Slashdot Mirror
Sober.P Worm Accounts for 5% of all Email Traffic
destuxor writes "The grave insecurity of the day is the Sober.P worm which is currently pushing nearly 5% of all email traffic at the moment. Unlike previous worms, Sober can disable the Windows Firewall and Symantec Antivirus. Interestingly, patched machines are not vulnerable to the exploits used by this worm. What are we going to have to do to convince "ordinary users" to visit WindowsUpdate once in a while?" update percentage corrected.
is that like the anti-tequila worm?
Oh better hurry and update iptables and patch my kernel and emerge sync;emerge -uv world... oh windows, they get all the fun!
Whenever your PC gets infected with a virus or 10 bits of spyware a large foot swings out from under the desk and hits you in the groin. It'd even work on them guys pretending to be women!
I like muppets.
If they have SP2, the computer automatically runs the updates.
I read that the article refrences that it only comprises 4.65 percent of all email traffic? Where does this article say 25 percent???
My UID is prime is yours?
What are we going to have to do to convince "ordinary users" to visit WindowsUpdate once in a while?
Easy. Make it an invite-based system. People take for granted what they can get effortlessly.
Add a cost to it, and people will appreciate and use it more.
From the first line ... 5%, not 25%. Big difference ....
Alison
"It is a miracle that curiosity survives formal education." - Albert Einstein
Interestingly, patched machines are not vulnerable to the exploits used by this worm.
What is so interesting about that? It would only be interesting if the patched machines were still vulnerable.
Cheers,
RoadkillBunny
A nationwide (USA) TV expose (-ay) of how spam is sent and how "your kids PC is helping terrorists send unsolicited email" would bring that percentage down to 5%.
Ordinary users just have no idea. Many don't enven know about Windows Update.
I think that there are 2 categories:
1. unaware users (like about all my neighbours and friends)
2. Users who do not want to patch their system into a less controlable state (hence SP2 trouble).
I think better filters at mailservers could help:
The content of the mail may be unknown (different headers all the time), but the attachment is known. A simple filter should be able to get rid of it, no need for very expensive antivirus software.
My wife's sketchblog Blob[p]: Gastrono-me
guess not!!!!
Wake up and vote right.
I use a Mac...I have no problems.
I use Linux...I have no problems.
(however, my email box is filled up with these stupid Sober.P-generated messages)
What will it take for people to switch? All of the news reports I've heard this week about Sober.P don't even mention that it ONLY affects MS-based PCs running Outlook. I would think that the news industry would at least do one minute of digging and include this little nugget of information to help its listeners/viewers.
TDz.
It's been my experience that it is almost impossible to get ordinary (read: non-computer) people to update their machines, be it Windows or Norton Virus updates. The only way that most of them will get these updates, ever, is if 1. Someone does it for them, or 2. If it is automated, and does it for them.
Otherwise, they just don't see the reason to, don't have the motivation to, and just plain don't care.
i know its not for the right reasons but i showed my cusin how good kde can look (screenshot), he said "wow, can i have that".
Funny how something called sober is free as in beer.
Most "ordinary users" actually do use Windows Update regularly. Scorn and ridicule have worked well in achieving this goal.
be brainwashed into believing that the computer is an easy to use appliance, like a toaster or TV, and NOT a potentially hazardous tool like a chainsaw.
That this has become the holy grail of huge numbers of Linux afficianados is likely the worst thing there is for Linux. Instead of promoting Linux as the 'thinking man's alternative' most of it's fanbase has bought into the whole 'computer as appliance' mindset.
Give a man a bananna and he might choke on the skin. Teach him to peel and he'll be hell's bells.
What are we going to have to do to convince "ordinary users" to visit WindowsUpdate once in a while?"
Not make the update 100mb+?
How can anyone download that when the only connection they have to the internet is a modem.
Mom's computer is unfortunately equipped with Windows Me. Aside from the weird profile handling, the other difference from Windows 98 appears to be that Windows Update always hangs, in particular when trying to patch its MSIE installation. I'm not going to even try to convince her to run it, when I can't get it to finish once.
Will that get their attention, or will they just pay?
I get _TONS_ of logs from various ssh-worms roaming around these days.
What are we going to have to do to convince "ordinary users" to visit WindowsUpdate once in a while?"
The problem is, MicroSoft went a long way to tell people that no, they can not trust them when it comes to privacy. People from random businesses around here are pretty paranoid now -- I've talked to the CEO of a ~300 employees big company who, albeit a non-technical user himself, went on a long tirade about not letting Windows phone home.
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
tasks(723) drafts(105) languages(484) examples(29106)
Who needs to be burdened by facts, when you can get sensationalist and have /. accept your story? :-P
Okay, I got Linux installed. So where's the free beer everyone keeps talking about??
try releasing one update that actually works; you'll only have to get people to update one time.
Not that interesting - that's exactly what's expected. I guess the submitter is trying to say that's an indication of how many machines are unpatched?
As much as I'm a Linux fanboy, that's not going to solve the problem.
Setting aside the debatable 'inherently more secure' argument, unless distros start doing something rash like including and starting an 'apt-get update && apt-get upgrade' cron job, they're going to hit the same problems if a nasty worm comes out that affects on or more distributions of Linux (eg. a SuSE worm, etc).
But if you slashdot the Sober.P worm, who wins?
I have tried using windows update on several machines over the years ever since it came out. All I ever receive in return are page script errors, stalled connections and general frustration of all kinds. I especially hate waiting for it to do something after god knows how long only to have it error out and start all over again. I gave up on windows update long ago which is fine because I generally follow and advise others to follow hte rule of 'if it ain't broke then don't fix it'.
That'd be soooo cool. Then, as the Linux user base went mainstream (say 40% of machines or so) we'd get to see all the worms and shit attach Linux. 'Cause you know those same Windows users who can't be bothered to run as non-admin are going to run Linux as root or the equiv. So that "stuff just works" like they are used to without getting these prompts about root access needed (which after a few times of doing your auto-updates with something like YaST prompting you for the root password you just give out automatically whenever asked for anyway). Sure, let all the bonehead users move to Linux and watch the attacks start hitting US...
I dunno. Maybe we should stop running all those stories about how evil WindowsUpdate is, and how Microsoft is spying on your computer?
And proclaiming to the heavens that <insert my linux distro> doesn't need updates because it's secure?
What is this WindowsUpdate you speak of?
Will it require me to give personal information? Annual gross income? Name of my firstborn? Serial number of my Pentium? Location of hidden tattoo and Body piercings?
They should start fining people whose computers are used in an attack that could have been prevented if they had patched their systems. Many people are under the impression "Oh, it really doesn't matter. It's just the internet".
So, if they are held financially responsible for the damage they help cause, they will spend the time it takes to update their computers.
Also, Microsoft needs to get a clue. I've visited windows update before. You select all the updates and then it tells you "You can't select this update along with any others". So, you have to install that one single update by itself...and then REBOOT. That's about the stupidest thing I've ever heard. Why don't they make it so you can download ALL the updates, then reboot as necessary AFTER you've gotten all the updates. Don't make the process take an hour or more with multiple visits to windowsupdate.
Someone needs to publish a list of ISPs that refuse to keep their virus definitions up to date. Boycott everyone on that. I'm not talking about a software blacklist, I'm talking about a financial boycott. Make sure gramma is using someone else. Let the good ISPs use that list to target their customers for migration. This is just like the spam problem. Their negligence is hurting the Internet as a whole.
This is imperfect, though. I bet a lot of the trouble relays are small business mail servers without the staff to keep their systems up to date.
Do this.
Set up a routine that will disconnect a luser's PC if it all of a sudden starts abusing the mail servers. Call the luser with an automated message saying the following.
"Your computer has violated our ISP antivirus policy. If you have no antivirus program, please purchase one and run it immediately. If you do have an antivirus program, run an immediate scan and update your program according to the instructions included with it. Your connection will be restored in 24 hours, and you will have 24 hours to comply once it has been restored. Further violations will result in further action up to and including termination of your account. Internet safety and security is everyone's responsibility, and if you won't hold up your end of the bargain then we can't have you corrupting our network. Have a nice day."
find the easiest to install linux distro, it has to be so simple that they just click dialog boxes, when it comes to partitioning it says "perform recommended partition procedure?" and you click yes, for install you punch in basic info and click yes, the user interface is pretty much not the main issue i've encountered with people switching, it's the install, that and not being able to find software for it easily (along the lines of tucows and cnet) it may not be what linux fans want to hear, but win. users want simplicity, right now that simplicity is fed by familiarity. switching to linux needs to be as easy as doing a clean winxp install or it's not worht the hassle.
Isn't life is full of little surprises!
*blinking cursor*
Most of them are the same worm, and they're doing dictionary attacks for weak passwords (not quite the same flaw as not being updated).
The phpBB, awstats, and openwebmail worms were better examples.
Video Phone Blogs send video messages straight to the web.
"a potentially hazardous tool like a chainsaw."
last time i severed my leg with my computer, i was reminded of this fact.
