Slashdot Mirror
Bugbear Windows Virus Making the Rounds
lysurgon writes "CNN.com is reporting that the "BugBear" virus (Windows/Outlook only) is spreading quickly. Unlike ILovYou-type viri, instead of deleting files or just propagating itself, this animal disables firewall software and opens a port to receive remote commands. The article doesn't draw this conclusion, but this effectively sets up slave machines for DDoS uses. Also worth noting is the puzzlement of anti-virus guys as to why they haven't been able to make the virus spread in the lab. "One of the theories is that this requires an Internet connection in order to spread." Gee, you don't say?"
Probably coded to sit idle if it's domain is symantec.com, etc.
"This isn't a study in computer science, its a study in human behavior"
Get it here
Like this chick at the bar down the street wanted three beers and a martini in order to spread...this virus needs the internet in order to spread. To each his own.
Also worth noting is the puzzlement of anti-virus guys as to why they haven't been able to make the virus spread in the lab. "One of the theories is that this requires an Internet connection in order to spread." Gee, you don't say?"
And people at my school and my family wonder why I don't use an AV software. I always tell them that common sense is the best weapon against viruses and that the AV people don't have any common sense and are just snake oil vendors. Just kinda proves my point, eh?
http://www.microsoft.com/technet/treeview/default. asp?url=/technet/security/bulletin/MS01-020.asp
Blame the admin
Whew! Good thing I don't use any firewall software!
bytesmythe
Hypocrisy is the resin that holds the plywood of society together.
-- Scott Meyer
Unlike ILovYou-type viri,
A bit off-topic, I know, but here's an interesting link about the word "viri", the alleged plural of "virus": What 's the Plural of 'Virus'?
Use Ctrl-C instead of ESC in Vim!
IMHO Bugbear's spreading relies solely on social engineer. Labs have nothing to do with social-anything. That's why you can reproduce it in there :))
2 workstations at a client of mine caught this bug. The AV system kicked in shortly thereafter, and stopped the spread. (I had to manually clean the machines, though)
Strange symptoms appeared just before we knew there was a virus: All of the printers in the network started printing garbage. I had to reload the print drivers from CD for all the server's printers to stop the effect.
Anyone else seen the virus in a network? Anyone else seen similar print symptoms?
Get it here
chmod -r 000 /
It's pretty impressive that this virus disables anti-virus software, and covers quite a large list of AV/Firewall programs.
tech details
Have any other virii in the past done this, or is this a first?
www.christopherlewis.com
Is it just another naughty email attachment?
I dont know about you, but these insane viruses for outlook just don't have the same surprise effect as they once did. I guess we're just getting so used to them.
Man, I'm terrified. My mother got this and now a whole series of e-mails I sent to her about 3 years ago are suddenly being sent to almost everyone she has ever e-mailed or received e-mail from. People who were CC:ed on things I sent her are receiving personal e-mails I sent to her.
I'm waiting for the one where I said really terrible things about someone to land in the wrong hands and start causing all sorts of disasters. After this, I'm going to be a lot more careful about what I say in e-mails.
My machine is relatively safe, but I can't vouch for the person I'm sending e-mails to. I wouldn't be surprised if a lot of relationship get screwed up before this is all over.
I am sure they are not as popular but I am sure there are still viruses and things that rely on floppies and other media for propagation. So if you have a machine that gets all its outside data from a floppy, this virii wouldn't be able to be propagated.
Eudora - http://www.Eudora.com
Opera Mail - http://www.opera.com
Mozilla - http://www.mozilla.org
Netscape - http://www.netscape.com
I hate to sound callous, but if you're on a standard PPP or SLIP internet connection at home, and you're running Outlook or Outlook Express, then you get what you deserve. If your company is running Exchange Server, then your company is getting what it deserves.
Fool me once, shame on you. Fool me twice, shame on me. Except between Melissa, ILoveYou, Sircam, Klez, and now this, it's what, fool me a dozen times? Do people just enjoy getting kicked in the teeth repeatedly?
Get 8 FREE issues - no risk!
Your Gift
Get a FREE gift!
150 FREE Bonus!
25 merchants and rising
New bonus in your cash account
etc..
If you have to write a mailing virus that relies on people opening it, why would you make it use spam-like subjects?
Is there a patch for KMail? I'd hate to be caught off guard on this one!
-- Many men would appreciate a woman's mind more if they could fondle it
... and if it were, it would be the plural of virius. Viruses should be the plural of virus, because virus does not have a known plural in Latin, but if viri is becoming the accepted plural, live with it.
I hereby place the above post in the public domain.
I learned about this virus *from my mom* an hour before it was posted on Slashdot. If that isn't a sign that this site has jumped the shark, I don't know what is. ;-)
The virus has a "bug": when it does its filthy things with window shares it also does something with shared printers, so if one morning you find a stack of paper on the printer with one line of gibberish per sheet (and something about a DOS program not being able to execute) it could be BearBug. Or someone who printed out and exe file from notepad.
FP
This is an exploit of a hole that was fixed last year, yet it makes the /. front page??
/. front page. Would that perhaps be because this one is a Windows exploit and the last two were Linux/Apache exploits, by any chance, just possibly?
However the last two major outbreaks which exploited holes patched yonks ago didn't make the
My son received this beauty this afternoon, Norton got it whitout problems.
But that is not the point. His machine resides in our home network, behind a Linux gateway/firewall. My Linux gateway/firewall, mind you. This lousy little Outlook inhabitant has zero chances of disabling our firewall or opening a arbitrary port somewhere. Anything going in or out has a name in rc.firewall. Anything not mentioned there is not going anywhere.
Granted, I don't have much experience with "personal" firewalls and Windows firewall in general. Are they that easy to disable?
I love you was more of a worm than a virus.
Ignorance kills, complacency kills, hatred kills, but usually not the ones guilty of them.
The vulnerability that this exploits in Outlook and Outlook Express has been patched since March 29, 2001.
If you run Apache and haven't patched since March 2001, you're vulnerable.
If you run OpenSSL and haven't patched since March 2001, you're vulnerable.
If you run WU-FTPd, Sendmail, or any other numerous programs with vulnerabilities and haven't patched since March 2001, you're vulnerable.
At this point, there is no one left to blame but people who simply never update their computers. It's the same g&^damn hole that this exploits every single time, folks. Outlook 2000's patch has been out for well over a year. Outlook XP doesn't even HAVE this vulnerability!
