Slashdot Mirror
Windows Virus Takes Out Gov't Agencies in MD, PA
Zolzar writes "Looks like the Md. State Motor Vehicles Administration is the first government agency reporting a failure of their systems due to the recent virus." This is a more specific story about the outage. And the city of Philadelphia has suffered as well.
Let's prove how insecure everyone already knows Windows is by shutting down government agencies, gee, I am sure the "haxor" would have been really proud of his/her self if he/she proved their point by porking say a hospital's computer system. What an asshole.
I hate sigs.
C'mon, this is getting so old ... but I guess that's the really pity, isn't it? Gives cities like Munich the last laugh.
A feeling of having made the same mistake before: Deja Foobar
The patches have been available for a LOOOOONG time now. They should have patched. They can't whine now. End of story.
www.sitetronics.com/wordpress
The person who created this worm did so to show that Microsoft's software was insecure. Their methods are bad, but they've shown that no matter how good WinXP sounds compared with Win9.x, it is still made by Microsoft. If you don't want this kind of rubbish, don't use Microsoft.
DSL reports has a security forum that has been taking this sucker apart and giving us the code:
r oo t=security,1~mode=flat
have a look:
http://www.dslreports.com/forum/remark,7649146~
You would think that somebody at the MTA would know about the patch, but no.
You still need a competent person to maintain the machines, no matter what software you go with.
Bringing down the DMV may be the best use anyone's ever found for a virus.
It's good to use your head, but not as a battering ram.
We discovered we got hit when our Sonicwall connections hit the limit every 10 minutes. It took us two tries to clean it all up.
And who was it who brought it into the office? The CEO. He thought he had a virus but connected to the network anyway. Mod that funny if you will but try being part of our network support team.
"She's a West Texas girl, just like me" - G.W Bush Iraqis
Good ole, trustworthy, reliable, secure, best OS, Winblows.....how can it still remain on 90%+ of PC's? That should be on unsolved mysteries.....
Looks like viruses like this may help speed adoption on alternate operating systems (like linux, OSX, et. al) on the desktop quicker than a dozen ESR's with geek infantry in tow.
Spoke with both sides of the family this evening, going on about how messed up their computers were acting and all they had to go through to get it patched up. I listened and informed them how well my iBook and the relative merits of UN*X and they listened...
Thanks again, Bill!
... Windows Update once every couple weeks.
I know there'll be dozens of "they shouldda been using un*x" posts, but in defense of Windows, there has been a patch for this on Windows Update since July 16. Even I had enough time to test the patch on a non-production system between then and now. Every platform gets its 'sploits throughout its lifetime, it's just a matter of learning about them and applying the proper patches in a resonable amount of time... especially on mission-critical machines. (DMV computers, etc...)
Are you, by any chance talking about MS Blaster Worm? ... Maybe then the media will get the idea too!
:/
Its good for us to keep using the correct terminology
Ok, time to get modded down.
A radio news report tonight said that a 3M plant in Minnesota shut down Tuesday due to a computer worm. Somebody's trying to run a plant dependent upon Microsoft...
"In Sweden, Internet provider TeliaSonera said about 20,000 of its customers were affected after the infection clogged 40 servers handling Internet traffic.
Among companies affected in Germany was automaker BMW, said spokesman Eckhard Vannieck. He said the problems did not affect production."
Really makes you wonder who ain't sayin...
I can forgive stupid home users, but shouldn't mission critical things like these patch every now and then? The hype surrounding this has been huge, and if you run unpatched microsoft stuff, well, good luck fixing it now. It will take a long time, but at least this worm can be fixed with little damage. Maybe this worm will get people to pay attention to security, but then again people said that about the last dozen MS worms.
STUPID!!
SAILING MISHAP
what recent virus? we all don't live and die by the newest norton update, someone tell em what the hell "the recent virus" is.
Their fault-the patch was released over a month ago, before there were any known exploits for it.
when a new Microsoft worm or exploit is out. But after the initiall updatestuff it all settles. The latest RPC vulnerability the Blaster is already slowing down according to a Cnet.
And I guess that eveyone that have some firewalls and uses common sense allways survive these attacks. At my companys network we use Win 98 instead, so we were able to escape this worm. Actually it looks like all the new exploit are on these new Win2000 and XP versions, so to me Win 98 or Win Me looks like a much better choice in the security area.
Proud patriot and republican voter.
Why does the American public - much less the American government - let itself be duped into using insecure, closed-source, and only half-functional software? It's not the money - the government has to stinking pay Bill Gates and crew for the privilege of using his junk. It's not the jobs - there would be other jobs out there (with RedHat, or Apple, or any of a dozen other OS makers) without MS. In fact, there would probably be more IT jobs than there are...
So why do we put up with it? Please, I'd love to hear ideas. I don't know of much of anything that the average bureaucrat, or military office, or CIA spook, or DOT drivers-license-tester can do on Windows/Office systems, that couldn't be done under Linux or FreeBSD. I really would love to know why, when Germany, India, and who knows how many other countries have ditched closed-source software for OSS, we can't do the same...
Any thoughts?
Web Design & Software Development
Interesting. I had noticed when I stopped by Municipal Court to schedule a trial date that the computers were down. I was told by an employee that it was due to the power outage, a comment that didn't make sense considering that I knew for a fact that the server farm was a floor above us...
As pissed as I am at the asshole who wrote the worm (it took nearly half an hour to schedule something that normally takes 2 minutes-- thank "Bob" that I was in Municipal Court, which is only starting to modernize from an old IBM mainframe setup, rather than in Common Pleas or Federal District Court, which are totally computerized-- and in he case of Common Pleas at least, running on Windows), this is, of course, another example of why governments, in the name of security, should go to more open-source solutions.
My wife's entire 1500 plus employee company was instructed today to not turn on their computers until IT came around to look at them. I guess a few computers were infected with this worm and they wanted to ensure things were taken care of. So, here's the deal: I figure that today alone, due to lost productivity, salaries, benefits etc.... this company lost $250k from this worm. So, I ask: When are companies going to wake up and realize that the fundamental foundations that Windows are built on are flawed when it comes to security? There have got to be studies out there examining total cost of ownership of the various platforms. For instance, I spent a couple days of my time updating our remaining Wintel systems to guard against this virus and am soooo happy 95% of my work is done on OS X.
Visit Jonesblog and say hello.
I just want to say LOVE YOU SAN!! billy gates why do you make this possible ? Stop making money and fix your software!!
:)
I read that this morning and smiled, at least these hidden easter egg messages have a bit of humour to them
Of course I wasn't so happy when the workload resumed and I was left with a nice deal to clean up.. but.. thanks for the couple hours of coffee break?
cmon...+5 funny, just because this one is true and not really a joke at all
Bottles.
I keep hearing that windows 2k3 is the most secure windows, but (and I'm truly asking), what makes people say so? I'm using it at home. Evidence for: logs changes, logs every reboot and needs you to enter a reason, insists that every site (including google) has a security issue, comes with almost everything disabled, doesn't let users use shockwave et al without permission, probably some bug fixes. Evidence against: see the article above. At least it informed me afterwards that the computer unexpectedly rebooted . . .
PS: Please don't mod me for flaming, I'm really wondering what inner changes there are, other than the ones above that give the impression of security.
A friend who works at blackbox told me "hundreds" of computers shut themselves down at EA Studios out in Burnaby this morning ... HA HA
I mean... who on Earth would expose a Windows machine to the internet...
Troll or not... it seems to be just common sense with 8 years of data to back it up.
One of the downsides to having just one type of OS is that it makes you very vulnerable to this sort of thing.
As far as blaming people who haven't patched their computer, I can't see it. This thing is hitting home dialup users fer crying out loud - my friend had to drive over to his dad's house to disinfect a machine. You can't expect everybody's grandmother to behave as a professional sysadmin.
When they find the Linux users who did this I hope they lock them up and throw away the key.
So all someone has to do is dislike Gates and Microsoft, write an Windows virus, and they are automatically considered a Linux user?
Cool.
The unofficial
If this was a "pro-linux" motivated attack, then surely this troublemaker's attentions would've been best directed at sco.com rather than windowsupdate.com, no?
~
~
~
-- INSERT --
First off, congratulations! Secondly, though, that's just the point: it is a $100 rock. This is what happens when somebody gets a monopoly - De Beers undersold everyone, then jacked the prices to the moon, and nobody bothered to try to stop them until they owned the market. In fact, most of their major execs can't set foot in the U.S. without getting arrested for racketeering, anti-trust violations of all stripes, etc...
Power corrupts; absolute power corrupts absolutely.
Web Design & Software Development
> microsoft rules linux sucks get over it gay linux faggots
Yeah, Linuxers are just jealous because this software won't run on their systems.
Sheesh, evil *and* a jerk. -- Jade
Seriously. Governments and businesses. Every time a pimply faced half-hack writes a new $krYp+ to take down the stand-up comedy act that is Windows Security....
/. knows.
/either/... We also know that *any* poorly adminned box is a deck of cards, but C'mon! look at the vast canyon of difference, just in how installations come out of the box!
/me gets off soapbox again.
"Blame the admins for not patching when patches were available"....
This has some merit, yes. *BUT* has anyone ever adminned a server that must be up 24/7? If you've got a whole room full of them, you just don't have the time to go in and manually apply patches. Yet, automatic Updates pose another problem: You probably just can't have a MSSQL server doing unexpected reboots all the time. You can lose data, what if the patch breaks something? etc.
And even after all the patches and fixes (we're sidestepping the Microsoft "patch one hole, open 3 others" issue for the moment), stuff still happens. Servers get knocked over. Look how many times it's happened in the last 12 months.
For home users, a disabled computer is a bummer, sure. But for businesses and governments, when will they simply decide that "This Just Cannot Happen Anymore."? Seriously. We're talking lives, national security, and huge amounts of money at stake here.
The alternatives are out there. I know, you know, and
We all know that Linux, Solaris, *BSD and the like are not 100% perfect
When will they learn? Seriously! I think it would make better business sense (read: make more money in the long run) to look away from Microsoft and look towards other Free(software) and Commercial products.
Fwiw, when i booted up my WintendoXP box to download the patch, i got nailed before i got to type a URL into the browser!!
C'MON!! AT LEAST GIMME A CHANCE, DAMMIT!!
do() || do_not();
I work in IT for the Department of Transportation in TX. Today, around noon, we suffered state-wide outages. It would have been easy to prevent- we have the tools to automatically deploy patched and updates to every computer on our network. Unfortunately, the people who have the necessary privileges to use do so, didn't.
My section was not affected, because I took it upon myself to patch the computers I was responsible for. Hundreds of people in my building were unable to use their computers for half the day. My section had problems because the servers we rely on were infected.
I hope (in vain) that 'little' problems like this will teach system administrators to keep their machines up to date.
Here at Drexel University our lab computers have been effected, and we couldn't access our data properly. The funny thing is that our president (Pappy) today was right outside with three segways touting out technological proweress, rolling along to Born to be Wild blaring in the background. All the tech in the world doens't matter if you don't use it right.
..they are an "ordinary asshole," as opposed to an asshole "trying to get people to switch to Linux" ?
The unofficial
A friend of mine spent the entire afternoon patching machines in his department at the university where he works, because their IT guy is on vacation this week. And the entire finance department was sent home for the afternoon while their system was patched up.
I know that the ~3 weeks that the patch for the RPC vulnerability has been out for isn't a huge amount of time to test things, but with a vulnerability of this scale, it's really incumbent upon IT people to get networks patched quickly, and it really reflects poorly on the IT department of any organization that gets hit, if you ask me.
Hello I believe the RPC vulnerability it's a great risk, but lets says that Microsoft had another similir vulnerabilities (IIS?). THe big rpbolem here it's the users and the sysadmins witch a lack of knowledge or the actitude "i believe everything in Norton's site". I remember a few weeks then it came out the RPC vulerability, sites like antivirus.com have it in "Low risk". Another example it's the people who rowks on my school, there are several sysadmins (like 4) and they sent an email about using a firewall, and that will fix the problem. I mean, you need to apply patches... you NEED to deploy fix tools, but no. Maybe it's not government, but come one, you can get a shell with the vulnerability too in a profesor computer, student's paradise? maybe. This misinformed users because of bad admins, it's like virus' hoaxes in E-mail...
will they learn? this is our tax money at work. holy crap. we must demand better. can the cost of linux transition really be more than all the windows problems?
My problem? I was perfectly gruntled, until some numbnuts came by and dissed me.
... has already been referring to it as the Windows worm (or virus).
Pretty funny.
This would certainly eliminate the deplorable labor conditions in the third world, as well as fix the awful problem of homogenous computer environments (i.e. M$ dominated networks).
I'm trying to get on Windows Update right now (I was already patched, but, just routine patching -- flame away). Its running really slow... probably because of this virus. hah. sucks to be you
I think my principles are reachin' an all time low
The 10pm news here in Philly interviewed one of the city's IT guys. He stuttered and stammered his way through the whole thing, and looked to me like a man afraid for his job as he claimed that there was "no warning and no way to be prepared for this"-- not a verbatim quote, but close enough.
I think the guy is right to be afraid for his job-- he's pretty damned incompetent to have not heard about this. This vulnerability was quite publicly announced weeks ago, and Microsoft's page with the patch is dated July 16. Even Homeland Security released a bulletin, and I'd hope that if nothing else those would get around in a city government that is supposed to maintain a level of disaster-preparedness.
