Slashdot Mirror
Sasser Worm Disruption Growing
thebra writes "Yet another virus is causing problems with Internet Explorer. "Sasser, unlike a virus which travels through e-mails and attachments, spreads directly from the internet."A removal tool can be found here."
Here at work, none of our employees can connect to the VPN, hence nobody can get work done, hence I'm sitting here with my phone ringing off the goddamn hook.
Capital punishment for worm writers!
Can be found here.
All those moments will be lost in time, like tears in rain.
Yet Another Microsoft Exploit.
You are being MICROattacked, from various angles, in a SOFT manner.
"Some things have to be believed to be seen." - Ralph Hodgson
Even the news on the tv talked about it before /.
Uh oh, did not we have this already?
Sasser doesn't affect IE.
What does Sasser actually DO?
Usually, viruses have a goal, like collecting your personal information, DDOSing SCO, or SOMETHING...
What does this one actually do?
My theory is that someone wrote it to disable all the spamware-infested computers out there.
They can't be spamming us if they're rebooting constantly, can they?
And if the owner doesn't disinfect them and protect them from future attacks, they'll just start rebooting again...
I don't know the meaning of the word 'don't' - J
We tried installing MS04-014. It totally secured our network - it shut down out ADSL link until we removed it.
Thanks guys...
'Don't worry' said the trees when they saw the axe coming, 'The handle is one of us.'
Once again, those "other" OS'es prove that security through obscurity is the wya to go. :D
That it's the most popular even amongs hackers.
Another removal tool made by Network ASSociates can be found at: http://vil.nai.com/vil/stinger/ I've used it on a number of a machines with no problem. It only scans files (no registry). It fits on a floppy and it's free. It'll even run on machines that already have virus protection, good if someone hasn't updated their definitions and can't get on the internet. It's updated anytime a new baddy comes out, but you have to redownload the EXE file since it doesn't check for updates.
That crackers like to attack them because they are widely deployed.
What does this tell us about MSFT products?
that they have the largest market share so are targeted by hackers?
I still am of the opinion that it doesn't matter how many patches M$ releases. The fact is, we need an educated user base. So many people continue to use computers without knowing the full risks associated with them.
The Internet is great, broadband is great, computers are great. But as long as people are willing to give up their passwords for chocolate and have no clue what a firewall is or what it does, this problem will continue to plague everyone.
Nothing beats a good educated user.
Proudly supporting the Libertarian Party.
then Am I okay?
This is an honest question. Noone ever posts "users that have been keeping up with microsoft windows security updates are (still/not) under threat by this worm."
Its just a tiny little bit of information that could be extremely valuable.
So, Im totally up to day.. Am I safe?
These are the three secret ingredients to a relatively secure system. Read them. Learn them. Understand them.
Hate me!
You forgot to mention that "sasser" only infects windows machines.
It should be the default assumption that since it is a worm then it only infects windows (the same goes for virii of course). I would think that it would be worth mentioning if it infected anything besides windows boxes...
The original poster is not correct when claiming Internet Explorer has a problem. This time it's a hole in the so called "Local Security Authority Subsystem Service" that's causing problems.
See this and this for more details.
What it tells us about Microsoft, is there are people out there who cannot take care of systems.
This includes Linux boxes and Mac boxes as well.
Wake up and smell the damn coffee, it's not a problem exclusive to Microsoft, as much as some of the Linux rah-rah club would like to think.
Why is it OK for Linux to patch the hell outta itself but a damn near capital crime if Microsoft has to?
Grow up.
Microsoft released a patch, people did not install the patch. Who's fault is that? None of the 1000+ systems in my office were infected because I'm intelligent enough to have policies in place to prevent stuff like this from happening.
Perhaps that MS products are more widely used than anything else?
The poster called Sasser a virus, then proceeded to give a definition that said it was not a virus. No offense, but was the poster actually reading what he wrote?
It tells us that since Windows is the most widely-used (and since there are a lot of anti-Microsoft zealots), it is the favorite target of script kiddies. If Linux were the most widely-used OS, it would be the one attacked all the time.
Read CERT. There are just as many linux-related vulnerabilities as Windows. (think: OpenSSL).
Insert offensive troll-style sig here. Please mod or respond appropriately.
Sasser is not a virus as the poster stated, it's a worm.
From my understanding of the Sasser worm, it infects vulnerable Windows PCs by probing and connecting through a specific open port, and then launching some Windows specific code designed to infect and propagate the worm. My question is of a largely theoretical, yet insightful nature: if a Linux machine is running a Windows emulation environment, such as WINE, and the Sasser specific port is open, is it possible that Sasser could attack and infect the Linux PC? After all, if WINE is at a level of compatibility which allows Linux users to run complex Win32 apps such as Microsoft Office, is it also not inconceivable that some Windows vulnerabilities have been emulated also? I look forward to the community's response.
All the computers the UK Coastguard use have beeen affected according to this BBC story
Struggling to find a day everyone can make? WhenShallWe.com
Can't wait to get the phone call from my mom... "So now that I can get a virus/worm from doing nothing... can I click on that screen saver that nice man from Nigeria sent me?"
Let the condescending remarks about operating systems begin!
> Poor programming by Sasser's creator makes > infected machines shut down. I love it .. dissing the worm's creator IN THE NEWS STORY. I'm sure whoever it is was happy to read that.
It's not a lie. It's the truth with lossy compression.
Everyone with a Windows machine should sign up for MS's monthly security e-mail or religiously check Windows Update on the second Tuesday of each month. I won't go as far as recommending automatic updates, though.
When I am king, you will be first against the wall.
What the hell has a worm that attacks through non-HTTP traffic and downloads its body through a built-in FTP client got to do with Internet Explorer?
If you're going to bash Microsoft, at least bash the right frickin' part...
The Slashdot Paradox: "100% Overrated"
The UK coastguard is severly effected. Shouldn't this be an easy sell for Linux.
Thinking about emailing them, but they probably have their hands full.
The /. item is wrong in associating this worm with Internet Explorer. It's a direct attack on Windows, not a flaw in IE (or Outlook Express). And, for once, it doesn't seem to have an email vector.
mapping systems. Luckly those people still knew how to use old fashioned maps for emergencies.
I wounder how people will survive in a few decades when everything is dependent upon the computers; then out of knowwhere a virus takes out systems. Can people still know how to go old skool to fix problems?
Here is a fast, cheap and reliable way to fix this problem:
* Buy a hub/router with builtin firewall for about $40 to $80.
* plug it in.
There you go.
Wrong again. Apache has the largest market share in HTTP servers, and it's not the most hacked.
I'm in the hole of the broadband donut.
I think it is a given that most worms and such now are windows, and mac and linux (all other unix's included) are worm free by nature.
Note the word worm....
What could be more "directly from the Internet" than email?
An exploit connecting directly to port 445 of a host and not requiring any user-intervention to become infected.
I was reading the article from the BBC. How many key services of the society must be crippled before those in charge start to realize that Microsoft, while pleasing to the eyes and well marketed, just isn't suitable for anything that matters.
When someone can crash a railroad system from a virus, we have a problem. What would Benito Mussolini have said when his trains were running late because of yet another worm? How many railroad operators would have died?
It's a strange problem, security. Educated users are key, but because Microsoft has the largest market share, they also get the largest number of uneducated users. What will happen if Linux eventually completely replaces MS products on the desktop? Will they have the same security problems?
Port knocking?
That they're more popular than Linux and Mac machines, and make a better dispersion vector?
Insert witty saying or aphorism here.
It looks like it exploits LSASS.EXE by scanning for a listening port 445. Good job I've got all incoming blocked by default.
Roll on XP SP2 with the firewall on by default for everyone, then hopefully things like this will go away....
Just added another virus removal tool to my startup folder! Its starting to get big and unmanagable, I am thinking of putting it on a seperate partition...
one thing about that chocolate ... how do we know the password is legit? If someone came up to me offering chocolate for a password, I could easily make up some random sequence of alphanumerics and get the candy.
example: when i was at university, there were frequently marketers out pushing credit cards to students by offering up a free gift (eg, a hat, t-shirt, some other corny thingy) in exchange for filing an application. many students got the gift by filling in dummy info for the credit card application.
Any site that gets slammed by this needs to fire their network admin.
It is very apparent that using Windows is like living in a high-crime, blighted neighborhood. You try and try to live a normal life but at any moment something bad could come along.
Why people continue to choose Windows is beyond me. Linux and Mac OS X are more secure and more powerful. And oh yeah, cheaper. Sure you get Windows when you buy a new machine. But that's like offering a poke in the eye with a pointed stick with every purchase.
Email gets picked up by your email client. An email virus must then be run from the message either by opening the attachment or (for some Outlook versions) by having Outlook open it for you. Even just receiving a copy of an email virus requires that you run your email client.
In the case of the Sasser worm, it is using an open port to crawl directly into your computer when you connect to the internet. There is no action required on the part of the user and no infected file to load. Windows simple accepts the connection and installs the worm.
That's why worms are "more directly from the internet" than email-based viruses.
Life is short: void the warranty.
what kind of idiots marked the parent "flamebait"? Seems like a pretty honest, straightforward, reasonable comment to me???
I think it's important that we all recognize Microsoft's role in this and always refer to these worms as "Microsoft(R) Windows(TM) $(wormname)", in this case the worm is called the Microsoft(R) Windows(TM) Sasser Worm.
This way people won't get confused as for which platforms are compatible. Thank you.
It tells us that a lot more people uses Windows that Linux. It's just showing a lack of understanding for the whole problem, to say that this shows that Linux is better than Windows.
I thought the same thing... Has nothing to do with IE. Read the articles to double check. Has nothing at all to do with IE.
I'm not sure why everyone is so hopped up on these removal tools. It seems to me that after being infected with a worm that installs a back door, more people ought to look at reinstallation from known good media.
Biggest Windows vulnerability ever, again. How many times have we said that this year? At work, it's begining to feel a bit like a duck and cover drill.
-Peter
. Penguins Surely Ca
Down the hall are the MCSE's. I can hear them shouting at each other about why this and that system wasn't patched.
Even the network big wigs are in the room with them.
Ahhhh... the joys of *nix....
Back to my wonderful coffee....
This is a test. This is a test of the emergency sig system. This has been only a test.
Dude, it's Mac OS X, not OSX. It is not an acronym. And it's pronounced "oh ess ten."
I'm in the hole of the broadband donut.
I have been giving this some thought, and quite frankly, even laptops can be locked down so that users are patched against this kind of attacks. The main issue in the IT-depts' of the companies mentioned above must surely have been giving it some thought yesterday; -Why did we not apply that patch from MS?
The answers for many sysadmins is to apply patches in batches on a regular basis, unless there is something *mission critical* on the radar. Ofcourse such things as the patch available to stop "sasser"-worm may have slipped by the eyes of even expirienced sysadmins, especially when its not flagged with whistles and trumpets by Microsoft.
Other sysadmins have choosen not to patch the vuln. due to its effect on VPN-connectivity as mentioned in other posts. The big question here is why Microsoft released a patch that disabled VPN in such a way. I realise it may have been the lesser of two evils, but hey, atleast they could have released the VPN-aware patch a little earlier than yesterday morning..
Just my 0.02 Norwegian Kroner
"-Who said sit down?!"
-- S. Ballmer @ MSDC 2003.
i'd like to know:
when is someone going to put a genetic algorithm into their virus/worm?
something that mutates the worm's parameters (ports, timing delays, ip-search stratgy, etc.) so that the most virulent parameters are found by "natural selection"?
seems like an ideal application for genetic algorithms.
K.
That depends on whether the Microsoft patches you have installed don't actually do more harm than good.
For other than this particular exploit, it also depends on whether another exploit is made available before a working patch is made available for a publicized (or not!) vulnerability.
In short, no. You may be safer, but you're not safe.
--
Hanlon's Razor - Never attribute to malice that which is adequately explained by stupidity.
"Never attribute to malice that which is adequately explained by stupidity." - Hanlon's Razor
People have short memories. There was an Apache worm about two years ago (in mod_ssl).
Here is a link
Of course, worms like that are few and far between, especially when compared to the number of Windows worms going about lately, but to claim a system is "worm free by nature"? I think that's more than a little premature.
I have zonealarm setup on a home PC and it failed to keep Sasser out. So much for a personal firewall.
And yes there is AV on it, but it was infected before the updates had even come down.
Same s**t, different day
Up to date with patches, a proper firewall, and common sense and my Windows machine has never had a virus. I am convinced that in the end Windows users will end up better off. It is like security boot camp with live ammunition. Each time the number of people infected gets just a little bit smaller.
I picture a day when most users have migrated to Linux and the first serious threat comes out and they are all prepared and the l33t get destroyed because their systems can't possibly get a virus because it is open-source.
I patch both my Slackware box and my Microsoft box regularly - do you?
A few days ago I saw a message from our firewall asking if I wanted to allow Security Authority Subsystem to be contacted by a remote host.
A simple click on the "No" button stopped this worm in its tracks.
If more admins just installed firewalls and made sure all unnecessary services were blocked there'd be a lot less worm infections. (sure it won't protect people who need to use the Security Authority Subsystem, but I'm willing to bet a lot of the infected machines don't use it at all)
AVSERVT.EXE is the FTP server that Sasser uses.
It will show up as a very hungry process (77%+ CPU)
Kill it and then you'll be able to patch the box.
Obama's legacy: (N)othing (S)ecure (A)nywhere and (T)error (S)imulation (A)dministration
"noone" is not a word. It is not in the dictionary. You've made an excellent point in your post, but it's tarnished, at least to my eye, when I see you use things like "noone." Look it up and use "No one" next time. Two words. Thank you.
"I'm sitting here with my phone ringing off the goddamn hook"
so are you telling us you'd rather let the phone ring and read slashdot and post comments instead?
OpenSSL is not turned on by default in every install, and *very few* of the vulnerabilities in Linux, or OS X would have affected a standard system install. For example the recently reported vulnerability in OS X doesn't affect most people because that service (AFS) is off by default. People who have turned it on should know they have, and are more likely to patch.
.NET doesn't leave me hopeful about their future security priorities.
Windows has a lot of holes, and has historically been very lax in leaving services open (uhm, netsend, RPC) that no normal user needs. Thankfully they're *starting* to address this, though the attempt to embrace and extend the internet with
I think you should admit that things are not all rosy before/whilst jumping to the defence of Microsoft. It is time people wake up and start to question what system they use, rather than use Windows with the justification that 'everyone else does'.
