Slashdot Mirror

here's the bl's that i am using with sendmail that would go into your siteconfig.mc file -- that through trial and error -- i have found have zero false positive hit rate... n.b. that the XXX.r.mail-abuse.com (RBL) & XXX.q.mail-abuse.com (QIL) bl's require that you to have a subscription to Trend Micro Advanced Email Reputation Services at http://us.trendmicro.com/us/products/enterprise/ne twork-reputation-services/index.html -- you can get a free trial at https://nssg.trendmicro.com/download/trial/trial-s ervices.php?id=66 --
make sure you select "Email Reputation Services, Advanced". you would then replace the "XXX" in the below with the activation code they would send you:

FEATURE(dnsbl, `XXX.r.mail-abuse.com.', `"550 Mail from " $&{client_addr} " BLOCKED/RBL; see http://www.mail-abuse.com/cgi-bin/lookup?ip_addres s=" $&{client_addr}')

FEATURE(dnsbl, `zen.spamhaus.org.', `"550 Mail from " $&{client_addr} " BLOCKED/ZEN; see http://www.spamhaus.org/query/bl?ip=" $&{client_addr}')

FEATURE(dnsbl, `bhnc.njabl.org.', `"550 Mail from " $&{client_addr} " BLOCKED/BHNC; see http://www.njabl.org/lookup?" $&{client_addr}')

FEATURE(dnsbl, `bl.spamcop.net.', `"550 Mail from " $&{client_addr} " BLOCKED/COP; see http://www.spamcop.net/w3m?action=checkblock&ip=" $&{client_addr}')

FEATURE(dnsbl, `list.dsbl.org.', `"550 Mail from " $&{client_addr} " BLOCKED/DSBL; see http://www.dsbl.org/listing?" $&{client_addr}')

FEATURE(rhsbl, `dsn.rfc-ignorant.org.',`"550 Mail from domain " $`'&{RHS} " BLOCKED/DSN; MX of domain dose not accept bounces in violation of RFC 821/2505/2821, see http://www.rfc-ignorant.org/tools/lookup.php?domai n=" $`'&{RHS}')

FEATURE(rhsbl, `bogusmx.rfc-ignorant.org.',`"550 Mail from domain " $`'&{RHS} " BLOCKED/BMX; MX of domain contains bogus address information in violation of RFC 1035/3330, see http://www.rfc-ignorant.org/tools/lookup.php?domai n=" $`'&{RHS}')

FEATURE(dnsbl, `XXX.q.mail-abuse.com.', `"450 Mail from " $&{client_addr} " BLOCKED/QIL; see http://www.mail-abuse.com/cgi-bin/lookup?ip_addres s=" $&{client_addr}')

FEATURE(dnsbl, `safe.dnsbl.sorbs.net.', `"450 Mail from " $&{client_addr} " BLOCKED/SAFE; see http://www.dnsbl.sorbs.net/lookup.shtml?" $&{client_addr}')

i also use the http://hcpnet.free.fr/milter-greylist greylisting package as well as spamassassin with some custom score tweaks available at http://iconia.com/user_prefs. all this keeps my mailbox as well as other users at a college radio station and a commercial asp with lots of public email addresses on their respective websites relatively spam free.

respectfully submitted,
geoff goodfellow

here's the bl's that i am using with sendmail that would go into your siteconfig.mc file -- that through trial and error -- i have found have zero false positive hit rate... n.b. that the XXX.r.mail-abuse.com (RBL) & XXX.q.mail-abuse.com (QIL) bl's require that you to have a subscription to Trend Micro Advanced Email Reputation Services at http://us.trendmicro.com/us/products/enterprise/ne twork-reputation-services/index.html -- you can get a free trial at https://nssg.trendmicro.com/download/trial/trial-s ervices.php?id=66 --
make sure you select "Email Reputation Services, Advanced". you would then replace the "XXX" in the below with the activation code they would send you:

FEATURE(dnsbl, `XXX.r.mail-abuse.com.', `"550 Mail from " $&{client_addr} " BLOCKED/RBL; see http://www.mail-abuse.com/cgi-bin/lookup?ip_addres s=" $&{client_addr}')