Then again, this being Philadelphia, that guy likely got his job through patronage and wasn't qualified for it in the first place.
~Philly
Well than...that must make me a freaking linux genius! :-)
...that I'm a damn programmer, and my system was secured from this exploit (due in large part to my overly paranoid nature), but the workstations belonging to my depts microcomputer support & network manager were all vulnerable and hit. Dumbasses. I spent my entire morning trouble shooting, patching, and fixing the workstations belonging to my office's higher-ups & executives (I was specifically requested by them, I might add), while the network & micro fucktards ran around fixing the computers of the no-counts. Needless to say, I pissed off a lot of people today, but thank God they aren't the ones who sign my check.
I look at the never ending laziness of network support as continuing to supply me with the opportunities to secure my employment. Also, the thank you email from the prez really gave me a chubby.
Spread the RC luvin'
If something like Lycoris were on 95% of computers out there, where everyone runs as root, maybe some more sploits WOULD occur.
However, assuming that the damned distros that made it onto 95% of computers out there were just secure out of the box (eg. you don't need any damned services running by default as a desktop user, there's no reason for this vulnerability on Windows!) then this would never happen on Linux, or any other Unix for that matter.
Also, this is not a virus, it's a worm. Viruses have been shown to be pretty much harmless on Linux, because of the fact that they would have to have exploits and such things coded into them to be really really effective. Linux worms have been exceedingly rare anyway, compared to Windows.
-toomuchPerl
And I know this for a fact. I had a machine that I re-loaded XP on for a customer since he was upgrading his mootherboard. Friday I finish the windows load and I install all the patched available on the update page. Ran it once to get the first 80Mb of patches, ran it to get Media Player 9, ran it again to get the security patch for Media Player 9.
That's everything on the update page.
Installed Norton AV 2003 and got all the updates available as of last Friday. After doing that one would have a reasonable expectation of being safe against a problem, especially since the problem was discovered a full month ago.
Monday the customer called with the machine giving a 60 second countdown and rebooting.
Now even if the people at the MVA and other places *did* the updates from the updates page, they'd still be screwed.
All I want is these virus programmers, their fingers, a ball-peen hammer and 5 minutes...it's all the time I'd need
-- Wiccan Army, 13th Airborne Division "We will not fly silently into the night"
My bad. I made a bad link that wasnt what I wanted:
r oo t=security,1~mode=flat
If you wanna look at the code its HERE:
http://www.dslreports.com/forum/remark,7652257~
The grain of salt is that they are reverse engineering. But it still is there and interesting.
Again my appologies.
I am going to have to agree with those who disapprove of the 'haxor' who designed this virus...knocking the MVA out might not be such a big deal but it has infected the computers of at least one police agency. Any messing around with the computers of a police agency can cause safety and property to be put into danger. NOT cool.
Comcast as a whole got blasted, not surprising.
& sid=1& A2=ind0307&L=ntbugtraq&F=P&S=&P=93 40
A win2k sp3 machine I patched has something like 16 critical updates needed. Several reboots.
That's too much downtime. You can update just about everything but the kernel in linux/bsd without a reboot. Going through this every couple of days is a drag!
The architecture is fundamentally broken: the enabling stuff by default; implementing dozens of new ways for strangers to do things to your computer without your knowledge (as features!) with each release; welding mere applications (web browser, email client) to the OS, having them run with system priviledges, and making it impossible to remove...
Finally - windows update is fundamentally broken. It will report success when the patching operation fails. This is one way:
http://www.ntbugtraq.com/default.asp?pid=36
They need to start over. Maybe if they start clean they can come up with something that compares to Linux.
I fail to see how issues like this show that windows is fundamentally insecure.
- The patch came out a month ago.
- They have 90% of the marketshare, so one would assume that 90% of the viruses created are written to target exploits on Windows.
- They have 90% of the marketshare, so one would assume that people who spend their time looking for security holes will spend 90% looking at Windows.
If Linux had 90% marketshare and was used mostly by people who don't patch, like Windows is, I fail to see how architectually Linux would be more immune to this type of attack than Windows is. The reason this doesn't happen with Linux is not because it's oh so superior to Windows software wise but because it's used by less people (less rate of infection, less motivation for hackers to write viruses), and the people who use it are competent enough with computers to make sure their stuff is patched and healthy.
The people who run Linux at home or in the office didn't get this virus because their Windows machines were patched. Why do you think that is?
--
> And who was it who brought it into the office? The CEO
Sure maybe they didn't patch, sure they connected their system to the local network.
There a few common sense notions that people rightfully have. Among these are that 1) you can be on the internet and 2) connecting your system to a network should not harm other computers. If theory and practice are incompatible, I think they should rethink the practice of computers rather that the above two notions.
"In theory, practice and theory should be the same, but in practice they're not."
The fact is, there is no 'secure' operating system, but there are enough things that can be done to prevent virus infections that any large company stricken by this virus should fire their IT staff TODAY.
What company does NOT demand auto updating anti-virus software on every system connecting to their corporate network? What company does not have a person in charge of installing MS patches within 24-48 hours of their availability? Dont give me that crap about being afraid of the patches, because if they damage your network, you can blame Microsoft and save your fucking job.
Viruses are a reality for Windows networks, and companies without policies and recovery plans to deal with them should fire their staffs and get competent people in place. Businesses need to understand that competancy costs MONEY, so if your IT people are paid dirt wages, your network is a sitting duck, trust me. Can your MCSE who cant tell you what circular logging does on an Exchange installation. Fire the fool who told you to build trusts between multiple AD forests, I dont care how reasonable his explaination was. I see this shit every day, because 80% of Windows admins suck monkey dick. Microsoft is on their 3rd round of creating a certification program. Maybe they should consider taking the aftermarket PROFIT out of it, and stop caring about pass/fail rates long enough to get a core group of people who know what the fuck they are doing?
There is no excuse for this shit anymore. A virus attack on a company running Windows these days should mean an instant termination of the staff that let it happen.
I guess it's time to offer my services to all thosecompanies who have flower arranger paper MCSE's who are getting fired tomorrow :)
You're putting it like it was an intentional attack on these institutions by a hacker, but really, it wasn't a hack, it was a virus, which should, more or less, indiscriminately deal damage. It was probably not the intention of the virus' author to infect nothing but government institutions.
A common thread in many of the reports is the unwillingness, or inability, of many organizations to spend an adequate amount of money on systems administration and security. How many organizations take a "If it's not broken, don't fix it" approach to dealing with computer systems? Some organizations appear to think that an anti-virus package is the silver bullet for the problem, and don't understand why their computers were affected. Others rely on outside contractors or consultants to fix problems after they have occurred. I've worked in many places where there were no full-time systems administrators. Management depended on local PC "gurus", whose primary job was something else, to keep things running.
Mea navis aericumbens anguillis abundat
Maintaining this crap is taking way too much fsking time. I have a lot of other projects that I could advance but instead I get to hit slashdot while watching patch progress bars randomly increment.
This is not good, it's not acceptable, and I am moving toward not accepting it. Screw em. Lousy products, massively offensive licensing terms (both in dollar amount and provisions), and smarmy, arrogant execs. Piss on them.
Here in Columbus, OH, the BMV is down, along with the patient tracking/data services at several major hospitals. Apparrently St. Ann's has closed to incoming traffic because they don't have a paper fallback system. Oops.
Parent is the victim of moderators who did not even bother to look at the link. Clearly, the parent is not a troll, but an attempt to be funny. Mark the moderation as unfair.
If I'm not going to get karma, I'll stand up for those who should (or at the very least not lose any).
I just want to say LOVE YOU SAN!! billy gates why do you make this possible ? Stop making money and fix your software!!
Love,
Letter
The majority of MS worms are created by little nerds in basements using pirated copies of Visual Studio. Not Linux users. They are know as script kiddies and are all over Usenet sharing their windows expertise.
So bullshit to your post.
OH THE SHAME I fell off the wagon and use sigs again!
My department's network consists almost entirely of win2k boxes with the odd 9x client at some of the less well funded sites. We've got a dozen 2k servers and roughly 300 workstations, the vast majority of which were patched, and a restrictive firewall. Today we got hit by a worm for the first time, from another county department (behind the firewall), and from a dial-in client at a charity who uses one of our databases. I blocked port 135 from the rest of the county and terminated that dialin client, and started checking out the few boxes we knew hadn't been patched yet. I want to stress that the worm that hit us was not the MSBlast thing everyone's talking about. It doesn't shut down the machine (although it seems to crash the RPC service ~50% of the time). It's not detected by Trend's newest definitions (that include msblast), or by Symantec's msblast remover tool. Whatever it was, it did a number on those workstations and we left them unplugged from the network pending figuring out what the hell is wrong with them.
It seems to spread the same way, scanning network ranges (apparently at random - when the dialin client finished scanning our block it went on to start scanning 5.69.something) on port 135 and attempting to infect any it hit. One thing to note is that is crashed the RPC service on a couple of fully patched clients, but for most of them it had no effect. On the ones that it did infect (IE, the ones that weren't patched), it disabled file copying through the GUI (both drag&drop and copy&paste). It also disables a number of odd things, mostly dialogs, like IE's "Find (on this page)" Between those two I suspect it infected at least one system DLL. Something it did didn't agree with Word, which would popup up an error on creating a new document, saying that the document could not be registered, so other documents would not be able to link to this one. I didn't spend too much time on it (There were only a few unpatched boxes, we took them offline and went home), but I didn't find any reference anywhere to this. It wasn't scanning out from the infected machines, so it may have a time delay or something built in.
So, first, the people in the story weren't the first government agency to be affected, by far (although none of our public services were affected AFAIK). And second, has anyone else seen a second RPC worm going around? Or is this some mutated version of msblast?
Just wait till next week, when one with a destructive payload is released...
I'm actually glad this particular worm hit, and not something much nastier - think of it as warning shot, if you will...
smash.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
Not to come off like a MS apologist, but do people here honestly think Linux is the magic bullet to rid the world of worm's like this?
Think about it. If an incompetent admin isn't wise enough to keep up to date with MS patches, do you think he'll be able to properly administer and secure a Linux box? How hard is it for these guys to either get a decent firewall, or click start>windows update?
You can't really blame MS for this one, they had the patch out a while ago. The problem rest solely witth lazy and/or imcompetent admins.
As far as home users go, if they can't figure out Windows, why would they bother with linux?
If only someone would have alerted the sysadmins of the world about this RPC problem, back when it mattered, like in July, around the middle, like the 16th -- then maybe the robots wouldn't have taken over the world.
"Sig free in '03!"
It's like digging a hole in the water. (In this metaphor, the water is NOT frozen, 'kay?)
We IT gnomes have other things to do than patch and patch and patch and patch. We can't trust Windows Update to even correctly report the status of the application of a patch. We have users screaming for new installations, new hardware, new software, new networks, wireless, email, etc. Staffing doesn't get determined by workload. Not in my world.
I recently took a contract job to bring the IT operations of a local, growing business from a mom & pop deal to a more enterprise ready footing.
I have about 25 XP/98 machines to look after, but only 2 of them laptops (3 if I count my own). First thing I did when I was hired was grab both of the laptops and patch the hell out of them. Next was the 2K server, and lastly today I spent the whole day running around updating everything I could on the rest of the desktops. No programs got hosed in the update process either, which was a relief. We're behind a small NAT engine too, so I feel rather confident that we'll weather the storm.
My point is that businesses such as my current customer have no clue that an operating system (indeed, almost any program as well) needs to be taken care of. This is the issue that will keep biting Microsoft in the ass - until they make it plain as day that "You need to do regualar maintenance to our products" people will run with security holes. If they can't see that it's broken, why would they fix it?
Another point - I'm looking into SUS so I don't have to worry nearly as much (or spend so much time waiting for WindowsUpdate) but I'll need another server to use it. The lone server my customer has is almost over loaded at the moment, runing SBS with 256M of RAM. SUS requires 2k Server or above to run - why, I don't know. Just like Microsoft to turn a problem they've created into a marketing opportunity. No wonder they're having trouble stemming the Linux tide.
Soko
"Depression is merely anger without enthusiasm." - Anonymous
How could one already be infected if their computer hasn't been running? Maybe he's implying "as soon as you turn on your computer you'll be infected", I don't know.
Millions of unprotected personal computers remain vulnerable to the worm, which can infect any machine connected to the Internet, experts said Tuesday.
Really? I thought it was only Win2k, XP, and 03, not every computer on the planet. But experts said so, so I guess it must be true.
The worm attacks computers through a flaw in the part of Windows that allows computers to share files and control Inter net traffic. Four versions of Windows operating systems are targeted: Windows NT, Windows 2000, Windows XP and Windows Server 2003.
Oh you are aware it doesn't affect every computer on the planet. That's good because five paragraphs before you said it did and now you're contradicting yourself. Wonderful
"This is certainly a capable person who did this," Sundwall said. "In most cases, it takes about six to nine months for a worm to appear after a patch is released. This is certainly something that did occur quicker than we are accustomed to."
Because it is just so hard to create a self replicating buffer overflow program. It's not like this is down to a science. The statement implies a team of developers would have to sit down for a year to create something this "sophisticated". It couldn't be that MS products are inherently insecure and easily exploitable. There are thousands if not millions of people "capable" of this, just not immature enough.
You'll notice some of my excerpts are quotes from within the article, and not necessarily the words of the author. The author still choose to include this malformed crap.