Yes! This a router borne worm that even has it's own IP address.
Free Firefox news reader.
MS has issued a patch for this. Why it's not a critical update is beyond me...
Google cache of McAfee's page on the worm
One of symantec's pages
The patch from MS : http://www.microsoft.com/technet/security/bulletin /MS04-011.mspx
just BSOD'ed my Citrix server.
YMMV
"/Dread"
Now that's what I call a superior worm!Imagine my shock this morning when I read the BBC's article on Sasser which claimed:
This bastard hit Cummins Inc. , Sunday morning, shutting down manufacturing and corporate operations at every facility in the world till early Monday morning.
You obviously weren't a fan of Herman's Hermits. Peter Noone rocked.
Sure, my parents know what a firewall is.
Dumbass.
false.
remember, IE is an integral part of the Windows OS.
This news is a couple of days old....why is it just now /.ed??
In that case, your parents need some education instead of a computer. Education, you know... The thing they failed to give their offspring.
Fuckface.
like apache is the most popular web server?
Bloody hell, man! /.! How dare you ask that question here?!
This is
Well, there's spam egg sausage and spam, that's not got much spam in it.
Well in this case, yes.
Sasser exploits a hole in Windows. A patch for this hole has been out for about three weeks.
Moral of the story: Keep aware of the Critical Updates. You may not need to apply every single one of them, but at least be aware of what they are, and what problems they are designed to fix.
I'm not crazy,I'm actively irresponsible.
As I sit here working on my PowerBook, I look at news links and slashdotters frantically trying to apply patches and download the newest virus updates to combat yet another virus. And I continue to work, without even having a virus scanning program on Mac OS X. Never had a virus on my Mac, and never plan on getting one.
Apache has the largest market share in HTTP servers, and it's not the most hacked.
I always see this posted and I think people get this mixed up. More web sites are hosted on Apache servers, but there are more physical boxes running Windows.
Example:
I just left a job working at one of the largest internet hosting companies. We hosted close to 300,000 web sites; both Windows and Linux. Our customer base was roughly 60% Linux and 40% Windows; hosted on a little over 5,000 servers.
If you were to know the number of servers we have and looked at a Netcraft scan you would assume the following:
3,000 servers running Linux web sites
2,000 servers running Windows web sites
But that would be incorrect. Most of our Linux sites are cheep little geek home pages where we have a couple hundred sites hosted on a server. Our dedicated sites, big e-commerce sites, are mostly running on Windows boxes. So we have some servers running hundreds of sites and others running 1+ sites.
What's my point? In reality it's more like 1,500 servers running Linux (Apache) and 3,500 running Windows (IIS). I've worked at a couple large hosting companies and it's the same at all of them. So when you see the Netcraft report stating that 65% of the web is running on Apache, that doesn't mean there's more physical servers out there running Apache than IIS; just Apache servers are hosting more sites due to the small, cheap nature of a lot of Linux hosted sites. So, in reality, there is a larger install base of IIS machines. Of course Apache is pretty secure, because if they attacked an Apache box at a hosting company they could take down a lot more sites, causing more havok.
That's why I am in favor of licensing computer use. You obviously can't be bothered to educate your parents so somebody else will have to.
Mine was probably the only PC left infected in the office. Funnily however when i tried to download the patch for Sasser from Microsoft ( I unfortunately have to dual boot), Here is what i got Thank you for your interest in Windows Update Windows Update is the online extension of Windows that helps you get the most out of your computer. You must be running a Microsoft Windows operating system in order to use Windows Update. From what i have heard from my colleagues, this worm attacks when you connect to net, and microsoft forces you to connect with a vulnerable system. But then, windows is a product for dummies from the dummies. PS: Tried fooling the script at windows update site by changing browser identification, but this only prevented the thank you message, didn't allowed to download the patch
One aussie politician points out that not all computer systems are affected.
Just to comment on the "educated user" bit. My father works at the EU Commission. The news reports were not overstated. Almost ALL (at least 90%+) Of the computers on the Commission intranet (around 25,000 if I remember correctly) were infected with this virus on the 3rd of may. In the end he went home arly (like most people) and the admins sorted it out overnight.
These are computers which are automatically updated from a local mirror when an admin tells them to.
Sod educated users, lets have some educated admins.
Because I don't. I use Macintosh. However, I see the advantages of Windows, *nix, Mac, etc. Each has their own place. Take a look at the Linux notes on CERT (Just in one month alone, if you wish).
Insert offensive troll-style sig here. Please mod or respond appropriately.
Microsoft, Linux, Apple - all platforms need to have this drilled into their brains, coding, and documentation repeatedly with much force! Microsoft is a target because they have angered so many with their *business* activities and sloppy coding. How long before Linux joins them?
I am an avid Linux user - The only windows machines I have are for client applications that I can not run on Linux.
Most of us (yes, me included) when we scratch an itch, make it work for ourselves, not for the world in general. If we are to produce Secure, Stable and Safe programs, then we need to have a tool set that allows us to build them without thinking about it, or we need to all think about it with each app released into the wild. Asking Joe User to know enough to run a secure platform is like asking all people to be able to self serve everything in their own cars, appliances and bodies (i.e., no mechanics, repairmen or doctors needed).
'It aint gonna happen!' All of these are way to complex and most are changing faster than most people can keep up with. So, it needs to fall back on our shoulders (the developers) to make this happen. The question today (as in so many other days past) is what can we Linux developers learn from Microsoft's mud? What are the issues that are allowing these things to happen and how can we prevent them? I hope everyone has heard this before.
And, more importantly, how do we get qualified people to itch this scratch to completion? It seems to me that the world in general would benefit most from a programming tool set that built these solutions in, and that is not going to be an easy task. Microsoft is trying to address that with .net, and is still not on target (or anywhere close from what I have seen). Java tried to answer that, but it has fallen far short of what is needed.
I really do not have any answers to this. One of my bet friends has explained to me the complexities of building compiler systems and writing your own languages. Those complexities alone are big issues. I would love to read what other /.ers have to say on this issue.
InnerWeb
Freud might say that Intelligent Design is religion's ID.
The problem isn't with internet explorer. It's with a program called lsass.exe or the "Local Security Authority System Service".
p .h tm
It takes advantage of the open ports in Windows (as if microsoft didnt learn from NetBios).
In Windows 2000/XP/2003, Microsoft added the possibility to run SMB directly over TCP/IP, without the extra layer of NetBT. For this they use TCP port 445.
Check if port 445 is open on your system (you have to do a regedit hack to close it)
http://www.petri.co.il/what_is_port_445_in_w2kx
The above site has a detailed information on howto use regedit.exe to disable port 445 in Win2k/XP.
"Software is like sex: it's better when it's free."
At first linux's traction on the desktop was because "windows isn't stable". Then there came windows XP, where most instability is from third party drivers.
x .html
Then alot of linux's traction has been "windows is insecure". But when windows XP SP2 comes out, the worms will die away a bit, and it will only be social engineering attachment trojans in outlook.
Then what will linux's attraction be? A better the desktop right? Better browser etc. But when Longhorn finally comes, that might be gone too.
Linux, to my mind will always be better for myriad reasons, but it has to be alot better to make people change. And winXP stability, firewalls cutting the worms down, and a better GUI... will it be *that* much better to get people to change?
This makes the "linux on the desktop" window of opportunity quite finite.
I, for one, believe we can best microsoft on the home desktop but we need the corporate desktop for the following reason; hardware compatability.
"Why?" you ask, well I'll tell you. We need the corporate desktop for hardware support. OSX has a hardware rendered desktop, longhorn will have it too. No linux will be able to have a hardware rendered desktop without GPLed drivers. To get GPLed drivers for most graphics cards, we are going to need the slugging power of at least a 30% stake in business desktops. This makes Ximian/MS intergration type projects, mozilla/firefox/thunderbird and openoffice some of the most important battlegrounds you will see in the next few years. Once we have the hardware, we can take them - but don't fire until you see the whites of their CGI rendered eyes.
And here are some thoughts on that matter, my head's in the clouds for some of it - but we can dream right?;
Convince XGI to GPL Volari drivers. Standard tactic of an underdog is to use open-source to sling-shot ahead of the competition through features and performance. Directx9 is heavily shader based, but I prefer opengl myself and if you look at these performance statistics http://www.tomshardware.com/graphic/20031107/inde
the only thing a volari needs is GPLed drivers and a linux following.
GPLed Nvidia and ATI drivers might follow. Who knows.
The other thing is, put some weight behind an "opensource hardware" movement to get an openGL performance beast that can be manufactured and sold by anyone, as it is an open design. I think with DRM we are going to see the ground ripe for open source hardware configurations. And don't think electrical engineers won't be able to do what software engineers have done with linux.
Anyway, that's just some memes I wanted to spread around, AC because I don't care about authorship. Just mull them over, because we need all the ideas we can get for the battle to gain a foothold. I am not saying I want to destroy MS, I just want enough market share to be able to have hardware compat and make sure things like DRM don't make their way into hardware (or make sure there is an alternative). from minix to now we have only seen the end of the begining business and home desktops, DRM and the very nature of hardware await.
1) Enable ICF (Internet Connection Firewall) if using XP or Server 2003. This blocks all unsolicited incoming traffic.
u lletin /MS04-011.mspx
2) Block the following at the firewall:
* UDP ports 135, 137, 138, and 445, and TCP ports 135, 139, 445, and 593
* All unsolicited inbound traffic on ports greater than 1024
* Any other specifically configured RPC port
(Personal note here: I block *all* ports except 80, 443 (web), 25, 110 (mail).)
3) Enable advanced TCP/IP filtering to block all unsolicited inbound traffic. See Microsoft Knowledge Base Article 309798.
4) Block the affected ports by using IPSec on the affected systems.
(Personal note here: I run a couple of machines over VPN exclusively, and so only the VPN ports need to be open on the firewall for them. Any attack will have to come from within the VPN.)
These tips are straight from M$, see:
http://www.microsoft.com/technet/security/b
These people never heard of *FIREWALLS*?
Honestly, the IT department should be fired.
Sasser, unlike a virus which travels through e-mails and attachments, spreads directly from the internet.
Are you kidding me? By this definition, Sasser *IS* a virus, unlike everything else, which are Worms.
It seems that we've been living in the land of email worms for so long that most people don't know how to deal with a real virus. Yeah, that's what they do... they spread without your help. Geez!
Skiers and Riders -- http://www.snowjournal.com
And now compare the number of users using apache and mod_ssl against those using windows and the number of windows outbreaks there have been over that two year period.
Every time a MS vulnerability story comes out with a link to the patch or a removal tool or something of the sort, does everybody honestly still have to post "funny" or "insightful" comments with links to Linux distros? Honestly, I think everybody on /. knows where to get them, and there's no need for everybody to jump on the bandwagon and try to get points. Jeez.
Same thing with alright... should be all right.
I would also like to say that I love my Mac.
*Crosses fingers and hopes the virus crashes his work machine, so he can go home early.*
I'm in the hole of the broadband donut.
When my computer was infected last weekend I tried all the removal tools, manual removal instructions, and even sacrifices to the evil M$ gods. Did no good, spent yesterday reloading my computer... Oh well, I think of it as my computer telling me it was time for spring cleaning.
I blog, they blog, do you
Moral of the story: Keep aware of the Critical Updates.
That... or don't have unrestricted port access to your machine. Because of my efforts, no one in my extended family is permitted to plug their PC directly into their cable modem, all go through NAT routers because of the inherit security benefit of them.
I admit it, I don't keep up to date on windows updates, simply because my PC is several levels removed from the internet that a slew of cataclysmic events would have to occur for me to become infected with anything more then disk fragmentation.
Help Brendan pay off his student loans
it does make one wonder if there are people out there working on anti-spammer viruses and worms...
are such virus and worms even within the realm of the possible, or are spammers using systems that are by default impervious to cyber-attacks?
--Chag
I hate it when people keep posting this drek. Just because Linux doesn't have the market share does not explain why it has fewer viruses. Look at Apache and IIS. Apache outnumbers IIS but IIS is what viruses target.
I think you are being rude and inconsiderate with your concept of an educated user base. Get off your high horse. I am a MS "power user" and I would never consider giving up my password for chocolate. Furthermore, I feel that... Mmm, licorice? Administrator/IBL33t
Mac OS X, not OSX. It is not an acronym.
Not an acronym?
OS X = Operating System Ten
pretty much an acronym
I'm no Windows hater, but these exploits reinforce my opinion that no Windows machine should have a publicly accessible IP address.
We run Windows on our network here, but we have a Linux box with IP masquerading enabled connected to the Net, so the only exploits that could possibly work would be 'stupid enough to open the attachment' types, as you can't target any of our Windows PCs from the outside world, only our Linux box.
Sure, some of the ports Windows leaves open are useful for things you might do on a corporate LAN (Active Directory, RPC, and such) but these things are next to useless for the larger Internet. If they don't want to fix the holes before someone has exploited them, or code their systems properly, then Microsoft could at least make it so that Windows leaves NO generic ports open on public/WAN interfaces.
Why do WE have to have a cataclysmic event?
:)
I just like the idea of a cataclysmic event, that way we can get on with the cool Star Trek stuff
This doesn't mean anything. Remember, the share of ecucated users running a HTTP server is larger than the share of educated users running a Word processor or something.
toresbe
If port xxxxx-whatever is being hacked, why is that allowed to pass into the corporate intranet to begin with.
Then, you have machines that are weeks, if not months behind in patches...
This points to an IT issue, not an end use issue.
Poor programming by Sasser's creator makes infected machines shut down.
That should make the writers happy... that their ineptitude made global news.
I am not impressed with the foo of these cut-and-paste virus coders. There was a time when it was actually difficult to code one of these things, but come on... they are open-source now.
No-kung-foo-required.
Is this why the IRS computers were down yesterday? I had called them up regarding my return and they said all computers were down. Hmmmm...
Not only highly inaccurate (IE?), but also covered by Slashdot two days ago.
New Windows Worm on the Loose
Stupidest...story...ever...
I.O.U One Sig.
for those of us who are not that knowledge about these things, could someone explain what is the actual difference between a virus and a worm ?
Sasser is a WORM not a virus.
Worm - Independent program that replicates from machine to machine.
