as we can come up with and keeping dumping functionality in. It is just naturally microsofts fault. No I am not saying it isn`t microsofts fault, it is, naturally. They could have learned that coding rpc services in a buffer overflow prone way without tripple checking buffers isn`t all that smart. And they could have learned this years ago. But they didn`t, they went the "natural"/go with the flow way about this. Lazy. I mean everybody does RPC services in C with every privilege out there without caring for bugs enough. And they never released documentation for these network related api`s so, lets just keep doing it like that, its the natural order of things.

    The software industry needs some natural selection on this..... this goes for all operating systems, naturally.

  17. Windows Registry Scanning is Critical to Disinfect by theobscurest · · Score: 1 · on Sasser Worm Disruption Growing

    If this tool doesn't scan the Windows Registry, then it's worthless. Instead I am using the Sophos removal tool, http://www.sophos.com/support/disinfection/sasser. html. It has found and successfully disinfected/removed the worm from the infected machines on my network. It checks in all known locations for the virus, including the registry. This is critical, as the worm does make its way into the registry in most instances. You also have the option of scanning your entire machine with this tool if you're overly cautious.

  18. First 10 on Win (w/ links) from a SysAdmin's POV by theobscurest · · Score: 1 · on First Ten Programs on New Install?

    I SysAdmin a significantly sized heterogeneous network and to my dismay, I often have to set up new Windows machines and/or reinstall Windows machines.

    As an aside, in sysadmin-land, the general rule is to reinstall a machine after someone leaves and/or every two-three years max. Any longer than that and the machine's OS & registry gets too clogged up with crap (among other things) that the machine goes so slow and a complete & clean reinstall is the only way to really regain that lost productivity.

    Anyhow, the first 10 or so programs I install on these (primarily w2k) machines are as follows:

  19. First 10 on Win (w/ links) from a SysAdmin's POV by theobscurest · · Score: 1 · on First Ten Programs on New Install?

    I SysAdmin a significantly sized heterogeneous network and to my dismay, I often have to set up new Windows machines and/or reinstall Windows machines.

    As an aside, in sysadmin-land, the general rule is to reinstall a machine after someone leaves and/or every two-three years max. Any longer than that and the machine's OS & registry gets too clogged up with crap (among other things) that the machine goes so slow and a complete & clean reinstall is the only way to really regain that lost productivity.

    Anyhow, the first 10 or so programs I install on these (primarily w2k) machines are as follows:

  20. Re:Does the affect tcpip/cp? by jki · · Score: 1 · on TCP Vulnerability Published

    I think Peter may be experiencing a denial of service attack, too :)

  21. p2p and viruses by dealsites · · Score: 0 · on Dept. Of Homeland Security Chooses Groove, P2P

    Damn! I hope nobody starts to download: Ad-aware, Adobe Acrobat Reader (32-bit), AOL Instant Messenger (AIM), Biromsoft WebCam, Copernic Agent, Delphi 6, Diet Kaza, DirectDVD, DivX Video Bundle, Download Accelerator Plus, FireWorks 4, FIreWorks MX, Global DiVX Player, Grokster, ICQ Lite, ICQ Pro 2003a beta, iMesh, JetAudio Basic, Kaspersky Antivirus, Kazaa Download Accelerator, Kazaa Media Desktop, Matrix Movie, McAfee Antivirus, Microsoft Internet Explorer, Microsoft Office XP, Microsoft Windows Media Player, Microsoft Windows 2003, Morpheus, msn hack, MSN Messenger (Windows NT/2000), Nero Burning ROM, NetPumper, Network Cable e ADSL Speed, Norton Antivirus, Office 2003, Panda Antivirus, PerAntivirus, Pop-Up Stopper, QuickTime, RealOne Free Player, Registry Mechanic, SnagIt, SolSuite 2003: Solitaire Card Games Suite, Spybot - Search & Destroy, Trillian, Virtual Girl Sofia, Visual Studio Net, Winamp, WinMX, WinRAR, WinZip, WS_FTP LE (32-bit), XoloX Ultra, ZoneAlarm

