Slashdot Mirror
Sasser Worm Disruption Growing
thebra writes "Yet another virus is causing problems with Internet Explorer. "Sasser, unlike a virus which travels through e-mails and attachments, spreads directly from the internet."A removal tool can be found here."
I still am of the opinion that it doesn't matter how many patches M$ releases. The fact is, we need an educated user base. So many people continue to use computers without knowing the full risks associated with them.
The Internet is great, broadband is great, computers are great. But as long as people are willing to give up their passwords for chocolate and have no clue what a firewall is or what it does, this problem will continue to plague everyone.
Nothing beats a good educated user.
Proudly supporting the Libertarian Party.
You forgot to mention that "sasser" only infects windows machines.
It should be the default assumption that since it is a worm then it only infects windows (the same goes for virii of course). I would think that it would be worth mentioning if it infected anything besides windows boxes...
What it tells us about Microsoft, is there are people out there who cannot take care of systems.
This includes Linux boxes and Mac boxes as well.
Wake up and smell the damn coffee, it's not a problem exclusive to Microsoft, as much as some of the Linux rah-rah club would like to think.
Why is it OK for Linux to patch the hell outta itself but a damn near capital crime if Microsoft has to?
Grow up.
Microsoft released a patch, people did not install the patch. Who's fault is that? None of the 1000+ systems in my office were infected because I'm intelligent enough to have policies in place to prevent stuff like this from happening.
Perhaps that MS products are more widely used than anything else?
The poster called Sasser a virus, then proceeded to give a definition that said it was not a virus. No offense, but was the poster actually reading what he wrote?
What the hell has a worm that attacks through non-HTTP traffic and downloads its body through a built-in FTP client got to do with Internet Explorer?
If you're going to bash Microsoft, at least bash the right frickin' part...
The Slashdot Paradox: "100% Overrated"
Here is a fast, cheap and reliable way to fix this problem:
* Buy a hub/router with builtin firewall for about $40 to $80.
* plug it in.
There you go.
It's a strange problem, security. Educated users are key, but because Microsoft has the largest market share, they also get the largest number of uneducated users. What will happen if Linux eventually completely replaces MS products on the desktop? Will they have the same security problems?
It is very apparent that using Windows is like living in a high-crime, blighted neighborhood. You try and try to live a normal life but at any moment something bad could come along.
Why people continue to choose Windows is beyond me. Linux and Mac OS X are more secure and more powerful. And oh yeah, cheaper. Sure you get Windows when you buy a new machine. But that's like offering a poke in the eye with a pointed stick with every purchase.
Sasser is mostly annoying. It causes your computer to restart repeatedly, while scanning nearby ip adresses and spreading itself to them (if they're not patched). Doesn't sound too bad does it?
Well, even though it's "just annoying" and "poorly written" according to F.Secure, it caused Sampo (a large bank in Finland) to shut down yesterday. Both computer networks and telephony systems were hurt. The same happened to If, a Norwegian / Swedish insurance company, and today another Norwegian insurance company had to halt operations (Vesta).
So even annoyances can stop entire operations, and thus we can say that it's a pretty serious problem until most (Windows) computers are patched.
I'm not sure why everyone is so hopped up on these removal tools. It seems to me that after being infected with a worm that installs a back door, more people ought to look at reinstallation from known good media.
Biggest Windows vulnerability ever, again. How many times have we said that this year? At work, it's begining to feel a bit like a duck and cover drill.
-Peter
. Penguins Surely Ca
That depends on whether the Microsoft patches you have installed don't actually do more harm than good.
For other than this particular exploit, it also depends on whether another exploit is made available before a working patch is made available for a publicized (or not!) vulnerability.
In short, no. You may be safer, but you're not safe.
--
Hanlon's Razor - Never attribute to malice that which is adequately explained by stupidity.
"Never attribute to malice that which is adequately explained by stupidity." - Hanlon's Razor
Yes. Because Linux IS inherently secure?
Or maybe, just maybe, computers are inherently insecure?
"If we let things terrify us, life will not be worth living."
- Seneca
"I'm sitting here with my phone ringing off the goddamn hook"
so are you telling us you'd rather let the phone ring and read slashdot and post comments instead?
A. Guy takes home corporate laptop.
B. Plugs laptop into phone-line / uses internet
C. Gets infected
D. Takes his laptop back to the job
E. Infects the entire LAN *FROM THE INSIDE* while the firewall hapilly keeps the fire "IN" (instead of out).
If you fire anyone, please fire the laptop-owner.
This unique sig is intended to make this user more recognisable.
More like capitalism punishment.
If after all the bullshit that companies went through with Blaster, they didn't sit down, get a team of smart IT people together and implement solutions to stop worms, then they don't deserve customers business.
Darwanism at work. Those who don't grow immune to the poison, die from it.