Virus - A program that can "infect" other programs by modifying them to include a, possibly evolved, copy of itself.
Not to the same extent, but certainly if someone is willing to tell you their password there's not much that can be done to secure their system. We won't see as many worms and viruses but I think that security, even in Windows, is at a point now that trojans are the easiest attack to have propogated.
The security focus of Linux is such that I would expect every effort to be made to make any attack less effective than it would be in Windows, but there's no defence against "Run me!" in an email where regular users are concerned.
Why is anything anything?
Good practice, btu I don't see that it would stop the spread of Sasser.
It starts at port 1068, and works it's way upwards. At somepoint, it'll probably find an open port that's not tied to another process. Unless you have it so locked down, that EVERY port above 1024 is blocked, or restricted in some way.
With the various chat and P2P clients out there, that's tough to do.
I'm not crazy,I'm actively irresponsible.
This image compares Microsoft and Apple's home pages recently. Note how Microsoft's webpage is dominated by security warnings, while Apple's is dominated by news about new features and products.
"Windows" is also Microsoft Windows XP Home. "Linux" is GNU/Linux. Do you say those two like that also?
My point was that the OP used the hardware name, not the OS name. So sit down, fucktard.
The built in WinXP firewall does NOT protect against the Sasser worm. I ghosted an XP box three times to confirm this-- not until after applying MS04-014 and/or using an alternative firewall (zB. ZoneAlarm) did I see protection from Sasser or its variants (if they exist... although I did see LSASS crash a few times without the presence of avserveX.exe on the system).
I don't know about you guys, but the SASSER worm turned an otherwise boring Sunday into wickedly exciting day! Thankyou worm-guy!
-s
My point exactly... What OS does IIS run on?
Insert offensive troll-style sig here. Please mod or respond appropriately.
You wish. That'd mean that people actually learn. They don't. Or let's say "we don't", though the things I "don't learn" are mostly not computer related.
Patching works wonders for all systems
MS allows open ports and worms to get through with out much probelms. There hasn't been a major *nix worm since 1988. MS gets one every 3-6 months.
i thought once I was found, but it was only a dream.
So many people continue to use computers without knowing the full risks associated with them.
/. but the fact is that most people don't give a shit about how computers work - they just want them to work like an appliance. That's why we have jobs.
You're mad. I know this is
An educated user base? Hah. AIDS is still spreading and you're worried about a computer virus?!?!?
"Never attribute to malice that which is adequately explained by stupidity." - Hanlon's Razor
One line blog. I hear that they're called Twitters now.
I was setting up a new machine. I turned it on, it set up XP. Before I could get the firewall installed, it was infected.
Luckily, we are all firewalled to the hilt so we haven't been hit anywhere else.
If you aren't part of the solution, there is good money to be made prolonging the problem
I think you don't understand the problem.
People giving away passwords are not a problem except for themselves.
Windows is a problem for everybody because a worm can exploit millions of machines automatically.
Yet another virus is causing problems with Internet Explorer
Does it have anything to do with Internet Explorer? Neither of the links provided mentioned anything at all about IE.
Wow, I'm witness to Slashdot jumping the shark. An article summary bore no resemblence to the actual article. This hasn't happened before.
Pick two out of three :-).
:).
Nearly all my systems are Linux based or updated with the latest patches from Redmond. But I have here one box running Windows 95, daily used for email and browsing, behind a firewall that's as locked down as possible. On the other hand, the last security update or virus definition download happened at least three years ago. And yes, the common sense topic also applies, because I've trained my wife (the main user of that box) from day one to mistrust any attachment.
So, this box, without being updated, has over the years always been virus free. And probably its chances are getting better by the day, because who is writing virusses for Win95, or IE4 or even WordPad....
Colleage of mine is already working a week to install XP on a new notebook. While connected to the net (only sw firewall, no hw router) to get the Windows Updates, she got hit already. Of course I told here she was stupid not to buy a firewall box first, but oh well, who listens to me
Conclusion: get that firewall and use common sense!!
Browsers shouldn't have a back button!! It's all about going forward...
Happens here all the time. The firewall only delays the infection. Usually a MBA type as they are all given laptops.
I've found that the best solution to the problem of Microsoft's constant and ever more serious security holes is simple:
Dual boot with Linux. Linux for the network; Windows for the games.
Just use Linux as your network-enabled OS, and Windows for everything else. Log off the internet or disconnect your DSL or broadband before you reboot into Windows, and you'll be fine.
It is really that simple - I just disconnect my network connection when I'm running Windows. Let's face reality here:
So the solution is simple: Linux is your network OS, and Windows is your "friends and family" OS.
The society for a thought-free internet welcomes you.
This was posted to a comment I made about an earlier article regarding port scans:
Re:Reduce Load (Score:0) by Anonymous Coward on Tuesday April 27, @09:42AM (#8983914) yeah, because connect() is such a bandwidth hog...
Here ya go buddy. Eat it!
dude, Macs is not an OS
:)
I think he meant "emacs"
To me the more dubious part of the Sasser worm is that it can lead to other backdoor processes being planted on a host PC. That's why some sources are stating that just running a removal tool and then patching is enough. The backdoor processes would still be present on the host PC. That means the best removal tool would be the old format command. Ouch.
Starting with Code Red and Slammer I would just bash Microsoft without regard to any other factors. But now I am seeing things a bit more objectively. After all, these recent exploits weren't created until after the security bulletins and patches were released to the public. And there was about a full two weeks for the public to patch their systems.
If Linux had as broad of a home user base I'm sure some published vulnerabilities and patches would result in much the same. Joe Six Pack, whether using Windows or Linux, would be slow to patch their systems. And that would lead to some rather uninventive script kiddies writing easy exploits working off of published POC examples.
Yeah, because they need to learn about firewalls in order to get their work done.
Do you know how to change your radiator fluid? Is that part of the drivers test?
No, because it's not necessary to know in a WELL BUILT system, car or OS.
Dicknose.
Actually, this is quite easy to remove...I talked my mother through it over the phone (and she doesn't know the difference between AOL and the internet). Sure, it took her 30 minutes to perform all three steps (boot to safe mode - 8 minutes, delete the exe's - 12 minutes, and remove the registy keys - 10 minutes), but it was actually quite simple. Most of the delay came from me trying to walk her tough the process over the phone wihtout having my machine set up identical to hers:
Me: Okay, press the button on the computer to turn it on and then press f8
Mom: Ess or Eff?
Me: Eff-Eight, the function key
Mom:Press F8 and hold it? Do I press F and hold it while I press the 8?
Me: No, F8 is a key at the top of the keyboard, near the center.
Mom. Oh. Okay, the starting windws screen is up, do I press F8 now?
Me: Yes
Mom: (long pause) It's coming up (pause) Okay, I have my normal picture on the screen.
Me: Oh. Okay, lets turn the computer off and try again.
[rinse, repeat, rinse, repeat, rinse, repeat]
It's sort of like talking your dog through doing open heart surgery over the telephone, with the only commands you can give being "sit", "speak", and "heel", and the only feedback is the dog barking.
At least now she's been forced to install a working antivirus program and the firewall software.
Is it just my observation, or are there way too many stupid people in the world?
OK, I'm completely baffled. My wife is a non-techie but cool-headed. She runs Win 98 SE and installs any critical Microsoft patches when the system prompts her that such updates are available.
o n survive a reboot?
I just checked the MS website and they say no patches are available for Windows 98 because it is not considered a "critical" problem and they only patch "critical" problems.
So presumably my wife will not even be informed of the problem.
Is there anything in particular that she ought to be doing?
The descriptions say that Windows 98 systems cannot be infected "but can spread the infection." How is this possible? How can a program that runs on a system and spreads an infection not be considered "an infection?" Does the infection-spreading-program-that's-not-an-infecti
"How to Do Nothing," kids activities, back in print!
History for Nerds. Stuff that mattered.
We had one machine left that missed the regular updates. Due to its horrible programming, the worm interferes with normal TCP/IP operation, which made updating afterwards difficult. Pulling up the task manager and killing the process it ran as (avserve.exe) then allowed me to get the machine to update windows and the anti-virus definitions normally.
//Information does not want to be free; it wants to breed.
For those that are interested the worm serverly affected the UK coastguard BBC
VIRUSES not VIRII you fucking retard.
Really? Who do you know that knows the FULL risks associated with using computers? Before this worm, I didn't know what port 445 was for - but I knew I had it blocked on my firewall. Maybe you are talking in a perfect world, but there is ZERO chance that all computer users will realize the full risk of using them. If they did, they wouldn't be using computers. I have been using computers since the early 80s, and I don't claim to know all the risks associated with using them.
I am not anti-computer-education, but what you are talking about is a pipe dream. For jebus sake, we still have people wiring their life savings to people in Nigeria, and guys buying penis enlargement pills.
My beliefs do not require that you agree with them.
...because even if OS X had Windows-level marketshare, worms and viruses would not be much of a problem. Why? Because OS X ships with 0 ports open, the root account is disabled by default, and even when you're running as an admin, you have to authenticate before any serious damage could be done.
The difference is Apple designed the security into OS X from day one, they didn't try to bolt it on later like Microsoft did with Windows.
But Linux can be patched in such a way that regular users can't do anything nasty to their systems. Perhaps that's the key: Limitations on the use of the system that require some level of skill to remove, therefore proving the intelligence of the user. Dumbasses get one that's totally tied down (for their own protection) while 1337 g33ks get powerful systems because they're not chocaholics.
I'm in the hole of the broadband donut.
Unfortunately, whenever I try patching my Windows box it brings it to a crawl. Literally hours before I can navigate to a point to uninstall it. MS has a KB on the problem with very sketchy details on a workaround.
It has gotten me to use my Mandrake box a little more....
What doesn't kill you only delays the inevitable
We had a TERRIBLE time with the Sasser worm at work today. When I went home afterward I decided to run the Windows Updates (that I almost never do) to patch my game machine at home. My XP-Pro machine on a cable-modem was running clean (I've been playing City of Heroes since Saturday) before the Windows Updates. Ran the patches. Rebooted. Hangs on reboot. Hangs on reboot again. Hangs on a third reboot. After an hour of percussion therapy I booted into Safe Mode w/ Networking and updated a newer Video driver. Rebooted. Works fine now. It's amazing to me that Microsoft's own updates can render a machine unbootable (to a desktop).
I'm wondering if there's any way people (the world?) could begin a Class-Action Lawsuit against Microsoft for lost time, mental anguish, etc. due to their crappy software! Everytime this stuff happens I'm reminded of the Bill Gates cameo in the South Park movie. The memory of that scene never fails to make me smile!
If enough machines get infected you won't have to worry about anything. The network will be flooded.
Seriously folks. Microsoft release the patch 21 days ago. If the worm came out before the patch I would be more critical but it didn't. Hopefully Microsoft decided to turn on automatic updates by default in service pack 2 for XP.
And let's face it; if your machine is not properly patched, it's probably already being used as a spam relay, so it's not the spammers who would want this.
In a corporate network environment, such as mine, a few weeks is barely enough time to get a patch onto every desktop. First a few days are spent testing it. Then it has to be pushed out to all of the users. Server patches often have to wait until weekends because they can't be down during the week. Then manual installs have to be done for all the "non-standard" setups.
Then there's the new computer I got yesterday with our standard corporate developer's build. Of course the build doesn't have the latest patches yet, so when I turn on the computer for the first time, immidately after logging in McAffee catches the virus. So then I have to hunt down the right patches from the right people and reboot repeatedly until I can log into the network without getting the virus.
So I lost all of yesterday fixing the problems on my two computers and my office is as up to date as possible with getting patches onto workstations. Machines go for weeks without new patches because it's impossible to distribute them when some break applications, and therefore require much testing.
I wrote a 70 page document explaining why we should switch from Windows to Linux. Management wouldn't even start to read it. This is what they get for their ignorance.
Developers: We can use your help.
It's funny how articles claim that the worm has caused all kinds of damages -- from banks to postal systems, to transit systems. The tone of the article seems to lay blame largely upon the worm itself. This is absolute horseshit. If users (and IT personnel) at these governments and places of business were responsible enough to do their jobs and ensure that computers were adequately patched, this problem never would have occured.
Furthermore, if personnel took a single iota of initiative by installing and maintaining a simple firewall -- these issues would have been far less widespread (although this can still be spread through a network via infected laptops brought in from a home network). The important thing here is that the creators of this worm, the IT groups who let this happen, and the individual broadband users affected really share blame for the spread of this worm. Let me use an example, if you live in a shitty neighborhood and you leave your door unlocked, you are partially responsible for some jerk breaking into your house -- sure, they broke the law, but you helped facilitate that.
OK, one more topic to rant over then I'll STFU. I see alot of Slashdotters blaming Microsoft for this problem -- saying that running Linux or xBSD would solve this problem. Bullshit, fanboys. I am a Linux/Free software advocate and that argument is absolute bullshit. Every once in a while, remote exploits are discovered for these Free products. Most of the time, patches for these apps are released right away -- faster than their commercial counterparts are able to react. The users will still need to be smart enough to apply the patch. Well, in this case, Microsoft's patch was available before an exploit was in the wild. The reason why this worm is so widely distributed is because the user base (and administrative base) is large enough that there is a large cross section of people who have no idea what they're doing.
If Windows went away tomorrow and Linux became the defacto standard, we would have the same issues. All of those MCSE's who allowed this to happen will become RHCE's who will still allow something like this to happen. That certification doesn't make them any smarter -- bad admins are bad admins. Clueless users are clueless users, regardless of the operating system they use. It's easy to blame Microsoft for this, because they have deep pockets, a huge market share, and shady business practices -- but all code has bugs. Microsoft did the right thing, their userbase just wasn't smart enough to do the right thing.
-Turkey
I used to work at a remote IBM shop years ago, you could tell the mainframe was down when you walked in the ofice and saw the people roaming the halls..
It was 4 states away, nothing we could do about it, but have chair races and hit the vending machines...
---- Booth was a patriot ----
You cite one of the primary reasons that I liked Win95. After 5 years of using it, I had been able to pare down the system processes to a minimum, no open holes, no pointless apps. It ran quite well.
I missed it until I found KDE.
Bob-
The Ludwig von Mises Institute. The reasoning individuals economics
I can't believe someone beat me to the Herman's Hermits joke.
Actually, there are several variants of this construction, and it depends on which dictionary you use.