The object of linux SHOULD be to make the computer as easy to use as possible, because the people who care about how their computer actually works are a stastical minority of computer owners. The reason thses viruses spread is that people REFUSE to be educated. If your goal is to become a mainstream OS [which I'm not convinced yours is, but it seems to be the goal of the majority of the linux community], your job is to offer more noticeable features [e.g. less slowdown due to viruses, etc] than windows without addint any more required user input.
joe blow doesnt want to think about his computer. he just wants it to play deer hunter 2005 faster.
How is Linux immune? Viruses and trojans can be written for Linux just like any other OS.
Looking at the BugTraq mailing lists, it is also obvious that there are plenty of common software that runs on Linux that gets exploited on an almost daily basis.
What was your point again?
Re: What are we going to have to do to convince "ordinary users" to visit WindowsUpdate once in a while?"
Make sure the patches don't cripple Windows for some users? Pretty bad when a patch causes other errors.
Thats not quite true. There's a virus going around that infects any platform's PHP parser into loading any visitor using IE's computer up with drive-by-downloads. The virus itself isn't affecting IE, it's affecting the parser, so no, linux is not immune to virus/worm problems.
I think that people need to be made aware of the importance of computer security, and that those who cause or contribute to a significant detrimental effect on society, such as this, due to their carelessness should be held responsible under the law.
I also think that Microsoft should stop polluting the world with their evil principles and ridiculous software.
on a related note.. has anybody else noticed a decrease in
spam the past week or so? I've done nothing new on my side
but volume is down at least 50% if not a bit more.
take every computer that sends out infected mail immediately from the net - together with a warning that they will only be allowed to connect again after: - they ordered a patch CD from Microsoft by (normal) mail, - installed it under supervision of a certified security engineer (for 100 $ per personal visit) and - the certification is sent by invoice mail to their ISP. This procedure they will be necessarily only once in every case, I'm sure. Kulinux
because 4.65% gives 1 in 21.50 emails. Although "nearly 1 in 20 e-mails" would make more sense.
Windows updates end up with so many different updates in so many little packages, that it's incredibly difficult for the average user to decide which ones to install. Average PC users don't even care to update so long as thier PC is running fine. Once there is a problem, then they look for updates.
In my opinion, there shouldn't be fines, shouldn't be blackouts, it's not fair to those who don't know what they are doing is the equivilant to being mentally incapable of understanding the situation in a courtroom.
It IS a security hazard, and I do admit that I don't appriciate having infected files sent to my e-mail, but if I can stop it, then I will on my own machine. Why go out there, and get other people angry because you are imposing on thier personal use of thier machine?
Strong companies, and personal computers that have people that are sane in this field should be able to defend it quite nicely. updated Anti-Virus, and a close look at files sent to the mail.
It's not that hard to say, "Hey! My grandmother doesn't know how to send attachments." or "Hey! I don't even belong to that organization!"
As far as I'm concerned, a virus infecting someone's network is thier own damn fault and they have to deal with the consequences.
Empathetic-- 94% You tend to walk in someone else's shoes a hundred miles before pointing a finger.
So week before last I was over at my wife's sister's house and they were having a heck of a time with their Pentium 4 Dell, which ought to run fast enough, but it was choking on web pages, even. I d/led Spyware Doctor and ran it, and it found 2,654 infections. Granted, that's mostly cookies'n'cream, but STILL. 2,654! The meme that average nontechnical users need to hear is that "A computer is not like a toaster, it's like a car. A toaster works, and if it breaks you throw it away. A car needs constant attention, fuel, check the oil, service the brakes, etc. or it stops working. A computer is like a car." A seriously secure computer, I keep saying, would be for instance a no-OS machine with a Knoppix disk glued in the CD reader. Pro: no new programs, like malware. The hard drive used only to store user-created data (pictures, etc. Con: no new programs. Lots of people don't want or need new programs very often anyway; a new disk might suffice.
u fail it again there, Stratjakt
Because recompiling the kernel to apply a security fix is somehow easier?
Non-computer-oriented users have no idea what is possible or what is necessary or, usually, even that their system is compromised and is spamming the crap out of their neighbors. As long as it puts up the pretty desktop and does the few things they have always understood, why should they do something they don't understand that will have no obvious benefit (to them) and might make it stop working?
Brackets contain world's first nanosig, highly magnified:[.]
'They' should start fining people? They who? The ISP?
Computers for most people really should be like a toaster, easy to use and they do what you want them to do. After all, that's what computers and personal computers are there for, they are tools people use.
The problem is that computers today are far away from achieving this. This holds especially true for computers running windows, as even simple things as checking email can potentially turn fatal (for the computer at least), which leads simple minds to compare a PC to a chainsaw (Just imagine, the Texas Personel Computer Massacre...).
"That this has become the holy grail of huge numbers of Linux afficianados is likely the worst thing there is for Linux."
Why? You should at least provide an argument.
"Instead of promoting Linux as the 'thinking man's alternative' most of it's fanbase has bought into the whole 'computer as appliance' mindset."
Ehm, computers are appliances. Every thinking man should notice that. And what I really don't get is how these oh so 1337 people like you always seem to assume that ease of use equals less power, this is simply not the case.
Besides, nobody, really nobody is trying to prevent you from recompiling your kernel 5 times a day and you are free to not use X at all, or not use one of the more userfriendly, advanced desktops. If twm is your cup of tea, fine, who cares and nobody is going to take it away from you, so get a grip.
If virus writers ever changed their tactics from one of "sneak in and just borrow their CPU cycles and bandwidth for my bot-net" to one of "let's infect, spread, then kick them in the nuts" people would take notice once again.
Several years ago there was a virus that went around replacing jpegs with copies of itself (or something). My friend had a struggling web-hosting business where he hosted websites for about 100 different small mom-and-pop shops. Even though I warned him about the risks of viruses and that he should run his site with Linux/Apache he didn't listen. That virus wiped him out.
No, he didn't have up-to-date backups. But guess what? He keeps meticulous backups now and keeps his computers patched with up-to-date virus software and only connects to his web server via ftp (no mounted shares any more).
Alas, he still hasn't embraced Linux or OS X, but at least he's not part of the problem any more.
Just think what would happen if a virus spread around and just looked for .xls files and quietly changed all the 3's to 7's? How far back would companies have to go into their backups to be sure they had a known-good copy? D'ya think they might take viruses and security more seriously then?
The last major hassle we had with a worm was primarily due to the enormous amount of traffic it generated, bringing our networks to their knees. That was an annoyance to management, but they saw it as a network problem - not a virus/worm/security problem.
One of these days some one or some group is going to unleash a virus that really IS going to do real damage. Maybe then people will realize that they aren't sitting in front of an internet toaster, but sophisticated computing device that has a tremendous impact on many aspects of all of our lives.
"terrorism" and "pedophilia" are the root passwords to the Constitution
what?
That won't work. Irresponsible users will always be irresponsible, no matter what OS they are using.
If that is your case, consider the user's responsibility and skills.
If he has no computer skills at all, just change his settings without him knowing.
If he thinks he has lots of computer know how, but really is some inexperienced (and irresponsible) n00b, I suggest tricking him into doing theing securely appealing to his 133tness ("Only ordinary mortals use IE6, we hackers use IE7 firefox edition", the firesomething extension might be useful in that case).
If he's responsible, but reluctant to change, wait for him to screw up, make him feel bad for screwing things up (just letting him know how much effort it takes to reinstall a workstation usually works) and them offer him a chance to do things securely. If doing things securely is not a hassle (activating windows update, for example), he will not change back either because the same inertia will make him stay secure, or because he sees the benefit of doing things securely.
There are more things to consider, but that should be a rough guide. Some people do not know how to use a general purpose machine, and would be happy with a "web browser" (or other) appliance. You cannot let these people loose with root priviledges.
GPG 0x1B479C78
Don't make the consumer liable that just lets the manufacturer off the hook. Why make a safer product if they can always let the user take the fall. Make sure the manufacturer is liable for more than the cost of the sofwtare too. It may not be possible but at least we should raise the bar on quality and see to it that they have an incentive to make better products. Cars are safe today because it was costing more money to deal with the issues of image, etc and dealing with all those expensive litigations.
I removed IE and OE from a 2K box using MS menu options and had windows update prompt me to install the same 2 patches about 20 times...
I was using it as a fileserver but SAMBA is prooving to be a much better choice.
ISPs should have, as part of their usage agreement, the right to block hosts that are the sources of these worms. If you don't have your SMTP server locked down, they should shut off port 80 access until you fix it--perhaps always serving up a page that says "you are disabled until you call 1-800-moron for instructions on how to fix this problem".
If ISPs are so concerned about wasted bandwidth usage then they would make people care.
Too many people are still on dial-up. Updates can take a significant ammount of time while tying up your connection on dialup. Now that I've got broadband, and I see the little thing that says "updates are available" I don't hesisitate. When I had dialup I would have had to set aside time late at night to let the computer do its thing.
How much do you want to bet that the worms are finding their way from a (low bandwidth)*(lots of machines) to (high bandwidth)*(fewer machines)?