Yes Francis, the world has gone crazy.
Well in this case, yes.
Sasser exploits a hole in Windows. A patch for this hole has been out for about three weeks.
Moral of the story: Keep aware of the Critical Updates. You may not need to apply every single one of them, but at least be aware of what they are, and what problems they are designed to fix.
I'm not crazy,I'm actively irresponsible.
Correction; You had a zonealarm that was set up wrong.
Blocking port 445 from inbound traffic secures the computer against this worm.
Also the failure to install a critical patch that has been out for two weeks is called 'stupidity'. Using a windows box connected to the net is already something close to extreme sports. Doing so without regular windowsupdate visits is like extreme sports blindfolded without a helmet. You are *bound* to get hurt.
As a *NIX and Windows admin I'm sitting at home without a care in the world. You see I use a "firewall" to "secure" our "network". Let me know if you need help with the big words.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
Microsoft, Linux, Apple - all platforms need to have this drilled into their brains, coding, and documentation repeatedly with much force! Microsoft is a target because they have angered so many with their *business* activities and sloppy coding. How long before Linux joins them?
I am an avid Linux user - The only windows machines I have are for client applications that I can not run on Linux.
Most of us (yes, me included) when we scratch an itch, make it work for ourselves, not for the world in general. If we are to produce Secure, Stable and Safe programs, then we need to have a tool set that allows us to build them without thinking about it, or we need to all think about it with each app released into the wild. Asking Joe User to know enough to run a secure platform is like asking all people to be able to self serve everything in their own cars, appliances and bodies (i.e., no mechanics, repairmen or doctors needed).
'It aint gonna happen!' All of these are way to complex and most are changing faster than most people can keep up with. So, it needs to fall back on our shoulders (the developers) to make this happen. The question today (as in so many other days past) is what can we Linux developers learn from Microsoft's mud? What are the issues that are allowing these things to happen and how can we prevent them? I hope everyone has heard this before.
And, more importantly, how do we get qualified people to itch this scratch to completion? It seems to me that the world in general would benefit most from a programming tool set that built these solutions in, and that is not going to be an easy task. Microsoft is trying to address that with .net, and is still not on target (or anywhere close from what I have seen). Java tried to answer that, but it has fallen far short of what is needed.
I really do not have any answers to this. One of my bet friends has explained to me the complexities of building compiler systems and writing your own languages. Those complexities alone are big issues. I would love to read what other /.ers have to say on this issue.
InnerWeb
Freud might say that Intelligent Design is religion's ID.
And now compare the number of users using apache and mod_ssl against those using windows and the number of windows outbreaks there have been over that two year period.
Well, even though it's "just annoying" and "poorly written" according to F.Secure, it caused Sampo (a large bank in Finland) to shut down yesterday. Both computer networks and telephony systems were hurt.
I'm concerned about what'll happen when some more competently written worms get written, with some highly destructive payloads triggered at a certain time, or by some certain network event.
At the moment, most of the disruption is directly as a result of the worms spreading, with network connections being swamped. If worms were to actively trash filesystems, or (more dangerously) subtly mess about with data in spreadsheets, databases etc, it could be horribly expensive to sort everything out, and genuine, lasting damage could be done to businesses.
You'd think the current worm and trojan problems were enough to jolt people into a more security-aware frame of mind, but it seems we're fighting a losing battle to educate people before some polymorphic, ultra-subtle worm with no (initial) obvious effects will strike.
If such a thing were to wreak havoc, there'd probably going to be a major backlash against Microsoft, even though computer security is partly the responsibility of the user, too.
I'm no Windows hater, but these exploits reinforce my opinion that no Windows machine should have a publicly accessible IP address.
We run Windows on our network here, but we have a Linux box with IP masquerading enabled connected to the Net, so the only exploits that could possibly work would be 'stupid enough to open the attachment' types, as you can't target any of our Windows PCs from the outside world, only our Linux box.
Sure, some of the ports Windows leaves open are useful for things you might do on a corporate LAN (Active Directory, RPC, and such) but these things are next to useless for the larger Internet. If they don't want to fix the holes before someone has exploited them, or code their systems properly, then Microsoft could at least make it so that Windows leaves NO generic ports open on public/WAN interfaces.
ZoneAlarm and other personal firewall products are good, but can only provide so much protection from things like this, since they are running on the machine that is targeted, the attack has to reach the box in order for them to react to it. A separate firewall box (PIX, SmoothWall, etc.) can stop the attack before it even reaches the internal network.
A physical security analogy would be the guard at the main lobby desk vs. the guard at the front gate.
Poor programming by Sasser's creator makes infected machines shut down.
That should make the writers happy... that their ineptitude made global news.
I am not impressed with the foo of these cut-and-paste virus coders. There was a time when it was actually difficult to code one of these things, but come on... they are open-source now.