I would recommend seeing this older Slashdot article concerning the worm or going to google to find better written information on the matter. The facts within the new article are interesting, but so blatantly misrepresented it's annoying and I would view an alternative source.
Beware blue cats moving at
Look! The virus is spreading Windows FUD!
Until they can release an OS that goes a couple of weeks between major vulnerability discoveries, they're fucked! And so are you. Don't you think IT staffs have other responsibilities? Do you realize how many updates there have been this year? How many of them require a reboot?
That's an easy question to answer.
The more interesting question is how many of them would not be required if they had implemented a sensible architecture, if they hadn't bolted on a bunch of crap to advance the monopoly into the internet, etc. Then we could hope for a massive improvement in code quality. My impression is that a bunch of this was avoidable, but for lazy and incompetent product managers and programmers, and perverse design goals intended to hurt competitors no matter what collateral damage to consumers.
No, really. List your choice of replacement system and give a thorough list of past remote exploits for it before you bash Microsoft.
Microsoft actually seems to be getting better about security. They still have holes that you have to patch, but so does everybody. Here's a list of the security updates for my OS distribution of choice, for instance:
Red Hat Linux 9 Security Advisories
Most of these aren't as bad as the recent Windows hole (and many aren't in software that even has an equivalent included with Windows), but there have been a lot of them recently, and they're not Red Hat specific problems either.
> > When they find the Linux users who did this I hope they lock them up and throw away the key.
> So all someone has to do is dislike Gates and Microsoft, write an Windows virus, and they are automatically considered a Linux user? Cool.
So that's why the media is reporting Linux usage is up! I thought there were actually more people using it.
When we hear about all those cities and countries considering a switch to Linux, are they actually just considering switching all their jobs over to "Windows virus writer"?
Sheesh, evil *and* a jerk. -- Jade
Saving money shouldn't be the primary focus of adopting public-license software, at least not for governments. They have an obligation to keep public data public, in the strongest sense of the word, and by forcing people to use vendor-specific products to interact with public data, they're sacrificing accessibility for expediency.
Certainly adopting handicapped accessibility laws requiring building construction costs in most government buildings didn't 'save' any money. They passed that because there was a moral, if not legal, obligation to provide access, mostly irrespective of cost.
creation science book
I am running 3-4 linux servers for each windows box. They have better update routines and many fewer updates are required.
And I have a couple of OpenBSD boxes with very specific roles. It's fun thinking about how little I have to think about them.
So yeah - they're properly administered and they take much less time. Your mileage may vary, of course. If you have a RH 7.3 "with everything" then you have a problem, maybe.
It's SkyNet! SkyNet is the virus!
*makes some popcorn and waits for the nukes.
- "Scientia non habet inimicum nisp ignorantem"
The debit machines in British Columbia are screwing up big time right now August 12. A Safeway employee told me it is because of server outages. Boy this is starting to cost big dollars. At least ./ still runs. You guys cash my check? At least I can still rant on line.
OH THE SHAME I fell off the wagon and use sigs again!
The windows world isn't even close to handling a whole class of vulnerabilities - services running with inappropriate priviledge. Ouch! No chrooting, priviledge separation, etc.
It's amazing how little they seem to learn from better OS's. That and your point reminds me of a sig I saw a little while ago: "If I am near-sighted, it's because I stand on the shoulders of midgets."
Windows *is* fundamentally insecure, and much more so than Linux. If you don't see this you know very little about computer security.
It has nothing to do with 90%, it has nothing to do with people not patching because they are technically incompetent, IT IS BECAUSE WINDOWS BY DEFAULT RUNS A SHITLOAD OF NETWORK SERVICES AND DOESN'T FIREWALL ANYTHING.
In case you didn't catch that, let me repeat:
IT IS BECAUSE WINDOWS BY DEFAULT RUNS A SHITLOAD OF SERVICES AND DOESN'T FIREWALL ANYTHING.
Run a netstat on a default XP install, and count the open ports. Now do the same on a default Linux (RedHat/Mandrake/Deb/you name it) install and count the open ports. You'll notice a 2:1, 3:1, as high as 10:1 ratio, Windows:Linux. Ok, so by default Windows has many more open doors. Huh, wonder why it gets exploited so often.
Unfortunately, that's not the end of it. Most Linux distros I've seen (fellow slashdotters correct me on this stuff) are now using IPtables by default, with at least a level of security that blocks incoming connections to almost everything. All you have to do in some is select 'high' security, and bang, almost nothing gets through.
Windows by default has no firewall enabled. In fact, you can't do *anything* with pre-XP Windows. Linux has had built-in firewalling for years and years and years...
This is all bad, but it gets worse. The latest worm attacks the RPC service in Windows. Now, logically, you'd think you could shut off an RPC service, if you're never making/receiving REMOTE PROCEDURE CALLS. Nope, the OS breaks pretty nastily if you do that.
I have yet to see a single example of a listening service on a Linux box that cannot be disabled without wrecking the OS itself.
This has nothing to do with patches, volume, or the price of tea in China. Windows simply uses a poor security model, one based more around convenience than intelligence.
I really don't get the massive amount of Windows apologists on Slashdot, either. I personally love Windows for what it's good for, but a simple 5 minutes research into TCP/IP will show anyone just how poor the security model is in Windows. Yet you're modded up with 100% complete nonsense.
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
I'd like to take this chance to show the MVA and the slashdot crowd the status of my carefuel
E\....F
there you have it
-foxxz
And exactly how much did our government recently pay for MS software to be used for homeland security.
He who said 1,000,000 monkeys on 1,000,000 typewriters would eventually type the great novel, never saw an AOL chat room
Windows XP, and XP SP1 are vunerable. Windows 2000 SP3, and SP4 are vunerable.
I have a copmuter running Windows 2000 as a router (no flames... please), with no Service Packs installed. My router has direct internet access. It has NOT been hit.
The theory that for every bug MS fixes, they add 2, is true.
Wouldn't they have to use Windows in order to test their virus as they develop it? :)
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
Is it really fair that literally millions of $'s of business and government money and hundreds of man-hours of time must be lost due to Windows worms and virii??
Shouldn't MS be held accountable in some form or fashion for these costs?
This is utter madness!!
I like the text in the worm though (from the symantec site) "I just want to say LOVE YOU SAN!!
billy gates why do you make this possible ? Stop making money and fix your software!!" LOL.
Well Bill? What say you? Can I call you when my father-in-law calls me all confused (again) because he has "this windas erra that won't let me work on my files". Grrrrrrr.
I SAY WE FORCE MICROSOFT TO CREATE AND MAINTAIN ANTI-VIRUS SOFTWARE AND HOLD THEM ACCOUNTABLE FOR MISTAKES. Oh wait...*slaps forehead* that's not a good idea either.
Is the juice worth the sqeeze?
Not everyone can afford real IT staff, and for that matter not everyone ought to have it.
What we call folk wisdom is often no more than a kind of expedient stupidity.-Edward Abbey
I work for a healthcare organization and it was indeed pretty bad. Our desktop folks had gotten behind on their testing of security patches, so many of our systems were unpatched. All it took was one connected clinic to start it off and pretty soon routers started shutting down due to the huge network traffic as the worm spread.
It was pretty freaky. My coworker was patching systems in the Emergency Department as patients started getting some long wait times. Downtime measures tend to be slow in comparison to what people are used to.
If the worm we got autostarts anything, it uses one of the sneakier methods. I didn't check the ini files, but I did check out both run and both runonce keys and there was nothing unexpected in any of them. File sizes and dates on the files that were there matched a clean system (although that's not a guarantee, I didn't run checksums). The damage to explorer, IE, and Word did survive a reboot, however, so it modifies something on the system. We had the system up for the better part of an hour on the network, watching ethereal on the switch's mirror port, and didn't see any strange traffic, so I don't know what triggers it's spread. The dial-in client that was one of the original vectors had been connected for something like 8 hours when it started scanning, and we are it's internet access so it couldn't have been (easily) infected from outside today without us seeing it (we were monitoring after central's exchange server went boom), so I strongly suspect it's got a timer or trigger to start scanning. (Maybe idle time? It started roughly half an hour after they closed for the night, hence us kicking them off and revoking their dial-in privliges instead of just calling them.) I didn't catch any actual infections in the packet dumps, only scans after the vulnerable machines had already been hit, so I don't have a network dump, but I'll hook an infected machine to the test network in the morning and try to get one. If I can talk the manager into leaving me alone for long enough I'll try to get it to infect a dummy machine I've imaged and see exactly what changes it makes. Anyways, good luck to anyone still playing with these things.
No problem, Sir. We'll just switch our AI on and squash this thing. Skynet is ready to go live.
Am I the only one who heard Roxette to sing "I'm gonna get blitzed for some sex"?
Extensive hits to e-mail, web and database systems throughout many ministries in Ontario.
I thought it was interesting that a member of the Justice system in Ontario was complaining that 'Microsoft is not providing the proper tools to properly manage an enterprise with 1000 servers spread throughout the province and ensure that patches and service packs are kept up to date. The cost of maintaining these manually is too high'
To which I asked 'How much is it costing you to scramble and fix this problem now?'
Enterprises either need to bear the cost of a 3rd party tool to maintain patches through the enterprise or find the money and resources to keep things up to date properly on an ongoing basis. Otherwise, they will find it costs 2-3 times that amount of money to respond to patching and cleaning large pools of servers in this type of worm situation.
The1Genius - Littera Scripta Manet
One of the issues we face is that every single security patch needs to be tested against a huge array of applications installed on our desktop systems. While it's a simple rule to always update Windows to the latest patch, it can be troublesome when mission critical applications fail as a result. And when you're in the healthcare business, failure is not an option.
One of the reasons that this patch may not be installed everywhere, besides the obviously long QA side of testing patches before deployment (I was burned by SP3 and a Promise IDE controller) is that it is pretty far reaching. Any game house or animation company for games like Quake or UnrealTournament2003 will probably not have applied this patch. Reason: It made it so they could not open any of the files made in gmax
But then the issue is one of resources, pure and simple. So when government agencies and public institutions (like my buddy's university) have their networks go down, this is a direct result of underfunding. And underfunding is your tax cuts at work (your jurisdictional mileage may vary).
The other issue at work here has to do with the fact that with lots of worms and trojans, an unpatched or infected box on one network can cause major headaches for all sorts of other networks. And this raises two interesting, related issues: first, can the owner or admin of some unpatched system be held civilly liable for negligence if it is infected and used by a worm or trojan that damages other networks, and secondly, will governments start regulating or setting standards for internet-connected servers, to protect the viability of the network as a whole. Regulations or standards might not be such a bad thing either, because they'd act as a shield from litigation, insofar as any company that followed the guidelines could probably claim that they'd practiced due diligence, or weren't negligent, or whatever (IANAL, can ya guess?). It seems vaguely analogous to environmental regulation, in that if you're going to put your mill by the river, it better not muck the river up for other users.
This all boggles my mind. Yes there are security risks involved with any product that features to make life easier (the more security something has the less 'user friendly' it is), but do they just have servers/multi-homed machines sitting on a live, unfirewalled connection and on thier internal network as well???? or (even worse) are these machines firewalled and have port 4444 open????
and for the CEO that bought the virus in on his machine (forget where that was mentioned) his IT guys should be shot for allowing a machine that has obviously travels from work (should be secure) to his home DSL/cable connection to not have any sort of virus protection on it (or at lease not having it scheduled to update often)
when I was asked about if we were at risk because of this at work I had to laugh, as none of these port would even be considered to be opened, especially 4444 inbound!!!!
sure these virus exploit holes in OS security, but they should have been covered off by network security!!!
just my 0.02 cent candaian =~$0.013 USD
when hell freezes over; when I can sue a car manufacturer for being late to work because I didn't buy gas; no; probably, but I've never wasted my time reading the EULA.
...respectively.
Protector of Capitalist views,
Meorah
Thanks. I f-d up the first link without looking at it. I hope someone does mod this up it is very interesting.
A friend in the 3rd Circuit Federal Appeals Court -- located in downtown Philadelphia -- faced an outage this morning. No computers for an hour and a half (at least).
Take a company like JetBlue. 100% Windows-based airline. They never have a problem, because their people know what they are doing. There are thousands of other companies with good people, but even more that are just lucky, and on the road to disaster.
It should be written into every IT person's job offer, that if the Windows network brings down a company because of a virus, they can expect immediate termination.
Fortunately for me, Win4Lin only works with Win98/ME which doesn't have this RPC bug.
Oh well, what the hell...
Comment removed based on user account deletion
Wouldn't they have to use Windows in order to test their virus as they develop it?
;)
Nah, the WINE project is becomming such an accurate implementation that you can actually develop viruses under it
The unofficial
I was setting up a new computer today running Windows XP and within 3 minutes of the first boot, the computer was infected. I wasn't even able to download the updates before the worm found this machine. So my question is, why are machines still being shipped with vulnerable versions of Windows XP? If it is too expensive to redo the drive, at least include a cd-rom (that costs $0.00001) that has the updates on it.
agree that this is a disgusting act of vandalism and the person who wrote and/or spread the worm should be punished heavily if caught. This worm knows no boundaries, and unlike a email virus, it could cause tremendous damage and is far more malignant, therefore the intentions of its creator. RPC flaws are not new, they have existen in the Unix world for a long time, and now Windows is the next victim. I used to have respect for hackers who deserved respect, but as someone who's life are computers, I have lost respect for these people completly, and I hope they get caught and punished. This new breed of hacker is neither truly intelligent nor has any intentions to teach people a lesson. All they care about is do damage. Assholes.