Of course, if MS didn't give you a way to disable updates, /. ers would find fault with that too (they're forcing people to do things, tin-foil hat time, etc...).
Nevermind ordinary users. Let's see if we can get the same "network admins" who used to install Red Hat with loose defaults to keep up with patches. As always, it's a battle between convenience and security, and for now convenience is apparently still valued more in the market that MS is in.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
Of course, I may as well bring up the popular adage - that technically un-savvy users rarely install Windows anyway, and will just get the neighbourhood geek to install it, rendering the whole point moot.
On the subject of installing additional software (if any is even required) - just add in some decent repositories, and point them towards Synaptic/ rpmdrake/ Yast/ whatever. It's a fundamental change of mindset, but the idea of having a central, searchable repository with descriptions and screenshots of all apps is actually really cool, and I prefer it to "the Windows way"
We all know microsoft has alot of money. Why dont they just send out a s*** load of Patch CD's just like what AOL does.
Also keep a numbering system on the CD's that any moron can keep track of.
Hell im sure you could get away with putting them in common places.. like bestbuy, wallmart, Safeway, etc.
What are we going to have to do to convince "ordinary users" to visit WindowsUpdate once in a while?"
The answer is actually quite simple, a better OS software is needed and Microsoft seems to be having problems making it.
Would anyone buy a car that needed a repair each week to keep us safe?
Would any of us buy a TV that had to get it's software updated each week or you could not watch your favorite show?
Would you hire a driveway paver when you knew you would have to patch it once a week?
This isn't to say the consumer isn't at fault. The average consumer doesn't care this costs businesses billions of lost bandwidth, repair and productivity. The problem is the consumer isn't realizing the cost. ISPs would rather let it happen than charge the customer a $200 clean up fee. It is sort of like careless compution hurts a lot of people so very little no one cares. It is now an acceptable loss.
can anyone recommend a great distro i can slap on a disk and hand to family memebers who've had it with windows malware, spyware, adware etc....? it needs to be blindingly simple though, my brother in law is the first target.
What are we going to have to do to convince "ordinary users" to visit WindowsUpdate once in a while?"
Simple...don't give them a choice. Don't give people the option to turn off automatic updates. Or at least not on the Home edition of XP. Why in the world should a novice computer user be asked whether or not to install a security update? 99% don't even know what Windows Update does and won't download the updates becuase they don't want to wait for their computer to restart. And in that respect....why isn't Windows more like Linux, where patches don't require reboots?
Don't take life so seriously. No one makes it out alive.
What are we going to have to do to convince "ordinary users" to visit WindowsUpdate once in a while?
From what one can read on online forums and personal experience, many people are afraid to use windows update because they do not have a valid serial, or in other words, they're using windows illegally. Unlicensed copies keep windows monopoly, but it is also giving it bad fame because people are afraid to update their system.
The public are drooling morons, a good percentage probably wouldn't be capable of breathing if they had to think about it. The solution is to give these people locked down boxes and remove the checkbox control for "allow me to be a danger to myself and others".
Then we can talk about liability for people who actually need or want real (TCPA/DRM free) computers, like most of us here right?
How do you envesion this "SuSE worm"? Are you implying that the structure of indevidual distros are so radically different that one distribution can have a dedicated virus? You do know that most open source software is developed outside of distributions, and distributions provide collections of said software customised to their chosen layout for the OS?
I suspect that you would want to set the security argument aside because you have a limited understanding of what makes a linux distribution what it is.
Linux is not a monolithic OS that does everything for you. Neither is a distribution. It's linux, the distribution (gcc & package management seems to be enough for that), and the choices YOU make.
That's why you need Cisco Security Agent. It stops Day 0 attacks, virii, spyware, worms, etc.. Does not use signatures and has never been compromised yet.
www.cisco.com/go/csa
--- RFC 1149 Compliant.
It's not hard to lock down a mailserver, and it's not hard to make it scan all incoming/outgoing mail for spam and for viruses. Hell, it's free if you use Postfix/Mailscanner/ClamAV/Spamassassin.
No ISP should be running an SMTP server that doesn't scan for viruses. It's just irresponsible. There are a few viruses that setup their own SMTP server on the users machine, yeah, but that's easily solved by blocking outgoing connections to port 25 on the network, except from the ISP's own mailserver. If all ISPs did those 2 simple things, e-mail viruses would almost be wiped out.
It's basic stuff, and it drives me nuts that precious few ISPs do any of it.
Sounds like you should look at Desktop distribution of Linux like http://ubuntulinux.org/ or http://mepis.org/. The latter installs in under 20 minutes from a 'try-before-you-buy' LiveCD. Click on the desktop icon elusively named "Install Me", and watch it all Just WorkTM. Every video codec under the sun, CD/DVD Burning, printing/scanning/camera, most wifi cards, ipod synchronisation and other fashionable dependencies therein.
Finding software for Linux couldn't be easier, no running around hunting an app down on websites and looking for 53r14alz. Open up your favourite package management GUI, click on "update", then "search", select what you like and finalise with "Install".
Really, there are no excuses; hence those that actually try a contemporary Desktop class distribution these days generally never look back.
The worm is written in Visual Basic, UPX-packed PE executable about 52 kilobytes long.
That shouldn't really be a problem. I mean, the "ordinary user" doesn't have a clue what the runtime files for Visual Basic programs are, and most likely doesn't possess them either.
I know I've had to download some necessary files to run some apps I wrote in Visual Basic right after I re-installed my operating system.
Why not just force them to get security updates when ever Microsoft puts out a patch. Even if its not tested or causes other troubles.
Hell, why not just force them to upgrade when the new version comes out. And have them monitor what you are running ' for your protection '. User are lusers right? They shouldnt be allowed to make their own decisions, and perhaps not be a future serf-customer.
How about the ISPs just do their damened job, and if someone is apparently infected with something, they cut them off, with a nice friendly phone call explaining why. Then only allow access to a local copy of patches. How hard would that be?
---- Booth was a patriot ----
"What are we going to have to do to convince "ordinary users" to visit WindowsUpdate once in a while?"
How about we first try to teach users not to run executables attached to emails? This virus only infects machines when the attachment is run. It then starts emailing itself to everyone in the user's address book, but if you don't run the attachment to begin with it can't harm you.
Unless Microsoft have a patch for user's brains to make them not run executable attachments, sending them off to Windows Update will do nothing except provide them with a false sense of security.
What are we going to have to do to convince "ordinary users" to visit WindowsUpdate once in a while?"
I fear there is little that can be done about "ordinary users" who simply don't care. Only the continuing spread of virusses like these, and possibly ones with more destructive qualities, will hopefully wake them up and make them take notice. However, as past experiences have taught is, this is not something we should be keeping or breathe for.
Everyone (directly connected to the internet without a firewall) is forced to patch or they are restarted constantly by DCOM/LSASS exploit attempts.
Nothing - because some people just cannot be convinced. When I visited a neighbour some months ago, her PC was infected with just about any blend of spyware you can think of. "But what would they need my PC for?" she asked - I started explaining the basics (use the PC as a bot, online banking which she uses, etc...). Her reply? "Well, as long as they use it when I'm not working on it I'm fine with that, and the online banking bit? I don't care - it's not as if I'm rich now". Try to convince someone with *that* attitude.
By the way, speaking of attitudes: I never install patches. Why? Because I run a software firewall, a hardware firewall, a virusscanner and several spyware scanners. And since I bought the damn thing I think I have the right to decide WHAT I install and WHEN I install it. That includes the right to deny patches.
http://jcsnippets.atspace.com/ - a collection of Java & C# snippets
I can't remember the exact percentages, but I've read that a very large proportion of people and businesses are still using Win98.
What are we going to have to do to convince "ordinary users" to visit WindowsUpdate once in a while?
Totally the wrong question.
The right question is: when are the *vendors* going to sell products that are immune to these types of attacks?
If an update can fix the problem, then it could've been fixed "at the factory".
The fact that we view computer security as a matter of "applying updates" is sad and pathetic.
The reason things don't work if you're not an Administrator on windows is because the good ol' marketing folk decided some time ago that multiuser systems are not necessary for Mr. Bob. So when they finally added it in, it was late, and crude, and, as usual [imho] is nothing more than a "feature" rather than a function.
Linux is UNIX clone. It was designed for multiple users from the start.
Microsoft wouldn't make a write a worm to force people to patch right? They're a good, caring company, just yesterday I saw Bill Gates eating a--er kissing a baby.
As for the "SuSE worm" remark, I was more referring to the fact that the different versions of distributions come with particular versions of packages, eg. Redhat 9 comes by default with a version of bind, or whatever.
I'm well aware that software isn't distribution-specific, I'm saying that lazy people aren't going to upgrade. If a particular distro hits critical mass and becomes overwhelmingly popular in comparison to the other distros, then large groups of lazy users are going to have the same version of a particular software package, thus leading to the same sort of problems that people have had with, for example, Windows XP. (Definitely not on such a large scale, though, even if Linux becomes the domininant OS, due to a smaller subset of Linux users having the same version of the package.)