No-kung-foo-required.
Sasser is a WORM not a virus.
Worm - Independent program that replicates from machine to machine.
Virus - A program that can "infect" other programs by modifying them to include a, possibly evolved, copy of itself.
Somehow I don't think they're going to ignore a guy mugging an old lady because they won't be able to write a report about it afterward.
So many people continue to use computers without knowing the full risks associated with them.
/. but the fact is that most people don't give a shit about how computers work - they just want them to work like an appliance. That's why we have jobs.
You're mad. I know this is
An educated user base? Hah. AIDS is still spreading and you're worried about a computer virus?!?!?
"Never attribute to malice that which is adequately explained by stupidity." - Hanlon's Razor
Yeah, but Joe Twelve-pack won't have his XP firewall turned on if he doesn't know to enable it... at least not until XP service pack 2.
Could all virus and worm writers just lay off for a couple months? Thank you.
Forget bad coding for a minute... Microsoft wouldn't have half the problems they have if they would simply not choose the most perversely stupid default settings.
You are in a maze of twisty little passages, all alike.
Pick two out of three :-).
:).
Nearly all my systems are Linux based or updated with the latest patches from Redmond. But I have here one box running Windows 95, daily used for email and browsing, behind a firewall that's as locked down as possible. On the other hand, the last security update or virus definition download happened at least three years ago. And yes, the common sense topic also applies, because I've trained my wife (the main user of that box) from day one to mistrust any attachment.
So, this box, without being updated, has over the years always been virus free. And probably its chances are getting better by the day, because who is writing virusses for Win95, or IE4 or even WordPad....
Colleage of mine is already working a week to install XP on a new notebook. While connected to the net (only sw firewall, no hw router) to get the Windows Updates, she got hit already. Of course I told here she was stupid not to buy a firewall box first, but oh well, who listens to me
Conclusion: get that firewall and use common sense!!
Browsers shouldn't have a back button!! It's all about going forward...
A firewall is all well and good until someone brings an unsecured laptop in and plugs it into the network. Are you tell me that no one in your organization has a laptop that they take home with them. What's the chance that they may plug it directly into a high-speed net connection at home without a firewall?
I'm sorry, but even companies that aren't getting hit by this still paid the price.
We ran around frantically patching every $#%@#^ windows box at the company after the patches came out. Installing patches wastes users time, administrators time, everyones time. I know it can be automated, but its still a pain and you have to check every system anyway.
And whether or not you get a worm on your systems should not be the deciding factor of whether you deserve the customers business. Are you really saying that a record company that effectively blocked this worm deserves my business? Please don't start an oftopic rant about the RIAA, its just an example.
You probably said Yes when ZoneAlarm asked if it was OK to let LSASS access the Internet.
Power off before disconnecting connecting connector. Seen on a cash register
Really? Who do you know that knows the FULL risks associated with using computers? Before this worm, I didn't know what port 445 was for - but I knew I had it blocked on my firewall. Maybe you are talking in a perfect world, but there is ZERO chance that all computer users will realize the full risk of using them. If they did, they wouldn't be using computers. I have been using computers since the early 80s, and I don't claim to know all the risks associated with using them.
I am not anti-computer-education, but what you are talking about is a pipe dream. For jebus sake, we still have people wiring their life savings to people in Nigeria, and guys buying penis enlargement pills.
My beliefs do not require that you agree with them.
A. Guy takes home corporate laptop.
B. Plugs laptop into phone-line / uses internet
C. Gets infected
D. Takes his laptop back to the job
E. Infects the entire LAN *FROM THE INSIDE* while the firewall hapilly keeps the fire "IN" (instead of out).
This actually happend to us last year.
If you fire anyone, please fire the laptop-owner.
Uh, problem being that it's good odds that the laptop owner is the boss of the people wanting to fire someone.
My Karma: ran over your Dogma
StrawberryFrog
All this really resembles me to the Y2K problem.
The difference is, that we could sit down, make a plan, inspect all PCs, have stickers for OK machines, etc.
And there were far less problems than with an average worm nowadays. Imagine if the Y2K problem would have been as big as a usual worm hit. (several middle to large companies affected for a couple of days)
Vajk
If enough machines get infected you won't have to worry about anything. The network will be flooded.
Seriously folks. Microsoft release the patch 21 days ago. If the worm came out before the patch I would be more critical but it didn't. Hopefully Microsoft decided to turn on automatic updates by default in service pack 2 for XP.
It's funny how articles claim that the worm has caused all kinds of damages -- from banks to postal systems, to transit systems. The tone of the article seems to lay blame largely upon the worm itself. This is absolute horseshit. If users (and IT personnel) at these governments and places of business were responsible enough to do their jobs and ensure that computers were adequately patched, this problem never would have occured.
