Slashdot Mirror
Microsoft Won't Offer Patch Before Worm Strikes?
techmuse writes "According to an article in Information Week, Microsoft is aware that the 'Kama Sutra/Blackworm/MyWife' worm will hit on Friday, overwriting office documents, but will not release a patch until its regular monthly patch release on February 14th. Unless, that is, you subscribe to one of Microsoft's pay security services, in which case your machine will have the worm removed in advance." From the article: "The blog offered no explanation why the tool wouldn't be updated earlier, nor did Microsoft immediately respond to questions. Each month, Microsoft pushes a revised tool to Windows users who have Automatic Update enabled for Windows Update or Microsoft Update. The Redmond, Wash.-based company has released the Malicious Software Removal Tool off-schedule once before, in August 2005, shortly after the Zotob worm began striking Windows 2000 systems."
So Microsoft wont help out the unwashed masses with an early patch... what about the anti-virus publishers? Can they detect and remove the worm?
Help Brendan pay off his student loans
Nice Windows machine you've got there. Wouldn't want anything to, um, happen to it. You need insurance, and we happen to sell insurance. Capiche?
I too have felt the cold finger of injustice.
What, me worry?
A feeling of having made the same mistake before: Deja Foobar
Unless, that is, you subscribe to one of Microsoft's pay security services, in which case your machine will have the worm removed in advance.
This is what is commonly referred to as "extortion". Pay them now or something bad might happen. You wouldn't want something bad to happen would you?
This sig has been temporarily disconnected or is no longer in service
Friday is also the 30th anniversary of the "Homebrew Letter" that Gates wrote complaining about copying basic on the altair. And also my 30th birthday.
The arguments for switching just come from the news. I hate having to explain why it a "Good Thin" (tm) not to use windows.
Pay up to Guido or bad things might happen...
---- Booth was a patriot ----
I'm sure that many people are thinking the same thing:
If there is a patch, that could save your customers money, WHY aren't you releasing it?
It's stupid to withold patches simply so that you can say you're following the system.
To me, this just looks like another reason to move to Linux...
Or, if you had read the very article you're posting, "Both the company's free online security service, Windows Live Safety, and its in-beta OneCare Live software, however, will disinfect compromised computers, Microsoft said."
Come on people. This story is completely wrong. Microsoft is not withholding anything. They simple do not have a Malicioius Software Removal Tool currently ready because the system is built around deploying it on the 14th. The reference to Microsoft's pay services are the same as if you used Symantec or any other virus scanner out that which already detects the worm. It's not extortion, it's not even a story.
Microsoft is aware that the 'Kama Sutra/Blackworm/MyWife' worm will hit on Friday, overwriting office documents, but will not release a patch until its regular monthly patch release on February 14th.
How ironic that a patch for the Kama Sutra/MyWife worm will be released on February 14th.
Happy Valentine's Day - Love, Microsoft.
He who knows best knows how little he knows. - Thomas Jefferson
Let them eat worms.
If you can't / don't want to pay, but you still want to be secure, you still have an option. You see, if you read the full article, and go to the knowledgebase post about it, Microsoft says that up-to-date anti-cirus will take care of it. Don't have up to date anti-virus? That's ok too! Just visit the onecare part of safety.live.com, and Microsoft will scan your computer for viruses (including this one) in addition to all the other crap that builds up on computers.
/.!
Now, speaking as someone who has tried the online virus scanner, I have to say it works really quite well. It's just the tool to clean your computer of viruses, spyware, malware, unused/unneeded files -- and even knocks out those MICRO$OFT haters on
Microsoft is a corporation. Their goal is to make money for their shareholders. What they've done here is weigh the risk of bad publicity if they don't fix this worm before it activates versus how much it would cost to fix it now. They apparantly feel that the risk of bad publicity outweighs the cost of the fix.
Yet another reason i'm glad our IT department decided to standardize on open office. Doesn't appear opendoc files are targeted.
that MS will not need a tax cut to make loads of money.
I wonder if we should not have the top execs of Abrabhoff's lobby company, oil companies and MS take over GM and Ford and teach them how to make money.
