Slashdot Mirror
Yet Another Windows Worm
kraksmoka writes "MSNBC is reporting that yet another active worm is taking over computers in 115 countries today. 'Antivirus companies were on high alert Thursday after the rapid spread of a new computer worm that includes particularly malicious snooping techniques. Bugbear.B, a variant of a worm released last year, installs keylogging software, back-door software, and in some cases even attempts to control infected computersâ(TM) modems. Some of the wormâ(TM)s functions are designed to specially target financial institutions.' Yummy!"
I've already run into this with one of our banking customers... now if they'd only bought the firewall solution from us that stripped email attatchments based on mime type and/or file extension (why the hell any half-way reasonable person would double-click on a .pif file in their email is beyond me). If I'd only known 10 years ago (before I was legally an adult) the kind of security that existed at some of the small to medium sized banks, I probably I've already run into this with one of our banking customers... now if they'd only bought the firewall solution from us that stripped email attatchments based on mime type and/or file extension. If I'd only known 10 years ago (before I was legally an adult) the kind of security that existed at some of the small to medium sized banks, I probably would have made some very different career choices--I suppose it's better this way... (Posted anonymously for obvious reasons)
The patch for this was out 2 years ago. No excuse.
.exe file. You should block that. No excuse.
The virus comes in as a
AV dat files have been updated already. No excuse.
We've been filtering this all day.... It's not that hard to protect yourself.
It's frustrating how many viruses Windows keeps getting slammed with.
There are some people that will point to a Linux worm or virus here
or there, but I run both Windows and Linux servers and there is
simply no comparison with the amount of worms Windows based machines
receive. Some people say it's because Windows is much more prevalent
than the Linux, but there are a lot of servers running Linux now.
The amount of work required to keep up with just doing updates has
finally gotten to me. Last night I noticed my Windows server was
sending packets like mad, suspicious I did a netstat -an, it was
making connections to hundreds of other machines. Tired of this
dance, I decided to just shut the windows server down. Maybe one day
I'll patch it...then again, maybe I'll just leave it shut down for
good.
Interestingly, my GNU\Debian Linux box is happily sitting right next
to it serving up pages. I haven't had to reboot it in ages, I imagine
it will be running until a nifty new kernel comes out that I just
have to have.
See ya Microsoft.
Doug Tolton
"The destruction of a value which is, will not bring value to that which isn't." -John Galt
This one spread through my university like wildfire today! It even seems to fake Norton virus definition updating, such that the computer appears to be updating it's virus definitions but isn't. It seemed to spread via hijacked messages that it attached itself to.
I never have a problem with these worms. I downloaded Windows Robin(TM) a long time ago!
Imagine how much harder physics would be if electrons had feelings! -Feynman, maybe
And once again, those of us who know how to configure our windows systems and aren't stupid enough to (a) have open network shares with no passwords and (b) open random email attachments are safe.
Username taken, please choose another one.
This virus has been hitting a bunch of people over here at Stanford since sometime yesterday. It takes random messages from your inbox and forwards them to random people in your contact list and spoofs the sender. I've recieved a lot of weird emails lately, but some of my neighbors have seen some pretty personal emails sent or recieved by their friends and acquaintences. People hitting on people, people asking their parents for money, rejection letters from companies... the whole works. Our SMTP server has been completely shut down to stop the spread!
This sucker ripped through our campus like nothing. Heuristics missed it, and the definitions weren't updated until a few hours after a few hundred machines got nailed.
the annoying part is that as complex as you can make software, you can't fix the people who are morons, which is where the real problem lies.
oh well.
It's time to face the facts: Windows just isn't ready for the desktop.
Seems to me that would be the way to get these things fixed permanantly. Make a worm that would call MS tech support on peoples modems. Or any other MS 800 number. Untill something costs them a LOT of money, these will continue to show up.
Comment forecast: Bits of genius surrounded by a sea of mediocrity.
Can anyone tell me why it bothers to try connecting to the internet so hard?
The article says that an infected machine will try to get on to the internet, and will try dialing the modem if it has to.
Surely the most interesting machines are those with fast good connections - not people on crappy slow modems...
This is from the assumption that the computers would be used for a DDoS.
Has a worm ever been used for anything other than a DDoS?
Yeah, because it's a lot of work to set windows to do updates automatically. Just a troll, nothing to see here.
Username taken, please choose another one.
Give it time. As Linux permeates industry and business it will start getting more attention from the virus writers. It's all a matter of ROI. Right now, attacking windows has a very high ROI.
This space for rent.
They had warning bells and e-mails flying fast and furious at the NASA center where I work. All I could do was laugh. The group I work with runs mostly Linux with the exception of Mac OS X on a few laptops. HA! Bugbear.B that!
Quick, get your patch here
You know, we should get our information from a reputable and IT source like symantec who provides details on how to remove it rather than a news source owned by the people who make windows, the vulnerable software.
Since when has this country used intellectual elite as a pejorative term?
I almost wish that more h4x0rs would pay Linux more attention. As more properly bolted systems repelled attacks, that would be good. And if they didn't repell attacks, that would be almost good too.
One line blog. I hear that they're called Twitters now.
"It's frustrating how many viruses Windows keeps getting slammed with."
Just wait until:
a.) Everybody decides to hate Linus.
b.) Linux machines can be counted in the millions.
The safest platform to be on is the obscure one with few people using it.
"Derp de derp."
When I read things like this after getting paged a dozen times two days ago (after I already left work) about an outbreak of the Spybot worm, I think to myself - when will it end? When will our Server team spend time and money on better software distribution and back-end protection? When will the higher ups spend money to have enough staff to effectively be proactive about future outbreaks? Will the next surge in IT spending be the result of some out of work angry Russian programers idea of a good time? Will cyber-terrorism be the next y2k?
Sound waves should be free!
Yeah, because it's a lot of work to set windows to do updates automatically. Just a troll, nothing to see here.
You obviously don't administer servers with Enterprise Level Code. If you did, you'd know that with Microsoft you can't simply use automatic updates. Microsoft Service Packs break systems all the time. If you run ASP.NET and Sql Server code, you get bitch slapped everytime they release a service pack or "security fix". They consistently change functionality, without warning. Then they just post on their website (three months later) that the service pack changed the way some undocumented feature worked, but you weren't supposed to use it that way anyway, so tough shit.
Ha!! Automatic updates my ass.
Doug Tolton
"The destruction of a value which is, will not bring value to that which isn't." -John Galt
I am surprised Red Hat or some other company doesn't take advantage of heavy Windows worm activity.
"Did you get hit by that new worm?"
"No, I run Linux."
nmap -sN -p 1080 AAA.BBB.CCC.*
and
nmap -sT -p 1080 AAA.BBB.CCC.*
Check out the machines with port 1080 open. Then switch to a less infectious OS.
"A worm spreads by itself. A virus requires a human to do something stupid, like click on an attachment. "
I had a coughing attack and gave my girlfriend a worm once.
"Derp de derp."
All you zealots can point and go tee-hee.
But the fact remains, linux is such a minor part of the computing world that noone targets worms or viruses for it.
The day that linux worms run rampant is the day it becomes a successful desktop.
(and yeah, it can be done.. what you all have now is a false sense of security through obscurity)
I don't need no instructions to know how to rock!!!!
Yes, but as with any *NIX, the damage Joe Luser can cause is significantly curtailed to their own userspace. The virus would need to take advantage of a root-level vulnerability to infect an entire machine. Not so with most Windows default configs.
No. A worm is a stand-alone executable, while a virus attaches itself to a pre-existing program. (By analogy: worms are free-living organisms, but viruses hijack the machinery of a cell to reproduce themselves).
The vector is mostly immaterial to the definition.
*tweet*
time out.
any admin who sets production servers to be "automatically updated" deserves to be terminated with prejudice.
you test all patches before deployment.
Time flies like an arrow, fruit flies like a banana.
It's not yummy.
-pyrrho
If any confidential data gets out, they've got a huge lawsuit on their hands.
It's called spyware. These eople have obviously installed KaZaa.
On a related note, anti-virus programs is one place where I can actually see a potential useful application of "trusted computing" (no, not necessarily Palladium). If there could be some way to to tell the OS "Look, I don't care if you're the administrator or not: the only programs that are allowed to terminate the anti-virus scanner process are the scanner itself, and, say, Task Manager". By using keys to prove their identity, it _might_ make it a lot harder for virii to terminate anti-virus programs. (Note to slashbots: I'm not saying Palladium is good because it will do this (I don't even know if it does). I'm saying this is one potential application of some as-yet-undeveloped implemenation of "trusted computing".
There is no sig, there is only Zuul.
Any readers in the UK with Sky Digital, switch to channel 268.
Overnight, the channel plays a Flash-based word game, where viewers SMS in answers. It's running on a Windows PC, and the screen currently being broadcast to 7 million homes is....
McAfee dialog box: 'bugbear.b High Virus Advisory....'
Hmmm.
(wandering OT - the channel, 'Friendly TV' is apparently being run by students on work experience. A nightly live-broadcast show is 'Girl Talk', where... girls... talk... about... things. Whatever comes into their heads. Oh, and they get progressively more drunk as the evening progresses, which no doubt helps.)
What's the frequency, Kenneth?
Am I the only person who's tired of hearing about the latest way for idiots to screw up their computer and infect dozens of other computers used by similarly idiotic people? I mean, come on... Haven't there been patches and security measures around for years that prevent viruses like this one from infecting your PC?
I guess it is helpful for admins to see virus warnings on slashdot though.
using namespace slashdot;
troll::post();
MSN Messenger normally connects to remote port 1863. It doesn't listen on any local ports, and the local port it connects from is usally random (and definitely not 1080).
you know..
for the longest time, i've been attempting to defend windows ever since 2k stopped being the 'absolute junk' syndrome. i read about this earlier in the day, and started ranting in irc.
well, since it's easier to bitch than act, i decided to act. i went directly to the local apple store and bought an ibook.
i have -never- been happier. this is literally the best of breed machine i have ever used. all the benefits of unix without the hassle of windows.
so, this is totally offtopic, but as a govt. employee who deals with this sort of thing every day, my old home pc is now strictly a local lan CF/oracle development box, and every damn machine i buy from now on will be apple.
Are you MORE than your SPINAL COLUMN?
Not really a good comparison.
On a server the vulnerability would have to target an exploit in a daemon that accepts network connections.
On the desktop the vulnerability, more often than not, is the user's tendency to execute anything that claims to contain pr0n or similar. These viruses make up the bulk of Windows-targetting viruses. The virus gains entrance through the user and then runs amok from there.
Proof of this is in the prevalence of viruses called "Amish viruses." These aren't actually viruses at all. They're simply chain letters that read something to the effect of, "hey, found this virus by the name of better delete it and pass this on to all of your friends!" And the user, not the CPU, carries out the malicious instructions.
So, if Linux wishes to avoid this issue on the desktop, where users will both likely have permissions way too high (i.e. Lindows with root) and be willing to run arbitrary binaries, they better take notes now. They also better invest into antivirus technology. Sure, maybe you can keep up with the relevant patches to keep your server secure, but it's hard to make the desktop world foolproof when fools are so ingenious.
Oh, and P.S., since you mentioned running Debian, have you made sure that you've patched all 87 security vulnerabilities announced so far for the year 2003?
If your ocmpany got hit go ask your network admin why they aren't blocking ANY executable email attachment. Then go ask their boss.
IT'S NOT HARD PEOPLE.
These machines are unlikely to be interfaced with a public net at all, especially not sitting on a fat pipe; but many of them have to network _somehow_. Regular modems, ISDN, etc. aren't quite dead yet.
"BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
The people that open these attachments aren't system admins. They aren't network programmers. They aren't even computer literate half the time. Most of the time they treat the computer like a magical device that mysteriously allows them to type and send mail very fast. My mom doesn't even know what a zip/exe/jpg file is. I think it is hard for us to imagine not knowing what we know about computers, but the fact is, that most people using computers don't know a fraction as much as anyone reading slashdot. In fact, most of these "virus" are technically trojans. They are all exploiting the ignorance of the user to mass infect others. There is nothing any operating system can do to stop this. If we were all running Linux, more people would be tricked into running as a SuperUser or Root or some other exploit virus programmers would find. In the end, it's not which is it the right operating system, but have we educated the person behind the machine.
Instead of a headline like "Dangerous Fizzer Worm Attacks the Internet," how about "Thousands of Morons Open Obviously Virus-Laden E-mail Attachments"? I kind of like it. It has a light, comedic feel similar to headlines found at The Onion.
Chris
www.koozie.org
Has anyone ever pondered this before?
Over the past few years, technology has advanced greatly in area of computer security. There was a point in time not very long ago where the word "virii" was just another ancient, arcane computer term that gathered dust on the history books.
It was not long after that I noticed several companies like Norton and McAfee begin to develop and release extemely enhanced versions of their anti-virus products to the home and business PC market without any reason whatsoever.
A few months after that...BOOM!! The Internet was virutally TEEMING with all kinds of new, weird bugs the likes of which had not been seen before. Magically, the before mentioned companies Norton and McAfee had patches and updates that seemed to erradicate the problem.
Let's face it, it seems to me that the very source of virus activity today are the very companies that offer the solutions. Has anyone ever thought this before? -- companies that hire hackers, supply them with all the info they need to exploit well-known weaknesses in computer systems that the average hacker may not even know about, and then allow these same people to release their creations and allow them to go on a rampage for a few days before the corporation swoops in like Superman to save the day.
Think about it.
In addition, it uses a particularly nasty flaw in Microsoftâ(TM)s Internet Explorer program and its implementation by Microsoftâ(TM)s Outlook e-mail reader that allows the virus to infect machines whenever a victim simply previews an e-mail message loaded with the program.
Yet (as of this post) CNN mentions nothing of the fact that this is another virus that takes advantage of a Microsoft flaw...
And at the bottom of the MSN page"MSN - More Useful Everyday"
ah the irony of having your own news company...
some undocumented feature
Yeah. Undocumented. Because they weren't done monkeying with the way it works. Imagine that, they changed it. How rude of them.
Do not click on the attachment!!!
I feel better now.
My rights don't need management.
I don't know anything about linux, but couldn't you theoretically write a virus that disabled the file protection crap at the kernal level so it didn't matter if you were root or not?
What do you mean? Linux is my sex life!
