Slashdot Mirror
Windows Users Fear Korgo Virus
An anonymous reader writes "A new virus is on the prowl that can infect your Windows XP/2K system and record every key you hit on your keyboard. The keys are then sent back to the virus creator where he/she can steal your passwords and credit card information. The virus named, Korgo, started showing up in the last week of May but it now has at least six different variants. To protect yourself from this nasty virus, Microsoft is urging all users to download the KB835732 Security Update. As with the Sasser worm, you'll get the Korgo virus without even knowing it. It does not arrive by email, but simply by being connected to a network or to the Internet without having a patched machine or a properly configured firewall."
Main details from top of SARC page: Happy cleaning.
The company that I work at pushed the KB835732 patch out to a few thousand machines. It caused some incompatability issue that cause Windows to blue screen with the error "Winsrv.dll missing or corrupt", its been a blast removing the patch through recovery console, especially walking remote users through it.
For those that have just come out from their rock, here is a removal tool for this latest worm
And IIRC, shouldn't any good (read: non-XP) firewall automatically be blocking these ports (or atleast 445) right out-of-the-box?
Hmmm.
"A new virus is on the prowl that can infect your Windows XP/2K system and record every key you hit on your keyboard. The keys are then sent back to the virus creator where he/she can steal your passwords and credit card information.
If it is sent back to the creator, wouldn't that make it easy to find the creator? It doesn't sound like the brightest idea.
Not everything is analogous to cars. Car analogies rarely work.
Symantec's Advisory. Listens on TCP ports 113, 2041, and 3067. 113 is identd, 2041 is interbase, 3067 seems invented. Firewall as appropriate.
Users who run Windows AND haven't installed a patch that's six weeks old? Talk about the bottom 5% of the internet. It's a shame this thing doesn't permanently sever their connection instead. :)
Blame Microsoft for Sasser, but blame yourself for this one.
I wish that, just once, a lot of people will get ripped off. The credit card companies will cover any losses (they have to by law), and people will actually realise that yes, keeping up to date with patches is a good idea.
I'm happy that I still run Win98SE when I reboot to play games. Too bad they will eventually stop supporting it with fixes for this sort of problem. When that happens I hope Linux game support (including Windows emulation) is much further along.
Every freaking day, an update
Puny humans fear Korgo...
Microsoft Security Bulletin MS04-011
Security Update for Microsoft Windows (835732)
Issued: April 13, 2004
Updated: May 4, 2004
Version: 1.3
The link was updated MAY 4, and this is June 4. Any reason it took a MONTH to figure it out???
If you "just get it" without having to run anything, it's a worm, not a virus. It's not complicated.
Though the listed viruses may be new, the actual update was released over a month ago and those of us here should already know better. This is the kind of "timely" information I get from Comcast support.
I believe that this virus is taking advantage of an exisitng exploit that microsoft patched a while ago, so its not really a new exploit.
The master would not approve.
Stop corporate
What's weird is that the infections are still climbing meaning that after almost 2 months (patch released on April 13) and a HUGE rash of infections from Sasser, there are some folks that have still refused to apply the Microsoft patch
I bet most of the those machines probably have pirated windows. I don't think Microsoft allows pirated users to patch their systems.
I for one salute our new script kiddie overlords.
After paying high prices for the software to begin with, we have to really work to keep it secure (as it's suppose to be advertised as).
It's too bad Microsoft doesn't pay us to do all this extra patching.
Let's not forget that most users (which wouldn't be reading /.) don't have any idea about this stuff. This confuse virus scanners with firewall, and think patching is something you do with clothes. So no, they don't really deserve it.
Like it or not, they want their PC to work like their television. As much as you or I don't like it, they are the people that are keeping Windows suppport folks employed.
I can't say how many times I've helped with someone's machine, and they've had multiple virus infections, spyware and general crap on their machine because they don't know any better. It's a fact of life that Microsoft is going to have to own up to if they want to stay on top. They raised the beast, now they need to teach it the rules.
It's 11PM, do you know where your pants are?
I read the post and immediately thought "oh gosh, here we go again" and went to MS windows update to update my workstation while I downloaded the patch. Then I realized that I'd already updated everyone here at the office back when the patch first came out.
Damn, I gotta rtfa *grin*
Seriously though, even though I check for new updates religously and try to keep all the users on my network up to date, I guess I'm still a little gun-shy.
The Digital Sorceress
The patch is six weeks old. At what point does it cease to be Microsoft's problem and become the PC owner's?
It is not Microsoft's responsibility to make sure you have installed the latest patches and are exercising proper precautions.
"Ask not what your country can do for you." --John F. Kennedy
Yes, they do. They prevented SP1 from installing on machines with blacklisted corporate keys, but Windows Update has always worked, and they recently announced that even those installs will be able to install SP2. It was covered on /. too.
The reasoning was it was better than having umpteen zillion unpatched boxes out there DDoS'ing their website.
I don't need no instructions to know how to rock!!!!
As much as I hate to say it, IMHO, they almost deserve it...
I help my father keep up to date with patches on his laptop. Last time he was here I ran Windows Update only to find that three patches REFUSED TO INSTALL. He was in a hurry so I couldn't start trying to track down the individual patches and see if downloading those would magically work better (why would they?!)
I've installed Tiny Personal Firewall (with a fix for the known exploit) and I hope that will be enough to shield him against the worms, which are much more critical than IE and/or Outlook exploits.
Fucking crap.
Belief is the currency of delusion.
is not slashdotted? They are running Windows Server 2003 with IIS and everyone here knows that is bad...
It is possible for a virus like this (though i doubt this one) to infect your user account in linux. It might even be possible for it to then capture your root password when you "su". I think you would have to run an infected program though.
Somebody that knows please let me know, as much as i would like to believe it, linux is not invulnerable to virii.
Burn Bright or Fade Away
Here I thought he was a villain.
Since only legal users of XP can install the updates, does this mean that all those people using illegal copies can't get the update?
Figuring so, a lot of people could get screwed.
Evolution or ID?
The sad thing is it's the same exploit.
Slashdot has just gone to the birds since we got all of these windows astroturf's hanging around here. Perhaps it is time that Slashdot implemented a ban on all posts unless it comes from some sort of unix system. Come on it is called /. for a reason, since when did this site become c:\
Got Code?
It's always Microsoft's problem.
I'd like to know, percentagewise, how many linux/bsd/unix boxes are out there with known security holes that have never been patched.
I mean, patching windows is easy, just clicking a button. Upgrading to the latest version of $APP on a unix machine usually isnt.
I don't need no instructions to know how to rock!!!!
It's even on /.
Just from the other day. Read it in reverse order. Keep hitting "parent".
Here
Windows can be made stable. But it takes very rigid control. The problem is that ANY change can break that stability. Even something as necessary as applying a patch for a known exploit.
Which is more important? Making a claim that you haven't rebooted your Windows box in the past 6 months or the claim that you're fully patched?
F-Secure Weblog says Korgo doesn'ts install a key logger by default, but that the "cracker team" uses Korgo's backdoor to do so. So, you wont necessarily have the key logger installed if you have any of the Korgo variants. At least, none up to this point...
When I first saw this I thought I read a virus named Torgo! It wobbles around, moves slowly, and takes care of your computer while you're away.
"he drew his sword Ringil that glittered like ice... and he wounded Morgoth with seven wounds..."
I don't understand the issue with CD licenses, Windows Update, and patches. If Windows Update does run properly... i.e., check the machine and report necessary updates, does this mean that my installation will find all these necessary hotfixes on its own?
My Windows installation is using a legitimate CD from our university, for educational use. Yet whenever I go to Windows Update, I see 0 critical updates (Win2K). Am I really up to date? In which case, none of these issues are really that new because I haven't installed any updates in a month.
Are the logged keystrokes of most of these viruses transmitted in the clear? If so, then couldn't one create a outbound traffic monitor that watched for certain key character strings (such as passwords, account numbers, etc.) and if the monitor see sensitive data strings in clear text, it would halt the transmission and alert the owner. This could also be used to halt snooping of files and directory structures -- just create a file with a monitor-prohibitted file name and contents.
As a side benefit, the system would also catch insecure site logins - seeing which websites are asking for unencrypted sensitive data such as passwords.
Two wrongs don't make a right, but three lefts do.
Just cache all your passwords and credit card info in your browser's form remembering thing.
Thank God I trust Internet Explorer enough to remember my bank password for me... now I don't have to worry about viruses that log my keystrokes!
It's easy for us to say that, we're computer users who (presumably) know what we're doing. But if one is to condemn non-patchers in that way - I assume you also change your oil every 3000 miles, go to the dentist every 6 months, floss daily, get an annual physical, clean the lint filter in your dryer after every load, eat 6 daily servings of vegetables, rotate your tires every 20,000 miles, have all your car's factory recalls done, change the air filters in your heater monthly, and perform all the other mindless routine maintenance you're supposed to do.
The bottom line is, no one on earth outside the most anal retentive person alive does all that stuff. Not doing any of them could have consequences, but people simply don't have time to do all this shit.
So yes, I do blame microsoft. One shouldn't have to constantly check symantec's web page just to keep your computer usable. Computers are appliances now. They should just work, dammit.
the master does not approve...
~jeff
Um, defintely not this one. This one, like the Sasser worm, exploits a buffer overflow problem in the LSASS service under Windows, which obviously has nothing to do with *nix.
*nix is not invulnerable, no, but from what I know, far less exploits are around because of quality coding.