Stop whining about what programs other people choose to run, and encourage them to learn how to patch their systems. No matter what OS you run, patching it is going to be important. Windows XP, Mac OS X, Debian, and Red Hat all make it incredibly easy to patch your system. People spreading this crap around no longer have an excuse.
Simpli - Your source for San Jose dedicated servers and colocation!
your thinking of smtp auth, wich is widely supported. (at least on clients) SPA is a microsoft thing. again vendor lock in.
format c:
Microsoft announced a new approach for virus protection. They call it the Microsoft Outlook Express ZappoTron Lab. Here's how it works. Microsoft, in cohorts with Dell, send a team to your site to install a lab of 100 Windows sportin' Dell PCs connected via a fat pipe to the internet. On each PC is installed a copy of Outlook Express (of course) which is set to check email constantly. Like the people who create them, viruses always take the path of least resistance and as such viruses in the wild are uncontrollably drawn to the Microsoft Outlook Express ZappoTron Lab instead of to your real PCs. It's that simple. Note: Microsoft encourages you to install all Windows and Outlook Express updates, especially pay updates, since they inevitably prove to open up new, even more gaping holes that are just too tempting for viruses to ignore.
--- What?
If one more fucking moron here refers to the plural of "virus" as "viri" or "virii" I'm gonna kill someone. Learn to use a fucking dictionary. I thought you people were supposed to be smart.
It's VIRUSES. This has been discussed many times already (anytime a virus-related article comes up and yet another moron uses viriiiiii).
While everybody else speculates about how to get rid of the virus, why it won't spread in the lab, etc. I'd like to address the person who shipped this in the first place.
Have you taken the time to carefully consider your DDOS targets? For example, is the RIAA on your list (http://www.riaa.org/)? What about the MPAA (http://www.mpaa.org/)? Fritz Hollings, Senator from Disney (http://hollings.senate.gov/)? Adobe, Blizzard, or anyone else abusing the DMCA? Microsoft?
When you've got a dangerous weapon in your hands, use it wisely...
Sigs are for people who started using the net _after_ '86.
On the other side of the spectrum though have to be those who think everything that goes wrong is a virus. I can't find my document, it's a virus! (no it's not, you saved it somewhere else, doofus) I can't highlight this word in Excel - it's a virus! (no, you just need to RTFM) I'm getting spam, so I must have a virus! (sigh...)
It's true - getting some people online is a Sisyphean ordeal. My parents bought a Dell because of the kid in the commercials...
Schnapple
Does this affect pine? On Linux?
To everyone who reads your post, you're just another faceless name boosting the amazingly high noise/signal ratio around here. I think I'm going to post trolls to every thread about briefs being superior to boxers. Cause, you know, people care.
(-1 Flamebait, Troll, Too much Realism)
this isn't directed specifically towards you frodo... just seemed like a good place to hook a rant
Turn it on.
It's been a bad day, so - ::begin true it-happened-to-me BOFH-style rant:: ::Sorry for the length, but I feel better now::
Yanno, I've been telling my users for years now that the easiest way to stay safe is to keep updating. I even (choke cough sputter) turned on "Automatic Update" in Windows, just so it would keep them up-to-date. They disabled it, claiming "Every once in a while things would get slow for a bit, but now it's fine" or my favorite "I got funny messages". (PS: Also had to reimage 7 machines because somebody decided he was a geek and he could just copy his registry between machines).
So I capitulated, and started sending everyone reminders by email when they had to update. I included the URL to windowsupdate and copious instructions. "It's too hard, I don't know what to do", they whined. I tried sending them the enterprise update exe's. They downloaded them, alright... put them right on their desktop, and forgot about them. I rewrote the reminder emails to include a script to do everything for them. It worked, for a bit... then I started noticing machines not being updated, and virii floating around that shouldn't. Turns out they'd started sending my emails right to the trash. "It didn't seem to do anything", they said, "it just popped up some box and then went away, so I figured I didn't need it." The box, of course, said "PERFORMING AN IMPORTANT UPDATE ON WINDOWS, PLEASE WAIT."
Exasperated, I set up the NT login script to push the updates to the user (which I'd been avoiding, it involved actually getting the NT server working). It seemed to work fine, until one day I browsed the network by accident (hit the wrong button), and noticed that I had 65 computers in the group in an office of almost 200. Turns out some genius had found his way into Network properties and changed the setup to skip login to the NT server. "It was really annoying", they said, "I'd start up my computer in the morning, and then I'd have to wait for, like, a whole minute or two! Sometimes it wasn't even done when I got back from getting coffee! This is so much easier, we just hit 'escape' when the login screen comes up. Why didn't you do this in the first place?". It was at this point that I found out no-one was using the network drives either ("We have a network? Like an internetwork?"), thereby rendering pointless my copius virus scans and backups and RAID setup that I'd blown my monthly budget on. Fine, I say to myself, I'll show these buggers.
So I set up a dummy machine, with which to do nothing but keep running perfectly and with all updates and latest drivers installed. I burned a bootable CD image from it, and whenever someone called in with a virus complaint, I'd go to their machine, pop in the CD, reboot, and go for an extended coffee break. The image had a boot virus scan to clean everything else up. Happy, was I, as I noticed the drop in virus calls. Soon, they dried up. I was actually starting to feel good, untill one day the VP called me in to find out why we were sending no less than 9 different virii to our clients every day. Their excuse? "When you did that thingy with the thingy, it made all our games disappear, and I've almost gotten to the second level!" Yes, indeed, they were just ignoring the virii now, even though they were getting messages from the antivirus program. Seems they believed clicking "Quarantine" would mean that I'd take their computers away and lock them in the server (clean) room for a while.
So I tried locking down with PolEdit and SysEdit. They brought in their own windows CD's and reinstalled, because "something was broken and it wasn't letting me do what it used to". I pulled the CD drives (no use for them here anyways, except for games), and came out of the IT room late one night to find one of the file clerks studiously pulling hard drives from the cases to reimage at home and return the next morning. I drilled holes in the side panels and put a padlock on them. The users started bringing in laptops to do their work on from home, which even made the problem worse. I screamed bloody murder, demanded to know what the source of these problems were. Everyone played dumb. I felt my brains rotting and leaking out of my ears.