The phaomnneil pweor of the hmuan mnid. Fcuknig amzanig eh!
Microsoft often releases patches for these types of worms and viruses, but the problem becomes that sometimes their patches end up breaking a hell of a lot more than they fix.
Companies, and government institutions cannot just patch and go. They have to test the patches on an isolated computer to ensure that EVERY SINGLE program they need to use is not affected adversly by the patches. Any idea how many MS patches for Windows alone are out there? It's a wonder IT people at companies/government are even half as caught up as they are.
Just imagine if your health insurance provider's IT supervisor just went and patched every time without testing; and one day the program they use to keep things up to date won't work because of a MS patch that broke it. Suddenly you're without health insurance. God help you if you get hurt in the time it takes for them to figure out what broke the program and try and fix it.
That's why it doesn't matter that MS releases these patches. Sometimes they fuck up a lot more than they fix, and companies and government institutions simply cannot take the risk of installing every single security patch from MS (often released weekly) because of this.
Thursdae
Sorry, but the author is obviously not a Linux user. If he were, the virus would also DDoS sco.com.
Litigious bastards
being a hacker is a good thing, don't feed the FUD. read here
bite my glorious golden ass.
Here is a little something that you may or may not find slihgtly hilarious:
Word of fore warning - I am typing on a ONCOMMAND keyboard (hotel web TV) that is probably covered in beer and man glaze.
I had a mysterious reboot one night when tyig to access the "High Speed Suck-O-Net" That they try to charge $10/night for. After 13 hours of updati MS systems at work I wrote it off as "one of those things". Now I am starting to have second thoughts.
I can't use the internet in the hotel on my computer because everytime I do I get the "NT Authority/System RPC service terminated unexpectedly" then my Windows XP laptop (wasn't it supposed to be more secure?!?) shuts itself off. Not only taht the phone stoped worknig next to the bed, the receptionist downstairs thinks I am crazy for bitching about worms (how can worms get on the tenth floor?), this keyboard sucks and my coputer is infected with a DAMNED VIRUS that has already cost me $10 for the initial infction! I would like to find the ASSHOLE that wrote this POS and give his ass an unexpected termination!
Seriously though,
Why can't someone right a virus that get's into these ONCOMMAND systems (run on MS (P)OS) and tell it give everyone free porn? I would pay for it but I am afraid my TV will shut off half way through due to some bug and I would have to make the rest up!
I probably would have been able to respond to the 15 minutes of warning had I not had been patching other vulnerabilities these bastards keep finding.
BTW - I proudly run OSS for several of my (stable) servers but I am not in MY ofice, I am in a pure MS network. I will now be infesting it with a new "virus" according to the all knowing MS. it's a little thing calld Linux, anyone heard of it?
Well I supose I should get some sleep as I will have a couple hundred machines to clean at 6 AM and it's now 12:30. Off to bd where I shal dream of worms crawling htrough my head!
The dingo ate my sig.
I can imagine the day when the unknown security hole of the future comes careening through that expansive windows network and microsoft hasn't made a patch yet. I wonder how long before someone dies. Nothing personal, but I'd never consider Windows 2000 secure enough to bet my life, or anyone else's life on it. No FUD intended here. I'm being as serious as a heart attack. I'd go so far as to say that putting mission critical hospital systems on the Windows 2000 platform is criminal. I'd never trust my life, or a loved ones life considering their track record. And yes it IS that big of a deal. And it IS that serious. What you are describing is a serious tragedy waiting to happen. It's only a matter of time.
For every annoying gentoo user, are three even more annoying anti-gentoo crybabies. Take Yosh from #Gimp for example.
I was at the gym for the 3pm NZST news today, and Microsoft took a hammering. Only Microsoft Systems are affected... MSFT this, MSFT that - I'd like to see what Microsoft New Bliss-Land do to spin this.
I've just checked their NZ home page and they are soliciting for feedback on customer feelings towards MSFT today, and have some obvious customer advice in big, bright colours. Microsoft US doesn't seem to care in comparision.
The feedback form has three cute faces with various different states from happy to angry on them. Perhaps you may want to give them some feedback to ;)
So my question is, why are machines still being shipped with vulnerable versions of Windows XP?
because it would cost them (PC manufacturers) lots of money to stop shipment on all those systems and reimage them all over again. they would be glad to toss a CD in the box if they kept track of which hard drives were in which systems, but they don't. honestly, just make your own damn cd. it will work until the next service pack is released, and then you'll have a brand new office frisbie to play with. you can't lose!
Protector of Capitalist views,
Meorah
Getting hit by this worm demands complete apathy towards patching your system. One faculty member at the University I do tech for was complaining about doing patches. It's so hard to open IE go to tools and then Windows Update and click a couple buttons. If that. We tend to set Windows to automatically download and install critical patches and then cross our fingers and hope the users are too lazy to disable it.
In my case I just run a $50 router with NAT that blocks everything I don't need which makes the entire house network of around 10 computers immune from this worm regardless if they're patched or not.
This worm doesn't prove anything. Linux users need to be patching their systems as well and when it becomes mainstream it'll be the target of script kiddies as well. It's just pointing out what techs all know: people are lazy and don't care until it's a problem.
Ben
Work Safe Porn
In all seriousness, the automatic updater should be running on ALL home users systems, and system admins can set it to "prompt before downloading AND prompt before installing" so that you can cancel or delay if need be (for whatever reason.. testing, etc).
Has anyone compiled a list to see something like how much M$ has cost the world due to insecure software?
I would guess it's a couple billion dollars by now. Why does no one care?
What was it that really made the worm possible?
Leaving RPC open by default. As much as I like where you are trying to come from, this is indeed a Microsoft problem that they created themselves. When you have 50 FUCKING BILLION dollars in the bank, a major majority of the market, and this type of crap keeps happening, you should probably think about spending a few billion on making products that don't cost your customers insane amounts of money and lost productivity due to down time because of pathetic security and coding practices. It's just a thought.
For every annoying gentoo user, are three even more annoying anti-gentoo crybabies. Take Yosh from #Gimp for example.
Your fired !!!!!!!!
They did it because they love San.
YOU only THINK that windows update is good and paranoid neurotics are bad because you turned on windows update and allowed MS to indoctrinate you with lengthy dissertations on the evils of paranoid neurotics and the benefits of windows update. this feature flashes the information on the page once every 30 frames, and was ironically installed by the windows automatic update feature.
Protector of Capitalist views,
Meorah
Remote Procedure Call (RPC) is a protocol used by the Windows operating system. RPC provides an inter-process communication mechanism that allows a program running on one computer to seamlessly execute code on a remote system. The protocol itself is derived from the Open Software Foundation (OSF) RPC protocol, but with the addition of some Microsoft specific extensions.
So now can they shift some culpability to the OSS community?
geez.... the audacity.
-Phil
"'Tis a small mind indeed cannot think but of one way to spell a word." -Mark Twain
yes it will. there's a windows emulator called wine available here.
I like that. I shall use it in the future. Thank you for enriching my insult dictionary.
How many Windows users actually use Windows Update?
I'm convinced that most regular users do not "get" what Windows Update is for, and see no tangible benefit to using it until/unless their system crashes. It's a bit like backing up the hard drive -- most people won't do it until a bad experience convinces them it's worthwhile. (This goes double for dial-up Internet users, who have to babysit giant downloads, and may have to start from scratch if they get disconnected.)
I think Microsoft needs to add some kind of positive reinforcement and explanation of the value of the Windows Update service. Even a big splash screen at the end of each update that says "Your computer is more secure!" would be an improvement.
In my experience, Windows Update works pretty well in Windows XP. Updates can be set to download and install automatically, or download then notify, or simply notify when updates are available. The system works.
By my very unscientific reckoning, however -- based on the visitor logs on my Web site -- the latest Windows (XP) accounts for just 50% - 60% of current Windows users. 20% are still running Windows 98 (and 20% are running Windows 2000).
Why does that matter? Remember that Windows Update in Win98 was not automatic. In fact, it often completely failed to work!
Many of today's users had at least one bad experience with Windows Update before Microsoft got the bugs out. (You might recall that the Win98 version had several "known issues" including the infamous "freezes at 0%" problem that completely prevented users from accessing the update system.
Microsoft also alienated some users in the early days of Windows Update by marking unnecessary (even unwanted) system software as "Critical Updates." If I remember correctly, version 1.0 of buggy and bloated Internet Explorer 6 was installed as a "Critical Update" to IE5.
In short, Windows 98 users who tried Windows Update learned these lessons:
- Windows Update doesn't work very well (or at all)
- the updates do not appear to make any difference
- Microsoft uses this system to force unwanted software on me
It's no wonder many Windows users don't bother to fire up Windows Update. And as long as some Windows users are apathetic (or actually hostile) towards the update system, EVERY Windows user is vulnerable.
(A brief digression: users who have dial-up Internet accounts are less likely to use Windows Update than broadband users. They would need to see some major tangible benefit to keeping their systems up-to-date. Big downloads are relatively painless with broadband, but they're a major hassle for dial-up users -- especially to anyone who pays by the minute to be connected.)
Anyway.
It's clear that automatic updates are the way to go. Microsoft could easily fix the whole problem by issuing free software to make "Critical Update" downloads automatic in older versions of Windows. That would eliminate a major reason for upgrading to XP (i.e. because Win98 is insecure by default), but it would benefit ALL Windows users.
But there's the rub: this would eliminate a major reason (perhaps THE major reason) to move from Win98 to WinXP.
I spent more than an hour on the phone today with a friend whose Windows XP system was infected by the Blaster worm. She thought she was safe -- she has anti-virus software, she updates her virus definitions daily, and she thought she was using Windows Update regularly. (She was wrong, as it turns out -- Windows wasn't up-to-date, although she swears she said yes to automatic updates sometime last week.)
If a bright, conscientious, well-meaning user can get burned by this system, there's something wrong.
Solutions? I think "Critical Updates" should be mandatory for all Windows users. If people refuse to update the updated system software, Windows would shut down after a reasons period of time -- say 30 days -- until the user agrees to get the Critical Update.
Another idea: write and distribute th
That new virus that's out, it wouldn't be called Service Pack 4 by any chance, would it?
Not a bad idea untill you get the prissy Programing dept that cant have there sacred cow of a test server touched or the VP of sales that needs to bring his plauge ridden network onto the network and refuses to loose admin rights and the ability to override virus software.
.exe's in email) granted he clicks on everything presented that looks official.
Now granted mostly I'm a consultant so I actualy sugest the right course of action sometimes I win and other times expediance and bad addituded win generaly from the non IT department. Things in midsized shops like you mean I cant have local admin period? but I'm a programmer I need local Admin to install things. or the high and mighty sales guy who needs to open exe's from his email to do his job (yea because people allwasy send each other
No sir I dont like it.
I hate to have to say this to you guys, but the only reason Microsoft is having all these exploits published for their OS is the fact that they controll most of the market share!
If linux starts to become prolific, you know what? People are going to start looking harder for worms and I can guarentee you that the same amount will start coming out for that OS.
I'm going to have to sit on the other side of the fence for this one boys and girls. I don't think that this shows that Microsoft's OS's suck, it just shows that they are the best target.
That's why the section of the MVA (not the DMV in MD) that I work for keeps paper backups of everything. Oh, wait, nothing is kept anywhere but paper. Funny thing, paper. Seems to have been working pretty well for a couple of years.
(My latest journal or two should describe my 'work' with the MVA. Lots of outside work, and a shoestring budget. Using laptops or some other techno-trash isn't going to happen. But, again, we'll be working.)
The only crappy aspect is that who knows whether or not this will delay a paycheck:(
Jesus was all right but his disciples were thick and ordinary. -John Lennon
It wasn't illegal.
Under the terms of the BSD license (Microsoft got much of their networking stack from BSD), you are obligated to do only two things:
* Give me credit
* Don't sue me
Aside from that, it's entirely up to you what you do with the code. It does not come with the restrictions requiring source distribution that the GPL does.
uses Solaris in ICU. DOS is used in admitting, and the drones use Windows.
photosMy Photostream
"I am sure the "haxor" would have been really proud of his/her self if he/she proved their point by porking say a hospital's computer system. What an asshole."
Let us not forget that there are people who are out to disrupt government opperations and injure/kill people in hospitals.
Why does everyone assume that this is a "script-kiddie" sitting in their parents' basements writing worms? There are plenty of evil/sick people who would love to see communications disrupted so they hurt can us economically and possibly physically.
"A plan fiendishly clever in its intricacies"- Homer Simpson
I had not heard any claims of a complete rewrite. To me, it looks like warmed over nt4 with the substantive changes divided being cosmetic, gratuitous UI alterations (so the admin applets are in a new spot, just to annoy) and more radical new ways for other machines to interact with the system.
A little hardware support - they had a USB driver for nt 4 widely deployed all over the redmond campus, but not released so users would have a reason to buy a new os.
I don't know if it is better code/design than nt 4 or better drivers or my anecdotal impression of better stability is incorrect. I think security is worse.
XP added a lot of lines to win2k, but it still uses a lot of the same crap.
In the consumer OS evolution, there wasn't much difference between win95 osr2 and win98. Throw in some patches and you have a more complete evolutionary chain than we have for human descent. Which is another way of saying we all got charged for bug fixes.
Like the subject asks, are systems behind NAT safe? I would guess that it cannot connect to local IP addresses behind a NAT router/modem. Or am I wrong?