FEATURE(dnsbl, `zen.spamhaus.org.', `"550 Mail from " $&{client_addr} " BLOCKED/ZEN; see http://www.spamhaus.org/query/bl?ip=" $&{client_addr}')

FEATURE(dnsbl, `bhnc.njabl.org.', `"550 Mail from " $&{client_addr} " BLOCKED/BHNC; see http://www.njabl.org/lookup?" $&{client_addr}')

FEATURE(dnsbl, `bl.spamcop.net.', `"550 Mail from " $&{client_addr} " BLOCKED/COP; see http://www.spamcop.net/w3m?action=checkblock&ip=" $&{client_addr}')

FEATURE(dnsbl, `list.dsbl.org.', `"550 Mail from " $&{client_addr} " BLOCKED/DSBL; see http://www.dsbl.org/listing?" $&{client_addr}')

FEATURE(rhsbl, `dsn.rfc-ignorant.org.',`"550 Mail from domain " $`'&{RHS} " BLOCKED/DSN; MX of domain dose not accept bounces in violation of RFC 821/2505/2821, see http://www.rfc-ignorant.org/tools/lookup.php?domai n=" $`'&{RHS}')

FEATURE(rhsbl, `bogusmx.rfc-ignorant.org.',`"550 Mail from domain " $`'&{RHS} " BLOCKED/BMX; MX of domain contains bogus address information in violation of RFC 1035/3330, see http://www.rfc-ignorant.org/tools/lookup.php?domai n=" $`'&{RHS}')

FEATURE(dnsbl, `XXX.q.mail-abuse.com.', `"450 Mail from " $&{client_addr} " BLOCKED/QIL; see http://www.mail-abuse.com/cgi-bin/lookup?ip_addres s=" $&{client_addr}')

FEATURE(dnsbl, `safe.dnsbl.sorbs.net.', `"450 Mail from " $&{client_addr} " BLOCKED/SAFE; see http://www.dnsbl.sorbs.net/lookup.shtml?" $&{client_addr}')

i also use the http://hcpnet.free.fr/milter-greylist greylisting package as well as spamassassin with some custom score tweaks available at http://iconia.com/user_prefs. all this keeps my mailbox as well as other users at a college radio station and a commercial asp with lots of public email addresses on their respective websites relatively spam free.

respectfully submitted,
geoff goodfellow

The AV comment is pure bullshit. Absolutely 100% incorrect.

For quite a while Live OneCare wasn't even available for Vista. AFAIK it STILL hasn't been released for the 64-bit edition, though there is a port in progress.

By comparison, Trend Micro had a public beta of their PC-Cillin 2007 by the time Vista was in public beta (build 5384, well over a year ago). It supports Vista 32-bit and 64-bit editions (as well as XP and 2000).

When I installed the Vista beta and Security Center suggested I install an AV, I clicked the link to recommend one (just for the heck of it, I wasn't going to pay for one as was expecting that's what I'd get... but I also knew Vista's kernel security was going to play havoc with things like Norton Internet Rootkit). Microsoft's own link directed me to PC-Cillin (which I did in fact install, as it was a free beta). I believe OneCare was in beta at the time as well, but was 32-bit XP only. What I am quite sure of is that this was BEFORE Symantec and McAfee strong-armed MS (using this exact type of thing, the "We know that it's not about making your OS better, it's about shutting out compatitors and that's not OK because you were a monopolist say play nice with us!") into opening up PatchGuard. MS, fully aware that PatchGuard was going to interfere with the standard kernel-level hook for realtime AV scanning, had released an API to allow an antivirus program to scan files as they were accessed... and even before Symantec, McAfee, of MS themselves managed to do so, Trend Micro had a perfectly viable product based on that API.

While I don't run PC-Cillin anymore, I can certainly say it was a well-designed program and I experienced none of the numerous problems and annoyances surrounding its better-known competitors. If I were to pay for any AV program, it would probably be that one.

Looks like Windows*. No really. Yes again.

" 1) A Trojanised WMF File (Downloader)
    2) ActiveX/OCX File (dropper)
    The downloaded malware, when executed, installs
    1) A rootkit "

Most of the world is in denial about the whole security issue surrounding
Windows. Even some of the postage on /. is quite alarming. People don't
*want* to know, that's why they don't post it.

