Slashdot Mirror

← Back to Stories (view on slashdot.org)

WindowsUpdate.com Secured, Permanently

Posted by jamie on from the and-fix-your-software dept.

Precisely nineteen months ago, Bill Gates sent out a memo to employees (and the press) announcing that security was Microsoft's number-one priority. Today, about a hundred readers have submitted the news that Microsoft.com went down last night. And now, the company has "extinguished" WindowsUpdate.com (future updates will come from a different domain). All this because of some Microsoft worm that triggers at midnight. Related news: Windows Update says you're protected, but maybe you're not; WU.com briefly ran Linux, heh; worm variant with clever "anatomical term."

17 of 766 comments (clear)

  1. I think the windows update botton on the taskbar.. by Squeezer · · Score: 4, Insightful

    always took you to http://windowsupdate.microsoft.com so whats the big deal about cancelling windowsupdate.com? do you think anyone will notice, or care for that matter?

    --
    Does the name Pavlov ring a bell?
  2. Re:I think the windows update botton on the taskba by h0tblack · · Score: 4, Insightful

    They're obviously worried that something is in the wild that is hard-coded to attack WindowsUpdate.com, else there would be no point in abandoning that domain and moving to another.

  3. Permanently Secured == Permanently Offline? by Matrix272 · · Score: 5, Insightful

    So "Permanently Secured" now basically means "Permanently Offline"? Why didn't they just let the worm eat the domain? What's the difference, really? Whether they pull the plug, or the worm does it for them, it still means windowsupdate.com won't work...

    --
    "It's better to have a gun and not need it than need a gun and not have it." ~ Christian Slater, True Romance
  4. Re:I think the windows update botton on the taskba by druske · · Score: 4, Insightful
    "...whats the big deal about cancelling windowsupdate.com? do you think anyone will notice, or care for that matter?"
    The virus writers will care. I'd be surprised if a version with a New Improved attack address hadn't already been launched, probably ignoring the semaphore which normally kept the worm from reinstalling itself on an infected machine. If this happens, Microsoft's initial countermeasure won't be worth much for long. Still, it was a necessary and sensible first step.
  5. Re:really... by Eric+Ass+Raymond · · Score: 4, Insightful
    What makes you think that Linux is secure software? Or FreeBSD for that matter. I'd argue that OpenBSD is more secure but so is Trusted Solaris. Given the same marketshare as Windows, Linux would be just as much targetted by the black hats and script kiddies alike as Windows is these days. This time you cannot even blame Microsoft for delaying the patch. It was all because of a fault in software and if you argue that the open source alternatives are immune to remote holes, you're deluding yourself.

    governments of the world should heavily fine ms each time a serious bug is found and/or exploited. and people should examine, and demand, better alternatives

    Would you prepared to submit the open source community to this same program? Every time a governmental Linux server is cracked, RedHat, SuSe or fundamentally FSF will have to pay.

    --
    BOO! TERRO
  6. Re:A moving target is still a target by ebh · · Score: 5, Insightful
    Um, not to be a Microsoft apologist or anything, but at least in the case of MSBlast, they DID fix the problem.

    This is not like those stupid email trojans that are inexcusable because Microsoft intentionally opened the door (with scriptable email, etc.). This is a garden-variety buffer-overflow exploit of the sort that could just as easily still exist somewhere in Linux.

  7. Sidechannel attacks by babbage · · Score: 5, Insightful
    Of course, this leaves them open to alternative attacks.

    For example, if someone hijacks or otherwise poisons some DNS servers, then all the traffic to windowsupdate.com will make it through to windowsupdate.microsoft.com anyway.

    Or, a future worm could be written to target & attack a variety of Microsoft servers.

    Or a future fowm could be written in such a way that the target is not part of the worm's code, but rather can be directed remotely somehow. This way, even if Microsoft tries to switch addresses, the person[s] directing the attack can just change the target.

    The real solution isn't to keep trying to dodge the bullet.
    The solution to become bulletproof.

    Even after all this time, Microsoft still doesn't seem to get that.