Then, salvation. The VP mentions that he's seen alot of people emailing lately, and he wants to make sure that it's all company business. Would I monitor employee email usage, he asks? I try to suppress my snoopy-dance of joy as he gives me the escape clause from the moral dilema I'd been facing about finding out what the problems were. I monitor, I read, I find out who's sleeping with who (including a schedule for a tryst in the closet behind my server room. I consider installing a hidden camera), but most importantly, I find out the source of my headaches. An industrious middle manager has discovered the joys of wholesale computer warehouses, and has been joyously selling the employees games to play at work, and later, the laptops they brought in. I wonder how exactly he managed to charge people $25 to "upgrade their L4 cache so their games go faster". I admire his inginuity, but I know he must go. I feel good about this decision, mostly because I know he's screwing around with my computers, but also because I can justify it as "doing the best thing for the company". That, and productivity has gone in the tank, and everyone is blaming their computers, and at his direction, me. I'll make BOFH yet, I tell myself.
That was a long time ago, at least in computer years. Once he left, things bounded back up to normal. People started doing what they should, not avoiding security so they could play games all day long. Why do I tell you this long story? Because that is my experience with users, and that is the pain that is caused when they don't do what they're told to. So, as someone who's told users for years to do their updates, I feel no sympathy for users hit by this particular (and moderately ingenious) virus. If they were good users, they would do their updates like their SysAdmin tells them to. They are bad users, users like the ones from above, and so I say "No PC for you!". I wouldn't feel like this, except the story specifically states that this virus takes advantage of known vulnerabilities. I don't see it as a bad thing, I see it as a chance to see who listens to me, and who'll get "upgraded" to a new 486 next month. I'm in a BOFH mood today, can you tell?
In closing, I reflect on my outing of the middle manager. I printed out his more venemous emails regarding me, along with copies of invoices for illegally imported computer components and computer games charged to his expense account. I wrote a touching resignation letter for him to sign, explaining how he was leaving for "personal reasons". I left these on his desk as he was out to lunch, pointed his desklamp at them, turned it on, and turned off the room light. On top, I left a short note:
It is dark.
You are likely to be eatten by a grue.
If I knew the wedgies I gave you back in 6th grade would have resulted in this . . . I might have taken a moments pause.
The big problem with MS's application is the idea that data can tell programs what do to. THIS IS A BAD BAD BAD IDEA.
How foolish is this? How many people would open an email that said:
Hey here is a perl script with my message in it. Go ahead and run it to see what I have to say.
You'd be a fool on any system to execute what ever it really is but MS wants this behavior by default. The moment you let data run the program you get this bad stuff. Word document with macros that destroy files. A whole slew of Outlook nastiness. Heck nearly all buffer overruns in networked programs are based on the idea that sending bad data to gain control.
Why does MS continue to cling to this idea that they can make data behave like programs?? It just isn't sound...I wish they would abandon it.
I clicked on that about twenty times but nothing happened.
Writers imply. Readers infer.
My ISP (Rogers Hi Speed, formerly rogers@home)
was nice enough to send us a warning, I sent back a reply demanding they stop sending me this shit.
This is bullshit, I shouldn't get bothered with warnings that don't apply to me, or anyone else with a clue.
haiku
/haiku
my baby's left me,
from secret lover email...
Thanks, unpatched Outlook.
This space for rent.
hey not all of us go around telling everyone that we use linux...err damnit i guess we do :)
And you're only adding to the noise/signal ratio with your annoying and extremely unenlightened drivel. You're worse than they are! :P
It would be fun to get a copy of this new one to see how it works (I've got an isolated network just for this kind of stuff, and machines can get trashed without any real problems), but it hasn't made its way here yet. I know such an archive is pretty dangerous, but if they post exploits on Security Focus, why not an archive of viruses?
Question marks are for questions, you fucking moron.
"Gee, you don't say?"
This is not a question. It is a statement. You don't say. It could even be, and probably is, exclamatory, as in, "Gee, you don't say!"
"Don't you say?" would work, but you might even look more stupid than you currently do.
Unless you run SE Linux. SE Linux will prevent the Apache/OpenSSL/WU-FTPd/Sendmail exploits from working.
The article doesn't draw this conclusion, but this effectively sets up slave machines for DDoS uses.
This is only one possibility. Some warez communities use this kind of backdoors (specially code red) to install FTP servers in infected machines, and upload illegal software there. Then they distribute the IP addresses of this "stash" PCs.
In that way, they have essentially a big farm of servers to provide content to their users. Obviously, the real owners of this servers don't know about that.
Somebody showed me this some time ago. The guy was receiving warez access in exchange for doing some "work" for the warez admins. I talked to him and he didn't even know that this "IIS scanner" he was running for them was used for cracking into other PCs.
So is the Bugbear's frequency Common, then?
Good to see a rational post.
It is these damn people who never update a damn thing that spreads these viruses. Unfortunately, this seems to include the majority of home PC users.
Remember: all computer programs need maintenance, no one is immune! Using a fringe OS buys you some time, but vulnerabilities come with popularity.
If you had nuts on your chin, would they be chin nuts?
... at least, I suspect it did. Long story short, we had a short outage today for about an hour or two. Shortly afterward, all students receive an email saying that we suffered a DDoS attack, when (quoting them now) "... several computers on campus were flooding the network with traffic to two off-campus addresses."
Only a couple of hours later, we once again received a message, this time telling us to beware two viruses, one of which was Bugbear.
Coincidence? I think not.
I imagine they used a network that *gasp* is using common internet protocols. Then they begin to infect various computers, while attempting to see how it spreads. The fact they cannot get it to work yet probably means that unlike other types of malicious code attacks, this seems to require a precoded master to tell it to go... who knows, but your statement is very silly
Only that those unixish programs you mention are server daemons, not client software.
Windows has inherently flawed security.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
stupid.
Bill Gates uses OS-X not windows...hmmm I wonder why...
You are being naive.
Every program you listed is geared towards servers and isn't used on most installations (except sendmail).
Instead, try fetchmail, mutt, and mozilla.
The problem is with internet connection speeds.
On XP, and service-packed 2k, there is an automatic updater that check for updates. It's even easier to use than YaST, or RHN, apt-get. The problem is getting people to download hundreds of megabytes of updates per year over a 28.8kbps connection.
There is no easy solution. Consider a cheap update CD that goes out quarterly, except MS and Apple won't let you get those patches from anywhere but their websites.
well, I gues I need to dust off my +3 sword, call up my magic-user, and cleric friends, and go kick some ass.
whew, I thought I'd be 8th level forever!
The Kruger Dunning explains most post on
This make me wonder, why doesn't some talented coder build a wrapper that distributes the neccessary patches?
:S
I mean, if it just executes arbitrary code, why would it be so hard to bundle in the patching? Geez, I'm almost tempted to learn all the languages neccessary to code this!
