Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Won't Offer Patch Before Worm Strikes?

Posted by Zonk on from the i-object? dept.

techmuse writes "According to an article in Information Week, Microsoft is aware that the 'Kama Sutra/Blackworm/MyWife' worm will hit on Friday, overwriting office documents, but will not release a patch until its regular monthly patch release on February 14th. Unless, that is, you subscribe to one of Microsoft's pay security services, in which case your machine will have the worm removed in advance." From the article: "The blog offered no explanation why the tool wouldn't be updated earlier, nor did Microsoft immediately respond to questions. Each month, Microsoft pushes a revised tool to Windows users who have Automatic Update enabled for Windows Update or Microsoft Update. The Redmond, Wash.-based company has released the Malicious Software Removal Tool off-schedule once before, in August 2005, shortly after the Zotob worm began striking Windows 2000 systems."

24 of 274 comments (clear)

  1. All should not be lost... by DaHat · · Score: 4, Interesting

    So Microsoft wont help out the unwashed masses with an early patch... what about the anti-virus publishers? Can they detect and remove the worm?

    --
    Help Brendan pay off his student loans
    1. Re:All should not be lost... by Anonymous Coward · · Score: 5, Informative

      Just FYI...
      Microsoft is not distributing the patch out of cycle because it is not a vulnerability, it is a mass mailing worm. It has been categorized as low risk. The "unwashed masses" can get the removal tool from

      http://www.microsoft.com/security/encyclopedia/det ails.aspx?name=Win32%2FMywife

    2. Re:All should not be lost... by BkBen7 · · Score: 4, Insightful

      Or maybe they should sue their brain for non-support after being told hundreds upon hundreds of times.

      Attachments from unknown people? Delete!

      Scan Attachments before clicking!

      Ask sender if they meant to send attachment!



      Microsoft has no responsibility to cover a users idiocy.


      Ok, bring the bad karma.

      --
      I'm a Book
      On the Bookshelf
    3. Re:All should not be lost... by DaHat · · Score: 5, Informative

      No... worm specific removal tools exist and can be freely downloaded from Symantec and others... no need for AV software to be installed or running.

      --
      Help Brendan pay off his student loans
    4. Re:All should not be lost... by ShamusYoung · · Score: 5, Insightful
      How hard is it to not run software mailed to you by a stranger? If I mailed you a syringe labeled "everlasting life", would you jam it in your arm and shoot it? No? Did I mention it's FREE and that you are our LUCKY WINNAR? Cuz you are.

      What we really need is for MS to release a patch to repair the stupid and irresponsible users out there. Why haven't they fixed this obvious security loophole?

      The problem with these viruses is that they do not kill the victims. If they did, then at least we could look forward to the point when Darwinisim fixed the problem for us. :)

      --
      --This sig is in beta. Please let us know abut any errors you find.
    5. Re:All should not be lost... by LurkerXXX · · Score: 5, Insightful
      It shouldn't be, but apparently it is. People keep coming to me after they've trashed their systems. I ask way they opened an unknown attachment and they always say the same thing "But it was from my co-worker/friend/family member X. They wouldn't send me anything bad!". That's after I've told them literally dozens of times that modern viruses spoof the name of the sender and that person X's machine may be infected, or someone who has both person X and them in their address book may be infected. Don't ever open any attachment unless you know what it is. If your not sure what it is it only takes 2 seconds to hit the reply button and ask "What's this".... It never sinks in. Even after the "I love you" virus, etc. They just can't be educated.

      And no, I don't think that moving to *nix is the answer either. I've had users follow instructions included with an email virus to type in a password required to unzip the payload, then run it. Those users will certainly be willing to type in "rm *" or whatever instructions come along with a virus. Their user files, the only thing of value on the machine, are toast either way. These are the same folks that will never back up their data either, so they really are toast.

    6. Re:All should not be lost... by gstoddart · · Score: 4, Interesting
      How hard is it to not run software mailed to you by a stranger? If I mailed you a syringe labeled "everlasting life", would you jam it in your arm and shoot it? No? Did I mention it's FREE and that you are our LUCKY WINNAR? Cuz you are.

      What we really need is for MS to release a patch to repair the stupid and irresponsible users out there. Why haven't they fixed this obvious security loophole?

      Well, experience has told us that not all of these Microsoft vulnerabilities have anything to do with 'stupid and irresponsible' users.

      Thanks to Microsoft, there's so many viruses that don't even require user intervention; some products will simply decide that it should both hide the extension and automatically run it for you.

      I don't know the specifics of this worm, but times have come a long way from where you'd have to click on at attachment, select save, and then run. Nowadays the infection can happen automatically, instantly, and completely unobserved -- all because Microsoft figures it should automatically execute anything that looks executable (or that you're not really mature enough to see the extension of this file, so it looks like a JPG, or just simply because it's fun.)

      I think it's far more irresponsible of Microsoft to effectively say "Well, between now and when we release the patch, you could lose all of your data. But if you've paid extra, you can have the patch now."