    Part of the reason Microsoft is such a prominent target is of course because it is so, well, prominent. Taking down (say) an FSF server doesn't raise nearly as many headlines (as this week's headlines will attest to). But I don't think that all of the problem here can be traced to how widespread Windows is -- while the Internet's clients are nearly all running Windows, a large fraction of the server architecture is running some Unix variant, and while there is of course some malware that targets *nix (Linux, Solaris, MacOSX, BSD, etc), the results never seem to be as catastrophic as the typical Windows outbreak

    To rip of Bruce Schneier's analogy from his security article in Atlantic Monthly a year ago, it seems to me that the what security mechanisms Windows has tend to be brittle, while those that the *nix etc world have tend to be pliable. That is to say, when a problem comes up with (say) Apache, the damage tends to be isolated. This is partly because each installation will be configured differently, with different features enabled or disabled, and partly because the server runs on a variety of systems, each of which may have different mechanisms for providing underlying security protections. On the other hand, IIS installations tend to be pretty homogeneous, and a flaw with one very well could be a flaw with all.

    That's not to say that IIS couldn't be just as secure as Apache, if not much more so. But part of Apache (etc)'s strength is it's heterogeneous nature -- people are able to tinker, adapt, mix & match components to suit their needs, and in the process this will also tend to protect them from catastrophic failure. Microsoft has actively resisted this kind of diversity -- witness their howls about having to come up with "thousands of versions of Windows" if some of the firmer antitrust penalties were put into force. Those thousands of permutations are, arguably, exactly what is needed: this will give their users greater choice, and it will make emergencies like this more rare.

    I don't get why they're so opposed to the idea.

    Maybe they've got cleverer plans than anything I can think of. I certainly wouldn't claim to be any kind of security expert. But if the best they can come up with is a change of address card, I can't help but wonder if they're fumbling in the dark here...

    --
    DO NOT LEAVE IT IS NOT REAL
    1. Re:Sidechannel attacks by babbage · · Score: 4, Insightful

      I actually don't want to get into whether or not having source code access improves security. A lot of people firmly believe that openness lends to security (and I happen to agree with them, in general), but some of the arguments against source availability are pretty persuasive too. Let's not get into that right now.

      You write...

      Apache (the core) isn't resistant to attack because it can be compiled and run just about anywhere. It's resistant because the developers assume that it *will* be attacked and they take that very seriously -- beyond adding features.

      Well put. After re-reading my post again, I think you've done a better job of putting your thumb on Schneier's argumeent about the pliability of systems that have well designed security. The point, which I guess I didn't really explain well enough, is that a well designed system sags instead of buckles; it softens instead of shatters. Apache tends to sag & soften; IIS tends to buckle & shatter.

      No system can ever be completely resistant to catastrophic failure. I think that Godel's incompleteness theorem and Turing's halting problem are, in a way, proofs of this assertion: no matter how well any system is designed, there are always cases that fall out of the design scope, and will cause Interesting Failures.

      This can be a depressing insight. You will never have a perfectly safe system. Ever.

      You can respond to that in a couple of ways. One is to say "fuck it, we can't win, so why try"? Another way is to say "we can't anticipate what will happen, but we can try to compartmentalize the damage from certain problem classes." You could say that Microsoft has been moving to the second point of view here, but it's taking them an agonizingly long time to get there, while Apache/Linux/etc have long beeen designed from this point of view.

      Interestingly, and to go back to Schneier's excellent article again, this sort of thinking also comes up in real world security considerations. Some of our systems are brittle (the airlines), and single failures can have catastrophic results. Other systems tend to be plastic (the power grid), and catastrophic failures are rare -- because single failures are common, expected, and planned for.

      This is why I find all the bleating on by the newscasters & politicians that "the power outage was not the result of terrorism." Well of course it wasn't, this isn't the sort of attack that a small malicious party can pull off. Power stations go out all the time, but normally nobody ever notices. Indeed, it is very, very hard to deliberately bring down a power system: NATO spent a month bombing the power grid & computer netwroks in Yugoslavia, but they never managed to do much more than bring a city like Belgrade down for a few hours before power was restored.

