Slashdot Mirror
Yet Another Windows Worm
kraksmoka writes "MSNBC is reporting that yet another active worm is taking over computers in 115 countries today. 'Antivirus companies were on high alert Thursday after the rapid spread of a new computer worm that includes particularly malicious snooping techniques. Bugbear.B, a variant of a worm released last year, installs keylogging software, back-door software, and in some cases even attempts to control infected computersâ(TM) modems. Some of the wormâ(TM)s functions are designed to specially target financial institutions.' Yummy!"
I've already run into this with one of our banking customers... now if they'd only bought the firewall solution from us that stripped email attatchments based on mime type and/or file extension (why the hell any half-way reasonable person would double-click on a .pif file in their email is beyond me). If I'd only known 10 years ago (before I was legally an adult) the kind of security that existed at some of the small to medium sized banks, I probably I've already run into this with one of our banking customers... now if they'd only bought the firewall solution from us that stripped email attatchments based on mime type and/or file extension. If I'd only known 10 years ago (before I was legally an adult) the kind of security that existed at some of the small to medium sized banks, I probably would have made some very different career choices--I suppose it's better this way... (Posted anonymously for obvious reasons)
The patch for this was out 2 years ago. No excuse.
.exe file. You should block that. No excuse.
The virus comes in as a
AV dat files have been updated already. No excuse.
We've been filtering this all day.... It's not that hard to protect yourself.
It's frustrating how many viruses Windows keeps getting slammed with.
There are some people that will point to a Linux worm or virus here
or there, but I run both Windows and Linux servers and there is
simply no comparison with the amount of worms Windows based machines
receive. Some people say it's because Windows is much more prevalent
than the Linux, but there are a lot of servers running Linux now.
The amount of work required to keep up with just doing updates has
finally gotten to me. Last night I noticed my Windows server was
sending packets like mad, suspicious I did a netstat -an, it was
making connections to hundreds of other machines. Tired of this
dance, I decided to just shut the windows server down. Maybe one day
I'll patch it...then again, maybe I'll just leave it shut down for
good.
Interestingly, my GNU\Debian Linux box is happily sitting right next
to it serving up pages. I haven't had to reboot it in ages, I imagine
it will be running until a nifty new kernel comes out that I just
have to have.
See ya Microsoft.
Doug Tolton
"The destruction of a value which is, will not bring value to that which isn't." -John Galt
This one spread through my university like wildfire today! It even seems to fake Norton virus definition updating, such that the computer appears to be updating it's virus definitions but isn't. It seemed to spread via hijacked messages that it attached itself to.
I never have a problem with these worms. I downloaded Windows Robin(TM) a long time ago!
Imagine how much harder physics would be if electrons had feelings! -Feynman, maybe
This virus has been hitting a bunch of people over here at Stanford since sometime yesterday. It takes random messages from your inbox and forwards them to random people in your contact list and spoofs the sender. I've recieved a lot of weird emails lately, but some of my neighbors have seen some pretty personal emails sent or recieved by their friends and acquaintences. People hitting on people, people asking their parents for money, rejection letters from companies... the whole works. Our SMTP server has been completely shut down to stop the spread!
This sucker ripped through our campus like nothing. Heuristics missed it, and the definitions weren't updated until a few hours after a few hundred machines got nailed.
the annoying part is that as complex as you can make software, you can't fix the people who are morons, which is where the real problem lies.
oh well.
It's time to face the facts: Windows just isn't ready for the desktop.
Seems to me that would be the way to get these things fixed permanantly. Make a worm that would call MS tech support on peoples modems. Or any other MS 800 number. Untill something costs them a LOT of money, these will continue to show up.
Comment forecast: Bits of genius surrounded by a sea of mediocrity.
Can anyone tell me why it bothers to try connecting to the internet so hard?
The article says that an infected machine will try to get on to the internet, and will try dialing the modem if it has to.
Surely the most interesting machines are those with fast good connections - not people on crappy slow modems...
This is from the assumption that the computers would be used for a DDoS.
Has a worm ever been used for anything other than a DDoS?
Yeah, because it's a lot of work to set windows to do updates automatically. Just a troll, nothing to see here.
Username taken, please choose another one.
A much better solution than b), is to completely remove Outlook. Especially if you're only using it as a mail reader.
How small a thought it takes to fill a whole life
Give it time. As Linux permeates industry and business it will start getting more attention from the virus writers. It's all a matter of ROI. Right now, attacking windows has a very high ROI.
This space for rent.
They had warning bells and e-mails flying fast and furious at the NASA center where I work. All I could do was laugh. The group I work with runs mostly Linux with the exception of Mac OS X on a few laptops. HA! Bugbear.B that!
Quick, get your patch here
You know, we should get our information from a reputable and IT source like symantec who provides details on how to remove it rather than a news source owned by the people who make windows, the vulnerable software.
Since when has this country used intellectual elite as a pejorative term?
I almost wish that more h4x0rs would pay Linux more attention. As more properly bolted systems repelled attacks, that would be good. And if they didn't repell attacks, that would be almost good too.
One line blog. I hear that they're called Twitters now.
"It's frustrating how many viruses Windows keeps getting slammed with."
Just wait until:
a.) Everybody decides to hate Linus.
b.) Linux machines can be counted in the millions.
The safest platform to be on is the obscure one with few people using it.
"Derp de derp."
When I read things like this after getting paged a dozen times two days ago (after I already left work) about an outbreak of the Spybot worm, I think to myself - when will it end? When will our Server team spend time and money on better software distribution and back-end protection? When will the higher ups spend money to have enough staff to effectively be proactive about future outbreaks? Will the next surge in IT spending be the result of some out of work angry Russian programers idea of a good time? Will cyber-terrorism be the next y2k?
Sound waves should be free!
Yeah, because it's a lot of work to set windows to do updates automatically. Just a troll, nothing to see here.
You obviously don't administer servers with Enterprise Level Code. If you did, you'd know that with Microsoft you can't simply use automatic updates. Microsoft Service Packs break systems all the time. If you run ASP.NET and Sql Server code, you get bitch slapped everytime they release a service pack or "security fix". They consistently change functionality, without warning. Then they just post on their website (three months later) that the service pack changed the way some undocumented feature worked, but you weren't supposed to use it that way anyway, so tough shit.
Ha!! Automatic updates my ass.
Doug Tolton
"The destruction of a value which is, will not bring value to that which isn't." -John Galt
I am surprised Red Hat or some other company doesn't take advantage of heavy Windows worm activity.
"Did you get hit by that new worm?"
"No, I run Linux."
nmap -sN -p 1080 AAA.BBB.CCC.*
and
nmap -sT -p 1080 AAA.BBB.CCC.*
Check out the machines with port 1080 open. Then switch to a less infectious OS.
"A worm spreads by itself. A virus requires a human to do something stupid, like click on an attachment. "
I had a coughing attack and gave my girlfriend a worm once.
"Derp de derp."
Yes, but as with any *NIX, the damage Joe Luser can cause is significantly curtailed to their own userspace. The virus would need to take advantage of a root-level vulnerability to infect an entire machine. Not so with most Windows default configs.
No. A worm is a stand-alone executable, while a virus attaches itself to a pre-existing program. (By analogy: worms are free-living organisms, but viruses hijack the machinery of a cell to reproduce themselves).
The vector is mostly immaterial to the definition.
*tweet*
time out.
any admin who sets production servers to be "automatically updated" deserves to be terminated with prejudice.
you test all patches before deployment.
Time flies like an arrow, fruit flies like a banana.
It's not yummy.
-pyrrho
What mail client do you suggest using? Apparently you know of one that makes people not retarded.
Pine.
Kevin Fox
It's called spyware. These eople have obviously installed KaZaa.
On a related note, anti-virus programs is one place where I can actually see a potential useful application of "trusted computing" (no, not necessarily Palladium). If there could be some way to to tell the OS "Look, I don't care if you're the administrator or not: the only programs that are allowed to terminate the anti-virus scanner process are the scanner itself, and, say, Task Manager". By using keys to prove their identity, it _might_ make it a lot harder for virii to terminate anti-virus programs. (Note to slashbots: I'm not saying Palladium is good because it will do this (I don't even know if it does). I'm saying this is one potential application of some as-yet-undeveloped implemenation of "trusted computing".
There is no sig, there is only Zuul.
Any readers in the UK with Sky Digital, switch to channel 268.
Overnight, the channel plays a Flash-based word game, where viewers SMS in answers. It's running on a Windows PC, and the screen currently being broadcast to 7 million homes is....
McAfee dialog box: 'bugbear.b High Virus Advisory....'
Hmmm.
(wandering OT - the channel, 'Friendly TV' is apparently being run by students on work experience. A nightly live-broadcast show is 'Girl Talk', where... girls... talk... about... things. Whatever comes into their heads. Oh, and they get progressively more drunk as the evening progresses, which no doubt helps.)
What's the frequency, Kenneth?
too bad you're in the minority.
Am I the only person who's tired of hearing about the latest way for idiots to screw up their computer and infect dozens of other computers used by similarly idiotic people? I mean, come on... Haven't there been patches and security measures around for years that prevent viruses like this one from infecting your PC?
I guess it is helpful for admins to see virus warnings on slashdot though.
using namespace slashdot;
troll::post();
MSN Messenger normally connects to remote port 1863. It doesn't listen on any local ports, and the local port it connects from is usally random (and definitely not 1080).
you know..
for the longest time, i've been attempting to defend windows ever since 2k stopped being the 'absolute junk' syndrome. i read about this earlier in the day, and started ranting in irc.
well, since it's easier to bitch than act, i decided to act. i went directly to the local apple store and bought an ibook.
i have -never- been happier. this is literally the best of breed machine i have ever used. all the benefits of unix without the hassle of windows.
so, this is totally offtopic, but as a govt. employee who deals with this sort of thing every day, my old home pc is now strictly a local lan CF/oracle development box, and every damn machine i buy from now on will be apple.
Are you MORE than your SPINAL COLUMN?
Not really a good comparison.
On a server the vulnerability would have to target an exploit in a daemon that accepts network connections.
On the desktop the vulnerability, more often than not, is the user's tendency to execute anything that claims to contain pr0n or similar. These viruses make up the bulk of Windows-targetting viruses. The virus gains entrance through the user and then runs amok from there.
Proof of this is in the prevalence of viruses called "Amish viruses." These aren't actually viruses at all. They're simply chain letters that read something to the effect of, "hey, found this virus by the name of better delete it and pass this on to all of your friends!" And the user, not the CPU, carries out the malicious instructions.
So, if Linux wishes to avoid this issue on the desktop, where users will both likely have permissions way too high (i.e. Lindows with root) and be willing to run arbitrary binaries, they better take notes now. They also better invest into antivirus technology. Sure, maybe you can keep up with the relevant patches to keep your server secure, but it's hard to make the desktop world foolproof when fools are so ingenious.
Oh, and P.S., since you mentioned running Debian, have you made sure that you've patched all 87 security vulnerabilities announced so far for the year 2003?
If your ocmpany got hit go ask your network admin why they aren't blocking ANY executable email attachment. Then go ask their boss.
IT'S NOT HARD PEOPLE.
These machines are unlikely to be interfaced with a public net at all, especially not sitting on a fat pipe; but many of them have to network _somehow_. Regular modems, ISDN, etc. aren't quite dead yet.
"BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
The people that open these attachments aren't system admins. They aren't network programmers. They aren't even computer literate half the time. Most of the time they treat the computer like a magical device that mysteriously allows them to type and send mail very fast. My mom doesn't even know what a zip/exe/jpg file is. I think it is hard for us to imagine not knowing what we know about computers, but the fact is, that most people using computers don't know a fraction as much as anyone reading slashdot. In fact, most of these "virus" are technically trojans. They are all exploiting the ignorance of the user to mass infect others. There is nothing any operating system can do to stop this. If we were all running Linux, more people would be tricked into running as a SuperUser or Root or some other exploit virus programmers would find. In the end, it's not which is it the right operating system, but have we educated the person behind the machine.
Instead of a headline like "Dangerous Fizzer Worm Attacks the Internet," how about "Thousands of Morons Open Obviously Virus-Laden E-mail Attachments"? I kind of like it. It has a light, comedic feel similar to headlines found at The Onion.
Chris
www.koozie.org
Has anyone ever pondered this before?
Over the past few years, technology has advanced greatly in area of computer security. There was a point in time not very long ago where the word "virii" was just another ancient, arcane computer term that gathered dust on the history books.
It was not long after that I noticed several companies like Norton and McAfee begin to develop and release extemely enhanced versions of their anti-virus products to the home and business PC market without any reason whatsoever.
A few months after that...BOOM!! The Internet was virutally TEEMING with all kinds of new, weird bugs the likes of which had not been seen before. Magically, the before mentioned companies Norton and McAfee had patches and updates that seemed to erradicate the problem.
Let's face it, it seems to me that the very source of virus activity today are the very companies that offer the solutions. Has anyone ever thought this before? -- companies that hire hackers, supply them with all the info they need to exploit well-known weaknesses in computer systems that the average hacker may not even know about, and then allow these same people to release their creations and allow them to go on a rampage for a few days before the corporation swoops in like Superman to save the day.
Think about it.
In addition, it uses a particularly nasty flaw in Microsoftâ(TM)s Internet Explorer program and its implementation by Microsoftâ(TM)s Outlook e-mail reader that allows the virus to infect machines whenever a victim simply previews an e-mail message loaded with the program.