The other day a program suddenly appeared on my computer. I assume that while trying to close popup windows i accidentally clicked "yes" to one of those damn "install this plugin" boxes. It is called "dlres.exe", it is in a folder named "Webdailer" in program files and there is a shortcut called "li-speed" followed by some numebrs on my desktop. If i delete any of these, they are back the next time i start up my computer, and the app launches. It seems to be a dial-up 900 number to some kidn of porn service and when i try to remove it in Add/Remove programs all i get is an error message. In german.
I ran AdAware and it found a numebr of items, including one called (i think) e-dailer, but after removal everything reset itself after startup.
Anyone have any recommendations?
...is one involving how it handles MIME types, especially within IFRAMEs. What happens is, the message headers will say it's one type, such as audio/x-midi, while the payload is really an EXE file, sometimes misidentified as a .bat or a .pif. The unpatched Outlook or OE thinks, "Ah, a MIDI file! Let's play it!" and blithely passes it to the OS, which thinks, "Ah, an executable! Let's run it!".
One more example of why HTML doesn't belong in email, aside from web bugs and other BS.
Oh, no! You have walked into the slavering fangs of a lurking grue!
Because there's nothing quite like a 100,000 machine-strong DDoS network of Redhat machines on cable modems. I hope you meant that if machines are not repelling attacks, then that would prompt bug fixes. However, as you see in the Windows world, most attacks are targetted at already-fixed issues. The machines that get infected are the ones that didn't stay up to date (or in lots of cases a few years ago, were running software they shouldn't be running, like personal Redhat machines running BIND because it was installed and started by default in an "install everything" scenario, the installation option used by most newbies because they're afraid of missing something during the initial install and not knowing how to install it later).
No, successful virus/worm/hax0r infections are never desired. Better for the issues to be found by competent and moral ("moral" being that they don't use the exploit maliciously) people before a major virus or worm is written. There are excellent patch distribution channels for both Windows and Linux these days. People really should use them. And for production servers that don't use them because they need to do validation before deploying the fix, they need to get off their asses and do the validation. There's no excuse for a 2 year old bug causing issues now. That's 1 year, 11 months, and 3 weeks of laziness (assuming it takes about a week to do a validation and deploy the fix and any resulting changes).
a.) Everybody decides to hate Linus.
Not likely to happen. Linus is a genuinely decent and nice person. While there will always be the odd person who hates everyone or who hates someone for some obscure reason, its unlikely that a significant number of people will ever have a reason to hate Linus.
b.) Linux machines can be counted in the millions.
They already are, even if you just count the number of servers sitting out there attached to the internet.
The difference is that Linux is generally more resistant to attack to begin with, especially in the default installs of recent versions. There are a number of inherent design flaws in Windows and a number of historical anachronisms endemic to the typical Windows environment which make it more prone to viruses, worms and trojans than a *nix like OS. Linux is also more likely to be installed and administered by people with a clue than Windows is, and that makes a huge difference. If a huge number of the typical lamers that mindlessly use Windows start using Linux, then it may start to have a few more problems, but I suspect still far less than Windows does.
The safest platform to be on is the obscure one with few people using it.
A bad assumption. Security through obscurity is not valid in practice. The platform still has to be secure even if it is obscure, because unless you are the only user of all the relevant code it runs, you can't depend on someone else not being able to find a weakness. Even that isn't a guarantee, since crackers could still probe from the outside and possibly find vulnerabilities.
I knew that damn little teddy bear icon in my windows directory was up to no good!!!!!
"Would it kill you to put down the toilet seat?" -- Maya Angelou
you can't fix the people who are morons, which is where the real problem lies.
--Lawrence Lessig for Congress!
Has anyone else been getting TONS of e-mails with random subjectlines lately claiming to be from "support@microsoft.com" containing (one assumes) some kind of virus in an SCR file?
What virus is that, anyway?
I just bought a 17" iMac and never turning back. Soon i will replace the other non development machines with Apples.
You can fix the OS, but you can't fix the users. People who get hit by this have nobody to blame but themselves (or their Windows administrator).
Microsoft fixed this vulnerability more then 2 years ago. Why do people not update their software?
According to Symantec, Bugbear.B "uses the Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability".
"Can of worms? The can is open... the worms are everywhere."
...not dead?
-pyrrho
Well then, any admin who runs outlook (or any email client, or browser, or ANYTHING that could potentially be comprimised) on a production server that absolutely can't stand to have any downtime needs to be terminated as well.
Username taken, please choose another one.
"Welcome to wind0ze, haxz0r, who would you like to (distributed)DOS/mailbomb/infect today?"
-- Windows Vulneribility (TM) 2005
I don't use Outlook!
neener, neener, neener
Seriously, why not pick a mail client which is free and dosen't have 90% of the exploits written for it?
Probably, but that would be a lot of work. More likely, you could just use one of the many local root exploits over the years. There have been quite a few, and I'd bet there are lots of people that are still vulnerable ("A local exploit? But I'm the only user on this system. I'm not going to bother with it."). Of course, now you have to find some way to get the user to run your script or executable that exploits the bug, but I'm sure there are ways to do that (even if it's just social engineering, which is what a lot of Windows e-mail viruses do). And then you're in, with root permission.
And of course, even without root permissions you can still screw stuff up. How about a virus that destroys all of your documents/mp3 files/pr0n? You don't need root access to do that if your user has write access to it already (and you surely do, or how could you update your documents/mp3 files/pr0n without always going to root?). And worse, there are distros like Lindows that encourage you to run as root (well, it used to, does it still do that?), which would make compromising it even easier. Of course, there's probably only a couple tens of thousands of people running Lindows, compared to millions upon millions of Windows users. What hax0r would waste his time on such a small target?
And McAfee seems to disagree with you about when this was discovered.
He was remarking about when the security hole in IE, that this virus exploits, was discovered and patched not the date this virus was discovered.
Slashdot, home of supporters of free software, free music, and free speech.Except for Moderators that disagree with you.
So you absolutely can't afford a few hours of downtime, yet you run OUTLOOK on it? moron.
Username taken, please choose another one.
1080 is the default port for a SOCKS proxy. Perhaps you see all those ports open on your network for a reason.
'Same speed C but faster'
Outlook isn't ready for the desktop.
Windows is just fine if you don't use outlook.
GoatPigSheep, the 3 most important food groups
One interesting thing is it opens port 1080, which is normally used by MSN messenger
Sounds like you're using a Socks server to connect to MSN - 1080 is the default Socks proxy port, not MSN messenger.
yes, but you'd have to be root for it to work
It tends to come as a .scr, .exe or .pif file. And it has all the typical hallmarks of other massmailers.
I spent several hours today cleaning computers in my office, all tyhe while getting sends from over half the free world, it seemed, with more copies of the blody thing on them.
Antivirus companies were on high alert Thursday
Ahem, I believe you mean "Antivirus companies raised their threat level to orange on Thursday"
... to reply to mi2g claims that Linux is more hacked than Windows. Now you have hundreds of windows computers in your near vicinity waiting to be hacked thru port 1080. I think that at the rate of infection of this last worm, in very few days (sunday?) will be the most widely distributed computer worm ever.
Indeed, I've noticed a number of these emails today - I'd click on it, have a laugh and delete it.
Of course, I run linux so I am completely immune - windoze users, do not try this.
Microsoft is a shit company for putting out crappy insecure products in the first place, but my main beef is with the stupid fucking morons who use those Microsoft products and don't maintain their computers.
A patch for this hole was out two years ago.
Fixes for Nimda and Code Red have likewise been out for a long time.
Ditto fixes for SQL Slammer.
But guess what I still see in my firewall logs? Let's take a look at some excerpts, shall we?
6/3/03 3:24:04 Trigger IP Addr: 195.199.65.173 TCP Port: 80 Svc: Nimda 3600 secs
6/5/03 17:46:47 Trigger IP Addr: 66.117.200.191 TCP Port: 80 Svc: Code Red 3600 secs
6/5/03 22:04:55 Trigger IP Addr: 63.79.176.247 UDP Port: 1434 Svc: ms-sql-m 7200 secs
These are just the most recent occurrences, but my logs are jam-packed with them. 132 Slammer hits in just the last week. Still plenty of Nimda and Code Red. And I won't even mention the thousands upon thousands of hits in my log from machines looking for exposed Windows shares on port 137.
I just looked at my system tray, and guess what wants an update? Norton....freaky. I use Mozilla for mail (Lookout Express is on only because I haven't removed it...no Outlook)
How does one go about removing Outlook Express from XP?
Do I dare update?
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Stupid was your word. I'd prefer to call people like that ignorant. Of course it's not true that the user has to do anything to be the victim of one of these worms. They take advantage of flaws in M$ apps, like an email clinet that loads sound files automatically. The user never knows what hit them. You knew that because you are so smart, right?
People who trust Microsoft agian and again, now that's stupid.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
that's not really true though, since there are holes in windows that have been there since windows version 1. Sure there are holes in any program, but at least most of the unix/linux/macos viruses don't cause the computer to crash. In almost every case, unix/linux/bsd viruses are really just exploiting a single program.
Why read the article when I can just make up a snap judgement?
"The amount of work required to keep up with just doing updates has finally gotten to me."
And everytime you update, the EULA terms change,
you don't know if its going to break anything, and the system settings change.
I found it particularly annoying when microsoft updates change settings that re-enable auto-sending of information back to microsoft.
We Mac users never get to share the fun. :(
I've gotten a few of these already. Anyone know how many different combinations there are? I want to collect them all! :)
Luke-Jr
You're an idiot
I'll believe that when Apache is rooted more often than IIS. It's surely running more sites.
we really need a (-1, Stupid) or (-1, Wrong) moderation.
You gotta hate programs that try to be "helpful" by doing stupid stuff like downloading images and running executables in an email from the PREVIEW pane.
Gee...should I download the latest MS update to protect myself against this, or should I wait (I was one of those unable to connect to the net last week because of a Microsoft Update)?
McAfee lists the patch with a link to:
Microsoft Security Bulletin (MS01-020)
Incorrect MIME Header Can Cause IE to Execute E-mail Attachment
Originally posted: March 29, 2001
Not the iframe hole you mention.
Slashdot, home of supporters of free software, free music, and free speech.Except for Moderators that disagree with you.
ANYTHING that could potentially be comprimised
I guess that includes Windows then... thanks for the advice.
I hate to sound like troll, but can someone please me, WTF is this all about?
I'll tell ya what I think... M$ sponsored FUD.
When has a Linux Box _ever_ been the root cause of crashing the entier internet?
Karma: The shiznight, mostly because I am the Drizzle.
Just wait until:
a.) Everybody decides to hate Linus.
b.) Linux machines can be counted in the millions.
a. is unlikely. How can anyone hate free software? Oh yeah, it's putting you out of business. Microsoft does an admirable job of astroturfing congressmen and Slashdot, but they have yet to put out a good free software worm. The intersection of people with the skill to write free software worms and the number of people who hate free software is vanishinly small. Competent people like free software, get used to it. Windoze on the other hand is just about universally hated and just as easy to break.
b. Linux machines can be counted in the millions. Desktop machines. If you figure 10% of US desktops are running some form of free software, you get millions of computers. The rest of the world has plenty of free computers as well. Yet I don't see anything breaking down mutt, pine, balsa or even Mozilla's email client. AOL's windowze messenger once had a problem but only on Microsoft platforms. GAIM and others had no peoblems at all.
To sum it all up for you, nothing is as bad as the Microsoft monoculture of poor quality software. Free software is more diverse, of better quality and is universally loved.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
this virus attempts to spread via the LAN.
it is not soley email borne.
liqbase
"MSNBC is reporting that yet another active worm is taking over computers in 115 countries today."
Uh oh... [boots into linux] ahhh...
Our University is being hit hard, especially because almost all classes and departments have these massive listservs and the listserv software is so archaic that it doesn't have viral replication blocking. Oh well, at least I get the personal enjoyment of reading other people's e-mails that get cloned. So far I've got 2 that involve people talking about me behind my back. There's always a golden lining people.
It's not stupid. It's advanced.
Linux is dominant on the web - the number of domains hosted on linux/apache is greater than those hosted on windows pcs running iis.
But, the overwhelming majority of web security problems is with, you guessed it - iis.
Or your copy paste is wonky.
Yeah, just imagine if something like Apache gets popular, imagine the havoc people could cause with uptimes on those OS's.
Yes, the server community is different from userland and every piece of software will have its flaws, but popularity is not proportional to the amount of worms and viruses, lack of quality is.
Bad boys rape our young girls but Violet gives willingly.
do i know that openme.doc.scr is probably a virus? yes.
.exe or .scr file on their machines to see which ones may or may not be a virus.
do the users know that openme.doc.scr is more likely to be a virus than flowerbox.scr? no. why? because they don't give a crap about their computers. they want to get their work done, done scroll through every possible
if it says "This is a virus, kill it" then you have a prayer. if it says "This might be a virus, but then again you have hundreds of files on your machine just like it that aren't viruses, so you figure it out".
guess what, user goes Huh....?!? and moves on.
The difference is that Linux is generally more resistant to attack to begin with, especially in the default installs of recent versions.
:S that would worry me - and NO i wouldnt want to see this on sourceforge)
I'm sure there are also still *plenty* of Linux boxes around that werent installed with a recent version.
The vulns exist, but lazy virus writer toolkits arent available for linux (yet?!
liqbase
there is a very simple solution to this. don't open dangerous e-mail attachments, and use Linux. Don't believe it worx? try it urself
microsoft was able got most customers locked in, and allowed all the bugs to continue. thus, they provide the compelling reason to upgrade. 1) you can't switch platforms, and 2) you can't stay with their insecure platforms. genius i tell ya, pure genius. (maybe SCO patented that, i don't know)
My problem? I was perfectly gruntled, until some numbnuts came by and dissed me.
I'm not going to defend Microsft, but I will defend the users. This worm sends emails that look VERY much like ones that a user has sent or received. It really is a well designed "social engineering" virus.
Since our users had not had a virus hit their desk for 2 years, thanks to NOD32, they were really not expecting this one!
Cheers, Ben.
The entire physics department here got an email with the subject line "Re: hep-lat 020711 daily received" with the pif attachement.
.pif file)
hep-lat is the Los Alamos eprint Archive subject code for high energy physics on lattice models. The email refers to a paper on "A new proposal for the fermion doubling problem" which is supposedly attached (instead you get the
The subject line is matched amazingly well to the recipient list. I thought "that looks interesting, I might have a look even though I probably wasn't supposed to get it."
:wq
And be given a pair of concrete slippers as a parting gift.
I don't see how this is a troll. His post is completly fact. My roommate has been infected with worms and viruses- he even has this one and he's behind a router AND a proxy! Noting the fact that they are all windows boxen, what does this tell you? Windows simply sucks. End of story. Even people who've written worms/viruses for various GNU systems don't get very far because of the inherent nature of the Linux/BSD etc.