[*] - http://blog.trendmicro.com/italian-job-vs-italian- bizness/

If the "known attack vector" is actually a bug in the Microsoft Windows JPEG handling API, will you still be crowing about Safari 3 for MS Windows being broken? Go have a look at the number of problems that exist for previous versions of Microsoft Windows XP, in particular relating to graphic formats of some kind or another.

Besides, from the screenshot of the crash reporter, it's a null pointer dereference (not a heap overflow) - so sure, it's a remotely exploitable denial of service attack, but the browser crashes because the software has detected a problem and decides that the safest way out is to dump core. Let's all go tell the world how broken Safari 3 for MS Windows is!

For example: http://www.trendmicro.com/vinfo/secadvisories/defa ult6.asp?VName=(MS06-078)+Vulnerability+in+Windows +Media+Format+Could+Allow+Remote+Code+Execution+(9 23689)

Have fun.

As I remember it, there was a secondary worm, a "good" worm, that was intended to clean up infected machines if the users wouldn't/couldn't themselves.

http://www.trendmicro.com/vinfo/virusencyclo/defau lt5.asp?VName=WORM_NACHI.A

I understood the intention, but the result was awful.

Amen to that!

I'm not seeing any statistically significant increase in either what's being blocked or what's being accepted by any of the MTA's I manage. Also, Trend Micro's spam stats don't show any major jump in activity either.

I have seen a couple of copies of the spam itself, but nothing major.

When you went and got your PC infected last night. View less pr0n. Alternately, see if some web-based scanner can clean you up: http://housecall.trendmicro.com/.

>Comcast btw said it's not possible for spyware or that ilk to use this much bandwidth.

Speaking as an ISP support admin, I can assure, that's absolutely not true (well, if you include botnets, which is probably 99% of the bandwidth stealing type of nasties people infect their machines with). Now, if you had a machine on the backbone, well, maybe you'd find it tough to end up on a botnet using 100 Mbits+, but the "paltry" 30 Mbits maximum most cable handles (generally the customers modems are DOCSISed to what, 6 Mbits?) wouldn't take any effort to botnet to death.

You should have taped them saying that so we could laugh at them like Verizon.

You should also run spybot and adaware SE personal on that machine. You could also play around with hijack this, but if you do one wrong move with hijack this, you'll need to re-install windows (well, someone who knows their way around windows won't... but I digress). It's probably got plenty more junk on it if you found 24 viruses. In fact, I'd probably consider getting a shop to nuke it and re-install it; after that sort of abuse windows usually becomes pretty fragile, and the PPPoE stack (needed for your new DSL) is going to be one of the first things to break.

When your F-Prot trial runs out, uninstall it and grab AVG, a free antivirus. You can do a check (and repair) of your computer without installing an anti-virus with Trend Micro's Housecall or BitDefender. Enjoy!

Good job taking care of inbound spam, but whan will they do something about spam emanating from their networks?

https://nssg.trendmicro.com/nrs/reports/rank.php?p age=1

See #5.

It's due to the particular suite we use:
http://esupport.trendmicro.com/support/viewxml.do? ContentID=EN-1034059&id=EN-1034059

Apparently the SMB software gets the scraps of the coding team.

There are Linux viruses in the wild, you just have to be a complete idiot to get them. I have had the pleasure (hey this doesn't happen often) of seeing an old Linux install that had one when the company I worked for was hired as an outsourced IT department. Ok, technically it was a back door, and for the curious, this was it: http://www.trendmicro.com/vinfo/virusencyclo/defau lt5.asp?VName=ELF_RST.B

Scanned with HouseCall.

Trend Microsystems "Sysclean" package. It's just an exe file with the scanning engine, and you download the latest virus def patternfile, and it scans your computer. Very nice; TM I think is the best commercial AV product available.
Sysclean executable:
http://www.trendmicro.com/download/dcs.asp (under "Not a Trend Micro Customer")
Pattern files:
http://www.trendmicro.com/download/pattern.asp

I also carry, in the "Antivirus" folder:
Various utilities I've collected for removing Symantec AV
AVG Free installer (I tried to talk people into TrendMicro, because I honestly think it's better, but if they flat out refused, I'd install AVG for them - less virusy computers on teh intarwebs is a good thing)
vcleaner - avg's somewhat less capable version of TM's sysclean package.

