Clever New Windows Worm

freakboy303 sent in linkage to a new worm that will no doubt be cluttering our inboxes soon. Clever bits include running its own SMTP service to increase chance of success, as well as using a bunch of spaces to disguise the true extension of the executable. No doubt countless copycats will soon follow and our inboxes will be cluttered by countless copies of the thing. Not that there's a problem with windows security.

Is this slashdot or a Windows bug tracker?

[dark_panda]

Is it just me or is slashdot slowly turning into bugtraq here? Do we really need to hear about every single fscking Windows bug and exploit found?

I see two stories concerning an Outlook virus and an XP exploit within two hours or so of each other, with one new story in between.

Can we move along to some real news for nerds, some real stuff that matters? Or at least add an option to ignore the damn Outlook virus updates and other nonsense.

J

I disagree.

Windows is a piece of SHIT!

It is NOT true that there are security problems in every OS. Some architectures are intrinsically more secure than others, and YES, it is the case that a UNIX-like OS is usually much more secure than any version of Windows. It does have room for improvement, but it is in any case better than Windows.

We point our finger at Microsoft every chance we get because they never stop being incompetent. We do it because they piss us off by spreading FUD (remember the Embedded XP vs. Embedded Linux crap?).

Or is this too much for you to get?

Wrong again!

[Frank+Sullivan]

Actually, ELF executables running under a normal user account CANNOT do the most interesting part, namely run their own SMTP server. Root access is required to open a low-numbered port.

Geez, don't people know at least the rudiments here?

Re:More Slashdot demagoguery?

[ignavus]

There are security problems in EVERY OS

Now there is an un-insightful comment if ever I saw one.

Compare a person with typhoid fever, and a person with the common cold - and say after me:"There are health problems in BOTH persons". Yeah, right. There's no difference at all. Sure.

MS have gone all out on newby useability and speed; they have cut corners on security and efficiency (no, efficiency is NOT the same thing as speed). They have gone all out on internet gadgetry (pity the poor user with a standalone PC and all that mandatory networking cruft), but left out sensible safeguards which have existed in Unix for decades (eg don't give every process total control over the system, as is the case in all the Win9x OSs).

Sorry, but Microsoft products are "unsafe at any speed" - their security is appalling. In any other industry, they would be banned for negligent product design (think Ralph Nader and the auto industry). Public and private organisations (and users like you) are too hooked to see that after 20 years in business, MS is producing worse quality stuff than they did in the 1980s.

It is all because of that monopoly thing, and lack of competition - the driving force of innovation (not "we know best", which is MS's current approach to security and competition).

On security, Microsoft DESERVE to have the finger pointed at them.

Re:*sigh*

[deviantonline]

when is this shit going to end? when will windows be a secure operating system?

Re:More Slashdot demagoguery?

[NDPTAL85]

Oh quit your insipid trolling and shut the fuck up already. Yeah I'm talking to you WireTap!

Re:You don't get it

[rhizome]

Linux is just as vulnerable as Windows.

Only if the user is logged in as root. A big problem with Windows is that the user logged in with local admin permissions (default) runs everything under the Windows equivalent of root. So yes, it's possible for Linux to be vulnerable, but at least it gives you a choice of not acting as root.

poor appology

[Erris]

What's your point? M$ bought a Quick and Dirty Operting System and did little to improve it's security model? Don't be fooled, this was done for profit not user convenience.

People have been screaming all along that their approach was irresponsible and would swamp the rest of us in a tide of shit. Bill Gates decided it was time to take over the internet back in 95 or so. He did not ignore the internet in "The Road Ahead" because he was worried about what his half assed OS would do to other people. He ignored it because he had a limited imagination. There is nothing inherently conveinient in the stupid single user mode M$ chose to keep. While the free software community developed unix like file systems with permisions to run multi user OS on top of DOS, Bill Gates started tacking on inconvient and usless things like the loggon screen. As the free software community adopted the tried and true security models of Unix, Bill Gates was busy making a mail client that would auto execute atttachments. Each step of the way, responsible people cried out in alarm. Today we suffer, but none like those who pay to trust M$.

That's not what the box said

[Erris]

I've seen the NT boxes sitting on shelves where I work, "New Technology". It was not exactly new even then, nor did it thread very well. It was better than their DOS junk, too bad they were so wrong headed as to consider it a "Unix killer". They were clueless then and they are clueless now.

Re:More Slashdot demagoguery?

[rjamestaylor]

• Fact is, bad publicity is still publicity

Ignoring MS won't make it go away. Besides, MS is a real, honest-to-Allah monopoly. I haven't seen the stats but I imagine the User Agent most commonly found in /.'s combined access_log is some combination of Windows/MSIE (heck, since my Toshiba is in the shop today getting a new motherboard -- I dropped it and broke the PCMCIA connector...Toshiba's warranty service rocks -- I'm contributing "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Q312461)" to the log), so look at it as a community service. Whether or not /. mentions MS will have no bearing on MS' successful and ubiquitous advertising efforts (even Linux Mag is infected with MS ads).