/. so they're not technically minded (think mom/pop/grandparents here)
It's a fact that the default install of a windows machine versus a GNU system is insecure. That's all there is to it. Just because it's the "fault" of Joe Sixpack they have the virus doesn't make it completely their fault. I don't like using windows update because it'll break the windows systems i do admin. I have to run through it manually and double check everything. With linux, crap. Just throw up iptables/ipchains or use your firewall of choice.
Point being, the end user is a moron. They don't read
Oh yeah, one more thing.. When HAVEN'T you walked into a bank and seen shiny new dell machines on desks and behind the tellers?? hmmm?? Thats what I thought.
ps. reread this before you moderate and really think about it.
I'm not saying it's a conspiracy, but it does say alot about how people we can expect people to understand, and how Microsoft is so ingrained they don't even think of switching.
There were five topic icons for this story: Security, Technology/IT, Software, Windows, and Operating Systems. Everything on /. is Technology/IT. Should that icon even exist? Windows* is a subset of Operating Systems, which is a subset of Software. Since we all know that, the last two are redundant.
The only topic icons that really make sense for this story are Windows and Security.
Is there a compelling reason to have so many topic icons, or are the /. editors just infatuated with their relatively new multiple-icon toy?
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
handy little solution that has been around for a while.. (jpeg image file)
+++ David Watts 5495 0.0 0.5 1888 884
The main reason why *nix boxes don't have anywhere near the number of virii infect them is because the average *nix user has had to set the box up themselves and had to go through the learning curve that is involved in that. Anyone who has got enough knowledge to set up a *nix box (and in reality most people that accually are able to install windows) have enough general computer sence to not catch virii. I personally hate virus scanners as they just take up my resources. Periotic scans let me know that I am not just overconfident that I am invoulnerable, but infact paying enough attention to what I do on a regular basis to delete the emails with attachments like 'happy99.exe' even though I don't in truth _know_ that it is in fact a virus. *nix isn't really a safer OS from virii, it just has a better trained user base.
that's not really true though, since there are holes in windows that have been there since windows version 1. Sure there are holes in any program, but at least most of the unix/linux/macos viruses don't cause the computer to crash. In almost every case, unix/linux/bsd viruses are really just exploiting a single program.
The point being...? Really, you have done nothing to assist our underinformed cyrax777. Let me help, please.
First, causing the box to crash or not is irrelevant, as is what program allowed the compromise - a compromised machine is no longer yours. Time to re-install the whole machine.
The reason *nix is much harder to infect in the first place is users run with user privileges, as do all the child processes that they create. Thus, the e-mail client cannot over-write any system files since it lacks the autority to do so. This is where "rooting" the box comes from - you need to elevate your normal privs to super user status in order to do any real damage. You can tell most *nixes that "This user account can never elevate it's priveleges", and it likely never will. System services, like say the Apache HTTP server, are usually set up to run as under-priveleged users as well, so compromising them leads to even more difficulty controlling the whole machine - there's very few opennings in the *nix security armour. In contrast, right now my XP laptop is running login.scr as SYSTEM. Yup, a screen saver with system level privs. IIS on NT/Win2K is the same way - out of the box it runs under the SYSTEM account. If one of these is compromised, it's not your machine anymore. Now you know where a lot of the issues with Windows security lie.
This reflects one of the design philosophies of *nix: only give users the privileges they need, and have a huge, well defined wall between them and the system. Windows seems to come from the other end - give it all, and try to take away what's dangerous. IMHO, that's where Windows fails - miserably.
Soko
"Depression is merely anger without enthusiasm." - Anonymous
"Bugbear.B, a variant of a worm released last year, installs keylogging software, back-door software, and in some cases even attempts to control infected computers' modems. "
:-)
It slices, it dices....
The race isn't always to the swift... but that's the way to bet!
My cable modem is steady lit over here.
Sorry but enterprise level and MS do not belong anywhere near each other despite what MS wants you to believe. I'm an MCSE and I can't imagine running critical services on the MS platform, user authentications, file sharing, and printing sure, but as an application platform windows server is just too bug ridden.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
I'd like to see a decent grind against Linux boxes. If we haven't been dreaming then the h4x0rs shouldn't get very far. (Dreaming because, for example, in Korea, they used a single failed install. Many open proxies.) I'd like to see an attempt against Linux. It would keep peoples toes in the air. (Or some-such.)
One line blog. I hear that they're called Twitters now.
Here's a secret you might not know:
On Unix/Linux Desktop systems there is nothing on the system as important as the user's data in his home directory.
So the whole notion that trojans/worms etc. can't hurt the systems that 'mere users' will be using as there is more and more of a push to Linux desktop systems is just plain nonsense. If it wipes out an employee's whole writeable diskspace, it's done all the damage it could possibly do. Nobody cares that everything that rolled off the Install CD is still there and might even be pristine.
"ads" is the appropriate abbreviation for "advertisements". You'll notice that "advertisements" has only one 'd'. "Adds", or the singular "add" is the abbreviation of "addition", or in most cases the plain version of the verb, as in "to add".
The fairy says, "using 'adds' can confuse the reader by making them think that you may be referring to multiple additions."
*sprinkles some magic grammar dust*
yep and just as well anyone who is running outlook on a production server and who has a two year old vulnerability unpatched needs to be terminated with prejudice.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Comment removed based on user account deletion
Excuse me, but that is the wrong removal utility. The correct one is here
rm -rf sig
My attachments do not get opened -- even in previewing the email -- until I open them myself. That said, I delete anything suspicious. I have not seen this worm as of yet, and I do use outlook. so how exactly does it execute itself in the previewing?
Click here to download a patch which will solve all of these problems.
On my desktop computer I once got hit with a bad Norton Antivirus update that ended up causing the virus scanner to do about 10 seconds of needless processing every time I ran a new process... needless to say, I thought I had something seriously wrong with my computer until I determined what happened.
So, you can't even blindly trust that a Symantec virus definitions update won't cause unacceptable performance from your must-be-up production server... so you're damned if you and damned if you don't. Still, I'd say frequent virus updates are the safer bet...
Note: Not a flame to parent post...
:)
now if they'd only bought the firewall solution from us that stripped email attatchments based on mime type and/or file extension
I have had it up to here (pointing to head) with all this BS with email worms/virii and the media. They are not email worms, they are Outlook worms. I could sell someone an attachment stripping solution but that is irritating. For every bug it strips out it will strip out a legitmite file as well.
I just don't know what to do with people... Every time one of these god damn things coms out, my phone starts ringing off the damn hook, hell I can't even get a straight 8 hrs sleep... (one dis-advantage of home office) and every time I tell people the same damn thing. Outlook is a worm/virus magnet. Don't use it. There are many others. Bad people target Outlook for a reason, don't give them the oprunity to hit you. Its that simple. And always check attachments before running them regardless of what email client you are useing or who it came from. But they just don't listen. Do they think I am full of BullSchnitt or is being used to infection and calling me easier than learning a new mail client.
Does anyone have an idea of why end users use the software they use in the face of all the reasons/reccomendatios not to?
Came with machne so it must be good?
Everyone else uses it?
What?!?!
On The Other Hand..... I wil be making lots of cash in the next week... so mabey I should not be complaining
For every person that finds the silver lining of that cloud, there are 100 that just died from lightning
Backdoor routine
The worm also opens a listening port on port 1080. A hacker can connect to this port and perform the following actions:
Oh yeah, I configured my machines securely.
Blame Microsoft all you want, but educating yourself will solve a lot of problems.
First, run Office Update so you have at least Outlook SP1 (SP2 has been out for a while, in fact). Next, add the following value to the registry:
i on s/Mail
HKCU/Software/Microsoft/Office/10.0/Outlook/Opt
REG_DWORD: ReadAsPlain = 0x01
Outlook will convert all HTML to plain text before rendering it, and turn all embedded images, etc into attachments.
Thought I'd share that little tidbit.
Uh, eBay does and I don't see them down... evar!!!1!!
Yup, your right on the money. I am a programmer for a fortune 500 company and our admins would NEVER run winders update on our production server. I work with some of the admins helping them with a Linux/Unix migration since we are moving most of our platform to Linux/Solaris (thank GOD). When there is a patch for the MS vulnerability of the week, they test in in a huge test lab on its own subnet away isolated from our network. Many times things come crashing down because of stupid undocumented changes. Anyway, you would have to be a nitwit to run winders update on any server that you depended on.
If Tyranny and Oppression come to this land,
it will be in the guise of fighting a foreign enemy. -James Madison
The whole root-user argument is completely irrelevant when you're talking about a consumer (read: single-user) install. In many ways I think it might even be a worse situation than Windows on the desktop because obviously it lulls certain people who don't think about the situation deeply enough into a false sense of security.
Who gives a flying crap if your /etc directory remains untouched when ~ (where the irreplacable files are) has been wiped out?
ps. reread this before you moderate and really think about it.
I did reread it, and I think you're more of a complete fucking tool than I did the first time.
"Oh, and P.S., since you mentioned running Debian, have you made sure that you've patched all 87 security vulnerabilities announced so far for the year 2003?"
Ever heard of cron and apt-get upgrade? Put them
together and you don't have to worry if you have
the latest patch.
How about when "Mafiaboy" used thousands of slave Linux boxes to DDoS yahoo.com and ebay.com off the Internet for a couple days?
Before Up2date and similar tools, consumer Linux installs were the #1 hacker attack platform. Remember the t-shirt "My other computer is your Linux box"?
I think I've seen about enough of this particular strawman.
Nobody has to run anything on these servers; all they require is network connectvity. These worms propagate via network shares as well as e-mail. All it takes is one infected machine with a persistent connection to any production server in a trust network to cause headaches.
BD Phone Home!
Shameless plug. Like you weren't expecting it.
In contrast, right now my XP laptop is running login.scr as SYSTEM. Yup, a screen saver with system level privs.
What's your point? The login screen saver logs users in, so it makes sense that it has some sort of advanced privileges. (Maybe it doesn't need all of SYSTEM, true...)
And the screen saver is well protected in winnt, believe it or not. It runs in a separate secure desktop, just like the ctrl-alt-del desktop does.
Now I agree that the security architecture of windows has flaws, but c'mon, there's got to be a better example than login.scr...
The following sentence is true. The preceding sentence was false.
Which is exactly why so many worms target Apache rather than IIS.
Batting down strawmen for 12 years and counting ...
BD Phone Home!
Shameless plug. Like you weren't expecting it.
I don't know about you, but I administer systems with hundreds or thousands of users. It's *their* data I wish to protect, not that of the irresponsible schmoe who ran untrusted binary code.
<OBSIMOM>
But if they ask me nicely, maybe I'll keep that backup tape away from the degausser.
</OBSIMON>
BD Phone Home!
Shameless plug. Like you weren't expecting it.
I switched, from running $ms's OS (used it for about ~10 years; sure I tried linux/bsd/other during that time, but I kept running $ms OS...). Until one day I got so fustraded of the restrictiveness/"things like this" in $ms software, that I backed up my privates files, reformated my HDD, and booted it with a pair of netinstall disks of Debian (of them all I tested during the years, I found it suiting my needs best, specially with KDE3.* coming out and all, *nix for the desktop got on equal-footing with any other established OS out there with this release).
Sure I ended up with a linux box, but that was just my chooice mostly because I'm a studend (don't got tons of bill's to spend on things like apple does... so cost is something I have to think about). So now you're asking yourself, did I loose any features by going with a free OpenSource over Proprietary? I have to say a firm "no". Going either one, I have to say you will always have the same features, though features sometimes don't operate in the same manor (I mean that sometimes you have to type different commandos, press different things, etc etc, I can't see things like this beeing the same cross-platform in every OS out there; but what really counts is that in the end they accomplish the same thing). Often, by going with a different OS you'll either spend more money or save some, rarelly will both cost equally the same (and yes, I saved and save many bill's with the chooice I made).
There's one thing I have to make sure people understand, is that OpenSource don't equall "free", or that it allways is free and will be, or that you can't make money by beeing a OpenSource'r, or by going OpenSource. All OpenSource truelly means is that for the price you pay for the OS (or software) you buy is that in that price the source code is also included; you get it free of charge so that if you want to improve your OS (or software) you can do so. Sure there is a licence you have to follow if you want to redistribute the code, but so is is with any other form (may it be propietary or opensource), just read the licence and stick to it. Back to the "prize"-thing, I didn't pay anything for the OS, but since when is that if someone gives away an OS (opensource or not) for free, that every other (opensource or proprietary) there is also "for free"? I think that if you think abouit it you'll somewhat agree with me that it's a case-by-case thing.
So, if you want to make money by useing something that is OpenSource, and the licence it came with don't go hand-in-hand with what you want, then you can allways write a letter/email to the creator and ask for a custom licence, and so can you with everything out there. Basically if you tend to offer some monetary compensation, I think most software can be licenced with a custom licence for you. Just because OpenSoure'rs don't allwys advertise this, don't mean you can't pop the question, and make an offer.
As Days pased, I leared all similarites and new functions my new OS had, as weeks pased I meet some setbacks (mostly because my unfamiliraty with the way you operated the OS, have to say, that everyone OS has it's own way to it and that it can take a little while to learn how to fully opperate it. What I found out is that no OS is better or wores then the other when it come to features. It all depended on mostly two things, a) "YOU", the human factor, the more your "into it" the easier things tend to get. b) and the big _one_, "Openness", is a key factor of the OS, and only you can be the judge of than (basically don't care what everyone says, though listen, do your thing and try things out, and at the end make up your own mind). I don't know if openness can be a negative, I find it a positive; and a positive thing I encountered in my chooice is that the creators, behind the softwares/OS I came to run, were extremely open with what was happening with their code, they didn't try to cover things open, you could subscribe to their mailinglists (dev or announcement lists, xor both) and keep up-to-date with what is r
I don't claim I know more than I know, and if you know you know more than I know, then by all means, let me know.
HAHA..
any admin who sets production servers to be
"automatically updated" deserves to be terminated
with prejudice.
Now this patch has been out for 2 years.. that is
PLENTY of time to realize the patch is worth
it, ESPECIALLY after the first bug bear fiasco.
You know, whenever I see an old Linux CD-ROM in a used book store or thrift store, it disturbs me when I think how many vulnerabilities are permanently etched as pits in the polycarbonate plastic.
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
I keep clicking on this .pif file in Sylpheed-claws and nothing happens.