[Just a friday nights thought]
Good thing I'm not dumb enough to type anything important of my own on a Windows box. I guess if I'm infected at work, they'll get the company's code, and if I'm infected at home, they'll found out that I like to cast "Magic Missile" in conjunction with "Flamestrike" when facing strong magic users to disrupt their concentration then hit them with a heavy blast while my warriors move in for the kill.
I'm sure that latter piece is exceptionally valuable information...
Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
on 99% of users there's no reason for the ports to be open and having services on them ripe for exploitation.
actually, if they advertise it as idiot proof and secure(even for idiots) it kind of becomes their problem.
world was created 5 seconds before this post as it is.
That's a good point. I su pretty frequently actually and type it in when I install software and change settings and such. The main difference preventing a virus like this affecting me are:
1. Such an exploit to get infected doesn't exist or hasn't been found on linux
2. Hardware firewall should stop it
3. I'd have to su to install it even if I did download it in an infected package. All though everything installed comes from source or rpms from mirror servers, so I trust them somewhat (more than kazaa on windows for that matter)
But you're very correct, linux is not immune to viruses, but it's architecture makes it less susceptible.
Re-dun-dant.
It is microsoft's problem to have a reasonably secure system on their first release. If there were a few less leaks in the software, maybe people will be more apt to patch it.
Nuttles
-Christian and proud of it
Korgo sounds so much better then sasser.
Not quite fear-of-god inducing, but whatever.
% emerge $APP
:)
that's not too hard.
It is not Microsoft's responsibility to make sure you have installed the latest patches and are exercising proper precautions.
/. people (esp folks who work in frontline tech support) would ease up on M$.
This is a red herring. It is their responsibility to manufacture a product that, if used by an average person, can be maintained by an average person. There is absolutely nothing intuitve about the Windows patching regimen. If they simply pulled themselves out of the cave on this one issue, many
Comparing it to Windows will be a moot point, since El Dorado is going to have a 40% larger code base than XP.
no but with all their cash they could make it a hell of a lot easier
not to sound like a troll but i probably do: cron-apt beats windows update every way as you don't even have to click yes.
I know public repo's are harder with proprietary soft but they could do it for windows and office but windowsupdate doesn't even offer office updates
Artists against online scams http://www.aa419.org/
Why doesn't someone come out with a virus that installs linux on you. then you wouldn't have to deal with the M$ B.S.!
How can we continue to believe in a just universe and freedom to eat crackers if we have no ale?
Mongo just a pawn in game of life.
Mod Karma -1: I sed bad wurds. If I cep my mouf shut, I wud be at riyses.
At 4:07EST my windows update did not show any updates that need to be installed. Where is everyone else getting their updates?
linux is not immune to viruses, but it's _____________ makes it less susceptible.
Substitute "lack of nerd points gained for cracking" or "obscurity" and you are spot on.
This is my opinion too.
It might be harder to write a virus for linux (arguably, i don't know) but it still has to be possible to check for no-pwd sudo or keylogging for su + password and stuff like that.
Even nothing prevents a spammy mailserver from running under a users account so at least it would work for a while
Also, phoning home and taking over the maching using known kernel bugs and stuff should work too as there are plenty of linux servers out there still running the stock kernel it came with.
Artists against online scams http://www.aa419.org/
The master will not be pleased...
Political correctness is the newest form of slavery.
Everyone keeps calling this a virus. Technically isn't this a trojan?
Abiit, excessit, evasit, erupit.
It started to be Microsoft's problem when they decided that all those ports should be open by default. I think it ceases to be Microsoft's problem when they release a fix that disables those ports by default, as it seems clear that they are not going to make those services secure. I'm still trying to figure out how to close port 135 in Windows XP, but my Windows 2000 has zero open ports listening (netstat -a). Port 135 can be closed in Windows 2000 by running dcomcnfg.exe and removing check from "Enable Distributed COM on this computer" -- I mean, how many computers really need DCOM support? Why this isn't off by default? Anyhow, other ports can be closed by disabling unneeded services that are started by default.
I'm still running my original W2K system without firewall with zero viruses this far; if I don't have any ports listening, the firewall wouldn't block anything anyway and if I made holes for the applications I want to run, the viruses could come through those holes so firewall wouldn't help in that case either.
As for the application security, I don't use MSIE or Outlook...
_________________________
Spelling and grammar mistakes left as an exercise for the reader.
You do realise that it's because of elitists like you that Slashdot gets trolled so heavily and righteously.
Please die.
So... We should have no problem finding this person???
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
I agree with the original poster. Waiting a week and a half is totally useless is a corporate environment. It's kind of silly to wait a week and half, as everyone is doing this more and more basically you wind up finding all the same problems a week and a half later.
You're assuming that someone out there in the world is going to install, test and have somewhat of a similiar environment to yours. In other words, you're hoping someone else will do the work for you.
I think a better rule of thumb is to have a testing mechanism where you can install the patch, test it and then release it for yourself. Like the original poster says, use the IT dept as guinea pigs or whatever.
Korgo in itself is not the problem, it is the backdoor that it installs. Korgo does not have a keylogger or anything else harmfull it. Through the backdoor the makers can download anything, including the keyloger that is stealing everyones bank info. Its all here: http://www.f-secure.com/weblog/
What a surprise it wasn't mentioned that this was patched months ago, right?
This vulnerability is the LSASS Buffer Overrun Vulnerability, already patched way back on April 13. Slashdot probably had at least two or three articles on it back then as well if you wanna do a search for "sasser."
If you haven't patched after two months, you're just the same as all those people who got hit with Blaster, which was also already patched beforehand. Linux distros issue security patches for their vulnerabilities weekly and nobody complains, but when Microsoft releases a patch, suddenly it's this huge issue to run a tiny executable that plugs security flaws, and then people bitch at Windows two months later when a virus comes out to exploit it...
Just saying. How can one criticize their security if they won't apply their security patches? Almost all major software is gonna require a patch eventually. I don't get this steadfast need to avoid patching Windows boxes while freely recompiling Linux kernels on a whim for production servers when a minor point release comes out.
"Sufferin' succotash."
It IS Microsofts problem that after infection the system has no defences and so goes on to infect other computers.
You need to seperate priviledges and not trust data from untrusted external sources.
of how to protect your computer ;)
All your keystrokes are belong to us!
Come on it is called /. for a reason, since when did this site become c:\
Actually, I thought the name came from URS:
"Aich Tee Tee Pee Colon Slash Slash Slashdot Dot Org".
Kind of comical, I think, was the reason, not anything UNIXy or so I was told.
Mod down people who tell people how to mod in their sigs
The virus named, Korgo, started showing up . . .
I highly recommend that the submitter (Anonymous User) immediately head over to his/her favorite online book retailer and purchase Eats, Shoots and Leaves.
---------------------------------------------
SERENITY NOW!!!!!!!!!!!!!!!!
I have to ask this question: Will these and other instavirii (such as the windows RPC worms) affect machines behind a router. I've been using a linux/iptables based firewall at home and work for some time - so far no problems at all with these virii. I'm assuming that most need a live IP to connect to, or failing that a file/webpage to infect from - and thus will not be able to infect NAT'ed connections.
Really, not everyone can make their own linux firewall (or switch to a linux-based OS), but I think that I've seen routers for as cheap as $50CAD. How many people out there are getting hit by these viruses, paying tons of $$$ for repair, but not installing a router?
Anyone out there been infected through a router (on machines that aren't in the DMZ etc)?
It's a fact of life that Microsoft is going to have to own up to if they want to stay on top. They raised the beast, now they need to teach it the rules.
Which is why the Windows Update configuration prompt absolutely will not go away until you tell it what you want Windows to do about Critical Updates. I've seen Slashdotters complain about how XP "nags" you about things when you first run it, but it's the smartest thing to do. And if you tell it not to download any patches or not even tell you about them...you know where the fault lies. One can rightfully criticize Microsoft for missing the flaw in their original software testing, but at some point, personal responsibility comes into play. This was patched way back on April 13th!
Installing security patches is just a fact of life for absolutely any major operating system, Linux included. Distros release security advisories all the time. This isn't a criticism of any specific company. You know where the real blame lies--on the mouthbreather morons who think it's cool to dick with people's computers to begin with.
"Sufferin' succotash."
Most people who have computers use them as one tool among many. They don't have to maintain their phone weekly or even monthly, or their hammers, or their sofas. Smoke alarms are supposed to be tested once a month, but who does that?
I have a lot of relatives who used to use computers but have mostly given up on them. What with spam, and viruses, and worms, and trojans, and spyware, I can't blame them. Unless they give you a whole lot in return, they're not worth the hassle.
Manos, The Hands of Fate: truly a great Mysting of a horrible, horrible film. And Torgo was, after all, a monster(?)
I dont ever check for updates! yes that's right i am insane.... or I just use MS's automatic update that I have scheduled to alert me whenever a critical patch is available, and it will download it and let me know when it's ready to install. On my machines that I am not always in front of I have automatic updates set to download and install automatically. Keeping up to date with patches with windows can be a simple set and forget thing.
Thank goodness you can download critical updates manually regardless of your key. *whew*
If you like using putty to access your computer remotely, keyloggers might be able to pick up your passwords this way. Time to think up new forms of security, *sigh*
"The patch is six weeks old. At what point does it cease to be Microsoft's problem and become the PC owner's?"
So you buy a $300 operating system, and it won't even run for 6 weeks without developing a security problem?