I'm not trying to take potshots at the quality of OSS at all, frankly I believe that the major OSS projects are likely to be more secure than Microsoft's offerings. I'm just saying that at some point in the future that, if one of the distributions becomes dominant, there will most likely be at least _one_ slip that could lead to a Linux worm of sorts, even if it is restricted to a particular version of a package.
Sure, it'll be patched quickly, but then we'll still have the same problem with lazy users not updating.
It's interesting because it means that there are still enough unpatched machines out there for a worm to gain serious traction without uncovering new technical vulnerabilities. Worms that hit patched machines are technologically interesting, but those are problems that can be fixed (eventually) by patching. A technological problem with a technological solution.
But it appears that even if a putative Service Pack 3 were flawless, there would still be massive worm activity in those who haven't patched. And if they haven't patched by now, they're not gonna, and that means we're going to be dealing with this problem for a long time to come.
It's a non-technological problem, so there may not be a technological solution. (Me, I'd like to see ISPs start throttling infected users, but that's a whole separate can of worms.)
thanks, i hadn't checked out mepis before, i'll give it a bash and see how it goes.
Ubuntu, SuSE, MEPIS, maybe Mandrake if you're feeling lucky.
Any many more which the posters below will no doubt convince you to try.
Several distros do have auto update functions installed by default.. Red-hat , fedora-core , ubuntu , Suse , novell .. to name but a few .
Most other distros are picking up the trend.
The only things certain in war are Propaganda and Death. You can never be sure which is which though
Grandparent has a point. Remember the well-published priviledge escalation that afflicted the kernel around Christmas time? I was running Mandrake at the time, and wondered how long it would be until a fix was available. Eventually (about a month later, I think), one appeared in the package manager. It consisted of 40MB of kernel source which you would have to know how to compile and install yourself (I was reasonably knowledgeable at the time about Linux, but the resultant kernel failed to boot completely - presumably I needed to do a "make oldconfig", or something). There was no means for just automatically patching the kernel. This is not what I would call grandmother-friendly.
What can we do to get ordinary people to visit the Windows Update site? Isn't it obvious?
Microsoft should spend some of its money to make public service announcements about stuff like this. As a monopoly, that would be the 'right' thing to do. They can spin it any way they like and I'm sure it would be all green and grassy or something but it would work.
If a student or member of faculty comes in with malware problems for the first time, I fix it for them and I give them a Gentoo Linux install CD to go away with. If they come back with viruses/spyware a second time, I tell the luser to stop bothering me, and that I gave them the solution to install last time.
Remind me not to hire you after you (maybe) graduate.
Even though I've visited Slashdot for what seems like 7 years now, this is the first time I'm commenting. I'm commenting because this article couldn't come at a more prime time.
.zip files, to no avail... it seems to still slip on thru for some odd reason. As much as I tried to get our server's host to help us curb the problem, they would push their current marketting ploy.
The organization I work with got the Sober worm, filling up our mailboxes expontentially. Even though we are primarily a Mac house, some indidividuals probably accessed our mailserver with Windows based mail clients (at home?) and perhaps facilitated the spread of this virus.
It sure is a nasty one. I wrote a procmail recipe to block out
I'm kinda lost, with a growing procmail folder with the isolated emails (roughly 4gb in size now) -- and some like (100 emails a day) slipping thru. I've emailed all users suggesting removal tools like Stinger but still!
Anyone have some proactive suggestions? Would ClamAV prevent this from perpetuating on the server-side?
We are currently wasting bandwidth and people time to indugle ourselves in a server side solution.
Anthropology.net - Beyond bones and stones.
If they required their customers' windoze computers to be auto-updated, with working firewall, like zone-alarm, and working anti-virus, like panda, then there would be no problem.
If they charged less for linux machines, or users who stuck to firefox / thunderbird, then maybe a few would switch.
If they charged a penalty for anyone whose machine got zombied, then maybe the idiots would be more careful.
Once the idiots were on autoupdate, there would be alot less problems, and the isp probably would save money.
But wait a minute, that makes sense, and we all know people do not act sensibly.
What was I thinking?
wake up and hold your nose
How about, have it not crash my machine so hard Explorer can't start once the mandatory reboot is completed?
People don't use Windows Update because they don't trust it. Not in the "oh, they might be spying on me" sense of distrust but in the "Oh, those idiots might really screw my machine" snese. It only has to happen once before a user decides he/she would rather risk the hypothetical infection than face the certain loss.
The Mongrel Dogs Who Teach
The writeups say Sober.P carries a 53Kb payload.
All my inbound hotmail (upwards of a 100 a day) for the past week have carried 73Kb attachments.
What is that?
I only use hotmail via web (AFAIK that is the only way), so I don't see how it can have anything to do with my machines...
Mistakes happen. Patches & AV software, etc. are not foolproof. Patches & anti-virus software aren't going to stop anything without an aware user. It's all about education.
You just wait... I just know that some asshole will make up a virus that affects all Windows versions with all patch levels, and it will disable Norton, Symantec, McAfee, and all those anti-spyware programs, and then, while the user is browsing the web or something, it will download, piece by piece, the source to Gentoo, which it will quietly compile in the background while the user isn't paying attention, and then, one day, the user will turn on the machine and find that Windows is gone and Linux is there instead.
And then, Microsoft, SCO, the RIAA, and the MPAA will unleash an ad campaign costing in excess of $50 BILLION to tell the world that Linux is a spyware virus made by rogue hackers to destroy the world's computing resources and steal your credit card numbers.
Five years later, after a long and difficult court battle in which thousands of companies and millions of individuals who support Linux will have donated money to pay the lawyers, it will finally be proven, through secret emails and other documents found at Microsoft headquarters, that Microsoft made that virus (the one that deletes Windows and installs Linux), and it was so effective because only Microsoft knows enough about every single version of Windows to pull it off, but by then, the damage to Linux' reputation will have been done. That's the sad ending.
Either that, or Microsoft will have shot themselves in the foot because people will be in a hurry to get stuff done and since Linux is on their computer, they'll use that and realize that it's better. At the same time, all the publicity from this huge court battle will get thousands more companies to find out what this Linux is and why Microsoft is fighting so hard to discredit it. That's the happy ending.
The even happier ending is if the government decides to forcefully disolve Microsoft, SCO, the RIAA, and the MPAA, giving all their assets to schools and making all their intellectual property available for download for free under the public domain. That's the happier ending.
"kill dialup"
That's just not gonna happen.
I work for a small ISP, about 2500 dialup customers, and about 500 on our high-speed offering. We took a poll (not just a Web poll, mind, but printed and mailed inserts in our dialup customers' monthly invoices).
I don't recall the precise wording, but it was basically, "If you could get a 128kbps internet connection (twice the speed of dialup) for the same price you're paying now, and no changeover/installation fee, would you be interested in this offering?"
Out of the couple hundred folks that sent that form back, we only got about a 50% "yes" rate. The main reasons cited for turning down this proposal were "my connection works fine" (folks afraid of change for the sake of change) and "I don't need a faster connection" (frankly, I dunno).
We have the technology to provide high-speed service to most of these folks (wireless Internet with reallllly big antennas). Obviously we can't cover everyone, but we try. There are a lot of people out there that don't see the need for broadband, or don't want it, or are just plain silly for whatever reason.
I'd love to get rid of dialup too. Folks who live out in the boonies and complaining about slow speeds make up a good portion of our tech support calls. And maintaining all that dialup stuff (the hundreds of incoming phone lines we need) is bloody expensive.
But at least in my little neck of the woods, dialup is not going away anytime soon.
"Sophos reported earlier this week that Sober.P appears to turn off Symantec's antivirus protection and the Microsoft Windows XP firewall, probably as a way of preparing computers to distribute spam and to spread itself wider."
This wouldn't be possible if people didn't read their goddamn email as an administrator!
Also, "[the worm] is currently pushing nearly 25% of all email traffic at the moment"? Who needs Editors anyway?
It can and often will break your machine's current state and render multiple applications inoperative.
I've had a lot of Windows patches kill applications. Most notably Adobe Premiere, Internet Explorer, Visual Studio, and a load of older third party shareware/freeware apps. Often enough a reinstall of the application fixes it, sometimes... not.
The biggest problem isn't a lack of patches being applied although it is a big problem. The biggest problem is that people still insist on using e-mail as a way of conveying web-like information without regard to its origin or nature. I know a lot of people, some family, who would never ever visit shady porn sites and the like who nevertheless, display all their e-mails in full HTML format with Active X, Javascript, and the rest turned on full blast. Then they select each e-mail in turn, opening it by default in the preview pane of MSOE and just to make sure it really is spam, will also click on the attachments as well.
Of course, I was seeing this same thing more than seven years ago in corporate offices never mind home PCs. Absolutely nothing has changed. Any time a user allows code to run, they take the chance that code will be designed to undo their protective shields including anti-virus, anti-spyware, and firewall services. Those services are not designed to act like viruses themselves and resist deactivation (with the exception of NAV which acts that way by an idiot structural flaw rather than purposeful design) at all costs. Oops.