:)
j/k
Frankly I dont know why everyone is getting these virii. I have never gotten virus on any of my personal email accounts. You just have to choose your friends carefully
I really dont how the first post can be redundant, is it becuase he said horray twice?
DON'T allow HTML in your e-mail. Plain-text only, please.
"Folks just call him Buckethead." -- Les Claypool
And is so stupifyingly simple that even a MS zealot could use it for his desktop?
Is that what you are trying to say?
Take a hike to www.netcraft.net Check the distribution of servers out there. then come back in and eat a little crow!
Not to flame the post, but FYI, I run a deployed server with Debian updating every morning at 6am. Every package on the machine is updated if it needs it. In fact, the major upgrade from 2.0 to 3.0 was done this way.
In over 2 years of running this particular machine, I've only encountered one problem with automatic updating. And it wasn't a broken update, but a maintainer tightening security that made some email clients not work. I had to tell them to use more secure means.
Says a lot about the stability of Debian's packages. When the Debian community calls it the 'stable' version, they mean it!
Disclaimer: The production server I speak of runs a few web sites, several email accounts, etc. There's only about 5 users active on the machine. If I was administering it for hundreds, I wouldn't do automatic updates (even with Debian).
In recent Mozilla versions, from the View menu while in Messenger, you can choose Message Body As/Plain Text. Works like a charm...
Oh, no! You have walked into the slavering fangs of a lurking grue!
Sounds to me like they don't use support branching in their revision control system. If they want to release a fix for old code, rather than branch at the release and make a fix, they give you all of the "goodness" that they've been working on in the meantime.
So, add bad version control to buggy, insecure code...
I agree with you quite wholeheartedly. What is the downfall of your argument is the assumption that people will patch because it is good for the software and for the general health of the computer. A great deal of people, though, donâ(TM)t patch their computers. Even with automatic update, it is still a hassle to reboot the computer every time the damned icon appears, so many people just ignore it. Moreso, Office does not have automatic update.
If you truly want to be worm-free, the same advice goes for all E-mail clients: Be well-informed, and update often. Use anti-virus software, but, no matter what you do, donâ(TM)t become lazy or ignorant.
Good luck, everyone
<assume bugs bunny martian voice>
oooh! windows makes me so mad!
</assume bugs bunny martian voice>
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
add the following value to the registry:
i on s/Mail
HKCU/Software/Microsoft/Office/10.0/Outlook/Opt
REG_DWORD: ReadAsPlain = 0x01
Outlook will convert all HTML to plain text before rendering it, and turn all embedded images, etc into attachments.
And people claim that Linux (UNIX, whatever) is hard to handle.
So many of you are way off on your understanding of this worm.
I ran into this early today. I recognized it as a bugbear virus but inoculateit wouldn't detect it as anything. I reimaged the machine and then loaded up a web browser and noticed an article on yahoo about a bugbear varient running wild..
To get this you do not need to open an attachment. Opening the message is enough. Supposedly there is a patch that was out 2 years ago that should have fixed that bug. I decided to test it with an image running the latest patches on office/outlook 98 and win 98.. It also had the latest of all the windows update patches. Still it was able to autorun. Anyone know what's going on and if there is really any truth to a working patch existing?
Some people were saying to block attachments of those types. Sure, blocking scr files may not be a bad idea but a lot of people send exe files, at least in the windows world. It's useful. Of course we could rename files but why do that? We have a virus scanner that should be watching out for these problems.
Some people also tried saying nobody should use outlook. Welcome to the real world. Outlook with it's calender sharing, tasks, email, etc is a standard that many people expect. Nobody likes change. We are stuck with it. I'd get rid of it and all the windows servers if I could, but that's not going to happen any time soon.
I should note inoculateit/CA finally released new definitions a few hours after I got infected today.. At least that should solve the problem for the future.
Some people were saying that nobody should be stupid enough to have unpassworded shares. You've never been an NT admin in the real world. A lot of older DB applications require shares to be writeable by everyone. Access is granted based on appropriate domain account access without any extra passwords. Unpassworded file shares are a commonly required..
I tried to bait this virus with a samba system with debugging on level 2 to watch what it would do. I set up a mini network, mapped the drive, copied files back and forth, let it sit, rebooted, etc.. The infected machine never once connected on it's own.
Does anyone have any real technical details about this worm? I'm tried of all the crap going around. It seems to me like a lot of things are being blown out of proportion.. It's time to look at some actual code or a real technical artical rather than listening to non-technical people try regurgitating some information that they don't even understand.
. . . by claiming through an open letter to the world that it owns some 'IP' in the virus' source code. Oh, wait... that doesn't work.
Patch the workstations, so they don't catch viruses through outlook/IE exploits. Then you won't need to install all of the patches on your server, because you don't run Outlook on it anyway. If you don't install Windows service packs and updates on the server, you're just asking for trouble. You'll have to accept the possibility of some downtime, just as you do with any OS.
Now, you don't have to worry about the virus spreading through the network because the workstations don't have the virus and the server doesn't either. Nobody has the virus.
I'm just about sick of people defending themselves by calling the opposing viewpoint a 'strawman'. It's not my fault that your argument is weak.
Username taken, please choose another one.
This patch for 2-month-old Windows Server 2003 "to fix a vulnerability that could let malicious sites run damaging code on the server."
Hilarious excerpt: "ALTHOUGH SECURITY EXPERTS â" even those at Microsoft itself â" had pointed to the companyâ(TM)s latest server OS as the first test of the software giantâ(TM)s massive Trustworthy Computing initiative, representatives maintained that the patch did not mean the release had been a failure in its security practices. 'It actually highlights positive progress in trustworthy computing,' said Microsoftâ(TM)s U.K. security chief, Stuart Okin, explaining that Server 2003 is significantly hardened in comparison to previous versions of Windows."
It begs some questions: if this is progress... if this is hardened... what's he smoking?
Help stamp out iliturcy.
I hope that I receive this soon. I wanna get it running under WINE, then those M$ users can't say that they have anything on me.
Well then, any admin who runs outlook (or any email client, or browser, or ANYTHING that could potentially be comprimised) on a production server that absolutely can't stand to have any downtime needs to be terminated as well.
Perhaps you might be able to explain how to remove IE from windows then?
Keep in mind, it loads at boot.
This particular wrom knows how to use other e-mail clients as well. However, suppose that suddenly everyone switched to Mozilla. Same stuff would happen. Why? Because if you send someone an executable and they run it, it will infect them regardless of the e-mail client they use. IF a different client was the most popular, it would simply be the most popular target. When something like a worm relies primarly on user stupidity to spread, it will hit stupid people, regardless of what software they use.
Windows is the same way. IF people run with user rights (not admin) they are prevented from hitting anyone else. They can even be prevented from running software the admin didn't install for that matter. Problem is, most people run as admin. IT is their box after all, they'll do as they please.
YOu'd have the same problem with Linux. First you have brilliant distros like Lindows that run as root by default. Then you'll have tons of people who log in as root all the time for dumb reasons like "I get sick of chainging users to do something" or "It's my system, I should be in complete control.
Linux does not have the ability to control stupid users, unfortunately. A good Linux system run by a competent admin sure can, but then so can any OS with good security controls. PRoblem is most home computers AREN'T run by a competent admin.
Perhaps you need more experience administrating real world servers before you go calling other people's arguments 'weak'. Applying patches to a production server is nowhere near the same animal as applying patches to your Dell running XP Home. Applying patches on 2000 machines is far from a simple task - especially with the frequency of patches out of Redmond lately.
As for accusing sysadmins of being lazy, incompetent, or outright negligent is not only disrespectful, it's downright arrogant of you. If you don't know what you're talking about, it's probably best to keep your mouth shut.
BD Phone Home!
Shameless plug. Like you weren't expecting it.
At least Windows has a standard place and sequence to store configuration information.
moderators where are you?
I hear the same thing from Doctors and Nurses all the time.
People these days are educated enough to know not to drink and drive, smoking is bad, and drugs are not good for ones health, yet they see people carried in every night for at least one of these either dead or on the verge of death with no return.
People either dont care or think it just wont happen to them is how I rationalize it.
I hate it even more when I know which person has the infected system that is forging my email address on outbound virus/worm messages, and I tell him, and he appears to do nothing about it. :-(
No Laughing Allowed!
Yet Another Windows Nuisance. Then at least the acronym for it would be apt for the reaction this sort of thing should have by now. This patch, that patch, blah blah blah... Security through reliance on patches is laughable, especially at the rate of patches being distributed. If reliance was on the core of the OS and patches were rare, then the YAWN reaction wouldn't be so warranted.
No Laughing Allowed!
I disagreed with one point the article made.
BugBear then goes searching for a modem, enables it, then tries to get the computer to dial out, probably to reach the virus author. âoeHe really wanted to get into those machines,â Kuo said. U.S. financial institutions probably arenâ(TM)t at risk from this technique, Kuo said, because most donâ(TM)t have modems attached to their critical computers any more.
Today I was at fry's electronics, and I saw a Quickbooks POS (point of sale, not peice of shit) system on display for small to medium business. This started getting me thinking back to my earlier days of consulting.
One of the companies I did work for had a retail chain of mall stores. At night the registers would dump their management reports to our AS/400 machine and someone would make neat reports out of them. It wasn't a huge amount of data, so each store would just phone home on those really nice $300 courier modems.
Most of our store managers kept in touch with us via outlook/exchange server.
Now another interesting side note is veriphone uses POTS lines for nearly %100 of their credit card processing. Tons of small stores have networks in them now, managers reading e-mail and such.
So which of these financial institutions has its shit so well together that they don't need modems? I just wanted to point out the author of the article is a stupidhead. Boo!
For me "Read all messages in plain text" is an option under the Read tab in the options. Putting this in the registry just a bonus.
Comment removed based on user account deletion
As long as you know login.scr is the real thing (as I do on my laptop, BTW) no problen, I agree.
A login.scr that sends "teh 1337 h4x0rz" your password keystrokes as you type them is another matter all together. OK, it's unlikely (with Windows File Protection and all), but not outside the realm of possibility - especially since the program is running with SYSTEM privs. If it was GUEST, I'd wager that the h4x0r in question might have a lot more trouble.
Soko
"Depression is merely anger without enthusiasm." - Anonymous
Just thought I'd note that. I use CTRL-U all the time, when I get spam that looks like it might be a legitimate email. I don't want to notify the spammers that I exist, so I don't want to view it directly. If I do discover that it is real, I can open it up on the other side.
Of course, if it comes through in an MS- extended character hash, I don't bother with strings. I just delete it.
----BTW.... on the topic of spam, I just figured out why (1) we can't get effective anti-spam laws, and (2) who's buying all that viagra. The issues are not as disconnected as people think.
The real reason why MS can't get its act straight is simple: there are too many damn versions of its operating systems.
http://www.securityfocus.com/bid/6205
Look under the vulnerable list...I spent 15 seconds holding down the space bar to scroll through them all.................
Must be a thousand separate products there.
yes it's quite clever. You sure know the people who always send you funny mpgs, jpegs, exe games etc? They CC to virtually everyone in their contactlist, so after a while you KNOW their mails contain attachments... And of course you will open them, just to have a laugh; I'm sure a lot of people get fucked that way, trusting their CC mailfriends... Is it stupid to trust those attachment because you ALWAYS get those from them? i guess so, if you own a PC running OE. Oh well...
Do you seriously not understand what he means or are you just trolling?
Sure, you can delete VBscript, then Quicken and QuickBooks quit working. As do most vertical market applications.
'Splain that one to your boss or IT.
This reflects one of the design philosophies of *nix: only give users the privileges they need, and have a huge, well defined wall between them and the system.
You're smoking a huge crack pipe, my friend. In unix, I need suid to change my password, 'fer christ's sake.
I mean, it's painfully obvious that you have no unix experience whatsoever. It's just sad that you got modded up on a site like slashdot, which used to be moderated by geeks.
Slashdot is jumping the shark. I'm just driving the boat.
You don't even need to reply at all- you obviously have nothing to say, and you know it. First you have your whole "STRAWMAN STRAWMAN STRAWMAN" defense, and now you've brought out your "YOU WHIPPERSNAPPER, RESPECT YOUR ELDERS!" arguement. Seriously, did you even read what you wrote?
As for accusing sysadmins of being lazy, incompetent, or outright negligent is not only disrespectful, it's downright arrogant of you. If you don't know what you're talking about, it's probably best to keep your mouth shut.
You sound like an old woman. If you can't do your job, I suggest you get a new one that you can handle.
RECAP:
If Microsoft releases a patch, and you don't apply the patch, and you get a virus that would have been prevented by applying the patch, it's your own damn fault. This is not open for discussion.
Username taken, please choose another one.
As long as Outlook uses IE to render HTML mail, it will be vulnerable. This integration bullshit from Microsoft has made vulnerablilities in one program affect many others. If Outlook was secure, it would have an option to turn of HTML mail rendering. If it was turned on, it would only be able to format text and layout, and download and display images (while checking to make sure that they really are images and not viruses/worms/trojans). And images could be turned off. This all seems like common sense to me, but apparently it's not common sense at MSFT, which makes it easy for worms like this to spread.
Sure, I use Windows. But it's the only MS product I use on a regular basis. I use Calypso 3.3 to read mail, which has HTML rendering turned off by default (and I keep it off). I'm typing this in Mozilla 1.3.1. They're both well designed programs that don't do stupid things like Outlook. Did I mention I've never gotten a virus? Well, I haven't. Ever. Sure, I've had the occasional Outlook worm mailed to me, but I'm not so dumb as to open the attachment (which has no way to auto-execute on my machine, by the way). Part of the virus/worm problem is stupid users, but another part is badly designed software, and most Microsoft software has historically been badly designed when it comes to security.
It's an operating system, not a religion.
Standard place? Where? In linux, 99% of the time it's in /etc
If you're not a Liberal in your 20's, then you have no heart.If you're still a Liberal in your 30's you have no brain.
Second, remove all wine references in rc3.d and rc5.d
Problem is, many of the vertical market packages for Windows won't run under user rights, they REQUIRE admin rights to run. Poorly designed, yes, but that's life (and Windows).
Mailers+4, the junk mail world would disapppear without it. Database and mailing list applications, volunteer management apps, you name it have this problem. I've seen snaky behavior with Quickbooks that goes away when run as admin, now there's bad news.
The reality is, Win2000 and WinXP Pro will always be run as admin.
Maybe, but due to the multi-user design of linux it is much harder for a program to obtain "root" privaleges. This alone will make worms and viruses much less harmful.