"No one" as you suggest
"Noone" as the parent suggests
"No-one" is acceptable, too
Not to mention "noone" follows the same pattern as "nobody" or "anyone".
Get off yer high horse and learn about descriptive linguistics!
If most users would quit being so cheap and buy a firewall appliance like a linksys router, or (for the more savvy) build a Coyote linux box we wouldn't have half of these problems. I run Win2k, Solaris and SuSE linux. The linux box is the only one exposed to the net and hasn't been rooted/hijacked once in the three years it has been exposed. Running stuff like Zone Alarm is like giving a band aid to someone who has a big gaping wound.
"I bow to no man" - Riddick
this is going to be a long day.
Got this from my hotmail account talking about MS statement and Fix for the sasser worm:
.
/mfQ0d07KuQRm/UtxfmrU04yYpI04oEhf8UsQQkHCW0oHtO8ol NK8+yBw46knJ9S
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
-----BEGIN PGP SIGNED MESSAGE-----
Valued Microsoft Customer,
If you are still evaluating or testing the updates detailed in Microsoft Security Bulletin MS04-011, we strongly recommend that you expedite your review and deployment of these updates as soon as
possible. These updates will protect your systems from the Sasser worm and its variants. If your systems have become infected, we have made a tool available for download that will detect and remove
the Sasser worm and its variants. The tool is available at www.microsoft.com/sasser.
In addition, on Tuesday May 4th, the Security Business and Technology Unit and Product Support Services are hosting two technical Web casts to provide the latest details of the Sasser worm and answer your questions about deploying MS04-011 to help protect your network.
Please join us for one of the following Web casts by registering using the links below. The Web casts also will be available on demand at the same links.
Tuesday, May 4th, 9:00 am - 10:00 am PT
TechNet Webcast: Technical Update on the Sasser Worm http://go.microsoft.com/fwlink/?LinkId=28571
Tuesday, May 4th 6:00 pm - 7:00 pm PT
TechNet Webcast: Technical Update on the Sasser Worm http://go.microsoft.com/fwlink/?LinkId=28573
For the latest information on Sasser and the cleaner tool, please go to www.microsoft.com/sasser.
For technical details on Sasser and manual steps to remove, please to go http://www.microsoft.com/technet/security/alerts/s asser.mspx
Thank you,
Microsoft Corporation
*
Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations: http://www.microsoft.com/security/protect/
If you receive an e-mail that claims to be distributing a Microsoft security update, it is a hoax that may be distributing a virus. Microsoft does not distribute security updates via e-mail.
You can learn more about Microsoft's software distribution policies here: http://www.microsoft.com/technet/security/topics/p olicy/swdist.mspx
*
-
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
-
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3
iQEVAwUBQJbdKY0ZSRQxA/UrAQG0bwf/VTf/AHfcaBibA6OM +7 HXKDz8ko7HzLLK
v/zxibsj8tLcaxIZ5NX9db6tlj+o4A4f5f 3enYxD7fyxaRKXp0 pRFoDH9eJ6o+M/
Jk2jV6c0BF6xNljx0EwwLpbP5FBfIVSIsw CmPM0gMos7uW3vuq jw2nKWUAtBjAv0
GOi+3baxSq3KVLlylxDfHWvgs7jus7O+7e gFl5c+Dne28Do+AJ 5xdnHJkztXvtM+
PsELBl9mBkGziOnsFQD5e5VNttug0ufhbT xbX6plcx8hW+DBwM atFA==
=tV/F
-----END PGP SIGNATURE-----
*
You have received this e-mail bulletin because of your subscription to the Microsoft Product Security Notification Service. For more information on this service, please visit http://www.microsoft.com/technet/security/notify.a sp.
To verify the digital signature on this bulletin, please download our PGP key at ht
I heard about this new worm on the radio this morning before coming in to work. Actually my first thought was that's a bit early for the mainstream news channels to cotton on to a network threat, they are bound to have their underpants on their heads...still... ...I duly check the story and get the virus descriptions for Sasser, and I see that I am already protected. I use Microsoft XP Pro. I am on the network and I may have left my machine on over the weekend too. No Problem though, windows update has already taken care of my machine and I am patched.
They have been shipping auto-update for some while in their OS, you can check any machine from what, 98, onwards online at the website, the patch install is unobtrusive and intuitive. I think that in this respect (not necessarily others) MS has at least caught up with automating updates on systems and that their system is working very well. It's the computing public who need to understand that any OS should be regularily patched - this should be hammered home in computing 101.
I'm so tired of hearing that.
It's like someone nagging you, "well, I didn't get cancer because I go to the doctor for regular checkups. You only have yourself to blame."
STFU. How many people get regular doctor and dental checkups? Do you floss? How about eat right and exercise?
Malware authors just rely on this basic human inertia. Having said that, if you had to read the USDA inspection notices every time you bought a batch of hamburger, I'd hope we demand more of the hamburger meat processors, and not point fingers at the people who get sick.
Autoupdates and immediate patching aren't options for large corporate networks. Patches often break existing applications. Even after extensive testing some patches have caused more problems than they fixed. Windows Update sends enough information back to Microsoft for them to determine what's installed on our private network, so we block it from running.
It takes weeks to test a patch and push it out. Servers often can't be rebooted until weekends. Then there are users with special situations that require manual installs. It takes time to do hundreds of installs manually. It also takes time to get the patch onto the standard corporate "build" of Windows, so for a while new computers need the patch pushed out after logging into the network the first time, leaving a gaping hole for this virus to spread.
Developers: We can use your help.
It's NOT the end users fault here... Was it the end "drivers" fault that Ford has installed faulty Firestone tires on their vehicles?
Regardless of any arguments with this, it boils down to that everyone drives cars and computers alike. Both the huge car manufacturers and software makers alike issue recalls and patches for their product - however, the software makers are largelybullet proof to any legal action because of the EULA and likewise little or no class action lawsuits are brought against them - they are essentially NOT responsible as they should be. One argument to this is that computers cant kill people like cars can - well not directly but an organization relying on computers for communication that is down and can't get help to someone that is in danger, can certainly kill someone - hence the computers and software can kill INdirectly. Just look at 911, and the UK coast guard that has gone down to this crap.
But on average, Apache admins know more about maintaining a machine than the average Windows user.
Ive got a box that is co-located and unfortunately 4 hours away by car. The tech guys on site were gracious enough to patch my server and remove the worm, but couldn't get remote desktop up and running again. Looks like I'll be putting VNC on there to get in and try and figure it out myself. Any thoughts on what's more secure? RD or VNC???
No Body cares.
Finally, make sure they use apt-get or similar to automatically update their machine. This could be configured at install or afterwards as the user grows to know their machine. A default install might be to download all security patches and install with only a confirmation from the end user. A power install would just get the patches, but not install until instructed.
All those moments will be lost in time, like tears in rain.
OK this sasser worm can install istelf open a few ports, serve files as an FTP daemon, place itself where it pleases, and gobble up your network.
Other virus's do all sorts of nasty things, but they all seem to stop short of REALLY bad things. Search for files they can delete, look for a network drive and have their way, find interesting files and mail to random people, rename this or that to render the machine useless.....
To me this seems very strange. Is ther some kind of virus writers code that has some small bit of ethic? Is there some undergound society that meets the 3rd wednesday to discuss safe virus exploits? Does Microsoft create these things to get people to upgrade? Maybe McAfee and Norton are funding them and they just want a profitable year?
Now I am not asking for this kind of damage, but as my boss points out he has no reason to switch to anything more secure because nothing really bad happens.
Go on, lumpy, pull the other one.
What about people like my father, who avoid WindowsUpdate at all costs because of a memorable history of it breaking things? He's no techie. Far from it. He wants his computer to run and not do anything unexpected. He gets irritated if anything deeper than the wallpaper gets changed. Whenever I mention it might be a good idea to run WindowsUpdate he rolls his eyes and intimates again how effective THAT has been in the past. It always makes something go goofy or changes a trivial setting to something obnoxious that he doesn't know how to set right again. To him, WindowsUpdate is just a headache for little or no benefit. They've got McAffee Firewall and VirusShield--and I make sure he uses Mozilla/Firefox (which he loves). THOSE get updated. Updating Windows just breaks stuff.
Some earlier poster mentioned how it broke his video driver. Heck, I've tried to install *Word* on my Win98SE box only to find out the registry has been completely fucked and Windows needs to be reinstalled. It takes too long to reinstall UT200(3/4) again when that happens, so I just use OpenOffice.org.
In my experience, the following has always been true: The less Microsoft software you use, the less unpredictable your computing experience. When I can throw out the Microsoft OS completely--that's where the real fun begins. Slackware has been a JOY.
A tool that I use quite often seems to go ignored time and time again.
Trend Micro Damage Cleanup is a free after-the-fact cleanup tool that will fix just about any virus (As long as the pattern file is downloaded...) It scans drives, registry, etc. The only drawback is that it's quite large (The pattern file is ~8.5MB and the Scanner is ~1.6MB).
It blows Norton's one-fix-per-virus tools away, except from a portability standpoint. Also helps make sure you don't leave other viruses behind. (Did I run the Netsky.QZX removal tool, but not the Netsky.ZZB one?)
Yesterday it found 530 copies of Agobot (3 Variants) and Sasser.B on one person's PC.
PS: Tried fooling the script at windows update site by changing browser identification, but this only prevented the thank you message, didn't allowed to download the patch
That's because windows update installs via an ActiveX object. Only IE can run that. You probably downloaded the ActiveX object, but since it can't run without IE, it didn't download the update. If you need to download the update separately, check out the adminstrator section of windows update. MS provides all updates as a separate download that you can burn to a disk and install that way.
No matter how many of my rights are taken away, somehow I still don't feel safe. -Frigid Monkey
can be found here and here.
I double-checked that all XP laptops (no 2k here) are patched up and put up a memo regarding the dangers of taking machines home, especially unpatched. Even users can patch, it's the "I'll just click this update icon tomorrow" attitude that kills me.
The best way to a secure network is to implement user removal tool protocals. I found a tool I like to use. CLICK HERE
I think you've missed the point.
1: There ARE more web servers out there running Apache than anything else. So, why is it that there is an unbalanced proportion of these boxes remaining intact and and with 99% (sic) uptime than the Windows boxes?
2: Apache runs properly with fewer system resources, hardware and preventative maintenance than Windows. Set & forget, to a great extent.
3: One of the main reasons that many corporate/commercial servers are still running IIS is because of the ease of use in integrating MS SQL and specific data export services from what the desktop is running: Windows. If from your average net admin's perspective, they could easliy and definitively state to their bosses that they could run a given database server on Apache for X dollars instead of on MS for XXX dollars, they would do it. It is difficult for the admins on two fronts: a) persuading their employers that a free product could possibly outrun what the so called market leader has provided, and b) if something goes wrong, fewer heads will roll if they're using MS instead of a "free", "open-source" product that, in the eyes of their employers was a gamble to start with.
This will all change VERY soon.
It's all a mind game....
folks, get a Mac and you won't have all these problems. Never had a virus on my PowerBook, and I don't even have any virus software running.
My point wasn't that M$ has absolutely no guilt in the matter. You bring up a good point by comparing the issue to driving. BOTH parties are responsible for using the product correctly and safely.
The manufacturer should make every effort they can to ensure the product works 100% out of the box. If you know full well that your Ford Explorer has tires that blow up on impact, you should not sell the product with those tires. In the event that you did so accidentally, you should make the public very aware of the situation and attempt to rectify the problem. Now, Microsoft has done reasonably well on the second account (a patch was/is available) but not so much the first. I think that having something similar to a "recall notice" for Windows OS that is very public could be a step in the right direction.
However, it is also the job of the consumer to be educated in their use of the product. A Ford Explorer is perfectly capable of towing a boat, but Ford does not necessarily include the right tools to do so. It may have the hook thingy in the back of the body (pardon my lack of vocabulary) but if you try to tow the boat behind with a rubber band, it is not Ford's fault you were uneducated about that decision. In the same way, Windows is perfectly capable of being an OS that can be connected to a network to transfer data. But if you decide to do so with a DSL modem that has no firewall, that is not Microsoft's problem. In that regard, MS has made the attempt to educate their user base (link) , but it is up to the consumer to read and educate themselves at that point.
When this worm could have been stopped very easily with a properly configured (and inexpensive no less!) firewall, I find it hard to pin all the blame on MS.
Proudly supporting the Libertarian Party.
also, Mac OS X has had the 'automatic updates' turned on by default longer than windows has IIRC, and it's a lot easier to undersdand, e.g. Security-Update-4-17-04 vs. KB835732 or MS04-011.
however, this should also be a non-issue for end-users in any sort of office, because the admin should be running SUS and have group policy force update on all users
Everyone with a Windows machine should sign up for MS's monthly security e-mail or religiously check Windows Update on the second Tuesday of each month.
Now some IT guys may get off on knowing every frikkin' worm and virus and what stops them, but you know what REALLY stops them?
Good software in the first place.
Why does this make me mad? Because it is yet another goddam thing I have to worry about because someone is too goddam lazy to do QC PRIOR to the release of the software.
If you don't create the opportunity for virus writers, then you don't get viruses. Simple as that.
MS Windows is like the human body that has been overexposed to the sun, smoking cigerettes for its entire life, drinking constantly, and sleeps on two hours a day. Opportunity for illness? You bet!!!
IANAL, but I've seen actors play them on TV
NOBODY expects a worm infection! The secret ingredient to a relatively secure system is a decent firewall...a decent firewall and regular updates...regular updates and a decent firewall.... The two secret ingredients to a relatively secure system are a decent firewall and regular updates...and common sense.... The *three* secret ingredients to a relatively secure system are a decent firewall, regular updates, and common sense...and a reasonable degree of attention paid to security news websites.... The *four*...no... *Amongst* the ingredients.... Amongst the ingredients of a relatively secure system...are such elements as a decent firewall, regular updates.... I'll come in again.
Sorry Didn't mean to mod you redundant. I am taking it back by replying to it.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Yes. And over here, it is.
They don't expect me to be able to take a car apart and reconstruct it from scratch, but they sure as hell teach me the basics for safe driving, basic maintenance, basics repairs and when the hell to get a professional to look at stuff I shouldn't get involved with. Hence why I support licensed internet access. Fuck the retards like your parents who can't maintain a simple system.
Asshat.