> 3067 seems invented
Am I the only person who tried to parse that as invente-d (ie a daemon called "invente")?
Media that can be recorded and distributed can be recorded and distributed.
-kfg
Some users may not have been able to take advantage of the patch issued in April because of problems it can cause. Users who find their computers infected by it are actually being advised to cancel their credit cards. Presumably, users who were unable to install the patch may have no choice.
Yes, and the 011 patch also killed about 5% of the machines it was installed on before the May 4 update. Now it only kills about 1%, or about 100 machines in our case. Not to mention the several apps it killed.
This sig is the express property of someone.
Oh, that's right, this place has a complete anti-Microsoft agenda, despite security holes buffer overruns in Linux distributions announced weekly.
For the past year, after our last round of MS Windows re-installs, I added a great firewll between our LAN and the Internet (Kerio WinRoute Pro) running solo on a retired dual Pentium server box. At the same time, we stopped installing all MS security patches. W2K and XP are now stable and re-installs are few, if any. At the same time, we do keep Norton anti-virus installed and up-to-date to catch those pesky e-mail pests. A friend suggested this approach to virus protection and it seems to work so far!
Careful though, this is an lsass exploit, it goes through port 445, not 135.
Even better is the fact that two PCs with identical hardware and configurations MIGHT react differently to the original patch so you can't use a safety PC and pre-test a roll-out. Grrr.
They make a patch
to fix a hole
which breaks something else
which requires you belong to a special club
that paid more than I did
and somehow knew they'd get better treatment (that wasn't clear in my "discount")
to get the NEXT fix
AFTER they said they'd patch even stolen copies of their product.
Where is my motivation to play by the rules, which I did and am screwed?
I'm thinking about it, therefore I might be.
"Oh what does the master approve?"
kor'go n. One reason US IT work will never be completely outsourced to the rest of the world.
see also: job security
I think his point is, if you are on an infected windows box and ssh or telnet into a *nix machine it will keylog the user name and password typed in for that session. Not that Korgo can infect *nix machines as well. . .
Platinum Networks Hosting www.platinum-networks.com
It's fixes all the way down!"
WTF is taco doing to destroy the formatting now?!!!
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
It's not that the people at Microsoft are making assumptions, it's just that they never thought of the problem in the first place. When buffer overrun exploits first came out, they concept probably never occured to the guys who wrote the OS.
"Okay, if we wait for an INT, and we get a 2MB file instead that writes over the software, then we might have a problem."
I realize that current exploits are more sophiticated than that, but the general idea is there - the folks writing the software simply didn't think of the problem. Further, there isn't enough time to test all the software perfectly. There never is for the public. If you want crash-proof or military grade software, you're going to have to run something really expensive. (I'm not going to pull a number out of my butt.)
Why doesn't Linux have the same vunerabilites? I guarantee that it does, but there aren't enough users to justify the expense, especially if you consider:
1. Linux users are more likely to understand the concepts of virus transmission and are thus more likely to discard suspicious emails and surf smart.
2. There are lots of XP home computers with broadband that never get turned off. Why come up with a new hack when you can use the one from last month?
---
ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
Unfortunately, I must keep certain ports open in order to run eMule properly. I guess I'll go download that patch now.
Please flee in terror in an orderly manner.
Yes Ms Client, we're safe from it.
Yes ma'am, I know we haven't patched your machines.
Yes ma'am, that's why we spent the $350 on that Snapgear box.
No ma'am, we don't need to update our anti-virus software just yet.
No ma'am, I took McAfee off because it wasn't stopping them fast enough. And it caused the machines to freeze anyway.
Yes ma'am, we're saving $69.00/year/machine now.
No ma'am, we dont need to update Outlook, it's catching them just fine by itself.
No ma'am, I won't charge you for this service call - I didn't have to do anything.
Yes ma'am, please recommend my firm to your colleages.
Use Evolution instead of Outlook? Bewa
This can really kick your ass.
Also - if/when you reboot the firewall, does it pass traffic before loading the firewall rules?
Yikes!
i'm attacking the darkness!
The only time I use the 2K side is for software only available to run on Windows. Most of that does not require internet access, so I unplug the network card. Hmm, nary a bug nor virus finds my system - pathched or not.
I was taking one day at a time, but then several days got together and ambushed me. (from a Rhymes with Orange comic)
And thats all I have to say about that...
"The keys are then sent back to the virus creator"
I've always wondered about this sort of thing... doesn't that make the creator pretty easy to catch?
"he drew his sword Ringil that glittered like ice... and he wounded Morgoth with seven wounds..."
While Linux does have a lot of security holes if you don't know how to use it, Windows is obviously a larger target to hit and to complain about, because it is the main operating system that people use.
The more popular you are, the larger a target you will be. If/when Linux does become a very high end,, and popular desktop OS, then it will come under a higher security inspection.
(that is, XP Professional Corporate, otherwise known as "Volume Licensed" and XP Professional Dumbass edition) is the product ID string in the i386/setupp.ini file on the CD.
That's the only file that's at all different between both editions. So just copy the CD to the HD, change the line in that file that reads
Pid=XXXXXYYY (where XXXXX is the first five digits, and YYY is the last three) to
PID=XXXXX270 (so we are keeping the first five digits, and changing the last 3 to "270")
Also, make sure to call the Volume Label "WXPVOL_EN".
Burn, insert, reboot. When you are asked to enter a product key, use any old XP volume license key you can find: from your employer (good idea) or that keygen util that's floating around (not a good idea unless you've paid for a copy of XP) or whatever.
Finish the install, and presto! No product activation.
Ever.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
It's AUTOMATIC. How much more intuitive does it get? Users simply don't care, as they can't make the mental connection between those updates (even though they are SECURITY UPDATES) and staying virus free
If you can't see the value in jet powered ants you should turn in your nerd card. - Dunbal (464142)
Keyboard Output Really Goes Out
Keys Outbound, Right Guys? OK!
Klearly Operators Remotely Grep Output
Korgo Often Reach Gigabit Outbound
Korgo Open Recursive Guideline Only
Keep Out Reeking Girls, Obviously
Klick Obligatory Reference Gingerly Online
Kontact:Olsen.Riley@Geek.Org
Kan't Open Right Game, Ollie!
Korba Orb::Remotely Granted Orb
Korgo Owner = Rotund Guy -> Ontario
Klean Off Rich Golden Ore
Krap! anOther vulneRbility Got nOticed!
- OrbNobz
My favorite:
-----------------
Kelly, help me name my worm.
Ok.
Right. How about "Wormy"?
Gah! Are you nuts?
Oh, nevermind. I see it now...
Now we can all talk about how our favorite operating system would NEVER have something like this happen! I love this site!
to embed the algorithm for generating email addresses into the virus. Use an internal PRNG seeded by the netblock to generate an email address based on a short set of words followed by a 2 digit number (to come up with things like billyballer99), at hotmail or wherever. Increment the seed for the PRNG a few times, generate more addresses. Email results to ALL addresses generated, perhaps at random intervals.
The pattern of addresses is random, but re-creatable per initial netblock. The virus writer could pick a target netblock, then register any of the possible email addresses. Then wait for the results to come in, then abandon the account.
The people analyzing the virus would have to disassemble the code to recreate the algorithm for picking addresses, which would slow the ability to identify a purpetrator: plus anyone who happens to lurk at the other end of one of the drops could be an "innocent bystander".
It's good if the virus accidentally emails real people with the stolen information because of the randomized algorithm. Creates plausible deniability.
(perhaps the word list and scheme is based on real email addresses scraped from the web)
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
"Like it or not, they want their PC to work like their television"
IBM and Microsoft are mainly to blame for starting the marketing line that PCs are just souped-up appliances ("Buy a computer as a Christmas gift!"). This is why people with barely any computer know-how buy them and end up frustrated or with a corrupted machine.
If PCs were designed with limited capabilities like a game console this wouldn't be as much of a problem, but then again PCs wouldn't be as useful.
It is by the juice of the coffee bean that thoughts acquire speed, the teeth acquire stains. The stains become a warning
So after encountering this problem I cannot, as a normal user with an OEM Product ID actually get the fix from Microsoft. I jumped through all their hoops (Contact Microsoft, get a .NET Passport, etc.) but since the letters OEM are in my Product ID I'm screwed.
Microsoft have been doing this kind of thing for years. Being selective about what patches they make easily available. I'm not sure the fixed version of MSNP32.DLL for 9x ever make it onto Windows Update...
... but rather embrace and extend.
my last sig was too controversial... now, a new and improved useless sig!
When the patches can be trusted to not break other stuff.
Help stamp out iliturcy.
Not always true
I'm having a similar problem on my gaming machine where it says that two updates were applied, but each time I go to windows update, the same two are there again. What disgusts me even more is that they are for Internet Exploder and Outlook Express, two programs that I abhor and avoid like the plague. I messed with the permissions so that nobody on my computer can access outlook, but the patch details claim that one is vulnerable even if you don't use IE or Outlook.
I don't see why people can whine about not being able to patch productions, and them being vulnerable, when they don't bother to turn off unnecessary ports dedicated to unnecessary services, and especially don't turn off those unnecessary services. You can turn off services while a machine is running, and if they're not necessary, nothing bad should happen to the machine.
As far as the "new computer" question goes, duh, don't connect it to the internet until you turn off the services and ports, and then put it behind a firewall, if you have one. I can see how a newbie buying a machine from WalMart or Best Buy might not know this, but people here shouldn't resort to the same complaints. This goes for ANY operating system you install on any platform, of course, not just x86 MS Windows.