What Microsoft could do is create a bootloader that worked from a separate partition and scanned the as yet not activated main OS partition for rootkits and viruses and removed them before the OS could be started along with them. Problem is, we can't ever know that MS didn't fark the system up with spyware of their own to check that DRM wasn't messed with, that we weren't using warez'd MS products, or even working on behalf of the *AA agencies to root out and destroy MP3s and so on.
Another solution is to make all web applications including and especially MSIE work only inside a virtual machine within Windows where it was quarantined from outside system interaction and had to pass a fine-grained security checkpoint to interact in any way with the outside short of mere audio-visual output. In other words, scripting that was doing something with a web page would generally work, something that wanted to browse the file structure would have to be signed, the user would have to constantly say yea or nay and enter a password. Anything to slow down the interaction, log it, control it.
I seriously doubt we will ever see it of course.
If my grammar and spelling are off, I am [distracted/tired/careless] (take your pick)
Slip him a Knoppix CD first to see if it likes his hardware, and see whether he likes the look of Linux. Impress on him the fact that it does not touch his harddrive, so he can get back to the familar comfort of Windows with a single reboot, but also the fact that anything he downloads (e.g. e-mails via POP3, etc) while in Knoppix will be lost.
I used to have a laptop that ran Windows ME. The vendor (Sony) refused to support any newer versions of Windows, which is a major problem for a laptop, with all of its customized drivers and software. Sony's suggested solution was to buy a new laptop. Some vendors are more reasonable about it, but many only support the version of the OS that was shipped on the machine.
Mea navis aericumbens anguillis abundat
Bollocks.
Maybe Microsoft should stop adding rights for themselves into the EULA when you download a fix? Imagine if a car manufacturer gave you a free replacement for a faulty part only on condition that you filled in mileage logs?
Justin.
You're only jealous cos the little penguins are talking to me.
When will 'ordinary users' decide to go to Windows updates? Gee, oh perhaps when those updates stop making my programs work, perhaps when DirectX 9 'c' works with the hardware/software/games I have and doesn't require a complete wipe of the harddrive before anything works again. Things like that make folks like me turn 'automatic windows updates' the hell off.
Enjoy your Karma, after all you earned it. Feel your Karma Joe, feel it burn.
What are we going to have to do to convince "ordinary users" to visit ubuntulinux.org once in a while?
Or
What are we going to have to do to convince "ordinary users" to visit apple.com once in a while?
I once lost a bunch of work because I was doing some stuff in illustrator and forgot to save before leaving the machine on overnight. Windows update decided it needed to reboot to install the updates and I lost a whole afternoons worth of work.
I usually do work on my linux box using emacs and openoffice, so not saving religiously has become a bad habit.
"What are we going to have to do to convince "ordinary users" to visit WindowsUpdate once in a while?"
I'm no ordinary user... And even so I don't run WindowsUpdate on my windows box, and i'll tell you why: I trust my safe web browsing habits way better than I trust microsoft not to install anything I don't want installed, case in point: DRM.
Yes, you failed.
WOW... You really think we can patch all those brains ??
...ooh..and only use it for security updates as opposed to massive piles of other crud including exploits (for MS's crackers to take control of your PC)...
...ooh and less security exploits please...MSW users have to download massive files full of fixes daily.
Joe Llywelyn Griffith Blakesley
[This post is in the public domain (copyright-free) unless otherwise stated]
Another fine /. editorial accomplishment...
As E-Terrorists and then all those useless windows users who never update anything become participants to the crimes.
I guess all this depends on a legal precendent that failure to take action consititues participation in the crime. But the only place I know of this to exist is in Asimov's Three Laws of Robotics.
Another problem is that there are too many bundled apps in Windows with access to the OS subsystem. IE (if I'm not mistaken) is also the default file viewer with means that at some level the web browser is tied in to the shell. Outlook and Outlook Express can also be used to launch IE and other apps. For Microsoft to really stay ahead of the security curve, their first step should be to make these apps standalone apps and not tie them into the OS environment the way that they do. Take their new Windows Antispyware. Instead of removing the design flaws that make it so easy to install spyware, they capitalize on their own design flaw to make a product that they will probably make more money on. That doesn't leave much of an incentive to really fix the problems if they can just get richer off of them. Give them another few years and they will be marketing Microsoft Antivirus to capitalize on that front also. Another problem is that there is just too much expectation we place on users to download all of these updates and patches. If Joe User wants to make sure that his computer is protected then he should set his antivirus and Windows Update to automatically download and install updates. but if he is on a dial-up connection, then users often just disable autoupdates so get faster performance. Not to mention the updates for antispyware apps, other software updates, etc. Separate all of the web-enabled apps from the OS and make them standalone apps so there won't be as many security problems to contend with.
There are plenty of Win95, Win98 boxes out there, which Microsoft refuses to support.
It costs money to buy Yet Another Windows License (YAWL) especially since entirely new hardware is usually required to maintain bloatware compatibility.
But such is the price of paying good money for inferior products. Win9x is (present tense) inherently insecure. Unpatched RedHat 5.1, 6.1 boxes from the same era are not nearly as vulnerable, but there are fewer of these and they are readily patchable anyway - and usually without wasting any old hardware.
I can totally sypmathize with all the moms and pops who don't want to throw out their perfectly good P700 hardware and shell out more money just because their machine's Win9X OS has become increasingly smelly. Since Microsoft refuses to support these customers who bought the products in good faith and usually without a choice, there are now two solutions to this problem:
Either:
Totally disinfect the HD's, remove IE and install a hardware router as a firewall
Or...
Install Linux (BSD, etc.) on the HD.
"I work at a University IT helpdesk, and after far too many malware problems from far too many dumb lusers (and many of them repeat visits), I've adopted a new policy. If a student or member of faculty comes in with malware problems for the first time, I fix it for them and I give them a Gentoo Linux install CD to go away with. If they come back with viruses/spyware a second time, I tell the luser to stop bothering me, and that I gave them the solution to install last time."
Let me guess - all those stereotypes about antisocial computer geeks seem to have originated in your general vicinity, am I right?
#DeleteChrome
I know this has mentioned before, but if you could leverage the vulnerability to spread a worm which destroys the bad worm why not do that? If people don't care or know they are being infected, will they care that someone is cleaning their machine for them? I doubt it.
"What are we going to have to do to convince "ordinary users" to visit WindowsUpdate once in a while?"
Well not having to worry about Microsoft breaking their systems with each patch would be a good start.
Write a virus that will infect unpatched machines, then patch their machines for them. (and set their homepage to www.windowsupdate.com while its at it. They wont know how to change it back so they will have to visit it more often)
All misspellings and grammatical errors in the above post are intentional and part of my artistic expression.
In 12 years of running linux I've never seen any distributor supplied update that required a kernel compile, so the parent is a troll...
What are we going to have to do to convince "ordinary users" to visit WindowsUpdate once in a while?"
Not much. In my experience, ordinary folks just ain't interested in this issue -- they couldn't be bothered. I always mention it, but invariably get nothing more than a blank look in return. At best they'll show me the way to their PC so that I can do it for them. The problem with Windows is, those updates need to be done regularly.
Will M$ come to the rescue? Maybe, but only if they decide to prioritize security before profit for a while, and I don't see that happening as long as they have no other incentives, such as real competition in the marketplace. And even if some new OS of theirs were to be secure enough to make a difference, that still wouldn't mean that all those "ordinary users" out there would actually go out and buy the upgrade (they wouldn't, because chances are that much of their old software would suddenly stop working).
The other solution would be for us to enter into a period in which most ordinary users would start to get the feeling that FOSS solutions are the way to go. That will be difficult, however, as we will always be up against the marketing might of M$. Ordinary users always end up in stores asking for complete solutions, which is exactly where M$'s marketing muscle reins supreme. Not much we can do about that. Apple might help, but at the moment ordinary users see them as being either too weird or too expensive or both. Personally, I don't think Apple will every be able to make a real dent in M$'s lead unless they decide to port their OS to the PC. But, for Apple, that would be opening a whole new can of worms, and maybe they know better.
Another way for light to appear at the end of the tunnel, would be a combination of the above. On the one hand, this would involve M$, always greedy for higher profits, making itself ever more unpopular by introducing things like Palladium, which they hope will make it virtually impossible for anyone to run anything but software that is properly licensed and paid for. On the other hand, while M$'s software would remain as insecure and unstable as ever, the FOSS alternatives would just keep looking better and better. Eventually, this "carrot and stick" situation would cause increasingly large numbers of long-time Windows users to defect to the other side. It almost sounds inevitble, but at best this will take time (for starters, it looks like Palladium won't be out until after LongTime is launched in late 2006).
Therefore, my feeling is that, since nothing is going to change any time soon anyway, we're just going to have to accommodate the situation (OK, the spammers in this case) for now by adding more and more bandwidth and other resources in order to stay afloat.