I know this is probably redundant, but is it possible for people to make a story submission relating to Microsoft without drawing imaginary horns and a "666" on their logo every time? I will grant that Micrsoft should probably release the patch to everyone right now for secuirty reasons, but I'm sure there are ample folks who use Oracle, and they won't give you *any* patches at *any* time, or allow you to peruse any of their Metalink site, without first paying.
I would not say it is extortion, but a new business strategy. Big businesses which can afford to pay for updates now will. All others will get them on the monthly plan. It is setting up a division of resources, depending on how much you are willing to pay. This could be very lucrative for Microsoft.
Quality Hosting e3 Servers
... Why would they hold back on the patch? If they have it available and ready to push out, why not just do it? I don't understand, its as if this is their way of raising their right hand and flipping everyone off.
"Because there's a car bomb on it set to go off on Friday."
"Sorry, that's not our car bomb."
"No, but when I bought the car, there was a modular plug next to the engine with PLACE CAR BOMB HERE written on it!"
"Sorry, not our problem. You knew this car was prone to car bombs when you bought it, and your purchase agreement specifically spells out that we're not responsible for car bomb damage."
"Can you at least remove the car bomb?"
"Sorry, but your contract specifically states that we're under no obligation to remove any car bombs attached to your car. Now, if you would be interested in purchasing our special Car Bomb Insurance..."
- Crow T. Trollbot
Some may argue that Microsoft should release a removal tool before the patch cycle anyway, and there is some credibility to the idea, though the logical extreme is that Microsoft should include an anti-virus program for free with Windows.
Check the license agreement for Windows XP. Nothing in there says that Microsoft will ever provide fixes, period. If you don't like their service-after-the-sale, get off the upgrade treadmill and stop buying licenses from them or buy an expanded service agreement from them. They aren't
Software licenses are agreements that should have the full weight of contract law. There is no other way that the licenses I prefer, like the GPL, BSD, Mozilla, MIT, etc, get any legal weight. If you can't abide by the terms, take a stand, show some guts, and click "Cancel" on the install. Find some software that is licensed under terms you can accept. Don't be a sheep and agree just because it would be too hard, or make you go look for other software if you disagree.
THIS STUFF IS IMPORTANT.
Good for them.
Microsoft security is sounding more and more like a protection racket...
"It'd be a shame if anything happened to those Word documents of yours..."
Uhm, no. In fact is is a virus, because it isn't self propogating, and the virus installs a trojan.
Our sources say that this 'malicious tool' looks just like 'rm', but is made with evil bits. Some viewers have called in to report sinister rm.666 files all over the file systems - experts suspect these to be soft links to /bin/rm. Reports are steadily streaming in of other variants aliasing themselves to 'rm -rf /'.
Viewers are urged to remain cautious. We shall return at 11 to talk about these and other stories.
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
It has been a little over 2 years of this failed monthly update policy which was suppossed to be pre-empted for issues such as this. When they switched to monthly updates I remember one of the comments being it was at the request of overworked IT managers that wanted the ease of a single patch. You think they would have figured out by now that the user base they had listened to was completely incompetent in the first place. Is this the company you want to trust your IT infrastructure with not to mention the outrageous TCO of supporting MS?
AFAICT this is as run-of-the-mill as virus threats get, and I'm grateful that MS is maintaining a level of software discipline and not jumping all over themselves to instantly respond to every stupid little worm that crosses the net. I'd much rather see meaningful updates once a month than frantic, possibly-buggy scramble fixes three times a week.
from TFA:
Microsoft Won't Offer Patch Before Worm Strikes?
This is not a worm, but a virus, and MS is not releasing a patch, but an updated virus definition.
Viruses are not caused by a system flaw but by user intervention, that is unless it is installed without user intervention, then it is a system flaw. I am not a Microsoft user but I see no fault they are doing.
Star Trek, there maybe hope.
I always thought the name "malicious software removal tool" was amusingly ambiguous.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
Both services mentioned that remove the worm for you are FREE. http://safety.live.com/
Microsoft is not innovating anymore, just fixing bugs and preparing patches for malware as soon as possible consumes a lot of resources. Given that Vista shares its codebase with Windows XP/2003 the situation is not going to change. How do they plan to deal with it?
- MS to customer: which bug do you want me to fix tomorrow?
but do NOT pay wolves to gaurd the sheep!