...And when they came for me, there was no one left to speak out for me." - Martin Niemoeller (1892-1984)
I hate to do this, but would someone please mod the parent up insightful?
You'll see that the parent poster specifically said Desktop systems.
The point here is that we're urging people to switch their home computers over to Linux because it's "more secure." But it's still insecure enough that a common user would be vulnerable to things at least remotely like this if Linux was popular enough among home users to be worth the effort to target.
And in any case, your point isn't Linux-specific: if I was running a multi-user WinXP system and a user without admin priviliges runs untrusted code, he can't mess up the other users' stuff either.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
all the more reason to use a Mac :-)
Seriously, as a Mac user since 1984 I have *never* had one of my macs infected with a software virus. I've seen other macs infected with the WDEF virus circa 1989, but that's about it. Even though Virex on OSX is total crap (why does it need to rescan all files - even ones that have not changed? takes hours and thus no-one bothers), I am yet to hear on anyone running OSX cop a virus. I get virus-spam that's annoying but I have not yet been infected. Not in almost 20 years.
Mac's are easy to admin, easy to keep up to date and apple are damn good at releasing security patches in a timely manner.
I used to have a better sig than this, but I got tired of it
It's unlikely that more than 1-2% of US desktops are running a Free operating system.
As for poor quality software, I suppose you haven't used BIND or Sendmail, eh? Even "better" software (Apache, Samba, OpenSSH, etc.) still has remote root holes not too uncommonly, and the Linux kernel has had hundreds of local root holes.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
Har har har!!!
Oh, wait, I better check my email too!!
Uhm, well, Kmail seems to be immune from all this script kiddie nonsense. Yes, Linux rocks....
Coming up on one year of using Linux and not one virus, trojan, worm, etc. yet....
Who me worry???
The scariest thing about this one, from my point of view, is that it's both professionally done and targeted.
A world of viruses written by amateurs out of curiosity or mischief causes sleepness nights and wasted work. A world of viruses written by professionals for well-defined ends is scary.
Financial institutions are going to need to take the same precautions as the military and sever the net connections of machines with sensitive information.
Standard place? Where? In linux, 99% of the time it's in /etc
And if it's a user-specific registry setting, it's in 99% of the time in
HKCU/Software/Company/Product
I mean.. How hard is it from there to navigate to 10.0->Outlook->Options->Mail? Seems fairly logical to me.
If it's a machine-specific setting, it's in 99% of the time in
HKLM/Software/Company/Product
Beware: In C++, your friends can see your privates!
Car crashes are common. I'm not going to walk 20 miles to work every morning because of the off chance I could be involved in one.
Do me a favor and double it!
In this case, other sites that covered this week's pair of Microsoft worms first -- and they'll cover next week's first, and so on. ZDNet, eWeek, Infoworld, Reuters, the Register and others covered it first. ZDNet has the bad habit however of sliding stories that reflect badly on MS quickly off the top pages and into obscurity.
Worms like sobig and bugbear only affect products with design flaws. Brian Valentine, senior vice president in charge of Microsoft's Windows development, said it best:
In short, there's nothing you can do to improve your security except upgrade to a different client: Mozilla or Opera instead of MSIE, Eudora or others instead of OutLook, OpenOffice.org or WordPerfect instead of MS-Office. Usually by upgrading you get better functionality, ease of use in addition to stability.Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
I wouldn't mind Outlook viruses and worms so much if they were really confined to Outlook (Evolution in Action & all that). However, they are putting a serious strain even on non-Outlook, non-Windows users.
I've never run Windows in my life, and I've never used Outlook or Entourage as my e-mail client. Last week alone, SpamAssassin caught close to 60 megabytes of spam in one of my accounts, the bulk of which was at least 649 windows viruses (I just counted messages identified by SpamAssassin as WINDOWS_EXECUTABLE). I also got several 100 bounce messages for viruses with my name forged as the sender.
What gives Microsoft the right to infest the world with mail clients that are so broken that even those who don't use them spend 60M of disk space and one hour of time a week just to clean up behind the crap they generate?
Let's make it illegal to use M$ products, in the name of Homeland Security. M$ will only be legal to sell to enemy countries, considering how easy it is to hack and comprimise it's the CIA's dream come true. They should encourage the enemy to install M$....
Death penalty for anyone caught using it. (M$ products)
Death penalty for anyone intentionaly attempting to spread viruses, hack into a system, etc..
Let's quit fucking around and put a stop to this..
My firewall logs overfloweth with M$ bullshit...
Call me a troll and Linux Zealot but you *KNOW* I'm right...
If you're indeed talking about running: I agree. But in some cases you have to install Internet Explorer on your server: manamgement modules for both Norton Antivirus and McAfee (ePO and AutoUpdate Manater) require it. And Outlook used to be required for the Exchange Agent for both Veritas & ARCServe backup software. So you're basically forced to install the latest versions of MSIE and Outlook in some cases...
Except with most/all mail clients for Linux (and probably most mail clients for Windows too; pretty much all of them except MS's) you can't invoke executable content without first saving it, and then going back and explicitly executing it from your shell prompt / Run menu.
This is again a false argument. If we all switched to Mac, the same damn thing would happen. All the virus writers would now targets Macs since that would be what the majority of people use. More security holes would be found in MacOS also since more hackers would be targeting it. IT just comes with being the biggest,y ou get the most people taking shots at you. Also, users wouldn't get any smarter running MacOS, the worms would come out and people would get infected.
The only real solution is to always use a minority sOS, but by that argument you ought to switch to something like VMS. I can't remember the last time I heard of a VMS exploit. Why? Well there are just damn few VMS systems in teh world. The Haxors, script kiddies and virus writers don't understand it to hack it. I could give most people a system account on a VMS box and they wouldn't be able to do anything. Take that, combined with the fact that infecting of hacking a VMS system does little good and so they won't even try.
So please, lay off the sillyness. We can argue all day if Windows or MAcOS or Linux is more secure and never come any close to the truth since there is just no way of knowing. They are allused on vastly different scales in in different roles so trying to draw comparisons is meaningless. However, any small actual increases in security are irrelivant to the main factor of popularity. If you are the biggest kid people WILL hack away at you the most.
Also I will mention in closing that there are many ways to screw with MAcs that just never got really published, again due to the smaller market share. For example I found some nasty things I could do with Appletalk in large networks since it doesn't scale well. Well these aren't a big deal since Appletalk isn't the protocol the Internet uses so you sonly see it on LANs and WANs. However imagine if Apple had been the one and only game and it was what we used to do all inter computer communication.
No company, or even group of OSS programers, is perfect. Bugs happen in complex system and that is life. Hell, a couple years ago a bug was found in teh old and open source BIND that basically affected all version ever. Despite countless hours of peer review and tons of revisions, it had never been noticed.
That's bullshit. You'll notice these things don't just use any old extension, they use executable extensions. If you setup your mailserver to strip .pif, .scr, .vbs etc you'll be in a much better world.
When was the last time you got a legitimate email with a .pif attachment? Never, that's when. I setup this on all of my clients networks and have yet to have grabbed a single legit email.
Which file under /etc? There are almost 200 of them in there, and most of them don't have logical names.
Life in Orange County
Anybody else notices that "Yet Another Windows Mas-mailer" acronyms to "YAWN" ? It quite accurately gives the average computer user's feeling about it.
This is stupid and obvious, but... why does Outlook allows users to execute any executable file send through email just by clicking on it?
I can understand that clicking on an attachment can open Word or Excel.
But in the real life, when do you really _need_ to send executables to your friends? Or maybe you need to send some app you designed, but in this case your friends can always save the attachement and execute it later. This is something nobody would make on untrusted mails.
{{.sig}}
Aren't you happy that Microsoft creates job positions ? what would happen to all the virus hunting companies if it wasn't for Microsoft ?
This Outlook virii thing is getting ridiculus. I am still waiting for an Outlook version that by default it does not run anything when opening a mail.
Since I have no mod points, I'll just post an "Amen".
/etc directory remains untouched when ~ (where the irreplacable files are) has been wiped out?
The whole root-user argument is completely irrelevant when you're talking about a consumer (read: single-user) install. In many ways I think it might even be a worse situation than Windows on the desktop because obviously it lulls certain people who don't think about the situation deeply enough into a false sense of security.
Who gives a flying crap if your
You'd have to be pretty clueless to lose your stuff that way. I run an rsync to another machine where all my home data is stored under a different password and kept up to date automatically. This is easy to do in Linux. There are lots of other ways to secure your files, that's just the one I use.
Anyway, root priviledge separation *does* help keep your home data safe as well. Normally somebody will need to get root priviledge before they can change any files in your home directory. Unless you do something really stupid like email your account password to a list of people you met on AOL, in which case, you probably need some pain applied to you, just to get your attention.
Have you got your LWN subscription yet?
As an admin who also blocks
If you just send
You're right though about the problem where one draws the line. With me,
So. I don't see the big deal. Root gives you zero security in situations like this, you don't have to be root to read through peoples email, nor send it. In fact, I think the idea should be scrapped - internal security is far less important than external security in situations like this.
Right. I'd never think to look in /etc/ssh/* for OpenSSH settings, or /etc/vim/* for VIM settings, or /etc/wget/* for ... duh.
"Verbing weirds language." -- Calvin
Listen mister, what you do in your home movies is your own affair...
Two wrongs may not make a right, but three
The answer is quite simple: because the operating system allows it. In the explorer, when you click on an exe, it runs. So in a mailer, when you click on an exe, it runs. That is the same handler.
.exe file as the data. the mailer checks, it is an audio file, so fine, pass it to the OS, this sees the extension, knows it is a program not an audio file, and just runs it. BOOM!!)
Of course, it is insecure. So in later versions, extra checks are installed that at least present some dialogue box (or in even later versions completely prevent running executables from mail).
Unfortunately, the whole mapping from "type of file" to "handler" in Windows is a big mess, and thus many bugs have existed in this area.
(the most famous one is the specification of an audio file in the mime-type and then passing a
I've been using it for years and it's the best email client on ANY platform (Windows or Linux). It's nearly impossible to budge people off Outlook, especially onto a client you actually have to *pay* for, but those that have moved have stopped running crying to me every couple of weeks with virus problems and their productivity has shot up. One of the nice things it does is refuses to run dodgy executable types (eg .pif), and those that can affect your system (eg .exe) it recommends you save to disc and virus scan it first (and importantly presents that as default option) though you can still run it straight off if you really want to. Thoroughly recommended. You can get it here and it will import all our Outlook stuff ok.
Phillip.
Property for sale in Nice, France
I donÂt know how this port 1080 works (and i like not to get this virus!) but could anyone write a utility to connect to port 1080, and drop a disinfector at the pc?
"executing format C:"
Will be just fine after they send a few hunderd mails.
"Nobody cares that everything that rolled off the Install CD is still there and might even be pristine"
I care. I care A LOT when my backup utilities still
work. So i can restore the BACKUPS I made of USER DIRECTORIES!
m.
IF people run with user rights (not admin) they are prevented from hitting anyone else. They can even be prevented from running software the admin didn't install for that matter. Problem is, most people run as admin. IT is their box after all, they'll do as they please.
One quite common reason for this is software developers writing programs which require this in order to actually work. Even though there is no actual reason for needing any privs in the first place.
I have had it up to here (pointing to head) with all this BS with email worms/virii and the media.
Um, the correct form is viruses.
Um, the correct plural form is virus.
It takes a little while to get used to all the files in /etc. The big advantage over windows is, though, that most of the config files are ascii files that you can easily manipulate with an editor in the command line. I remember having to click my way through several layers of contractable directories in order to reach a certain entry in the registry under windows.
The word isn't 'virii' it is actually 'viruses'
Just don't connect it to a modem or LAN.....
See my journal, I write things there
On Unix/Linux Desktop systems there is nothing on the system as important as the user's data in his home directory.
You can do a daily backup simply putting something like this in your crontab or in cron.daily:
tar -cjf /var/backup.tbz2 /home
But if someone get the root privileges, even the backup can be destroyed.
Moreover, root has more power then a simple user: he can set promiscuous-mode, he can bind socket on ports below 1024, he can use more resources, and so on, so if a worm| virus | trojan get superuser powers, he can do more dameges at the net, and not only at a single computer.
So, even if the computer is used as a desktop, you can limit the dameges done by a virus, simply not logging as root and being a little smart (doing backups).
I have a small Network with 11 Computers, 5 of them are not using windows. Since they are behind a firewall they can still be infected:
- by email
- by downloading infected software
- by using infected mediums
So, what is the best GNU sollution preventing your network from being infected, or alert the admin if a computer has been infected?
That's not a valid comparison at all.
You're comparing SERVERS to DESKTOPS.
Does Joe User who logs on to Chat know a lot about computers? Most likely not. Hence why they use Windows, because it is much more prevalent and user-friendly.
Now if the problems were caused by all the Windows sysadmins running stupid attachments, it'd be one thing. But that's not the case in general.
If you're going to make a "Windows sucks, Linux users rule" comparison, at least have some validity behind your comparisons. This isn't a flame, this is just common sense.
"PC Load Letter? What the $@#% does that mean?!"
Tell me, can it be activated by the "preview" feature of Eudora or Mozilla?
Will they open up attachments that you don't want them to? No?
I'd say that makes it a lot less susceptable to this worm, and a lot of others.
In fact, this is usually the case. E-mail programs normally shield execution of binaries from the user entirely until they say otherwise.
So as I see it, for MOST clients, there are only two ways to be subverted:
1) Rendering leads to hackability. However, most can only render html or plain text. Perhaps a vulnerability can be made on the html. Because of HTML's unbelievable simplicity (and the sandbox that is inherently placed upon it), though, that would be extremely difficult. Plain text should be impossible to exploit, unless the designers are very stupid.
2) Client could be attacked through it's connections to the internet
A buffer overflow attack via SMTP, IMAP or POP? Their simplicity makes it easy to write in such a way that the user can't exploit (besides sending billions of unwanted e-mails). Once again, the lack of complexity means that to produce an exploit the designers would have to be very stupid.
Essentially its the extra ability to render a complex programming language that makes Outlook uniquely vulnerable without user intervention (user stupidity for opening unknown executables); other readers do not suffer from this. Perhaps if more people knew this we could stop living in fear of viruses that could have no teeth.
Mod me down and I will become more powerful than you can possibly imagine!
1) Unsuspecting user selects a range of unwanted messages;
2) Unsuspecting user deletes messages;
3) Display updates and lands on an infected message...
4) BOOM!!
That's why sensible people make a backup of their data once in a while.