      Time was when someone would send you an e-mail warning you that should shouldn't even click on an attachment since it could be a virus, you would politely tell them it was impossible. Nowadays, that's simply not true any more.

      I think blaming the users 100% for this is absurd.
      --
      Lost at C:>. Found at C.
  2. Prior art for this MS business plan. by Ph33r+th3+g(O)at · · Score: 5, Insightful

    Nice Windows machine you've got there. Wouldn't want anything to, um, happen to it. You need insurance, and we happen to sell insurance. Capiche?

    --
    I too have felt the cold finger of injustice.
    1. Re:Prior art for this MS business plan. by HankB · · Score: 5, Informative
      The last line in TFA is
      Both the company's free online security service, Windows Live Safety, and its in-beta OneCare Live software, however, will disinfect compromised computers, Microsoft said.


      This includes the URLS http://beta.windowsonecare.com/ and http://safety.live.com/site/en-US/default.htm

      I'm guessing that's free as in beer. I like to bash Microsoft at least as much as the next guy, but I think they've provided a free solution for this one.

      -hank
  3. Try to be a little fair by bushidocoder · · Score: 5, Informative
    Unless, that is, you subscribe to one of Microsoft's pay security services, in which case your machine will have the worm removed in advance.

    Or, if you had read the very article you're posting, "Both the company's free online security service, Windows Live Safety, and its in-beta OneCare Live software, however, will disinfect compromised computers, Microsoft said."

    1. Re:Try to be a little fair by nologin · · Score: 4, Insightful

      Unfortunately, the effort here by Microsoft here won't save the users most likely affected by the virus. Those users who don't know how to protect themselves adequately probably rely on Windows Update to keep their computer safe. How many of them will be informed in time to use Live Safety, or for that matter, how many of them know that it exists?

      At least I know how to protect my computers. So the impact to me would be none regardless of what Microsoft does. It is those users that don't even know the definition of malware that are most at risk, and will be the least likely to use Microsoft's proposed remedy.

  4. Incorrect Story by CXI · · Score: 4, Interesting

    Come on people. This story is completely wrong. Microsoft is not withholding anything. They simple do not have a Malicioius Software Removal Tool currently ready because the system is built around deploying it on the 14th. The reference to Microsoft's pay services are the same as if you used Symantec or any other virus scanner out that which already detects the worm. It's not extortion, it's not even a story.

  5. Happy Valentine's Day! by digitaldc · · Score: 5, Funny

    Microsoft is aware that the 'Kama Sutra/Blackworm/MyWife' worm will hit on Friday, overwriting office documents, but will not release a patch until its regular monthly patch release on February 14th.

    How ironic that a patch for the Kama Sutra/MyWife worm will be released on February 14th.
    Happy Valentine's Day - Love, Microsoft.

    --
    He who knows best knows how little he knows. - Thomas Jefferson
  6. Re:A simple word for it... by CXI · · Score: 4, Insightful

    Wrong. The entire content of this story is that Microsoft isn't releasing a malicious software removal tool until the 14th, as usual. So, go use any virus checker on the planet instead, including Microsoft's, to solve the problem now.

  7. "I would like to return this car" by Cr0w+T.+Trollbot · · Score: 5, Funny
    "Why do you want to return it?"

    "Because there's a car bomb on it set to go off on Friday."

    "Sorry, that's not our car bomb."

    "No, but when I bought the car, there was a modular plug next to the engine with PLACE CAR BOMB HERE written on it!"

    "Sorry, not our problem. You knew this car was prone to car bombs when you bought it, and your purchase agreement specifically spells out that we're not responsible for car bomb damage."

    "Can you at least remove the car bomb?"

    "Sorry, but your contract specifically states that we're under no obligation to remove any car bombs attached to your car. Now, if you would be interested in purchasing our special Car Bomb Insurance..."

    - Crow T. Trollbot

  8. You get what you pay for by analog_line · · Score: 5, Insightful

    Check the license agreement for Windows XP. Nothing in there says that Microsoft will ever provide fixes, period. If you don't like their service-after-the-sale, get off the upgrade treadmill and stop buying licenses from them or buy an expanded service agreement from them. They aren't

    Software licenses are agreements that should have the full weight of contract law. There is no other way that the licenses I prefer, like the GPL, BSD, Mozilla, MIT, etc, get any legal weight. If you can't abide by the terms, take a stand, show some guts, and click "Cancel" on the install. Find some software that is licensed under terms you can accept. Don't be a sheep and agree just because it would be too hard, or make you go look for other software if you disagree.

    THIS STUFF IS IMPORTANT.

  9. Re:Or if you don't want to pay by ZachPruckowski · · Score: 4, Insightful

    Your argument reminds me of something a friend said. We all have seen those "hardest American football hits ever" sports reels, right? Now they look nice and pretty, and they knock the ball carrier down, right? Now here's the problem: in almost every case, the guy had already caught the ball and picked up yards.