Déjà vu
GetOuttaMySpace - The Anti-Social Network
"will not release a patch until its regular monthly patch release " Someone should have researched this a bit before approving it. Microsoft has no obligation to patch this. This is a worm that relies mainly on user's opening up an evil email attachment. What is M$ supposed to patch? The end-user?
There are no significant bugs in our released software that any significant number of users want fixed.
-Bill Gates
If Mircosoft were to 'send out emergency patch' then it would look bad on their half, maintaining their reputation of piss poor security. Anouncing it will be in the next windows update makes it look far more relaxed and more of a 'happy' situation for everyone. And the One Care issue thats just blatent future advertising for when they will want us to buy that or not be infected.
Do those MS online services require the Genuine Advantage check?
--10scjed IANAL,AFAIK
mmmm, protection racket.
>>I am not merely a "consumer" or a "taxpayer". I am a Citizen of the United States of America
You are also an Olympic-standard prick!
First of all, it's not a 'patch', as there's no vulnerability being exploited by the virus (well, apart from user ignorance), it's the Monthly Malicious Software Removal Tool, which scans for and deletes known viruses.
Second, all decent anti-virus software should be able to remove this virus (as long as it's up to date). Thirdly, as other posts have pointed out, Microsoft's own anti-virus and on-line scanner will remove it.
I know that this site is militantly anti-Microsoft, but what's the point of this (non-)story?
MS have to test the patch properly to make sure it doesnt break anything else, and they have to make sure it will still work on an infinate amount of combinations of hardware. they cant just do what others do and just stick a temperary plug over the hole, it has to be done and tried and tested properly.
portfolio
Apparently the virus is of the executable-email-attachment variety, so if you don't open unknown attachments you're probably not in any danger. A local college announced to the media today that one of their administrative servers had been "infected by a hacker with a virus", whatever that means. I wonder if this is the one they've got; if so there's apparently no exposure of their data involved. I also wonder at the wisdom of announcing something like this (although the server in question did contain employee's confidential info, including SSNs). Kind of like putting a big "kick me" sign on your back...
Have you read my blog lately?
"I'd like to buy a car"
....... some time later .........
"OK here you go. We also offer a car bomb detection service. Our car is as car bomb proof as we were able to make it but those terrorists are pretty clever. So you can pay us to make sure that any new ways of getting car bombs into cars that we find out about is prevented. "
"No thanks. What are the chances I'm gonna get targeted by a terrorist"
"I want you to fix my car and all other cars for free"
"What's wrong with it"
"Car bomb set to go off in 3 days"
"Well we gave you the car in as good condition as we could and you declined to get any kind of terrorist protection whatsoever either from us or anyone else. We will fix it for free on all cars, but the fix we were working on won't be ready for a 2 weeks. That leaves you out of luck but others that car bombs later will appreciate that. For you we would recommend one of three options. You can pay for our car bomb insurace that you should have gotten in the first place and that will cover the cost of fixing it quick. You can pay another company to do the same. Or third, we have this small program where you can get it done for free or you can go to other free terrorist prevention centers to have it removed. "
I don't consider it Microsoft's responsibility to ensure that every Windows user gets just-in-time virus removal for free. It might be different if the virus exploited an OS flaw, but to my knowledge this one doesn't. This is why people pay money for AV software. That said, it would be nice if they'd schedule an out-of-cycle release of the malicious software removal tool, but doing so could create a precedent they don't wish to establish.
if you goto the Windows Live.com site (hxtp://safety.live.com) to stop this malicious program/worm the MS site uses a malicious cookie exploit against you, if you deny the exploit you cant get to the site to get help
its like a Hospital saying "we have to break your leg so we can fix your arm"
they should be ashamed
Not suprisingly, as soon as I fired up IE to comply with it's 'browser requirments' for the windows one care, it crashed. Absolutely. Serious. I was just reminded why I only use IE for windows updates, and cringe at even the idea of using it at all. One care? More like one crash!
They should sue the asses off the virus authors for violating their patent on "user screwing."
Someone had to do it.