Yet (as of this post) CNN mentions nothing of the fact that this is another virus that takes advantage of a Microsoft flaw...
And at the bottom of the MSN page"MSN - More Useful Everyday"
ah the irony of having your own news company...
Do not click on the attachment!!!
I feel better now.
My rights don't need management.
What do you mean? Linux is my sex life!
...is one involving how it handles MIME types, especially within IFRAMEs. What happens is, the message headers will say it's one type, such as audio/x-midi, while the payload is really an EXE file, sometimes misidentified as a .bat or a .pif. The unpatched Outlook or OE thinks, "Ah, a MIDI file! Let's play it!" and blithely passes it to the OS, which thinks, "Ah, an executable! Let's run it!".
One more example of why HTML doesn't belong in email, aside from web bugs and other BS.
Oh, no! You have walked into the slavering fangs of a lurking grue!
Because there's nothing quite like a 100,000 machine-strong DDoS network of Redhat machines on cable modems. I hope you meant that if machines are not repelling attacks, then that would prompt bug fixes. However, as you see in the Windows world, most attacks are targetted at already-fixed issues. The machines that get infected are the ones that didn't stay up to date (or in lots of cases a few years ago, were running software they shouldn't be running, like personal Redhat machines running BIND because it was installed and started by default in an "install everything" scenario, the installation option used by most newbies because they're afraid of missing something during the initial install and not knowing how to install it later).
No, successful virus/worm/hax0r infections are never desired. Better for the issues to be found by competent and moral ("moral" being that they don't use the exploit maliciously) people before a major virus or worm is written. There are excellent patch distribution channels for both Windows and Linux these days. People really should use them. And for production servers that don't use them because they need to do validation before deploying the fix, they need to get off their asses and do the validation. There's no excuse for a 2 year old bug causing issues now. That's 1 year, 11 months, and 3 weeks of laziness (assuming it takes about a week to do a validation and deploy the fix and any resulting changes).
a.) Everybody decides to hate Linus.
Not likely to happen. Linus is a genuinely decent and nice person. While there will always be the odd person who hates everyone or who hates someone for some obscure reason, its unlikely that a significant number of people will ever have a reason to hate Linus.
b.) Linux machines can be counted in the millions.
They already are, even if you just count the number of servers sitting out there attached to the internet.
The difference is that Linux is generally more resistant to attack to begin with, especially in the default installs of recent versions. There are a number of inherent design flaws in Windows and a number of historical anachronisms endemic to the typical Windows environment which make it more prone to viruses, worms and trojans than a *nix like OS. Linux is also more likely to be installed and administered by people with a clue than Windows is, and that makes a huge difference. If a huge number of the typical lamers that mindlessly use Windows start using Linux, then it may start to have a few more problems, but I suspect still far less than Windows does.
The safest platform to be on is the obscure one with few people using it.
A bad assumption. Security through obscurity is not valid in practice. The platform still has to be secure even if it is obscure, because unless you are the only user of all the relevant code it runs, you can't depend on someone else not being able to find a weakness. Even that isn't a guarantee, since crackers could still probe from the outside and possibly find vulnerabilities.
I knew that damn little teddy bear icon in my windows directory was up to no good!!!!!
"Would it kill you to put down the toilet seat?" -- Maya Angelou
you can't fix the people who are morons, which is where the real problem lies.
--Lawrence Lessig for Congress!
and yeah, it can be done.. what you all have now is a false sense of security through obscurity
I'm sorry, you must be thinking of Windows.
Has anyone else been getting TONS of e-mails with random subjectlines lately claiming to be from "support@microsoft.com" containing (one assumes) some kind of virus in an SCR file?
What virus is that, anyway?
You can fix the OS, but you can't fix the users. People who get hit by this have nobody to blame but themselves (or their Windows administrator).
Microsoft fixed this vulnerability more then 2 years ago. Why do people not update their software?
According to Symantec, Bugbear.B "uses the Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability".
"Can of worms? The can is open... the worms are everywhere."
...not dead?
-pyrrho
Well then, any admin who runs outlook (or any email client, or browser, or ANYTHING that could potentially be comprimised) on a production server that absolutely can't stand to have any downtime needs to be terminated as well.
Username taken, please choose another one.
"Welcome to wind0ze, haxz0r, who would you like to (distributed)DOS/mailbomb/infect today?"
-- Windows Vulneribility (TM) 2005
I don't use Outlook!
neener, neener, neener
Seriously, why not pick a mail client which is free and dosen't have 90% of the exploits written for it?
Probably, but that would be a lot of work. More likely, you could just use one of the many local root exploits over the years. There have been quite a few, and I'd bet there are lots of people that are still vulnerable ("A local exploit? But I'm the only user on this system. I'm not going to bother with it."). Of course, now you have to find some way to get the user to run your script or executable that exploits the bug, but I'm sure there are ways to do that (even if it's just social engineering, which is what a lot of Windows e-mail viruses do). And then you're in, with root permission.
And of course, even without root permissions you can still screw stuff up. How about a virus that destroys all of your documents/mp3 files/pr0n? You don't need root access to do that if your user has write access to it already (and you surely do, or how could you update your documents/mp3 files/pr0n without always going to root?). And worse, there are distros like Lindows that encourage you to run as root (well, it used to, does it still do that?), which would make compromising it even easier. Of course, there's probably only a couple tens of thousands of people running Lindows, compared to millions upon millions of Windows users. What hax0r would waste his time on such a small target?
And McAfee seems to disagree with you about when this was discovered.
He was remarking about when the security hole in IE, that this virus exploits, was discovered and patched not the date this virus was discovered.
Slashdot, home of supporters of free software, free music, and free speech.Except for Moderators that disagree with you.
So you absolutely can't afford a few hours of downtime, yet you run OUTLOOK on it? moron.
Username taken, please choose another one.
1080 is the default port for a SOCKS proxy. Perhaps you see all those ports open on your network for a reason.
'Same speed C but faster'
Outlook isn't ready for the desktop.
Windows is just fine if you don't use outlook.
GoatPigSheep, the 3 most important food groups
One interesting thing is it opens port 1080, which is normally used by MSN messenger
Sounds like you're using a Socks server to connect to MSN - 1080 is the default Socks proxy port, not MSN messenger.
yes, but you'd have to be root for it to work
"The day that linux worms run rampant is the day it becomes a successful desktop." How?
It tends to come as a .scr, .exe or .pif file. And it has all the typical hallmarks of other massmailers.
I spent several hours today cleaning computers in my office, all tyhe while getting sends from over half the free world, it seemed, with more copies of the blody thing on them.
... to reply to mi2g claims that Linux is more hacked than Windows. Now you have hundreds of windows computers in your near vicinity waiting to be hacked thru port 1080. I think that at the rate of infection of this last worm, in very few days (sunday?) will be the most widely distributed computer worm ever.
Indeed, I've noticed a number of these emails today - I'd click on it, have a laugh and delete it.
Of course, I run linux so I am completely immune - windoze users, do not try this.
It is a fact that as linux becomes more common, there will more poorly configured boxes, more default configurations, more simple passwords, etc.
I know we all are proud of how secure *nix's are, but they are secure because of good admin's and smart users.
In order for linux to come into mass acceptance and use, I think we will see some security sacrificed for ease of use and simplicity.
Microsoft is a shit company for putting out crappy insecure products in the first place, but my main beef is with the stupid fucking morons who use those Microsoft products and don't maintain their computers.
A patch for this hole was out two years ago.
Fixes for Nimda and Code Red have likewise been out for a long time.
Ditto fixes for SQL Slammer.
But guess what I still see in my firewall logs? Let's take a look at some excerpts, shall we?
6/3/03 3:24:04 Trigger IP Addr: 195.199.65.173 TCP Port: 80 Svc: Nimda 3600 secs
6/5/03 17:46:47 Trigger IP Addr: 66.117.200.191 TCP Port: 80 Svc: Code Red 3600 secs
6/5/03 22:04:55 Trigger IP Addr: 63.79.176.247 UDP Port: 1434 Svc: ms-sql-m 7200 secs
These are just the most recent occurrences, but my logs are jam-packed with them. 132 Slammer hits in just the last week. Still plenty of Nimda and Code Red. And I won't even mention the thousands upon thousands of hits in my log from machines looking for exposed Windows shares on port 137.
I just looked at my system tray, and guess what wants an update? Norton....freaky. I use Mozilla for mail (Lookout Express is on only because I haven't removed it...no Outlook)
How does one go about removing Outlook Express from XP?
Do I dare update?
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Stupid was your word. I'd prefer to call people like that ignorant. Of course it's not true that the user has to do anything to be the victim of one of these worms. They take advantage of flaws in M$ apps, like an email clinet that loads sound files automatically. The user never knows what hit them. You knew that because you are so smart, right?
People who trust Microsoft agian and again, now that's stupid.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
that's not really true though, since there are holes in windows that have been there since windows version 1. Sure there are holes in any program, but at least most of the unix/linux/macos viruses don't cause the computer to crash. In almost every case, unix/linux/bsd viruses are really just exploiting a single program.
Why read the article when I can just make up a snap judgement?
Thats my point, sort of.
And there are bugs and exploits. Probably many that havent been found because noones looking too hard for 'em. The samba root exploit that existed, well forever, comes to mind.
And people can chatter about how quickly the holes are patched, it doesnt mean the users update their boxes. They dont click the windows update icon, they wont open a shell and type apt-get either.
I don't need no instructions to know how to rock!!!!
I've gotten a few of these already. Anyone know how many different combinations there are? I want to collect them all! :)
Luke-Jr
McAfee lists the patch with a link to:
Microsoft Security Bulletin (MS01-020)
Incorrect MIME Header Can Cause IE to Execute E-mail Attachment
Originally posted: March 29, 2001
Not the iframe hole you mention.
Slashdot, home of supporters of free software, free music, and free speech.Except for Moderators that disagree with you.
tee-hee.
And if you really can write a worm to use the MIME type exploit against a linux machine, do it.
Ok then, shut up.
====
Crudely Drawn Games
I hate to sound like troll, but can someone please me, WTF is this all about?
I'll tell ya what I think... M$ sponsored FUD.
When has a Linux Box _ever_ been the root cause of crashing the entier internet?
Karma: The shiznight, mostly because I am the Drizzle.
Just wait until:
a.) Everybody decides to hate Linus.
b.) Linux machines can be counted in the millions.
a. is unlikely. How can anyone hate free software? Oh yeah, it's putting you out of business. Microsoft does an admirable job of astroturfing congressmen and Slashdot, but they have yet to put out a good free software worm. The intersection of people with the skill to write free software worms and the number of people who hate free software is vanishinly small. Competent people like free software, get used to it. Windoze on the other hand is just about universally hated and just as easy to break.
b. Linux machines can be counted in the millions. Desktop machines. If you figure 10% of US desktops are running some form of free software, you get millions of computers. The rest of the world has plenty of free computers as well. Yet I don't see anything breaking down mutt, pine, balsa or even Mozilla's email client. AOL's windowze messenger once had a problem but only on Microsoft platforms. GAIM and others had no peoblems at all.
To sum it all up for you, nothing is as bad as the Microsoft monoculture of poor quality software. Free software is more diverse, of better quality and is universally loved.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
Check out SpyBot at http://spybot.eon.net.au/ Several reviews of the product were done, here's one at cnet
this virus attempts to spread via the LAN.
it is not soley email borne.
liqbase
And once again, those of us who know how to configure our windows systems and aren't stupid enough to (a) have open network shares with no passwords and (b) open random email attachments are safe. (emphasis mine)
Please read the fucking article. Not only is the email attachment not random, because it pretends to be a reply to an email that you've recently sent to an infected person (among other tricks), but it also doesn't have to be opened, because it uses an IE exploit to run itself as soon as it shows up in Outlook's preview window.
But synaptic is so cool... surely they'll want to use it? j/k
I touch computers in naughty places
Our University is being hit hard, especially because almost all classes and departments have these massive listservs and the listserv software is so archaic that it doesn't have viral replication blocking. Oh well, at least I get the personal enjoyment of reading other people's e-mails that get cloned. So far I've got 2 that involve people talking about me behind my back. There's always a golden lining people.
It's not stupid. It's advanced.
Linux is dominant on the web - the number of domains hosted on linux/apache is greater than those hosted on windows pcs running iis.
But, the overwhelming majority of web security problems is with, you guessed it - iis.
Yeah, just imagine if something like Apache gets popular, imagine the havoc people could cause with uptimes on those OS's.
Yes, the server community is different from userland and every piece of software will have its flaws, but popularity is not proportional to the amount of worms and viruses, lack of quality is.
Bad boys rape our young girls but Violet gives willingly.
do i know that openme.doc.scr is probably a virus? yes.
.exe or .scr file on their machines to see which ones may or may not be a virus.
do the users know that openme.doc.scr is more likely to be a virus than flowerbox.scr? no. why? because they don't give a crap about their computers. they want to get their work done, done scroll through every possible
if it says "This is a virus, kill it" then you have a prayer. if it says "This might be a virus, but then again you have hundreds of files on your machine just like it that aren't viruses, so you figure it out".
guess what, user goes Huh....?!? and moves on.
The difference is that Linux is generally more resistant to attack to begin with, especially in the default installs of recent versions.
:S that would worry me - and NO i wouldnt want to see this on sourceforge)
I'm sure there are also still *plenty* of Linux boxes around that werent installed with a recent version.
The vulns exist, but lazy virus writer toolkits arent available for linux (yet?!
liqbase
I'm not going to defend Microsft, but I will defend the users. This worm sends emails that look VERY much like ones that a user has sent or received. It really is a well designed "social engineering" virus.