Also:
A series of handy apps, including:
7zip - v313 (the older one seems to have less bloat)
adobe acrobat
Divx codec
VLC Media Player
Firefox
Winamp 2.92
IttyBittyProcessManager
Angry IP scanner
Killbox
MSRDPCLI.exe (MS Remote Desktop Client - for 2000/98 machines)
vbrun60 files

and a folder called "Computer Cleanup", containing:
ad aware personal (plus the latest defs.ref file, available form lavasoftusa.com)
CWShredder (remove cool web search spyware)
Hijack this
ewido setup
LSP Fix (for sneaky spywares that replace something with dns)
WinsockXPFix
BugOff
RegVac
Spybot S&D (plus latest update packs)

Yep.

Trend Microsystems "Sysclean" package. It's just an exe file with the scanning engine, and you download the latest virus def patternfile, and it scans your computer. Very nice; TM I think is the best commercial AV product available.
Sysclean executable:
http://www.trendmicro.com/download/dcs.asp (under "Not a Trend Micro Customer")
Pattern files:
http://www.trendmicro.com/download/pattern.asp

I also carry, in the "Antivirus" folder:
Various utilities I've collected for removing Symantec AV
AVG Free installer (I tried to talk people into TrendMicro, because I honestly think it's better, but if they flat out refused, I'd install AVG for them - less virusy computers on teh intarwebs is a good thing)
vcleaner - avg's somewhat less capable version of TM's sysclean package.

Also:
A series of handy apps, including:
7zip - v313 (the older one seems to have less bloat)
adobe acrobat
Divx codec
VLC Media Player
Firefox
Winamp 2.92
IttyBittyProcessManager
Angry IP scanner
Killbox
MSRDPCLI.exe (MS Remote Desktop Client - for 2000/98 machines)
vbrun60 files

and a folder called "Computer Cleanup", containing:
ad aware personal (plus the latest defs.ref file, available form lavasoftusa.com)
CWShredder (remove cool web search spyware)
Hijack this
ewido setup
LSP Fix (for sneaky spywares that replace something with dns)
WinsockXPFix
BugOff
RegVac
Spybot S&D (plus latest update packs)

Yep.

https://nssg.trendmicro.com/nrs/reports/rank.php?p age=1

I don't use AV and I've never had a virus.

Caveat: I run Trend Micro's Free Online Housecall Virus Scan occasionally and it's always clean.

If that's "using an AV" then so be it, but I don't install the resource hogging, flawed-by-design wastes of money on my system.

I've said this all before.

The article is lacking many details, like specifically which browsers seem to be vulnerable to this problem, or even if this is a browser bug that it is exploiting.... It could be a server side problem they are exploiting, or a client side browser bug.

It is a server side bug. They allow javascript to run in mail messages.

It says the vulnerable systems are every Windows OS, so it appears to be a client side problem with Internet Exploder

I saw it work under OS X 10.4 and Safari in my GF's account. For slightly more info check out this link.

For cleaning out malware, unless I was packing software with me, I'd do a scan with housecall.trendmicro.com. It does Linux too. NOD32>/a> is the most impressive Windows scanner I've found. For cleaning out and managing the registry, you want JV16 Power Tools, but running msconfig's the quickest way to clean the crap out of the registry as you don't need anything to download. Now I am not sure if Vista has a similar registry setup (hopefully not), but my first move would be to fire up msconfig, go to the start up tab, and fire away at anything that doesn't look too critical while crossing my fingers. Make sure to cross your fingers!

My favorites: For online scans, housecall.trendmicro.com is your way to go. Does Linux too. NOD32 is the most impressive Windows scanner I've found. For cleaning out and managing the registry, you want JV16 Power Tools, but running msconfig's the quickest way to clean the crap out of the registry as you don't need anything to download. Be careful though...