    That's just trouble waiting to happen... Source: http://www.sophos.com/virusinfo/analyses/w32mapson a.html

    --
    Real-time deal updates from multiple major deal sources

  22. Spyware detection tools for Linux? by rsax · · Score: 1 · on Spyware on One in Twenty Computers?

    I want to create a custom data recovery, virus scanning and hopefully spyware detection CD using SystemRescueCd and Sophos AV for Linux. The only thing missing in this equation is anti-spyware software that runs on Linux but scans Win2k/XP partitions. My alternative to this solution is using a DOS boot disk then use something like Winternals NTFSDOS Pro and finally run Sophos AV for DOS - which would still not give me an anti-spyware tool unless the host OS is used. The Linux CD would make use of the Captive project to access the NTFS partitions with R/W capabilities. Obviously I would prefer using the Linux solution, I guess I could scan for viruses first and then boot into Windows to run Ad-Aware but I'm curious if there's an opensource or commercial project that deals with this on Linux.

  23. Spyware detection tools for Linux? by rsax · · Score: 1 · on Spyware on One in Twenty Computers?

    I want to create a custom data recovery, virus scanning and hopefully spyware detection CD using SystemRescueCd and Sophos AV for Linux. The only thing missing in this equation is anti-spyware software that runs on Linux but scans Win2k/XP partitions. My alternative to this solution is using a DOS boot disk then use something like Winternals NTFSDOS Pro and finally run Sophos AV for DOS - which would still not give me an anti-spyware tool unless the host OS is used. The Linux CD would make use of the Captive project to access the NTFS partitions with R/W capabilities. Obviously I would prefer using the Linux solution, I guess I could scan for viruses first and then boot into Windows to run Ad-Aware but I'm curious if there's an opensource or commercial project that deals with this on Linux.

  24. Re:Stawin-A Trojan by johnmc · · Score: 5, Informative · on More MyDoom Gloom

    Make that Troj/Stawin-A..
    There was a typo in the URL

  25. Stawin-A Trojan by sharp-bang · · Score: 5, Informative · on More MyDoom Gloom

    Sophos has intercepted a new trojan called Troj/Stawin-A that installs a keystroke logger, captures data related to financial institutions, and sends it back to a Russian e-mail address.

  26. Stawin-A Trojan by sharp-bang · · Score: 5, Informative · on More MyDoom Gloom

    Sophos has intercepted a new trojan called Troj/Stawin-A that installs a keystroke logger, captures data related to financial institutions, and sends it back to a Russian e-mail address.

  27. Re:Calm before the storm? by overcome · · Score: 1 · on MyDoom Windows Worm DDoSing SCO

    According to Sophos' analysis, the port will remain open after February 12.

  28. Re:Virus Scanners can pick it up by internewt · · Score: 1 · on Scam Combines Patriot Act FUD With IE Bug

    I don't know about the rest of you, but I clicked on a funny link from a prior Slashdot thread that had an intentionally altered URL. The big shocker was, IE parsed it like it was no big deal, but my virus scanner picked up the malicious code. It warned me that the URL was modified by a bug in Internet Explorer, and allowed me to continue or back out.

    FWIW, sophos hasn't said anything at all when I've done similar. But Sophos isn't really a "user's" AV product, its business protection. The phishing scams should be getting nailed on your mail servers, and shouldn't be getting to the user's desktop. No doubt Sophos would try and sell you their mail server AV for this :)

  29. Re:Magic Bullets by bigbadwlf · · Score: 1 · on Stop Christmas-Gift PCs From Feeding Worms

    Have you read anything about Blaster? It's spread via email attachments posing as Microsoft patches.

    Apparently you've read absolutely nothing about Blaster.

    The Blaster worm does not spread via email, but does distribute itself via the internet looking for vulnerable computers that have not been patched against a security hole first reported by Microsoft in mid-July 2003.