Since our users had not had a virus hit their desk for 2 years, thanks to NOD32, they were really not expecting this one!
Cheers, Ben.
The entire physics department here got an email with the subject line "Re: hep-lat 020711 daily received" with the pif attachement.
.pif file)
hep-lat is the Los Alamos eprint Archive subject code for high energy physics on lattice models. The email refers to a paper on "A new proposal for the fermion doubling problem" which is supposedly attached (instead you get the
The subject line is matched amazingly well to the recipient list. I thought "that looks interesting, I might have a look even though I probably wasn't supposed to get it."
:wq
And be given a pair of concrete slippers as a parting gift.
I don't see how this is a troll. His post is completly fact. My roommate has been infected with worms and viruses- he even has this one and he's behind a router AND a proxy! Noting the fact that they are all windows boxen, what does this tell you? Windows simply sucks. End of story. Even people who've written worms/viruses for various GNU systems don't get very far because of the inherent nature of the Linux/BSD etc.
/. so they're not technically minded (think mom/pop/grandparents here)
It's a fact that the default install of a windows machine versus a GNU system is insecure. That's all there is to it. Just because it's the "fault" of Joe Sixpack they have the virus doesn't make it completely their fault. I don't like using windows update because it'll break the windows systems i do admin. I have to run through it manually and double check everything. With linux, crap. Just throw up iptables/ipchains or use your firewall of choice.
Point being, the end user is a moron. They don't read
Oh yeah, one more thing.. When HAVEN'T you walked into a bank and seen shiny new dell machines on desks and behind the tellers?? hmmm?? Thats what I thought.
ps. reread this before you moderate and really think about it.
I'm not saying it's a conspiracy, but it does say alot about how people we can expect people to understand, and how Microsoft is so ingrained they don't even think of switching.
There were five topic icons for this story: Security, Technology/IT, Software, Windows, and Operating Systems. Everything on /. is Technology/IT. Should that icon even exist? Windows* is a subset of Operating Systems, which is a subset of Software. Since we all know that, the last two are redundant.
The only topic icons that really make sense for this story are Windows and Security.
Is there a compelling reason to have so many topic icons, or are the /. editors just infatuated with their relatively new multiple-icon toy?
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
"The day that linux worms run rampant is the day it becomes a successful desktop."
Then what the hell am I running on this machine? OS/2? It sure the hell isn't windows. Seems like its pretty successful for me. Oh, you mean whenever, ifever, it overcomes windows entrenchment in the personal computer market.
Any sufficiently advanced influence is indistinguishable from control.
handy little solution that has been around for a while.. (jpeg image file)
+++ David Watts 5495 0.0 0.5 1888 884
The main reason why *nix boxes don't have anywhere near the number of virii infect them is because the average *nix user has had to set the box up themselves and had to go through the learning curve that is involved in that. Anyone who has got enough knowledge to set up a *nix box (and in reality most people that accually are able to install windows) have enough general computer sence to not catch virii. I personally hate virus scanners as they just take up my resources. Periotic scans let me know that I am not just overconfident that I am invoulnerable, but infact paying enough attention to what I do on a regular basis to delete the emails with attachments like 'happy99.exe' even though I don't in truth _know_ that it is in fact a virus. *nix isn't really a safer OS from virii, it just has a better trained user base.
that's not really true though, since there are holes in windows that have been there since windows version 1. Sure there are holes in any program, but at least most of the unix/linux/macos viruses don't cause the computer to crash. In almost every case, unix/linux/bsd viruses are really just exploiting a single program.
The point being...? Really, you have done nothing to assist our underinformed cyrax777. Let me help, please.
First, causing the box to crash or not is irrelevant, as is what program allowed the compromise - a compromised machine is no longer yours. Time to re-install the whole machine.
The reason *nix is much harder to infect in the first place is users run with user privileges, as do all the child processes that they create. Thus, the e-mail client cannot over-write any system files since it lacks the autority to do so. This is where "rooting" the box comes from - you need to elevate your normal privs to super user status in order to do any real damage. You can tell most *nixes that "This user account can never elevate it's priveleges", and it likely never will. System services, like say the Apache HTTP server, are usually set up to run as under-priveleged users as well, so compromising them leads to even more difficulty controlling the whole machine - there's very few opennings in the *nix security armour. In contrast, right now my XP laptop is running login.scr as SYSTEM. Yup, a screen saver with system level privs. IIS on NT/Win2K is the same way - out of the box it runs under the SYSTEM account. If one of these is compromised, it's not your machine anymore. Now you know where a lot of the issues with Windows security lie.
This reflects one of the design philosophies of *nix: only give users the privileges they need, and have a huge, well defined wall between them and the system. Windows seems to come from the other end - give it all, and try to take away what's dangerous. IMHO, that's where Windows fails - miserably.
Soko
"Depression is merely anger without enthusiasm." - Anonymous
"Bugbear.B, a variant of a worm released last year, installs keylogging software, back-door software, and in some cases even attempts to control infected computers' modems. "
:-)
It slices, it dices....
The race isn't always to the swift... but that's the way to bet!
My cable modem is steady lit over here.
Sorry but enterprise level and MS do not belong anywhere near each other despite what MS wants you to believe. I'm an MCSE and I can't imagine running critical services on the MS platform, user authentications, file sharing, and printing sure, but as an application platform windows server is just too bug ridden.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
I'd like to see a decent grind against Linux boxes. If we haven't been dreaming then the h4x0rs shouldn't get very far. (Dreaming because, for example, in Korea, they used a single failed install. Many open proxies.) I'd like to see an attempt against Linux. It would keep peoples toes in the air. (Or some-such.)
One line blog. I hear that they're called Twitters now.
Here's a secret you might not know:
On Unix/Linux Desktop systems there is nothing on the system as important as the user's data in his home directory.
So the whole notion that trojans/worms etc. can't hurt the systems that 'mere users' will be using as there is more and more of a push to Linux desktop systems is just plain nonsense. If it wipes out an employee's whole writeable diskspace, it's done all the damage it could possibly do. Nobody cares that everything that rolled off the Install CD is still there and might even be pristine.
yep and just as well anyone who is running outlook on a production server and who has a two year old vulnerability unpatched needs to be terminated with prejudice.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Comment removed based on user account deletion
Excuse me, but that is the wrong removal utility. The correct one is here
rm -rf sig
On my desktop computer I once got hit with a bad Norton Antivirus update that ended up causing the virus scanner to do about 10 seconds of needless processing every time I ran a new process... needless to say, I thought I had something seriously wrong with my computer until I determined what happened.
So, you can't even blindly trust that a Symantec virus definitions update won't cause unacceptable performance from your must-be-up production server... so you're damned if you and damned if you don't. Still, I'd say frequent virus updates are the safer bet...
I looked on google for this, here are some sites might help you:
e nc /data/w32.hllw.ultimax.html
http://securityresponse.symantec.com/avcenter/v
http://www.hamdard.net.pk/dis7.htm
Note: Not a flame to parent post...
:)
now if they'd only bought the firewall solution from us that stripped email attatchments based on mime type and/or file extension
I have had it up to here (pointing to head) with all this BS with email worms/virii and the media. They are not email worms, they are Outlook worms. I could sell someone an attachment stripping solution but that is irritating. For every bug it strips out it will strip out a legitmite file as well.
I just don't know what to do with people... Every time one of these god damn things coms out, my phone starts ringing off the damn hook, hell I can't even get a straight 8 hrs sleep... (one dis-advantage of home office) and every time I tell people the same damn thing. Outlook is a worm/virus magnet. Don't use it. There are many others. Bad people target Outlook for a reason, don't give them the oprunity to hit you. Its that simple. And always check attachments before running them regardless of what email client you are useing or who it came from. But they just don't listen. Do they think I am full of BullSchnitt or is being used to infection and calling me easier than learning a new mail client.
Does anyone have an idea of why end users use the software they use in the face of all the reasons/reccomendatios not to?
Came with machne so it must be good?
Everyone else uses it?
What?!?!
On The Other Hand..... I wil be making lots of cash in the next week... so mabey I should not be complaining
For every person that finds the silver lining of that cloud, there are 100 that just died from lightning
Backdoor routine
The worm also opens a listening port on port 1080. A hacker can connect to this port and perform the following actions:
First, run Office Update so you have at least Outlook SP1 (SP2 has been out for a while, in fact). Next, add the following value to the registry:
i on s/Mail
HKCU/Software/Microsoft/Office/10.0/Outlook/Opt
REG_DWORD: ReadAsPlain = 0x01
Outlook will convert all HTML to plain text before rendering it, and turn all embedded images, etc into attachments.
Thought I'd share that little tidbit.
Yup, your right on the money. I am a programmer for a fortune 500 company and our admins would NEVER run winders update on our production server. I work with some of the admins helping them with a Linux/Unix migration since we are moving most of our platform to Linux/Solaris (thank GOD). When there is a patch for the MS vulnerability of the week, they test in in a huge test lab on its own subnet away isolated from our network. Many times things come crashing down because of stupid undocumented changes. Anyway, you would have to be a nitwit to run winders update on any server that you depended on.
If Tyranny and Oppression come to this land,
it will be in the guise of fighting a foreign enemy. -James Madison
The whole root-user argument is completely irrelevant when you're talking about a consumer (read: single-user) install. In many ways I think it might even be a worse situation than Windows on the desktop because obviously it lulls certain people who don't think about the situation deeply enough into a false sense of security.
Who gives a flying crap if your /etc directory remains untouched when ~ (where the irreplacable files are) has been wiped out?
How about when "Mafiaboy" used thousands of slave Linux boxes to DDoS yahoo.com and ebay.com off the Internet for a couple days?
Before Up2date and similar tools, consumer Linux installs were the #1 hacker attack platform. Remember the t-shirt "My other computer is your Linux box"?
I think I've seen about enough of this particular strawman.
Nobody has to run anything on these servers; all they require is network connectvity. These worms propagate via network shares as well as e-mail. All it takes is one infected machine with a persistent connection to any production server in a trust network to cause headaches.
BD Phone Home!
Shameless plug. Like you weren't expecting it.
In contrast, right now my XP laptop is running login.scr as SYSTEM. Yup, a screen saver with system level privs.
What's your point? The login screen saver logs users in, so it makes sense that it has some sort of advanced privileges. (Maybe it doesn't need all of SYSTEM, true...)
And the screen saver is well protected in winnt, believe it or not. It runs in a separate secure desktop, just like the ctrl-alt-del desktop does.
Now I agree that the security architecture of windows has flaws, but c'mon, there's got to be a better example than login.scr...
The following sentence is true. The preceding sentence was false.
Which is exactly why so many worms target Apache rather than IIS.
Batting down strawmen for 12 years and counting ...
BD Phone Home!
Shameless plug. Like you weren't expecting it.
I don't know about you, but I administer systems with hundreds or thousands of users. It's *their* data I wish to protect, not that of the irresponsible schmoe who ran untrusted binary code.
<OBSIMOM>
But if they ask me nicely, maybe I'll keep that backup tape away from the degausser.
</OBSIMON>
BD Phone Home!
Shameless plug. Like you weren't expecting it.
... but it also doesn't have to be opened, because it uses an IE exploit to run itself as soon as it shows up in Outlook's preview window.
Correct.
Outlook virii/worms have been with us for a painfully long time now, and yet a bunch of people are still clueless about what Outlook's preview window does. It OPENS and then it PREVIEWS. As in RUN. As in EXECUTE.
Turn OFF the Outlook preview window, people.
Or even better -- STOP using Outlook/IE altogether.
"Folks just call him Buckethead." -- Les Claypool
The fact that the large majority of webservers out there are running Apache (many on linux) and have been for a long time suggests otherwise. Sure bugs exist and there will always be exploits for all platforms, but somehow the Apache team is dodging those problems far better than Microsoft. With even MS themselves admitting that their emphasis was never on security in the past, you're probably one of the few people left in the world trying to defend their record.
So don't complain too much about the zealots around here -- you're just as much one as the rest of them, and one of the more vehement that I've seen.
HAHA..
any admin who sets production servers to be
"automatically updated" deserves to be terminated
with prejudice.
Now this patch has been out for 2 years.. that is
PLENTY of time to realize the patch is worth
it, ESPECIALLY after the first bug bear fiasco.
You know, whenever I see an old Linux CD-ROM in a used book store or thrift store, it disturbs me when I think how many vulnerabilities are permanently etched as pits in the polycarbonate plastic.
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
I keep clicking on this .pif file in Sylpheed-claws and nothing happens.
:)
j/k
Frankly I dont know why everyone is getting these virii. I have never gotten virus on any of my personal email accounts. You just have to choose your friends carefully
DON'T allow HTML in your e-mail. Plain-text only, please.
"Folks just call him Buckethead." -- Les Claypool
Not to flame the post, but FYI, I run a deployed server with Debian updating every morning at 6am. Every package on the machine is updated if it needs it. In fact, the major upgrade from 2.0 to 3.0 was done this way.
In over 2 years of running this particular machine, I've only encountered one problem with automatic updating. And it wasn't a broken update, but a maintainer tightening security that made some email clients not work. I had to tell them to use more secure means.
Says a lot about the stability of Debian's packages. When the Debian community calls it the 'stable' version, they mean it!
Disclaimer: The production server I speak of runs a few web sites, several email accounts, etc. There's only about 5 users active on the machine. If I was administering it for hundreds, I wouldn't do automatic updates (even with Debian).