Get off my launchpad!
The log will be all ctrl this and ctrl that!!! Bring it on!
Huh?
Don't count on the router to stop the worm. I run a Linksys at home. When Naichi came out, I didn't patch my computers smug that I would block the worm at the router. WRONG! I got hammered.
Ducking Fuh.
-- RLJ
It was pretty easy to see from the story that a patch existed and by following the links that it was the same fix as for sasser...
If you haven't patched after two months, you're just the same as all those people who got hit with Blaster, which was also already patched beforehand.
You mean the same as my parents, who until after the Sasser outbreak still had dial-up that refused to connect at 28.8K and found the experience of endlessly downloading patches at a snails pace frustrating at best and impossible at worst? Or like my sister, who bought a new machine with XP factory-installed without the patch released mere days before she purchased the PC and had her computer explioted by the virus literally WITHIN FIVE MINUTES of connecting it to her cable internet?
So many of us slashdot nerds (not to mention Microsoft employees) forget that not everyone has high-speed Internet and is so tech-savvy that they know to plug certain holes, stop certain services, install a firewall and whatever before even going on-line. Nor are there a lot of people willing to put up with all that crap just so they can compute safely.
Linux distros issue security patches for their vulnerabilities weekly and nobody complains, but when Microsoft releases a patch, suddenly it's this huge issue to run a tiny executable that plugs security flaws, and then people bitch at Windows two months later when a virus comes out to exploit it...
Do you even READ the "Linux" advisories? How often do they involve the kernel or critical system components? I see lots of stuff for mail servers, web servers, window managers and so on but nothing for the kernel, filesystem, anything in binutils. Also, how many are remote system vulnerabilities (that is, a person without physical access to the console can obtain root access)? Quite often the risk is limited because full root access is not possible or you require console access, or you have to be running an oddball setup, or exploiting the vulnerability takes some skill.
Contrast with Windows. Blaster and Welchia exploited a DCOM vulnerability with a core component of the OS. Sasser the same thing a few months later. Now this one. All of them could infect a vulnerable PC merely by having them connected to the internet and having a complete moron run set it free to scan the world.
And it's a big deal because it's a PAIN IN THE ASS...it's not like Microsoft runs TV Public service announcements all over the world every time a patch is released, or to educate the uninformed on the importance of running windows update regularly. Oh and by the way, the "tiny executables" can take over an hour just to download one over dialup on a noisy country telephone line. Oh yeah, IT people get a little pissed off when they have come in on a weekend to patch a critical application server because the "tiny little executable" often requires a reboot and subsequent disruption in service. Not so with almost all the "Linux" patches.
How can one criticize their security if they won't apply their security patches? Almost all major software is gonna require a patch eventually.
Easy. I just did above. And yes, software will never be perfect, but eventually shouldn't mean the SAME issues coming up MONTH after MONTH, with new bugs found every time, and fixes for old bugs breaking other things. It's a damn good thing MS and other software vendors don't make a lot of other products. Could you imagine...
*Having to wait in line every month to perform an "engine update" on your car?
*Burning your potroast because a script-kiddie hacked into your oven and set the temperature to 500 degrees?
*Having to mop up the bathroom because your toilet experienced a "buffer overflow" yet again?
*Missing the playoff winning goal because your TV was infested with malware that decided this was the perfect time to launch into an ad for an animal-porn reality TV series?
Somehow, users seem to have the blame pinned on t
Routers won't help with email-borne issues. It will only stop a remote-connect worm from getting through.
I have something in common with Stephen Hawking...
It is their responsibility to manufacture a product that, if used by an average person, can be maintained by an average person.
I assume you apply this same standard to Linux installations as well?
How about the people you ran over on the street with your stolen car that caught fire ? Who is responsible for their loss? Who should be?
There's something called englightened self-interest you know. Help others to help yourself - even if the other guy has stolen from you. Someday he may have a change of heart and buy from you. If you have enough cash maybe you can afford to do this. Micro$oft has enough cash.
Science as a way of life.
I thought they were talking about an out of work web administrator named Torg.
I have something in common with Stephen Hawking...
so once i overcame the dreaded learning curve of running *nix (now debian/sid doesn't scare me too much, jeeze, i can roll my own kernel from source, currently my desktop is running 2.6.6), everything i learn is stuff i can use. it made more sense to me than to learn something i can use than to constantly reglaze windows. i have no virus or worm worries to speak of with my debian/sid OS. free speech is good, free beer is better as long as it's good quality.
Serenity now, insanity later.
Good of you to propagate this idea, except it doesn't hold water. May I draw your attention to the Apache web server vs. IIS.
Windows is indeed a larger target, but the fact that Windows gets hit more often is its the easier of the two, virus writers are just like the rest of us, lazy. These flaws in Linux differ from those in Windows in that its so much easer to exploit the Windows ones.
Windows has a larger attack area, but whomever is the first to successfully attack and damage Linux in the same way is going to go down in history, whereas who cares about who writes these, there's no skill involved.
"I use a Mac because I'm just better than you are."
So use a corporate key, not the "WIN XP VALID KEY LOL HAX0R.txt" you found on Kazaa...
I've been using pirated win XP for two years with no hassle. In fact, I've generated keys for friends/family many times, all of which have also had no problems whatsoever.
They seem to code better and faster than Microsofts own people. Plus they know something about security, which seems to be lacking in Redmond.
If SP2 does not fix these holes like Microsoft claims it will then they should be libel for the money that business lose due to badly written software. Microsoft needs to change the way it updates its software. Instead of releasing a service pack and charging for it when it does come out they should step to releases every month or two, like the way OS X does.
As a matter of fact Microsoft seems to be in the same state Apple was in before Jobs came back. Lost and clueless developing products that they were not good at and had a directionless system software development. This far into WindowsXP MS should have had nearly all of the framework for longhorn laid out and most of the coding done, yet we hear of announced features being dropped because it won't meet their deadline which is two years off. Something is wrong in Redmond and now is the time for Linux and OS X take advantage of it, if they don't do it now they may not have another chance. Unless of course longhorn is the worst mistake they have ever made.
"Windows Users Fear Korgo Virus" screams the headline, reading not so much like news as just another WindowsXP sales pitch. Yes, it's true -- Windows users DO fear the Korgo virus, while the insignificant and ostracized Mac and Linux users of the world are left, yet again, fearing only the sheer and utter BOREDOM of not having any viruses or trojans to fix due to their curious choice of OS. In the area of viruses, trojans, and worms, Linux and the Mac really do stand out as being "second class citizens", trapped in a virus-free ghetto with no salvation in sight. The discrepancy is so obvious, the ultra-competitive Microsoft doesn't even feel the need to buy themselves an Official Gartner Group Research Study to prove that Windows is light-years ahead in this area. Even the most staunch Linux or Mac advocate is forced to admit it -- off the record, of course. Virus writers, known to be excellent coders who take pride in their tight, bugfree code, have overwhelmingly standardized on Microsoft Windows as their targeted system of choice in the deployment of their ongoing suite of virus applications.
And it doesn't look like the situation is going to get better any time soon.
One bearded Linux coder, who refused to be identified publicly, confessed "we just don't have the selection -- or quality -- of viruses on our platform that is available to Windows users free of charge. And it's tearing us up inside knowing that the battle is over, and Microsoft has clearly won." Similarly, a guy with an Apple logo shaved into the back of his head admitted the following once we turned off the cameras. "I don't mean to break ranks and insult our software selection," he whispered furtively, "but usually if we DO manage to get a virus that will even install on OS X, it's not that great, and we're left... disappointed, realizing that if we had simply stuck with the unwashed smelly masses, we too could be enjoying a daily barrage of free software delighting us by installing itself on our computers as a surprise gift. Instead, I'm stuck with the weak consolation prize of 40 Academy Awards for my work on Lord Of The Rings. But it's not the same. No amount of awards or million dollar paycheques can heal the feelings of neglect or massive abandonment issues this whole thing has given me."
"Is this the reason so many people choose Windows?", his innocent young son, Moof, asked me, looking like the kid off the Dave software box.
"What do you think, little one? Look at the Windows dominance in the virus field, then look at the marketshare of Windows. That ain't no coincidence, Moof. The other guys just can't keep up with the Microsoft Juggernaut. Microsoft is fighting hard to keep themselves Number One, just like the Titanic was the biggest and bestest ship, or the Hindenberg was the coolest and most flammable Zeppelin, or the dinosaurs were the toughest animals ever. How do you compete with that?"
=============
Yes, sitting here at my desk 16 hours later, WindowsXP Restore Disks in hand, I can't help but let a little smile shine across my face. Those poor fools, I think, using a non-Microsoft OS really does take away most of the joy of computing and replaces it with all that productivity and recreation crap. And where's the challenge in that?
Please insert Microsoft Windows XP Restore Disk 2
Ahhh, I sigh contentedly. It's gonna be a long night.
I'm not normally an irrational zealous dickhead, but I figure "When in Rome..."
For this reason: in all the panic over the Sasser virus, I'm sure most Windows 2000 and Windows XP users upgraded with the patch mentioned in Microsoft's KB835732 advisory. Given that Korgo is essentially a Sasser variant, this virus will probably peter out in less than a week. :-)
Everyone is always talking about blue screening but I have had an XP Pro box for more then 3 years. I HAVE NOT SEEN A BLUE SCREEN DURING THESE PAST THREE YEARS!!! I build and repair many of my neighbors computers constantly and have never seen an XP box BSOD. The reason I don't see them is simple...Windows XP does not blue screen like the Win9X used to do. Simple as that. People are keeping this alive for as long as possible just to have a reason to make fun of Microsoft. Please just give it a rest!