Tim Dorr
Owner/Manger
A Small Orange
Maybe you should consider yanking Admin rights from the users.
If I'd had kids when I was first married, my oldest child would be in college right now. I know women programmers who have grandchildren. So maybe it's getting so that it's not so unusual for mom to know best.
"Son! Didn't I tell you to download the latest virus protection? Isn't that on your chore list? But you didn't, did you... Now your sister has to do it and furthermore, you're grounded!"
Consigned to flames of woe.
It's not really related, but it really amuses me that some people are fooled by: Klez.E is the most common world-wide spreading worm.It's very dangerous by corrupting your files. Because of its very smart stealth and anti-anti-virus technic,most common AV software can't detect or clean it. We developed this free immunity tool to defeat the malicious virus. You only need to run this tool once,and then Klez will never come into your PC. NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it. If so,Ignore the warning,and select 'continue'.
That's apache with SSL
Last I checked the EULA for these applications has not changed since installed these applications, (incidentally I never deploy WU-FTPd or Sendmail). MS on the other hand releases, (perhaps deliberately) insecure applications, then requires you to agree to a NEW EULA allowing them to root you any time they desire, then remove files at their discretion, in order to get the security patch. That's a reason to NOT update. Damned if you do damned if you don't.
LOL
Sorry. Sorry. Sorry. This is off topic. But I can't help myself. "Viri" for "viruses" irritates me like f*** but using "data" as if it were plural makes me foam at the mouth.
I think this trend started in fringe science subjects that needed to appear posher than they actually were. Clearly perl.com's arguments apply mutatus mutandi to the "data" word too.
There are no datums in analog data.
I don't have anything to worry about, my computer is completely secure. I run linux with lynx. Who's going to write a virus for that?? That's too obscure, so I know I'm secure.
AV is a Virus
I don't know if anyone has ever considered (or even posted) this, but lets suppose my pc has been infected and has indeed been used as a base for DoS attacks.
Would I be legally responsible for those DoS attacks, if the victims traced the originators of said attacks back to my machine?
Further yet, could MS (or any OS vendor/creator) be held liable to a claim by said victims, as it was MS's software my pc was running?
And what would the situation be if the holes/backdoors/bugs (call them whatever you want) in that software were either never discovered by MS, or discovered and corrected, but I never got around installing patches?
/. Where the truth
Someone give this guy a cookie. :-)
Yes I agree why use Outlook when there are so much better email clients out there. Though Entourage X isn't that bad :D
I fought the corporate America, and the corporate America bought the law.
Linux : )
Do you define yourself by calling the average slashdot poster "you people?"
:)
interesting pov
The list of possible subjects for the e-mail is pretty long. I am glad the university I work for has good filters...could be a support nightmare.
FoundNews.com - get paid to blog.,
Why don't you go suck on an inherently huge cock? No wonder you're on my foes list, god damn you're an asshole. Someone tries to inject the first bit of rational thought that I've seen into this totally redundant useless thread, and you try and bring it down. Why don't you pull your unixish head out of your ass and get a clue?
No matter what I do, I can't get it working. How do I get this thing to run under Wine?
mccall@indigo:~> wine bugbear.exe
wine: cannot find 'bugbear.exe'
mccall@indigo:~>
Nope, nothing....
Some guy out there have his Outlook wronly configured.
I was infected, and the virus sent itself to MANY people... with a wrong email addresse in the FROM...
not his address, but MINE. dammit...
I'm now swimming in spam AND auto-reply from Email Scanning software and people telling me that i'm infected...
So, don't think your safe, even if you're running Linux as I am !
No wonder you're on my foes list
:)
Heh, that's like the second or third time you have said that.
I'm glad to reaffirm your view of me.
God Bless, and a fond fuck you!
(It's only Slashdot man, lighten up)
I've had enough abrasive sigs. Kittens are cute and fuzzy.
"Gee you don't say."
Way to be an arrogant, uninformed, egotistical Slash-tard, you ego-inflated Linux using fuck.
I would mod this as funny, because of the sheer fact that anitvirus software is so incapable of not only stopping viruses, but also of protecting it's own code.
.dll file, you might want to block it, and then notify the user of a possible virus attack.
This is laughable. Why do we support non-heuristic AV software, when lots of people are using 1.4GHz systems that have more horsepower for typing Word documents, than at any other time in our history?
Here is a clue Antivirus Companies:
If code is trying to disable your
Saskboy's blog is good. 9 out of 10 dentists agree.
I don't know if this has been said before, but I wouldn't know since I read with a high threshold. Anyway.
The plural of VIRUS is VIRUSES. VIRUSES.
I'm not trying to be a troll here, but for a site that proclaims to be "news for nerds," and, "stuff that matters," we sure have a load of spelling and grammar errors that come up ten times a week.
I first heard about this virus in the last few days in the form of spam that came to my box, proclaiming that Bugbear was a new virus on the loose.
The fact that a spammer knows about this virus way before Slashdot indicates he's either very fast moving, or he may have some relationship with whoever created it. Unless, of course, Slashdot is just behind.
Get off my launchpad!
Run sendmail with the mime-filter (included with the commercial version, Sendmail Switch). Reject email with any file attachments of the dangerous type: exe, bat, scr, vbs, pif. Additional suggestion, filter html email (evil!) through a filter to convert it to standard email or reject it outright.
-- Will program for bandwidth
Hey, I hope I'm not interjecting into a personal debate, but I'm not sure I agree with you.
I mean, at this point, even a MS exec has come out, raised his hand said it himself, security just isn't something MS has spent a lot of time working or thinking about.
To most of us, that's stating the obvious. But even to MS supporters, that *has* to carry some weight, no?
Yeah, OS (all Os's) need to be patched, and being more popular does make you more targetted. But, at some point, you do have to recognize that MS is using luggage locks to chain their bikes, whereas other platforms actually try to use something that might stand a chance of stopping the bad guys.
I do think MS deserves criticism for their arrogant (or maybe just ignorant?) attitudes towards protecting/securing their systems.
My organization runs almost entirely on laptops, and while most people work in the office some of the time, we also work from home on dialup, from the road, etc. Often the IT Central Planners are good about making sure their upgrades that require more than 1-2MB only get run on fast connections, but not always. It's really annoying to be on a dialup connection and have your computer want to download 10MB of antivirus definitions, even when you're not out visiting a customer. You *have* to give the user a choice. Unfortunately, yes, this means you need to get creative with a lot of these things.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
If your mail was encrypted, even if it got sent out to someone, they would not be able to decrypt it as they wouldn't have the key to do so.