Something very bad could happen to my system, but I would only use about a weeks work. I make backups, that's the best security for your system.
I dont have problems with my Mac OS X box og Linux.
Then again, security was never Microsoft's forte.
I dunno. Slippers come off too easily...
Time flies like an arrow. Fruit flies like a banana.
I still have not seen a virus that can work with pine. I've used pine (under various Linus/BSD/SunOS ) for years and have not had ONE fscking virus. My friend that still runs elm hasn't either. If I need to grab a file from an email then I either export from pine or grab it via web with horde/imp. This is via *nix or winders. Never a fsckin' virus. Just say no to Outlook (which is actually the name of a town in central Washington that STS crewperson Bonnie Dunn grew up in) and use an email client that is just too dumb to fall for all this crap.
-- I have a private email server in my basement.
Not for me. After someone brought a contaminated laptop in yet again and caused the IT staff here to spend 50+ hours cleaning up the mess across the whole network, I was told "You, don't boot your laptop - I don't want it on the network".
While I did boot into W2K about a week ago, my daily desktop is KDE 3 running on Linux. When I pointed this out, the IT manager said "OK, use Linux just don't boot into Windows." {BSEG}
The only thing that irks me is that I can't easily check the Windows partition for the virus (no floppy drive) without booting it and my last full backup was just before the virus was noticed. Bottom line: I don't trust a virus detector/remover to remove a virus that got there before it did.
A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
see nmap-manpage:
There are only 10 types of people in the world: Those who understand binary and those who don't.
>Who gives a flying crap if your /etc directory remains untouched when ~ (where the irreplacable files are) has been wiped out?
I for one. (Well, in my case, it's an earth-bound crap. Mice don't fly).
It's a heck of a lot easier to restore data to my user directory than it is to rebuild and entire machine, patch everything, reinstall third-party apps, reinstall third-party kernel mods (win4lin, Nvidia drivers, etc), AND THEN reload the user data from tape. I usually only backup user data on single-user machines, not the entire machine. Much less data to burn to tape/CD/whatever for a "typical" Joe Schmoe user.
NNN NN N ZZZzzzz zz z ...
try { do() || do_not(); } catch (JediException err) { yoda(err); }
Given its various tactics, BugBear.B appears to be the work of a sophisticated programmer â" and unlike most viruses, it seems isnâ(TM)t only after attention â" he or she is after money.
Now this seems odd to me. Would the author of the virus "come back to the crime scene"? That strikes me as a VERY stupid thing to do. Not that I am a hacker, or know much about it but, if the person directly focuses the virus' effect to some companies (500 of them), and twelve hours later gets busted hacking into some of them... well, how 'sofisticated' is that?
Ah, good old fashioned flamebait. I don't get to see many people make asses of themselves anymore, so I thought I'd drop in to tell you how much of an ass you're making of yourself.
Root level exploits for Windows are released nearly every week. Sometimes its Outlook, sometimes its Internet Explorer, sometimes it's IIS... the list goes on and on; it's Russian Roulette--you never know what it's going to be. That means that stupid advice like "automatic update" doesn't work--different people have different purposes for their machines. So don't expect when you use half-assed general prescriptions like "automatic update" that someone should listen.
You don't even have a clue, do you? Beyond deploying someone else's pre-packaged, pre-planned network of PCs that are all exactly the same, that all get their network information from a DHCP server (that someone else set up), you don't know shit. Yeah, if we all had to take care of the simple shit that you do, automatic update would be the answer.
*Yawn*
You obviously understand that different computers have different purposes, and therefore require different treatment. But you have one asshead idea of how to take care of computers differently.
Even worse--when someone responds to your lame excuse for understanding telling you that automatic update no-workee, don't pretend like you were giving advice for a specific instance.
I mean, that's just stupid. Microsoft's patch mechanism is broken, from its design to its implementation, it's broken in so many different ways it's just pitiful. And you have the gall to tell someone that they should be using it--no matter what their situation...
Magic 8 ball says you need to get another job soon. The days of bullshit administration are gone along with all the venture capital.
So why don't you cry some more about how we sound like old women, or cry about how we have nothing to say.
Go ahead, little one--cry.
Who's the prettiest? SHO'NUFF Who's the baddest? SHO'NUFF
Automatic updates + DNS hijacking (pointing users at my server rather than microsoft.com) = all your windoze boxes are belong to us
UK-based MessageLabs said it had trapped 75,000 copies of the worm on Thursday
In a cage?
> I backed up my privates files
Most of us call that *porn*...
there is nothing on the system as important as the user's data in his home directory.
;-)
Agree. That's why I back up the users data daily regardless of OS. If that fancy new screensaver/kernel-compile/email-attachment nukes their data I have a backup (which they get if they ask nice and promise to be more careful in future
As for the in UNIX it's only a user account that gets trashed not the whole system thing, may I ask how many admins have hardened their systems against a local attack? Remember:
remote non-root exploit + local root exploit = remote root exploit
Haha, you could only think of that if you were high.!.!.!.!.! Yeah were right behind you, yeah were looking at you. yeah were lookin at you, yeah were right behind you. whoa, amplitutde, garbage, cherry girl. This dude is definitly smoked up. I would know, we always smell our own kind. it's getting serious. why are you still here? i could keep this going on forever this will just piss some people off to sit there and read all that fucking bullshit. no good garbage filled with cigarete buds left over from the smokers who wouldn't have found themselves spending their time doing anything better than spending their time putting their lipstick and nail polish on like little cherry girls. Go baby go go, yeah were looking at you Oh were right behind you go baby yeah where right behind you go baby go baby snap twist the neck spiral smooth flowing curves twisted i actually felt all of these thoughts, as individual thoughs. all connected, with pictures, detailed descriptions. like you would see, as you flipped through the startrek manual, yeah, you were like me, actually dorky enough to REAd, HAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA HAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA HAHAH
HAHAHAHAHA
Heh
dude, your high... come down from the clouds, this only took me 10 seconds to think of, if your high you'll understand. Uhhhh Huhhhh, ad: Garbage - Cherry lips =) hahahaha, go baby go baby
Yeah, except - when you actually browse to that registry branch, this entry isn't there! You have to create it before you can turn it on. Who knows what other useful things you might be able to do if you only knew what registry keys to create??
So yes, you can often find a program's settings in the registry - but this is a lot less helpful than it sounds.
Got the first bugbear.b at Jun 5 12:02:28 (central). The virus scanner's blocked 5 so far. It's been a nasty virus week already due to sobig.c and (still) klez.h. One out of 12 emails have been a virus.
This has been the worst week since we got hit by klez, but this time it hasn't caused a problem. When we got hit by klez, it was before there were updates for our desktop virus scan. Now, all email's scanned by a different brand of scanner before it gets to the desktops (which still have antivirus software installed), and the server checks for updates every hour.
BINGO! We have a winner...
All of the slashdotters are too fucking stupid to realize that linux and alternative software is NOT the answer. WHY? Because you know that someone that is running debian for example is fairly smart. IF you're fucking stupid enough to run attachements your too stupid to install linux and/or alternative software.
You can make a general assumption that someone who runs attachements or has been infected more than once is a fucking idiot. You can also assume that they couldn't handle linux - even - Mandrake!
At least, if I make a mistake editing one of those Linux text files I am unlikely to completely hose up the machine. Whose bright idea was it to make an OS (Windows) dependent on a single (easily corrupted) binary database to boot up? A database that is modified practically every time a setting is changed or a program is installed. A file that keeps growing the longer you own your computer and as a consequence slows your machine more and more.
God is imaginary
I don't have a "Read" tab in the options. Where is it, please? I'd love such an option.
I can not agree more. The users do not care about anything beyond their files and to be honest what use is a working network if you lose your work when you save it. Guess what the CEO uses on his computer I bet it isnt any thing beyond a bit of surfing, email and word processing.
Please some one mod this parent up!
Sorry but enterprise level and MS do not belong anywhere near each other despite what MS wants you to believe. I'm an MCSE and I can't imagine running critical services on the MS platform...as an application platform windows server is just too bug ridden.
So either you've bought into all the FUD or you're speaking from experience, in which case I call PEBCAK (Problem Exists Between Chair And Keyboard). Either way, you don't know what you're doing.
We have (at last count) approximately 270 Windows Servers (as well as all our Linux and AIX servers), including DCs, file servers, print servers, etc., etc., and many application servers. We are a 24x7x365 operation, and the vast majority of those servers have been up for months or years. Most of our unplanned outages are due to hardware errors -- blown motherboards, generally, as we have redundant hardware where ever possible.
I can look at some of my servers right now and see uptimes which are pushing a year. Some of my servers are in constant use by 700 users during the day and 30 to 50 users during the night. Up until March, they had 100% availability. In March the application hung due to a bug in the vendor's application -- totally unrelated to running on MS. (Incidentally, it was fixed by restarting a service -- no need to reboot the server.)
We use firewalls and virus protection software and patch our servers (carefully -- some MS patches can break things), and don't get hit by these problems. Want to know why? Because we are expected to keep things going so we do, and we know what we're doing! If stuff breaks, people get fired. So we build servers the right way the first time, and then, remarkably, they seem to be rather robust.
We wouldn't be nearly so happy if we had to keep running to the server room all day, by the way. NT 4 was a lot more difficult to manage, but Windows 2000 allows me to do virtually everything from my desk, which is efficient and just all-round desirable. So don't believe the FUD that you can't remotely manage a Windows server, either.
For what it's worth, I'm also an MCSE. I got mine because I'd been working with MS products for several years and knew how they worked, what was wrong with them, and how to fix them. Some of my colleagues in the past have been paper MCSEs. Guess whose servers tend to be flakier?
I know what's wrong with MS products -- they're by no means a magical company, and I've learned the hard way (NT 4 service packs that broke and also modified the SAM, or horribly painful Exchange 4.0 information store recoveries, and on and on). Hey, maybe that's got something to do with it -- I worked my way up, I gained my technical knowledge by fixing things when they borked and building systems from the ground up, and in the process became intimately familiar with the products' strengths and weaknesses. What do you think?
You'd have to be pretty clueless to lose your stuff that way.
News flash: the average home user *is* pretty clueless.
Slashdot's token middle-aged housewife
... And, these text file can (usually) have comments and examples embedded in them. Try THAT with the registry.
The Windows registry was, and is, a bad idea. It quickly becomes obtuse, is easily corrupted, filled with crap that doesn't go away when the program is deleted, etc.
Um, the correct plural form is virus.
From Webster's Unabridged Dictionary of the English Language:
filled with crap that doesn't go away when the program is deleted,
How is this different from Linux programs that aren't managed by apt that decide to spew their files across the entire directory tree without telling you, and certainly leaving behind crap?
Are you using Outlook 11 by any chance?
Who gives a flying crap if your /etc directory remains untouched when ~ (where the irreplacable files are) has been wiped out?
/etc or /home. Both are small enough that I can send them out to the second hand DAT drive I bought for £20 every night.
/usr I would have to reinstall my OS, which is a lot of hassle. Or worse, it could install spyware or a backdoor on my computer.
I don't care about
If one of the users on my system (various non-geeks that use my computer for various reasons) are stupid enough to run an untrusted executable, I don't care if their home directory gets trashed. If they really care, I'll dig out the backup.
But if they had root access and the virus trashed
So the seperation of users is clearly extremely valuble to me. The only person likely to completely screw up my computer is me, which is good because I trust myself not to. But I don't trust other people not to, but I still want them to have access to my machine.
administer servers with Enterprise Level Code!!!
Hot fixing the average server will change productivity. But this is why banks and financial institutes keep proprietary data on IBM/HP & Amdahl systems never MS. MS and other home classed systems will never be inherently as secure legacy OSâ(TM)s. VM had problems with multi user dungeons, MVS never externally effected and todays incarnation of OS390 thatâ(TM)s still using MVS source. Build inheriting past stability built for security, leave MS in your Xbox console with the kids.
MS keeps changing to follow trends and home users; making it a target. They have never build vision into a product. NT was the first, then 2000, next will be 2003 why redesign the wheel and not improve. Adding bells and whistles isnâ(TM)t an improvement; itâ(TM)s a security risk.
Back to the email topic, I was under the impression itâ(TM)s a duel MS IE exploit using mine and iframes also a user stupidity exploit. Email can be fixed with updates and attachment trapping the other needs to be removed from the gene pool and shot.
Harsh but would over time fix the bigger of the two problems.
any admin who sets production servers to be "automatically updated" deserves to be terminated with prejudice. you test all patches before deployment. All admins who have to use Windows Update on a wide scale deployement uses SUS (Software Update System), that automaticaly download all pactches on Windows Update Server, can deploy in on your server, but has the ability to choose the patches you want to deploy (test them)
I wouldn't mind you in my head, if you weren't so clearly mad -Lews Therin Telamon
you mean the outlook help files don't tell you how to enter hex into the registery? =P
I'm surprised that no-one has written a really destructive outlook virus yet. That is, one that, when run, first does all the usual tricks to propigate itself, then, say, waits an hour, then starts deleting everything it can on the computer.
I mean, I understand the appeal of installing backdoors ("1 0wnz j00", etc), but you'd think that someone would have released a really destructive version by now.
I have not heard from any of my firends who also work in IT.(I work at MCPC) of any customers actually experiencing this just noise on the internet. It also seems like it does to much to be a worm, doing all that stuff would require a huge payload. Does anyone know for sure if this is real other then then the buch of kiddies on here that think "oh winders crashed it must be a virus"?
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
Outlook 2002 SP2 (10.4219.4219) doesn't have this option that I can find... what version of Outlook are you running?
o/~ Join us now and share the software
I'd really hate it if I ran a program as my user account that had a trojan.
It might not have access to change global configuration settings, but it sure could get all my em,ails, and/or connect to the XServer and grab my ssh passphrase for other systems (where I do have root access)
Are you saying you crap mice?
I just use Pine and don't have to deal with any of that. I can open any message I want.
Or you're not looking at the right stuff.
This is a relatively new vunerability (Nov. 2002).
It has to do with IFRAME's in IE.
the computer is online
i am not at it
what a waste of ressources
alternative_order text/plain text/enriched text application/postscript image/*
/etc/mime-types is already set up quite well by Debian, so I didn't have to worry about that part at all (and GPG with Mutt is also set up for me).
auto_view text/html
(Note that the first bit is all one line)
What does this do? If the message has a plain text part and an HTML part, I see the plain text part. If it's just HTML, I see that (rendered right there, no extra work).
You also get cool features like the ability to bind a shortcut to report email to Spamassassin as spam for your Bayes database. And I get to compose my email in Vim (OK, maybe most people will not want this, but you can use any editor). Mutt rocks.