      If you want to bring down a whole grid, the best way to do it is by plain dumb luck (or an overwhelming lack of luck, depending on your point of view :-). It was a random fluke that caused yesterday's outage, just as it was random flukes that brought down the grid in the last two major outages, in 1977 & 1965. (On the bright side, that suggests that the mean time between power grid failures may be stretching out... :-). (Incidently, the Presidential Report on the 1965 outage makes for fascinating -- and newly relevant -- reading material).

      (To get even further off track, this kind of thing is also why Bayesian spam filters are such a good idea: at the micro level, each filter tends to do a fairly good job of being able to classify each user's patterns. But at a macro level, everyone ends up with a unique profile, and spam crafted to circumvent one user's Bay

      --
      DO NOT LEAVE IT IS NOT REAL
  8. Scary Vulnerability by rgmoore · · Score: 5, Insightful

    This strikes me as being a really bad thing:

    Windows Update works by adding an entry into the system registry every time it installs a patch. When users log on to the update tool, it scans their registry and offers them list of patches that have not yet been installed. Cooper said that this mechanism was found to be flawed.

    "We found that people had got the registry key for the patch, but not the file," he said, explaining that the error could be triggered by a number of reasons -- from an incomplete installation to a lack of system resources.

    They're missing a really big flaw, here, which is that this is horribly vulnerable to malicious behavior. There are already plenty of viruses and worms out there that make registry entries for one purpose or another. It seems to me that if you were exploiting a vulnerability for which a patch already existed it would be very easy to automatically modify the registry to make it appear that the patch had already been applied. This would make tracking which systems were vulnerable much, much more difficult. This would work particularly well if you were trying to make a stealth worm.

    --

    There's no point in questioning authority if you aren't going to listen to the answers.

  9. Re:Not really... by terrymr · · Score: 5, Insightful

    I think given Microsoft's position on Linux that they shoud / would have researched the market to see if the service could be provided by a windows shop before signing a deal with akamai. It looks bad ... almost like saying windows isn't up to the task.

  10. Microsoft's "Security" Record sucks but... by Eric+Damron · · Score: 4, Insightful

    the Linux community needs to concentrate on not becoming the next big security joke. Okay, it's fun to laugh at Microsoft's pathetic record.... Just a second... Muhahahahahah. I feel better now. But as Linux becomes more and more popular blackhats will put more and more attention into breaking our OS.

    We need to all make good design and operational decisions. Bad decisions like the one made by Lindows to run as root be default can lead to Linux having as bad a reputation as Microsoft.

    The Linux community is positioned to demonstrate to the world that Linux, not Windows, should be used anywhere that security is an issue. Let's not blow it.

    --
    The race isn't always to the swift... but that's the way to bet!
    1. Re:Microsoft's "Security" Record sucks but... by MicroBerto · · Score: 4, Insightful
      Many people are probably thinking about the kernel, but those guys are doing a relatively good job.

      What we really can't overlook are the popular distributions. They can't be putting in ridiculous defaults at startup. They shouldn't use too much beta software that's going to be running a lot. They need to keep pushing updates, and make it easy. And for the most part, I think we're doing pretty good. Learn from Microsoft's mistakes while you laugh at them.

      --
      Berto
  11. Re:Power outage related to Microsoft by spectecjr · · Score: 4, Insightful

    If those rumors are true, then the worm didn't cause the power failures, it just disabled the systems that would have prevented them. That this happened at around the same time is just a coincidence, - or maybe minor power failures happen frequently and were just prevented from spreading?

    Take it from someone who's soon-to-be-parents-in-law are up to their necks in the power + safety industry ... no, they don't run Windows.

    Control frontends and GUIs may run Windows. They may also run Java apps. The back-end is ALL Unix (and specifically NOT Linux), because there are very few OS vendors who will certify and indemnify the use of their OS in that kind of safety critical environment. Windows explicitly states that it's not for use in such an enviornment.