What I can't understand is why people will pay $500-$2500 for their computer, another $200-$1000 for software, but won't pay a measly $20-$40 per year for an antivirus.

I use Trend Micro Pc-cillin Internet Security 2006. It's $50 to buy, and $25 a year after the first year, and it's the best I've tried so far. It includes antivirus, firewall (very configurable), anti-spam (which I don't use), and malware protection.

Unlike Norton, which only updates their definitions once a week, Trend Micro updates theirs every three hours. It's the same update frequency as their enterprise solutions, which are very powerful and easy to administer.

I know I sound like a commercial, but come on; with all the money you've spent on your computer, don't skimp on protecting it. Then again, as others have suggested, you could just go with Mac or Linux and not worry about viruses at all. (Just get something to protect against worms and root attacks.)

What I can't understand is why people will pay $500-$2500 for their computer, another $200-$1000 for software, but won't pay a measly $20-$40 per year for an antivirus.

I use Trend Micro Pc-cillin Internet Security 2006. It's $50 to buy, and $25 a year after the first year, and it's the best I've tried so far. It includes antivirus, firewall (very configurable), anti-spam (which I don't use), and malware protection.

Unlike Norton, which only updates their definitions once a week, Trend Micro updates theirs every three hours. It's the same update frequency as their enterprise solutions, which are very powerful and easy to administer.

I know I sound like a commercial, but come on; with all the money you've spent on your computer, don't skimp on protecting it. Then again, as others have suggested, you could just go with Mac or Linux and not worry about viruses at all. (Just get something to protect against worms and root attacks.)

I don't know much about enterprise AV, however a friend of mine is the IT manager for a decent sized food packing plant and I know he runs the corporate PCCillin (from TrendMicro) and raves about it.

I use their personal edition and have been very happy about it (doesn't feel nearly as bloated as symantec and mcafee will often feel). However this is all based on feel... I don't have any benchmarks or evidence for you...

Your best bet if you want to not care if it's Exchange or anything else, go for a gateway product.

1) If you want to house on site, then use this: Trend Micro InterScan Messaging Security Suite It runs on windows, and has a really good hit rate for SPAM and it's even better with viruses.

2) If you don't mind getting someone else to do it for you: MessageLabs Spam and Virus filtering

The IMSS solution I am not going to turn around to you and say that it's the absolute best thing on the face of the planet, as quite simply I just haven't seen something out there yet, that really makes me go WOW! It is however, a really good gateway product, and works extremely well, if nothing else, it's the pick of a bad bunch. It's very configurable, and in from my experiences with it, tends not to screw up. That's a pretty important factor for me.

The MessageLabs solution is another gateway solution. It's not housed by you, so it takes up no server resources on your part, and the solution is extremely redundant. Certainly a hell of a lot more than you are going to get paying for it yourself in most instances. Their virus and spam definitions are essentially second to none, and the rates of false positives I have seen for spam are very good as well. Their interface on their web site isn't exactly feature rich, in actual fact it really is quite sparse, but then it does cover the basics, and their retention times for bad mails are good too.

So for gateway products, these are what I am recommending to customers at the moment. I am tending to not push for server based (Exchange server / Information Store) AV as hardware is cheap and if it's not on there it can't cause you any problems. All this tied in with the fact that it doesn't scale leads me to think that it's not worth it. The other suggestion would be to run Exchange on port 26 and have this on port 25. That way it can be on the same box, but it shouldn't interfere with Exchange at all.

I have no idea what your discount schedule is for resellers, so I can't even get you indicitive pricing. I also don't know where you are, so that helps me even less.

Happy hunting!

Berny

Not very long ago, when the Kama Sutra (Nyxem.E, MyWife, whatever) worm was released to the world it seemed to take absolutely forever to find anyone with a solution for the removal or even the detection of the thing.

• Kaspersky (I think) - which seems to use GMT for their times,
  
• Symantec - I don't know what timezone they use.

I pay $30 per year for Trend Micro Internet Security, which has...