Creative Demolition
I know we're supposed to be bashing windows, but let's not get carried away.
Why not? Well, because as a windows user who enables automatic updates, (they're automatic, go figure) I was never vulnerable to this "virus". The patch was released April 13, my computer updated itself around then, and this virus, according to the article came out at the "end of May".
No Windows user is "fearing this virus"! They've either kept their PC up to date, or they're too ignorant to know about this threat. Either way, they're not in fear.
Perhaps we as a techno-centric crowd need to be placing blame more on idiotic/useless users instead of the OS? (although, I admit Windows is far less than adequate in the security department)
We wouldn't blame GM when a you leave your car door unlocked, and we don't say that the car should be made to lock the doors by default, so why should we insist that users are somehow exempt from performing the tasks required to keep their PC secure? Maybe if more of them were forced to do so, they would be more inclined to switch their OS to something that required a lot less of their precious time!
This FUD is like blaming an exploit on the kernal instead of the retard surfing as root.
Practice safe computing. That means different things on different platforms.
That means not running as root in *nix, and keeping your PC as updated as possible in Windows.
"The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
Is it not Microsoft's responsibility to make non-exploitable software in the first place, or did the money you spent on Windows with your computer not include that?
Eurohacker European paranoia, gun rights, and h
So what you're proposing, and please, correct me if I am mistaken, is that one should gather all one's sensitive pieces of data: credit card numbers, passwords, and the like, and compile them all into a plaintext set of firewall or IDS rules? Where would one store this treasure trove of sensitive information, conveniently gathered into one place for ease of use? Perhaps I have missed a critical component of your plan, which I'm sure isn't nearly as patently insane as it sounds.
Your point is a very good one. Each "security" feature adds another potential weakness to a system - witness the Witty worm for a recent example of new vulnerabilities created by security.
You are right about leaving critical data in plain text. The system would use a hashing system that compares hashed key values to a hash of running network data stream. The hash would be coded off a password and use a suitable one-way hash function that does not allow knowledge of the password to permit unhashing of the stored key values (think public key crypto).
Also, those with double-layer tin-foil hats might only enter partial substrings from key account numbers, passwords, etc. (e.g. the last 8 digits of a social security number). One could even create a simple non-useful code string such as "this string should never appear in outgoing network data" -- typing this in occassionally would catch the send activities of keyboard loggers. Innocuous, but unique strings could also be used inside files or in filenames to detect directory and file snooping.
Does the idea still sound insane?
Two wrongs don't make a right, but three lefts do.
1) "/." is rather redundant, that would resolve to something like "//home/foo" instead of "/home/foo" like "." would
2) Not everyone is obligated to run unix. For me, being able to run unix would be a luxury. But I am a student and I am required to run windows software. The support for linux is just not quite there. If you want more people to use linux, support the WINE project, not try to convert people. Most people don't want unix. Let's be honest, it's not as clean a solution for the desktop as Windows is.
>>the 011 patch also killed about 5% of the machines it was installed on before the May 4 update
Where'd you get that number
Even if you only have one computer to connect to the Internet, the little Broadband Router/Firewall boxes provide protection from nasties, particularly during the "patch after install" process. Linksys, SMC, 3Com, Netgear, hell, even a Microsoft branded one will do.
I know that they aren't perfect, but they work pretty much out of the box and will hold you until you get a real (Linux/FreeBSD/OpenBSD) firewall box going.
Just don't get a wireless one if you don't need it. Wireless access provides a "backdoor" into your network that is frankly as ugly as the backdoor of the Goatsex guy. If you must do wireless through one of these puppies run MAC authentication and WEP...again, not infallable but since there are so many wide-open 802.11b systems out there if you throw on those two precautions wardrivers/walkers will go elsewhere to l33ch bandwidth.
Knowledge is power. Knowledge shared is power multiplied.
Good of you to propagate this idea, except it doesn't hold water. May I draw your attention to the Apache web server vs. IIS.
This is most likely a specious argument. Apache runs on a wide variety of platforms. Malicious code that runs on a Sparc system will not run on a x86 system. Nor will it run on a MIPS system. Keep repeating for every platform Apache runs on. Also there's two major code paths for Apache. A vulnerability may exist in one version but not the other. Then there's the myraid of different operating systems it runs on. Taking that one step further there's a myraid of different distributions that contain a myraid of different versions. It quickly becomes clear that while Apache may out number IIS by a significant margin that doesn't mean that one specific version (i.e. platform, OS, and version) out numbers the single version (i.e. IIS on Windows 2000) of IIS.
In order for your argument to be valid one single version of Apache would have to out number IIS. Can you demonstrate this?
no security updates, but norton antivirus on my pc and zonealarm on the legal and updated pc that connects me to the internet. am i safe from evils?
Like a maker of questionable vaccines, you're going to have some casualties. :P
Solid numbers, unfortunately no, but we can draw some conclusions. That harbinger of doom Netcraft, in the May 2004 internet survey has 33,892,817 sites running Apache, 67% of surveyed sites, with IIS at 10,858,168, or 21%. If we assume that the Apache sites are nicely split between Apache 1 and 2, thats still 33.5% for each putting both ahead of IIS, which also assumes that there is only one version of IIS deployed, which would be incorrect since 2k has IIS 5 and 2003 IIS 6. Now from what I've heard, Apache 2 is probably deployed less then 1, but either way you slice it, Apache has more sites then any single version of IIS.
Now while an exploit that runs on Sparc wont run on MIPS or x86, the flaw itself is there, and thanks to cross compilers, it wouldn't be much of a problem to recompile a tool to take advantage of any problem.
"I use a Mac because I'm just better than you are."
well i guess i should be sitting in a corner red of shame. but i have to admit i had it.
if you want you can yell at me for being an idiot that doesnt patch his system.
but if i remeber corectly instaling the patch was the first thing i did.
for some reason i must have unpatched it some how when i use winxplite.
posible i dunno. i gues some of you would be able to give me a valid aswer to that.
ok wierd situation, for some reason my school doesnt alow us to run anykind of firewall (no realy, if we use one we cant get on to the network) so you can guess it's a realy foul place , some 1000 or so students conecting and disconecting their laptops all the time.
i tend not to use the network when i can but i had to becauze of exams. anyway first day all things were good and calm notting out of the ordenary happening to my system as far as i can tell(du-meter being first line monitoring tool)
the next day i had a constant upload rate of 1.5k when i was doing nothing.
i'm running kasperspy on my system and it said all things were OK still i chose to close all procceses that arnt absolutly necesary for running windows and for some reason it stoped.
after a reboot it started all over again. a netstat revealed that when i opened up IE an ftp server at base.dana.nl or something like that was connected a few minutes later hell broke lose and i was connecting to every MS box on the plannet or so it seemed on that limited amount of bandwith. (i hope that limited the damage somewhat 1.5k up isnt all that much)
so far i didnt notice anything odd happening to acounts i have(prolly becauze nothing usefull/intresting is done on my laptop except for school work).
anyway i killed of all procceses i didnot recognise again net conecting crap stopped
i installed norton managed to get some updates. prolly becauze other infected machienes in my dorm were shut down during the night. had it scan my system and it found and killed korgo.
a guy in my dorm wasnt all that lucky some of his passwords were stolen and coments on private boards were posted in his name.
and yes if your intresed at home i'm in the procces of moving all my stuff to linux. i installed fedora c1 a littel while ago and i'm quite happy with it.
school and laptop are a difrent thing since school is euhm wel sponsored by microsoft
The name came from an old sci fi story. Korgo's heart. Its a story about an ex space navy captain. Who burned colony after colony. A quote from that story has always stuck with me. It is better to burn a city than to curse the darkness. Hmm this makes me very curious as to who wrote this. Somebody older than 18 for once. Unless I am missing the origin of this viruses name completely. (or this is what symantec named it and not from some part of its source code)
Panel F, Relay #70
Good idea but IIRC the software fw was not until XP.
Do you use Ximian instead of Outlook? Beware. [vmyths.com]
Okay, maybe I'm just slow today. Ximian isn't mentioned in the linked article, so your point is . . . ?
It is not Microsoft's responsibility to make sure you have installed the latest patches and are exercising proper precautions.
Exactly, you don't contact Trojan when things go wrong do you? At a certain point you have to take responsibility (fat chance in the American society I know).
this nation, under God, shall have a new birth of freedom. -- Lincoln, Gettysburg Address
Anyone else misled by the headline "Windows Users Fear Korgo Virus"?
At first I thought, "Oh, this must be some law that penalizes people who get infected, because their PC is promiscious." Or it was some kind of educational campaign to get people to buy a firewall or router.
I mean, Windows users fearing a virus?? Isn't that a sea change.
Most people who fear viruses and worms are the techies and help desk folks... who have to clean up after the fear-less.
I run RH 9 and FreeBSD 4.9. I looked at the list on the front page, and none of the issues put me at risk.
There are two reasons a person can be unaffected by the vulnerability if they don't patch. One is they don't have or run the affected software. Gnome users that never use KDE aren't impacted by KDE runtime vulnerabilities. The other is that their network is protected enough to render the vulnerability useless (firewall, local IP security, chroot, NAT, etc.)