How's this for a strategy? DON'T CONNECT THE ETHERNET CABLE until you're finished installing. Then go to network properties, turn on the firewall for your NIC (don't leave any open ports, even the ones you might need later open for now), connect the cable, download/install patches, open up the ports you need and only those you really need open on the firewall
If you're on of the users that are smart enough to know that you need a firewall...why the hell would you connect your computer to the 'net before that was setup?
I know this sounds harsh, but why don't the virus makers produce something that will *really* fuck people's boxes up rather than just annoy them. Like delete My Documents & screw the windows installation over.
Then M$ would start to have people really hating them, possibly enough to actually make someone, somewhere, with some power to actually take them to court or MAKE them change.
It's not good enough.
And you can download a free prevention tool right here
"And a voice was screaming: 'Holy Jesus! What are these goddamn animals?'" - HST
If my computer was a flower bed it would have the biggest and brightest flowers on the block. But instead I have to patch the OS time and time again. If it were a boat it would be nothing but overlapping patches; at least it would make a great anchor. Something's got to give. I can't have a system that keeps crashing, or waiting for patches which maybe worse than the disease, and then praying that the system works and that what ever it was didn't kill anything important. Sigh, :-(
No, if Linux were to ever get the marketshare Windows has it wouldn't have these problems. There are too many flavors of Linux out there not to mention dependancy hell would also prevent worm/virus writers to exploit holes on the same level that Windows gets it. If you look at some of the recent worms, they only hit Win2k and XP. NT4 often goes untouched because less people use it so the worm authors just ignore it.
'Same speed C but faster'
Okay, so I've got Zonealarm installed on my computer at home (sorry, I'm posting this from school), but sometimes I'm under the impression that ZA doesn't really cut it; as I've run avast! antivirus software on my computer at times and found viruses on my computer anyway.
t m
So after hearing about the Sasser worm, I want to really sit down and build myself a decent firewall. Google ended up bringing me this: http://homepages.wmich.edu/~mchugha/w2kfirewall.h
I'm kinda lost on exactly how that one works, could anyone give me a pointer on how exactly that works on win2k, if it is effective, and is it appropriate to use on a home system?
(I run win2k professional at home, with ZA and avast! for securing my comp. I abhor using win9x).
Any 411 is appreciated.
Try not to let life get in the way of living.
"The Internet is great, broadband is great, computers are great. But as long as people are willing to give up their passwords for chocolate and have no clue what a firewall is or what it does, this problem will continue to plague everyone.
Nothing beats a good educated user."
Except, maybe, a good chocolate bar.
--
www.nitemarecafe.com
First, I didn't choose Windows. I recommended Linux and/or BSD with a 70 page research document to back it up. Management ignored it. Second, I'm a developer, not an admin, so I have no say in the patching process.
As a developer I can tell you when patch goes out that breaks an existing corporate app, execs get furious at the developers. If I write application X then any time X doesn't work it's my fault. No matter what, the apps have to work. The multi-billion dollar corporation comes to a halt if the fundamental custom apps aren't working. A problem caused by a patch from Microsoft can't always be resolved by adjusting code in our apps. Management cares a lot less if we're rooted because at least business can continue.
Of course I think Microsoft should be sued for some of the problems we have. I don't think everything in the EULA will hold up in court in every state. But it's not my decision. And I also agree management has no one to blame but themselves for sticking with Microsoft. They get what they deserve. All I can do is write the best apps I can and get paid for it.
Developers: We can use your help.
That's fine and dandy, but in the real world, where people work, there are thousands of networked apps that run on Windows and Windows only. As the vast majority of customers/users use Windows, there is very little incentive for software vendors to port their apps to Linux.
"Would it kill you to put down the toilet seat?" -- Maya Angelou
It's bullshit and you know it. One of the April 13th patches funged IE, and within a week there was a follow-up patch, that still leaves you two more weeks to patch.
What else did it break? Nothing?
who actually LIKES windows, and just wants to nudge everyone who doesn't use it properly to just learn something once and for all and keep their machines reliable. As in, sometimes ya got to smack a mule in the head with a clue by four to get them to react. I mean, if you think about it, the virus/worm writers are gradually putting themselves out of business, even microsoft eventually will ship way more secure systems with a default install.
Frankly, I am liking the "live" versions of OSes more and more, the whole concept makes a lot of sense,besides being basically unhackable-you can't write to a burned cd or dvd- just write your permanent stuff to cheap removable media. Maybe in the future we will (I mean, joe home user/surfer) just have machines with no permanent harddrives, just banks of lotsa ram, live OSes, and various cheap storage media that is removable, hot swappable, etc. and use an offsite storage server for backups of what you really want to keep.
I imagine for not very much $ an entry level box today,for instance, just an inexpensive mid range power CPU,lose the HDDs, ship it with like 2-4 gigs of RAM, and just have firewire and usb ports, etc. Then people can do what they want to do with a live CD and like flash drives, cd/rw disks or whatever. Want to surf, slap in the surfin and chat and gimme some tunes cd. Want to be joe office and bean counter for the family finances or shopping, slap that one in,want play some games, slap them in, and etc.
Ever since last year, roadrunner has been blocking inbound ports 135, 136, 137, 138, 139, 445, 520, 593, and 1026 in most areas. They learned their lesson from the Blaster worm. WHy other ISP's haven't done the same thing amazes me. Unlike most of you, who deal with corporate networks, I have to deal with the public on this. I must of removed this worm from at least 40 PC's yesterday. Most of them users of Verizon DSL, or MSN. None of them who had Roadrunner were infected.
I got a laugh when our security team sent out an update to their vulnerability notice for Sasser (doesn't affect my servers, hehe).
"[We] have learned of issues loading the Windows 2000 patch in MS04-011 when complying with [vulnerability ID].... systems can stop responding, users cannot log on to Windows, or CPU usage for the system process approaches 100 percent after installation of the security update. Additionally, [we] have heard that some systems may require a complete rebuild once the patch causes system to crash."
And the kicker, "Systems Administrators are advised to proceed with caution when patching Windows 2000 systems." Um, how exactly does one do that, with one hand on the power cord, or click the install button very slowly? Does applying the patch warn you "About to hose your system, proceed?"
You speak the truth. However, as always, the car:computer analogy fits here. If you think about what you need to know to use a car, it's not very complicated. There is a core set of knowledge that you need:
1. Operational (How to turn it on/off, put it into gear, brake, accelerate, speed, re-fuel, etc...)
2. Navigational (How to get from point A to point B. Understand traffic flow and direction. Read signs and street lights, etc...)
That is the bare minimum you need to drive a car. Many people these days seem to just barely know (or care) about any of that. In addition there is extended knowledge:
1. Maintenance (Get your oil and filters checked/changed. Tune-ups. Fluid checks. Cleaning.)
2. Enhancement (Learn more about your engine to get it performing to the best of it's abilities. Understanding the interaction between your car's tires, the road and aerodynamics to get the most out of your car)
3. Interior/Exterior Decor ("Trick Out" your car and add high performance with stickers, spoilers, tailfins and fartcans. Make sure your stereo can tip off Richter scales for miles around, etc...)
Very few people ever get to that level of knowledge. There really isn't any real reason for "Joe Average" to get there. But as far as the core knowledge goes, would you want someone out on the road who can't read directional signs, doesn't understand the concept of direction (N, E, S, W) or speed limits? Trust me, I see people on the road every day who appear to be lacking these basic skill sets and they are largely responsible for the accidents we see regularly.
Apply this to computers, and you can see that we are, indeed, in a sorry state by comparison. Again, there is a core skill set that a computer user SHOULD have to be fairly competent. But it's much more complex than what is required for driving a car:
1. File System - An understanding of how files are organized in an OS is very important at this point. It's a LOT like knowing how to read a map and get from point A to point B. Sadly, most users DO NOT have this skill set. In the interest of being "user friendly", applications like MS Office have attempted to abstract where files actually are located. This harms the user because if MS decides to change the location in a new version of the OS or program (My Documents has moved from where it was in NT 4.0 compared to Win2K and WinXP for example) then the user may think their documents are "gone". Tools like "Find Files" aren't any better at helping either because the user will ignore the path and just double click the file to have it open in Word. Or worse, there will be a "shortcut" in the "Recently Used" section of the Start Menu. I ask you, would you set up a physical filing cabinet this way with post-it notes in folders saying "This file is in Cabinet 35, Drawer B, Divider 2, Folder 12"? Shortucts (and sometimes symbolic links in Unix) are a BAD IDEA.
2. File Types - One of the worst things about most OSes (Macintosh pre and post OS X excepted) is the non-existence of standard file types. Part of this is due to the fact that file types and data types are a moving target. HTML files didn't exist in 1984, so a Macintosh from back then wouldnot have had a built in association with an application that could read them. In the Windows world, the association between application and file was (and can still be) manual procedure that will perplex most users. Considering how much data and file types come and go and change, I am still wondering why there is no DNS type of system for file types that any OS worth it's salt would hold to. Imagine... a central DNS like repository that holds a database that an OS queries: "I have a file with the following type: x-application-doc. What applications should I use?" The server responds to the OS: "mswin-winword.exe, mswin-soffice.exe -writer, generic-unix-soffice, linux-kword, multiosapp-abiword". Then the l
Who is Twirlip of the Mists?
Just another day for me as sysadmin for all Mac office. Ho hum, wonder what's on the net today? What is Dibert up to? Wonder what's on Slashdot?
If this tool doesn't scan the Windows Registry, then it's worthless. Instead I am using the Sophos removal tool, http://www.sophos.com/support/disinfection/sasser. html. It has found and successfully disinfected/removed the worm from the infected machines on my network. It checks in all known locations for the virus, including the registry. This is critical, as the worm does make its way into the registry in most instances. You also have the option of scanning your entire machine with this tool if you're overly cautious.
I'm glad you are too busy to patch your Windows box, yet can complain about how little time you have on Slashdot.
You sure must be one valued employee. I'm glad to see you have your time management skills so under control.
You are probably one of those guys that doesn't have enough time to patch his kernel, or even bother patching any of his beloved "free" applications. How's WUFTP doing?
Unlikely. There may be -new- security problems if Linux, *BSD and Mac OS take over the majority of desktops on Earth, but they won't be the same.
I'd bet long odds there won't be as many, either.
Well I'm the 'Mac Guy' where I work, so I spend a lot of time 'helping' the windows folks patch and update. Anyhoo, today I helped patch some VIPs, explaining that if they had Macs they'd be a lot more safe from such attacks.
The great thing is that I did some SIMPLE research yesterday and had the network guy disable all traffic on ports 5554 and 9996, both useless ports to us. Well now the worm is locked down to whatever subnet it gets in on, it can't propagate. We've had zero confirmed infections internally, except one subnet where someone brought a laptop and hosed two other machines.
It's easy to stop this stuff if you're heavily subnetted and can block ports at the switches.
I think I'm going to ask for more pay, if I can stop windows infections from my desk and I'm the 'Mac Guy' I should be asking for a fatter check.
"Sometimes, I think Trent just needs a cup of hot chocolate and a blankie." -Tori Amos on Nine Inch Nails
Well, yes. The worm is what's doing the damage.
If you fail to lock your car door as you mention, you'd likely be pissed off at yourself when you realize it's been stolen. But if you get in and out of your car thousands of times each year, you're bound to forget to lock it once or twice. Or perhaps you're in a hurry to get into the bank before it closes, or you only left the car for a second while you jumped into 7-Eleven for a soda.
There are people who generally know what they're doing, but sometimes are unable to apply patches as soon as they come out. There are workplace issues of all sorts that get in the way of good system administration, even when the best intentions are present.
Finally, let's get clear on who really is to blame here. People who write malicious code that is designed to spread across the Net and disrupt other people's lives are fucking assholes. It's that simple. You can place the blame on their victims all you want, but when someone steals my car, regardless of whether I left the car door unlocked or not, I'm going to want their head on a stake.
Read the EFF's Fair Use FAQ
Does anyone else but me lose faith in an organization (McAfee) which makes use of an advertising window which places itself off-screen? Aren't these guys supposed to be helping the user to prevent cheap tricks that result in compromised machines?
http://us.mcafee.com/root/ExitCampaign.asp?Clie
+++ATHZ 99:5:80
If a business critical application is broken, you might as well be r00ted.
Boss: "Why is everyone sitting around?"
Me: "Well, the patch broke an important application, so no work can get done, but at least our documents are safe!"
Boss: "Great! Have some more stock options!"
~~~
Click here, you know you wanna!
Okay, I just finished reading most of the posts regarding RedHat's return to the desktop and this post just f@#$'n kills me.
MS spurts and spouts about ROI and "real" costs yet nobody seems to be able to add up the real dollar impact of these almost daily security issues and breaches that are bring businesses to a screeching halt!
Its almost like the current US administration. You know... if we say it often and loud enough they're bound to start believing us...unfortunately I think up until now MS has been successful at convincing most that its security woes are the falt of script kiddies, terrorists and the like and is probably reassuring the big ones that once their "Trusted Computing" solutions are implemented all will be right in the "free" world again.
If Linux has a real chance it will be in the next 2 or so years so the "community" better get its ass in gear and start making a demonstrated effort to capture the hearts and minds of the desktop users who were one of the biggest reasons Windows 3.0 was adopted by the business mainstream... remember!
All of those worms that carry payload that makes zombies? Do you consider an open entry to your network "nothing really bad"? Dont forget all the work associated with removing the viruses either cause you dont leave them there do you?
Just because noone has done anything malignant yet is no assurance that it wont happen. Imagine an Al Queda hacker releasing a worm? Do you think that worm wont do anything bad?
Think before you speak.
HTTP/1.1 400
>>Educated users are key, but because Microsoft has the largest market share, they also get the largest number of uneducated users. What will happen if Linux eventually completely replaces MS products on the desktop? Will they have the same security problems?
No, because uneducated users will never figure out how to get a network connection.
The author of this post asserts his moral rights.
Personally, I have no trouble dealing with worms proliferating through ports other than those I can control myself (which include HTTP and E-Mail), such as Blaster.Worm and Sasser.Worm, thanks to my ZoneLabs ZoneAlarm firewall, which allows me to protect my computer from intruding -- and protruding -- dangers, easily yet with control. I always recommend this firewall to users of personal computers because I have yet to find a free firewall which protects well yet works so simply. I have read some messages in which it is said that turning on the Windows XP firewall will suffice to protect users against such worms. I must protest against this, as I have a small anecdote of my own.