• antivirus - one that actually works, and offers definition updates every three hours
• anti-spyware - which works great; running Ad-Aware periodically to double-check has only uncovered the occasional tracking cookie
• anti-spam - I don't actually use this, because I use web-based e-mail for everything
• firewall - highly configurable, with several built-in profiles and the ability to create your own with different port, IP, and program specifications
• excellent customer service - extensive knowledge base, and quick e-mail support, with premium support available

So let me think... Am I going to pay Microsoft $50 for a 1.0 product, which I expect to function as well as any Microsoft 1.0 product ever has--not to mention making blatantly false claims about being 'fresh' because they've come up with an all-in-one security suite? Or am I going to stick with a program with a great track record for home and corporate applications, that costs considerably less?

Ooh, this could be a tough decision...

...and sell Trend Micro Internet Security instead?

I've been using Trend Micro for the last couple of years. It's already got the full meal deal Symantec is promising, and it's actually updated in near-real-time (every three hours).

Here's how to know the difference between a money-making press release, and an honest story: The press release says "Fear, fear, fear!!!"

The honest story gives you links to tools for eliminating the threat: You can run this tool: W32.Blackmal@mm Removal Tool, which apparently removes all variants of the worm.

Here are manual instructions: WORM_GREW.A, Also known as: CME-24

Here is the list of names of the CME-24 worm, and links to removal methods: CME-24 aliases, information, and removal tools.

Hello,

A bit of searching came up with the following free or trial versions of anti-virus programs which are capable of detecting and removing Win32/MyWife (née CME-24):

Alwil - Avast! 4 Home Edition (free for personal non-commercial use)
ESET - NOD32 trial version (30-day evaluation)
Grisoft - AVG Free Edition (free for personal non-commercial use)
Kaspersky Lab - Anti-Virus Personal 5.0 (30-day evaluation)
McAfee - VirusScan (30-day evaluation)
Microsoft - Windows Malicious Software Removal Tool (KB890830) (free)
Panda - Titanium Antivirus 2006 (30-day evaluation)
Sophos - Anti-Virus (30-day evaluation)
Symantec - W32.Blackmal@mm Removal Tool (free)
Trend Micro - PC-cillin Trial Version (30-day evaluation)

I'm certain other readers will look up and post links to additional vendors, too. Ob-disclaimer: I happen to work for one of the companies listed above, so there.

Regards,

Aryeh Goretsky

Why not tackle the problems head-on yourself...

Because a lot of sysadmins don't have the luxury of having time to do their jobs properly. If your company has passed its 'boom' stage, and even its 'comfortably profitable' stage, and is into its 'slowly dying' stage, like so many large, bloated corporations, an office of 50 people might have one sysadmin who also handles database, documentation, tech support, and god knows what else. In a company like that, a good security suite, in addition to proper hardware firewalls and remote security services, makes it possible for the company to exist without daily worm shutdowns.

Actually, it doesnt work with FF 1.x.x or less, it works fine in 1.4 RC# and 1.5.

I've been sucessfully updating mcafee on customers machines with FF 1.5 since it came out, much to my suprise. However, sites like TrendMicro dont work still.

Hound Trend Micro about FF support

http://housecall.trendmicro.com/ allready done, java virus scanner, cross platform, removes as well as finds. Now if only it worked as resident protection... ahh well, now that would be wanting everything :)

http://housecall.trendmicro.com/

Strange thing is, I have a free virus scanner, and all the viruses it's found are email attachments in spam. Even if I didn't have one, it's pretty obvious what email attachments are unsafe, based on sender and file extension. I use Thunderbird but even Outlook Express will stop you running executable email attachments - VBS, SCR, EXE, PIF and so on.

I reckon the whole virus threat is hype quite frankly. And you can block 100% of current Windows exploits with the built in firewall. Once again, I'm overprotected since I have a NAT router as well.

when you say "I haven't gotten any spyware in a long time and (to my knowledge) have never been infected by a virus/trojan/worm", is very telling. This means you've never bothered to scan your computer, because you're in denial about the state of its security.

When I say "Though I have no real-time antivirus software installed for performance reasons, I occasionally run a scan at Trend Micro's HouseCall site and it hasn't yet found anything of significance", does that sound more informed?