    That kind of ignorance is just another reason we have so many machines on the internet that are left vulnerable to these kinds of exploits.

    A firewire isn't going to do a damn thing to keep it out.

    I do totally agree with you there, though... a firewire won't help protect you from Blaster.

  30. Re:Sue the software companies by Hrothgar+The+Great · · Score: 1 · on Another Worm Targets Anti-Spam Sites

    What the fuck do you think you know about anything? There was an apache worm about two years ago, you drooling moron. It was a flaw in one of apache's add on modules, mod_ssl. This "microsoft apologist" found this very worm on my apache server which was running on a fucking cable modem in my apartment.

    APACHE WORM FOR ILLITERATE MS BASHERS

    Is it your assertion, by the way, that I am a "microsoft apologist" because I think that you're a moron and your opinions are misguided and ill thought-out? I've been running Linux since 1997, you jackass, so I'll finish this post the same way I started it - what the fuck do you think you know about anything?

    P.S. there was a more recent Apache worm that affected some BSD variant or another. TRY READING ONCE IN A WHILE.

  31. Re:The courts will work this out....eventually by southpolesammy · · Score: 1 · on The Computer Owner - Guilty or Not Guilty?

    OK, sure, I don't know of a virus that "drains bank accounts", but I sure as heck know of virii like Bugbear-B that contains a keystroke logger, which could be abused to track bank account information. So while the coincidence of the virus and the life-threatening surgery is extreme, the existence of the virus definitely is not, and in fact, is severe.

  32. Re:Isn't Microsoft culpable in this mess? by Theatetus · · Score: 2, Funny · on Gangs Extort Companies With DDoS Attacks
    Microsoft software has nothing to do with DDoS. DDoS cannot by stopped except by cutting off the source.

    DDOS attacks are usually launched through Windows boxes that have been exploited, for example by worms such as SOBIG.

  33. Mimail-E also DDoS'ing financial sites by Chatmag · · Score: 1 · on Spammer DDoS-By-Virus On spamhaus.org

    The Mimail-E variant is also DDoS'ing several financial web sites, such as Fethard.biz

    The FBI has maintained that they will not pursue an investigation of a DDoS attack unless a substantial financial loss has occured. With the attack on an Internet financial site, this should be enough for the FBI to become actively involved.

    I've never heard of Fethard, and at first glance, the site looks a little suspect. However, if that is what it takes to get a real investigation going, I'm in favor of it.

    Spamhaus would have to file a complaint with the British authorities; Spamcop would be able to file a complaint with the FBI; SPEWS would have to file a complaint with the Austrailian authorities. Spamcop sells a product, and if Julian Haight can prove financial losses, that makes his case stronger. Spamhaus and SPEWS does not sell a product or service, so their complaints would have a lower priority with the law enforcement organizations of their respective countries.

    If Fethard and Spamcop are being attacked by that variant, Julian Haight should be contacting Fethard to coordinate the filing of criminal complaints against the attackers.

  34. New email worm that DDoS's Spamcop/SPEWS/Spamhaus by wayne · · Score: 3, Informative · on Trouble Getting to SpamCop?
    I saw this mentioned on the spamcop news group.

    There is a new email worm called W32/Mimail-E that is designed to create a distributed denial of service attack on the anti-spam websites of spamcop, SPEWS, and spamhause. See: sophos write-up.

  35. Re:My issues with this story by skinfitz · · Score: 1 · on Wall Street Journal On The Switch

    I started a point-by-point refutation of everything that you said, but then I realized that it would be pointless because you are just spreading FUD.

    Actually I'm debunking FUD but lets carry on.

    Most of it doesn't even make sense, as when you claim that hardware for Linux is free ("typical computing tasks? Linux can do all that too - for free"),

    I didn't say hardware for Linux is free - that would be extremely silly now wouldn't it? There are certain things I think that we can take for granted, such as I'm 96.5% certain that readers here understand what Linux is and that computer hardware is not "free". Fair comment one must always take the cost of the hardware into account but its the OS that we are talking about here.