In recent Mozilla versions, from the View menu while in Messenger, you can choose Message Body As/Plain Text. Works like a charm...
Oh, no! You have walked into the slavering fangs of a lurking grue!
Sounds to me like they don't use support branching in their revision control system. If they want to release a fix for old code, rather than branch at the release and make a fix, they give you all of the "goodness" that they've been working on in the meantime.
So, add bad version control to buggy, insecure code...
I agree with you quite wholeheartedly. What is the downfall of your argument is the assumption that people will patch because it is good for the software and for the general health of the computer. A great deal of people, though, donâ(TM)t patch their computers. Even with automatic update, it is still a hassle to reboot the computer every time the damned icon appears, so many people just ignore it. Moreso, Office does not have automatic update.
If you truly want to be worm-free, the same advice goes for all E-mail clients: Be well-informed, and update often. Use anti-virus software, but, no matter what you do, donâ(TM)t become lazy or ignorant.
Good luck, everyone
<assume bugs bunny martian voice>
oooh! windows makes me so mad!
</assume bugs bunny martian voice>
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Wait. I thought the big advantage to Windows is that you don't have to know a lot to run it. Just clicky-clicky and it all just works. You mean you have to KNOW something about the machine? Huh.
OK. Sure. You and I know the folly of that line of thought. Although it may be hard to tell when we fall in to the "linux ready for the desktop" conversation / troll.
The trouble is - we're in a minority. Furthermore, we're not in marketing. Or buying in to marketing.
This leads to two problems.
First, Microsoft has made some fundimentally flawed decisions in its development for Windows in the pursuit of making it more user friendly. This leads to everything from the ability to hide the true nature of an attachement to executing attachments without user interventions.
Secondly, it supports the misconception that the end user doesn't have to learn about their environment. Instead of having an understanding for basics, such as malicious attachments, they repeat the mantra "computers are hard" and remain ignorant... and prone to exploitation. Granted - its kind of hard to learn when clicking on an mp3 ends up executing a malicious application or script.
The challenges of viruses ('virii' if you want to dig at English majors), worms, spyware, and other malware is not limited to Windows alone. But in the current architecture of Windows, Microsoft has created a very favorable environment for any manner of malicious code.
(c) Keep windows up-to-date.
A patch that fixes the problem that this worm exploits has been availible for 2 years. I should probably also add (d) Have virus protection, but that would have just stirred up a bunch of "LINUX DOESN'T NEED VIRUS PROTECTION BECAUSE NOBODY WRITE LINUX VIRI BECAUSE LINUX IS THE VERY INCARNATION OF SECURITY BLA BLA BLA" bullshit.
Username taken, please choose another one.
add the following value to the registry:
i on s/Mail
HKCU/Software/Microsoft/Office/10.0/Outlook/Opt
REG_DWORD: ReadAsPlain = 0x01
Outlook will convert all HTML to plain text before rendering it, and turn all embedded images, etc into attachments.
And people claim that Linux (UNIX, whatever) is hard to handle.
So many of you are way off on your understanding of this worm.
I ran into this early today. I recognized it as a bugbear virus but inoculateit wouldn't detect it as anything. I reimaged the machine and then loaded up a web browser and noticed an article on yahoo about a bugbear varient running wild..
To get this you do not need to open an attachment. Opening the message is enough. Supposedly there is a patch that was out 2 years ago that should have fixed that bug. I decided to test it with an image running the latest patches on office/outlook 98 and win 98.. It also had the latest of all the windows update patches. Still it was able to autorun. Anyone know what's going on and if there is really any truth to a working patch existing?
Some people were saying to block attachments of those types. Sure, blocking scr files may not be a bad idea but a lot of people send exe files, at least in the windows world. It's useful. Of course we could rename files but why do that? We have a virus scanner that should be watching out for these problems.
Some people also tried saying nobody should use outlook. Welcome to the real world. Outlook with it's calender sharing, tasks, email, etc is a standard that many people expect. Nobody likes change. We are stuck with it. I'd get rid of it and all the windows servers if I could, but that's not going to happen any time soon.
I should note inoculateit/CA finally released new definitions a few hours after I got infected today.. At least that should solve the problem for the future.
Some people were saying that nobody should be stupid enough to have unpassworded shares. You've never been an NT admin in the real world. A lot of older DB applications require shares to be writeable by everyone. Access is granted based on appropriate domain account access without any extra passwords. Unpassworded file shares are a commonly required..
I tried to bait this virus with a samba system with debugging on level 2 to watch what it would do. I set up a mini network, mapped the drive, copied files back and forth, let it sit, rebooted, etc.. The infected machine never once connected on it's own.
Does anyone have any real technical details about this worm? I'm tried of all the crap going around. It seems to me like a lot of things are being blown out of proportion.. It's time to look at some actual code or a real technical artical rather than listening to non-technical people try regurgitating some information that they don't even understand.
. . . by claiming through an open letter to the world that it owns some 'IP' in the virus' source code. Oh, wait... that doesn't work.
Patch the workstations, so they don't catch viruses through outlook/IE exploits. Then you won't need to install all of the patches on your server, because you don't run Outlook on it anyway. If you don't install Windows service packs and updates on the server, you're just asking for trouble. You'll have to accept the possibility of some downtime, just as you do with any OS.
Now, you don't have to worry about the virus spreading through the network because the workstations don't have the virus and the server doesn't either. Nobody has the virus.
I'm just about sick of people defending themselves by calling the opposing viewpoint a 'strawman'. It's not my fault that your argument is weak.
Username taken, please choose another one.
This patch for 2-month-old Windows Server 2003 "to fix a vulnerability that could let malicious sites run damaging code on the server."
Hilarious excerpt: "ALTHOUGH SECURITY EXPERTS â" even those at Microsoft itself â" had pointed to the companyâ(TM)s latest server OS as the first test of the software giantâ(TM)s massive Trustworthy Computing initiative, representatives maintained that the patch did not mean the release had been a failure in its security practices. 'It actually highlights positive progress in trustworthy computing,' said Microsoftâ(TM)s U.K. security chief, Stuart Okin, explaining that Server 2003 is significantly hardened in comparison to previous versions of Windows."
It begs some questions: if this is progress... if this is hardened... what's he smoking?
Help stamp out iliturcy.
Well then, any admin who runs outlook (or any email client, or browser, or ANYTHING that could potentially be comprimised) on a production server that absolutely can't stand to have any downtime needs to be terminated as well.
Perhaps you might be able to explain how to remove IE from windows then?
Keep in mind, it loads at boot.
I realize that this is probably heresy to admit this on this board, but I use Outlook 2000 by choice. I have Norton AV updated weekly. More importantly, I don't open attachments. Finally, I have Windows set to show me the file types. So, what.jpg actually shows up as what.jpg.pif. No problem. A quick delete and it's gone. I also have the auto-preview turned off.
I've had no difficulty with viruses, worms, trojans, or the like.
This particular wrom knows how to use other e-mail clients as well. However, suppose that suddenly everyone switched to Mozilla. Same stuff would happen. Why? Because if you send someone an executable and they run it, it will infect them regardless of the e-mail client they use. IF a different client was the most popular, it would simply be the most popular target. When something like a worm relies primarly on user stupidity to spread, it will hit stupid people, regardless of what software they use.
Windows is the same way. IF people run with user rights (not admin) they are prevented from hitting anyone else. They can even be prevented from running software the admin didn't install for that matter. Problem is, most people run as admin. IT is their box after all, they'll do as they please.
YOu'd have the same problem with Linux. First you have brilliant distros like Lindows that run as root by default. Then you'll have tons of people who log in as root all the time for dumb reasons like "I get sick of chainging users to do something" or "It's my system, I should be in complete control.
Linux does not have the ability to control stupid users, unfortunately. A good Linux system run by a competent admin sure can, but then so can any OS with good security controls. PRoblem is most home computers AREN'T run by a competent admin.
Perhaps you need more experience administrating real world servers before you go calling other people's arguments 'weak'. Applying patches to a production server is nowhere near the same animal as applying patches to your Dell running XP Home. Applying patches on 2000 machines is far from a simple task - especially with the frequency of patches out of Redmond lately.
As for accusing sysadmins of being lazy, incompetent, or outright negligent is not only disrespectful, it's downright arrogant of you. If you don't know what you're talking about, it's probably best to keep your mouth shut.
BD Phone Home!
Shameless plug. Like you weren't expecting it.
I hear the same thing from Doctors and Nurses all the time.
People these days are educated enough to know not to drink and drive, smoking is bad, and drugs are not good for ones health, yet they see people carried in every night for at least one of these either dead or on the verge of death with no return.
People either dont care or think it just wont happen to them is how I rationalize it.
I hate it even more when I know which person has the infected system that is forging my email address on outbound virus/worm messages, and I tell him, and he appears to do nothing about it. :-(
No Laughing Allowed!
Yet Another Windows Nuisance. Then at least the acronym for it would be apt for the reaction this sort of thing should have by now. This patch, that patch, blah blah blah... Security through reliance on patches is laughable, especially at the rate of patches being distributed. If reliance was on the core of the OS and patches were rare, then the YAWN reaction wouldn't be so warranted.
No Laughing Allowed!
I disagreed with one point the article made.
BugBear then goes searching for a modem, enables it, then tries to get the computer to dial out, probably to reach the virus author. âoeHe really wanted to get into those machines,â Kuo said. U.S. financial institutions probably arenâ(TM)t at risk from this technique, Kuo said, because most donâ(TM)t have modems attached to their critical computers any more.
Today I was at fry's electronics, and I saw a Quickbooks POS (point of sale, not peice of shit) system on display for small to medium business. This started getting me thinking back to my earlier days of consulting.
One of the companies I did work for had a retail chain of mall stores. At night the registers would dump their management reports to our AS/400 machine and someone would make neat reports out of them. It wasn't a huge amount of data, so each store would just phone home on those really nice $300 courier modems.
Most of our store managers kept in touch with us via outlook/exchange server.
Now another interesting side note is veriphone uses POTS lines for nearly %100 of their credit card processing. Tons of small stores have networks in them now, managers reading e-mail and such.
So which of these financial institutions has its shit so well together that they don't need modems? I just wanted to point out the author of the article is a stupidhead. Boo!
For me "Read all messages in plain text" is an option under the Read tab in the options. Putting this in the registry just a bonus.
Comment removed based on user account deletion
As long as you know login.scr is the real thing (as I do on my laptop, BTW) no problen, I agree.
A login.scr that sends "teh 1337 h4x0rz" your password keystrokes as you type them is another matter all together. OK, it's unlikely (with Windows File Protection and all), but not outside the realm of possibility - especially since the program is running with SYSTEM privs. If it was GUEST, I'd wager that the h4x0r in question might have a lot more trouble.
Soko
"Depression is merely anger without enthusiasm." - Anonymous
ummm even with an up-to-date windows install you could still get this virus. Tha is just ONE of the many ways it tried to spread.
Also it tries to DISABLES anti-virus software and some don't even see it as anotehr poster mentioned.
and you do know many anti-virus apps just scan exes and compare to a database? they don't actaly do anything special and can't stop a new and unkown to them viruses, so d) only applies if you have a nice pricey/non-free one with a autoprotect feature.
And as other would say RTFA you person who is E) to full of himself to read the artical and things he knows everything about computers so doesn't need to RTFA, and omega) a windows advocate who just felt like bashing linux and the linux community.
i have mod points, but they are to valuable to waste on you.
The real reason why MS can't get its act straight is simple: there are too many damn versions of its operating systems.
http://www.securityfocus.com/bid/6205
Look under the vulnerable list...I spent 15 seconds holding down the space bar to scroll through them all.................
Must be a thousand separate products there.
yes it's quite clever. You sure know the people who always send you funny mpgs, jpegs, exe games etc? They CC to virtually everyone in their contactlist, so after a while you KNOW their mails contain attachments... And of course you will open them, just to have a laugh; I'm sure a lot of people get fucked that way, trusting their CC mailfriends... Is it stupid to trust those attachment because you ALWAYS get those from them? i guess so, if you own a PC running OE. Oh well...
This reflects one of the design philosophies of *nix: only give users the privileges they need, and have a huge, well defined wall between them and the system.
You're smoking a huge crack pipe, my friend. In unix, I need suid to change my password, 'fer christ's sake.
I mean, it's painfully obvious that you have no unix experience whatsoever. It's just sad that you got modded up on a site like slashdot, which used to be moderated by geeks.
Slashdot is jumping the shark. I'm just driving the boat.
As long as Outlook uses IE to render HTML mail, it will be vulnerable. This integration bullshit from Microsoft has made vulnerablilities in one program affect many others. If Outlook was secure, it would have an option to turn of HTML mail rendering. If it was turned on, it would only be able to format text and layout, and download and display images (while checking to make sure that they really are images and not viruses/worms/trojans). And images could be turned off. This all seems like common sense to me, but apparently it's not common sense at MSFT, which makes it easy for worms like this to spread.
Sure, I use Windows. But it's the only MS product I use on a regular basis. I use Calypso 3.3 to read mail, which has HTML rendering turned off by default (and I keep it off). I'm typing this in Mozilla 1.3.1. They're both well designed programs that don't do stupid things like Outlook. Did I mention I've never gotten a virus? Well, I haven't. Ever. Sure, I've had the occasional Outlook worm mailed to me, but I'm not so dumb as to open the attachment (which has no way to auto-execute on my machine, by the way). Part of the virus/worm problem is stupid users, but another part is badly designed software, and most Microsoft software has historically been badly designed when it comes to security.