In the mean time, our best option is to keep improving and pushing FOSS alternatives. My one "ordinary user" success story was with a family that I had sold a PC with Windows XP to in early 2003. I set up a virus/adware scanners for them at the time, but within a short time their box was riddled with malware anyway. Finally, in October last year the system had become so useless that they came to me again for a solution. Sure, I could re-install for them, but then the chances would be that the problem would quickly repeat itself. My solution was to switch them to Debian sarge and use Win4Lin for those last few Windows programs they couldn't do without. It worked and they've been happy ever since, so I'd like to think that, in general, there is hope for "ordinary users".
I'd hire him. Hell yeah, I like people who can think.
Someone should write a white-hat worm that brings the machines up-to-date with security patches, turns on auto-update, sanitizes the computer and reboots...
Before everyone starts screaming that you can't release a white-hat worm, please consider the situation we are in today; Hundreds of thousands, if not millions of zombie machines are sitting out there doing the bidding of criminals to extort money from sites that fear DoS, fill our inboxes with Spam, spread virus and trojans that install keyloggers, attempt to get access to your financial and other accounts, etc.. etc..
On the one hand, we have total anarchtic hacker mayhem (today) and on the other, a sanitized Internet at the cost of using the techniques employed by the shadowy side of society.
I really doubt that many people would have issue with this. Hell, it should be done in the name of national security. Really... And anyway, if your machine is susceptible to a white hat worm, it is equallyt susceptible to the bad stuff, which means it is pretty much guaranteed that you already have a bunch of nasty stuff installed on it. A white hat worm will provide some relief.
The reason that it can be true that 1+1 > 2 is that very peculiar nonzero value of the + operator
Throttle them? I don't know, strangling sounds a little extreme. Maybe they can just shut off service?
Installed XP. Connected to network to install updates (On 100Mbit internet connection) It got a virus within 60 seconds of connecting, while it was still downloading the updates. :P (This happened around the time SP1 was released)
All misspellings and grammatical errors in the above post are intentional and part of my artistic expression.
Until MAC and appropriate MAC policies exist on systems this will go on "ad infinitum, ad nauseum". See "The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments" http://www.nsa.gov/selinux/papers/inevit-abs.cfm
Though I'm not a huge fan of the SELinux security model it does seem to be gaining traction. Red Hat Enterprise 4 now includes it and there are an increasing number of "targeted" policies becoming available.
If executables were required to come with packaged policies and those polices were vetted by an organization that had a clue, many of our current issues would be greatly mitigated.
If you are, then Windows has that too -- it's called Windows Update.
If you aren't, would you mind telling me what you actually are referring to? Last I looked (five seconds ago, in other words), up2date is just as voluntary and manual as Windows Update.
In fact, WinXP SP2 is even more automatic than that, since it actually allows one to set a setting to allow the system to update itself completely automatically. That may well be the best thing about Windows XP (and no, I don't like Microsoft).
One of my machines somehow got hit by this thing. My machine is completely up to date, as windows update is showing 0 critical items.
I don't even know how I got the thing on my computer since I use Thunderbird and I'm not one to download random stupid shit.
So... there's another hole in something else as well, because as keen as I am to viruses, it's damn near impossible for me to get hit by one.
We have secretly replaced these Slashdot mods' sense of humor with a rusty nail. Let's see if they notice!!
I can't speak for the article, but at the ISP I work for Sober.P has hit our mail servers like crazy this week. It has accounted for 50-75% of all incoming mail viruses! (as per our Barracuda Spam Firewall reports)
Damn, I was about to moderate, but I couldn't resist this...
Sure, Ford should be liable if your new F150 kills your neighbor by launching missiles at him when you turn it on. But they should not be liable if you new F150 kills your neighbor because you ran over them.
Most computers are reasonably safe, at least as much as the average car. But most computer users nowadays are the equivalent of drunk drivers. You don't blame Ford when their car didn't automatically stop someone from driving over someone else. You blame the drunk driver.
So, you don't blame Microsoft too much when an unpatched Windows box kills ten other unpatched Windows boxen. You fine the user who didn't patch the fucking box.
Don't thank God, thank a doctor!
This works: Here in Estonia, we have to pay for every minute of phone usage/dial-up usage.. so broadband is way cheaper if you use Internet more than a few hours/month
So basically, we have NO dial-up users here (I'm not 100% sure, but I don't know any provider, who offers dial-up here... (and that for about 3 years now))
Removing the compiler from a linux machine seems to be a common strategy for newbie admins to "secure" their machines. It doesn't accomplish anything. If I could compile something on your machine, I can just as easily compile something on my machine and upload it to your machine. Worms don't need to patch source code to create new holes, they can just replace binaries, libraries, etc.
on them children pretending to be men?
I'd like to kick them a few times in the groin.
What are we going to have to do to convince "ordinary users" to visit WindowsUpdate once in a while?"
Maybe a simple recipe could help:
1. fix more bugs than the ones introduced by the patch itself
2. avoid making systems unusable after and update
3. avoid multimegabyte patch (are the really patches? Not everyone has broadband and time)
Maybe Computers will never be as intelligent as Humans.
For sure they won't ever become so stupid. [VR-1988]
Either run your mailserver on openbsd so you can use spamd right on the mailserver, or find an old pentium laying around, install openbsd on that and stick it in front of your mail server.
Openbsd's spamd tarpits blacklisted machines, which is nice and all. But the real benefit is its greylisting before anything even hits your MTA. All by itself, spamd almost eliminated all my spam and viruses, just because of greylisting, without adding any noticable load to the server at all. Then clamav and whatever spam filter you like can deal with whatever actually gets to the MTA, which will cut the load down tremendously.
Ive been switching my linux machines to ubuntu recently , as of the proper release of hoary they use update-manager and update-notifier.
.
.If you really wanted it, it would be quite easy to write a small script to auto check and auto install update packages within a debian apt-get based distro which could be set by cron to do it automatically .
.
I find this way quite acceptable.
Synaptic is just an apt-get front end , update-manager is more like the windows auto updater
I see what your saying ,
I have one currently for my written for my works server (would love to release it as GPL but contractualy I couldn't)Which handels automatic updates to patch vunerabilites
All it takes is someone to write one then persuade the distros its a good idea
Personly i dislike forcing something like this on end-users . It may be a good thing for distros such as line-spire aimed at the novices and those who dont wish to know more
The only things certain in war are Propaganda and Death. You can never be sure which is which though
The open source community should do this.
Step 1: Develop the ultimate virus/worm platform -- include a bytecode engine, polymorphism, have it jack into something Freenet-like so users could manually update the network.
Step 2: Get lots of press for your examples of honeynets completely nuked, and how long it took. Show estimates of how long it would take to destroy every computer on Earth with Internet access (including flashing the motherboard, etc.) and predict a Y2K-like apocalypse if terrorists ever get their hands on this and there's tons of unpatched Windows machines.
Step 3: Watch the news media declare vulnerable platforms like Windows and OSX to be "unpatriotic". Watch thousands of developers and hardware vendors and, yes, even end-users rush to put everything on something actually secure, like Linux or BSD.
Remember: Linux IS more secure now, because would-be terrorists (all the teenage hackers of the world) have an incentive to fix Linux instead of try to break it.
Step 4: If Step 3 fails, watch someone, somewhere, sometime, actually finish the job. In a matter of hours, every insecure box in the world goes down, hard, never to rise again. Hard drives wiped, firmware flashed... It'd be a massacre. Then, when the world finally wakes up, watch Step 3 again.
Remember, if I implemented this plan, I'd never actually pull the trigger. I wouldn't be doing anything illegal. That is, unless Congress decided to pass some DMCA-like laws to prevent the development of anything which could be used to 0wn people...
Don't thank God, thank a doctor!
I thought a worm, by definition, didn't need the user to click on something? Doesn't that make this a virus? It's doing exactly what Melissa did, after all...
Don't thank God, thank a doctor!
My one Windoze device left got this thing on 4/27. Norton's AV updated to catch it on 5/2. My laptop was fully MS up to date. So there is some other path to infection...
Timing is everything. This beastie was in the wild a long time before it was caught.
Got Wisdom?
Hours have gone by now but the blurb remains unedited.
I seriously begin to think Slashdot stories are intentionally wrong to generate more visits. Isn't it funny how the errors being made always happen to make the story more sensational and never less sensational?
While at it, I also would recommend fining drivers who get into accidents due to faulty cars. Then, I'd also recommend finding disease-spreading patients who fail to get better after taking tampered medicine and hosts who serve guests bad food after buying tainted meat at the supermarket. Etc. etc..
Taking an elitist's PoV of the problem will not solve it. Yes, people should be educated about the risks and how to minimize them and so forth, but a lot of blame could go to the company producing unsafe products. The question is, why are software companies allowed full protection by attaching an EULA, even when they know the product is not acceptable for general consumption? I can see that no software is 100% bug-free and 100% secure, but the treshold of acceptable quality is obviously very low here as evidenced by Windows.
I see what your saying , .If you really wanted it, it would be quite easy to write a small script to auto check and auto install update packages within a debian apt-get based distro which could be set by cron to do it automatically.