The only vulnerability I've seen announced this year that I've had any concern about was the CVS one. Fortunately, though, I have yet to open up my firewall for outside access to CVS. When I do, I plan to use SSH, in which case the vulnerability wouldn't have impacted me. Thus, so far in 2004 between the two operating systems I have had no true vulnerabilities.
Sure, you could say the version of MySQL I'm running has the symlink vulnerability. But, if an attacker can't get local non-chroot'd shell access, then what relevance is a symlink vulnerability?
Contrast it to Korgo and Sasser, which hit Windows ports that are opened by default. I can't tell you how many times I see ports 135 and 445 in my daily logs of packet rejections. Plus, the infecting the processess using those ports gives the attack complete control of the sytem.
Windows is plauged by REMOTE vulnerabilities to MICROSOFT software. Linux distrubutions mostly have LOCAL vulnerabilities with the independent APPLICATIONS that are packaged with them, not the operating system itself. Most of these vulnerabilities require LOCAL access and most of this software runs on Windows as well (e.g., Apache), so the vulnerability usually applies to both operating systems, but appears on the linux security alerts simply because they are one of the thousands of optional programs being included on the FOSS CDs. You have to download Apache if you have Windows because Microsoft is not going to include it, and Microsoft isn't going to send you a patch for it, or even post an Errata, just because you are running it on Windows.
I've also administered Windows servers for many years, using Windows 3.1, Workgroups, NT 3.5/4.0, 2000 and XP, and used just about all their software, including Visual Studio, InterDev, IIS, and COM/DCOM. I still run 2000 and XP in addition to RH 9 and FreeBSD. I've developed my opinion from experience securing production servers in both Windows and Linux, as have other people posting on /.
Open Standards Portal
"The keys are then sent back to the virus creator ..."
I know I got infected when my keyboard has few/no keys left then, huh?
They will just invent a better idiot.
If we assume that the Apache sites are nicely split between Apache 1 and 2, thats still 33.5% for each putting both ahead of IIS, which also assumes that there is only one version of IIS deployed, which would be incorrect since 2k has IIS 5 and 2003 IIS 6.
I'm not aware of any vulnerability in IIS 6. Can you point me to one?
Now from what I've heard, Apache 2 is probably deployed less then 1, but either way you slice it, Apache has more sites then any single version of IIS.
Keep going with the slicing and dicing. All you've done is made the distrinction between two major versions of Apache. There's many versions within each major release. For example there's versions: 1.3.11, 1.3.12, 1.3.14, 1.3.17, 1.3.19, 1.3.20, 1.3.22, 1.3.23, 1.3.26, 1.3.27, 1.3.28, 1.3.29, and 1.3.31. That's 13 different versions of Apache in just the 1 fork. And only versions available in or after 2000. For the 2 fork we have: 2.0a1, 2.0a2, 2.0a3, 2.0a4, 2.0a5, 2.0a6, 2.0a7, 2.0a8, 2.0a9, 2.0.35, 2.0.36, 2.0.39, 2.0.40, 2.0.42, 2.0.43, 2.0.44, 2.0.45, 2.0.46, 2.0.47, 2.0.48, and 2.0.49. That's 21 unique versions of Apache in the 2 fork...excluding alpha/beta releases.
Now one can argue that some of those old versions are few and far between. But the sheer number, 34, of different versions means that if we were to assume you're 50-50 split above and then assume equal weighting for the remaining (not that I would recommended it but bear with me) then at most any version in the 1 fork would have only 3.35% of the market. And any one version in the 2 fork would have a maximum of 2.39% of the market. One has to ask: When was a flaw introduced? When was a flaw corrected?
But then one has to factor in the different platforms that Apache runs on. Cross compilers can generate different binaries for different platforms. They are not used to make a single binary that can run on every platform. Even if someone took the time to compile a version for the most significant platforms the spread of the malicious code would be hindered by the mere fact that it cannot run on a different platform for which it was compiled.
Barring that there's the myraid of different distributions. RedHat 9.0 may have patched their Apache version 1.3.28 while version 8.0 was not. Redhat is known to use the same version with extended version numbering. Lather, rise, repeat for any number of different distributions and you can see that the "Apache outnumbers IIS" is most likely specious.
Seriously? What apps did it kill for you?
Please don't say Great Plains...
Please don't say Great Plains...
Please don't say Great Plains...
Another example of a patch to fix a patch. Silly Bill, when will he figure it out?
[Fuck Beta]
o0t!
Only if you compare those two in a vacuum - ie: forget every other machine out there that *isn't* running Apache or IIS - which is, at best, disingenuous.
Windows has a larger attack area, but whomever is the first to successfully attack and damage Linux in the same way [...]
There's been no shortage of buffer-overflow style attacks against Linux. The difference is a) there's far fewer machines out there to target and b) the users of those machines are far more likely to either have taken preventative measures or know how to identify and fix exploited machines.
Windows machines are inherently more likely to be targeted because a) there's so many more of them and b) most of the people using them have no idea how to take preventative or reperative action.
This sounds just like the treatment I get for SQL Server 2000. I have it installed on Win2k3 EE and patched to SP3. That's fine and dandy. Installing SQL Reporting services requires you to install an update to SQL Server 2000, which subsequently breaks a lot of the features in SQL Server Enterprise Manager, including being able to modify a table design. Quite useful for a development box. Anyway, the patch that mentions the fix to the exact error I am getting is only available if you contact MS about it. They might even waive the support charge too. This is totally rediculous.
LOAD ".SIG"
PRESS PLAY ON TAPE
Unfortunately, it is us who should fear these idiot windows users who launch everything they get without thought. Viruses are a social issue, and always have been.
As one that must manage both Windows boxes and Linux ones I regularly patch both as needed, The problem with Windows is that vast herd of numnuts that are too stupid, ignorant and or lazy, to patch the Windows boxes they sit in front of every evening as they surf porn and IM chat. Also windows boxes are a pain to patch. Reboot, Reboot, Reboot. I can patch my server via a SSH connection and never have to even see the box and do all the patches in one pass. It is rare thing to be able to do that on a windows box. Add the fact that I've got only a handful of linux units vs. a large number of Windows clients and it gets to be a major hassle to upgrade and patch 'em.
Slashdot, home of supporters of free software, free music, and free speech.Except for Moderators that disagree with you.
I thought everybody on slashdot would know about HTTPS being on port 443. Oh well, mod parent down, and the other reply by JamesTRexx up please.
Say what ? One of the first things XP does after installation is pop up a message asking to enable automatic updates. There's a link to the Windows Update web site in the top level of the Start Menu by default. There's a specific *menu item* in the Tools menu of Internet Explorer.
How much more intuitive can it get ?
The poster's point was that Apache is MUCH MORE POPULAR that IIS, yet is less attacked than IIS. So it's not just popularity - Microsoft really are writing insecure code (and there is circumstantial evidence they do that deliberately anyway to let the NSA in.)
Microsoft Baseline Security Analyzer
...to resort to this.
With my program CF13 rendering malware harmless for my inbox, I use Agnitum's Outpost Firewall to keep malware out of my system at the protocol level.
The next step down for the scammers/spammers is to compromise popular software firewall programs by any means necessary!
I urge you all now to create a 'system rescue CD-R' with the installation file of a known good copy of your favorite software firewall program and store it in a safe place in case you need it.
Those that can afford it will simply use a hardware-based firewall device.
Most of the world is using an insecure OS that's so fucking insecure out of the box that you can't even connect to the internet to patch it in the first five minutes. For some reason, people accept this, and some people say things like "oh gee you should have known better than to plug into the internet to patch your machine.
It is NOT OK for this kindof shit to go on.
What is a patch? How does the tcpip port system work?
Once I figure that out, I then ask Why in God's name, on a desktop machine, used for email, browsing and word processing, are any ports open at all? I don't want to receive anything that I haven't initiated.
This is not the users problem, other than having to suffer the consequences. This is pure unadulterated incompetence on the part of Microsoft. How dare they expose any services that they haven't done a serious and 3rd party security audit. How dare they expose any that the user doesn't explicitly set up?
I use linux, run various servers on my machine, ssh, apache, etc. I know what I'm up against, and know what I need to do to maintain a secure environment. But for simple desktop use?
Patching is fine, but to fix things that other OS's have learned and fixed YEARS before is utter trash.
Derek
I installed that MS patch and had A hard time getting my machine to boot.Downloaders beware.
Crisis is the rule, not the exception.
Like this one?
Update as usual next time I actually boot into a Windows partition.
-1 Overrated (Too many big words for me to comprehend)
just use the remote exploit to patch everyones computer?? problem solved ;)
Maybe this has been asked before, but what idiot at Microsoft decided to remove Windows Update from the default Start Menu in XP? You have to go to the help center to find it. That is at least one reason why so many simple PC users don't update.
It quickly becomes clear that while Apache may out number IIS by a significant margin that doesn't mean that one specific version (i.e. platform, OS, and version) out numbers the single version (i.e. IIS on Windows 2000) of IIS.
hrm, that's a good point. so basically MS's focus on "Windows Everywhere" (is that still their slogan?) and the work they put in to ensure the 2k, XP, 2003 are essentially the "same platform" code-wise is their achilles heel?
There exists a little (well, at ~270 MB, not really little :) program called AutopatcherXP.
The URL is www.autopatcher.com.
While I cannot vouch for its integrity, it may be worth a look (I'm about 50 MB from finishing; damn 56k modem).