    Do you see what I'm getting at? All those viruses and spywares and worms on your computer have already done damage when you get them removed. The goal is to keep them from getting on your computer or at least keep them from running. And MS is deliberately charging for that feature. Their online virus-removal thing is nice, and can mitigate some damage, but the horse already left the barn.

  10. A few more facts to throw water on the fire by sixpaw · · Score: 4, Insightful
    • Despite the eagerness to imply that this is something roaming the net randomly looking for computers to infect, it's pretty much your run-of-the-mill e-mail worm that actively requires opening an executable (.scr) attachment to infect a system. Under normal circumstances (i.e., without the free opportunity to bash Microsoft attached), how many IT pros would say that anyone opening a random attachment e-mailed to them deserved what they got?
    • McAfee rates this one as low-risk for both home and corporate users.
    • Symantec gives it a run-of-the-mill threat assessment (low geographical distribution, easy containment).

    AFAICT this is as run-of-the-mill as virus threats get, and I'm grateful that MS is maintaining a level of software discipline and not jumping all over themselves to instantly respond to every stupid little worm that crosses the net. I'd much rather see meaningful updates once a month than frantic, possibly-buggy scramble fixes three times a week.
  11. Re:More like this by ivan256 · · Score: 4, Insightful

    Your analogy is more accurate than the parent, but still faulty. The problem is with this part:

    Our car is as car bomb proof as we were able to make it

    I'm fairly certain that Microsoft engineers were fully capable of making Windows more secure. They have smart people working there. Reality is that they made it as secure as they were willing to make it. It's like cars in the '60s. Safety didn't sell if it was an inconvienience. Adding more security to Windows would have meant less ease of use and less backwards compatability. Both are important to maintain the customer base and prevent people from considering alternatives. Were they right or wrong? That depends on how you look at it, but you certainly can't say they implemented security to the limits of their ability.

  12. Re:Simple fix by Dare+nMc · · Score: 4, Insightful

    > You want to give someone a file, send them a link to your ftp server.
    get with the times, should be a tracking link to your torrent.
    ftp works for the 2% of people who have their own non nat, static ip address with a ftp server that hasn't been blasted off the face of the internet. I am even in the small percent that do have a static ip, but the people I send files to don't have VPN access to any of my servers, and having ftp openly accesable to the net would just be stupid (and which windows users have sftp client installed? ok I do have port 80 access to a webserver that could serve the file, but thats probably not average or easier than attach either.)

  13. Trial/free anti-virus that remove Win32/MyWife by Aryeh+Goretsky · · Score: 5, Informative

    Hello,

    A bit of searching came up with the following free or trial versions of anti-virus programs which are capable of detecting and removing Win32/MyWife (née CME-24):

    Alwil - Avast! 4 Home Edition (free for personal non-commercial use)
    ESET - NOD32 trial version (30-day evaluation)
    Grisoft - AVG Free Edition (free for personal non-commercial use)
    Kaspersky Lab - Anti-Virus Personal 5.0 (30-day evaluation)
    McAfee - VirusScan (30-day evaluation)
    Microsoft - Windows Malicious Software Removal Tool (KB890830) (free)
    Panda - Titanium Antivirus 2006 (30-day evaluation)
    Sophos - Anti-Virus (30-day evaluation)
    Symantec - W32.Blackmal@mm Removal Tool (free)
    Trend Micro - PC-cillin Trial Version (30-day evaluation)

    I'm certain other readers will look up and post links to additional vendors, too. Ob-disclaimer: I happen to work for one of the companies listed above, so there.

    Regards,

    Aryeh Goretsky

    --
    Dexter is a good dog.
  14. Even people who should know better make mistakes by kalirion · · Score: 5, Interesting

    I remember receiving a "security patch" from the Microsoft Security Center on my college email account. I almost executed it too, before thinking "why in the hell would microsoft be sending security patches over email???" Later I found out that several professors in the university's Computer Science department fell for it....

  15. Re:Simple fix by diersing · · Score: 5, Insightful
    Haven't you ever heard of iptables and port knocking for friends with dynamic IPs? --reject-with tcp-reset is your friend

    Clearly a solution for the unwashed masses. We can't seem to get people from double clicking every email attachment, I'm sure their ready to setup, configure and tweak their own IPTables.

  16. Re:TROLL???? by Overly+Critical+Guy · · Score: 4, Interesting

    If you haven't noticed, Slashdot has been invaded in recent years by a pro-Microsoft contingent who thinks Windows is great, outrage over its ridiculous security flaws is overblown, and who mod down those who point out how much time and money Windows has forced people to waste. For Christ's sake, you have to diaper Windows today with a hodge-podge of anti-virus, anti-spyware, firewall, registry cleaner, defragmenter, etc. just to keep it running smoothly for longer than six months, and even then, Windows naturally slows down after a year and requires a complete reinstall to regain its speed. Simply amazing.

    At least CBS News pointed out in their report on the worm that Mac users were unaffected.

    --
    "Sufferin' succotash."