    ...and how you claim that the author's statement that there are no Mac viruses in part because there aren't enough Macs is wrong, because there would be viruses if there were more Macs).

    I said people attack the most prevailant system, which is presently Windows. If OS X was as prevailant as Windows is now, there would be more attacks targetted at it. the amount of attacks scales with popularity.

    I don't believe you actually own a Mac, because you are about as hostile toward Macs as some of the most rabid Windows fanboys I've run into. If you do actually own an iBook, here's my suggestion: sell it. We don't need people like you spreading this sort of FUD.

    Well I certainly do own an iBook and how you can call me hostile towards Macs I find quite frankly confusing (did you READ what I wrote? I like OSX). I like OS X a lot - (I certainly wouldn't have bought an iBook if I didn't, and I definitely would not be thinking about a G5) plus I do support (amongst other things) a 200 host Mac network complete with XServe (which I personally recommended & installed).

    The article I debunked is FUD - it makes contradictory points. For example, this paragraph:

    So, if you're a Windows user, you could sit tight, apply all the patches, worry about all the viruses and hope that the spring's Service Pack will solve most of the security problems without breaking other key features of Windows or interfering with programs you use.

    This is clearly putting the concept of patches in a negative light, and inserting FUD into the process by implying that applying a patch may cause problems. Some facts:

    OS X needs patching, (as do all other current operating systems.)
    Applying patches can be risky, however its important to keep up to date. Apple suffered from this exact issue recently with the 10.2.8 update causing problems for many users.

    So Apple are "guilty" of two of the alleged "crimes" of Windows.

    It would be like an airline saying something like "So if you fly with our competitors, sit tight and hope there are no bombs or terrorists on the plane with you" while trying to sell plane tickets. It's ridiculous.

    It says that Microsoft release patches and puts that in a negative light and later on says that Apple release patches but it's "ok" because they are less frequent!

    It also says (correctly, unless the "switchback" "virus" isnt a hoax) that there are no viruses for OSX, yet you should still run antivirus. Sophos, Symantec and Network Associates all produce OS X antivirus, which you have to admit is a little strange. I suppose they are selling insurance against future incidents.

    If I've posted anything factually incorrect, then please set the record straight.

    What is it with all the anonymous postings anyway? Why are people afraid to put their names to their opinions?

  36. Re:linux user @ 56years by hanssprudel · · Score: 1 · on Germany Publishes Windows to Linux Migration Guide

    I had it wrong, Sobig.F is a mail worm. I was thinking about MS Blaster which infects through open ports and makes windows reboot.

  37. Actually, macs *did* have autorun by romanval · · Score: 1 · on SunnComm Says Pointing to Shift Key 'Possible Felony'

    It was a feature of quicktime 4, which had an "autoplay" feature enabled by default.

    Eventually a prolific worm got spread around that way--autostart 9805 -- through many prepress and design houses.

    After that, many people just turned off autoplay, since it was lame window-ism feature that no mac developer ever took advantage of anyways... (Mac users expect to insert a disk and wait for it to mount up on the desktop, then proceed to open it and do whatever they intended to do --run the installer, or copy a file, etc).

    The following versions of quicktime no longer had that "feature".

  38. You are all *WRONG* by JavaLord · · Score: 4, Funny · on Top 10 Software Titles Every Home PC Needs?

    Here are the programs you need to have a k-133t windows system.

    1. AOL- DUH, they are the greatest ISP ever.

    2. Webshots - Impress your friends with your changing wallpaper!

    3. Hotbar - Skin Internet Explorer and Impress your friends!

    4. AOHell This program will make you l33t!

    5. Incredimail This makes your e-mail look k00lah then everyone elses.

    6. Microsoft Outlook because all the anti-virus tools work with it. You don't want to use another e-mail client, you might get a virus!