It's an operating system, not a religion.
Standard place? Where? In linux, 99% of the time it's in /etc
If you're not a Liberal in your 20's, then you have no heart.If you're still a Liberal in your 30's you have no brain.
- Opening an email with an unpatched version of Outlook
- Opening an unsolicited attachment from a stranger
- Having open network shares
It wnn't just magically infect you because you're running windows. If you're up to date with windows update, you don't open unsolicited attachments from strangers, and you secure your network shares, you will be safe! Are you sure that you read the article?Username taken, please choose another one.
Maybe, but due to the multi-user design of linux it is much harder for a program to obtain "root" privaleges. This alone will make worms and viruses much less harmful.
...And when they came for me, there was no one left to speak out for me." - Martin Niemoeller (1892-1984)
>Unless I missed something in the article
...it uses a particularly nasty flaw in Microsoftâ(TM)s Internet Explorer program and its implementation by Microsoftâ(TM)s Outlook e-mail reader that allows the virus to infect machines whenever a victim simply previews an e-mail message loaded with the program
Matter of fact, you did.
Quote:
End quote.
You'll see that the parent poster specifically said Desktop systems.
The point here is that we're urging people to switch their home computers over to Linux because it's "more secure." But it's still insecure enough that a common user would be vulnerable to things at least remotely like this if Linux was popular enough among home users to be worth the effort to target.
And in any case, your point isn't Linux-specific: if I was running a multi-user WinXP system and a user without admin priviliges runs untrusted code, he can't mess up the other users' stuff either.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
all the more reason to use a Mac :-)
Seriously, as a Mac user since 1984 I have *never* had one of my macs infected with a software virus. I've seen other macs infected with the WDEF virus circa 1989, but that's about it. Even though Virex on OSX is total crap (why does it need to rescan all files - even ones that have not changed? takes hours and thus no-one bothers), I am yet to hear on anyone running OSX cop a virus. I get virus-spam that's annoying but I have not yet been infected. Not in almost 20 years.
Mac's are easy to admin, easy to keep up to date and apple are damn good at releasing security patches in a timely manner.
I used to have a better sig than this, but I got tired of it
It's unlikely that more than 1-2% of US desktops are running a Free operating system.
As for poor quality software, I suppose you haven't used BIND or Sendmail, eh? Even "better" software (Apache, Samba, OpenSSH, etc.) still has remote root holes not too uncommonly, and the Linux kernel has had hundreds of local root holes.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
>Please read the fucking article
:-)
You must be new here! Welcome to Slashdot
Har har har!!!
Oh, wait, I better check my email too!!
Uhm, well, Kmail seems to be immune from all this script kiddie nonsense. Yes, Linux rocks....
Coming up on one year of using Linux and not one virus, trojan, worm, etc. yet....
Who me worry???
The scariest thing about this one, from my point of view, is that it's both professionally done and targeted.
A world of viruses written by amateurs out of curiosity or mischief causes sleepness nights and wasted work. A world of viruses written by professionals for well-defined ends is scary.
Financial institutions are going to need to take the same precautions as the military and sever the net connections of machines with sensitive information.
Standard place? Where? In linux, 99% of the time it's in /etc
And if it's a user-specific registry setting, it's in 99% of the time in
HKCU/Software/Company/Product
I mean.. How hard is it from there to navigate to 10.0->Outlook->Options->Mail? Seems fairly logical to me.
If it's a machine-specific setting, it's in 99% of the time in
HKLM/Software/Company/Product
Beware: In C++, your friends can see your privates!
Car crashes are common. I'm not going to walk 20 miles to work every morning because of the off chance I could be involved in one.
Do me a favor and double it!
In this case, other sites that covered this week's pair of Microsoft worms first -- and they'll cover next week's first, and so on. ZDNet, eWeek, Infoworld, Reuters, the Register and others covered it first. ZDNet has the bad habit however of sliding stories that reflect badly on MS quickly off the top pages and into obscurity.
Worms like sobig and bugbear only affect products with design flaws. Brian Valentine, senior vice president in charge of Microsoft's Windows development, said it best:
In short, there's nothing you can do to improve your security except upgrade to a different client: Mozilla or Opera instead of MSIE, Eudora or others instead of OutLook, OpenOffice.org or WordPerfect instead of MS-Office. Usually by upgrading you get better functionality, ease of use in addition to stability.Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
I wouldn't mind Outlook viruses and worms so much if they were really confined to Outlook (Evolution in Action & all that). However, they are putting a serious strain even on non-Outlook, non-Windows users.
I've never run Windows in my life, and I've never used Outlook or Entourage as my e-mail client. Last week alone, SpamAssassin caught close to 60 megabytes of spam in one of my accounts, the bulk of which was at least 649 windows viruses (I just counted messages identified by SpamAssassin as WINDOWS_EXECUTABLE). I also got several 100 bounce messages for viruses with my name forged as the sender.
What gives Microsoft the right to infest the world with mail clients that are so broken that even those who don't use them spend 60M of disk space and one hour of time a week just to clean up behind the crap they generate?
Except with most/all mail clients for Linux (and probably most mail clients for Windows too; pretty much all of them except MS's) you can't invoke executable content without first saving it, and then going back and explicitly executing it from your shell prompt / Run menu.
This is again a false argument. If we all switched to Mac, the same damn thing would happen. All the virus writers would now targets Macs since that would be what the majority of people use. More security holes would be found in MacOS also since more hackers would be targeting it. IT just comes with being the biggest,y ou get the most people taking shots at you. Also, users wouldn't get any smarter running MacOS, the worms would come out and people would get infected.
The only real solution is to always use a minority sOS, but by that argument you ought to switch to something like VMS. I can't remember the last time I heard of a VMS exploit. Why? Well there are just damn few VMS systems in teh world. The Haxors, script kiddies and virus writers don't understand it to hack it. I could give most people a system account on a VMS box and they wouldn't be able to do anything. Take that, combined with the fact that infecting of hacking a VMS system does little good and so they won't even try.
So please, lay off the sillyness. We can argue all day if Windows or MAcOS or Linux is more secure and never come any close to the truth since there is just no way of knowing. They are allused on vastly different scales in in different roles so trying to draw comparisons is meaningless. However, any small actual increases in security are irrelivant to the main factor of popularity. If you are the biggest kid people WILL hack away at you the most.
Also I will mention in closing that there are many ways to screw with MAcs that just never got really published, again due to the smaller market share. For example I found some nasty things I could do with Appletalk in large networks since it doesn't scale well. Well these aren't a big deal since Appletalk isn't the protocol the Internet uses so you sonly see it on LANs and WANs. However imagine if Apple had been the one and only game and it was what we used to do all inter computer communication.
No company, or even group of OSS programers, is perfect. Bugs happen in complex system and that is life. Hell, a couple years ago a bug was found in teh old and open source BIND that basically affected all version ever. Despite countless hours of peer review and tons of revisions, it had never been noticed.
That's bullshit. You'll notice these things don't just use any old extension, they use executable extensions. If you setup your mailserver to strip .pif, .scr, .vbs etc you'll be in a much better world.
When was the last time you got a legitimate email with a .pif attachment? Never, that's when. I setup this on all of my clients networks and have yet to have grabbed a single legit email.
Which file under /etc? There are almost 200 of them in there, and most of them don't have logical names.
Life in Orange County
This is stupid and obvious, but... why does Outlook allows users to execute any executable file send through email just by clicking on it?
I can understand that clicking on an attachment can open Word or Excel.
But in the real life, when do you really _need_ to send executables to your friends? Or maybe you need to send some app you designed, but in this case your friends can always save the attachement and execute it later. This is something nobody would make on untrusted mails.
{{.sig}}
Aren't you happy that Microsoft creates job positions ? what would happen to all the virus hunting companies if it wasn't for Microsoft ?
This Outlook virii thing is getting ridiculus. I am still waiting for an Outlook version that by default it does not run anything when opening a mail.
Since I have no mod points, I'll just post an "Amen".
/etc directory remains untouched when ~ (where the irreplacable files are) has been wiped out?
The whole root-user argument is completely irrelevant when you're talking about a consumer (read: single-user) install. In many ways I think it might even be a worse situation than Windows on the desktop because obviously it lulls certain people who don't think about the situation deeply enough into a false sense of security.
Who gives a flying crap if your
You'd have to be pretty clueless to lose your stuff that way. I run an rsync to another machine where all my home data is stored under a different password and kept up to date automatically. This is easy to do in Linux. There are lots of other ways to secure your files, that's just the one I use.
Anyway, root priviledge separation *does* help keep your home data safe as well. Normally somebody will need to get root priviledge before they can change any files in your home directory. Unless you do something really stupid like email your account password to a list of people you met on AOL, in which case, you probably need some pain applied to you, just to get your attention.
Have you got your LWN subscription yet?
As an admin who also blocks
If you just send
You're right though about the problem where one draws the line. With me,
So. I don't see the big deal. Root gives you zero security in situations like this, you don't have to be root to read through peoples email, nor send it. In fact, I think the idea should be scrapped - internal security is far less important than external security in situations like this.
Right. I'd never think to look in /etc/ssh/* for OpenSSH settings, or /etc/vim/* for VIM settings, or /etc/wget/* for ... duh.
"Verbing weirds language." -- Calvin
Listen mister, what you do in your home movies is your own affair...
Two wrongs may not make a right, but three
The answer is quite simple: because the operating system allows it. In the explorer, when you click on an exe, it runs. So in a mailer, when you click on an exe, it runs. That is the same handler.
.exe file as the data. the mailer checks, it is an audio file, so fine, pass it to the OS, this sees the extension, knows it is a program not an audio file, and just runs it. BOOM!!)
Of course, it is insecure. So in later versions, extra checks are installed that at least present some dialogue box (or in even later versions completely prevent running executables from mail).
Unfortunately, the whole mapping from "type of file" to "handler" in Windows is a big mess, and thus many bugs have existed in this area.
(the most famous one is the specification of an audio file in the mime-type and then passing a
I've been using it for years and it's the best email client on ANY platform (Windows or Linux). It's nearly impossible to budge people off Outlook, especially onto a client you actually have to *pay* for, but those that have moved have stopped running crying to me every couple of weeks with virus problems and their productivity has shot up. One of the nice things it does is refuses to run dodgy executable types (eg .pif), and those that can affect your system (eg .exe) it recommends you save to disc and virus scan it first (and importantly presents that as default option) though you can still run it straight off if you really want to. Thoroughly recommended. You can get it here and it will import all our Outlook stuff ok.
Phillip.
Property for sale in Nice, France
I donÂt know how this port 1080 works (and i like not to get this virus!) but could anyone write a utility to connect to port 1080, and drop a disinfector at the pc?
"executing format C:"
Will be just fine after they send a few hunderd mails.
"Nobody cares that everything that rolled off the Install CD is still there and might even be pristine"
I care. I care A LOT when my backup utilities still
work. So i can restore the BACKUPS I made of USER DIRECTORIES!
m.
IF people run with user rights (not admin) they are prevented from hitting anyone else. They can even be prevented from running software the admin didn't install for that matter. Problem is, most people run as admin. IT is their box after all, they'll do as they please.
One quite common reason for this is software developers writing programs which require this in order to actually work. Even though there is no actual reason for needing any privs in the first place.
It takes a little while to get used to all the files in /etc. The big advantage over windows is, though, that most of the config files are ascii files that you can easily manipulate with an editor in the command line. I remember having to click my way through several layers of contractable directories in order to reach a certain entry in the registry under windows.
Just don't connect it to a modem or LAN.....
See my journal, I write things there
On Unix/Linux Desktop systems there is nothing on the system as important as the user's data in his home directory.
You can do a daily backup simply putting something like this in your crontab or in cron.daily:
tar -cjf /var/backup.tbz2 /home
But if someone get the root privileges, even the backup can be destroyed.
Moreover, root has more power then a simple user: he can set promiscuous-mode, he can bind socket on ports below 1024, he can use more resources, and so on, so if a worm| virus | trojan get superuser powers, he can do more dameges at the net, and not only at a single computer.
So, even if the computer is used as a desktop, you can limit the dameges done by a virus, simply not logging as root and being a little smart (doing backups).
I have a small Network with 11 Computers, 5 of them are not using windows. Since they are behind a firewall they can still be infected:
- by email
- by downloading infected software
- by using infected mediums
So, what is the best GNU sollution preventing your network from being infected, or alert the admin if a computer has been infected?
That's not a valid comparison at all.
You're comparing SERVERS to DESKTOPS.
Does Joe User who logs on to Chat know a lot about computers? Most likely not. Hence why they use Windows, because it is much more prevalent and user-friendly.
Now if the problems were caused by all the Windows sysadmins running stupid attachments, it'd be one thing. But that's not the case in general.
If you're going to make a "Windows sucks, Linux users rule" comparison, at least have some validity behind your comparisons. This isn't a flame, this is just common sense.
"PC Load Letter? What the $@#% does that mean?!"
Tell me, can it be activated by the "preview" feature of Eudora or Mozilla?
Will they open up attachments that you don't want them to? No?
I'd say that makes it a lot less susceptable to this worm, and a lot of others.
In fact, this is usually the case. E-mail programs normally shield execution of binaries from the user entirely until they say otherwise.
