Microsoft Won't Offer Patch Before Worm Strikes?

techmuse writes "According to an article in Information Week, Microsoft is aware that the 'Kama Sutra/Blackworm/MyWife' worm will hit on Friday, overwriting office documents, but will not release a patch until its regular monthly patch release on February 14th. Unless, that is, you subscribe to one of Microsoft's pay security services, in which case your machine will have the worm removed in advance." From the article: "The blog offered no explanation why the tool wouldn't be updated earlier, nor did Microsoft immediately respond to questions. Each month, Microsoft pushes a revised tool to Windows users who have Automatic Update enabled for Windows Update or Microsoft Update. The Redmond, Wash.-based company has released the Malicious Software Removal Tool off-schedule once before, in August 2005, shortly after the Zotob worm began striking Windows 2000 systems."

Prior art for this MS business plan.

[Ph33r+th3+g(O)at]

Nice Windows machine you've got there. Wouldn't want anything to, um, happen to it. You need insurance, and we happen to sell insurance. Capiche?

Re:Prior art for this MS business plan.

[HankB]

The last line in TFA is

Both the company's free online security service, Windows Live Safety, and its in-beta OneCare Live software, however, will disinfect compromised computers, Microsoft said.

This includes the URLS http://beta.windowsonecare.com/ and http://safety.live.com/site/en-US/default.htm

I'm guessing that's free as in beer. I like to bash Microsoft at least as much as the next guy, but I think they've provided a free solution for this one.

-hank

Try to be a little fair

[bushidocoder]

Unless, that is, you subscribe to one of Microsoft's pay security services, in which case your machine will have the worm removed in advance.

Or, if you had read the very article you're posting, "Both the company's free online security service, Windows Live Safety, and its in-beta OneCare Live software, however, will disinfect compromised computers, Microsoft said."

Happy Valentine's Day!

[digitaldc]

Microsoft is aware that the 'Kama Sutra/Blackworm/MyWife' worm will hit on Friday, overwriting office documents, but will not release a patch until its regular monthly patch release on February 14th.

How ironic that a patch for the Kama Sutra/MyWife worm will be released on February 14th.
Happy Valentine's Day - Love, Microsoft.

"I would like to return this car"

[Cr0w+T.+Trollbot]

"Why do you want to return it?"

"Because there's a car bomb on it set to go off on Friday."

"Sorry, that's not our car bomb."

"No, but when I bought the car, there was a modular plug next to the engine with PLACE CAR BOMB HERE written on it!"

"Sorry, not our problem. You knew this car was prone to car bombs when you bought it, and your purchase agreement specifically spells out that we're not responsible for car bomb damage."

"Can you at least remove the car bomb?"

"Sorry, but your contract specifically states that we're under no obligation to remove any car bombs attached to your car. Now, if you would be interested in purchasing our special Car Bomb Insurance..."

- Crow T. Trollbot

You get what you pay for

[analog_line]

Check the license agreement for Windows XP. Nothing in there says that Microsoft will ever provide fixes, period. If you don't like their service-after-the-sale, get off the upgrade treadmill and stop buying licenses from them or buy an expanded service agreement from them. They aren't

Software licenses are agreements that should have the full weight of contract law. There is no other way that the licenses I prefer, like the GPL, BSD, Mozilla, MIT, etc, get any legal weight. If you can't abide by the terms, take a stand, show some guts, and click "Cancel" on the install. Find some software that is licensed under terms you can accept. Don't be a sheep and agree just because it would be too hard, or make you go look for other software if you disagree.

THIS STUFF IS IMPORTANT.

Re:All should not be lost...

Just FYI...
Microsoft is not distributing the patch out of cycle because it is not a vulnerability, it is a mass mailing worm. It has been categorized as low risk. The "unwashed masses" can get the removal tool from

http://www.microsoft.com/security/encyclopedia/det ails.aspx?name=Win32%2FMywife

Re:All should not be lost...

[DaHat]

No... worm specific removal tools exist and can be freely downloaded from Symantec and others... no need for AV software to be installed or running.

Re:All should not be lost...

[ShamusYoung]

How hard is it to not run software mailed to you by a stranger? If I mailed you a syringe labeled "everlasting life", would you jam it in your arm and shoot it? No? Did I mention it's FREE and that you are our LUCKY WINNAR? Cuz you are.

What we really need is for MS to release a patch to repair the stupid and irresponsible users out there. Why haven't they fixed this obvious security loophole?

The problem with these viruses is that they do not kill the victims. If they did, then at least we could look forward to the point when Darwinisim fixed the problem for us. :)

Re:All should not be lost...

[LurkerXXX]

It shouldn't be, but apparently it is. People keep coming to me after they've trashed their systems. I ask way they opened an unknown attachment and they always say the same thing "But it was from my co-worker/friend/family member X. They wouldn't send me anything bad!". That's after I've told them literally dozens of times that modern viruses spoof the name of the sender and that person X's machine may be infected, or someone who has both person X and them in their address book may be infected. Don't ever open any attachment unless you know what it is. If your not sure what it is it only takes 2 seconds to hit the reply button and ask "What's this".... It never sinks in. Even after the "I love you" virus, etc. They just can't be educated.

And no, I don't think that moving to *nix is the answer either. I've had users follow instructions included with an email virus to type in a password required to unzip the payload, then run it. Those users will certainly be willing to type in "rm *" or whatever instructions come along with a virus. Their user files, the only thing of value on the machine, are toast either way. These are the same folks that will never back up their data either, so they really are toast.

Trial/free anti-virus that remove Win32/MyWife

[Aryeh+Goretsky]

Hello,

A bit of searching came up with the following free or trial versions of anti-virus programs which are capable of detecting and removing Win32/MyWife (née CME-24):

Alwil - Avast! 4 Home Edition (free for personal non-commercial use)
ESET - NOD32 trial version (30-day evaluation)
Grisoft - AVG Free Edition (free for personal non-commercial use)
Kaspersky Lab - Anti-Virus Personal 5.0 (30-day evaluation)
McAfee - VirusScan (30-day evaluation)
Microsoft - Windows Malicious Software Removal Tool (KB890830) (free)
Panda - Titanium Antivirus 2006 (30-day evaluation)
Sophos - Anti-Virus (30-day evaluation)
Symantec - W32.Blackmal@mm Removal Tool (free)
Trend Micro - PC-cillin Trial Version (30-day evaluation)

I'm certain other readers will look up and post links to additional vendors, too. Ob-disclaimer: I happen to work for one of the companies listed above, so there.

Regards,

Aryeh Goretsky

Even people who should know better make mistakes

[kalirion]

I remember receiving a "security patch" from the Microsoft Security Center on my college email account. I almost executed it too, before thinking "why in the hell would microsoft be sending security patches over email???" Later I found out that several professors in the university's Computer Science department fell for it....

Re:Simple fix

[diersing]

Haven't you ever heard of iptables and port knocking for friends with dynamic IPs? --reject-with tcp-reset is your friend

Clearly a solution for the unwashed masses. We can't seem to get people from double clicking every email attachment, I'm sure their ready to setup, configure and tweak their own IPTables.