It's even easier to run:
By default it only updates package lists and downloads upgrade packages automatically, but doesn't actually install them. It's very simple to add another cron-apt/action.d file that will make the installation run automatically as well. I had one of my machines set up like that for a while. It was a Debian stable box, and it worked like a charm; always up-to-date, never any problems.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
I decided to quit running WindowsUpdate after it broke some important programs. Of course, I also switched OS at the same time, but many don't feel they have that option.
/home directory is in a separate partition from /usr. Someday this may save your skin. Don't just take the brain-dead everything-in-one-partition choice at install time.])
Now to be honest, I had already been planning to switch OS after reading the last OS (MSWind2000), and reading *about* the next one. This was merely the final straw, the point at which I said "This *(*!* isn't worth fixing! Scrap it and start over!". And I'd already prepared backups so I could act quickly in case I were to decide. This was what made the decision.
I hope they've improved WindowsUpdate, because if they haven't then I certainly understand people's reluctance to run it. (OTOH, I also had Red Carpet trash my system a couple of times, and I even trashed it with apt-get. But those didn't destroy the directory structure, and I didn't need to lose all my data to recover. [PLEASE! Make sure your
I think we've pushed this "anyone can grow up to be president" thing too far.
The government.
This is not a problem that only affects the ISP. This is a problem that affects commerce...therefore it is a government problem.
I think it should be a selectable option when installing the system. That way, knowledgable users can turn it off if they so wish and update their systems manually, while the Joe Sixpacks, easily identifiable by leaving all options on the default, will get it automatically.
Remember, I said IF A PATCH EXISTS. If someone drives a car even after they've received a recall for that car and thereby injure someone or cause an accident, are they guilty of negligence? Absolutely. If the manufacturer of that car acknowledges a problem and lets the consumer know, then that automatically shifts responsibility onto the consumer.
It's the same with patches. If microsoft acknowledges a problem and issues a patch, it then becomes YOUR responsibility.
I must say cheers for that one , i don't know how that could of slipped me by . .
I will give it a test on one of my machines and see what i can do with it
Again thanks
The only things certain in war are Propaganda and Death. You can never be sure which is which though
How about it, another Slashdot blurb with bad information!
How about from now on we ignore Slashdot for a day or so for each similar offense?
The drop in ad revenue should scare some editors into doing their jobs.
That's why my regime, if I ever make it into power, will require a license to access the Internet. The user will have to pass a test proving that they know how to keep their system secure for their chosen operating system. If they fail they don't get the license. If their system is taken over or an attack is detected from their system, their license would be revoked and they'd have to pay the licensing fee and take the test again to get it reinstated. I'd also mandate various steps that ISPs could take which would make forging traffic difficult or impossible.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
...after reading the last OS EULA (MSWind2000), and...
I think we've pushed this "anyone can grow up to be president" thing too far.
Its a good idea perhaps ,It should be limited to Security patches(incompatabilites could arise if its not carefull).
What would also be a good idea , is to drum into the users head the fact that updates are a nessecity. Too much distrust has been garnerd by MS so people are rather warey of it , It needs to be done carefully to avoid such outcomes.
The only things certain in war are Propaganda and Death. You can never be sure which is which though
I'd hire this guy in a flash. I changed my lab to linux 5 years ago, and it has been heaven. I am surrounded by Windows labs that routinely go down. I just smile and shake my head as I listen to their woes, then I get a cup of coffee, and go back to my linux lab, where myself and other users go blissfully back to our linux computers, blissfully unaware of the windows losers who are pulling out what hair they have left...:-)
Anyone who wastes your time with a windows problem, when you have provided them with a linux solution, deserves to be told: "Here's Microsoft's support telephone lines, URLs, etc. I don't do windows."
We'll convince many "ordinary users" to visit Windows Update when their registration keys are legitimate.
Rather than heap the blame on the user, perhaps it would be to everyone's benefit that someone takes time out and explain exactly what malware is, how it gets on their machine and then point out some good habits that will help them avoid getting it in the future.
Just having someone come up to helpdesk means they more or less realize that malware is bad. Fixing their machines isn't a bad thing by any means, but without giving explanations you're essentially telilng them that you will fix their machines for them whenever something bad happenes.
And no, Linux is _not_ the solution to malware. Essentially what you're doing is pushing your own choice of os onto other users, instead of helping them develop good practices on their own platform of choice.
Good idea. You've upgraded them from a dremel tool to a chainsaw. Now when they get "owned" (I refuse to keep up on the weekly l337 spelling changes), they can start to do real damage, rather than just sending more spam.
The only way this is a safer solution is that because they'll be continually recompiling their entire OS (granting agencies just love the excuse, "I missed the deadline because I'm recompiling my word processor"), they'll never have any time to actually do something destructive with their computer.
the more accurate the calculations became, the more the concepts tended to vanish into thin air. R. S. Mulliken
Here's a crazy idea: write a virus that exploits un-updated machines, making it difficult to use and annoying. Instead of bothering the rest of us, the virus bothers them. They'd be compelled to update, as it would be the only fix.
Its unpractical and plenty illegal, but I'd support it.
Welchia
I can throw myself at the ground, and miss.
A computer is a toaster, but the Internet is like a huge ocean.
It's corportate policies that I think cause a lot of grief. In my previous workplace, in the name of having a "standard" windows platform, they wanted to control which patch-level all our software was at; and didn't want people to update until they had a chance to test it. Yes, indeed, this meant we stayed vulnderable to all viruses for longer than necessary; but their argument was that the corporate firewall was the place to address that.
The average employee typically would care a bit at first; and complain about the policy; but soon learned to just say fuck it; if the company wants their windows boxes to be open to viruses, why fight it.
This is in huge contrast to home machines, where people actually give a damn
OB Team99 blog comment: Now with Longhorn, all these problems will go away, because it's a secure OS.
I don't disagree. So should the chainsaw be like a toaster, and the chain brake is a great step in this direction. However, failure to pay attention to simple limitations of use can turn ones femroal artery into a scaled down version of that geyser at Yellowstone park. Does this make the chainsaw bad? No. Does it make the chainsaw user bad? No, provided he's only ripping through his/her/undecided anatomy. The problem with the computer is that, regardless of OS and for many applications, it's a chain reaction accident waiting to happen for users who are inattentive to it's limitations.
These are facts and facts don't have attitude.
How then can one argue that a particular OS or application and by extension the PeeCee should be treated as a toaster BEFORE it's as innocuous?
Here is some attitude...
INSIPID TOASTER!
And not just on Windows.
People seem to think all security problems are due to bad coding. Even the supposedly well informed on slashdot.
But often, security issues are due to bad design instead. For example, it might be that a poorly-designed API exposes capabilities that it shouldn't. If this is the case, then when a security update comes out that fixes this poor design, it can break apps.
An example of how this happened in UNIX was shadow passwords. This turned out to be a bad idea, and yet fixing it could break many apps.
But yet, every time MS breaks an app, people moan all over the place on slashdot.
I'd like to see ISPs start throttling infected users
What? These worms infect users? I think what you meant to say was:
See how much clearer that is?
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
"It's interesting because it means that there are still enough unpatched machines out there for a worm to gain serious traction without uncovering new technical vulnerabilities."
You'd have to be living on another planet for this to be news.
It's a non-technological problem, so there may not be a technological solution. (Me, I'd like to see ISPs start throttling infected users, but that's a whole separate can of worms.)
You're absolutely right. Having a computer on the internet has become akin to driving, in that your actions (or inaction) can pose a threat to others, not just yourself.
Having a compromised machine is kind of like having a blown taillight. We should treat it similarly--say, a $150 fine for being 0wn3d (maybe $75 for first offenders), and a requirement that you get the problem fixed within a certain amount of time. I know what you're thinking--this isn't fair to people who get hacked because their OS vendor hasn't yet patched the relevant security hole. Tough. It isn't fair that a rock could break my taillight, and a cop could pull me over 30 seconds later and ticket me, but that's the way it is. To do it any other way (e.g. impose the burden of proving the driver had been negligent on the cop) just wouldn't work.
Plus, once people start getting all these tickets, maybe they'll look into a more secure OS.
Economically, this is a good solution, since it internalizes the externality associated with having a compromised system.
We put up this fancy flash with lots of dancing furry animals and tune that goes like:
PATCH IT, PATCH IT, PATCH IT, PATCH IT, PATCH IT, PATCH IT, PATCH IT, PATCH IT, PATCH IT, PATCH IT...
Then we have windows logo on screen:
WINDOWS WINDOWS
Then after repeating this a couple times, we get big nasty worm crawling in:
SNAKE OH IT'S A SNAKE
Oh, wait..
If the system is properly configured, that software isn't being run as root.
Thus, only the files that the user has write access to will be infected.
When will people learn to stop running as admin? Limited users cannot disable the firewall. Just running as a limited user restricts these things. If you have apps that require admin righrs, right-click on it and choose "runas". Google for Aaron Margosis and use some of his advice.
So you are still running kernel version 0.99.2?? That's impressive!