Furthermore, if personnel took a single iota of initiative by installing and maintaining a simple firewall -- these issues would have been far less widespread (although this can still be spread through a network via infected laptops brought in from a home network). The important thing here is that the creators of this worm, the IT groups who let this happen, and the individual broadband users affected really share blame for the spread of this worm. Let me use an example, if you live in a shitty neighborhood and you leave your door unlocked, you are partially responsible for some jerk breaking into your house -- sure, they broke the law, but you helped facilitate that.
OK, one more topic to rant over then I'll STFU. I see alot of Slashdotters blaming Microsoft for this problem -- saying that running Linux or xBSD would solve this problem. Bullshit, fanboys. I am a Linux/Free software advocate and that argument is absolute bullshit. Every once in a while, remote exploits are discovered for these Free products. Most of the time, patches for these apps are released right away -- faster than their commercial counterparts are able to react. The users will still need to be smart enough to apply the patch. Well, in this case, Microsoft's patch was available before an exploit was in the wild. The reason why this worm is so widely distributed is because the user base (and administrative base) is large enough that there is a large cross section of people who have no idea what they're doing.
If Windows went away tomorrow and Linux became the defacto standard, we would have the same issues. All of those MCSE's who allowed this to happen will become RHCE's who will still allow something like this to happen. That certification doesn't make them any smarter -- bad admins are bad admins. Clueless users are clueless users, regardless of the operating system they use. It's easy to blame Microsoft for this, because they have deep pockets, a huge market share, and shady business practices -- but all code has bugs. Microsoft did the right thing, their userbase just wasn't smart enough to do the right thing.
-Turkey
OK this sasser worm can install istelf open a few ports, serve files as an FTP daemon, place itself where it pleases, and gobble up your network.
Other virus's do all sorts of nasty things, but they all seem to stop short of REALLY bad things. Search for files they can delete, look for a network drive and have their way, find interesting files and mail to random people, rename this or that to render the machine useless.....
To me this seems very strange. Is ther some kind of virus writers code that has some small bit of ethic? Is there some undergound society that meets the 3rd wednesday to discuss safe virus exploits? Does Microsoft create these things to get people to upgrade? Maybe McAfee and Norton are funding them and they just want a profitable year?
Now I am not asking for this kind of damage, but as my boss points out he has no reason to switch to anything more secure because nothing really bad happens.
Bah...like Linux or OS X or BSD or Solaris are any better. Nobody really has desktop patches down all that well, the users make the machines too personalized.
Plus, any OS that has 95% of the desktop market is going to attract worm/virus writers, and I don't care how open or closed source the code is. If things were reversed and Linux was had hundreds of millions of installs it'd be hacked to pieces. Even now I get all kinds of patches on my RedHat and SuSE boxes, it's no different than Windows.
It's easy to maintain and patch 10K servers of any kind because you have control over everything. But any kind of desktop support is going to suck major a$$, regardless of the OS.
In reality, computers just plain suck. They're still very young compared to, oh I don't know, combustion engines...the human body...the planet's ecosystems.
I know it's a pain, but the question is.
Is the one time pain of deploying an automated patching system greater or less than the 3 or 4 times a year that even if your networkd doesn't come to a grinding halt, you've got to spend 4 hours going cube to cube and deploying patches.
Our solution was to deploy a centeralized controlled distributed firewall system inside our internal network. The best defense is a good offense.
This allows us to from C&C (command and control) to proactively block ports and sample traffic from any machine on any subnet.
Hense, even if sasser were to come in from some laptop and that person plugged their laptop into our general purpose subnet, 99 percent of the machines on all the subnet have the offending incoming ports blocked and as soon as it sees traffic for that port it'll send me a report.
Also, this combined with an agent that lets us push out patches and auto updating virus software allows us to stay ahead of the curve.
Yes Francis, the world has gone crazy.
>Actually your probably not doing it intentionally but your just repeating Microsoft marketing-speak
8 14 ,92037,00.html
So someone at Microsoft wrote this article and invented all the facts in it?
http://www.computerworld.com/printthis/2004/0,4
And you should know that I am NOT a Microsoft shill.
I'm not excusing Microsoft, I just think someone out there has an agenda that is different that the typical worm-writer's.
I don't know the meaning of the word 'don't' - J
Exactly right about breaking things. I found this patch broke Kerberos Authentication when double hop's are used. It broke a lot of our Intranet applications. Fortunately, we are firewalled and our internal MS machines were patched. I'm waiting on MS to resolve the issue so I can apply the updated patch.
I think you've missed the point.
1: There ARE more web servers out there running Apache than anything else. So, why is it that there is an unbalanced proportion of these boxes remaining intact and and with 99% (sic) uptime than the Windows boxes?