Another good argument for ubiqutious encryption.
-- Mal: "Well they tell you: never hit a man with a closed fist. But it is, on occasion, hilarious."
We use the common public folders to trigger all sorts of neat things - as a gateway to our PHP-wrapped software library, as a gateway to many intranet document repositories, as a gateway to our IT requesting system, etc.
Outlook with Exchange has a lot of function that most people don't use (since they tend to just use mail and calendar).
For the record, I use Opera and (not liking Opera Mail) Pegasus at home. I really don't _like_ outlook, but every company I've worked at has used it.
-- Mal: "Well they tell you: never hit a man with a closed fist. But it is, on occasion, hilarious."
Push any wheelchair-bound seniors off a cliff today?
just wondering what all of u windows based users are using for antivirus? my personal favourite is Norton anti virus corporate edition...not as invasive as the retail product...any others ppl like???
We played dungeons and dragons for 3 hours.....then i was slain by an elf
If i had written a linux worm or virus, would it then make linux have "inherently flawed security"? Just because this thing was written on windows doesn't mean shit with the "flawed security". Stop smoking cock and try to contribute, not troll yourself until you believe it.
And it was patched 16 months ago ffs. Stop being a fool.
Badly written code (read as kluge, spaghetti, unsigned integers galore, "features" u can't turn off) are the first signs of things not to use. Does Outlook fall into that category,,, better ask someone who uses it. Now about the examples, Let's ammend the above statement to be more correct. The following should be changed.
"If you run WU-FTPd, Sendmail, or any other numerous programs with vulnerabilities and haven't patched since March 2001, you're vulnerable. "
to
"If you run WU-FTPd, your vunerable"
I suspect this virus has been developed by the Israelis to help create Denial of Service attacks against those who oppose Zionism and the attack on Iraq. Sites like What Really Happened, AntiWar, and Stormfront have been hammered by these attacks. Also radio programs like those on the Turner Radio Network have been under attack constantly because of the anti-Zionist views some of their programs air.
They have already been using the Linux worm "Slapper" for these DoS attacks (this has been proven), and now they will have a Windows worm to do the same thing. It is amazing how far people will go to silence free speech!
Unlike ILovYou-type viri. . .
Sounds suspiciously like we're talking about STDs. Just where has your computer been?
- - - - - - - -
Don't worry, being eaten by a crocodile is just like going to sleep in a giant blender.
Now, I'm not even a native English speaker, but isn't it true that when talking about several different species of fish, the plural is still "fishes"?
Similarly, when "viri" is used, the plural form often denominates several kinds of viri, and not several copies of the same virus (or "one infection").
The matter seems still unresolved to me.
Opinions stated are mine and do not reflect those of the Illuminati
http://www.f-secure.fi/bugbear/
Really I do. Mabye even freebsd.
Because that would be illegal, and even a morally grey area.
Executing your patch without the owner permission or even knowledge may sound like good intentions, but these are what the road to h*ll is paved with.
What if it is defective and opens the box to even more damage? Or what if it thrashes the filesystem, causing data loss that the exploit had not damaged?
And even if it works just as expected every time (a high expectative) you're not making the infected box owner any good: then he/she will fall for the next hit and will keep just as lazy and irresponsible.
I received some copies of the virus so I was able to get a good look at its headers and formatting. The worm does use the "audio/x-midi" MIME type to try and trick Internet Explorer/Outlook into automatically executing the file. It also has a double extension to hide the executable one from users.
But in any case, the attached file is an executable program. Using ANY email client, if you save the attachment to disk and then run it, you're going to get infected. So it's clearly not limited to MS Outlook.
Like you know what you're talking about fuckface. With your diction and choice of software critiques I almost expect that you work for MS.. Tell me is it true?
There are serious differences here.
You can just act like every OS is as secure as then next.
I'll take unpatched OpenBSD over unpatched Win2k any day.
To make informed statements, you have to conside the severity of a security flaw. Ex: a buffer overflow, vs a string formatting error. One theoretically allows you access, if you are a skilled assembly programmer, the othermakes it trivially easy to get access.
Patching your boxes is important, but so is security by design.
Life is too short to proofread.
I got past the bear. I found the secret lair. But that damned grue eats me every time. What to do?
thanks to your help I may now be able to stop approaching people on trains and busses to argue about this.
MOD PARENT UP
...
No points today
One simple rule for its versus it's
At this point, there is no one left to blame but people who simply never update their computers. It's the same g&^damn hole that this exploits every single time, folks. Outlook 2000's patch has been out for well over a year. Outlook XP doesn't even HAVE this vulnerability!
XP, if it really is imune to this one, is sure to have a host of other problems. It was included in the Symantic list of exlploitable platforms. What, did'nt read the link? This virus is what you get when you patch up a userless security model and try attaching it to the internet. How many more demonstrations of M$ flaws do you need to see?
The closed development model based on pushing adverts and upgrades does not work. What M$ has done is to try to force people to buy a new OS every 2 years. In case you did not notice support for Win95 has been dropped and 98, w2k, me etc are close to being dropped. So where are the stinking patches again? In the real world, users of these older OS do not feel like shelling out $250 for newer M$ O$ which are more restrictive and less useful to them. When their M$ machine meets it's inevitable breaking point, the user puts the same old CD back into the drive and has the same old shit. Compare this to the free software world where any computer can be brought up from a year old CD with a few megs of downloads and two or three text line commands.
apt-get update and upgrade work for me and it can work for you, up2date is more combersome for me. The windoze "smart update"? Yeah good luck.
Who would trust an "updater" from a company that demands the ability to scan you computer for "copyright" infringing material, says you can't use their FrontPage editor to say bad things about them and has sent shell organizations to shake down public school systems? They've got the morals of drug dealers, leadership fit to run a Soviet, and code unsupassed in failure.
But you blame the user. The user is only at fault for using software from a proven monopolist. That monopolist has done everything in its power to make switching as painful as possible - from incompatible closed file formats to screwing hardware vendors into making hardware impossible to make drivers for.
Friends don't help friends install M$ junk.
Read my post again: scripts are "executable" and NOT DATA. Exactly what "data" are you hoping to store in rc scripts? None.
GigsVT has an inherently flawed brain.
This is the best post I have ever read on slashdot.
Have you considered writing a book? lol
report on xtra show's thier is ~40,000 "BugBear" hits per day...
:)
i think i get ~50 of those per day, but..
it's good thing i don't have any e-mail account's (or addresses) on my office..
i use mozilla as my mail client
Those are from the W32.Opaserv.Worm. Read more about it here.