Nice of Symantec to decide to catch up. TrendMicro's House Call site offers an free online virus scan that is able to detect and remove any virus that can be removed with their other products. It's an ActiveX control based scanner though so it's not cross platform, though the biggest need for this service is by far windows. Very useful site, has saved me a ton of headaches with remote users who have been infected by viruses that have taken down their local virus scanner (usually symantec) by killing it's process.

McAfee's been doing this for years and when I was doing tech support, I frequently recommended my customers use Trend Micro HouseCall, a free online virus scan, whenever their current virus scanner wasn't working or wasn't installed.

Personnally I like TrendMicro's Housecall antivirus and antispyware scans. It doesn't get installed like a typical antivirus program. It runs through your web browser and scans your system that way. It is totally free, and everytime you scan the virus list will be up to date. I don't like having antivirus programs installed taking up processing power, or just mucking up a fresh Windows install. The only downside to the TrendMicro Housecall is that it requires IE. But I trust their site and only use IE to go to that one site.

Thanks for putting it gently. Part of the reason I have trouble understanding this security stuff is that it's all hypothetical to me. I've been a Windows user since 3.1 (since DOS, really) and I have never had a virus. I don't run virus software, and I only just recently started using a firewall, even though I've been on the Internet since the mid-'90s. Hehe, literally. Common sense is my weapon of choice.

And before anyone says something to the extent, Well how do you know you've never had a virus?—I use Housecall from time to time just to be sure.

Internet Storm Center has information about new variant reported by TrendMicro:
http://isc.sans.org/diary.php?storyid=829

and the description itself is at http://www.trendmicro.com/vinfo/virusencyclo/defau lt5.asp?VName=ELF_LUPPER.B&VSect=P

Here are sites detailing this myth...

http://www.truthorfiction.com/rumors/k/keycards.ht m
http://www.breakthechain.org/exclusives/keycards.h tml
http://www.trendmicro.com/vinfo/hoaxes/hoaxDetails .asp?HName=Hotel+Key+Card+Hoax&Page=4

I'm surprised this one passed thru Slashdot's editorial staff.

the summary links to popcap games autoinstall which are deemed a security threat by various anti-virus programs

if you value your PC (or your job) i would be careful about clicking links to sites which try to automatically install software which is deemed a security/privacy threat , very irresponsible of slashdot to even link to such sites

My ASUS PC with an AMD processor has Antivirus built into the hardware. There's even a BIOS setting to enable/disable antivirus. AMD uses DEP.
http://news.zdnet.com/2100-1009_22-5137832.html

ASUS uses TREND CHIP.
http://www.trendmicro.com/en/about/news/pr/archive /1999/pr062199.htm

So I guess Intel is playing catch up? On the marketing, I mean.

This thing here is aparently a pretty good tool specifically for removing cool web search. I haven't ever been infected with cool web but I have read in several magazines and some trustworthy webpages about this tool.

think of the the amount of scammers that would go out of business

when there is so much money in it, its never gonna stop until we kill the disease, not treat the symptoms

you can scan your windows systems with the following 2 online windows scanners from time to time:

http://www3.ca.com/virusinfo/virusscan.aspx
http://housecall.trendmicro.com/

As usual, trend have thier info strait about this exploit, and good ways to prevent it...
http://www.trendmicro.com/vinfo/secadvisories/defa ult6.asp?VNAME=(MS05-039)+Vulnerability+in+Plug+an d+Play+Could+Allow+Remote+Code+Execution+and+Eleva tion+of+Privilege+(899588)&Page=

If Service Packs were more frequent, if users' browsing practices were more informed, and if the already discovered exploits were acted on more swiftly by Microsoft and the larger/corporate-market antivirus companies like Norton (notorious for deciding some things, like certain trojans, just aren't worth detecting of fixing - just cross reference shinwow.java here and here, it gets priveleges from the BYTEVERIFY.java exploit).

<rant>
Norton gives removal instructions - but what the site doesn't mention is NORTON PRODUCTS ON WINDOWS DO NOT DETECT THE PRESENCE OF THE VIRUS. Kaspersky, eTrust EZArmor, and others do detect the virus. Which begs the question, why doesn't Norton's latest home AV package?
</rant>

Basically, a guarantee from MS of 24 hour patching wouldn't be an end in itself IMHO. Also, it's easy to make Microsoft look bad if they've got so many exploits that they've got a rapid deployment of patches. Basically, I want Windows Updates the way my Mac updates, click the Apple->Software Update done. I've used it for just under 7 months, so far I've had 10.3.[7-9] and 10.4.[0-1]. In the same time Windows is Service Pack 2, and the only other notable change was the recent auto update about a change to auto update.