    7. Comet Cursor. Makes your cursor R0x0r.

    8. Intruder Alert 99 You need a firewall, the internet isn't a safe place!

    9. Gator Gator is an awesome program that helps u remember ur passwords. This way u don't have to fill out stupid forms!

    10. BO Server The guys in my gaming clan sent me this, they said it would improve my FPS, and make windows run faster. I think it did!

  39. Re:Where's the hard evidence? by GoneGaryT · · Score: 5, Interesting · on Sobig Worm Attacking RBL Lists?
    There have been a number of comments on this topic on a closed list for academic sites here in the UK and the analyses point to Sobig DDoS attacks, specifically against spamhaus.org in these cases. Sobig-F was a very well written piece of binary code, encrypted and compressed to 76k AFAIR, and a description of its functionality shows this. In particular, the possibility that it could act as a portal for Trojan downloads reinforces the claim.

    I was trapping infected workstations by monitoring perimeter firewall logs for DNS calls to the root servers, as this is a feature of its activity. Pity I didn't have time to find out what it wanted to resolve, because that could have been interesting.

  40. Anti-Virus for Linux/Unix by hbo · · Score: 3, Interesting · on Sophos Acquires ActiveState


    Sophos's anti-virus technology will be integrated with PureMessage, ActiveState's enterprise email protection software, to deliver industry-leading anti-virus and anti-spam protection in a single, consolidated solution - Sophos PureMessage. PureMessage currently supports AIX, HP-UX, FreeBSD, Linux and Solaris. For more information please see http://www.sophos.com/products/pm/


    So the real news here is that the hole created by Microsoft's purchase of RAV is about to be filled. Since ActiveState's relationship with Microsoft is important for their tools this could impact that relationship.

  41. Re:Um... by jafiwam · · Score: 1 · on Lousy E-mail Filters Complicating Outlook Worms

    It would be a lot better if Outlook were not vulnerable, and those people who had vulerable versions patched them.

    Note however, SoBig.F is not an Outlook exploit. It is a "stupid user" exploit that requires the user to click on the attachment. Mozilla Mail, Eudora and all others are just as vulnerable. (Windows operating system is the only common denominator.)

    Once installed on the machine, SoBig uses its own SMTP engine to send mail. True it uses messages from the contacts, but also from cached web page files and text files on the hard drive.

    The article submitter incorrectly implied that SoBig.F is an Outlook-only problem. It is not.

    http://www.sophos.com/virusinfo/analyses/w32sobigf .html

    and

    http://www.sophos.com/support/disinfection/sobigf. html (Question 6)

  42. Re:Um... by jafiwam · · Score: 1 · on Lousy E-mail Filters Complicating Outlook Worms

    It would be a lot better if Outlook were not vulnerable, and those people who had vulerable versions patched them.

    Note however, SoBig.F is not an Outlook exploit. It is a "stupid user" exploit that requires the user to click on the attachment. Mozilla Mail, Eudora and all others are just as vulnerable. (Windows operating system is the only common denominator.)

    Once installed on the machine, SoBig uses its own SMTP engine to send mail. True it uses messages from the contacts, but also from cached web page files and text files on the hard drive.

    The article submitter incorrectly implied that SoBig.F is an Outlook-only problem. It is not.

    http://www.sophos.com/virusinfo/analyses/w32sobigf .html

    and

    http://www.sophos.com/support/disinfection/sobigf. html (Question 6)

  43. Re:Standard Practice... by I8TheWorm · · Score: 1 · on Microsoft Identifies, Patches Another Critical RPC Hole

    Lion
    Slapper
    List of other Linux Viruses

    Why bash MS when other OS's have vulnerabilities as well?

  44. Re:AppleScript, AddressBook, and Mail.app by Zoop · · Score: 1 · on Mac's Immunity To Recent Virus Attacks

    You mean, like this?

    The laugh is that -- wait for it -- IT REQUIRES MICROSOFT PRODUCTS TO RUN!!!!!

    Plus it also requires user activation.

    So it technically doesn't meet your criteria (AddressBook and Mail.app). But funny nonetheless.

