Slashdot Mirror
Microsoft Won't Offer Patch Before Worm Strikes?
techmuse writes "According to an article in Information Week, Microsoft is aware that the 'Kama Sutra/Blackworm/MyWife' worm will hit on Friday, overwriting office documents, but will not release a patch until its regular monthly patch release on February 14th. Unless, that is, you subscribe to one of Microsoft's pay security services, in which case your machine will have the worm removed in advance." From the article: "The blog offered no explanation why the tool wouldn't be updated earlier, nor did Microsoft immediately respond to questions. Each month, Microsoft pushes a revised tool to Windows users who have Automatic Update enabled for Windows Update or Microsoft Update. The Redmond, Wash.-based company has released the Malicious Software Removal Tool off-schedule once before, in August 2005, shortly after the Zotob worm began striking Windows 2000 systems."
Or, if you had read the very article you're posting, "Both the company's free online security service, Windows Live Safety, and its in-beta OneCare Live software, however, will disinfect compromised computers, Microsoft said."
If you can't / don't want to pay, but you still want to be secure, you still have an option. You see, if you read the full article, and go to the knowledgebase post about it, Microsoft says that up-to-date anti-cirus will take care of it. Don't have up to date anti-virus? That's ok too! Just visit the onecare part of safety.live.com, and Microsoft will scan your computer for viruses (including this one) in addition to all the other crap that builds up on computers.
/.!
Now, speaking as someone who has tried the online virus scanner, I have to say it works really quite well. It's just the tool to clean your computer of viruses, spyware, malware, unused/unneeded files -- and even knocks out those MICRO$OFT haters on
I know this is probably redundant, but is it possible for people to make a story submission relating to Microsoft without drawing imaginary horns and a "666" on their logo every time? I will grant that Micrsoft should probably release the patch to everyone right now for secuirty reasons, but I'm sure there are ample folks who use Oracle, and they won't give you *any* patches at *any* time, or allow you to peruse any of their Metalink site, without first paying.
This includes the URLS http://beta.windowsonecare.com/ and http://safety.live.com/site/en-US/default.htm
I'm guessing that's free as in beer. I like to bash Microsoft at least as much as the next guy, but I think they've provided a free solution for this one.
-hank
Just FYI...
t ails.aspx?name=Win32%2FMywife
Microsoft is not distributing the patch out of cycle because it is not a vulnerability, it is a mass mailing worm. It has been categorized as low risk. The "unwashed masses" can get the removal tool from
http://www.microsoft.com/security/encyclopedia/de
from TFA:
No... worm specific removal tools exist and can be freely downloaded from Symantec and others... no need for AV software to be installed or running.
Help Brendan pay off his student loans
Hello,
A bit of searching came up with the following free or trial versions of anti-virus programs which are capable of detecting and removing Win32/MyWife (née CME-24):
Alwil - Avast! 4 Home Edition (free for personal non-commercial use)
ESET - NOD32 trial version (30-day evaluation)
Grisoft - AVG Free Edition (free for personal non-commercial use)
Kaspersky Lab - Anti-Virus Personal 5.0 (30-day evaluation)
McAfee - VirusScan (30-day evaluation)
Microsoft - Windows Malicious Software Removal Tool (KB890830) (free)
Panda - Titanium Antivirus 2006 (30-day evaluation)
Sophos - Anti-Virus (30-day evaluation)
Symantec - W32.Blackmal@mm Removal Tool (free)
Trend Micro - PC-cillin Trial Version (30-day evaluation)
I'm certain other readers will look up and post links to additional vendors, too. Ob-disclaimer: I happen to work for one of the companies listed above, so there.
Regards,
Aryeh Goretsky
Dexter is a good dog.