I understand this virus might pop up on corporate networks and become a minor annoyance, but doesen't it require an awful lot of things going wrong?
1. it got past your firewall
2. It got past the AV software that should be running on your mail server
3. it got past your AV product on the workstation.
4. Your IE version hasn't been updated in 18+ months.
Just poking around on the internet, I saw people talking about the potential for this to be a problem a week ago.
When I have a user tell me "I think I have a virus" I check it out, but know that either the user doesen't want do his/her work, is confused, or saw a pop-up from the AV software that said a virus was quarrantined/deleted, and got really scared. Those calls are much, much more common.
While it's fun to watch the statistics go by, it's quite useless on a Unix OS, and the energy could be much better dedicated to being practical and stopping these things by writing something that runs on Windows (for example, proxies/intercepts IMAP and/or POP connections).
Why is it that whenever some new virus/worm sets up a backdoor to receive commands that everyone thinks they're for DDoS attacks? Judging by the huge number of formmail scans I get from computers that, according to DShild, appear to be infected, they're being used to scan for open formmail.[pl|cgi] relays and send spam.
Viruses aren't just for script kiddies any more. The spam industry needs these infected machines to better cover their tracks in hopes of not getting sued into oblivion.
So are you actually trying to say WU-FTPd is secure?
I trust that sucker about as far as I trust IIS
WNetEnumCachedPasswords? what ever happened to secure computing? You'd think they'd notice how stupid it is to have such functionality.
Say.... when did this happen? My printers did the same thing! perhaps at the same time! and on the same planet! Eureeka! that is the true nature of the virus: to f*ck-up printers everywhere and do a DOS on user support/helpdesk people.
From excellent karma to terible karma with a single +5 funny post...
and a big fan. Yet I would never touch outlook. They need to put in a "I don't want anything but pure text emails and NO support for anything running on its own, thank you" checkmark for me.
And, no, I would never be as dumb as to run or look at anything that comes from someone I don't know. After all, how many of you fellow pine users would save a file called big_tits.sh from an email and then happily run it? But it is a bit scary that it would be enough to look (or even recieve) at the email to get code running. Bad Microsoft, bad bad bad!
What just puzzles me, is why noone has yet written a truely evolutionary virus.
:)
Sometimes these "successfull" viruses come up, people don't bother to patch the vulnerabilities that let them in, but the virus still dies because AV software catches up. I think (but may be wrong) that it should be simple for a virus to work around that.
Let's say someone writes a virus. Now when the virus propagates, it copies itself (one way or another) to the new machines it infects. Why do viruses still make verbatim copies of themselves??
If the virus is written in VB, it should be a fairly simple matter to include in the virus, a routine which transforms VB source code. It should not do an equivalent transform, rather it should take numbers and change them, routines or single lines of code and flip them around. It could exclude lines of code. Or take existing lines of code, transform them and insert them at random places.
"But then some of the copies will not work" - yes, you are right. But if each virus spreads it's transformed offspring to 10 other hosts, it doesn't matter if 5 of the "children" are not viable. All in all, the "predators" (the AV software) will not be able to recognize the offspring just a few generations down the line.
Some of the offspring may stop propagating, or propagate more slowly. Some of it may propagate faster. Which is more beneficial, is something that will depend on how the AV software reacts to the spread.
In fact, calling any software a virus before it has the most basic functionality of it's biological equivalent is rediculous in my oppinion
I gave an example in VB. But certainly this can hold for machine executable code as well. It's just a little more tricky to determine which transforms are "reasonable", so that one doesn't end up with 99% nonviable offspring.
Just my 0.02 Euro on that one...
Apologies to Chambers Pocket Dictionary. The sentence should have been
The data is entered from the forms by a keyboarder. And the spelling mistake was all my own.
But what gives you the right to say this dictionary is wrong. If I remember well, I have seen a similar "singular noun" entry in Web-sters-Dict-ion-ary. And it's the tops!
But still no explanation of "analog datum".
"Data" is clearly a word that is finding its place in the English language. As a plural noun, it sometimes nonsense. As a singular noun, it always makes sense.
Actually it's often a sign of bad management if something like this happens.
Employees who repeatedly screw up company property should get verbal warnings, show cause letters, and if they still persist unfortunately they have to be sacked.
It's a disciplinary and management issue. You should have backing from your management to enforce reasonable policies.
If employees keep breaking the rules and getting away with it, it's bad management.
If you don't get backing from management, then it's also bad management. It's bad to have responsibility without power. You get the blame, it's not your fault and you can't do anything about it.
But if you did have management support, then it's probably your fault things things went that way.
Link.
i couldn't agree more. you are truly my hero. (no sarcasm intended)
Interesting that such an "informative" post would be posted by Anonymous Coward.
I seriously doubt the credibility of any post where the poster is too much of a coward to attach their name to it!
Did anyone notice string reference "Apache 1.3.26" inside of this thing ? (U have to edit PE header and decompress it with UPX to actually see that)
Also, is there any reliable analysis of this virus, other than the usual crap found on the AV software websites?
Hm... I'm glad my mom uses pine. ;)
"The Crystal Wind is the Storm, and the Storm is Data, and the Data is Life"
But what gives you the right to say this dictionary is wrong
/.'s many nit-wars (if you want to call it that) :)
I happen to agree that the vernacular drives dictionaries' content, and not the other way around. Language is dynamic and dictionaries always have to change in order to stay current. But I still don't know anyone who uses "data" in the singular.. either as "data" or as "datum". Hence, the traditional definition stands.
"Where's the data?" pl.
"Send me the data." pl.
"The data seems to imply...." pl.
"Some of the data" pl.
"Pieces of data" pl.
Just in general..
"the data" pl.
Just one of
Intelligent Life on Earth
Oh right. That would be the media yet again adding 1+1 and getting 6. They didn't mention that seeing as it has KEY LOGGING potential that it poses an international security threat and that the author is a terrorist in the post September 11th economic slowdown.
It is these damn people who never update a damn thing that spreads these viruses. Unfortunately, this seems to include the majority of home PC users.
Updating software is not something home users are in the habit of doing. Most domestic appliances don't need anything similar, the likes of set top boxes and digital video recorders update automatically.
Something like Windows Update requires a lot of user input. This can be just as much a problem in corporate settings.
But I still don't know anyone who uses "data" in the singular.