Customer: So I'm really getting sick of MyWife. Is there any way I can get rid of it by Valentine's day? I really don't want to pay for it. Valentine's is so expensive and all... Microsoft: Well, if you make a special trip to us we can get rid of your MyWife for you. Otherwise you'll be chained to her until kingdom come. Just kidding! We'll patch things up right after Valentine's. We think that we need to let things run their course with your MyWife. After all, isn't that what marriage is for? To cost money and create misery?
Slashdot would be a wonderful place if there weren't any summaries, article headlines were accurate and people read the articles.
-Calling it worm is somewhat misleading, you still have to actually run the exectuable attachement in the email to get infected. Meaning that this is not a software exploit, more of a classic idiot user exploit.
-Any anti-virus program, including the free online service offered by MS, will remove the virus.
-Yet somehow becaue MS opted to not rush an unfinished update to their spyware removal tool out the door to give users a 5th or 6th option in removing the virus, people are worried about paying protection money for critical exploits.
Just when you thought they'd done something good, something like this comes up. I suppose their motto is "do some good, then do some evil to make up for it."
120 characters for a sig? That's bloody useless.
many people seem to think that the patch/virus definition should be made available prior to its announced release date. with so many anti-virus sites already indicating that they have had an update since Jan 18th(!) and additional updates from MS, then where's the problem? to release this type of update earlier may require resources, increasing cost, thereby lessening the chance that MS would want to focus on these patches prior to systems being compromised(not they're on top of the ball, but at least they are in the ring). i would say it would be bad if MS was the only one who knew how to prevent the worm and caused some sort of failure which could then be indicated as negligence,but this isn't the case... however... some sites are reporting that the worm will attempt to remove/prevent anti-virus software and will try to do so every hour, in that case, good luck! http://isc.sans.org/diary.php?storyid=1067
So the moral of the story is that virus/worm writers should design their programs to trigger before the 2nd Tuesday of the month for maximum impact, preferably the thursday or friday before to ensure that the differential cost impact of the fix update will be too high to release just a few days early.
I make my face look like this and concerned words come out.
Actually, I just turned 30 on Monday.
If you download the att. while in LUA (non-administrative account) how can you be infected if it can't write to the system directory or registry?
The problem is the Malicious Software Removal Tool itself. It's a half-assed product that just sort of does "some stuff." I'm not sure who it's intended for. As someone in IT I certainly have never once used it professionally. There's no point because we're already using better tools. As a PC user at home I have never bothered to use it because, again, there are already better (& free) tools out there.
A program that removes some stuff that Microsoft decides is significant enought to be called "malicious" isn't much of a tool to begin with, and then to factor in that it's only updated once per month makes it even less valuable. Oh, I might also mention that the program only detects an underwhelming 54 "malicious programs?" Wow, gimme summa that.
There's really no issue with Microsoft not releasing an update for the removal tool. It's expected, standard behavior. It's right there in the documentation, second paragraph. This is not an anti-virus program that updates daily, this is some kind of other tool that exists in an awkward dimension all of its own.
Realizing this is
*pop!* That was my karma. It was good karma but it's gone now. I've offended the fanboys.
The world according to SComps
will disinfect compromised computers, Microsoft said."
After the damage is done to your files?
ZEN: Repair monitors report explosive device attached to primary power channel.
BLAKE: Where?
ZEN: Hold three, access duct seven.
BLAKE: Can the automatics neutralize it?
ZEN: No.
BLAKE: Why not?!
ZEN: There is no damage.
AVON: Computer logic. Until the bomb explodes there is nothing for the repair system to repair. Zen, can you reprogram the automatics?
ZEN: Preemptive interference in crew activity is forbidden.
BLAKE: Oh, he'll clear up after us, but he won't stop us making a mess!
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
Setting up your own server is not the same as using a public store and forward delivery system. In fact the two are quite distinct. Email and ftp both have their places. If I am going to widely distribute something, or if I am sending out large files (>10MB) I use ftp, otherwise I use email. Hell I have my email client open all the time, I almost never have an ftp client open.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
In other words, "no."