    Simon

    --
    Coming soon - pyrogyra
  12. Re:Power outage related to Microsoft by Cyclometh · · Score: 5, Insightful

    No need- end our little war in Iraq and we'll free up the funds needed. I read yesterday that the cost of the war in and occupation of Iraq will cost over $600 billion dollars.

    Just close up the operation a little early and divert those funds.

    Nah, never happen. Preemptive wars and years-long occupations of nations that are of dubious (at best) threat to US interests are more important than making sure your lights stay on.

  13. Re:Next Week.. by gujo-odori · · Score: 4, Insightful

    Let us not say that.

    The MSBlast worm delivers about a 16 kbps stream, so whether the zombie is sitting on a 56k dial, a 256k upstream DSL or cable connection, or has a T-1 or larger uplink doesn't really matter. DDOS zombies don't usually consume all of the available bandwidth, since doing so would be rather counterproductive to the goal of making a DDOS attack.

    If an average user, being mostly computer-illiterate but knowing that a reboot fixes most Windows problems for a while, finds that his/her computer can't connect to the Internet (the symptom of having all of your upstream bandwidth utilized), the most likely response will be a reboot. This lowers the effectiveness of the DDOS attack compared to a large number of zombies making the attack without their owners' knowledge, which allows them to continue uninterrupted.

    Numbers of attackers are the key to a highly successful DDOS attack, not using up all the bandwidth at the zombie's dispoal. MSBlast could take a lot more bandwidth and still be not noticed by broadband users, but the authors have clearly crafted it to work and not be noticed on machines with dial-up and other low-bandwidth connections (I saw a 32-workstation LAN in a third world country; there was a 64k uplink for the whole office; things like that aren't unusual in many parts of the world. The likelihood of those machines being uptodate on patches is very low, which makes them a good target for MSBlaster.

    My purpose for being there was to install a hardware firewall in front of their network, so they are far less likely to get infected, but there are many vulnerable machines like that out there with no protection. A good DDOS client can use them; one that consumes all available bandwidth can't.

  14. Uhhhh, No by DesScorp · · Score: 5, Insightful

    "why would i want to help allievate the situation? hell, i get to have all my computers attack microsoft for free! and legally! wohoo! sick 'em!"

    I know (think) you're joking, but while we can moan all we want about how Microsoft should design software that's more secure, we can't do anything about existing systems. And windowsupdate was the fastest, easiest way for the non-tech public to protect and repair themselves. Those of you out there that view this impending attack and the shutting down of windowsupdate as a good thing are very shortsighted.

    Maybe you don't give a shit about all of those other users out there that use Windows. Maybe you're happy this is happening. Fine. But rest assured, it's not going to cause people to rebel against Microsoft, like many of you are hoping. There will be no enlightenment and mass exodus to Linux or BSD or OSX. This is going to get blaimed on "hackers". And we all know hackers hate God, hate America, root for Saddam, get pentagram tattoos on their foreheads....and use Linux. Pretty soon it'll be "yeah, I saw those Linux guys bragging on slashdot.org that they took windowsupdate down!"

    IBM's reps will be going "yeah, thanks heaps for the positive image, slashdotters.........fuckers".

    Make fun of people that run Windows all you want, but don't assist in, or support the disabling of one of their few effective means of defense.

    --
    Life is hard, and the world is cruel
  15. Everybody is missing the point by grozzie2 · · Score: 5, Insightful

    I think everybody is missing the point on this whole issue. Fact :- Blaster is a worm, who's payload was intended to dos windowsupdate.com, rendering it unavailable to the folks using it. Fact :- windowsupdate.com is 100% unavailable. Conclusion :- Blaster is the most successful virus/trojan to date. It didn't just cause a few hours of unavailability, it wiped the domain from existence. Not just any domain, but a prominent microsoft domain (high profile, big budget website) totally obliterated off the internet. Folks can say what they want, and argue about the politics of it all, bicker about who is responsible to update what, and whatever, but you cannot deny the facts. Blaster is head and shoulders above the crowd as a denial of service worm, the first to achieve a 100% success even prior to actually triggering. Say what you want folks, but this has got to go down in history as the most successful worm ever.