Slashdot Mirror
Sober.P Worm Accounts for 5% of all Email Traffic
destuxor writes "The grave insecurity of the day is the Sober.P worm which is currently pushing nearly 5% of all email traffic at the moment. Unlike previous worms, Sober can disable the Windows Firewall and Symantec Antivirus. Interestingly, patched machines are not vulnerable to the exploits used by this worm. What are we going to have to do to convince "ordinary users" to visit WindowsUpdate once in a while?" update percentage corrected.
Interestingly, patched machines are not vulnerable to the exploits used by this worm.
What is so interesting about that? It would only be interesting if the patched machines were still vulnerable.
Cheers,
RoadkillBunny
I use a Mac...I have no problems.
I use Linux...I have no problems.
(however, my email box is filled up with these stupid Sober.P-generated messages)
What will it take for people to switch? All of the news reports I've heard this week about Sober.P don't even mention that it ONLY affects MS-based PCs running Outlook. I would think that the news industry would at least do one minute of digging and include this little nugget of information to help its listeners/viewers.
TDz.
It's been my experience that it is almost impossible to get ordinary (read: non-computer) people to update their machines, be it Windows or Norton Virus updates. The only way that most of them will get these updates, ever, is if 1. Someone does it for them, or 2. If it is automated, and does it for them.
Otherwise, they just don't see the reason to, don't have the motivation to, and just plain don't care.
be brainwashed into believing that the computer is an easy to use appliance, like a toaster or TV, and NOT a potentially hazardous tool like a chainsaw.
That this has become the holy grail of huge numbers of Linux afficianados is likely the worst thing there is for Linux. Instead of promoting Linux as the 'thinking man's alternative' most of it's fanbase has bought into the whole 'computer as appliance' mindset.
Give a man a bananna and he might choke on the skin. Teach him to peel and he'll be hell's bells.
As much as I'm a Linux fanboy, that's not going to solve the problem.
Setting aside the debatable 'inherently more secure' argument, unless distros start doing something rash like including and starting an 'apt-get update && apt-get upgrade' cron job, they're going to hit the same problems if a nasty worm comes out that affects on or more distributions of Linux (eg. a SuSE worm, etc).
I dunno. Maybe we should stop running all those stories about how evil WindowsUpdate is, and how Microsoft is spying on your computer?
And proclaiming to the heavens that <insert my linux distro> doesn't need updates because it's secure?
Rsync isn't really an option for updating windows since the patch usually changes few dlls to different ones.
Most people don't have broadband, but most people don't have fast computers either, it might take long time to compile the source distributed update.
And your average joe won't have compiler on their machine anyway.
I'd remove compiler from linux workstations too. The normal user, who surfs and reads email on the machine, won't have any need to compile things.
If local patches were used, I wouldn't worry about gpl coders peeking the code. I'd worry about worms patching the source code and creating new holes through modifying patch sources.
There are no atheists when recovering from tape backup.
That sounds silly, but think about it... How much is spent on "personal firewalls" and "anti-virus" software every year by people who could simply run over to WindowsUpdate and get what probably constitutes the single most important security tool of all (bug fixes) for free?
ps... I'm not saying firewalls aren't important security tools, but when it comes to at-home desktops, bugs are the real issue... and viruses are just exploiting bugs that haven't been patched yet.
What are we going to have to do to convince "ordinary users" to visit WindowsUpdate once in a while?
From what one can read on online forums and personal experience, many people are afraid to use windows update because they do not have a valid serial, or in other words, they're using windows illegally. Unlicensed copies keep windows monopoly, but it is also giving it bad fame because people are afraid to update their system.
As someone who is responsible for 600+ computers I have to take strong exception to your attitude. And I can't agree with the implication that Windows update doesn't work. The only time I've ever had problems with it is on XP64 beta - and I don't really expect it to work on beta software.
The whole point is that Windows is "broke" (indeed I'd challenge you to find any OS that isn't broke in some way). But if you keep it up-to-date with the latest patches it is at least a little less broke than before.
When you've had to chase round hundreds of PCs because a laptop user has managed to bypass all of your firewalls and e-mail checks and thus introduce a virus into your community you quickly appreciate the usefulness of Windows update. That was enough to make us install a Windows SUS server to make sure that all of our users were patched, whether they wanted to be or not.
I'm not a MicroSoft fan - I just have to work with their software. And all of the smug Mac and Linux users (I have 3 flavours of Linux at home as well as FreeBSD, so I'm not an apologist for MicroSoft, just a realist) will discover that they can also be vulnerable once they get popular enough for the script kiddies to turn their attention to them. Log on to Linux as root, which is in effect what most people do with Windows, and you - or something that you run - can do just as much damage.
It really is time to stop being complacent and think that you are safe with unpatched Windows systems or that the Mac or Linux OSes are appreciably safer. (One thing that I will say in favour of the Mac is that it doesn't set you up as an Administrator by default - it's actually quite hard to get full root access in OS X.) You should keep any OS patched, particularly with security fixes. It's a war and those little bastards are out to get us all!
Something is happening here but you don't know what it is, do you, Mr Jones.
It's interesting because it means that there are still enough unpatched machines out there for a worm to gain serious traction without uncovering new technical vulnerabilities. Worms that hit patched machines are technologically interesting, but those are problems that can be fixed (eventually) by patching. A technological problem with a technological solution.
But it appears that even if a putative Service Pack 3 were flawless, there would still be massive worm activity in those who haven't patched. And if they haven't patched by now, they're not gonna, and that means we're going to be dealing with this problem for a long time to come.
It's a non-technological problem, so there may not be a technological solution. (Me, I'd like to see ISPs start throttling infected users, but that's a whole separate can of worms.)
If a student or member of faculty comes in with malware problems for the first time, I fix it for them and I give them a Gentoo Linux install CD to go away with. If they come back with viruses/spyware a second time, I tell the luser to stop bothering me, and that I gave them the solution to install last time.
Remind me not to hire you after you (maybe) graduate.
Someone should write a white-hat worm that brings the machines up-to-date with security patches, turns on auto-update, sanitizes the computer and reboots...
Before everyone starts screaming that you can't release a white-hat worm, please consider the situation we are in today; Hundreds of thousands, if not millions of zombie machines are sitting out there doing the bidding of criminals to extort money from sites that fear DoS, fill our inboxes with Spam, spread virus and trojans that install keyloggers, attempt to get access to your financial and other accounts, etc.. etc..
On the one hand, we have total anarchtic hacker mayhem (today) and on the other, a sanitized Internet at the cost of using the techniques employed by the shadowy side of society.
I really doubt that many people would have issue with this. Hell, it should be done in the name of national security. Really... And anyway, if your machine is susceptible to a white hat worm, it is equallyt susceptible to the bad stuff, which means it is pretty much guaranteed that you already have a bunch of nasty stuff installed on it. A white hat worm will provide some relief.
The reason that it can be true that 1+1 > 2 is that very peculiar nonzero value of the + operator