How do you upgrade your kernel if not by recompiling to create the new kernel image?
The solution is simple, and clear as water... Use a better, more secure operational system!
We already have MacOSX, and lots of user-friendly Linux distribuitions. I'm yet to see an automated way to compromise one of those systems.
Let those Windows installations BURN IN WORM HELL. I couldn' care less... The operational cost of to mantain all of your Windows workstations sane is just too high when compared to *nix based desktops, those Worms are here to confirm that.
Why keep trying to win a lost battle? Better fight to switch your desktops to a OS that is better to manage, and it's free.
---- You know how some doctors have the Messiah complex - they need to save the world? You've got the "Rubik's" complex
I work at a University IT helpdesk, and after far too many malware problems from far too many dumb lusers (and many of them repeat visits), I've adopted a new policy.
If a student or member of faculty comes in with malware problems for the first time, I fix it for them and I give them a Gentoo Linux install CD to go away with. If they come back with viruses/spyware a second time, I tell the luser to stop bothering me, and that I gave them the solution to install last time. Linux is an OS immune to these kinds of problems.
Let's hope you get fired sometime soon.
Seriously, that's no "help" to them. You're not fulfilling the role of a "help desk". Maybe you'd like to take the support calls that Windows-only software isn't working anymore (nor under WINE)? Windows isn't a completely worthless OS.
And I suspect the reason you're giving them Gentoo is a) you're too stupid to know how to secure a Windows machine. Believe me, it's very possible. and b) you're too stupid to pick a reasonable distribution. Gentoo install is not quite what a "luser" needs if they want Linux. Try Knoppix next time, if you really want to continue your anti-Windows crusade.
And do you think you're really converting anybody? You're just turning people away from the helpdesk and sending them to friends who actually know the answer.
Think? You do know that it's possible to secure a Windows machine and keep it malware-free, right? And that there exist exploits on Linux system?
Or is that not the kind of "thinking" that you like?
And did you "think" about the fact that many Windows users have Windows-only software?
Blindly following a Windows monoculture and closed mindset is not thinking. Blindly following a Linux monoculture and closed mindset is not thinking either.
Remind me not to buy anything from your business. If indeed you have a viable business of people who "think" like that.
26% of the 66 Windows XP Home exploits are still unpatched, many of which are highly critical. Every single windows XP user can be easily hacked even if they go to windowsupdate.com every 5 minutes.
"While harvesting for e-mail addresses, if one of the following substrings is present:"
bellcore is listed as one of the address. Damn, dude, its Telcordia now and has been that way since like 98. You need a patch for this thing already.
get cracking!!!
Nope - I'm running 2.6.11. I didn't compile it. You see, there are entities called "vendors" who do all that stuff for you, so you never have to worry your pretty little head about it. Mind you, I could compile a kernel if I wanted to - but why? There's simply no need, as the modular kernel that my vendor supplies is perfectly suitable for every situation.
I can anticipate your next question: "What if the kernel needs to be updated?" At the risk of repeating myself, there are these entities called "vendors". Our vendor of choice is Novell (nee SuSE). Others use a vendor known as "redhat", while still others may use "mandriva" or "The Debian Project". There are other vendors, but these comprise the lion's share of the market.
In any case, these and other vendors supply a mechanism for updates, and provide complete updated packages through that mechanism. That includes kernels, if the kernel needs an update. So no, I don't compile the kernel, I just click on the button that says "online update" and let the system work for me.
In answer to your first question, no, I don't know that it _is_ possible to fully secure a windows peecee, short of pulling the plug - and if assume that your windows peecee is secure, you are quite possibly headed for a rude awakening.
Your other objections are all rather easily answered, and have been discussed in depth elsewhere. I've no desire to convert you to the unix world if you're happy with windows - so take care, and have a nice life.
It's a lack of information that's bothering us both. Most users are unaware of anything useful Winblows Upbreaker will do for them. It's not the fifteen worms Upbreaker stops, it's the one or two that that get through that the user notices eventually. The same users know upbreaker also stops things from working, so their choice is have M$ break their computer now or wait for a spammer to break it later. A more educated user will dump Winblows all together so that neither will happen, but those kind of users are few and far between.
If it's true that you can really secure a Winblows box, you might make a page or two about it. Fortune 500 companies can't manage it, so I doubt you can, but it would be interesting.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
"Nope - I'm running 2.6.11. I didn't compile it. You see, there are entities called "vendors" who do all that stuff for you,"
Indeed. I used to do kernel compiles back in the SuSE 6.x days. Not anymore. These days, if you step through menuconfig, it takes a LONG time to configure everything, because there is so much of it. And since there is so much, there's a lot that you can do to break your system and wind up reaching for the rescue CD.
How do I know this? I learned the hard way. Let SuSE/Novell do it.
--
BMO
If you had written "you must remember that a Windows PC is not like a toaster, it's like a car" then you might have a pretty good point.
Yes, but if his job is to support windows pcs, he's not doing it. He should be fired, and he should look for a job in a Linux shop. I wouldn't hire a Mac person any sooner than I'd hire a Linux guru. I don't run mac or linux. A majority of my client base uses software that happens to be written only for windows, I don't have a choice in that aspect.
Alhtough he may have the perfect technical solution to the problem, it is not always the most effective business solution. I have a brother-in-law with an attitude like this. He is relatively smart. He has been through one to two jobs a year for his entire post-college life. He still doesn't understand that being right is not good enough, even when you really are right.
Is it just my observation, or are there way too many stupid people in the world?
Perhaps www.ubuntu.org would work better?
Got time? Spend some of it coding or testing
So when I want to use Photoshop? And any linux jackass who says Gimp is a professional solution needs to be strangled with their /dev/mouse cable.
It's elitists like you which is why no one takes Linux seriously unless they live in their mother's basement.
So much crap runs with effectively superuser privs on Windows that once a virus gets loose, no amount of code-signing wizardry is goign to help you. Microsoft dan't have an equivalent to SELinux either, so not even the paranoid can do much about that. Well... as long as they insist on using MS Virus Flypaper, anyway.
Got time? Spend some of it coding or testing
The grandparent for the install idea, and the parent for the security-patches-only idea. :P
Prior to Sober.P and Mytob.AW (new Mydoom variant) coming along, variants of HTML-Phishing were the malware kings attempting to cross a milter I admin. For the past couple of days, Mytob.AW has all but dropped off the map.
The Sober traffic here was ~= 11% of incoming mail and HTML.Phishing variants only manage 2% of incoming.
We live in an era when desktop antivirus is just not enough.
This baby stopped 100% of sober.p traffic:
Aladdin's eSafe
Yaha, I've been saying this for a few years now - although I tend to be a bit more in favor of stuff like allowing "bounties" that are a little more relaxed.
Say, you repeatedly warn a user that they're infected with a known and specified threat and are actively attacking other computers (spam, botnet, etc). If the user is found to have not fixed it in a reasonable time (prolly would have to be days or number of instances depending on type of malicious action), then you can report the person to whoever, the user must then pay a fine - and you get part of it kicked back to you for actively taking part in making the world a better place. The other revenue goes to maintaining the reporting and known threat system.
Of course, this would have to be run by the state or fed to have teeth and to be enforceable...
I like the "bounty" idea because it provides an incentive for both the tech savvy and the non-technical. I think the whole bother would far outweigh... hrm, can't think of any drawbacks offhand... never mind.
Seems fair and reasonable all the way around to me - but then most people don't like taking responsibility for their actions, or lack of such... and will bitch to high hell about any such penalty to even intentional and malicious ignorance.
this is *not insightful*. this comes up everytime a new virus hits the media, and it's *still* a dumb idea. there is no such thing as a benificent virus. it's still going to generate mass traffic, it's still going to get you sued for installing stuff on users' machines without their permissions, and it's still going to cause problems because the sort of idiot who thinks this kind of thing is a cool idea typically isn't going to program to a particularly high standard, and say *test their code*.
This interesting article in SC Magazine. Them free tickets offers are great for social engineering attacks!!!
The latest gadget news and reviews. www.absolutegadget.com
Switch to Mozilla's Thunderbird, the benefits are well written.
Actually, that's an interesting point- When Ford releases a new truck, it's safe enough. Same for MS updates (i.e. no current exploits). If Ford finds out later that their trucks can be rather unsafe, they issue a recall. Perhaps MS should, too.
Would things get better if Dell sent out postcards to all their customers, saying "Your DELL has been recalled. To fix this problem yourself, visit windowsupdate.microsoft.com"
Would things get better if Dell sent out postcards to all their customers, saying "Your DELL has been recalled. To fix this problem yourself, visit windowsupdate.microsoft.com"
Yay! Postcard spam!
Imagine trying to convince the Dell techs that you really don't need those 5 postcards a day, and that you run Linux! About as effective as emailing those spammers back and telling them that you have your own "Internet Eraser", called "rm -rf ~/.mozilla"
I already get enough spam from Iowa State. I've already accepted their acceptance, damnit!
Don't thank God, thank a doctor!
Sober.P = 0
Got *Nix?