2: Apache runs properly with fewer system resources, hardware and preventative maintenance than Windows. Set & forget, to a great extent.
3: One of the main reasons that many corporate/commercial servers are still running IIS is because of the ease of use in integrating MS SQL and specific data export services from what the desktop is running: Windows. If from your average net admin's perspective, they could easliy and definitively state to their bosses that they could run a given database server on Apache for X dollars instead of on MS for XXX dollars, they would do it. It is difficult for the admins on two fronts: a) persuading their employers that a free product could possibly outrun what the so called market leader has provided, and b) if something goes wrong, fewer heads will roll if they're using MS instead of a "free", "open-source" product that, in the eyes of their employers was a gamble to start with.
This will all change VERY soon.
It's all a mind game....
How about firing the genius who lets laptops connect directly to the internal network? It's a laptop, the whole point is that it's portable. It should be assumed that it will be taken somewhere else and connected to untrusted networks. At your facility, you should connect laptops to a purgatorial network between firewalls, so that they're protected from the outside world but don't have unrestricted access to everything on the inside. It's just common sense.
My point wasn't that M$ has absolutely no guilt in the matter. You bring up a good point by comparing the issue to driving. BOTH parties are responsible for using the product correctly and safely.
The manufacturer should make every effort they can to ensure the product works 100% out of the box. If you know full well that your Ford Explorer has tires that blow up on impact, you should not sell the product with those tires. In the event that you did so accidentally, you should make the public very aware of the situation and attempt to rectify the problem. Now, Microsoft has done reasonably well on the second account (a patch was/is available) but not so much the first. I think that having something similar to a "recall notice" for Windows OS that is very public could be a step in the right direction.
However, it is also the job of the consumer to be educated in their use of the product. A Ford Explorer is perfectly capable of towing a boat, but Ford does not necessarily include the right tools to do so. It may have the hook thingy in the back of the body (pardon my lack of vocabulary) but if you try to tow the boat behind with a rubber band, it is not Ford's fault you were uneducated about that decision. In the same way, Windows is perfectly capable of being an OS that can be connected to a network to transfer data. But if you decide to do so with a DSL modem that has no firewall, that is not Microsoft's problem. In that regard, MS has made the attempt to educate their user base (link) , but it is up to the consumer to read and educate themselves at that point.
When this worm could have been stopped very easily with a properly configured (and inexpensive no less!) firewall, I find it hard to pin all the blame on MS.
Proudly supporting the Libertarian Party.
Send them your post instead of a 70 page report. Mgmt sees 70 pages as a way to try to confuse them into making a decision. They want a one page answer. Doesn't make it right... but you need to work within the system to work the system. No different than a computer really.
Yeah, but blaming stuff on IE is really good for Slashdot's parent company, VA Systems, or whatever they've called themselves now to grope for profitability.
Their ignorance? What about yours?
A new computer is like a new baby. You need to inocculate it or it'll get sick. If you're putting out in a wild environment without protection -- and a suitably large organization is almost as bad as the internet itself -- you're just asking for trouble. The best way to prevent this is to patch it up to a useful level behind a one way firewall. An even better way is to update your corporate ghost image once a month so you're never more than 30 days behind in your patches.
Furthermore, the days of agressively testing patches should be over for everything but servers. Let your employees run autoupdates and if one of them does break your machines, roll it back. Servers are a special case, because if you lose the TCP stack on your mail server it's much worse than if Ted from Marketing loses his.
Management doesn't want Linux because they don't want to lose days learning an alien operating system when they already have YOU to do the job of protecting them from viruses. What would you say if your plumber told you that to unclog a leak, you'd have to buy a new house?
Hey freaks: now you're ju
A genetic algorithm is also something different to what YOU think. What qqqqarl is suggesting is actually quite possible and intriguing.
The very existence of multiple instances of the code, with the ability to mutate by altering parameters or even parts of the worms algorithm automatically leads to the conditions for evolution of an improved worm. The very survival of the worm long enough to transmit itself to produce duplicate or mutated instances _is_ the selection process and a measure of its 'fitness'. 'Natural' selection at work. How effective this is is dependent on a number of things, particularly whether the infection of a host will block future infection by another instance of the worm, and how the worm affects the host. The parallel with natural viruses comes to mind, a virus has no purpose other than to reproduce. It does this by subverting a host. If it is too effective and kills the host rapidly, then its virulence is limited if it relies on the hosts continual operation to be transmitted. Hence Ebola is far less widespread than AIDS because the former zaps the host too fast, whereas the latter gives the host plenty of time to spread it around.
Evolution without sex appears to be less effective (and less fun) but is still a valid method of a searching a parameter space for local and global optima. I also recall doing some experiments that seemed to indicate that certain problems are easier to solve without introducing cross-over through mating of selected pairs, but just relying on parameter mutation. Something to do with the particular fitness function over the parameter space selecting against large jumps.