  45. Re:How many is too many? :-( by Andy+Smith · · Score: 1 · on Microsoft Virus Spam: SoBig.F

    The description in the Sophos advisory is more accurate...

    http://www.sophos.com/virusinfo/articles/sobigf.ht ml

  46. Virus Alert Notification by rottz · · Score: 3, Informative · on W32.Sobig.E@mm Worm Spreading Rapidly

    I've posted all the relevent information about this virus since 4pm on Tuesday, which beat out most of the major news outlets, except cnet. I've keep the info upto date with the list of virus vendors and latest virus news in the online media, and manual removal and automatic removal tools.

    I would like to thank messagelabs, as they are always the first to notify about major virus outbreaks. Sophos is a close second and is good about notifying about everyday viruses. Mcafee's alerts are good, but usually alittle late, they only notify once it hits the news media. Symantec wants you to pay an outragous price for their virus alerts, and I doubt they give you only earlier warning than messagelabs or sophos which provide the service for FREE. Symantec is becoming the Microsoft of Virus vendors, they're trying to spread out everywhere now in the security field, buying up companies left and right. Their quality of product is going down because they don't use a google.com like motto "do one thing and do it well" which they use todo. But their automated virus removal tools are still pretty good. IMHO

    If you would like to sign up to messagelabs's great early warning notification service go here.
    If you want Sophos excellent everyday notification about all virus's go here.
    If you would like to get McAfee's avertlabs notifications, go here.
    or you can just checkout my virus posts on the security-forum.com, but I only post the major outbreaks because there are TOO MANY viruses out there to post every single one. ;)

  47. Virus Alert Notification by rottz · · Score: 3, Informative · on W32.Sobig.E@mm Worm Spreading Rapidly

    I've posted all the relevent information about this virus since 4pm on Tuesday, which beat out most of the major news outlets, except cnet. I've keep the info upto date with the list of virus vendors and latest virus news in the online media, and manual removal and automatic removal tools.

    I would like to thank messagelabs, as they are always the first to notify about major virus outbreaks. Sophos is a close second and is good about notifying about everyday viruses. Mcafee's alerts are good, but usually alittle late, they only notify once it hits the news media. Symantec wants you to pay an outragous price for their virus alerts, and I doubt they give you only earlier warning than messagelabs or sophos which provide the service for FREE. Symantec is becoming the Microsoft of Virus vendors, they're trying to spread out everywhere now in the security field, buying up companies left and right. Their quality of product is going down because they don't use a google.com like motto "do one thing and do it well" which they use todo. But their automated virus removal tools are still pretty good. IMHO

    If you would like to sign up to messagelabs's great early warning notification service go here.
    If you want Sophos excellent everyday notification about all virus's go here.
    If you would like to get McAfee's avertlabs notifications, go here.
    or you can just checkout my virus posts on the security-forum.com, but I only post the major outbreaks because there are TOO MANY viruses out there to post every single one. ;)

  48. Re:Whew! by rsax · · Score: 1 · on Microsoft Acquires RAV Antivirus

    I'm not trying to sell you anything but there's a better way of updating Sophos. Check out Remote Update and Enterprise Manager. I haven't had to do the download, increment roll-out variable song and dance for a while now =)

  49. Whew! by rsax · · Score: 3, Informative · on Microsoft Acquires RAV Antivirus

    Thank God I chose to buy Sophos licenses instead of RAV. For anyone who's looking to replace RAV (on linux, bsd, whatever) check out Sophos. They support a plethora of operating systems, hopefully they won't get bought by M$ too ;)

  50. Re:The solution is... by pjrc · · Score: 1 · on Ballmer Sends Wakeup Call to Staff
    Yeah, leave all your MS apps as they are. That'll work well well for "business consistency". Hmm, let's see...

    MS SQL Server

    Outlook

    Internet Information Server (IIS)

    Internet Explorer

    Word / Office

    All versions of Windows running almost any email client

    And if that's not enough, there are many more examples.