So, as a Philadelphia area resident can anyone get me a list of infected business/departments so I can fill the positions of the soon-to-be-fired IT Staff?
Yes - I am partly serious.
Admins should patch, no question. And there are some basic things we should all do no matter what platforms we use. My net does not allow outbound packets unless the source address is our net. That kind of thing.
.asp page.
I guess I think it's reasonable to get caught flat-footed once in a while by this stuff. Even the microsoft download site - where you could get the patch to prevent Code Red - was itself nuked by Code Red. If they can't do it all the time, it's not reasonable to expect everyone else to.
I think the real solution is to migrate to better platforms. "Better" includes considerations besides how fast a half-trained web lackey can smack out a superficially functional
I don't know how the liability would play out. Seems it's hard enough to punish deliberate, manual crackers and fraudsters, even when you locate them for the authorities. There's been enough of this stuff that to my mind the common custom ==> common law is that you don't have grounds to sue, since millions of people haven't. Dunno. And if you got infected, aren't you guilty of the same negligence? I suppose if you got hit with a side-effect, like the DOS that will hit the Windows Update site, that's different.
She said he got demoted to mere lead programmer or something around nt 4.0 MS has a weird habit of giving 25 year olds executive authority over some major projects. The PM's were not the best coders who had been promoted.
On the other hand, they sometimes value the programmer much more than the programmer's supervisor. The place is a political snake pit, but they do avoid some Peter Principle issues.
Anyway, she noted seeing his sports car (ferrari?) in the parking lot on weekends when she was about the only other person there. He worked long hours even after NT went someone else's way.
if this person ends up in prison they'll be much more popular with NO teeth.
But.. they too would be a Windows user!!
Unless they skipped the whole QA portion of programming and decided not to test it on their own Red Lan systems...
That we may never get rid of this worm completely, at least not for a long time...
Patches for the hole, except for Windows NT 4.0, which the company no longer supports, were put online by Microsoft.
Source: Channel NewsAsia
There are A LOT of companies still running NT on both servers and workstations, last time I was in a major server room at Big Blue, well I won't name clients, but several large name clients have NT based server solutions. Yes I know blocking certain ports will stop it from getting in, but there is still potential for many NT systems not to have those ports blocked now, or in the future.
The fucking patch did not work. I have being awake all night trying a new version of the patch and appliyng work arounds...
IANAL but write like a drunk one.
Apache is mainstream, IIS gets trashed.
That should be enough to prove how deeply flawed is the "if it is mainstream you will be 0wn3d" mentality.
IANAL but write like a drunk one.
However you are essentially right, to create a dcom function exe you need to use MS script libraries that only run on the MS Visual Studio compiler set. To my knowledge I do not know of anyone who has made the MS compilers run under Wine. It would run like a dog with a broken hind leg anyway, and most likely would not get anything compiled into a binary. No who ever built MSblast.exe used an MS compiler. That is almost for certain.
OH THE SHAME I fell off the wagon and use sigs again!
> I say screw those who didn't patch
/insert obrant about how Windows is a poor system in regards to security and how patches and virus scanners are post-attack fixes. Someone has to get infected first you know. //or insert obrant how how Bush's DOJ let MS off and now we are sowing the seeds of cronyism.
1. Companies may still be evaluating it before putting it on their production servers. So if their e-commerce site went down because of this patch would you also say "screw them for not testing properly?"
2. "Road Warrior" laptop users who tech support hasn't had a chance to update yet.
3. Home users who dutifully update their virus scanners, pay Norton, and are careful not to open wacky attachment but have no idea about how remote exploits worked.
4. Failed patches and false positives.
5. New computers straight from dell or whomever that bundle and auto-setup everything except autoupdate. Hmmm, that sounds like a big problem to me.
6. "Early victims" who were infected well before the patch was available or before their computers could download it automatically.
7. The technical clueless that have no idea what a virus is or let alone a worm is. Who's job is it to teach them the ins and outs of security? Maybe MS could make a more secure product or at least put as much effort into alerting the user about security as it does trying to break competitors. Crazy, I know.
You must be young. "Virii" are almost exclusively a Microsoft phenomenon and have been since Microsoft had very small market share due to the poor security and "always root" nature of the OS. You are trying to use windowspeak to describe other things. The only significant UNIX worm was the sendmail worm. Other than that, there hasn't really been much. There was the DNS/Bind worm a little while back, but it didn't propogate nearly as fast due to the increased diligence your average UNIX admins has compared to the typical "set it and forget it" attitude that's popular with the windows family of server OS's. Growing up during the time, problems with "trojans" and worms and whatnot were never really that big of an issue with UNIX because the barrier for entry was enormous. You had to understand a great deal about C, socket code, and other not easily obtainable bits of knowlege to even begin. Most "hackers" weren't malicious when UNIX ruled 90 percent of the roost. Only with the coming of Microsoft did the true rise of the "script kiddy" occur. When it became easy for any moron to download precompiled crap and run it on their windows box to attack other windows machines is when there was truly "TONS" of this kinds of stuff. Very sad, but very true. Windows is a target because it's a very easy target. These people are lazy. Windows is shooting fish in a barrel compared with having to deal with obtaining root permissions, or the ridiculously rapid rate with which UNIX systems are patched, and get patches. With most UNIX systems, a patch is out in HOURS as apposed to weeks or months with microsoft sometimes. There is a fundemental difference is how things are done in both camps. Microsoft could learn a great deal from UNIX if they'd bother. They only have about 50 billion dollars to spend on making their systems better yanno. I'd think that would be pretty obvious to even the most biased sympathizer.
For every annoying gentoo user, are three even more annoying anti-gentoo crybabies. Take Yosh from #Gimp for example.
Apache is the most popular web server. It gets hammered harder by the script kidiies than IIS.
Who installed the logic module in your brain?
IANAL but write like a drunk one.
I'm a sys admin for a hospital, we simply dont have the funding for nice stuff like that or enough IT staff. We just gotta make do with what we got.
PLease use the correct terms, we are suppossed to know the lingo.
IANAL but write like a drunk one.
The ability of ms programmers should be commended. Like clockwork they ensure people must update their software every week and upgrade it every couple of years.
This business strategy of having your customers depend on you to prevent these pathetic hacks works well for them. What other company in these times has $50 billion in cash?
The only thing that can help or even fix this is competition. We all know that's not going to be from apple anymore, so maybe linux.
The worm contains the following text, which is never displayed:
So it seems the creator did have a point to prove.
How could I say to men: "Speak louder, shout! For I am deaf!"? -Ludwig van Beethoven
...we will see some kind of press release from SCO reminding us how bad IBM & Linux is, just to help divert our attention away from the current chaos of this Microsoft worm.
:)
Just one for the MS/SCO conspiracy theorists
"Hey! Unless this is a nude love-in, get the hell off my property!!"
IIS is a Swiss Army knife.
I run Apache precisly because it doesn't do anything extra. Lack of functionality doesn't make it more secure than something of greater functionality. It's apples and oranges. As someone else mentioned, Apache has modules that open up the same/similar vulnerabilities as IIS.
IIS gets hacked from remote administration exploits and the fact it's tied in the to OS. Which is precisly why I dumped Linux which stupidily ties in FTP to the OS.
App accounts should NOT be system accounts. If I want to have the same user and pass for HTACCESS, FTP, SMTP, POP3, and VNC, I'll set up the seperate programs handling them to have the same user and pass in their respective account files. I don't want the OS to handle all the passwords. When you do that, then getting a password means you have access at some level to the OS which leads to escelation hacks. The intelligent way where say an FTP count has nothing to do with a system account, getting a username/pass only gets you into the FTP account.
If you get a password for my mail server, worst case you can read my e-mail. If you get a password for FTP, worst case you can change some files.
Ben
Work Safe Porn
Microsoft is already on it. The whole .NET initiative. You didn't think they were going to keep on keeping on with the old ways, did you? Subscription software all the way. They'll make more money that way, and with them in control of your system, the problems seen here will go away, i.e. every one of the problem machines out there right now would already have been patched automatically.
This whole crisis is an opportunity for Microsoft to hype what they've been hyping recently (subscription software, downloaded from MS regularly).
A Good Intro to NetBS
That's the sort of situation I was talking about. Or situations where company x was paralyzed because company y's network was down, but (after I actually think about it for a second) it seems to me that almost any case like that would be covered by some sort of contract, whether y was an ISP or a datacentre or whatever. However, it still seems to me that there's a certain sense in which the Internet is a commons, and we may end up with the government regulating networked computers as such. Depending on the scale of the infection, the DOS on the 16th could make the whole bloody net crawl, if too much bandwidth is consumed. Enough occasions like that might motivate the government to impose more standards on system maintenance.
Uhhh.. no. This is a side effect of a homogenized world. It's no different than growing a forest of cloned trees, or a race of cloned people. Because they are all identical, they all suffer the same weaknesses. As a result an infestation that would ordinarily kill hundreds instead ends up killing off the whole forest - or an entire race.
If everyone had macs (or linux) virus writers would be targeting macs or linux. The problem isn't just windows: it's that a single OS - a single "species" - is far too pervasive.
I was just thinking the same thing...
"Who runs Microsoft Town!?" "Master Blaster!"
$0.02 (CDN)
"I'm unaware of the [Microsoft] patch being available," said David Hugel, the deputy chief administrator of the MVA. "I've talked to our IT people and we weekly update the virus protection we do have, and this just happened to fall between those points when we had updated it and we didn't have the [new] update available yet."
How about downloading security patches, too?
I suppose Skynet 1.0 is released soon.
Enevitably, some report will appear in the papers saying the MSBlast worm caused $ X million worth of damage, but really we've been lucky so far with Malisa, Code red, Simba etc. None of them have had any serious payload. I think people forget the real harm that the virus author could have caused if he/she so wished (corrupting your data files, or formating your harddisk, for example).
This virus also appears to cause the system to open the "My Documents" folder whenever a user logs on to the system, it opens that user's my documents folder (at least, that is what it seems like all three of the infected machines display this behavior)
most daemons/services are capable of authenticating users via PAM or from an SQL database.
for apache, PAM auth, mysql auth and postgresql auth.
for ftp you could use proftpd and ignore system accounts completely, it supports quite a few alternative methods.
for the email solution use something like vpopmail with no system users and supported by quite a few MTA/POP3 agents.
If you don't want the OS to handle the passwords, then you can set it up so it doesn't. By default system accounts are normally used which I assume is from the era of people having shells and doing * from it, ftp/read mails/etc in which case things would use the standard system accounts..
Happy patching.
Code is Speech. No to Censorship.
Not all hospitals do.
;)
I work for one of the largest health care systems in the US, and we didn't even hardly get touched by this new virus. We did have I think one office (NOT in a hospital, one of the 'corporate' ones) get hit by this, but it only affected a handful of users.
Then again, we are tortured by VMS and some Sun Mail programs...
It's not a new problem. Nor is any amount of wishful thinking is going to fix the problem, Microsoft's products just aren't engineered for security. It's a problem that would take years to fix. Bill Gates himself made allusions to the U.S. Apollo space program of the 1960's which was $25 billion over 10 years. However, for the time being, the security issue is treated like a PR problem and the customers are taking the lumps.
A this point the problem is sociological or psychological. Like any other cult, Microsoft provides a sense of purpose and belonging to it supporters. Note that neither a technical background nor even an analytical way of thinking is a prerequisite, thus fulfilling even the unconditional acceptance aspect of a cult.
As much as IT staff and, especially IT manangers, admire the personal wealth of Bill Gates, they just need to be able to let go of Windows and move on.
Move on, either to Macintosh or Linux or QNX or BSD or Novell there are many choice. There will be some up front costs, but even without the viruses and worms these upfront costs will be offset by the number of maintenance hours saved.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
Let's try to imagine if it carried a Chernobyl-like payload, or the feared root name server DDoS. Man, that's scary. So, the first one with an exploit ruins it for the rest, as at least some of the world finally realizes that it needs to patch, rendering the real killer-virus less effective, should it ever see the light of day.
I guess in that context, we should be grateful. It's kinda like if your're walking down the street in a bad neighborhood. Wouldn't you rather have some a**hole just slap you in the face, rather than said person walking up and shooting you?
Actually, several anti-virus companies named this worm W32/Blaster. There ought to be some kind of campaign to make sure people call it W32/Blaster, and not just Blaster. Where's RMS when you need him?
Big Flaw in your design. It's this things called laptop's. Someone takes one home then connects it to his Cable Modem/DSL connection gets infected and bring that back into you nicely firewalled network and bam your entire network is crashing hard.
I do not know the intentions of the creator of this virus/worm, but it could have been a lot more malicious. It will hopefully be a wake up call to people to secure their systems, before something really bad is unleashed.
you should probably think about spending a few billion on making products that don't cost your customers insane amounts of money and lost productivity due to down time because of pathetic security and coding practices.
Yeah right, how are you going to get them to buy Windows ZP 2005 then?
Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
This virus patched billions of systems in a quick amount of time. With these systems unpatched... Much worse things could have happened. The virus maker did Microsoft a favor by releasing this. He made it annoying as possible without doing any serious damage. Making it annoying made you do something to fix it.
And if you didn't patch, well it's your fault. You were bound to get your system ripped open sooner or later anyway. So now your system is fixed.. You are less likely to recieve a virus that will destroy your system.
Microsoft did make the patch available well before the worm was unleashed. If people would regularly check "Windows Update" (http://windowsupdate.microsoft.com), or enable Microsoft's Update download capability, this would NOT be an issue!