So 5 updates to Panther/Tiger, maybe one I noticed for Windows. I wouldn't have any greater impression of security on Windows if daily patches were an option, I think it'd just be something for the CVS users to Beta test with no prospect of an Alpha, unless Longhorn is going to do that by RSS too :-)

OK, so we have a bunch of ignorant users who either don't know or don't care about this problem. I've always wondered if there was a good use for an Internet chain letter, and I think I've finally found one. Just send the following message to your favorite ignorant user. Maybe if this spreads, people will be so afraid that they'll actually clean their systems. Or at least we'll get to watch them squirm.

Subj: WARNING!!! Get rid of viruses or go to jail!!!

Please read this message! It is extremely important! It might even keep you out of jail!!!

You've probably heard about all the computer viruses that have been spreading like wildfire in the past few years. What you probably haven't heard is what they've been doing to the computers they infect. They've been turning these computers into "zombie computers" that can be controlled over the Internet to send spam, to attack other computers and Web sites, and to spread "phishing scams" to trick people into turning over credit card and bank account information to criminals. These infected computers are grouped into "botnets" and rented out to do the dirty work of whoever is willing to pay, often spammers, extortionists, and other criminal gangs located here and overseas in places like Russia, China, and Eastern Europe. AND YOUR COMPUTER COULD BE A ZOMBIE WITHOUT YOU EVEN KNOWING IT! RIGHT NOW, EVEN AS YOU READ THIS, YOUR COMPUTER COULD BE CHURNING OUT SPAM OR PERFORMING MANY OTHER CRIMINAL ACTIVITIES!!!

This isn't just a minor problem. In fact, it's gotten so bad that THE FEDERAL GOVERNMENT WILL SOON START PROSECUTING PEOPLE WITH INFECTED COMPUTERS!

In a recent Senate committee hearing, Dept. of Homeland Security secretary Tom Ridge said, "The attacks these infected computers can launch has become a matter of national security. We've tried and tried to educate people to run antivirus software to keep their computers free of these viruses, but it appears they aren't listening. I hate the idea of having to start prosecuting ordinary Americans for this, but we don't have many options left."

Ridge went on to say that DHS wants to give people time to get these viruses off their computers, so they plan to wait until Tuesday, September 6, 2005 before they start filing charges.

So, you have until TUESDAY, SEPTEMBER 6, 2005 (the day after Labor Day) to clean your computer of viruses. Otherwise, YOU COULD BE PROSECUTED!!!

BUT DON'T PANIC! Cleaning your computer is easy, and you don't even have to shell out any money to do it. Several antivirus companies have stepped up to the plate to help people meet this important deadline by offering free antivirus software.

AVG Free Edition
http://free.grisoft.com/

avast!
http://www.avast.com/eng/down_home.html

AntiVir Personal Edition Classic
http://www.free-av.com/

Even Microsoft has put up a site with links to free antivirus software from several companies.

http://www.microsoft.com/athome/security/protect/w indows2000/antivirus.mspx

If you don't have time to download and install antivirus software right now, several antivirus companies have even put up sites to do a quick scan and clean any viruses they find. THEY DON'T REPLACE ANTIVIRUS SOFTWARE, but they will let you quickly clean your computer until you can get software installed.

Trend Micro
http://housecall.trendmicro.com/

Symantec
http://security.symantec.com/sscv6/default.asp?pro ductid=symhome&langid=ie&venid=sym

McAfee
http://us.mcafe

This leads to many problems like stuff found recently in almost all Computer Associates eTrust Antivirus products. Because Zonealarm licenced the same software, they were affected, too.

This is just one example of many :

• McAfee
• Trend Micro
• F-Secure
• Symantec

So many well known enterprice Antivurs/Firewall companys create drivers that lead to security flaws and it is not limited to Windows....