So as I see it, for MOST clients, there are only two ways to be subverted:
1) Rendering leads to hackability. However, most can only render html or plain text. Perhaps a vulnerability can be made on the html. Because of HTML's unbelievable simplicity (and the sandbox that is inherently placed upon it), though, that would be extremely difficult. Plain text should be impossible to exploit, unless the designers are very stupid.
2) Client could be attacked through it's connections to the internet
A buffer overflow attack via SMTP, IMAP or POP? Their simplicity makes it easy to write in such a way that the user can't exploit (besides sending billions of unwanted e-mails). Once again, the lack of complexity means that to produce an exploit the designers would have to be very stupid.
Essentially its the extra ability to render a complex programming language that makes Outlook uniquely vulnerable without user intervention (user stupidity for opening unknown executables); other readers do not suffer from this. Perhaps if more people knew this we could stop living in fear of viruses that could have no teeth.
Mod me down and I will become more powerful than you can possibly imagine!
1) Unsuspecting user selects a range of unwanted messages;
2) Unsuspecting user deletes messages;
3) Display updates and lands on an infected message...
4) BOOM!!
I dont have problems with my Mac OS X box og Linux.
Then again, security was never Microsoft's forte.
I dunno. Slippers come off too easily...
Time flies like an arrow. Fruit flies like a banana.
I still have not seen a virus that can work with pine. I've used pine (under various Linus/BSD/SunOS ) for years and have not had ONE fscking virus. My friend that still runs elm hasn't either. If I need to grab a file from an email then I either export from pine or grab it via web with horde/imp. This is via *nix or winders. Never a fsckin' virus. Just say no to Outlook (which is actually the name of a town in central Washington that STS crewperson Bonnie Dunn grew up in) and use an email client that is just too dumb to fall for all this crap.
-- I have a private email server in my basement.
Not for me. After someone brought a contaminated laptop in yet again and caused the IT staff here to spend 50+ hours cleaning up the mess across the whole network, I was told "You, don't boot your laptop - I don't want it on the network".
While I did boot into W2K about a week ago, my daily desktop is KDE 3 running on Linux. When I pointed this out, the IT manager said "OK, use Linux just don't boot into Windows." {BSEG}
The only thing that irks me is that I can't easily check the Windows partition for the virus (no floppy drive) without booting it and my last full backup was just before the virus was noticed. Bottom line: I don't trust a virus detector/remover to remove a virus that got there before it did.
A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
Um, the correct form is viruses.
Um, the correct plural form is virus.
Um, the correct plural form is viruses.
see nmap-manpage:
There are only 10 types of people in the world: Those who understand binary and those who don't.
>Who gives a flying crap if your /etc directory remains untouched when ~ (where the irreplacable files are) has been wiped out?
I for one. (Well, in my case, it's an earth-bound crap. Mice don't fly).
It's a heck of a lot easier to restore data to my user directory than it is to rebuild and entire machine, patch everything, reinstall third-party apps, reinstall third-party kernel mods (win4lin, Nvidia drivers, etc), AND THEN reload the user data from tape. I usually only backup user data on single-user machines, not the entire machine. Much less data to burn to tape/CD/whatever for a "typical" Joe Schmoe user.
Actually, it will just "magically infect you because you're running windows" in some circumstances.
The virus uses an iframe vuln that Outlook's "autopreview" feature is vulnerable to. You don't have to open the email, you just have to receive it and have autopreview on, which is how it's set by default ofc... No running or opening of the email is required. Sad huh?
I could've sworn that I'd captured some other virii have used this particular exploit in the past though... Oh well. *shrugs*
Ah, good old fashioned flamebait. I don't get to see many people make asses of themselves anymore, so I thought I'd drop in to tell you how much of an ass you're making of yourself.
Root level exploits for Windows are released nearly every week. Sometimes its Outlook, sometimes its Internet Explorer, sometimes it's IIS... the list goes on and on; it's Russian Roulette--you never know what it's going to be. That means that stupid advice like "automatic update" doesn't work--different people have different purposes for their machines. So don't expect when you use half-assed general prescriptions like "automatic update" that someone should listen.
You don't even have a clue, do you? Beyond deploying someone else's pre-packaged, pre-planned network of PCs that are all exactly the same, that all get their network information from a DHCP server (that someone else set up), you don't know shit. Yeah, if we all had to take care of the simple shit that you do, automatic update would be the answer.
*Yawn*
You obviously understand that different computers have different purposes, and therefore require different treatment. But you have one asshead idea of how to take care of computers differently.
Even worse--when someone responds to your lame excuse for understanding telling you that automatic update no-workee, don't pretend like you were giving advice for a specific instance.
I mean, that's just stupid. Microsoft's patch mechanism is broken, from its design to its implementation, it's broken in so many different ways it's just pitiful. And you have the gall to tell someone that they should be using it--no matter what their situation...
Magic 8 ball says you need to get another job soon. The days of bullshit administration are gone along with all the venture capital.
So why don't you cry some more about how we sound like old women, or cry about how we have nothing to say.
Go ahead, little one--cry.
Who's the prettiest? SHO'NUFF Who's the baddest? SHO'NUFF
Automatic updates + DNS hijacking (pointing users at my server rather than microsoft.com) = all your windoze boxes are belong to us
UK-based MessageLabs said it had trapped 75,000 copies of the worm on Thursday
In a cage?
there is nothing on the system as important as the user's data in his home directory.
;-)
Agree. That's why I back up the users data daily regardless of OS. If that fancy new screensaver/kernel-compile/email-attachment nukes their data I have a backup (which they get if they ask nice and promise to be more careful in future
As for the in UNIX it's only a user account that gets trashed not the whole system thing, may I ask how many admins have hardened their systems against a local attack? Remember:
remote non-root exploit + local root exploit = remote root exploit
Yeah, except - when you actually browse to that registry branch, this entry isn't there! You have to create it before you can turn it on. Who knows what other useful things you might be able to do if you only knew what registry keys to create??
So yes, you can often find a program's settings in the registry - but this is a lot less helpful than it sounds.
Got the first bugbear.b at Jun 5 12:02:28 (central). The virus scanner's blocked 5 so far. It's been a nasty virus week already due to sobig.c and (still) klez.h. One out of 12 emails have been a virus.
This has been the worst week since we got hit by klez, but this time it hasn't caused a problem. When we got hit by klez, it was before there were updates for our desktop virus scan. Now, all email's scanned by a different brand of scanner before it gets to the desktops (which still have antivirus software installed), and the server checks for updates every hour.
BINGO! We have a winner...
All of the slashdotters are too fucking stupid to realize that linux and alternative software is NOT the answer. WHY? Because you know that someone that is running debian for example is fairly smart. IF you're fucking stupid enough to run attachements your too stupid to install linux and/or alternative software.
You can make a general assumption that someone who runs attachements or has been infected more than once is a fucking idiot. You can also assume that they couldn't handle linux - even - Mandrake!
At least, if I make a mistake editing one of those Linux text files I am unlikely to completely hose up the machine. Whose bright idea was it to make an OS (Windows) dependent on a single (easily corrupted) binary database to boot up? A database that is modified practically every time a setting is changed or a program is installed. A file that keeps growing the longer you own your computer and as a consequence slows your machine more and more.
God is imaginary
I don't have a "Read" tab in the options. Where is it, please? I'd love such an option.
I can not agree more. The users do not care about anything beyond their files and to be honest what use is a working network if you lose your work when you save it. Guess what the CEO uses on his computer I bet it isnt any thing beyond a bit of surfing, email and word processing.
Please some one mod this parent up!
Sorry but enterprise level and MS do not belong anywhere near each other despite what MS wants you to believe. I'm an MCSE and I can't imagine running critical services on the MS platform...as an application platform windows server is just too bug ridden.
So either you've bought into all the FUD or you're speaking from experience, in which case I call PEBCAK (Problem Exists Between Chair And Keyboard). Either way, you don't know what you're doing.
We have (at last count) approximately 270 Windows Servers (as well as all our Linux and AIX servers), including DCs, file servers, print servers, etc., etc., and many application servers. We are a 24x7x365 operation, and the vast majority of those servers have been up for months or years. Most of our unplanned outages are due to hardware errors -- blown motherboards, generally, as we have redundant hardware where ever possible.
I can look at some of my servers right now and see uptimes which are pushing a year. Some of my servers are in constant use by 700 users during the day and 30 to 50 users during the night. Up until March, they had 100% availability. In March the application hung due to a bug in the vendor's application -- totally unrelated to running on MS. (Incidentally, it was fixed by restarting a service -- no need to reboot the server.)
We use firewalls and virus protection software and patch our servers (carefully -- some MS patches can break things), and don't get hit by these problems. Want to know why? Because we are expected to keep things going so we do, and we know what we're doing! If stuff breaks, people get fired. So we build servers the right way the first time, and then, remarkably, they seem to be rather robust.
We wouldn't be nearly so happy if we had to keep running to the server room all day, by the way. NT 4 was a lot more difficult to manage, but Windows 2000 allows me to do virtually everything from my desk, which is efficient and just all-round desirable. So don't believe the FUD that you can't remotely manage a Windows server, either.
For what it's worth, I'm also an MCSE. I got mine because I'd been working with MS products for several years and knew how they worked, what was wrong with them, and how to fix them. Some of my colleagues in the past have been paper MCSEs. Guess whose servers tend to be flakier?
I know what's wrong with MS products -- they're by no means a magical company, and I've learned the hard way (NT 4 service packs that broke and also modified the SAM, or horribly painful Exchange 4.0 information store recoveries, and on and on). Hey, maybe that's got something to do with it -- I worked my way up, I gained my technical knowledge by fixing things when they borked and building systems from the ground up, and in the process became intimately familiar with the products' strengths and weaknesses. What do you think?
... And, these text file can (usually) have comments and examples embedded in them. Try THAT with the registry.
The Windows registry was, and is, a bad idea. It quickly becomes obtuse, is easily corrupted, filled with crap that doesn't go away when the program is deleted, etc.
Um, the correct plural form is virus.
From Webster's Unabridged Dictionary of the English Language:
filled with crap that doesn't go away when the program is deleted,
How is this different from Linux programs that aren't managed by apt that decide to spew their files across the entire directory tree without telling you, and certainly leaving behind crap?
Are you using Outlook 11 by any chance?
Who gives a flying crap if your /etc directory remains untouched when ~ (where the irreplacable files are) has been wiped out?
/etc or /home. Both are small enough that I can send them out to the second hand DAT drive I bought for £20 every night.
/usr I would have to reinstall my OS, which is a lot of hassle. Or worse, it could install spyware or a backdoor on my computer.
I don't care about
If one of the users on my system (various non-geeks that use my computer for various reasons) are stupid enough to run an untrusted executable, I don't care if their home directory gets trashed. If they really care, I'll dig out the backup.
But if they had root access and the virus trashed
So the seperation of users is clearly extremely valuble to me. The only person likely to completely screw up my computer is me, which is good because I trust myself not to. But I don't trust other people not to, but I still want them to have access to my machine.
I'm surprised that no-one has written a really destructive outlook virus yet. That is, one that, when run, first does all the usual tricks to propigate itself, then, say, waits an hour, then starts deleting everything it can on the computer.
I mean, I understand the appeal of installing backdoors ("1 0wnz j00", etc), but you'd think that someone would have released a really destructive version by now.
Outlook 2002 SP2 (10.4219.4219) doesn't have this option that I can find... what version of Outlook are you running?
o/~ Join us now and share the software
I'd really hate it if I ran a program as my user account that had a trojan.
It might not have access to change global configuration settings, but it sure could get all my em,ails, and/or connect to the XServer and grab my ssh passphrase for other systems (where I do have root access)
the computer is online
i am not at it
what a waste of ressources
alternative_order text/plain text/enriched text application/postscript image/*
/etc/mime-types is already set up quite well by Debian, so I didn't have to worry about that part at all (and GPG with Mutt is also set up for me).
auto_view text/html
(Note that the first bit is all one line)
What does this do? If the message has a plain text part and an HTML part, I see the plain text part. If it's just HTML, I see that (rendered right there, no extra work).
You also get cool features like the ability to bind a shortcut to report email to Spamassassin as spam for your Bayes database. And I get to compose my email in Vim (OK, maybe most people will not want this, but you can use any editor). Mutt rocks.
WMBC freeform/independent online radio.
Because we're talking about configuration data, and not the files that are part of the application itself.
AND, you can't just take one small piece of his argument, attack it, and somehow think you've supported your position. Even if your point is given to you, it doesn't change the fact that the windows registry gets bloated and more easily corrupted the longer you keep a windows install around.
As to "not managed by apt..." this is why we /have/ package management utilities...of all sorts of flavors. In response I ask you: "How is /that/ different from windows programs that aren't managed by add/remove programs that decide to spew their files across the entire directory tree without telling you and certainly leaving behind crap?"
"No nation could preserve its freedom in the midst of continual warfare."
--James Madison
You're making a pretty big assumption there. That being that it's the admin that can't stand to have any downtime. Most of the time it's users/management that refuse to allow any downtime. I can't tell you the number of times we've sent out messages indicating we were going to take a server down for scheduled maintenance only to be told we can't. Even when it's scheduled maintenance and allowed for within our uptime committments you can't get people to let you take a server down sometimes unless the darn thing gets cracked, crashes, or otherwise spontaneously (oops, bumped the power button) goes down.
"No nation could preserve its freedom in the midst of continual warfare."
--James Madison
In 3 years, we've had one unplanned downtime due to software, and that was an MS hotfix that hosed our main server.
The secret - no file and print. All we're runnung is our own handrolled server processes, and a carefully set up IIS, with SQL Server running on a non-exposed server at the back end.