After having reformatted my computer, I thought it would be safe to activate Windows XP's firewall as an intermediate protection against such threats until I had ZoneAlarm installed. I connected to the Internet, and in less than a minute had Norton Antivirus, which I had updated beforehand, warning me that Welchia.Worm had been able to access my system -- remember Welchia is based on Blaster and uses the same UDP ports to proliferate -- yet the Windows XP firewall was activated. I could say I was somewhat surprised, but then perhaps I wasn't all that much; after all, it is Microsoft software. I do not know if the same situation could apply to Sasser, since it does proliferate through a more commonly used port, but I must still say I have some trouble recommending the Windows XP firewall, even as an intermediate one.
"Really, I'm not out to destroy Microsoft. That will just be a completely unintentional side effect" -- Linus Torval
Plymouth University ALL computers down 4th May:
http://www.plym.ac.uk/
Devon Coastguard also reporting trouble.
A blog I run for the wealth
See Google thread here for further info, and possible fix.
My biggest hassle is not distributing the patches, it is the fact that they do not become effective until the machine is rebooted. Some people leave their machines on for weeks at a time without rebooting, and until they do so their machine is vulnerable.
Try to force a reboot, then sit back and listen to the whining about "lost an all night experiment" or similar. I am a somewhat a BOFH and would like not to give users a choice, but management wants a softly, softly approach.
So Microsoft, to try and keep both of us happy how about getting patches to at least hook (intercept) the vulnerable system call at install time, acting as a shim to filter out exploits, even if it means slowing the machine down slighty. Then at next reboot time install and activate the fully patched replacement DLL.
we collect data from clinical trials, and we do so in a validated manner as we're inspectable by the FDA. i'd rather disconnect our LAN from the WAN and work with reduced functionality than just patch the servers willy nilly and break our validation. we can't apply *anything* without formally testing it as it could potentially affect data. it's fine if you're just doing bogstandard file'n'print, but for other stuff you can't just go installing patches that may or may not impact production systems.
I tried to do a story about this for our school's student-run newspaper. It was going to be a piece about worms and viruses going around on our (large Big Ten school) campus computers... so I asked the person in charge of the network a few questions regarding the cost in managing and cleaning up the problems... among other things. He ended up believing that I'm a security threat and reported me to the DHS.
All I really want to do is figure out why our eMail is notoriously unreliable and filled with viruses... plus why so many ISPs filter mail from our TLD.
I still want to do the story but I'm not sure how anymore. Anonymous for paranoia reasons.
At the time of posting this comment Microsoft is Slashdotted. Behold the power of Slashdot!
MS04-011:
Server Application Unavailable
The web application you are attempting to access on this web server is currently unavailable. Please hit the "Refresh" button in your web browser to retry your request.
Administrator Note: An error message detailing the cause of this specific request failure can be found in the application event log of the web server. Please review this log entry to discover what caused this error to occur.
An upgrade would give my 80 year old dad a heart attack
It was bad enough upgrading netscape to mozilla and changing his lame dial up provider to a baby bell provider that outsources customer support to India. He can't understand a word they say.
Maybe I need to look in my archives for a FVWM95 window manager... make it look like win98, put a good distro with wine and ms-office on the system and do all this while he is out of town.....
Hmm... he is out of town for a few weeks ... I wonder if he would notice? Maybe I will just make a Knoppix variant to do the same thing! I would not even need to touch his install and I doubt he would notice the CD boot...
unlike a virus which travels through e-mails and attachments, spreads directly from the internet.
I hate to nit-pick, but Email I think is classified under "the internet". Does he mean via http?
one way, executable bits for the stack and heap:
1 /04/55560.aspx 3 453&mode=flat
http://weblogs.asp.net/oldnewthing/archive/2003/1
http://www.deadly.org/article.php3?sid=2002082601
Then there's the new computer I got yesterday with our standard corporate developer's build. Of course the build doesn't have the latest patches yet, so when I turn on the computer for the first time, immidately after logging in McAffee catches the virus. So then I have to hunt down the right patches from the right people and reboot repeatedly until I can log into the network without getting the virus.
Hate to say this, but if the virus is wondering around your network actively probing, then something's wrong and needs fixing. You need to get the virus off your network. Its a nuisance if it comes in, and patching all internal machines can only help stop it spreading, but your boundary defences should be effective. Your internal network should be a safe place. You should only need to defend against attacks internally as a precaution, (unless you're something like a university, can't trust them students!)
Sasser, unlike a virus which travels through e-mails and attachments, spreads directly from the internet.
For shame. Try this instead:
Sasser, unlike a virus that travels through e-mails and attachments, spreads directly from the internet.
See, now doesn't that make sense? The sad thing is that I only know to look for those because MSWord's grammar check complains about them all the time.
Direct away from face when opening.
his is absolute horseshit. If users (and IT personnel) at these governments and places of business were responsible enough to do their jobs and ensure that computers were adequately patched, this problem never would have occured.
Your horseshit. Why should software be the only consumer or business product where the customer is totally at fault for the products flaws? To cut to the chase, if you are running a server, yes you are resonsible for staying on top of things. But there is no excuse for a modern desktop operating system not to be secure out of the box. After enough RedHat boxes got hacked into because wuftpd ("proudly providing remote root since 1994") was installed by default, linux distro makers learned not to leave services running all over the place. That Microsoft hasn't learned this lesson, stopped sharing drives by default, and have a firewall turned on out of the box is inexcusable. This outbreak is Microsoft's fault, not consumers.
I see alot of Slashdotters blaming Microsoft for this problem -- saying that running Linux or xBSD would solve this problem. Bullshit, fanboys. I am a Linux/Free software advocate and that argument is absolute bullshit.
No, its not bullshit. There are four reasons why Microsoft has so many problems with worms and viruses:
- sloppy coding
- poor privledge seperation
- too many services and ports open by default
- thoughtless integration and auto-execution (i.e. legion of Outlook exploits)
Now, while Linux, BSD and OS X may also suffer from sloppy coding, none of the other issues apply to them. So it wouldn't matter if Apple or Linux had 100% marketshare, they wouldn't have but a tiny percentage of the problems that Microsoft does with Windows."Firewalling all client workstations is pretty new..."
I don't understand all the problems with this. I thought it was absolutely standard, since January 2000 when ZoneAlarm was first released, to run 3rd-party software firewalls on every Windows computer.
No offense, but was the poster actually reading what he wrote?
The REAL problem is the editor not reading it!
1) Several groups were relying on SUS in order to get those patched distributed. If you go into SUS, the patches were 'approved' on one screen, not on the other. I wasn't alone in seeing this. Suffice to say, I was also a bit shocked when it started to blow through and none of my machines were protected.
2) When it installs (sasser.d) it writes itself to 'System Volume Information' - allowing it to not get caught by NAI's on demand scanner, and re-infect the box if you don't do a C drive scan manually.
--pete
My, isn't that a pretty hat??
Just out of curiosity. How long does it take on average to test and deploy patches on corporate computers and servers, assuming that the patches don't break apps?
We have a policy that if the windows computers are going down, and people in that department are taking a paid break while the windows techs are fixing stuff, then all the Mac users get to take a break too. It happened just often enough for it to come up at a meeting.
'Course in practice we rarely have time in out production schedule to take advantage of it, but at least no one can complain that we're slackin'.
spread fast for the first few hours or days, until it saturated the vulnerable population, then cut way back on network traffic and hide.
not crash machines or trash all their files - instead, it would slowly and subtly modify user data files (see here for a few suggestions).
Imagine what would happen to modern business if they discovered that they couldn't trust any document that had ever touched a Windows machine... the world's economy would grind to a halt. Not even Microsoft has enough money to pay damages for an event like that, though the combined law firms of the world would try to get it from them.
To a Lisp hacker, XML is S-expressions in drag.
I believe you can prevent infection on Windows XP by disabling the 'Server' service under Start->Run->services.msc
It doesn't come from emails, it goes through the INTERNET! Oh, maybe they meant "intarweb".
Why? To ensure a continuous source of Sasser to all those winboxen, duh! Why should being off make you invulnerable? Worms ho! heh
I've been cleaning the virus off people machines over the phone using MS own instuctions here but then going to the manual removell instructions as people couldn't connect to the internet. I have noticed a lot of the computers have avserve.exe and avserve2.exe on them, but I've trouble over the phone finding *_up.exe and running the search was being incrediblely slow, ended up just going the folder and then choosing to view the contents.
How is this virus being installed on a computer? It's not a d/l'd attachment style. If you don't have to d/l anythin' why is it a problem?
All the tech info I've read has said what it does, but unless I'm missing something, there isn't anythin' on how they get the virus on ur machine.
Can someone break down what's happening to those who are getting infected?
No sig for you!!
That's how come.
"Reality is that which, when you stop believing in it, it doesn't go away." - Philip K. Dick
http://www.mind.net/stinger -> Much easier to type..
You are surely misinformed. This particular bug requires no and I mean NO user interaction (except switching the computer on)!!! The computer only has to be connected to the internet or a LAN connected to the net.
I think that you mean to say we need a large body of educated sysadmins who know how to apply patches (and then more and more and more patches)!
Even then, suppose a sharp sysadmin has just done a fresh install of Windows 2000 or XP. How does he get the patch? Not by connecting to the net!!! The computer may be infected in seconds.
But wait a minute, if the sysadmins were really first rate, they wouldn't be running anything by Microsoft, at least not while connected to the net!
And we all know that nobody should be an "early adopter" of anything Microsoft. The horror of this bug is that anybody running Windows 2000 should be considered an "early adopter".
I, with my trusty copy of Win 98SE, just happen to be unaffected by this bug! I guess that it follows that the time scale defining "early adopyers" has been stretched out to about a decade in the case of Microsoft!!!
you're right, I was meaning to say that, but I forgot. *shrug*
"two years ago..."
Holy cow, in the case of Microsoft, there was a bug about last week, or was it the day before yesterday, or was there more than one bug during that time?! Or, let me say it by asking a rhetorical question, "Which Microsoft bug were you referring to?".
Microsoft is so busy stomping out grass fires that "two years ago" must seem like a century to them
and probably fixed if you're willing to patch. And no, Linux isn't inherently secure, it's inherently _more_ secure (than Windows anyway). Not running as root helps. Not having you're web browser integrated into the shell does too (and by shell, we're talkin' plain X windows). Having programmers who make decisions to patch that aren't based on what it'll cost to do support is nice. And going back to integration, it's nice that if a patch does hose a program, it doesn't usually take my whole system with it.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Yes, though one must consider the impact of that process on other systems. Linux requires much less time to keep secure than Windows; basically, Linux requires patching every year or so, where Windows requires a patch every month. Worse, since so many of the security exploits affected required components of the OS such as IE, I seldom have the option of turning off or uninstalling insecure software. The wuftpd and SSH vulnerabilities that anti-Linux zealots love to trump up didn't affect me at all, because I don't use either, and hence, don't have to download patches.
assume you still look both ways before crossing the street
That was a bad analogy to prove your point, really. Yes, I look both ways before crossing the street, but in the case of Windows, its more akin to being thrown into expressway traffic and having to dodge cars. Windows simply doesn't allow you to see oncoming security problems because you can't inspect the code; their "hide everything from the user" mentality makes it difficult to find potential security flaws before they are exploited. The security flaws discovered in Linux were often discovered at the source code level before an exploit was discovered; but with Windows, almost every security patch is the result of someone's server getting exploited and Microsoft trying to figure out what happened. The fundamental difference is that Linux takes a proactive stance, fixing security problems before they cause problems. Windows OTOH mandates a completely reactive stance - you must wait on Redmond to issue a fix, and Redmond doesn't know about it until someone's box gets owned.
To do a bad paraphrase of Clint Eastwood:
"I know what you're thinkin': 'I just patched my windows boxen, I must really be secure.' Well just ask yourself one question: 'Do I feel lucky?' Well.... Do ya, punk?"
Do you feel lucky? Are you betting the next Windows exploit will infect someone else's machine before it gets to yours? Are you betting that Microsoft will be able to acknowledge the problem and find a workaround before your server gets hit?
Yeah, so Windows has patches. But how am I supposed to download said patch, when connecting to the internet to do so exposes me to the very same infection I'm trying to prevent?
What it really comes down to is that Linux simply takes less time to keep secure than Windows. Yes, I suppose their are exploits for Linux yet undiscovered. But, it is far more likely that there are far more undiscovered security holes in Windows than in Linux.
The society for a thought-free internet welcomes you.
I also work with clinical trials and the FDA breathing down my neck. My office is all running Macs. Intentionally. We knew that the small functionality loss from "going Mac" would be much much less than the horrific security problems unleashed on the Windows World.
"One touch of Darwin makes the whole world kin." George Bernard Shaw
...plus the fact that Mac OS X is based on open source Uni* which has had probably 99% of it's security issues fixed in the 20+ years that it has existed.
I would mod you -1 Apple-Zealot-Dip$hit.
I'm watching the response from people here and now having read the article I find it kind of interesting.
The *most* critical systems are the ones most hard hit by this worm. The reason they are so hard hit is *because* they are critical. Admins are reluctant to break these systems by installing broken patches without due diligence of testing.
If the testing takes longer to complete than the worm takes to propagate, then we have a problem.
I think this is as good, if not a better, argument against Windows as I've ever seen. Their security is crap and the systems we've put in place to patch over their holes are biting us in the ass as badly as if we'd never tried to fix it at all.
I just found out there's no such thing as the real world. It's just a lie you've got to rise above. - John Mayer
Of course I think Microsoft should be sued for some of the problems we have. I don't think everything in the EULA will hold up in court in every state. But it's not my decision.
Okay. How about those people who don't even run Windows and therefore have no part in the EULA? Their networks are being ground to a halt because of flaws in Microsoft software and their patching process, as infected machines attack them.
Analogy: car company X builds cars with defective brakes. You didn't buy that car. Your wife and children are driving home from shopping and someone driving X's car runs through a red light because he can't stop, and plows into the side of your wife and kids. Now, not that I'm overly litigious, but there's a time and place for companies to be held responsible for the damage caused by their poor products and designs.
Who do you sue? The guy driving the car with defective brakes, or the company that has a pattern of time and time again making defective products?
Fire and Meat. Yummy.
I'm glad you went into more detail. I like the idea of port-scanning on login.