WMBC freeform/independent online radio.
Because we're talking about configuration data, and not the files that are part of the application itself.
AND, you can't just take one small piece of his argument, attack it, and somehow think you've supported your position. Even if your point is given to you, it doesn't change the fact that the windows registry gets bloated and more easily corrupted the longer you keep a windows install around.
As to "not managed by apt..." this is why we /have/ package management utilities...of all sorts of flavors. In response I ask you: "How is /that/ different from windows programs that aren't managed by add/remove programs that decide to spew their files across the entire directory tree without telling you and certainly leaving behind crap?"
"No nation could preserve its freedom in the midst of continual warfare."
--James Madison
You're making a pretty big assumption there. That being that it's the admin that can't stand to have any downtime. Most of the time it's users/management that refuse to allow any downtime. I can't tell you the number of times we've sent out messages indicating we were going to take a server down for scheduled maintenance only to be told we can't. Even when it's scheduled maintenance and allowed for within our uptime committments you can't get people to let you take a server down sometimes unless the darn thing gets cracked, crashes, or otherwise spontaneously (oops, bumped the power button) goes down.
"No nation could preserve its freedom in the midst of continual warfare."
--James Madison
In 3 years, we've had one unplanned downtime due to software, and that was an MS hotfix that hosed our main server.
The secret - no file and print. All we're runnung is our own handrolled server processes, and a carefully set up IIS, with SQL Server running on a non-exposed server at the back end.
It's not quite 5 nines, but it's damn close to 4.
If you keep the users away from the MS stuff, it's actually not a bad application server.
oh brave new world, that has such people in it!
get a life CowboyNeal. Posting the same anti*microsoft crap over and over is getting old.
Stupid people get viruses.
Red Hat (which I guess is what you're using, since you mentioned up2date) has to provide updates for many more applications than Microsoft. Debian has to provide updates for even more. By all rights, Debian, who officially include the largest number of programs ("contrib" ran away with the spoon) should have the most security advisories BY FAR. Why don't they?
I don't want to hear any BS about popularity, either. Yes, that does have something to do with it, but I see posts on BUGTRAQ every day about some CMS I've never heard of before. Besides, if more people are using Microsoft's products, they should have a greater degree of responsibility. Last I heard, at least part of the U.S. government (FTC?) agrees with me, as they are considering bringing charges against Microsoft for that big Passport vulnerability.
As for users running dangerous executables, I'm all in favor of having Internet software like Web browsers and email clients operate in a true "sandboxed" environment (say, as another user, maybe even chrooted), and being able to elevate their priveleges slightly when necessary (such as when trying to attach a file from the hard drive). Certain MTAs do this, too. Unfortunately, I don't have the skill to implement this properly at the moment.
WMBC freeform/independent online radio.
First you quote:
...Microsoftâ(TM)s Outlook e-mail reader that allows the virus to infect machines whenever a victim simply previews an e-mail message loaded with the program" (my emphasis)
"it uses a particularly NASTY FLAW
And then you say:
Maybe I'm wrong, but an exe isn't executed when you just preview the email, but what do I know.
No shit it normally isn't executed. the NASTY FLAW allows it to be. Bad virus exploits flaw. comprende?
Please mod the parent up, this is a great comment.
From the article, and please pardon my quoting...
=========
"He really wanted to get into those machines," Kuo said. U.S. financial institutions probably arenâ(TM)t at risk from this technique, Kuo said, because most donâ(TM)t have modems attached to their critical computers any more. But "less technologically-advanced countries might," he said.
Neither firm had evidence that a financial institution had been hit by the worm.
The virus writer employed other methods to steal financial information, Sunner said.
"Particularly worrying is the fact that not only can Bugbear leach confidential information from an infected machine, but it may also leave a backdoor wide open for hackers to take control of the machine and misappropriate passwords, credit-card details or for some other nefarious purpose", he said.
=======
We have a byline quote that reads "Some of the wormâ(TM)s functions are designed to specially target financial institutions". The logic of this thread is that because this worm can use a modem, it's probably targeted at financial instutions. There are no known financial institutions infected yet, but anything that leaves a back door must be designed to steal credit card numbers, passwords, and money. That's a gross simplification, at best.
This worm communicates by modem as well as ethernet. Most of our recent worms have limited themselves to SMB file sharing and email for propagation. I will accept the logical connection to point-of-sale machines with dialup modems, but most of the ones I've looked at connect to a local server across a serial network or utilize an always-on isdn for external calls.
My first impression of this worm, as it was of earlier versions of BugBear and SoBig, was not that it was designed to get money. This one is modified to afflict dialup internet subscribers as well as broadband. I know companies that have a local LAN with one machine serving as a dialup gateway. They're hosed now. How the original article made the logical leap from modem to money so quickly is just beyond me.
-j
-j
Outook 2003 (at least the beta version)...
Add to this Windows XP automatically downloading critical updates by default, and with any luck security should be getting a bit better. Maybe.
Remember, that pretty much most of the code bundled with Linux until the mid-to-late nineties were between five and twenty years old save for bug fixes - features were not being added to 'elm', sendmail was also largely getting bug fixes, the spam wars had only just begun, etc. Only the Linux (the kernel) itself, XFree86, and Apache, if it was bundled at all, were that new.
You are not alone. This is not normal. None of this is normal.
Which is exactly why so many worms target Apache rather than IIS.
But since IIS is *easier* to exploit, less investment is required for a given return.
ROI can't be measure simply based on how many machines get afflicted, but rather the number of machines per unit of effort expended creating and propagating the exploit.
RTF man page - NULL scans don't work on windows. Try -sS instead.
I agree that Windows gets a bad rap around here, but you're wrong about LOGON.SCR.
There's several real world PATH attacks involving LOGIN.SCR and other files that allow for local root holes on an NT system.
your too stupid
What if you're just too stupid to spell correctly? Especially a word you got right earlier in the very same sentence? Spare us the elitist BS, OK?
I do not have a signature
More worms for Windows because Windows is on all the desktops? So what. Ooooooo, I can snag some old ladies original pentium. Wow, I'll crack the world with that.
OR: I can hack a Mosix or a Beowulf cluster. I could hack a nice blade server, or some corporate infrastructure. I could hack GOOGLE!
BWAHAHAHAHAHAHAHAHAHAHAHAHA!
All the good stuff runs Linux or Unix. IT ALWAYS HAS. So why are there FAR more exploits for Windows? Because it's on a lot of crappy machines? OR because it's an easier target? Seems pretty obvious.
Just my opinion.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
I don't see why Linux is so secure:
Making a linux worm:
- Open attachment.
- Run, fork and become orphan process.
- Let's run in the background sending e-mails using users info, until somebody realize that it's running and kill it.
This kind of worm can run a looong time in your machine with your user privilege and you wouldn't notice.
But that is OK, because "passwd" is a very small program, and if it hasn't been thoroughly audited by now, I'd be really surprised.
Software does this all the time; one of the MTAs (qmail?) has small, separate parts of itself that are run as root because they have to be. And, as Stuart Smalley said, that's OK. It's OK because it's just a little, limited piece that can be easily examined, and because all sorts of security experts are free to look at it.
I feel that this should be taken even further; there should be a specialized, unpriveleged user account for your email program. Say my username is "bob", then maybe there would be "bob-email", "bob-browser", etc.. Bob's email client will run, possibly in a chroot jail, as bob-email. It would have small modules that elevated themselves to "bob" priveleges in order to do things like attach files from Bob's home directory. Actually RUNNING attachments would take place as "bob-email", and couldn't hurt Bob's (or anyone else's) files.
WMBC freeform/independent online radio.
Some people say it's because Windows is much more prevalent
than the Linux, but there are a lot of servers running Linux now.
Bullshit. The Slammer worm is your smoking-gun counterexample. It attacks MS SQL server. But MS is not the primary player in the SQL server market. IIRC they control 10% by their own admission. So why doesn't Oracle/Postgres/MySQL get a virus attack with as much notariety?
That's my whack-a-troll for today.
Practice Kind Randomness and Beautiful Acts of Nonsense.
I'm no more ready to eat my words than I am ready or able to go back to M$ crap. Free software is vastly better today and the differences will only become more astonishing in the future.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
Actually, there is a higher ROI with IIS. Sure, Apache is on more servers, but the point is generally to infect clients. IIS is on Windows and that Windows box can be used to infect clients.
Don't get me wrong, I know it's generally understood that Apache (depending on mod's) is far more secure than IIS (at least version 5 and below).
There is no longer anything that can be done with computers that is nontrivial and clearly legal. -- Paul Phillips
is because of the # of people who aren't patched.
Yes, some will still go 'click, click'. But the majority of the infections is due to unpatched systems.
stop being a twat.
-1 Troll: Please refrain from posting facts and balanced observations - especially statements that reflect well on MS. This is /.
There has been an increase in visibility, but I don't think that dramatic an increase in use. It's still pretty much only hardcore techies that use Linux. For some actual numbers, there's Google's Zeigeist, which shows Linux as accounting for 1% of Google visits. And if anything Linux is more common among google visitors than the general public (many of whom are AOL users and whatnot).
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
And that means that the source of those patches can not be trusted, otherwise you wouldn't need to test the patches.
Most people know this, but it's a pitty that it's widely accepted. Why wouldn't people refuse to this testing for the company who provides these patches. It's their job after all to keep their own platform clean.
MS earns a lot of money with their products, they sure can spend money on testing these patches in a better way.
I use The Bat and never had any virus entering my system. I don't start executables and if I receive a executable I mail back with the question what it is and if it is sure sent by that person in question.
--- I am known for the ones who want to find me on the net. Is that a privacy risk or a privilege? One might wonder..
Karma bonus off becouse it's a bit stupid and easy to mod down that way.
So basicly yeah yeah Mac Os, Linux... spice with a little "Some day Linux viruses.." add "Ohh we have a new Linux virus" add to the fiction presented as news file...
(Every Linux virus posted on Slashdot over the last few years has been fake. There was ONE virus and it's dead)
MacOs of course had many viruses but Mac Os X should be relitively safe (unless MacOs X really dose run as root as Lindows people clame) and of course Lindows is infectable. How cool is that?
But back to the point. You don't need to even switch operating systems to avoid e-mail worms.
How? You ask? Switch e-mail programs of course.
Well yeah du I mean hay just use unpopulare software and nobody will bother. Isn't that how Linux and MacOs X avoid viruses? No not at all.
use Eudoria. Unpopulare? Yeah right. Next to Outlook express Eudoria is one of the most populare if not the most populare e-mail client.
I use the PalmOs version it kicks butt.
Eudoria dosen't do anything quite so stupid as outlook express. It cerenly dosen't open file attachments automaticly. It's reasonably secure and quite nice.
So there you have it...
Eather change your os or at the very least use Mozilla and Eudora and you don't have to worry about e-mail worms.
And while your at it try open office for Windows and other free software.
But then I need to explain myself use Linux but I don't ever read my e-mail from my workstation anymore. I dodn't even use my workstation from my desk much anymore. I pull out my Palm Os PDA and zip...
But one more thing. If you are going to use Windows for goddess sake install the stupid updates thank you very much. It's not just the stupid bone head security flaws that any moron could avoid but the more sereous design flaws that tend to find there way into Linux as much as Windows. So switching to Linux dosen't help on the update front.
Course I'm one to talk I need to flush my system and reinstall Linux again....
Maybe I could order the new Linux From Scratch book.... Yeah sounds good....
I don't actually exist.
Really? What if one's corporation is running Unix only? Perhaps .pif stands for personel information format at one's company. Perhaps one's corporation has a strict no-lusers policy.
I prefer my mail feed unfiltered. I'll accept SpamAssassin mangling, but that's about it.
No. I don't have anything better to do.
And I've never tried Mandrake either. According to your own post I must be "fairly smart". I've been running Debian GNU/Linux for a couple of years now. Of course, my main machine runs Gentoo, which makes Debian look like Red Hat in terms of ease of installment, so according to your method for determining smartness I must be some sort of Einstein.
What set me off? The fact that you're drooling about who is a "[expletive] idiot" and at the same time you make trivial spelling errors-- the sort of error most of the "idiots" who open email attachments learned to stop making in junior high.
I do not have a signature
"Like personal Redhat machines running BIND because it was installed and started by default in an "install everything" scenario, the installation option used by most newbies because they're afraid of missing something during the initial install and not knowing how to install it later)."
That's simply not true. If it were then I'd accuse windows newbies as well of doing the same thing by installing IIS.
You problem is with newbies, not the mythical "everything install" that no newbie uses that I've ever seen.
"I feel like I am being pecked apart by one of those earth creatures...large bill...webbed feet...goes quack....ahhh...what are they called?" "cats?"....."CATS ...yes.....CATS"
Which is even funnier.
You will not drink with us, but you would taste our steel? - Walter Matthau, The Pirates
"Do you have a sex life?"
"You betcha! I run OS X"
--
msq
Apache is on more "servers" that have real domain names. (see Netcraft methodology)
When you look at the Code Red infections, most of the action was coming from "desktops" that were running IIS for some reason or another (often because the user warezed W2K Advanced Server in order to be l33t).
IIS is also heavily used on intranet servers that can't be publically addressed and is a required component for certain MS products like Exchange and SQL Server.
I can look at some of my servers right now and see uptimes which are pushing a year.
So you are behind on how many critical patches which require a reboot?? MS patches which affect SQL server or IIS etc and are labeled critical and have admin level exploitation potential come out every couple of months. It's people who try to run MS boxes like they are UNIX machines that end up getting hit by slammer or worms like this. You NEED to apply patches and reboot every couple of months at a minimum, uptimes of over 3 months ususally mean there is some critical patch you missed which leaves you vulnerable. You can have fine availability with a cluster most of the time, but some patches have to be applied to the whole cluster simultaneously because of the way they change things, the different parts of the cluster can not be on differing patch levels or data corruption can occour. Like I said I have no problem with windows for non-critical roles, and with server 2003 maybe even for web serving (IIS 6 finally has a sane default install), but for things that are typically labeled enterprise applications (large DB, CRM, ERP, financials etc) there is no way I would build them on the MS platforms, the alternatives are too stable to really even consider it.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
6.00.2800.1123
Yah. And *.exe's don't bother a Mac much either. But that isn't to say that they're useful. My default assumption is that if an email comes with a *.exe attachment, or is html formatted, then it's garbage. I'm generally willing to reconsider, but it starts off in the penalty box for unnecessary roughness. And getting out of there is difficult. I better know the sender, and have reason to believe that they intended to send me an executable e-mail. Of course, I'm an individual, not a corporation, but I feel that an variation of this should be used by anyone.