I refer you to the Google searches in my earlier post:Searched the web for "data are". (i.e. plural)
Results 1 - 10 of about 2,070,000. Search took 0.36 seconds
Searched the web for "data is". (i.e. singular)
Results 1 - 10 of about 2,970,000. Search took 0.60 seconds.
You may not know anyone who uses "data" in the singlular but there are almost 3m pages on the web where it appears in the singular in the above phrase.
I treat "data" and "datum" as two different words. The surveyor measured from five different datums. - This makes perfect sense.
As for your examples, let's take two wordsYour examples translate to
"Where's the information.". Singular."Send me the information.". Singular.
"The information seems to imply....". Singular.
"Some of the information". Singular.
"Pieces of information". Singular.
Just in general..
"the information". Singular.
and
"Where's the numbers.". Plural. -- Incorrect"Send me the numbers.". Plural.
"The numbers seems to imply....". Plural. -- Incorrect
"Some of the numbers". Plural.
"Pieces of numbers". Plural.
Just in general..
"the numbers". Plural.
You may notice two of your examples do not work for a plural noun. All the examples work for a singular noun.
Hey man! I complained when I lost my clippy!
Well.. kinda....
I had the damn thing scripted up via a python Comm script to turn on @ 5pm And threaten to launch porn windows all over my screen if I didn't stop what I was doing, turn the machine off, go home and have a beer.
On the other hand, Clippy did actually suck. I just kinda tweaked it to suck less.
Excuse the Unicode crap in my posts. That's an apostrophe, and slashdot is busted.
I see innumerable comments blaming the user for insufficient tech savvy or just laziness when it comes to keeping their machines up-to-date with the latest patches.
These are the same users who will stop by the Jiffy Lube to have their car's oil changed, apparently understanding that cars require maintenance. But somehow it doesn't register in their distracted little heads that this handy appliance on their desk also requires maintenance.
That's not a capital crime, though. But I sure would like to deduct from the gene pool the useless sack of crap who has nothing to contribute to society but writing l33t viruses. In my mind, the virus writer carries the same stature as the sniper in Maryland who has been shooting random people. Exposing vulnerabilities is one thing, but exploiting them is quite another.
There's clearly an element of grabbing for attention; would it have any effect to refer to the virus writers in the most derogatory and condescending terms at every turn, in an effort to deny them some satisfaction? To expose their mental illness at every opportunity and express deep sadness that these people may actually bear children if they pass puberty? How about getting these morons promulgating the "War on Terra (sic)" to go after these folks as sick, disturbed domestic terrorists?
Useless sacks of crap, I say.
You know, I always thought Virus was the plural form of virus. There is precedence for this behavior, in latin derivitave languages. Eg: "the man walked his prize sheep to the pasture where the rest of his sheep grazed."
Let's consider this within context.
"Dave, I'm infected with several Virus programs"
Compared to the bastardized english 'reccomendation' that url proposed.
"Dave, I'm infected with several Viruses programs"
Which sounds better? The former. Since Viri is already a latin word derivitave for 'man' and 'virii' is impossible to form from virus, then the natural conclusion is that "virus" is both singular and the plural form of the word.
Keep in mind as well, that when we 'use' Virus in the normal day to day sense, we're tallking about a group of self-replicating protiens, that are almost always transmitted by mass exposure to litterally thousands more of the Virus than the hosts immune system can handle. Anyone with an immune system would be almost impossible to be infected by a 'single' virus, unless that virus was of able to attack the immune response sent to destroy it. Of course with computer virus we may talk of a single exe, or a mass of virus clogging inboxes around the world, but in the normal day to day sense the word virus is almost without exception referring to a group.
English is indeed hard. In this case, for instance, you are simply wrong. "[T]he lake has nearly a dozen species of fish in it" is not proper English. Do a google search on "fishes".
The first three matches:
Coral Reef Fishes
Division of Fishes - Ichthyology, Fish
A CATALOG OF THE SPECIES OF FISHES
Opinions stated are mine and do not reflect those of the Illuminati
Virus updates are critical - the other posting by A.C. indicates that he sets up the machines on his net to update them frequently, and in a LAN-based environment, that's usually not a bad policy, though updating at boot time sometimes can interfere with what a developer is doing, or with somebody installing new hardware or software that requires reboots, or whatever. But I'm in a company that has people working out in the field, and while it may be important to get a virus update today, a 10 megabyte data file update on a 56kbps dialup line takes a long time - and if I'm out at a customer site trying to show their CIO how our really cool web site can help them make money, or I'm in the airport trying to send an important email before getting on a plane, I can't wait an hour for the latest virus update to download - that can wait till I'm back at the office.
Microsoft Outlook's integration of calendar, incoming mail, and storage of old mail, all in one big system, makes this particularly critical. The other day I needed to get on a conference call, and had the phone number in my Outlook Calendar, and dialed up 15 minutes before the call to get any relevant emails (and my Palm Pilot battery had run out the other day so I hadn't copied the schedule to there.) Somebody in Marketing had decided to mail 10 MB of glossy viewgraphs to everybody, and while it was downloading, I couldn't access the old messages to find the website for the slides for the call. The older antivirus software used to have similar behaviour - it insisted on doing its updates at boot time, before anything else could run, whether the user needed it right then or not. The newer stuff is often sufficiently well-behaved that it just dogs down the network connection rather than totally preventing you from working, but it's still a problem.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Yes indeed. Trying to protect a microsoft operating system from attackers is about as easy protecting Disney World from fat people. Sure the rides would not need as much maintenance but man do they bring in the dough.
We won't see eye-to-eye on this because we have two disparate philosophies regarding corporate IT; I do not believe the IT works for the user in a corporate setting (in a consumer setting, yes).
My belief is that the IT must work for the corporation and that its service should reflect the will of the corporation, not the end user. Unless, of course, your IT department is a lot of bumbling morons. If that's the case then firings are in order, not mob rule.
The end result is still that your IT department is not properly doing its job -- enabling you to work within the desires of the corporation at a near optimum level while maintaining the best interests and goals of the corporation (and sometimes those things "annoy" the end user.). If they work for you, you get to tell them how to work based on 'your' interpretation of what that means. This is why I believe such a model is faulty from the start. (Aside: I know a lot of places don't have the caliber of personnel I'm used to working with, but I don't see that this makes any difference in the end... they should start firing and hunting up someone with more brains than resume. Again, a business practice issue, not a reason to change the model. Those people exist. I know many of them and some of them aren't working [while a lot of chuckleheads are].)
You seem to be aware of the problems in your company and understand why they're bad for the company. My suggestion, based on my beliefs as stated above and were it my place to suggest, would be to make noise and make it heard. Fix the problem at its source.