Dont forget that your predecessors had to do without sex but still managed to get along and produce you in the end.
The idea is interesting and one could imagine extending it to include sex by allowing worms to meet up and share some of their parameters in order to produce offspring. The chances of them finding each other on compromised machines would be improved using irc, and maybe even turning every N'th machine into a 'worm' speed dating platform. The possibilities are endless.
Wouldn't it be fun if it was actually something that wasn't destructive. I wonder if there is actually a 'good' application for this type of evolving distributed algorithm? What ever happened to the idea of Intelligent Agents that was all the rage a few years ago? Using the parallel with nature, I can't think of any symbiotic viruses, but there are many instances of symbiotic relationships between hosts and bacteria. Are we going to see a white hat virus one day(other than simple patching viruses that naturally die out), or is any foriegn code naturally excised out of principle? Probably.
If my computer was a flower bed it would have the biggest and brightest flowers on the block. But instead I have to patch the OS time and time again. If it were a boat it would be nothing but overlapping patches; at least it would make a great anchor. Something's got to give. I can't have a system that keeps crashing, or waiting for patches which maybe worse than the disease, and then praying that the system works and that what ever it was didn't kill anything important. Sigh, :-(
Perhaps if you people stopped referring to patches and vulnerabilities as hard-to-decypher combinations of uppercase letters and numbers, and started calling them by short explanatory titles, others would be less confused. Sheesh! You'd think we're back to the mainframe days. In this century, you people are absolute fucking idiots if you're still running around using irrelevant numbers to refer to anything.
STOP THROWING AROUND FUCKING NUMBERS AND JUST SAY WHAT THE PROBLEM IS. ELITIST JACKASS!
This is a very typical mistake. Management, especially senior management does not read 70 page long pamphlets about a topic that they most likely don't understand.
Write a very concise executive summary, comprising no more than two pages, outlining in an easy to understand language why switching to Linux will be beneficial to your organisation. Emphasise on cost and security and explain the interdependencies. Also explain the business freedom your organisation will gain (management decides when to make major changes to your infrastructure, not Microsoft etc.). Preferably get a colleague with an idea of management's language to help you with it.
It's like every business pitch: First you get them hooked with what they really want, then you get the stuff in that you want.
I feel so sig.
I wrote a 70 page document explaining why we should switch from Windows to Linux.
Maybe if you spent the time patching machines instead of writing proganda your managment would have more faith in your decision making skills.
In that case, you're just tough out of luck, because there have been plenty of exploitable Linux and OpenBSD patches in the last couple of years. In fact, if you're a server manager, you might look through Slashdot's history for the last year. Somewhere, there was an article pointing out that the majority of the actual server breakins were not on Windows servers. After all, how could they be since there are so few Windows servers. People breaking into servers are more than happy to encounter an unpatched Linux or OpenBSD machine.
I've got both Windows and Linux machines and have them both fully autoupdating. They only time I've ever had anything "break" due to autoupdating was when one of Microsoft's patches about a year ago caused machines running Norton Antivirus to slow down in some activities. Yes, 4 or 5 years ago when NT was the game, it was different and the patches tended to bite you. But it hasn't been that way for a long time.
Overall, I'd say the risk of a patch breaking something on your specific machine (as opposed to a few random thousand of the 100s of millions out there) is much lower than the risk of a virus hitting you while you're "testing" the patches.
I think that the real driver for people using your excuse for not patching is one of responsibility shifting. If you don't patch and get hit by a virus and its not an extreme case like taking more than a year to patch, you can whine about MS even though it was really your choice to bet the farm on 10:1 odds just because whining about Microsoft is a popular thing. If you do patch and you encounter that more rare condition that the patch busted you, you'll catch hell for patching without testing. So, not patching is the safer bet for you, patching is the safer bet for your machine.
If you don't believe me, Google around for articles about patches breaking machines versus articles about viruses breaking machines. I think you'll see that some of the latest viruses and worms hit in the many millions, whereas the problems experienced from patches hit in the many thousands or are not completely debilitating.
I work for a global top 50 company, and they quickly realized that we needed a strategy for securing our environment within a few days of patched being released. Our WINTEL group tests the patch for 2 or 3 days in a production environment, then sends it to a pilot plant who tests it for a day, then it's released to everyone else. Is it a pain to have to patch all our machines on a deadline in a production environment? YES. Does it work? YES. It can be done in a relatively short period of time in a very large production environment. Is Windows the greatest thing since sliced bread? NO. But we have to use it so we cope.
You speak the truth. However, as always, the car:computer analogy fits here. If you think about what you need to know to use a car, it's not very complicated. There is a core set of knowledge that you need:
1. Operational (How to turn it on/off, put it into gear, brake, accelerate, speed, re-fuel, etc...)
2. Navigational (How to get from point A to point B. Understand traffic flow and direction. Read signs and street lights, etc...)