It seems to me that software firewalls on each machine should also be a matter of often-repeated company policy. I know managers who will not tolerate ignorance of computer use rules. People adjust. Most people are safe drivers, and learning to drive is much more complicated than learning to use a computer safely.
I agree that we need a more educated user base, particularly when it comes to security concerns but at the same time computer software vendors need to work on writing better code, and they need to keep security in mind when writing the code.
Luckily for me SUS checks and forces out the patches for MS every night (those that are turned off get the patches forced when the log on to the domain) so Sasser wasn't a problem.
A. Non-IT employee who fancies himself a PC guy brings his PC in to work on the night shift
B. Unplugs his work PC connection
C. Plugs in his home PC to download something from the fast company net connection
D. Infects lan from inside
E. Takes PC home and no one but him knew it was there.
I wonder where these other people work where employees important enough to have laptops can be PC-Nazi'ed around. Where I work the people with laptops tell me how things are. And the guys who bring PCs in for movies and LAN games are buddies with everyone including security so I almost never find out.
All that said, I had one infection on a laptop in 100 PCs under me, and 4 that were rebooting but didn't actually have the virus running or on the HDD because the virus scanner prevented it from saving to disk. The laptop guy was off the network before Sasser released and was hit before his scanner auto-updated. And he's the head honcho.
I forgot to mention my LAN is part of a worldwide WAN and we're getting attacks from other parts of the intranet. So I don't know if the local head honcho caught Sasser at work or at home over the weekend.
hmm. We don't love MS at my POE but we are all bright enough to update our systems and as a result have had no problems. You may try NOT announcing that you and your company slack on updates and security.
If you don't believe me, Google around for articles about patches breaking machines versus articles about viruses breaking machines. I think you'll see that some of the latest viruses and worms hit in the many millions, whereas the problems experienced from patches hit in the many thousands or are not completely debilitating.
Great! You can explain that to my boss when 500 out of the 600 users in my organization are unable to work because a Microsoft patch broke one of our servers and everything has to be reinstalled from scratch and incrememental backups, only to be hit 5 minutes later by the very worm we'd applied the patch against!
Recovery from that - conservatively, a day. Conservatively. Now, these 500 people are out of work for a day, but they're salaried... lawyers, Judges, court reporters, clerks. The average salary is probably $75,000 in this organization. That's about $300 per day per employee, or $150,000 in damages. Never mind the fact that we have to run on set schedules or else other bad things happen. I can't take that risk, even if it's 1 in 100, before I click on that little Windows Update icon.
Theoretically, of course, the patch shouldn't do anything but fix the poor bounds checking in some DLL or something - just replace the DLL with a corrected binary. But if you've ever applied a patch, you *know* they play with all sorts of other things. We run Novell, and I've used Snapshot on PCs before and after applying what should be very simple patches, only to find dozens of files and unrelated registry keys have been changed. Microsoft clearly does other stuff in patches - quiet fixes of other problems which haven't been publicized, adding DRM software, I don't know but you can only guess at their motives - and how long until one of those breaks one of my production server?
No, man. I need to be able to look at a patch and know exactly what it does, so that I can tell in advance if it's going to break something. I need the diffs between the patch and the original source so that if it does break something, my developers can immediately know what changed and how to work around it. I need to be able to apply them individually without requiring a reboot of the server, just a restart of the daemon (ahem... service) in question.
And I ain't gonna get any of that from Microsoft. But, unfortunately - and it wasn't my decision - this server is running Windows 2000 Server, and the best thing I can do is hope that there's no e-mail borne version of the worm to get it into my LAN.
Fire and Meat. Yummy.
Why does anyone anywhere still use it? And why do grossly incompetent web designers still make sites that only work properly in IE? (Likely they are the same bunch of no-hopers who also use small fixed-size fonts so those of us with high-res screens and IE can't read the text.... Funnily enough, Mozilla has a text zoom for such situations, IE only zooms non-fixed text! No doubt they also use feeble tools like Frontpage.)
We have, very predictably, been hit very badly today at work, the IT Dept are blissfully unaware of the issues which reliance on the combination of trash products of the Convicted Monopolist, and the unreliable anti-virus protection of McAFraud can cause. Cost of cleanup today, maybe 5000. Cost of issuing everyone with Mozilla and IEradicator, zero. But will they do it?
Think of the amount that would be saved if governments passed laws forbidding the use of IE or Lookout, or if shareholders held company directors responsible for the losses due to their incompetence in allowing use of such junk.
Windows Update is the friendly auto-patcher. AFAIK you can't download patches from there for later use. But the patches are available seperately; I used Firefox to download one of the patches I was missing. (The rest I FTP'd from a coworker who downloaded most of the patches.)
t hings-go-bad. They even have some handy downloads for detection, treatment and patching.
Here is the place to download the MS04-11 patches to prevent the Sasser worm, although for the moment that URL seems hosed. Google cache here.
Sasser detection and treatment info from Microsoft.
http://www.microsoft.com/security/MS security home.
I love to bash Microsoft, but if you'll look carefully there's usually a way around the candy-coated-user-friendly-tools-that-break-when-
Let your employees run autoupdates and if one of them does break your machines, roll it back. Servers are a special case, because if you lose the TCP stack on your mail server it's much worse than if Ted from Marketing loses his.
Most corporate desktops are imaged from a standard install. They're clones of each other.
Therefore, if a patch breaks one of the desktops, it breaks them all. And pretty soon, I have 600 employees who can't work because all their computers are down.
All of which will remain down until either we massively roll-back the update (probably requires re-imaging each and every machine) or figure out a way to remotely deploy a fix for whatever the patch broke. Either way, 600 users are down for at least a day. Average salary in my organzation is $75,000 a year which translates to a daily loss of $180,000 - just in salaries.
That's the sort of scenario which results in getting fired.
Fire and Meat. Yummy.
Talk about throwing out the baby with the bathwater.
F X=0:1:9999 F D=2:1 Q:((X>2)&(X#D=0)!((D>X/2)&(X'=1))) I D>(X/2) W:$X>75 ! W X,?$X+5-$l(X) Q
Assuming that all 29 variants of Netsky and at least some of these Sasser variants are written by the same people, why haven't we caught them yet? If someone robs a bank, maybe you don't catch them. But >30 banks, and perhaps your law enforcement folks need some help. Is the FBI really working on this?
So the solution is pretty apparent and pretty simple: find one clever, relatively inconsential guy somewhere in the company. Give him and him alone the patch on day 0. Let him use his machine as normal...if he discovers a problem, you saved your $180,000. If he doesn't, you can roll it out to the others feeling secure.
My point is, there is absolutely no reason why you should have to test the patch yourself. And if you're waiting days, or weeks, to have "time" to test a patch, you're almost inviting viruses. I develop applications full time and also perform virus duty for 40 employees...I don't see why you can't handle 600 if you're doing it full time.
Hey freaks: now you're ju
from the linked BBC article:
"Holidays in the UK, parts of Europe and Japan may also help to limit the spread of the worm."
So many problems are caused by buffer overflow - my impression is that this worm is one of them (but even if it isn't, I still have a question). Why is it that we have these problems?
Often I read something along the lines of: the C programming language singlehandedly invented many of these problems by not checking array boundaries or doing proper garbage collection, or something like this. The implication is that before C other languages did do this.
Is this true?
If so, isn't it just a matter of writing a compiler which checks array boundaries and re-compiling (insert your favorite OS here) with that compiler?
Obviously, I have the feeling this is far too simplistic. I'm a programmer but not a computer engineer. Is there a simple explanation/counter arugment?
____________________________________
a war on terrorism? How can we end a war on a method?
You make some good points - however, I need to also point out that their are some very big stickers on the bumper hitch that says very clearly how much it can tow, and likewise the safe way to do so - and ALSO the very dangerous and potential results of attempting the tow. Their is a large portion of the owners manual dedicated to this feat. From what I understand, if Ford and GM "didn't" put these notices on their vehicles they would get sued for negligence (IANAL) - "That's what it is there for your honor, I thought it would work - their was nothing that said it wouldn't!?!?!".
My main point here is that M$ has their ass completely covered with EULA - do you think there would be any vehicles sold if the manufacturer claimed indemnity due to flawed or negligent engineering? M$ is constantly getting dragged into court for their business practices, but NOT on their negligent or sloppy software - everything is blamed on the uneducated user, how far is that going to go?
With computers used everyday as much as the everyday car - when is the blame going to shift from the end user to those who create the car. The car should be ready to go off the lot, and last a lifetime as long as it is taken care of - there should not be numerous recalls to replace critical engine parts (patches), all there should be are simple oil changes and tuneups (file system cleanup, rebooting, etc..)
I've recently received a notice from GM about a recall concerning a faulty ignition switch that could conceivably catch on fire in the right situation. In corelation this could be seen the same as booting up my computer, and the operating system simply crashing (destroying all my data). The difference is that if the recall was never issued I could have sued GM if it ever happened to me, ie: faulty engineering (ever watch Fight Club for the reasons behind recalls? LOL) - according the EULA, it is my problem for installing the OS in the first place - which is the same as saying it was my fault for buying the car in the first place, regardless of the fact that GM used parts that simply would not hold up.
Windows is just like a Petri dish, a good place for viruses to flourish in and spread from.
My inlaws managed to get this even though they have a dialup connection which they hardly ever use. Are there any hardware firewalls that can be used with dialup?
we can't apply *anything* without formally testing it.. .. which brings the question; is sasser certified to install itself on your system? Because if you're unpatched it probably will sooner or later.
Are bagle or netsky certified? How about bugbear? Claria? Hotbar? Ezula? Cydor? ComLoad? B-S Spy?
What about 'copy-protection' CD drivers or the windows media DRM upgrade? It could well have installed itself the last time you played a CD, many of the copy-protected CD's I've seen patch XP on autorun, with no warning at all.
Chances are one or more of these programs are already installed on your system, you just don't know it yet.
The first requirement of any certification program should be that you run an OS where programs and patches (malicious or otherwise) can't easily install and hide themselves.
455fe10422ca29c4933f95052b792ab2
My company of 15,000 employees and spread out through out the country hasn't had one problem. We all have XP on our desktops. Use UNIX for software development but mainly spend all day on Win Box. No problems. I guess our IT folks know what they are doing. Don't allow that crap to get through.
Losers!
Why do people insist on putting -i at the end of every word that has a singular form ending in s? The plural of iris isn't irii. The plural of axis isn't axi. The whole purpose of the -es plural is that you are supposed to use it when a word ends in s. Why must people emply this queer new form? It just makes them sound like pompous douches -- or is it douchi?
... "abaci" or "abacuses". "cactus" ... "cacti" or "cactuses". And the plural of "genus" isn't "genuses", it's "genera".
It stems from octopus, one of those trivial things where people know that the plural of which is octopi (or octopuses). They then generalize this to assume that every word that ends in "us" can be pluralized by replacing "us" with "i".
Your logic of always appending "es" to a word ending in "s" is wrong. The plural of "phallus" is "phalli" (or "phalluses"). The plural of "torus" is "tori" -- "toruses" is actually 100% wrong. The plural of "modus" is "modi" -- "moduses" is also wrong. The plural of "corpus" is not "corpuses", it's "corpora". "abacus"
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
how did you post your sig without the [mozilla.org] following it?
> We hosted close to 300,000 web sites; both Windows and Linux. Our customer base was roughly 60% Linux and 40% Windows; hosted on a little over 5,000 servers.
...)!
> 3,000 servers running Linux web sites
> 2,000 servers running Windows web sites
Hmmm... where the hell have been working, Redmond? What I see in Frankfurt (Europe's second large backbone after London) is just the opposite to Netcraft too - but in the other direction. In my company are about (50000 servers) 85 % GNU/linux (Debian/RedHat/SuSE/Gentoo), about 10 % *nix (Solaris/HPUX) and about 5 % Windoze. The last part is mostly run from non techies, or based on some dumb management's attitude or used by gameserver hosters (the only reason with some sense).
And from what I see every day someone must really be brain damaged to run Web servers on this M$ crap in the wildlife from every point of view (recources, security, license costs, locked into a company fully untrustworthy
Regards, xcomm
--
[SIG] Somewhere in Texas, there's a village missing its idiot.
--cited from netsharc at http://slashdot.org/~netsharc
Of course, an Accenture person studiously ignored the sign and verbal instructions not to connect her notebook. Luckily she hadn't been infected over the weekend.
It depends on how user-friendly Linux becomes, but as of right now, not at all. If they can successfully learn Linux as it is right now, then they will definitely learn to use Firewalls (which I'm personally against) and Anti-Virus software.
"Instant gratification takes too long." - Carrie Fisher
I find it very funny that your sig is trying to correct their and there, yet you use make believe words like virii in your post.
You are such a fucking retard.
Think nothing is impossible? Try slamming a revolving door.
As for playing CDs, etc: NOT ON MY CLINICAL SYSTEMS. these are *most definitely* not standard desktop PCs.
what it boils down to is i know PRECISELY what is on my machines: from little rubber feet up - I've documented evidence down to precise driver levels and there is *nothing* on there that i haven't specifically placed there, INCLUDING NEW PATCHES that haven't been exhausively tested by me - seeing as it's my signature on those FDA documents...
i'm not sure what your last line meant: can't specifically disagree with it, but i'm not talking about any "certification program", i'm talking about regulatory compliance in a production system.
ok, nice and lovely. they look pretty, too, and i can imagine they'd be easier to support.
however, if you want, say a clinical app that does bedside CRF capture, you need to buy it from a vendor, and i've not come across any that do what we want on macs...
Really,
Stop complaining about viruses and security holes. Most OS'es has them, including Linux. Just take a look on the update lists for a normal Linux distribution from Mandrake, Suse, RedHat or others.
It is not about patching to prevent virus attacks. If a virus can access your computer you have big problems with security, and that is YOUR fault. Don't come and say MS or RedHat or anyone else should fix your network for you.
If you can't afford "any possiblity of data corruption", then in my opinion you can't afford to have this computer on the internet at all. Patched or otherwise.
If you really need to get data to and from the machine, stick it on a LAN with no direct connection to the real world. Or use rewritable CD's, whatever..
Any "Regulatory Compliance" that would let you leave an unpatched Windows machine on the internet is insane.
455fe10422ca29c4933f95052b792ab2
The real problem is human stupidity. People get viruses in their email. They run them. It's supply and demand.