If mail comes in with an executable attachment, including html, then forward to the addressee an notice that mail with this subject from this sender is available, but is being held in jail pending intentional adoption. Perhaps one could even have a special machine on which such e-mails could be opened. Say a VMWare installation inside a user with no priviledges. And refresh the VMWare image between invocations. Depends on how paranoid one wants to be...which depends on the reasons.
But these days one should never believe that an e-mail is from who it claims to be from. Or than an executable attachment is innocent. It might be, but insist that the putative sender vouch for it independantly. Or treat it with quarantine tactics.
I think we've pushed this "anyone can grow up to be president" thing too far.
Except that newbies have done that as well. They installed Windows 2000, and for some reason installed IIS (because they were playing around in the optional components install, or something like that). Then, when Code Red, Nimda, et al hit big, they got hammered because they weren't up to date. They weren't up to date because they didn't know they were running IIS.
I hang out in EFnet's #Linux on occassion. I've been there for years. Several years back, it was quite common to see a newbie say, "I chose to install everything, because I didn't know what the other options did," or, "I didn't want to miss something, because I don't know how to install new software yet, so I chose to install everything." My problem isn't with newbies. They don't know any better. My problem is (well, "was" until some distros got their heads out of their asses) with distros that have stupid defaults. Something like BIND should only be started if it's specifically requested. The act of installing BIND is not necessarily a request to run it. (replace "BIND" with any other software that most people have no need to run, if you think I'm picking on BIND too much)
The person who can't spell is telling me to get a dictionary. That's rich. Also, there is no such word as "virii". The word you were trying for is "viruses". Get a dictionary indeed!
I do not have a signature
Which is even funnier.
It's definitely funnier when you actually see it played out. A text rendition can't do it justice. Which is why I just went for the line after that, when he summed it up -- more succinct and so better for a sig too. Also, half of my intent was use a reference that only the "true" B5'ers would get -- hence the "L." instead of "Londo".
I may need to go back and review, but I am pretty sure he said "nibbled" instead of "pecked" -- which is part of the joke; he got it wrong in *two* places!
"Orthodoxy is unconsciousness" - Orwell
OK, so Microsoft makes a patch available to hundreds or thousands of corporate customers. That patch fixes the current virus weakness... but often by nuking something else that might be important. Now... why didn't you know about that? Because you can't see everything that is happening, and MS doesn't tell you.
Yes, it's true than many orgs don't have admins capable of reading/editing a lot of source, but many do. And when you have thousands of orgs, at least one of them is likely to have a competant coder that looks and says "whoa, this doesn't look right" or - if not, and something doesn't break - can go in, trace the bug down, and then say "whoa, this is screwy, this should be XX not YY."
By promoting open-source, every customer also has the ability to become a developer - or a fixer - and contribute. By using MS closed-source... only MS has that power, and hence the delays/problems/explosions involved with patching.
Man, did I ever get a shock; with his comment modded down, it looked like you were responding to me! My asbestos undies are just a little singed. ;)
Even a small network I administered (the last one that didn't require an NDA, and therefore the only one I've got on record on my website) things started off easy. A plethora of PC300GL machines came in by way of 53' trailer. They were deployed, one image created, and life was good.
But then, we got new machines. Faster machines. Different chipset. This was no good. Ok, two images.
Suddenly, the multimedia labs required extra programs; graphics, sound, video ... ok, three images.
Now we have 24 AutoCAD licenses (and the two associated dongles per machine) that required a new image. Four images.
Business classes? Five images.
More new machines? SIX images. At this point our test period for each workstation image was all of 2-3 hours. Any longer and the images wouldn't ever make it to the machines before they had to be updated again.
Long story even longer, the image deployment method was fantastic in the beginning, but as time went on our needs diversified and suddenly maintaining images was taking up a large majority of our time. That wasn't even so bad; IE was around version 5.5 (6 was in beta) and patches seemed only a monthly experience. Patching the workstations meant re-imaging entire labs which, due to funding, were only at 10MBit/sec and 24 shared a single 100BaseSX uplink to the network backbone. Imaging the machines during class time was out of the question, lunchtime wasn't long enough, so that meant overtime every time we had to update the workstations. I don't know about you, but babysitting 500+ imaging workstations until 8-10PM is not my idea of a good day.
As for imaging the servers, well, we had to wait until the usage dropped to nothing (again, overtime) before we were allowed to take any of them down. We simply didn't have the budget to duplicate our NetFinity's in the interests of redundancy. So now we spend all evening testing the patch application, and the rest of the week eyeballing every activity log we could get our hands on to isolate and account for changes in behaviour the updates implemented.
What our dear friend 'anotherone' has to realize is that babysitting and updating Windows workstations alone is a full-time job. Most networks aren't even as cut-and-dry as the school I worked for; we were allowed to mass-wipe machines on a whim. Network policy forbid saving of anything on the local drives. When you're dealing with a network of thousands of workstations which are almost all unique, running updates is a small nightmare. When you run dozens of servers (enterprise or application), it's a big nightmare.
Employees don't tend to listen to "that network guy", so they save everything to their local drive (the Fujitsu fiasco smartened some people up, but many were still P.O.'ed at their sysadmin for not having backups of their PC...) so re-imaging is out of the question. Not to mention the fact that you have to get the consent of;
Keeping in mind that likely 4-5 of those people know nothing about computers, but expect you to fix it without, in some cases it seems, touching it.
So you and your trained monkeys ("Junior Sysadmins") stroll about the office, updating and quickly testing each and every workstation. SO you miss one. It
BD Phone Home!
Shameless plug. Like you weren't expecting it.
Yes, but if you can't get idiot windows users to realize that using "auto-preview", opening "pif/exe/bat/com" files is bad, and "Click the monkey to claim your cash" doesn't really win you cash, them...
Chances are you're not going to make informed 'nix users out of them. The scariest thing is the half-educated users. You know, the ones who know how to install XX but not to run it as root, and especially not without patching. That's what gets you rooted.
The scariest part, at one point, we're all half-educated... it's part of the learning curve. You can't just automatically become a linux guru... and even many of the best linux admins at one point were probably scratching their heads (or other parts) and thinking, "oh, it will run fine as root"
I stand by my statement, and I'll give you another reason. If you follow the link I posted, you will see that John's filter does more than block exe's. It also handles things like web-bug images (search google if you don't know what those are.) and many other things. I also mentioned that it was an EXAMPLE of a good filter. I assumed that readers would be smart enough to know that they should adapt the technology to their own environment.
FYI, I run Linux as my main desktop OS, and various other flavors of Unix elsewhere. If you think you are invunerable to email worms and viruses just because you run Unix, you really don't have a clue. Go look at some of the security bulletins for Mutt as an example.
Anyway, good for you that you run Unix, but don't let Unix's built-in protections be your only line of defense. It's only a matter of time before some bozo decides to take advantage of slacker behavior.
Exactly. Who's bright idea was it to make web applications rely on RDBMS systems that depend on a single (easily corrupted) binary database? A database that is modified practically everytime you enter or update data. A file that keeps growing the longer you run your web application and as a consquence slows your machine more and more.
HAHAHAHAHHAHA. I am perfectly capable of spelling just fine... what made you assume I could not? Was it my posting in a quick fashion in a laid back environment? Was it the approximate 3% of my post that is spelling errors?
I think what the problem here is that you troll all fucking day. A quick look at your posts indicate that 5/6 of your posts are trolling. I think your problem is that not only are you a troll but you are too asinine and half-witted to be any good at it. You are incapable of trolling based on the content of a message but instead you focus on how the message is presented.
I'm sure you were a straight 'A' student in English class and you should be proud! You've probably got a few certificates on your wall about your grammar and English skills that you jack off to daily.
And as for the word virii... of course its a real fucking word. It just has yet to be adopted. I certainly don't base my everyday usage of words by a dictionary. Only a tight ass anal piece of shit such as yourself would do that. I'm sure that you've either gotten your nerdy ass beat in school and in real life a lot. Well either that or you learned to keep your mouth shut. But if your happy trolling in forums GOOD FOR YOU! I'm sure thats what people small penis syndrome need to do to feel better about themselves.
Don't bother replying to this post you'll just further embarrass yourself and aside from that I won't respond to it anyway. I have better shit to do than argue with a piece of worthless shit spelling bee champion.
In all honesty, if I was like you I would have hung myself in the closet a long time ago. I'm sure you still in the closet now, perhaps you can think it over.
And yes i realize many spelling and grammar errors are in that message, I really couldn't give a fuck less. If it makes you feel less like the peice of shit you are go ahead and correct them. Maybe we'll give you a badge and call you the grammar patrol.
why does it need to rescan all files - even ones that have not changed?
Because it takes five minutes to figure out for the
virus writer how to trick your scanner that the
file ISN'T changed by setting the clock back and
touching the file once.
-- I'm as unique as everyone else.
Wow. You have some serious issues.
I do not have a signature
Okay, that's Outlook Express, not regular Outlook. So, the tip is still useful, but not to Outlook users, only Outlook Express.
o/~ Join us now and share the software
I just tell my co-workers and customers. It's yet another MSV (MicroSoft Virus). It's a common term around here now...
Gregg
"On Unix/Linux Desktop systems there is nothing on the system as important as the user's data in his home directory."
/home/* directory in a /home/backup/* directory, owned by the backup user and readable by the respective users?
Is there a standard method to keep copies of each
Or does every sysadmin write their own script to do it?
I'd suggest VMS right off the bat but to be really safe you might want to try something even more obscure like MVS or Plan 9 or the like. Linux is large enough and widely enough used that it is the target of many hack attempts. All sorts of venurabilities leak out for it. Granted, most of them probably only affect components you don't use, but you never know when the day will come when one does. So, if you are going for security through obscurity, go for a more obscure OS.
I can't remember the last time I heard about a VMS security hole, and I'm actually in a position where I might (we use VMS on a couple boxes at work). There are just too few systems to make it a worthwhile target. Also, it's real different from UNIX or Windows so most people would have NO idea what to do with it, even if they got in. But even then, you can do better. There are even more obscure and less used OSes.
Heck, if you don't want to get new hardware, just check out QNX. It is still POSIX based, which is bad since that means it is something many people understand, but it is still different enough that few people are able to target it with any effect.
Now of course I'm sure you have plenty of reasons why you can't or won't do this, including learning a new OS, liking what you have, your software not being available, you hardware not being supported, etc, etc. Guess what? That's the same arguments you commonly hear against Linux.
This "I'm safe with Linux because I'm in teh minority" argument is silly. Yes, you are a FAR smaller group than Windows users. However you are a far LARGER group than many other OSes. If security through obscurity (adn that is really what you are talking about here, using a more obscure OS so it gets less people is targeted) is a good thing and making concessions for that is ok, then pick a REALLY obscure one.
However many of us accept that despite the need to apply security patches and not do stupid things like open executable e-mail attachments, neither of which are hard at all, Windows is still the best choice for us. I suppose a similar parallel could be drawn to physical secutiy. I live in Tucson which is not, all said and done, a particularly safe city. It is large, near the border and has gang and drug problems. Though we have an ace police force, there is still a whole lot more crime than say a small town in the midwest with 600 people living in it. A family friend lives in such a town and people actually leave their doors OPEN at night often, not just unlocked. Violent crime is almost non existant. Yet, I find that the concessions I'd have to make to live in a place like that are not acceptable. I will trade some security, which requires me to be more aware and vigilant of my surroundings, for the privledge of living in Tucson and all that comes with it.
How to find applications which use a port (necessarily incomplete)
There are also hundreds of forks of the Linux kernel. Gentoo Linux provides more than thirty. On PowerPC machines alone, you can get the benh kernels for better hardware compatibility, or special kernels for NuBus machines.
So now that we have thousands of kernels, we must multiply them by the libc libraries that they are running. The possibilities are glibc 2.0, 2.1, 2.2, or 2.3, and there are multiple versions of each. Its also possible to have older libc5 or ancient libc4. And, multiple of these might be installed simultaneously, with different programs using different ones.
But back to the Slashdot article - its about a problem with Microsoft Internet Explorer and Outlook, a web browser and email program. There are many of these for GNU/Linux: pine, mutt, Mozilla, konqueror, kmail, many others.
In fact, there are so many different kinds of GNU/Linux out there that one may have difficulty hacking into them all. Maybe one should try attacking Microsoft Windows, which has only a few thousand variants.
==========
There are two types of people: those who are in the world, and those who aren't.
Yah, BUT...
I can back the user's data in his home directory trivially on a Linux machine. And that will include all installed programs plus his data. It is just damned impossible to do that with a Winders machine. I MIGHT get his data, after drilling down a long path that keeps getting longer as M$ tries to understand and implement users correctly, but I will never get his apps AND all the DLLs that M$ managed to scatter hither and yon across the hard disk.
I am surprised that, with all the M$ trashing that goes on here, there is very little talk about how difficult M$ has (deliberately) made it to back up a machine with their OS on i
It would be pretty funny if a YAWW showed up. Some worm writer should name their worm that.
FoundNews.com - get paid to blog.,
kd@w12:~$ ls -l `which login` /bin/login
-rwsr-xr-x 1 root root 34984 Jan 17 2003
-- which means, that login in Unix/GNU/Linux is SUID root and world executable, i.e. it just couldn't possibly have any more privileges.
Other than that, I agree with you.
Karma: Positive (probably because of superiour intellect)
You seem to have no idea about trusted computing, and still you get moderated as Score:5, Interesting... Now, this is really interesting, indeed. *sigh* Please do us a favor and read at least Ross Anderson's Trusted Computing Frequently Asked Questions for God's sake...
Karma: Positive (probably because of superiour intellect)
I gained my technical knowledge by fixing things when they borked and building systems from the ground up.
With MS products you can gain a lot of "experience" that way.
With enterprise quality products you actually learn by solving business problems, not by holding heroically your computer infrastructure.
Soory but the first poster was right, the applications that bring the bacon home do not run in MSware in most big corporations (my email and text processing station is fine with MS. I coule do without it but it is the "standard" and I only need to reboot it once a week once Outlook has got no idea what it is doing....).
IANAL but write like a drunk one.
[offtopic, but...] :)
Are you aware that MS can strip you of your MCSE if you use your credentials to badmouth them? It's in the fine print of the exam agreements that most people probably don't bother to read. At least it was 2 years ago when I was working on my certification. Just a little side note. And that's why this is posted anonymously.