That is the bare minimum you need to drive a car. Many people these days seem to just barely know (or care) about any of that. In addition there is extended knowledge:
1. Maintenance (Get your oil and filters checked/changed. Tune-ups. Fluid checks. Cleaning.)
2. Enhancement (Learn more about your engine to get it performing to the best of it's abilities. Understanding the interaction between your car's tires, the road and aerodynamics to get the most out of your car)
3. Interior/Exterior Decor ("Trick Out" your car and add high performance with stickers, spoilers, tailfins and fartcans. Make sure your stereo can tip off Richter scales for miles around, etc...)
Very few people ever get to that level of knowledge. There really isn't any real reason for "Joe Average" to get there. But as far as the core knowledge goes, would you want someone out on the road who can't read directional signs, doesn't understand the concept of direction (N, E, S, W) or speed limits? Trust me, I see people on the road every day who appear to be lacking these basic skill sets and they are largely responsible for the accidents we see regularly.
Apply this to computers, and you can see that we are, indeed, in a sorry state by comparison. Again, there is a core skill set that a computer user SHOULD have to be fairly competent. But it's much more complex than what is required for driving a car:
1. File System - An understanding of how files are organized in an OS is very important at this point. It's a LOT like knowing how to read a map and get from point A to point B. Sadly, most users DO NOT have this skill set. In the interest of being "user friendly", applications like MS Office have attempted to abstract where files actually are located. This harms the user because if MS decides to change the location in a new version of the OS or program (My Documents has moved from where it was in NT 4.0 compared to Win2K and WinXP for example) then the user may think their documents are "gone". Tools like "Find Files" aren't any better at helping either because the user will ignore the path and just double click the file to have it open in Word. Or worse, there will be a "shortcut" in the "Recently Used" section of the Start Menu. I ask you, would you set up a physical filing cabinet this way with post-it notes in folders saying "This file is in Cabinet 35, Drawer B, Divider 2, Folder 12"? Shortucts (and sometimes symbolic links in Unix) are a BAD IDEA.
2. File Types - One of the worst things about most OSes (Macintosh pre and post OS X excepted) is the non-existence of standard file types. Part of this is due to the fact that file types and data types are a moving target. HTML files didn't exist in 1984, so a Macintosh from back then wouldnot have had a built in association with an application that could read them. In the Windows world, the association between application and file was (and can still be) manual procedure that will perplex most users. Considering how much data and file types come and go and change, I am still wondering why there is no DNS type of system for file types that any OS worth it's salt would hold to. Imagine... a central DNS like repository that holds a database that an OS queries: "I have a file with the following type: x-application-doc. What applications should I use?" The server responds to the OS: "mswin-winword.exe, mswin-soffice.exe -writer, generic-unix-soffice, linux-kword, multiosapp-abiword". Then the l
Who is Twirlip of the Mists?
Well, yeah, frankly ComputerWorld has been known to take a pro-Microsoft stance. As has been reported elsewhere in this thread, this was reported to Microsoft in Oct of 2003 by eeye. It was almost certainly exploited before this by people smart enough not to use 100% of computer resources or cause the machine to crash.
Okay, I just finished reading most of the posts regarding RedHat's return to the desktop and this post just f@#$'n kills me.
MS spurts and spouts about ROI and "real" costs yet nobody seems to be able to add up the real dollar impact of these almost daily security issues and breaches that are bring businesses to a screeching halt!
Its almost like the current US administration. You know... if we say it often and loud enough they're bound to start believing us...unfortunately I think up until now MS has been successful at convincing most that its security woes are the falt of script kiddies, terrorists and the like and is probably reassuring the big ones that once their "Trusted Computing" solutions are implemented all will be right in the "free" world again.
If Linux has a real chance it will be in the next 2 or so years so the "community" better get its ass in gear and start making a demonstrated effort to capture the hearts and minds of the desktop users who were one of the biggest reasons Windows 3.0 was adopted by the business mainstream... remember!
unlike a virus which travels through e-mails and attachments, spreads directly from the internet.
I hate to nit-pick, but Email I think is classified under "the internet". Does he mean via http?
It depends on how you look at it. From the perspective of the average user, if the network is down then "IE is broken".
my sig's at the bottom of the page.
Except that most people will just click yes because they have no idea what they are doing.
All they know is that "clicking yes" makes their IM client work or game work.
Asking if it's ok to do something hasn't stopped websites that install spyware, "comet cursor...sure sounds good...spyware crap toolbar, wow that sounds useful!"
What makes you think it'll work with firewalls?
Finally, clicking "always" makes the notices stop comming up. Imagine the machine is being pummeled by Sasser and notices keep popping up constantly asking to allow inbound traffic.