Just a thought.
Cheerz,
Jason
THSsMCHshrtrTHN160chrs -- And I don't even like to SMS!
At what point does it cease to be Microsoft's problem and become the PC owner's?
At the point where PC owner's money return to his pocket.
What's in a sig?
What's in a sig?
has anyone looked at what this patch does? at 2megs it seems a little large, makes me scared it's gonna phone microsoft or something.
it's been one big disaster with MS tryig to
... ...
... but any OS
implement tcp/ip correctely since win95 was
released and continued with NT etc.
doing OS stuff thru TCP/IP or any network
protocol is a BAD THING. i assume, that having
the OS talking back at itself thru a network
protocoll is easier to implment/program then to
have a really internal OS protocol, that cannot
leave thru the network card (or vise-versa)
soo
read the "RTFM" on ms site and the "cool"
exploits are does that have a "none" entry
in "workaround" since i've been "working around"
since the first day using XP.
the one exploit/flaw i would like to point out,
is the help/support workaround to disable so
phony ms-help url thingy called "HCP" which
breaks (might break?), quote
"Unregistering the HCP protocol will break all
local, legitimate help links that use hcp://.
For example, links in Control Panel may no
longer work"
best thing to do, is disable everything and
starting to enable, if something doesn't work.
yeah and keep does portscans going!!! yeah, you
evil script kiddy too!
please stop using HTML/XML stuff for the windows
GUI! and stop using tcp/ip in the OS.
i don't have a good analogy
should be able to run ANY network protocol;
just becauser the world has gone mad and "all and
everything(TM)" is using TCP/IP doesn't mean we
have to put that "garbage" into a ALWAYS stand-
alone computer OS paradigma!!!
blocking at the firewill will still generate
useless network traffic, so it is a kludge not
a solution!
if you need file- and printsharing install a
non routable protocoll like NetBEUI.
I use Linux, FreeBSD and OpenBSD, and none of the published security problems have had any direct relevance to my systems either, although I do apply the patches, but mainly on the supposition that if errors are corrected the system will be more reliable, not just because of the security aspect.
There will be successful attacks on Linux etc, but it will generally need a combination of several factors (such as doing something as root without good cause, plus misconfiguring something else..) for them to be able to do any real harm.
*nix systems are usually secure by default, you have to actually turn on services that open ports (not true of every distro, but most are getting better), whereas even now, Windoze seems to default to having every service running and every port open, the occasional patch to restrict something is not the way to do it, rather they should start with a closed system out of the box. But, when you see what breaks when you close down some apparently irrelevant services, you see that Windoze services are a complete mess of commingled code, which is where the problem begins.
I bet he divided the number of failed machines by the total number of machines and multiplied by 100. Just a hunch, but I bet you 20-1 on that his 5% is accurate.
Korgo and Vor-em
Really bad frick'in news for those of us in China paying $.12/megabyte for international traffic at the foreigner's dormitory... So what in the hell am I supposed to do ? I guess staying offline is the only safe way... I sure as hell can't afford to update my fresh XP install to have all the patches.
There's been no shortage of buffer-overflow style attacks against Linux. The difference is a) there's far fewer machines out there to target and b) the users of those machines are far more likely to either have taken preventative measures or know how to identify and fix exploited machines.
Also don't forget c) there is a lot more diversity in Linux machines. You can't count on the fact that a significant percentage of Linux machines are running a particular service or program (or a particular vulnerable version thereof).
In Windows you can't be running any other version of LSASS.EXE than the one provided; every XP box in the world will have this vulnerability until patched.
NGWave - Fast Sound Editor for Windows
I assume you apply this same standard to Linux installations as well?
The discussion is about Windows and their gross inability to provide a mechanism that reliably updates an average users computer. If average users are hit regularly by Microsoft bugs and holes, then the problem is with the provider of a product targeted at average users, not the average users themselves. My e-mailing/recipe-databasing mom is an average user. If Toyota sold cars with the problems that Windows has there would be hell to pay.
As for Linux, I don't use it.
Comparing it to Windows will be a moot point, since El Dorado is going to have a 40% larger code base than XP.
Automatic? 1. Microsoft does not always push out the latest fixes. If they did then this automatic system would prevent OS level problems like Sasser. 2. What if the average user doesn't have a dedicated broadband connection? It is worthless as tits on a snake. Correct me if I am wrong, but most home users ARE NOT online with broadband connections 24/7.
Comparing it to Windows will be a moot point, since El Dorado is going to have a 40% larger code base than XP.
How much more intuitive can it get?
I suggest you consult a dictionary for the definition of 'intuitive.' You are equivocating 'intuitive' with 'obvious.'
Comparing it to Windows will be a moot point, since El Dorado is going to have a 40% larger code base than XP.
I've come to really like FreeBSD. I'd like to try it on a non-production PC so I can appreciate being able to update everything at once. I was a bit bold to start FreeBSD on a production PC, but it was replacing a very old NT system, so it wasn't that insane. The NT system was a major magnet for worms and viruses, and Microsoft refused to fix many of the patches because Windows Update refused to support NT. It didn't just get Nimda, it got Nimda II a year later, and was the number one offending IP on my Linux box's snort logs.
I'm happy with RedHat for development. But, I'm not sure RedHat's update methodology is realistic on production long-term. It's good that they don't force updates to new functional versions on you. It's a general concensus that that's a good thing for a production server.
The problem is that if you manually upgrade to a version not on the distro, then you no longer get errata updates. I'm not sure this is a realistic long-term production methodology. RedHat 9, for instance comes with Postfix 1.x. But, you need 2.x to be able to filter on MIME attachments. Having to choose between 1.x with automatic errata updates and 2.x without automatic errata updates, but with MIME filtering, is not an ideal production choice. Sure, you don't want any additional functionality if it is working. But, as the Internet changes, you need to be able to update server components for reasons other than errata.
What's your opinion about the different distros? Have you come to conclusions regarding errata updates of server PCs? How about desktop use?
Hope you don't mind the questions, its just that you have 2 BSDs and Linux experience, so I'm guessing you can compare them objectively.
Open Standards Portal
I live with the consequences. I just spent $950 on my car (cheap at the price) fixing the transmission. I pay $150/month in insurance premiums, and yes, I change my lint filter.
The point is, I put my money where my laziness is. I don't call up a Volvo, pay them $35 bucks and expect them to walk me through rebuilding my transmission. People call tech support and expect to have detailed instructions on how to remove the 30 odd viruses/spyware on their computer (all of which were engineered to be hard to remove), and get pissy when told to back up and clean install.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
I didn't hit on this until I realized the significance of the new 'spacial' ui's that are so popular these days. I though it was just a silly idea (well, I still do, but read on for why). People are basically willfully ignorant of computers. It's not that they don't understand, it's that they don't want to. They approach computer use much like a monkey pilots a space shuttle: do a physical task and a reward (banna pill, excel sheet, etc) pops out. What ends up happening is this: people learn that bad things happen when you click the right button (i.e., cancel). Their apps don't work, their work isn't saved, etc. Good things happen when you click the left button (i.e. 'OK'). So when ever they're presented with a dialog, it's the left button they pick, hence all the spyware installs.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
And there are reasons that won't work. What if you don't have an always-on connection? What if the virus hits you first (and that's plausible)? What's the lag time between infection and fix? And I imagine you're one of the lucky ones that haven't had MS's "fix" break something else?
How about the air filter in your car? And your furnace filter? How about your roof? Your fuel filter? Fuel pump? Wiper blades? And I bet you've never hit 3001 miles before that oil change, right?
I guarantee there is something you've lapsed on, so I'd move out of that glass house.
What pisses me off is how their infection affects me.
Right, because it's reasonable to expect all computer users to become experts to use their machine. Apply that standard to cars and, well, traffic would be great anbd you wouldn't be driving. Blame the company who set up such a ridiculous situation. Or use another OS.
Yet people have time to go out drinking, watch 'The Swan', and masturbate (not necessarily in that order).
I have no idea what the Swan is, or why you have hang ups about drinking and wanking. But if you're trying to imply that people should spend every waking hour performing routine maintenance and leading completely miserable lives...all I can say is you really need to get laid.
Upgrades are a problem, I only have a dialup with 2-hour timeout at the moment, and it is impossible to do any major update such as teh kernel, so security constantly decreases from the date of installation. Not staisfactory.I have complained to Xandros, who ignored me, and to SuSE, likewise. The latest SuSE, 9.1, has just been installed, some improvement, when you stop Yast (click on the button in the top right of the window border) it pops up an invitation to resume or abort, ignore, etc, if you select try again, it backtracks slightly through the file and starts downloading again, but it still will not download a kernel (140MB), it may be that the servers don't support resuming (I have tried all the mirrors).
Thgey are not using wget or its relations, any of which are capable of handling this. I have not done enough digging into the code to see what is wrong, yet.
Xandros is worse, it uses apt-get which is much better than rpm when it works, but the proprietary embellishments prevent you from seeing what is really happening, and the program which I assume configures pppd is unbeleivably buggy, so it is well-nigh impossible to set up the dialer to automatically resume. Even if you do, the download stalls and all is lost.Now Xandros does use wget, I have tried moving wget elsewhere and putting a shell script in its place, to get control of the situation, but as I don't have source (if it is on the two CDs, I can't find it, due to a bug in Xandros Networks, if it has to be downloaded, well, first fix the downloader.....