It's not quite 5 nines, but it's damn close to 4.
If you keep the users away from the MS stuff, it's actually not a bad application server.
oh brave new world, that has such people in it!
Red Hat (which I guess is what you're using, since you mentioned up2date) has to provide updates for many more applications than Microsoft. Debian has to provide updates for even more. By all rights, Debian, who officially include the largest number of programs ("contrib" ran away with the spoon) should have the most security advisories BY FAR. Why don't they?
I don't want to hear any BS about popularity, either. Yes, that does have something to do with it, but I see posts on BUGTRAQ every day about some CMS I've never heard of before. Besides, if more people are using Microsoft's products, they should have a greater degree of responsibility. Last I heard, at least part of the U.S. government (FTC?) agrees with me, as they are considering bringing charges against Microsoft for that big Passport vulnerability.
As for users running dangerous executables, I'm all in favor of having Internet software like Web browsers and email clients operate in a true "sandboxed" environment (say, as another user, maybe even chrooted), and being able to elevate their priveleges slightly when necessary (such as when trying to attach a file from the hard drive). Certain MTAs do this, too. Unfortunately, I don't have the skill to implement this properly at the moment.
WMBC freeform/independent online radio.
From the article, and please pardon my quoting...
=========
"He really wanted to get into those machines," Kuo said. U.S. financial institutions probably arenâ(TM)t at risk from this technique, Kuo said, because most donâ(TM)t have modems attached to their critical computers any more. But "less technologically-advanced countries might," he said.
Neither firm had evidence that a financial institution had been hit by the worm.
The virus writer employed other methods to steal financial information, Sunner said.
"Particularly worrying is the fact that not only can Bugbear leach confidential information from an infected machine, but it may also leave a backdoor wide open for hackers to take control of the machine and misappropriate passwords, credit-card details or for some other nefarious purpose", he said.
=======
We have a byline quote that reads "Some of the wormâ(TM)s functions are designed to specially target financial institutions". The logic of this thread is that because this worm can use a modem, it's probably targeted at financial instutions. There are no known financial institutions infected yet, but anything that leaves a back door must be designed to steal credit card numbers, passwords, and money. That's a gross simplification, at best.
This worm communicates by modem as well as ethernet. Most of our recent worms have limited themselves to SMB file sharing and email for propagation. I will accept the logical connection to point-of-sale machines with dialup modems, but most of the ones I've looked at connect to a local server across a serial network or utilize an always-on isdn for external calls.
My first impression of this worm, as it was of earlier versions of BugBear and SoBig, was not that it was designed to get money. This one is modified to afflict dialup internet subscribers as well as broadband. I know companies that have a local LAN with one machine serving as a dialup gateway. They're hosed now. How the original article made the logical leap from modem to money so quickly is just beyond me.
-j
-j
Remember, that pretty much most of the code bundled with Linux until the mid-to-late nineties were between five and twenty years old save for bug fixes - features were not being added to 'elm', sendmail was also largely getting bug fixes, the spam wars had only just begun, etc. Only the Linux (the kernel) itself, XFree86, and Apache, if it was bundled at all, were that new.
You are not alone. This is not normal. None of this is normal.
Which is exactly why so many worms target Apache rather than IIS.
But since IIS is *easier* to exploit, less investment is required for a given return.
ROI can't be measure simply based on how many machines get afflicted, but rather the number of machines per unit of effort expended creating and propagating the exploit.
no probs, welcome. I'm not a windows guy so it's hard for me to remember all the arcanity involved with these dialer things, but I had a good friend who got nailed with something similar last year, and he was highly embarrassed but was stuck so I researched it, had decent results with google and found the removal sequence, and was able to clean his machine. And I saw the infection vector, it was a normal spam he got, and he had his mail program just execute it semi automagically near as I could see. I also told him to dispute heck out of his phone bill if they insisted on ridiculous long distance charges due to what is in essence a buggy computer system and getting hacked with a virus. And this guy runs paid-for firewall and virus scanner, too, not just the cheaper freebies, and still got it. I was prepared to document all the steps that had happened for him to use in his defense and dispute of bill, but luckily the phoneco was understanding, I think they had already received tons of complaints on it. I can't remember the exact name of the bug now though, but it was similar to this one IIRC, and it was definetly german porn that it accessed, that part I remember.
Personally, I think nowadays the best "distro" for joe average home surfer is to run one of those "live" cd things like knoppix or whatever, to not even have an operating system installed at all on the hard drive, and have it set up as a full "no write to nothing" sort of computer. Fast chips, huge amounts of ram, and that's about it. It's getting to the point that anything, any flavor OS, is just too complicated and too open to bugs du juor for security purposes. To USE that's a different story, all of them "work" plenty good enough to use, really, to KEEP SECURE is another thing entirely. It's only a matter of time now, when, not if, before some superworm takes down most of the computers on the net, something that will work on various OSes simultaneously and bust through normal scanners and firewalls and even take the sophisticated sysadmins unawares, all the way to critical nameservers. In fact, I bet it's already written, just not released yet. That's a pure WAG though I admit. I'll prename it, the armageddon blitzkrieg worm. (hope I haven't stolen a name there), because that's the effect it will have.
RTF man page - NULL scans don't work on windows. Try -sS instead.
your too stupid
What if you're just too stupid to spell correctly? Especially a word you got right earlier in the very same sentence? Spare us the elitist BS, OK?
I do not have a signature
More worms for Windows because Windows is on all the desktops? So what. Ooooooo, I can snag some old ladies original pentium. Wow, I'll crack the world with that.
OR: I can hack a Mosix or a Beowulf cluster. I could hack a nice blade server, or some corporate infrastructure. I could hack GOOGLE!
BWAHAHAHAHAHAHAHAHAHAHAHAHA!
All the good stuff runs Linux or Unix. IT ALWAYS HAS. So why are there FAR more exploits for Windows? Because it's on a lot of crappy machines? OR because it's an easier target? Seems pretty obvious.
Just my opinion.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
I don't see why Linux is so secure:
Making a linux worm:
- Open attachment.
- Run, fork and become orphan process.
- Let's run in the background sending e-mails using users info, until somebody realize that it's running and kill it.
This kind of worm can run a looong time in your machine with your user privilege and you wouldn't notice.
But that is OK, because "passwd" is a very small program, and if it hasn't been thoroughly audited by now, I'd be really surprised.
Software does this all the time; one of the MTAs (qmail?) has small, separate parts of itself that are run as root because they have to be. And, as Stuart Smalley said, that's OK. It's OK because it's just a little, limited piece that can be easily examined, and because all sorts of security experts are free to look at it.
I feel that this should be taken even further; there should be a specialized, unpriveleged user account for your email program. Say my username is "bob", then maybe there would be "bob-email", "bob-browser", etc.. Bob's email client will run, possibly in a chroot jail, as bob-email. It would have small modules that elevated themselves to "bob" priveleges in order to do things like attach files from Bob's home directory. Actually RUNNING attachments would take place as "bob-email", and couldn't hurt Bob's (or anyone else's) files.
WMBC freeform/independent online radio.
Some people say it's because Windows is much more prevalent
than the Linux, but there are a lot of servers running Linux now.
Bullshit. The Slammer worm is your smoking-gun counterexample. It attacks MS SQL server. But MS is not the primary player in the SQL server market. IIRC they control 10% by their own admission. So why doesn't Oracle/Postgres/MySQL get a virus attack with as much notariety?
That's my whack-a-troll for today.
Practice Kind Randomness and Beautiful Acts of Nonsense.
I'm no more ready to eat my words than I am ready or able to go back to M$ crap. Free software is vastly better today and the differences will only become more astonishing in the future.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
Actually, there is a higher ROI with IIS. Sure, Apache is on more servers, but the point is generally to infect clients. IIS is on Windows and that Windows box can be used to infect clients.
Don't get me wrong, I know it's generally understood that Apache (depending on mod's) is far more secure than IIS (at least version 5 and below).
There is no longer anything that can be done with computers that is nontrivial and clearly legal. -- Paul Phillips
There has been an increase in visibility, but I don't think that dramatic an increase in use. It's still pretty much only hardcore techies that use Linux. For some actual numbers, there's Google's Zeigeist, which shows Linux as accounting for 1% of Google visits. And if anything Linux is more common among google visitors than the general public (many of whom are AOL users and whatnot).
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
And that means that the source of those patches can not be trusted, otherwise you wouldn't need to test the patches.
Most people know this, but it's a pitty that it's widely accepted. Why wouldn't people refuse to this testing for the company who provides these patches. It's their job after all to keep their own platform clean.
MS earns a lot of money with their products, they sure can spend money on testing these patches in a better way.
Karma bonus off becouse it's a bit stupid and easy to mod down that way.
So basicly yeah yeah Mac Os, Linux... spice with a little "Some day Linux viruses.." add "Ohh we have a new Linux virus" add to the fiction presented as news file...
(Every Linux virus posted on Slashdot over the last few years has been fake. There was ONE virus and it's dead)
MacOs of course had many viruses but Mac Os X should be relitively safe (unless MacOs X really dose run as root as Lindows people clame) and of course Lindows is infectable. How cool is that?
But back to the point. You don't need to even switch operating systems to avoid e-mail worms.
How? You ask? Switch e-mail programs of course.
Well yeah du I mean hay just use unpopulare software and nobody will bother. Isn't that how Linux and MacOs X avoid viruses? No not at all.
use Eudoria. Unpopulare? Yeah right. Next to Outlook express Eudoria is one of the most populare if not the most populare e-mail client.
I use the PalmOs version it kicks butt.
Eudoria dosen't do anything quite so stupid as outlook express. It cerenly dosen't open file attachments automaticly. It's reasonably secure and quite nice.
So there you have it...
Eather change your os or at the very least use Mozilla and Eudora and you don't have to worry about e-mail worms.
And while your at it try open office for Windows and other free software.
But then I need to explain myself use Linux but I don't ever read my e-mail from my workstation anymore. I dodn't even use my workstation from my desk much anymore. I pull out my Palm Os PDA and zip...
But one more thing. If you are going to use Windows for goddess sake install the stupid updates thank you very much. It's not just the stupid bone head security flaws that any moron could avoid but the more sereous design flaws that tend to find there way into Linux as much as Windows. So switching to Linux dosen't help on the update front.
Course I'm one to talk I need to flush my system and reinstall Linux again....
Maybe I could order the new Linux From Scratch book.... Yeah sounds good....
I don't actually exist.
Really? What if one's corporation is running Unix only? Perhaps .pif stands for personel information format at one's company. Perhaps one's corporation has a strict no-lusers policy.
I prefer my mail feed unfiltered. I'll accept SpamAssassin mangling, but that's about it.
No. I don't have anything better to do.
And I've never tried Mandrake either. According to your own post I must be "fairly smart". I've been running Debian GNU/Linux for a couple of years now. Of course, my main machine runs Gentoo, which makes Debian look like Red Hat in terms of ease of installment, so according to your method for determining smartness I must be some sort of Einstein.
What set me off? The fact that you're drooling about who is a "[expletive] idiot" and at the same time you make trivial spelling errors-- the sort of error most of the "idiots" who open email attachments learned to stop making in junior high.
I do not have a signature
"I feel like I am being pecked apart by one of those earth creatures...large bill...webbed feet...goes quack....ahhh...what are they called?" "cats?"....."CATS ...yes.....CATS"
Which is even funnier.
You will not drink with us, but you would taste our steel? - Walter Matthau, The Pirates
Hey, I'm open other ideas.
But if you're going to dispute me, at least provide some links.
"Can of worms? The can is open... the worms are everywhere."
...unless you've patched outlook, like I said...
Username taken, please choose another one.
I can look at some of my servers right now and see uptimes which are pushing a year.
So you are behind on how many critical patches which require a reboot?? MS patches which affect SQL server or IIS etc and are labeled critical and have admin level exploitation potential come out every couple of months. It's people who try to run MS boxes like they are UNIX machines that end up getting hit by slammer or worms like this. You NEED to apply patches and reboot every couple of months at a minimum, uptimes of over 3 months ususally mean there is some critical patch you missed which leaves you vulnerable. You can have fine availability with a cluster most of the time, but some patches have to be applied to the whole cluster simultaneously because of the way they change things, the different parts of the cluster can not be on differing patch levels or data corruption can occour. Like I said I have no problem with windows for non-critical roles, and with server 2003 maybe even for web serving (IIS 6 finally has a sane default install), but for things that are typically labeled enterprise applications (large DB, CRM, ERP, financials etc) there is no way I would build them on the MS platforms, the alternatives are too stable to really even consider it.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
6.00.2800.1123
Yah. And *.exe's don't bother a Mac much either. But that isn't to say that they're useful. My default assumption is that if an email comes with a *.exe attachment, or is html formatted, then it's garbage. I'm generally willing to reconsider, but it starts off in the penalty box for unnecessary roughness. And getting out of there is difficult. I better know the sender, and have reason to believe that they intended to send me an executable e-mail. Of course, I'm an individual, not a corporation, but I feel that an variation of this should be used by anyone.
If mail comes in with an executable attachment, including html, then forward to the addressee an notice that mail with this subject from this sender is available, but is being held in jail pending intentional adoption. Perhaps one could even have a special machine on which such e-mails could be opened. Say a VMWare installation inside a user with no priviledges. And refresh the VMWare image between invocations. Depends on how paranoid one wants to be...which depends on the reasons.