Unfortunately the only real solution is also the most impractical...cutting the luser's network cable.
You simply have to do what I do on my home PC. Use ZoneAlarm for a firewall and Moziall for the web browser and e-mail. If you're using Internet Explorer or Outlook Express and you don't have to then you're crazy. OE is full of holes and I wouldn't trust any web browser that's integrated with an operating system for exactly the reasons you've mentioned. If you use ZoneAlarm at home, keep your system patched and don't use IE or OE then your perfectly safe.
Couple of thoughts in a "windows world"...
- as soon as your baby is born and put in the nursery with the other brand new babies... they would all be infected... where would you suggest we put the new baby right off the bat?
- have you ever dealt with Ted from Marketing? I've found that if Ted is high enough up and he can't play solitaire then the sh*t is going to hit the fan pretty dang fast!
- if a plumber, electrician, and carpenter told you that in the long run it would be a lot cheaper just to buy a new house instead of have them out every other day, wouldn't that make sense?
Of course I think Microsoft should be sued for some of the problems we have. I don't think everything in the EULA will hold up in court in every state. But it's not my decision.
Okay. How about those people who don't even run Windows and therefore have no part in the EULA? Their networks are being ground to a halt because of flaws in Microsoft software and their patching process, as infected machines attack them.
Analogy: car company X builds cars with defective brakes. You didn't buy that car. Your wife and children are driving home from shopping and someone driving X's car runs through a red light because he can't stop, and plows into the side of your wife and kids. Now, not that I'm overly litigious, but there's a time and place for companies to be held responsible for the damage caused by their poor products and designs.
Who do you sue? The guy driving the car with defective brakes, or the company that has a pattern of time and time again making defective products?
Fire and Meat. Yummy.
Capital punishment for anyone who hasn't already installed the windows update which closes the security hole and has been avaliable for sodding ages
Curiosity was framed. Ignorance killed the cat.
Let your employees run autoupdates and if one of them does break your machines, roll it back. Servers are a special case, because if you lose the TCP stack on your mail server it's much worse than if Ted from Marketing loses his.
Most corporate desktops are imaged from a standard install. They're clones of each other.
Therefore, if a patch breaks one of the desktops, it breaks them all. And pretty soon, I have 600 employees who can't work because all their computers are down.
All of which will remain down until either we massively roll-back the update (probably requires re-imaging each and every machine) or figure out a way to remotely deploy a fix for whatever the patch broke. Either way, 600 users are down for at least a day. Average salary in my organzation is $75,000 a year which translates to a daily loss of $180,000 - just in salaries.
That's the sort of scenario which results in getting fired.
Fire and Meat. Yummy.
That not me. Check the thread again; here.
If you pick on someone else's ignorance, do not get upset if the favor is returned.
Your rant at the end about viri/viruses/... is the same nit picking.
The distinction between process and tools is bedrock; it's the single most important part. Your comments ignored it; you yourself gave the dumbed down 'use a firewall'.
Specifically;
"Firewall not important!"
This;
Why bother with a cheap hardware firewall box for one machine unless you're talking about a home machine. (Isolate machines at the router and update from a trusted server that is read-only and exposed to the isolated segment only.) Home or corporate network, you've shot a degree of certianty by relying on a firewall to ensure security; "Firewall not important!"
I'll match your rant: As for things that I'm sick of one is being forced to deal with the apathy and 'it is good enough' attitude of people who are paid to know better.
A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
As for playing CDs, etc: NOT ON MY CLINICAL SYSTEMS. these are *most definitely* not standard desktop PCs.
what it boils down to is i know PRECISELY what is on my machines: from little rubber feet up - I've documented evidence down to precise driver levels and there is *nothing* on there that i haven't specifically placed there, INCLUDING NEW PATCHES that haven't been exhausively tested by me - seeing as it's my signature on those FDA documents...
i'm not sure what your last line meant: can't specifically disagree with it, but i'm not talking about any "certification program", i'm talking about regulatory compliance in a production system.
This explains why IIS is more commonly attacked than Apache, even though IIS is a minority webserver. Possibly even more important than numbers is how "attackable" a platform is and how "malware friendly" it is.
IIRC, the original IIS exploits came from a legacy ISAPI that was there by default... also, that followups where exploiting holes the originals had created...
I usually remove any unused ISAPI filters as one of the first things on an IIS machine, as well as bringing patches to current.
Desiging a worm which will "work" is sveral orders of magnitude easier with the homogeneous Windows population than the heterogeneous Linux population.
It's also easier to write gui software that will work on 99.99% of all windows 98 or higher installations without extensive tweaking, than it is to get running on even 50% of linux installations. Especially if sound is a requirement.
Michael J. Ryan - tracker1.info