"...the company hires the sysadmin to LET THE USERS GET THE USERS' WORK DONE..."
In my view, the company hires the users AND the sysadmins to get the _company's_ business done. It's up to the company's management to make the one support the other. Virus protection being a prime example; It's not about protecting you, the user, it's about protecting the company's assets. If it's done poorly and affects the performance of you, the end user, then that's a symptom of bad planning and management.
The one thing we DO agree on is that users can't have things crammed down their throats which affect their performance, but I do not believe that the solution is for the user to make the syadmin a lame duck. I believe the solution is to make the sysadmin perform better (or fire his or her sorry ass).
----------------
Personal note:
Yes, I'm bitter, but I do believe all this. I recently left a very high-demand (24/7 99.9% uptime) computing environment supporting anywhere from 2,000 to 4,000 users (the majority being chip designers out of a company total of over 70,000) and tens of thousands of machines [no exaggeration, I assure you] and I've pledged never to work in a system like that (yes, your "work for the end user" model) again. Our "customers" dictating policy forced us to oftentimes provide poorer than necessary service and many times jeopardized the holdings of the corporation's intellectual assets. In my opinion that's just plain stupid. When the organization was shuffled and the "customer" model became more lip service than operating model, we were able to do things more 'rightly'. Why? Because we knew what we were doing. It was our job. It was our vocation. We weren't playing store clerk to people who had an entirley other job. I have no patience for poor IT anymore (and my patience was gone which is why I left). That's why I have no patience for the "IT drone" model. I'm smart and really really freaking good at what I do. I want to be able to do it with no more constraints than any other technical field. Basically... I don't want some recent college grad circuit designer telling me how things should be done or some guy who says 'I'm a unix user from way back' who really means 'I used VMS once' to tell me how to do my job. I certainly don't tell him how to do his. That's what our managers are for.
EOL
- I am made of meat.
Is this the first virus that renders anti-virus software inoperative *even if you don't run the virus*?
.doc.exe files by hand.
I got sent Bugbear - NAV didn't detect it - so I updated the virus definitions and tried again:
xxxxx.doc.exe is infected - press OK to repair...
I press OK.
xxxxx.doc.exe - cannot open file, access denied...
I press OK.
xxxxx.doc.exe is infected - press OK to repair...
I press OK.
xxxxx.doc.exe - cannot open file, access denied...
I press OK... and so ad infinitum.
In the end I had to use Ctrl+Alt+Del to crash Norton Anti-Virus, then I could delete the
In other words: if I hadn't been running anti-virus software, Bugbear would have caused no harm (as long as I didn't run it). But because I *was* running anti-virus software, the entire machine was unusable.
Is this an accident, or is it the future of viruses? It would be rather good if it were: the virus writer could claim, legitimately, that it was the anti-virus software that was making the computer unusable!
Perhaps your original sentence (i.e., English is indeed hard.) should have been followed by: "This is because English has many cases where collective nouns are used in both singular and plural forms and plurals formed by the usual process of adding -s or -es."
So it's you who are wrong.
Very true - and a good point. But it ignores one of the more underlying issues. Outlook is fundamentally flawed.
One of the most infamous "email viruses" was the Good Times Virus. It was the first email virus to be more social than technical - the warning message being relayed time and time again being more a virus than what it supposedly warned against. Good Times played on the fears of a vast body of new users who weren't aware of how email worked. It warned against a virus that spread by messages entitled "Good Times" and that reading the message did harm to the user's system (if not spread the virus). At the time, the idea that simply reading a message was enough to activate malicious code was preposterous.
Outlook has made this concept a reality.
But this is not a reference to this one specific vulnerability. Outlook has been the subject of numerous previous vulnerabilities - many of which can be exploited by an email that is viewed either by opening the message or via the message preview panel. Sure, they have been patched too. But the same concept keeps surfacing.
This doesn't even touch on how Outlook tends to hide the nature of file attachments, allowing malicious code to disguise code to appear as benign data. Microsoft's solution was not to make the nature of file attachments more defined... but to strip out "dangerous" types. Thus, they completely ignored the actual issue. While this is a minor point... it does show the mindset that has created an email client rife with security problems.
More good advice. It has been said that bits don't rot. Software does not decay. But we have since found that over time, we discover mistakes in the creation of software. Thus we are faced with having to maintain the digital system with as much dedication as a mechanical system.
But again, this misses an important point.
Sometimes systems are created that have fundamental flaws. No matter how well maintained, these systems will always fail. And while even the best systems may fail eventually, these flawed systems will fail in spectacularly bad ways.
It is wise to advocate constant maintenance. But it is also just as worthwhile to point out systems that are flawed.
And Outlook IS flawed.
Face it, he's got a point and you missed it.
You can't blame an OS for the services a user installs on it. Windows comes with Outlook, it's standard. If there's a bug in outlook, there's a bug in *EVERY COPY OF WINDOWS* until it's fixed. Even after it's patched, broken systems are still around.
I haven't patched Apache on Linux but I'm not vulnerable. Know why? Because I didn't enable it.
Windows users don't have to enable Outlook (Express) or IE, they're there by default. A hole in one of those is a pretty big flaw.
Had IIS never been installed by default, MS wouldn't have gotten half the flack for Code Red that it did. But most of the CR sources are some unpatched box in a closet, or on someone's desk, where nobody realizes it's running IIS.
Half of the security flaw in MS products is the lousy code, the other half is MS themselves.
btw, re your sig. You haven't got any ideas what real usage number are. Right now I'm counting as a hit for IE6.0 in XP, but I'm really using Mozilla in Linux with the prefbar addon to spoof user-agents. Most Linux users do something like this because so many sites are intentionally crippled to look for IE specifically. And polls are notoriously stuffed by trolls like you who love to point out the results as if they meant any more than a Florida election.
Rattling around the back of my head is a disturbing image of something I ... Now I'm remembering, those giant piles of computer
saw at the airport
magazines right next to "People" and "Time" in the airport store. Does
it bother anyone else that half the world is being told all of our hard-won
secrets of computer technology? Remember how all the lawyers cried foul
when "How to Avoid Probate" was published? Are they taking no-fault
insurance lying down? No way! But at the current rate it won't be long
before there are stacks of the "Transactions on Information Theory" at the
A&P checkout counters. Who's going to be impressed with us electrical
engineers then? Are we, as the saying goes, giving away the store?
-- Robert W. Lucky, IEEE President
- this post brought to you by the Automated Last Post Generator...