But these days one should never believe that an e-mail is from who it claims to be from. Or than an executable attachment is innocent. It might be, but insist that the putative sender vouch for it independantly. Or treat it with quarantine tactics.
I think we've pushed this "anyone can grow up to be president" thing too far.
Except that newbies have done that as well. They installed Windows 2000, and for some reason installed IIS (because they were playing around in the optional components install, or something like that). Then, when Code Red, Nimda, et al hit big, they got hammered because they weren't up to date. They weren't up to date because they didn't know they were running IIS.
I hang out in EFnet's #Linux on occassion. I've been there for years. Several years back, it was quite common to see a newbie say, "I chose to install everything, because I didn't know what the other options did," or, "I didn't want to miss something, because I don't know how to install new software yet, so I chose to install everything." My problem isn't with newbies. They don't know any better. My problem is (well, "was" until some distros got their heads out of their asses) with distros that have stupid defaults. Something like BIND should only be started if it's specifically requested. The act of installing BIND is not necessarily a request to run it. (replace "BIND" with any other software that most people have no need to run, if you think I'm picking on BIND too much)
too bad you're in the minority.
Guess me, and my entire family and friends are in the minority. Including my seventy year old grandfather.
I have a lan of windows boxes, all tweaked and maintained to do what I need them to do - From the satellite router, to the server machine for my developmeent stuff.
No virus hits, no worms, no trojans - one server has an uptime of over a year (win 2k).
That's why i laugh at folks who talk of BSOD's - they don't happen if you maintain your stuff - stay clear of commercial p2p's and use your systems for things other than pron.
One other thing I'd like to point out - It's funny when a linux distro is cited here with a vulnerability that is patched within a few days, But microsoft has a two year old patch that folks forgot to apply, and somehow Microsoft is to blame.
It's little things like the BSOD's, the disparity of treatment that cheapens the argument of anti-microsoft folks.
Microsoft has done some really stupid things - but one would thing that rational argument would be applied isntead of (for lack of a better word) "Following" geek mantra that just isn't real anymore.
G-buy Karma - nice knowing yah (ducks)
_ _ _ Go for the eyes Boo! GO FOR THE EYES!
The person who can't spell is telling me to get a dictionary. That's rich. Also, there is no such word as "virii". The word you were trying for is "viruses". Get a dictionary indeed!
I do not have a signature
Which is even funnier.
It's definitely funnier when you actually see it played out. A text rendition can't do it justice. Which is why I just went for the line after that, when he summed it up -- more succinct and so better for a sig too. Also, half of my intent was use a reference that only the "true" B5'ers would get -- hence the "L." instead of "Londo".
I may need to go back and review, but I am pretty sure he said "nibbled" instead of "pecked" -- which is part of the joke; he got it wrong in *two* places!
"Orthodoxy is unconsciousness" - Orwell
OK, so Microsoft makes a patch available to hundreds or thousands of corporate customers. That patch fixes the current virus weakness... but often by nuking something else that might be important. Now... why didn't you know about that? Because you can't see everything that is happening, and MS doesn't tell you.
Yes, it's true than many orgs don't have admins capable of reading/editing a lot of source, but many do. And when you have thousands of orgs, at least one of them is likely to have a competant coder that looks and says "whoa, this doesn't look right" or - if not, and something doesn't break - can go in, trace the bug down, and then say "whoa, this is screwy, this should be XX not YY."
By promoting open-source, every customer also has the ability to become a developer - or a fixer - and contribute. By using MS closed-source... only MS has that power, and hence the delays/problems/explosions involved with patching.
Man, did I ever get a shock; with his comment modded down, it looked like you were responding to me! My asbestos undies are just a little singed. ;)
Even a small network I administered (the last one that didn't require an NDA, and therefore the only one I've got on record on my website) things started off easy. A plethora of PC300GL machines came in by way of 53' trailer. They were deployed, one image created, and life was good.
But then, we got new machines. Faster machines. Different chipset. This was no good. Ok, two images.
Suddenly, the multimedia labs required extra programs; graphics, sound, video ... ok, three images.
Now we have 24 AutoCAD licenses (and the two associated dongles per machine) that required a new image. Four images.
Business classes? Five images.
More new machines? SIX images. At this point our test period for each workstation image was all of 2-3 hours. Any longer and the images wouldn't ever make it to the machines before they had to be updated again.
Long story even longer, the image deployment method was fantastic in the beginning, but as time went on our needs diversified and suddenly maintaining images was taking up a large majority of our time. That wasn't even so bad; IE was around version 5.5 (6 was in beta) and patches seemed only a monthly experience. Patching the workstations meant re-imaging entire labs which, due to funding, were only at 10MBit/sec and 24 shared a single 100BaseSX uplink to the network backbone. Imaging the machines during class time was out of the question, lunchtime wasn't long enough, so that meant overtime every time we had to update the workstations. I don't know about you, but babysitting 500+ imaging workstations until 8-10PM is not my idea of a good day.
As for imaging the servers, well, we had to wait until the usage dropped to nothing (again, overtime) before we were allowed to take any of them down. We simply didn't have the budget to duplicate our NetFinity's in the interests of redundancy. So now we spend all evening testing the patch application, and the rest of the week eyeballing every activity log we could get our hands on to isolate and account for changes in behaviour the updates implemented.
What our dear friend 'anotherone' has to realize is that babysitting and updating Windows workstations alone is a full-time job. Most networks aren't even as cut-and-dry as the school I worked for; we were allowed to mass-wipe machines on a whim. Network policy forbid saving of anything on the local drives. When you're dealing with a network of thousands of workstations which are almost all unique, running updates is a small nightmare. When you run dozens of servers (enterprise or application), it's a big nightmare.
Employees don't tend to listen to "that network guy", so they save everything to their local drive (the Fujitsu fiasco smartened some people up, but many were still P.O.'ed at their sysadmin for not having backups of their PC...) so re-imaging is out of the question. Not to mention the fact that you have to get the consent of;
Keeping in mind that likely 4-5 of those people know nothing about computers, but expect you to fix it without, in some cases it seems, touching it.
So you and your trained monkeys ("Junior Sysadmins") stroll about the office, updating and quickly testing each and every workstation. SO you miss one. It
BD Phone Home!
Shameless plug. Like you weren't expecting it.
Yes, but if you can't get idiot windows users to realize that using "auto-preview", opening "pif/exe/bat/com" files is bad, and "Click the monkey to claim your cash" doesn't really win you cash, them...
Chances are you're not going to make informed 'nix users out of them. The scariest thing is the half-educated users. You know, the ones who know how to install XX but not to run it as root, and especially not without patching. That's what gets you rooted.
The scariest part, at one point, we're all half-educated... it's part of the learning curve. You can't just automatically become a linux guru... and even many of the best linux admins at one point were probably scratching their heads (or other parts) and thinking, "oh, it will run fine as root"
I stand by my statement, and I'll give you another reason. If you follow the link I posted, you will see that John's filter does more than block exe's. It also handles things like web-bug images (search google if you don't know what those are.) and many other things. I also mentioned that it was an EXAMPLE of a good filter. I assumed that readers would be smart enough to know that they should adapt the technology to their own environment.
FYI, I run Linux as my main desktop OS, and various other flavors of Unix elsewhere. If you think you are invunerable to email worms and viruses just because you run Unix, you really don't have a clue. Go look at some of the security bulletins for Mutt as an example.
Anyway, good for you that you run Unix, but don't let Unix's built-in protections be your only line of defense. It's only a matter of time before some bozo decides to take advantage of slacker behavior.
Exactly. Who's bright idea was it to make web applications rely on RDBMS systems that depend on a single (easily corrupted) binary database? A database that is modified practically everytime you enter or update data. A file that keeps growing the longer you run your web application and as a consquence slows your machine more and more.
why does it need to rescan all files - even ones that have not changed?
Because it takes five minutes to figure out for the
virus writer how to trick your scanner that the
file ISN'T changed by setting the clock back and
touching the file once.
-- I'm as unique as everyone else.
Wow. You have some serious issues.
I do not have a signature
Okay, that's Outlook Express, not regular Outlook. So, the tip is still useful, but not to Outlook users, only Outlook Express.
o/~ Join us now and share the software
"On Unix/Linux Desktop systems there is nothing on the system as important as the user's data in his home directory."
/home/* directory in a /home/backup/* directory, owned by the backup user and readable by the respective users?
Is there a standard method to keep copies of each
Or does every sysadmin write their own script to do it?
I'd suggest VMS right off the bat but to be really safe you might want to try something even more obscure like MVS or Plan 9 or the like. Linux is large enough and widely enough used that it is the target of many hack attempts. All sorts of venurabilities leak out for it. Granted, most of them probably only affect components you don't use, but you never know when the day will come when one does. So, if you are going for security through obscurity, go for a more obscure OS.
I can't remember the last time I heard about a VMS security hole, and I'm actually in a position where I might (we use VMS on a couple boxes at work). There are just too few systems to make it a worthwhile target. Also, it's real different from UNIX or Windows so most people would have NO idea what to do with it, even if they got in. But even then, you can do better. There are even more obscure and less used OSes.
Heck, if you don't want to get new hardware, just check out QNX. It is still POSIX based, which is bad since that means it is something many people understand, but it is still different enough that few people are able to target it with any effect.
Now of course I'm sure you have plenty of reasons why you can't or won't do this, including learning a new OS, liking what you have, your software not being available, you hardware not being supported, etc, etc. Guess what? That's the same arguments you commonly hear against Linux.
This "I'm safe with Linux because I'm in teh minority" argument is silly. Yes, you are a FAR smaller group than Windows users. However you are a far LARGER group than many other OSes. If security through obscurity (adn that is really what you are talking about here, using a more obscure OS so it gets less people is targeted) is a good thing and making concessions for that is ok, then pick a REALLY obscure one.
However many of us accept that despite the need to apply security patches and not do stupid things like open executable e-mail attachments, neither of which are hard at all, Windows is still the best choice for us. I suppose a similar parallel could be drawn to physical secutiy. I live in Tucson which is not, all said and done, a particularly safe city. It is large, near the border and has gang and drug problems. Though we have an ace police force, there is still a whole lot more crime than say a small town in the midwest with 600 people living in it. A family friend lives in such a town and people actually leave their doors OPEN at night often, not just unlocked. Violent crime is almost non existant. Yet, I find that the concessions I'd have to make to live in a place like that are not acceptable. I will trade some security, which requires me to be more aware and vigilant of my surroundings, for the privledge of living in Tucson and all that comes with it.
How to find applications which use a port (necessarily incomplete)
There are also hundreds of forks of the Linux kernel. Gentoo Linux provides more than thirty. On PowerPC machines alone, you can get the benh kernels for better hardware compatibility, or special kernels for NuBus machines.
So now that we have thousands of kernels, we must multiply them by the libc libraries that they are running. The possibilities are glibc 2.0, 2.1, 2.2, or 2.3, and there are multiple versions of each. Its also possible to have older libc5 or ancient libc4. And, multiple of these might be installed simultaneously, with different programs using different ones.
But back to the Slashdot article - its about a problem with Microsoft Internet Explorer and Outlook, a web browser and email program. There are many of these for GNU/Linux: pine, mutt, Mozilla, konqueror, kmail, many others.
In fact, there are so many different kinds of GNU/Linux out there that one may have difficulty hacking into them all. Maybe one should try attacking Microsoft Windows, which has only a few thousand variants.
==========
There are two types of people: those who are in the world, and those who aren't.
It would be pretty funny if a YAWW showed up. Some worm writer should name their worm that.
FoundNews.com - get paid to blog.,
I"M talking about how you suggested that if you patch your computer and run an antivirus theres NO WAY you'll get it, witch is incorrect.
You said nothing about the human factor, nor poor security setup
And saying *don't open the attachments* is just plain stupid. This virus does a good job of fakeing the e-mails, useing previous msgs in its body to get you to open the attachment, or at least let down your guard.
Not only that you never going to get people to start being smart about this. NEVER! And if i understand correctly, outlook will OPEN an attachment when double click, mozilla asks you to save and exe (just checked) and will not run it. Another chance the user might see its a exe.
they should at least built something into mail clients that when the attchments an EXE, PIF or whatever it warns and says this attachment might be dangerous, blah blah blah.
either way, haveing a totaly updateded computer won't help much. The iframe exploit is only 1 way it get onto the computer, and that just takes advantage of whoevers great idea it was to use HTML in mail.
Erk, yeah. So much for posting that freaking tired... My bad.
kd@w12:~$ ls -l `which login` /bin/login
-rwsr-xr-x 1 root root 34984 Jan 17 2003
-- which means, that login in Unix/GNU/Linux is SUID root and world executable, i.e. it just couldn't possibly have any more privileges.
Other than that, I agree with you.
Karma: Positive (probably because of superiour intellect)
You seem to have no idea about trusted computing, and still you get moderated as Score:5, Interesting... Now, this is really interesting, indeed. *sigh* Please do us a favor and read at least Ross Anderson's Trusted Computing Frequently Asked Questions for God's sake...
Karma: Positive (probably because of superiour intellect)
I gained my technical knowledge by fixing things when they borked and building systems from the ground up.
With MS products you can gain a lot of "experience" that way.
With enterprise quality products you actually learn by solving business problems, not by holding heroically your computer infrastructure.
Soory but the first poster was right, the applications that bring the bacon home do not run in MSware in most big corporations (my email and text processing station is fine with MS. I coule do without it but it is the "standard" and I only need to reboot it once a week once Outlook has got no idea what it is doing....).
IANAL but write like a drunk one.