My general impression is that people are just getting distros out the door as fast as possible, exactly like M$, and we are seeing the consequences. Most of the code in both Linux and every BSD variant is rock-solid, it is the bits which the distros have added that are the problem, they have simply not been tested in real life situations. At least 90% of potential users do not have broadband, and will not have it for at least 5 to 10 years, so making distros that can only be updated via broadband is sheer folly, yet they all do it. I think source patching is far better, the downloads are usually very small, no problem for most people to compile locally, and it could all be automated, but binary patching is utterly stupid, yet that is what RH, SuSE and Xandros do.
As I now have support for SuSE 9.1, for a few weeks anyway, I will register the same complaint again, but I am not optimistic that it will be actioned, some developer will just test it on a broadband connection again, and see that it works, so it must be OK.....
As for RH, it has been useful in the past, but always was a horrid mixture of editing config files for some things and using GUI tools for others, an awful mess. I tried Fedora Core 1 for 2 days, got rid of it immediately because the configuration was so haphazard and none of the old problems had been fixed.
SuSE are all hung up on legal issues, which don't actually exist, for the Nvidia driver, which can be freely distributed according to Nvidia. OK, much of it is closed-source and in fact is the same as a large piece of the Windoze driver, but that should not be a problem, yet they don't supply it, you have to download it from Nvidia, and of course after running the Nvidia installer (following SuSE's instructions exactly, which have often been wrong), when you try to configure teh monitors etc with SAX, it trashes the XF86Config every single time, at which point an inexperienced user would have a non-working PC, as the default graphical login would be useless.
I am about to do an Nvidia installation in FreeBSD, that should be fun. It has been runni
I suggest you consult a dictionary for the meaning of "equivocating". It does not mean what you seem to think it means. I would suggest "equating" was the word you were after.
I would also contend that in an absolute sense, no User Interface is "intuitive". A measure of how "intutive" a particular action is has to be taken in the context of the rest of the UI.
With regards to Windows Update, I fail to see how a specific item on the Start Menu, the main UI element of the Windows interface and the place where the user is directed to for doing pretty much everything, is not intuitive.
Similarly with regards to a balloon-help popup and a few dialog boxes with reasonable defaults and "Next" buttons. In the context of the UI, how is that not inuitive ?
How would *you* redesign it to make it "intuitive" ?
There's a couple of flaws in your thinking. First, you're assuming that the majority of people don't try to stay near the most recent version, but are perfectly evenly spread. Second, Apache releases a new version when an exploit is found. Patches are not generally released -- an exploit is a sufficiently large problem for a totally new release of the software. In other words, the release numbers you've listed are basically the sum total of serious exploits for Apache 1.3 since 2000! Microsoft doesn't increment a minor version number for something as "minor" as a serious exploit. (If it did, we'd be up to IIS 5.9032123129322421). Therefore, you're comparing apples and oranges. Microsoft has a few versions that get patched without incrementing the version numbers fifteen bazillion times, while Apache merely ratchets up the minor release level. (This also makes it kinda tough to count the number of exploits that IIS has in comparison to Apache. Gee. Wonder why they'd do that.)
Besides, the sheer variety of locations that Apache can run on is a strength. That's not putting all your eggs in one basket. That's the way Linux (and most open source code) is -- so the fact that Open Source code is available on so many systems -- and that people actually take advantage of that -- simply reduces the number of vulnerable systems (as you correctly argue) but doesn't decrease the TOTAL number of systems that are running the software.
Your original argument was that Windows only had more attacks because it was more prevalent. Since Apache clearly has more targets (actually, about THREE TIMES as many!) than Windows in the exposed, Internet aware world, your arguments about availability of targets doesn't work, either -- thus rendering your entire argument null and moot.
I never thought of FreeBSD as bandwidth efficient, but that certainly makes a lot of sense. Your right about bandwidth considerations. Companies, such as where SUSE is primarily built, usually have broadband. In America, I think 1/3 of homes now have it.
Once you have it, you tend to forget about the rest of the world, although I've tried for years to get all my friends to upgrade to it. If they didn't let their kids and wives get addicted to AOL, they'd all have it today. They do, however, hate AOL enough to be determined not to use it when they do get broadband. So, it's a chicken and an egg for them.
Broadband is pretty cheap here if you live in a large metropolitan area, barely more than dial-up. If you live in a rural area, the you could be SOL. I'd like to move to a rural area, but this is by far my number one concern.
You certainly have reassured me that FreeBSD was the best way to go for my needs, primarily hard-core server usage. For desktop, I'm still weighing in on RH/Fedora, although I haven't tried SUSE or any of the other distros, with the exception of playing with an occasional boot CD such as Knoppix.
The primary benefit of the mainstream desktop Linux distros is they seem to require less text editing and learning, things I can't expect from those that want it as a desktop, and things I personally would rather not have to learn if I'm busy doing things on my desktop. Unfortunately, RH and FreeBSD have had enough differeences with the way they were configured that you are forced to relearn new ways of doing old things when you go from one to another and want to do advanced things, such as configure a Firewall. It's a bit understandable, as FreeBSD appears to be slower to depend on new things, which could be a good thing. But, it's a difference that has to weigh in one the equations when picking one over another for a particular use.
Thanks again for the post! Good luck on your nVidia problems and I hope God blesses you with a broadband connection someday! Until then, I hope you resolve all your updating issues, and perhaps can help others in your position understand and cope with it, as well as remind those with broadband that you do exist, and are still the majority!
Peace out!
Erik
Open Standards Portal
It's merely the first provision of the Patriot Act III. They just figured out a nifty delivery system.
The second provision will make AV illegal.
Oh dear, they are reading this now... Is that a helicopter I hear?
Why oh why didn't I take the purple pill?
The patch is six weeks old. At what point does it cease to be Microsoft's problem and become the PC owner's?
Well, Microsoft's marketing department seems to do quite well in actually selling the software... but they just aren't creative enough to come up with something offered for FREE by that company...
(funny jingle in the background, loud sales-voiceover) Make the move to MICROSOFT WINDOWS XP, SERVICE PACK 2(echo "service pack 2"), and you'll be glad you did. Offers FREE firewall, BETTER virus protection, and FASTER DOWNLOADS... of critical patches from windowsupdate.com
doesnt sound quite the same, huh? plus, a little white lie never hurt anybody, now, did it? (in this instance it wouldn't).
I mean, how hard can it be for you, joe user, to go tools>windows update while browsing around looking for something more to entertain your feeble little mind? beats going to some of the shitty websites out there... i mean, like, bored.com (not knocking bored.com... just came out)... whats the deal?
Maybe Microsoft should send all those hotmail users update notices (eg. Click here to update your computer [links to https://www.windowsupdate.com] or something. Or... anyone who has MSN explorer... OR -
EVEN BETTER - use the (open by default) NETWORK MESSENGER PORT - like... SPAM users with a short, yet convincing "sales pitch" telling them to VISIT www.windowsupdate.com NOW!...
or... how about, like, the antivirus software - windows could pop up (randomly) and say "you havent visited windowsupdate.com in 632 days. your windows patches could be out of date, making your computer insecure, and making you vulnerable to viruses and stuff. go to www.windowsupdate.com" to update... (nb: does not update your version of windows, eg from windows 98 to windows xp)
hrm?
Founder & COO, Hayai India (hayai.in) / USA (hayaibroadband.com)
Or they could just do what I did and make sure the Auto-Update feature is on. I just have it set to notify me when a new update is available and I update it myself. You can also set it to install the updates automatically. The very thing you suggest Windows do to help people keep up to date on patches has been in Windows for well over a year.
"Ask not what your country can do for you." --John F. Kennedy
This is true, but most people ignore the windows updates. it simply comes up and says "new updates are ready to install" right? most people click away that annoying yellow (default) bubble to get rid of it.
What I was meaning was, MS should be slightly (and I hate to say it) more instrusive in this respect - one of the things I hate most is having to solve problems for users who havent downloaded the last 30 critical patches (as I did today). So what I'm saying is, it should be a big ugly dialog, with big red text - not unlike Norton AV - saying "your shitty buggy product is out of date" - to catch joe numbnuts users attention slightly better than the little lemon bubble.
the only worry i would have with that is - ms could trick people into purchasing a subscription model :D
that would be funny, huh.
about as funny, really as, say
so, yeah, back to the original topic - in some respects it is microsofts fault for not being as pushy about forcing windows updates upon people, but it is mostly the users fault for not reading the manual or the "configure your computer for automatic updates wizard" - in fact, it could even partially be the computer stores fault.
At the computer store i used to work at, we even said to people to keep their things updated at least bi-weekly. if they wanted, we offered a free windows update service... just bring your computer in and you can leech off of our (by that time it was cached) T3...
supporting users is really the worst thing about being an IT guy. without those users, my life would be so much easier, but i wouldn't be nearly as well off - unless i tapped some other market :)
Founder & COO, Hayai India (hayai.in) / USA (hayaibroadband.com)
It crashes yes but doesn't disrupt the other running processes and does not go to a blue screen. It only brings up a small program crash window.
Creative Demolition
nooooooo.... i mean, tiger99, are you saying that Lunix is not teh bestest??? that teh "Convicted Monopolist" is teh better???? "Windoze" is teh better than teh SUSE and REDHAT and XANDROS and all the other worthless distroes?????? tiger99, i am ashamed of yuo!!! tiger99, turn off teh komputerr and go to bed!!! bad tiger99, bad!!!1!
set the program to inform you when updates are ready to install maybe?