> You want to give someone a file, send them a link to your ftp server.
get with the times, should be a tracking link to your torrent.
ftp works for the 2% of people who have their own non nat, static ip address with a ftp server that hasn't been blasted off the face of the internet. I am even in the small percent that do have a static ip, but the people I send files to don't have VPN access to any of my servers, and having ftp openly accesable to the net would just be stupid (and which windows users have sftp client installed? ok I do have port 80 access to a webserver that could serve the file, but thats probably not average or easier than attach either.)
(1) it is a trojan, not a worm. If you have 100 stupid users then you have bigger problems.
(2) there is a standalone patch available from Microsoft. Download it, put it on a network share or push it using SMS.
If software licenses were found illegal tomorrow, then all the "good stuff" (GPL, MIT, BSD) would be fine. There would still be copyright on the software. And you'd still be free to enter into completely voluntary agreement with the FSF or whoever if you want to add to/use their copyrighted stuff. However, stuff that takes away more individual rights than copyright would be illegal.
And I'm about to throw up...
and having ftp openly accesable to the net would just be stupid (and which windows users have sftp client installed?
Haven't you ever heard of iptables and port knocking for friends with dynamic IPs? --reject-with tcp-reset is your friend :) You could scan every single port on my PC and it'd get you nowhere. And all windows users have at least a basic command line ftp client by default.
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
The IPCC has purposely engineered a massive scientific fraud.
"The email wasn't from a stranger. It was from my %#@! mother!"
Social engineering, my friend. Social engineering. If you pretend to belong where you don't people are unlikely to ask you to leave. I've had staff at an airport give me a ride from one 'secure' area to another because I looked lik e I belonged, (I didn't realize, at the time, that I was doing anything wrong).
The only way to completely shut down attacks like that is to turn off attachments alltogether. Good luck.
Free Software: Like love, it grows best when given away.
So not only do we pay for a windows licence, but now we have to pay to get security updates for what remains to be a faulty product. :\
That's like selling a car with nothing in it at full price, then re-selling the axle, engine, doors, windows, brakes, etc again at full price. ^_^
Hello,
A bit of searching came up with the following free or trial versions of anti-virus programs which are capable of detecting and removing Win32/MyWife (née CME-24):
Alwil - Avast! 4 Home Edition (free for personal non-commercial use)
ESET - NOD32 trial version (30-day evaluation)
Grisoft - AVG Free Edition (free for personal non-commercial use)
Kaspersky Lab - Anti-Virus Personal 5.0 (30-day evaluation)
McAfee - VirusScan (30-day evaluation)
Microsoft - Windows Malicious Software Removal Tool (KB890830) (free)
Panda - Titanium Antivirus 2006 (30-day evaluation)
Sophos - Anti-Virus (30-day evaluation)
Symantec - W32.Blackmal@mm Removal Tool (free)
Trend Micro - PC-cillin Trial Version (30-day evaluation)
I'm certain other readers will look up and post links to additional vendors, too. Ob-disclaimer: I happen to work for one of the companies listed above, so there.
Regards,
Aryeh Goretsky
Dexter is a good dog.
I remember receiving a "security patch" from the Microsoft Security Center on my college email account. I almost executed it too, before thinking "why in the hell would microsoft be sending security patches over email???" Later I found out that several professors in the university's Computer Science department fell for it....
Remember: Microsoft appears to be controlled by their marketing department, not their engineering department. In such a regime, appearances are far more important than good customer support.
Free Software: Like love, it grows best when given away.
How the hell is pointing out that it's not always "stupid and irresponsible users" a friggin' troll?
Lost at C:>. Found at C.
What's the history behind the name?
>get with the times, should be a tracking link to your torrent. What is a torrent, to an average computer user? Maybe you should get with the times and give a regular link to your personal webspace URL or something so anyone can open it in the browser. A torrent requires a client on their end, and most don't have it installed.
You expect too much of people...
This sig donated to Pater. Long live
Clearly a solution for the unwashed masses. We can't seem to get people from double clicking every email attachment, I'm sure their ready to setup, configure and tweak their own IPTables.
What worries me is files on my servers being destroyed by Windows machines connected to them.
Does this payload destroy files only on the local drives? On mounted drives, too? How about on mapped drives?
How can I protect my Mac, Windows and Linux servers from infected clients?
Or you could just attach the file to an email (or IM) and not have to bother with all that crap (or in the case of most people, learning how to do all that crap, then installing and configuring whatever software they need to do all that crap, and getting everyone else they know to do the same).