Obviously there were thousands upon thousands of computers still vulnerable to this exploit when this worm was released. I honestly think that this particular worm has done the world a favor - a security hole this critical was BOUND to be exploited sooner or later. Better that this relatively harmless "vaccine" force everyone to patch their systems now. That way, when REAL malicious exploits hit - that actually delete files and destroy your work - most systems will no longer be vulnerable.
Heck, I'd almost wager that Microsoft released the bugger themselves in order to reduce the impact of the next big one...
I have a friend the the GSA, and I told him this was going to be comming last thurs. He told his bosses, the told him, "We could get most of them upgraded, but it would be a lot of work. F*ck it" Needless to say most of there office went down, as did many of the gov't key GSA databases. It's not really funny, but....Ha Ha.
This virus talk is rubbish. I'm typing this on a Windows computer right now and everything is working fi
Various Arkansas Government agencies are afflicted, too.
What those who want activist courts fear is rule by the people.
and how many switched after Code Red? ILoveYou? the countless others? Those who got inffected either had someone take care of it or just reinstalled the system. This is what they are trained to do and expect it with computers.
I agree with your premise and disagree with your conclusion.
Microsoft has trained people to think that "computers are unstable" and "computers need to be rebooted frequently to fix problems". This is what they are trained to do and expect it with computers.
Viruses are different. People can understand needing to "turn it off and turn it on again" to fix a problem. Viruses are scary. Viruses will "erase your hard drive"! People have been hearing for the past two days that viruses affect "any computer running Microsoft", and people are also aware that there are alternatives to Microsoft.
I think repeated virus attacks will drive people away from Microsoft in greater numbers than Microsoft-imposed instability ever did.
I don't make the rules. I just make fun of them.
but to be slow at patching servers and systems is just plain stupid. Any system not patched up when you had a month to get the patch deserves to be hit hard. Lazy sysadmins need their asses handed to them, it will weed out the weak and we intelligent people will get the better pay. It's good for all of us in the long run.
W32/Blaster delivers its payload against windows update -- on the 16th. Debian turns 10 -- on the 16th. Coincidence? I think not!
This would be a lot nastier than a harddrive wipe.
With the wipe, you know it's all gone...just reload the backups.
With screwing the data...what's right? what's not?
That could truly be a costly virus...costly in many ways.
Sean D.
"Hmm. I am to metaphor cheese as metaphor cheese is to transitive verb crackers!"
Dude, I would have scripted it, so I would not have to worry about the lazy/stupid/busy. And not just ms products are vulnerable, ALL products are vulnerable, even the sacred *nix.
I hate sigs.
But then the issue is one of resources, pure and simple. So when government agencies and public institutions (like my buddy's university) have their networks go down, this is a direct result of underfunding. And underfunding is your tax cuts at work (your jurisdictional mileage may vary).
First, you are shooting yourself in the foot every time you make an argument and label it "simple". If the issue were really so simple, then its simplicity would be self-evident and you wouldn't need to label it as such. The very fact that you feel compelled to tell someone that it's "simple" generally means that it is anything but. (The same thing goes for arguments labeled "clear" or "obvious".)
Second, a government organization which lacks resources may lack resources do to poor budgeting (i.e., money going towards pork rather than to that which makes government function). Government at all levels spends money on pork. After tax cuts, governments could have reworked their budgets (you know, like us regular folk who don't have the power to plunder at whim have to do) and cut out pork, redundency, overspending, etc. But, then again, what about all those precious votes? I'm sure there's plenty of politicians who are compeletly willing to let their server farms crash if that means saving their favorite vote-buying programs.
I don't make the rules. I just make fun of them.
In addition to the Maryland MVA, all the computers at the Montgomery County (just outside Washington DC) library system were hosed. When I went last night, they had the checkout system back up (the Post said that they had to do manual checkouts earlier in the day), but all of the public access computers were down with handwritten signs saying "Down due to virus attack".
This page accidentally left blank
I know /. is the place to bash the microsofties, but don't let it get to your head. Remember, anything with the name Microsoft gets instant press, outside the techies the public thinks "apache" is the old movie name for a First Nations tribe.
.exe. Even then you get guys like this story highlights:
I regularly do security audits of all kinds of systems. When I walk in to a microsoft shop I can immediately tell how it goes. If the sysop says "I don't trust the patches, I test them, but they're not deployed unless there's a REAL problem" It won't go well, those guys usually don't update virus files either. On the other hand if the sysop is using patch management practices he can often go out in real time and check the current status of a server, workstation, and active version of the virus definition file in realtime (they usually have good WRITTEN policies on unauthorized (untested) soft/hardware with sanctioned backup). I haven't found malware in any of the latter cases.
I've yet to find a good *.nix shop. They often have good processes and procedures that SHOULD avoid problems, but the truth is it's easier to sign a piece of paper that says sourcecode was patched and applied than to actually do it. Things look great on paper. Check the source or decompile sendmail (one of my favorite targets) and it's another story. I'm still finding the same hole T.Morris used years ago on active servers. The excuse is always the same, "that was the way it came, shouldn't that have been fixed in the distro by now?" (i.e. too lazy to look, just signed the paper). Many don't even check SANS or CERT regularly. At least windows will notify you when critical updates are available, and all you have to do to apply it is run the
"I'm unaware of the [Microsoft] patch being available," said David Hugel, the deputy chief administrator of the MVA. "I've talked to our IT people and we weekly update the virus protection we do have, and this just happened to fall between those points when we had updated it and we didn't have the [new] update available yet."
(How did this guy get his position or experience? Even "end-users" successfully use critical update with relatively NO technical experience or fiscal responsibility.)
Any sysadmin that can't keep a system patched, or falsifies patch records should be punished up to and including dismissal as far as I'm concerned.
Incidently, just so you know my audit document is the CERT advisories on securing systems. If you want a great basic book try OReillys "Practical Unix and Internet Security"
Has anyone figured out yet that as far as I'm concerned the problem is NOT theoretical design differences in OSs as much as the incompetance of the people running them?
It doesn't matter what you wrap your emotions around, Reality is a brick wall specifically designed to scramble eggs
I was not trying to be anti-MS and I belive my statement about using a non MS email client and browser will definately reduce your risk of viruses and not only because they are not as homogeneous as you claim but because they are NOT integrated into the OS and NOT tied to multiple core functions of the OS that allow these worms to work as efficently as they do. That is a fundamental issue that will always make any closely tied system at risk. The use of raw data and application code and executing them from an application that is tied directly to the core of the OS will ALWAYS be harder to maintain security then a system that does not have this integration. That is a fact no matter which way you look at it. People are always told to not run an unknown executable file. Well any time you deal with documents, emails, web pages, help files from any JoeBlow on the internet on a MS Windows system, you are dealing with files that can and will execute code. Couple that with a known weakness elsewhere in the system and you have a new worm and or a virus. This is the basis for almost every major worm and email virus for the past 5 years.
Bad boys rape our young girls but Violet gives willingly.
I think the best side-effect of this virus/worm is the CNN poll it spawned, which revealed that more than 40% of those polled are completely clueless.
Everyone is commenting that the sys-admins should have updated their systems. The company I work for got railed by the worm, all of our PCs, and all of our servers. Why weren't they patched? Because corporate policy says that we aren't to install service packs, security patches, you name it. We were certainly aware of the security bulletins, we just couldn't do anything about it. Might be about time to start freshening up my resume.
...something like 97% of the worlds worm/virus designers spend 100% of their time on trying to torpedo Windows. I wonder the people using Linux or any other Unix/Unix clone would do if they got that sort of non stop attention. Please note also that it is perfectly possible to harden Windows to the point that it will withstand all but the most determined of attacks. I know because I am responsible for a pool of Windows servers who never noticed this virus exists because I patch regularly, installed anti-virus and software, a firewall and took a number of elementary precautions way before this thing ever hit the net.
"....if you dont know something is dangerous it is your own damn stupid fault!!! Not the programmers's wrote your Open Source webserver so that it can be run as root on port 80!".
Only to idiots, are orders laws.
-- Henning von Tresckow
So the Washington Post article require you to fill out their silly little survey before you read the article. The lower limit of the birth year field is 1900. Isn't it possible that someone older than 103 could concievably be online and looking at this article?
Dunno, I just found it interesting.
Why no Bill ~300 million windows machines are not spamming your website. How could they? They are not susceptible to computer viruses...it must be sumthing else...
entropy
Ok folks. Sorry fer jumpin on a thread.
:)
Guru help needed now.
Our home network has my box (knoppix) talking to net via parents win2000 box. Got call at uni. Computer haywire. Got home , sure enuff, theres msblaster doing its fandango.
So I get the cleaner clean it up, go to download the patch from ms site to avoid clean up and...... "Where the fsck is service pack 2?".
WTF?????
Anyway, the moral of the story is that service pack 2 is a humongous download thru a 56k modem, and the only way to block this bitch is via zonealarm..... *EXCEPT* that zonealarm free version kills NAT from the windows box.
Windows being as it is , lacks iptables, or any nifty stuff like that, so I'm confounded.
*IS* there a firewall , that like free and all, that doesnt waste ICS?????
Cos as it stands , this whole business of not being able to do assignments and stuff is REALLY getting me down.
Thankyou for listening. Hope you can help
Excuse the Unicode crap in my posts. That's an apostrophe, and slashdot is busted.
Kill the paper MCSEs. Shoot them in their heads.
Really? Why dont you give me your IP address, and we shall just see about that?
the only thing this WORM maker did was wake everybody up to install this one patch. people aren't gonna catch on that this is not a one-time occurence. it's gonna happen again and again. The guy that originially found the vulnerability reported it to microsoft a long time ago. then microsoft posted a patch a long time ago. all this virus writer did was prey on the fact that people don't update their machines like they should. i believe windows xp has automatic updates on by default and you have to turn it off explicitly. Why are all these end users turning off the auto update features. these are the same end users most slashbots say are incapable of understanding when the taskbar has been moved from the bottom of the screen to the side. Anyway I am rambling. What I am trying to say is sure, Microsoft's security is a bit lacking, but they patched the hole long before this expliot came out. The users are dumb for turning off auto-update. and the virus-writer is an asshole for vandalizing computers under the guise of "sending a message". Microsoft already had the message and already fixed this exact problem before the worm was ever released. I am not an MS fan, I use a mac myself, but jeez. they were on the ball this time. there are many programs released in the *nix world with security holes that were not forseen before too. these things happen, get over it. clearly the guilty party is the virus writer. If there was a problem with the locks on the doors of your car would you prefer someone to knock on your door and let you know that your lock can easily be circumvented, or would you want that same person to enter your house using that vulnerability in your door, invite some of his lockpicking friends over and then use your house as a homebase to do the same thing to other houses, so they can then use those houses for the same purpose as they used yours, and so on? Why is this criminal in the real world, but doing us a favor in the world of computers and i see since you mention terrorism that you have been sufficiently programmed by the mainstream media so I don't even imagine you have read this far.
Thanks for the eloquent post. You should have been modded at +5 under-rated as well. That's a point that I tried to make previously but I usually get modded down as a troll.
Why is it Microsoft's fault when THE PATCH WAS RELEASED A MONTH AGO? A simple ~800kb patch. The exploit even made a Slashdot headline, so it was well-reported.
The fault lies in those people who don't patch the operating system with the critical updates put out by its maker.
"Sufferin' succotash."
[and i am an idiot for not changing to plain-old-text] the only thing this WORM maker did was wake everybody up to install this one patch. people aren't gonna catch on that this is not a one-time occurence. it's gonna happen again and again. The guy that originially found the vulnerability reported it to microsoft a long time ago. then microsoft posted a patch a long time ago. all this virus writer did was prey on the fact that people don't update their machines like they should. i believe windows xp has automatic updates on by default and you have to turn it off explicitly. Why are all these end users turning off the auto update features. these are the same end users most slashbots say are incapable of understanding when the taskbar has been moved from the bottom of the screen to the side. Anyway I am rambling. What I am trying to say is sure, Microsoft's security is a bit lacking, but they patched the hole long before this expliot came out. The users are dumb for turning off auto-update. and the virus-writer is an asshole for vandalizing computers under the guise of "sending a message". Microsoft already had the message and already fixed this exact problem before the worm was ever released. I am not an MS fan, I use a mac myself, but jeez. they were on the ball this time. there are many programs released in the *nix world with security holes that were not forseen before too. these things happen, get over it. clearly the guilty party is the virus writer. If there was a problem with the locks on the doors of your car would you prefer someone to knock on your door and let you know that your lock can easily be circumvented, or would you want that same person to enter your house using that vulnerability in your door, invite some of his lockpicking friends over and then use your house as a homebase to do the same thing to other houses, so they can then use those houses for the same purpose as they used yours, and so on? Why is this criminal in the real world, but doing us a favor in the world of computers and i see since you mention terrorism that you have been sufficiently programmed by the mainstream media so I don't even imagine you have read this far.
Microsoft recently released the Software Update Service for Windows 2000. You don't need AD to use it. You set a server on your network to grab the updates from M$ and it then updates your internal systems. It's a bare bones implementation, but at least you don't need to rely on users to patch systems. As you have seen, 100% compliance is impossible, and all you need is one hole... I am a SysAdmin in an all Windows shop; I keep my servers patched and my virus scanners up to date, and I haven't had a problem in the two years I have been in this position. It can be done.