Everybody knows Internet Explorer and Outlook Express are pieces of shit with constant security exploits. When I tell them, they say "I don't care." Those are the ignorant people who will bitch when they get a virus or worm "Oh my god how could I get a virus I'm so careful"
Everybody knows Windows is full of security holes, yet they run it anyway, and give it to everybody they know. There is only ONE reason to run Windows: There is a major app you depend on that does not support Linux (notice I say it does not support Linux, rather than Linux does not support it). Any other reason is pointless. Easier to use? Hardly. You install a patch and suddenly your system won't boot. That's certainly hard to use. I am trying to add a network printer and suddenly it doesn't recognize the remote host. That sounds hard to use.
Now ask yourself this. Of all the people who run Windows... do most of them have a major app that requires it? No. Hardcore gamers do. Some businesses might (though it'd be better to develop a custom app, but I can understand their reasoning still).
Think about what would happen if everybody except those who require Windows were to switch to another OS. Microsoft's market share would be cut in half. Competition would come back.
Operating systems should also ship with more secure settings. I mean, I see all these people saying "Well, if Linux were the #1 OS it would get all the viruses, it's not any better". Well, guess what? Linux itself has very few security patches. I've patched my kernel (and/or glibc and init) probably 3 times last year on my server. That's it. Most security flaws are in BIND or Sendmail, or some daemon that shouldn't be running in startup on a home desktop, but Linux distros always enable anyway.
People should disable all startup services they don't need and install a firewall. And don't tell me "no home user grandma should be expected to do something like that". BULL SHIT! TOO BAD! You own a computer... take care of it. One could say "no casual driver can expect an old grandma to use a seatbelt". It's a common safety practice that everybody should learn to follow.
Hypocrisy is the 8th deadly sin.
The worm is also a suspect for causing big problems in the communications in the New South Wales (that's the Australian state Sydney's in) train network on Sunday.
Isn't that why we have Windows and Macs? hehe...
One of the main reasons that many corporate/commercial servers are still running IIS is because of the ease of use in integrating MS SQL and specific data export services from what the desktop is running: Windows. Umm IIS doesn't intergrate with SQL server or export data. What crack are you smoking, IIS is web server that has ISAPI filters for addons. The Isapi filters are the programs exploited. Last time I checked common MS SQL access is with oledb or ODBC which are standardized.
Have you ever been to a turkish prison?
from: https://www.microsoft.com/security/incident/sasser .asp
Anyone else find this disturbing?
The local security authority service, presumably one of the more heavily audited, security mechanisms in windows, is exploitable?
I mean, of course, we all know Windows is an insecure, steaming pile of shit, but still.... doesn't say much for the trustworthy computing initiative :D
smash.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
You, sir, think like a lawer.
This one will have real legs. You see, in order to cure the infection, you will have to get the cure. This can be gotten from various sources. That will cure it...for now. It will not immunize you from getting it again..and again..and agagggaaggaain! This is because the sucurity vulnerability in windows' Lsass.exe program remains and will remain so for as long as there is a microsoft and as long as they are a predatory computer thug on the face of this world.
You see, to get the fix for the windows weakness that microsoft left in the system for we users and 'buyers', you first have to access their site, not someone else's mirror site, microsoft's site. Not just any access though! No! No!! You have to provide 'special' access to microsoft. Microsoft wants to 'web install' your patch. That means it downloads what it wants to, then runs it....ALL FROM THE WEB!!? And we are also expected to go into our security settings and set microsoft's site as a trusted site just like it was the computer in your father or mother's den on your home network. You are further supposed to trust microsoft explicitly and implicitly for all the content that they download into your machine. You are supposed to accept without question that you will never see what they really downloaded and ran in your machine. You are supposed to never question what they do, however they do it, or whenever they do it!. This from the company that gave you the bug in the first place and lobbied the government hard to make illegal the mere reporting of the existance of these bugs.
Lets run this back and follow another bouncing ball. Lets say that you bought a car from a company like microsoft. It had a defect that could kill you or a member of your family. Somebody found out about this defect and reported it in a newspaper in a letter to the editor and signed it with his name (most newspapers demand this from their letter writers). Under the present laws, that person who wrote the letter could be tried under the terrorism sections of those laws for telling you that you and yours were in danger. In addition, the man could be forced to pay the maker of the car for the potential costs to the company for fixing those cars....not the actual costs....the potential costs. The company would never have to fix those cars because you signed a 'EULA' that said you would hold the company harmless for anything that happened to you and yours in connection with your allowed use of the car. In addition, you were not allowed to fix the car yourself as this would compromise the company 'secrets' and you also agreed to protect THOSE as well. On top of this, if grievious harm came to you or yours as a result of these faults of the company, and after pursuing the company all the way to the US Supreme Court you finally won a case that said the company was at fault, another provision of this same 'EULA' said that the limitation of your ability to collect from said company would be the lesser of your claim or five United States Dollars (actual EULA provisions in some software
'licences'). On top of that, if the company did decide to fix your car, you would have to provide a room in your house for him or her to live while the fixing would be done, and you would have to leave the house and live in a hotel while it was being done. You would also have to leave all your valuables in your house for the company's perusal (secret installation of secret files on top of total access as a 'trusted' user on your network...this also gives total access to all files on your machine[s]). Don't laugh!
This is only a real world illustration of the miserable, tawdry, mendacious 'end user licence agreements' that you and yours sign every day whenever you install a 'bought and paid for' program into your machine. If you really read those agreements and realize what you throw away every day and every time you click yes on these conundrums; if you had an ounce of pride in your evidently worthless hides; you would remove those programs and the operating
"Nothing beats a good educated user."
And its illegal to beat uneducated users...
LASSS is the security policy manager for NT and XP. If that's been compromised, you have to assume it was used to put in a back door. Or to transmit password-type "secrets" to some external site. It may also have changed the logs to hide it. You've got to rebuild and reexamine the entire security policy database. Passwords may have been compromised. Local shares may be exposed to outside attack.
I must be lucky. My logs don't show any attempts to exploit this hole. Not like my linux box cares if they try.
This statement is forty-five characters long.
After wrestling all weekend with numerous client's PC's that were all infected, all running WinXP's built-in firewall, I have to ask - what (exactly) good is a so-called firewall that doesn't block incoming port traffic? And yet Micro$oft continues to state (on their web sites and in press releases) that enabling the XP Firewall will act as your 'first line of defense'. Bullocks! I can document dozens of infections on PC with the firewall turned on and NO PORTS OPEN!
To comapre it to what Linux users would normally see... this is like have a network exploit that is able to modify the PAM subsystem in RH/Linuxes that use pam for authentication....
I don't think the coder is going to come out anytime soon apologizing for sloppy coding, lest he be dropped from the ranks of l33t hax0r to script kiddi3...
I find it very funny that your sig is trying to correct their and there, yet you use make believe words like virii in your post.
You are such a fucking retard.
The misuse of the words "there" and "their" comes from ignorance of their proper use. The use of words like "virii," "vira," and "boxen" have nothing to do with ignorance of proper english. These words are used as slang and incorporate some foreign grammar (like latin or german) into the language. There is nothing make believe about the words I used.
Oh, and a nother thing: Go read the internet etiquette. Do not call me a retard unless you would call a perfect stranger you met in real life a retard. You should stop and consider what you write. For instance, using the lamguage you just used in a bar would most likely earn you a severe beating.
my machines are nicely behind multiple corporate firewalls, sit in a separate domain, and the clients are ACL'd off from our main LAN as well. i take security far more seriously than you'd believe, and there's no way my clients for data capture get an internet connection.
however, a pc that's not attached to anything ain't much use - so what you're controlling here is the (small) risk of having it attached to your main LAN in some way for data export and, say, citrix connection to your main desktop client PCs.
did i say anywhere i'd be dumb enough to leave an unpatched wintel box on the internet anywhere?
my point is that in the real world you don't just go chucking patches on boxes without thorough testing on your preproduction rig, user acceptance testing etc etc - and in my specific case it could actually be construed as illegal to do so.
One hole only? I am glad I do not have you as a security admin on my network.
There are plenty of security issues, for example in Samba, Apache, PAM and many applications and servers in Linux.
Look here for example: https://rhn.redhat.com/errata/rhel3as-errata.html A rather large list of security updates. Kernel, Squid, OpenOffice, you name it.
The reson many Linux systems go unharmed is because there are not so many virus writers that indeed target Linux (or Mac for that matter).
Not long ago Gnome and Gentoo had security breach and their servers were compromised - leading to all packages they provided could have been too...
Linux is not all Roses. Neither is Windows. What is bad are users that believe they are safe without knowledge.
I click on my Windows Update systray icon and a gutteral voice growls "Y'all'r OWNED, boah!"
Seriously, how many viruses require a working sound system? (-:
Got time? Spend some of it coding or testing
Do what you can to improve things, but work with what you've got rather than chucking a hissy fit.
On a different note, perhaps your doc should have been two eye-poppin' pages with a reference to the other 68?
Got time? Spend some of it coding or testing
...then use Linux instead, where you can change one package at a time or pull the source and test one patch or part of a patch at a time. Speeds up testing like you wouldn't believe, and gives you an alternative when updating is critical but the updates also knacker your production systems in some way.
Got time? Spend some of it coding or testing
Well, I'm sitting around here posting on slashdot. I'm a Windows admin at a financial institution. Why don't we have any infections? First, all patches are applied within a week (servers auto rebooted in the wee hours). Yes this is a risk considering some Microsoft patches can cause problems. But the main reason is . . . PERIMETER SECURITY. We have firewalls and IDS, both internal and external. And no one hooks up to our network unless they are patched and scanned with anti-virus. By the way LSASS.exe is the local security provider, it logs you on, and port 445 must be open to use AD and domain logons. Its on by default because it provides basic functionality that the OS requires.
The manufacturer should make every effort they can to ensure the product works 100% out of the box. If you know full well that your Ford Explorer has tires that blow up on impact, you should not sell the product with those tires. In the event that you did so accidentally, you should make the public very aware of the situation and attempt to rectify the problem. Now, Microsoft has done reasonably well on the second account (a patch was/is available) but not so much the first. I think that having something similar to a "recall notice" for Windows OS that is very public could be a step in the right direction.
They certainly don't do well on the first. Ford didn't continue to sell Explorers with the exploding tires after the issue was brought to light. MS continues to sell operating systems that they *know* have exploits against their bad code. I think it would be reasonable to require that code with common exploits for it be labeled as such on the outside of the box. If there were big stickers on the Win XP (no service pack) that was still available in stores that said "This product is vulnerable to a large number of exploits and contains security holes, you must connect to the Internet with this OS, opening your computer to infections, before you can patch it" then people would be properly warned before buying it.
Preferably, I'd require that Microsoft send you (via express mail or faster) all patches up to the date of sale upon notification of purchase. That way, they can save the money of the extra shipping by only putting solid products on the shelves, and you can properly update your computer before having to plug it into a network.
Except for the fact that MS has more money to throw at lawyers than most, I think they should lose a negligence case against them. The patches are not included in new OSs sold in stores. The patches are released on the web and require constant customer diligence, and even then the patches are often buggy enough that they are not of the quality needed for large deployments (you crash if you get the virus, you crash if you install the patch, so you are doomed either way)
Learn to love Alaska
However, I was talking about my home network. An enterprise network is different - but then there are usually people paid to administer it.
So the only hole that affected me personally was the one in OpenSSL libraries.
The point I was trying to make is that in Linux you can examine yourself all pieces of software that you trust - i.e. networking code, firewall, ssh client.
If you find a hole or just think the coding is bad you can discard that piece.
With Windows there is a single point of trust - Microsoft. Either you trust Microsoft or you don't.
Oracle Clinical: http://www.oracle.com/industries/life_sciences/ind ex.html?content.html
Additional features and support provided by Westat. They're currently working all of the CRF collection for Phase I/II/III NCI trials.
"One touch of Darwin makes the whole world kin." George Bernard Shaw
...to put those 220,000 man-hours a year into refining OSS versions of the target apps you're interested in, so you can roll them out on MS Windows. Once that's done and everyone's used to it you can swap tablecloths underneath the crockery with nary a ripple. Goodbye, spyware. Goodbye, porn diallers. Goodbye, DRM.
As a side bonus, your company will have become famous, you will have significantly raised the skill levels of roughly 100 of your employees, your applications will do exactly what you want them to do, and will work equally well on a management consultant's W2k laptop, your wife's Mac or a remote office's Linux gateway server. Possibly also on your 'phone or PDA.
If a dozen suitably sized companies put in that much effort Microsoft would be history, the computing playfield would be totally different, productivity would skyrocket and there would be no next Sasser worm.
Oh, and sooner or later there would be an end to the haemorrhaging.
Got time? Spend some of it coding or testing
there isn't 220,000 man-hours to spare. the point was is that continuing to run microsoft windows is by far the cheapest way to go. the patches cost is minimal if dealt with correctly.
btw, chances are that the haemorrhaging would end shortly after the chapter 11.
I read the journal entry linked in your sig. You have an excellent grasp of the difference between there and their and I applaud your efforts to educate the teeming millions.
Unfortunately, your journal post is archived so I can't reply there, but as one pedant to another (aspiring one, at least) please review this sentence from your journal entry on grammar:
I have nowhere else to write but in my journal, hoping to reach out and educate the american public (and anyone else, who do not know the difference between "there" and "their").
If I may, I'd like to suggest that your next lessons be, in order: (1) subject-verb agreement ("anyone else does," not "do," (2) capitalization ("American,") (3) comma usage (with special attention to when commas should not be used, such as is the case with both of yours), and (4) proper relative ordering of quotation marks, parentheses, and periods ("This parenthetical quote is properly punctuated; yours isn't.")
Of course, by then you'll probably have picked up why your sentence structure is fundamentally flawed (hint: a semicolon and "I'm" instead of the comma before "hoping" would fix it.) Keep up your studies and spread the good word as soon as you learn it!
everything in moderation
Since I feel like burning some karma, and to explain (not excuse) myself: English is not my native tongue. I try to use correct spelling and grammar whenever I can, but sadly english grammar is very far that of my native tongue, and being a programmer I tend reverse the order of quotation marks, parantheses and periods.
"This is a sentence written with programmer grammar". The idea is that a string is a single token and should not be mixed with the period which is another token.
I will be reading up on english grammar, but I won't be preaching about it's proper use before I have a better grasp of it myself.