_(Person)_ read a book called the "Kama Sutra", then proceeded to whip out his "Blackworm", as he called it, and used his new found techniques on MyWife!
... BASTARD!
Nobody's gay for Mole-Man.
i hope that Kama Sutra/Blackworm/MyWife worm will hit my wife to turn her into a sex maniac....
... I have chosen not to download and install and run this one, so I won't have a problem.
Duh???
Haven't you ever heard of iptables and port knocking for friends with dynamic IPs? --reject-with tcp-reset is your friend
= All&showonly=Firewall&sort=&sm=1
Clearly a solution for the unwashed masses. We can't seem to get people from double clicking every email attachment, I'm sure their ready to setup, configure and tweak their own IPTables.
Well, there are a couple tools out there that make building/installing a *nix firewall a bit easier/friendlier than editing tables of rules, like "fwbuilder" http://www.fwbuilder.org/.
Admittedly, few of the "unwashed masses" will be running a *nix box, but still, setting up a workstation firewall for *nix *is* getting easier.
There are also a good number of liveCD-type firewall/router distros out there that require only very modest hardware, no hardrive, and a couple NICs to create a quite effective and easily set-up solution. Take a look here http://www.frozentech.com/content/livecd.php?pick
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
At what point do these situations become a marketing opportunity for the competition? There is definitely a void to fill when it comes to protecting windows PCs.
It changed over time to reflect the consolidation of power and the national sense of unity and identity. It was a pretty important historical shift when people began to describe themselves as Americans first, then by their state.
The 'Net is a waste of time, and that's exactly what's right about it. - William Gibson
"special computer required for Bill Gates' taxes" + "no malware patch unless you pay or the malware has already struck" = Why
Pay per Bug new M$^10 strategie to maximize the shareholders' value.
From the new Get the facts campaign:Windows $ystem$ outperform$ Linux on TCO
You do have an interesting point. The Company XYZ would not be liable for a security guard. However, if the parents of the defacers offered to protect your home, then it would be extortion; although they did not directly cause the vandalism it was their responsibility to protect you anyway.
Microsoft is withholding a correction to their product wich it flawed without it. They have a responsibility to repair defects in a program that you have already bought - especially if they already own the patch. You already own a claim to the software patch. An astute observer might note that their putting a market price on the patch and keeping it from you could also be construed as Larceny
Say hello to my little sig.
1) There is a flaw which will cause many Microsoft customers to lose data on a specific date in the near future.
2) MS knows this
3) MS has a fix in hand
4) Unless you have paid extra on top of the already overpriced license fee, they will not give you this fix in time.
I wonder how they plan to talk their way out of the class action.
You have to love the wonderful world of propietary software.
Time makes more converts than reason
The malicious software removal tool is not a patch! It's a tool that is distributed during the monthly patch cycle downloads. A patch fixes a flaw, whereas there is no flaw that this virus exploits that needs to be patched.
Still IMing in the stone age?
It wasn't a gradual change; before 1861, people said "the United States are..." and after 1865, they said "the United States is..."
I wonder what happened between those years?
Dude, you're a friggin dumbass. That's all I can say. Jesus is very dissapointed in you.
This is not a patch or vulnerability issue.
Microsoft has no obligation to protect people from their own greed and stupidity.
I have NO sympathy for any idiot who loses data over this virus.
...to regularly whisk multiply-redundant copies of their stuff away to some other place on the hard drive. And never, ever tell them the root password.
Got time? Spend some of it coding or testing
I can tell you from personal experience which of the two causes the most work. Hint: adminning a Linux box is mostly automated and the rest can be done by remote control, even over a low-bandwidth link.
Got time? Spend some of it coding or testing
...and constantly answering questions about spooky/random/malware-related problems that only arise because they can admin the machine is more work than adminning their machines with Linux. Roughly 3-6 times as much work, in practice, and that's working from the most annoying users.
The only exception is if you firmly instruct them to stop bugging you and they treat the machines as kind-of thin clients: when things go wahoonie-shaped, insert the System Restore CD, reboot, and kiss your data/email/porn/whatever goodbye.
Got time? Spend some of it coding or testing