"What the American public doesn't know is what makes them the American public." -Ray Zalinsky (Tommy Boy)
The patch was released a month ago. "This type of crap" wouldn't have happened if systems were patched. My network was 100% unscathed. There's a reason Microsoft puts out patches listed as "Critical Updates," y'know...
Here's the part where the Microsoft conspiracist or the EULA-hater chimes in.
"Sufferin' succotash."
... above the fold, top-right corner in the dead tree edition this morning, with a continuation on page 14 or so, and two articles on the facing page (one about the MVA getting hammered, one with detailed instructions on how to clean up your infected machine).
The headline was Internet Worm Targets Microsoft Windows. We'll know they really get it when the next headline is Yet Another Microsoft Worm Breaks Windows.
To a Lisp hacker, XML is S-expressions in drag.
I've seen a couple of XP machines that the OEM pre-install defaults to having updates switched off -- I guess the OEMs just don't want the hassle of users phoning them up asking whether or not to install the patch, or dealing with problems from broken patches. I wonder how many calls they're getting that the moment...
please do, I havent been modded down for 50 posts.
and just to make sure
It was only after Niall had finally divested all his clothes,
which he did in a strangely awkward manner, that Siobhan
saw one very good reason why he might be a little bit
embarrassed to be seen in the nude. Niall's penis! Well, the
Devil be Damned! Niall's penis was by far the largest
Siobhan had ever seen. OK. So, it was fully erect. And that
meant it was going to be pretty big anyway. But this
monster was as long as her forearm. Almost. Or perhaps it
was. Long and stiff and round and swelling. The veins blue
and throbbing. The glans proud and hooded. Would it even
fit inside her?
It didn't quite fit in Siobhan's mouth. At least not that
easily. But she gave it as good as she could: the huge glans
pressed against he tonsils as she ran her lips up and down
and up and down its length. It was hot and strong smelling.
But, unlike Eamonn, Niall's penis didn't lose its way too
soon. It stayed as hard and stiff, if not stiffer, while her
saliva dribbled down its length, as it had before she'd
touched it. The strong odour blew out of her nostrils. Niall,
meanwhile, had swivelled his body around so that his
tongue was at her clitoris and he was licking at her labia
and within the vaginal folds, through the thicket of hair,
not perhaps as expertly as some of her lovers, but with
plenty of concern and attention for her own sexual
pleasure.
And it worked. Which surprised Siobhan. She wasn't
normally a girl who came especially easily. A flash of
blood darkened her vision, as she let the erotic moment
sweep through her and let loose a cry which she heard only
indistinctly. As she did later, a whole series of cries and
yelps and whoops and gasps to which she let vent as Niall's
penis found its way into her cunt and he thrust away at her.
Although she was wet (and, God in Heaven, she was wet!),
even that didn't soften too much the pressure as Niall's
penis bit by bit, centimetre by centimetre, inch by inch,
slowly made its way deeper and deeper into her vagina,
pressing against her stomach, stretching the walls of her
vaginal cavity. And thrusting in and out, in and out. But
Siobhan was only partly conscious of the fucking. She lay
on her back. The fucking missionary position. When was
the last time she'd been as unadventurous as that? And he
pushed in and out, in and out, as she squirmed and writhed
and wriggled, his buttocks pistoning above her crotch, his
mouth sometimes on her ears, sometimes on her mouth,
sometimes high above her, as he arched upwards.
And although she came and came and came, perspiration
streaming down her flesh, a pool gathering on her chest, on
her cheeks, underneath her buttocks and back, sliding and
slipping against the long red hairs on Niall's chest, she was
almost not aware of where she was and what she was
doing. She was lost in a whirlwind of pleasure, somehow
centred on her crotch, as Niall thrust again and again into
her. And still he hadn't come. How was this possible? How
could it be that Niall could keep going so long, whereas
Eamonn would have long since squirted out his little drip,
and they'd be lying on the bed, thoughts of sex almost
forgotten in some discussion on naturism and the law.
Finally, Niall did come. And he came with an explosion of
semen, that squirted into the deepest recesses of Siobhan's
cunt, and soon found its way out onto the sheets, onto her
thighs, and dripped down from the huge knuckle sized
glans in a long sticky trail to Siobhan's knee. Warm. Hot.
And so much of it!
...problem solved. (-:
/a" into is good medicine as well.
If you want to see your MS-Windows alive again, fill a suitcase with unmarked non-sequential medium-sized Bills... er, I mean, use Knoppix to download the patch(es), then reboot and apply them to 'doze toot-sweet before she reboots. Having a DOS window handy to type "shutdown
Got time? Spend some of it coding or testing
...just like they do for cars and such?
Got time? Spend some of it coding or testing
The FDA treats Blood Bank software in particular as if it were a "medical device" and requires much of the same kind of validation as any peice of medical hardware. I can't make a change in our blood bank software without filing FDA documentation.
The FDA is currently loking into requiring such documentation for Pharmacy software (at my work blood bank and pharmacy are known collectively as "the two places where a software bug can kill someone").
"Can't you see that everyone is buying station wagons?"
True story,
I was interning in a mid-sized business in NYC, they run NT4/2000 exclusively. I was in charge of all of the gopher jobs, patching machines, maintaining small VB apps, etc. When people starting making a big deal about the RPC flaw, the sysadmin decided he was going to patch all of the machines, just to be safe. Easy for him to say, since he didn't have to do it.
It was pointless. The machines were firewalled off and there was only 1 guy with a laptop. But I wasn't the sysadmin. I was but a lowly gopher. I had no problem with the windows 2000 machines. The NT4 machines, were another story. They hadn't been patched above SP6a, and many had been under heavy use for a undefined length of years.
Out of the maybe... 30-40 machines I patched, I remember 2 severe issues.
After installing the Critical Updates Package on one machine, explorer crashed every time the user logged in. The sysadmin was forced to downgrade the machine back to IE5.0 and remove a few Critical Updates.
After installing the July 2001 Culmulative Security patch, one machine failed to boot. Some error about one of those NT* files failing to load, IIRC. The sysadmin had to recover the important stuff, and ghost his hard drive.
2 out of 35ish may seem like a small margin of error, but the sysadmin told me that he had once worked at a very large company that deployed updates via group policy and rendered every machine in the entire business useless.
Beware the updates.
When all freedom is outlawed only the outlaws have freedom
...if you're agoraphobic. (-:
Got time? Spend some of it coding or testing
Meanwhile, our couple hundred Linux servers keep chugging along unaffected.
Installing the free update has often been asking for trouble. Microsoft have an unenviable reputation for breaking things with their patches. This is kind of inevitable when they have such poor understanding of exactly what's going on inside their own (possession really is 9/10ths of the law) OS.
Just install Service Pack MAXINT. Problem solved. Hint: it has a penguin on it.
Got time? Spend some of it coding or testing
FTP is not "tied" into the OS. In fact, none of these services are tied into the OS. I run many servers and Full set of services: http, ftp, pop3, imap, ssh, smtp.... and none of them use a /etc/passwd file. In fact, they all come out of an LDAP store.
...so would you care to restate that "I'd trust the computers in a car before I trust" part? (-:
Got time? Spend some of it coding or testing
Being a long time resident of Philly, this doesn't surprise me at all. I've dealt with and know a few of the drones employed by the City. They'll maybe have it all fixed by Spring '04.
Heck, just last month, we almost killed a Supreme Court Justice during the dedication of the National Constitution Center:
http://www.nbc10.com/4july/2312737/detail.html
I just love this town (sneer)!
Political correctness is the newest form of slavery.
Just an example, the Windows update for L2TP/IPSec that interfered with customer's ability to connect to the internet. Thankfully, Microsoft removed the update and posted an updated version of the update but it goes to show that if system administrators installed every update just because Microsoft said so, there would be plenty more problems created than solved.
Prozac makes the voices in my head say nice things to me.
Read it and weep.
Got time? Spend some of it coding or testing
...load it from paper tape before you could start using it.
Got time? Spend some of it coding or testing
Yet another clueless person who doesn't realise that WinXP doesn't come with many applications, therefore decreasing the risk of bugs in code.
There's a reason I wrote "and many aren't in software that even has an equivalent included with Windows", you know. Try reading to the end of the post next time.
Why are all these end users turning off the auto update features.
Because they got burned once when Windows Update started sucking a serveral Gigabyte service pack over their modem connection?
Or maybe they got tired of having to wait throught the several download a patch that has to be applied seperately and reboot cycles when all they wanted to do was check the movie schedule for the local theater?
Or maybe a social engineered malware webpage changed the settings by telling them click the link and it will double thier intenet connection speed?
Or maybe they are so burned out with having to patch their system three times a week they just don't want the bother since after all it is someone else that is going to get the virus not them?
ad infinitum, ad nauseum
not to be an ass or anything, but it's a worm, not a virus ;)
I'd only trust my life to a machine that runs a completely custom OS built for one purpose that does one thing, and does it well
Yeah, and that's why I would only ever trust my life to an iPod.
At least make it painless.
Got time? Spend some of it coding or testing
If a system outside the modem/router can't access port 135 on the machine in question, you are REASONABLY safe for a few minutes until you have time to install the update.
If a system outside the router can't access port 135, why is it safe for only "a few minutes"?
I don't know if grc.com is the end-all of network security, but according to their port probe, my port 135 was "stealthed" just from the router NAT, even without ZoneAlarm running...
So how am I going to get this worm?
These articles suggest that MS new about this fault for a month and that "experienced" sys admins were patching their systems.
I did a fresh install of w2k last friday and I installed every patch that was available. A patch for this worm was NOT on their site.
Using a different mail program doesn't help because many of these viruses carry a packaged version of Outlook Express mailer. I had a machine infected with one of these (different virus, at the time an unknown variant of an existing virus) - I identified it because it was sending mail using OE 5 and messages bounced back, but I was using Outlook as my mailer and had OE 6 installed with a Windows Service Pack for Win 2k (not 5).
:)
The only real solution is to throw out Windows... now if I can just convince management
For the love of man and everything holy, USE A DAMN HREF and stop putting a space in root!
click
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
Just a thought... But do they really use consumer grade computers? Maybe as terminals but last time I was in a hospital's computer room there were no windows boxes around. There was a Dec cluster, a solaris box maintinaing a huge optical library, and a bunch of shit off the set of "2001 a Space Odyssey".
Here's a rundown of what I've found out dealing with the MSBlast worm, some of which wasn't posted to the list yet (or I just missed it). Luckily my systems here were patched before this came out, but a few people brought in laptops that weren't patched, so here's what to expect.
/a" to abort the shutdown.)
MSBlast Symptoms:
Windows XP: Computer displays a message that the computer will shut down in 60 seconds.
Go to a command prompt and type "shutdown
This indicates that your computer is infected with the MSBlast worm.
Windows 2000: Computer displays an error message about "svchost.exe" fatal errors. Odd behavior follows, such as not being able to drag-and-drop certain items, Internet Explorer context menus (right click menus) don't work properly, and other bizarre behavior.
This _does_not_ necessarily mean that a computer has the worm, but the svchost.exe could be crashing as a result of the worm trying to get in. However, you should still run the removal tool to make sure.
Some people have associated this with the install of Service Pack 4, but it appears to be coincidental and not related to the SP4 install. However, SP4 does seem to have it's own user-reported set of issues unrelated to this worm, as discussed here:
http://www.w2knews.com/anecdotes.htm
Windows ME/98/95: Unaffected by this worm.
Windows Update: Windows Update is running incredibly slowly.
You may or may not be able to get in to update your system. This is due to the fact that millions of people are all hitting the service at once trying to get the patch to stop this worm. If you keep trying, you will eventually get in, but it may take a number of tries and 5 minutes or so per try. Additionally, you may get an HTTP 1.1 Server Too Busy error message even after you are in. Just keep clicking on the "Review and Install Updates" link on the left side pane and it will eventually let you in. When it does make a connection, the window or system may appear to hang for up to a minute or two. Just wait it out and it will eventually wake back up with the Blindly-Accept-Our-New-License-Terms window. Read the license terms thoroughl and print out a copy for your files (sorry, couldn't resist) and then OK" and the updates will then download (slowly) the needed files and install them.
To make matters worse, the worm will start a Denial of Service attack against the Windows Update site on Saturday Aug 16, so if you think it's bad now, you aint seen nothing yet.
Worm Trivia: The worm contains the following text, which is not displayed on the screen:
I just want to say LOVE YOU SAN!!
billy gates why do you make this possible ? Stop making money and fix your software!!
If you experience either of the above symptoms on your PC's, you need to apply the appropriate patch from here immediately:
Windows XP Security Patch:
http://download.microsoft.com/download/9/8/b/98bcf ad8-afbc-458f-aaee-b7a52a983f01/WindowsXP-KB823980 -x86-ENU.exe
Windows 2000 Security Patch:
http://download.microsoft.com/download/0/1/f/01fdd 40f-efc5-433d-8ad2-b4b9d42049d5/Windows2000-KB8239 80-x86-ENU.exe
Windows NT 4.0 Security Patch:
http://download.microsoft.com/download/6/5/1/651c3 333-4892-431f-ae93-bf8718d29e1a/Q823980i.EXE
Wind ows NT 4.0 Terminal Server Edition Security Patch:
http://download.microsoft.com/download/4/6/c/46c9c 414-19ea-4268-a430-53722188d489/Q823980i.EXE
Wind ows Server 2003 Security Patch:
http://download.microsoft.com/download/8/f/2/8f211 31d-9df3-4530-802a-2780629390b9/WindowsServer2003- KB823980-x86-ENU.exe
Then, run this program to scan your system for any remaining parts of the worm.
Removal Tool:
http://securityresponse.symantec.com/avcenter/Fix
Some day, you will learn that you cannot succeed with Windows. Until then, may God have mercy on your soul.
The MVA (Motor Vehicle Administration) was out the other day. So now, I not only have to wait for hours and hours, I turn in the forms and they tell me to come back the next day to actually pick up the license.
I feel so alive...
"Thirdly, you've just annoyed people who have access to these different systems as they now have to change their password in 3 (or more?) different places."
Exactly. Admins who are lazy will sacrifice security for simplicity.
If you've got the same userpass for everything someone only needs to figure out one userpass to get in everywhere.
If you force your users to have different logins for every app and keep all your app accounts seperate of the OS then if someone gets one userpass the amount of damage they can do is minimized. If someone get my SMTP password, worst they can do is check my e-mail.
In your setup if someone gets your SMTP password they can check your e-mail, mess with files and even possibly escelate permissions on the OS and do some real damage.
Ben
Work Safe Porn
We're not speculating here. This has been done before. Years ago, there was a MS-DOS virus which messed with dBase database files, which were common at the time. IIRC it changed some random bytes in the file.
Now the evil part was that the virus hid these modifications from the rest of the system. The users didn't notice. Only when they erased the virus (or moved the database to another, clean computer), they found out that their data was corrupted.
Luckily, this virus didn't spread far AFAIK. But a good infection routine and the payload can be combined...
I heard recently from my 17 year old friend of mine here in Slidell, LA (Outside New Orleans) that the local DMV was "taken out" by the recent Msblaster worm. It took a few hours for him to get his new drivers License.
--Bahamlabs
After reading some of the messages, a question came to me. If we were living in a world where the majority of computers were running upon MacOS, it isnt predictable that the majority of viruses will spread on this kind of environment instead of Windows? My question is how much we can attack the lack of effort from Microsoft to increase security, and which part of the burden we should blame on a natural exposure of the most used platform to this kind of motivation?
This, of course, is completely wrong. And thus, their basis for calling it a worm is wrong. This virus can infect without user intervention.
bp
MS has made it so that IE is REQUIRED to access the Windows Update site. So, if you've managed to remove IE from your computer, you cannot update your PC to shield against Blaster and your PC will attack MS's site on the 16th. Except for some Internet lag though, it's not your fault because MS decided not to make the patch available to people that exclusively use other browsers. So... Those of us that don't use IE have been invited to attack MS's site by MS!!! How cool is that!
One of these comments in one of the blaster articles had a url to Blaster source code. Anyone want to de-fang it, and throw on an anti-Blaster app? Chances are the stuff that's been hit isn't secured against it yet, so simply hitting it with a modified Blaster should get rid of it, right?
For our windows terminal servers and a few workstations but our Novell cluster is chugging right along. AAAAHHHH Novell the best windows administration tool on the planet, once you get the client installed :)
And they noticed this why?
Our call centre has had 200-300 people in queue for the past 3 days about this (MSN Tech Support, I know, I know.. haha) Microsoft would not even let us call this a virii for the first 2 days even though people knew it was, all that we are allowed to do is build them a manual connection enable ICF and get them to download the patch, then refer them to thier OEM or virus scanner maker. I've mentioned to them that we should be turning of the system restore function after we install the patch, then turn it back on so it erases the virus infected backups. (I've noticed the virus scanners dont pick it out of the system restore files.) But suppposedly clicking this checkbox is out of our 'Support Guidelines'. We are not allowed to remove the virus even though its VERY simple.
Do these agencies really have such little protection against attack? This article makes it sound like Stanley Jobson dropped a hydra in a trapdoor after using a worm to break through the firewall.
Unfair comparison. In your example, the gun is doing exactly what it was designed to do: shoot. The Microsoft product isn't performing as the users have reason to expect it to. And it's because of shoddy workmanship on the part of Microsoft. A better gun example would have be the M16 during Vietnam when it was malfunctioning all over the place. And yes, it was the fault of Colt and the Army for insufficient testing of the product. People died. In either case, shoddy design & manufacture should be penalized.
Just hit the support.microsoft.com site and start counting.
For me, I'm content with the approximation "many", or possibly "too many", or "way too fsking many"
Other OS's that I'm familiar with have many vulnerabilities in programs that run on them, but relatively few in the OS itself. With the various flavors of Windows, there isn't a significant difference. When IIS is installed by default, an IIS flaw is an OS flaw. When Apache is not installed by default, its flaws should not be counted with those of the OS.
Don't count every buffer overflow in every chat client on source forge. DO count every flaw in IE and outlook express, because getting rid of them is impractical. You could probably throw in media player as well.
I agree that you have to stay on top of the updates, but in my environment the many linux and OpenBSD boxes are much less trouble than the few windows boxes - both proportionally and absolutely.
So far as your assertions about "statically linked" virii and the impracticality of attacking *nux, I'll remind you of the redhat attack of a couple years back. Took out quite a number of systems as I recall - across a wide variety of revisions and, because RH is the "base" for so many others, a variety of distributions were affected (including my own, which was running Mandrake 6 at the time).
No, the fault still lies greatly in the hands of Microsoft. They build a system, market it as drool-proof, drooling idiots all over the world buy it, and those drooling idiots get burned and are still so stupid that they don't realize they were LIED TO IN THE FIRST PLACE!
So what? Other systems don't have security holes? Those holes aren't eventually exposed, and patches released? Try subscribing to bugtraq or security focus or any of the dozens of other similar lists for a while and see how many holes in Linux, irix and every other *nix come out. As many as the MSFT products? no.. ZERO.. hardly..
Patches are a fact of life.. IF you don't want to patch your systems, don't connect them. It's really just that simple.
They build a system, market it as drool-proof, drooling idiots all over the world buy it,
The 2 examples stated were city governments. They have large IT organizations that are perfectly capable of making informed decisions. They also have staff who are capable of rolling hotfixes and failed to do so. The time and cost to do so are very nearly zero and yet they chose to ignore the threat. They need to accept the responsibilty.
If privacy had a tombstone it would read "We did it for your own good" . -- John Twelve Hawks
Other systems don't have security holes?
It isn't about doing a hole-for-hole comparison and seeing which pile is higher. It's a matter of comparing a vendor's claims with their delivered goods. Few vendors rank with Microsoft when measured by cunning and deceitfulness.
They have large IT organizations that are perfectly capable of making informed decisions.
Are they? Government bureaucracies are not often highly regarded for their efficiency or sharp decision making abilities. For example, our DMV "upgraded" recently from a modest mainframe-backed system to a new-fangled system with Windows clients. Going to the DMV now takes longer and is much worse than ever before. Microsoft wants people to believe their techology will make everyones problems disappear as if by magic, when, in reality, they are straight-faced liars selling snake oil.
Healthcare article at Kuro5hin
Troll, how is something like redhat's up2date harder that windows update??? And what the hell did I say about turning shit on by default? Why don't they turn on Windows firewall by default? Why don't they turn off high-vulnerability services by default? What the last Linux worm that fucked things up on the scale of a MS worm?
If you're going to troll, put some effort into it. That drivel you spewed was just plain sad.
If I make a bullet-proof windshield for you that doesn't protect against bullets, it would be my fault that the thing doesn't stop them. If your armored truck gets robbed because of this, I would be partially responsible for your losses, second only to the people that robbed it.
If Microsoft would just admit that their software is insecure, we would get back to calling it an insecure piece of crap. When they win national defense software contracts and claim to be secure, I have a serious problem with them.
I use OpenBSD on anything life-or-death and Linux on everything else. I have yet to see any of those systems get infected with a virus or invaded by crackers. The most I've been hurt from a virus was the downtime when my ISP caught Slammer.
Is installing a patch in winshit still as difficult as opening up their browser and going to the update site? Many of us connect to our servers from crummy connections that can't handle remote graphical terminals with Windows. If M$ has finally made an equivalent to "apt-get update && apt-get upgrade" since I discovered the glory of Posix-Compliance, then good job for them. If not, then they can bite my shiny metal ^D
You can't judge a book by the way it wears its hair.
How'd this wind up as a comment for the article on a Windows virus? The parent comment clearly belongs to today's article about growing synthetic diamonds.
Broken slashcode?
90% of the desktops are Windows-Based.
Most Virus writers can purchase a PC and tools to develop a virus for under $200. Add maybe 3 years or so of experience with coding and you have probably code any virus you want to when dealing with Microsoft.
This is why we hear about Worms in the news that are Windows-based.
One of the downfalls of Linux is that it puts a UNIX like environment in the hands of Joe Blow Virus Writer. Also, it puts Linux in the hands of Robbie the Retarded Systems Admin. Similar to What NT has done in the past.
And yes, the Ramen Worm was pretty impressive, had we all been running Redhat 6.2, the news might have mentioned it
Place something witty here
Wierd.. yeah I didn't post to that article, I posted to the synthetic diamond article... I was wondering why ppl were saying OffTopic..
- Voxel
Modesty is one of life's greatest attributes
I got to spend most of the day playing with this. Turns out this is msblast. The '60 seconds to reboot' thing only affects XP, not 2k. The reason we were getting these strange symptoms and nothing for the virus scanners to catch is that this is a failed msblast. The buffer overflow hit, but failed to download the payload through tftp. (Yes! Finally, an advantage to having your WAN links running at 750% of capacity - virus-induced TFTP transfers fail!) We found that installing MS03-026 on the system and rebooting cleared the weird behavior, and for one or two that did actually manage to download the actual virus file, Trend's newer virus defs find it and kill it mercilessly (even removing the registry entry.)(Trend pattern file v606, released yesterday, supposedly found msblast, but we didn't see any actual detections until v608 came out today. Could have just been that none of the machines had downloaded it yet yesterday...)
Hope this helps the people who had similar symptoms.
The MVA doesn't need a virus to slow it down. It crawls just fine on its own.
Shut up brain or I'll stab you with a Q-Tip. - Homer Simpson
How do you come up with the "formula" that you should see 1 virus for other platforms for every 20 developed for Windows?
If Windows has a 90% marketshare, that doesn't mean the alternatives will automatically have some directly relative percentage of virii targeted at them.
It's more complex than that. I propose that Microsoft, being as large as they are (and supposedly, a monopoly too, right?), have made far more enemies than the developers of alternative OS products. Look how many virii contain anti-MS messages inside them! They're purposely trying to punch holes in the MS products because they're the "standard".
It isn't as simple as a virus writer saying "Hmm... what does my workplace use? Oh, we run Linux? Ok then, a Linux virus it will be!"
Besides your made-up figures, none of that made much sense. And one Linux worm? Wow.
Ok, I blame John Brunner for inventing worms, in Shockwave Rider.
My other car is a 1984 Nark Avenger.
Why not? A few years ago the customer information on my electric bill changed suddenly. The address was correct, but in the style of my previous address instead. My phone number jumped back 3 years and 2 addresses. A big company or utility would never do anything disastrous, would they?
My other car is a 1984 Nark Avenger.
Good show. I guess, I just don't have the time to spend with my slackware partition anymore since I got a real fucking job and stopped working graves at the 7-11... I do love the idea of open source, and I do use my slack as much as possible, but goddammit, I need shit to just work out of the box once in a while. When I don't have to turn off FUCKING APACHE, SENDMAIL, FTPD, AND THE REST after an install, dick with my fonts, install xine, mplayer. realplayer, xmms, newest mozilla, gaim, and your fucking mom to getthe basics done, then I can convince my roomate everquest is evil, and delete the XP part. Love the linux, and will never be without. Also love the XP, and can't wait for the day I can do without.
Shift happens. Fire it up.
Like hell it doesn't! Every part of my systems down to the little rubber feet on the bottom are detailed down to DLL level through version-controlled documents that are wet-ink signed on completion. We're considered validated by the FDA.
There's nothing wrong with using IE and IIS (well, maybe not IIS!) in a medical sector, but you take precautions. Lock it down, firewall it off and certainly don't expose it to the internet.
I *certainly* wouldn't let anyone using a PC that I don't admin and lockdown access the systems I admin. If anyone wants to sit at home in the garden looking at my systems using their insecure wifi connection they can't. Simple as that. It's just good practice. GxP, in fact.
tru.
--- Nothing is secure.
A snippet of M$ propaganda from their website regarding Win2K3:
Security. Businesses have extended the traditional local area network (LAN) by combining intranets, extranets, and Internet sites. As a result, increased system security is now more critical than ever before. As part of the Microsoft commitment to reliable, secure, and dependable computing, the company has intensely reviewed the Windows Server 2003 family to identify possible fail points and exploitable weaknesses.
Good points, but my overall point is that there would be more around than what there currently is.
As for developers, I would argue that Microsoft has the lions share of the developer community and most of those seem to love Microsoft. So it doesn't seem out of reason to assume that some of them would try and hack other systems.
I don't agree that most of these contain anti-Microsoft messages either. Most seem to contain crap. The core issue is that Microsoft has ignored security at the cost of features while most of the competition hasn't and for the longest time I.T. consulting companies have ignored this as well. Now they should be held particaly responsible.
Lets compare Applets to ActiveX. Java Applets were far more prevelant than ActiveX controls, but Sun took security seriously and Microsoft didn't. ActiveX is an abomination at best and Applets, although a pain are still usefull.
The more I learn about science, the more my faith in God increases.