1 In 3 Windows PCs Still Vulnerable To Worm Attack

← Back to Stories (view on slashdot.org)

1 In 3 Windows PCs Still Vulnerable To Worm Attack

Posted by kdawson on Friday January 16, 2009 @03:52AM from the so-patch-already dept.

CWmike writes "The worm that has infected several million Windows PCs, Downadup or 'Conficker,' is having a field day because nearly a third of all systems remain unpatched 80 days after Microsoft rolled out an emergency fix, security firm Qualys said. Downadup surged dramatically this week and has infected an estimated 3.5 million PCs so far, according to Finnish security company F-Secure Corp. The worm exploits a bug in the Windows Server service used in Windows 2000, XP, Vista, Server 2003, and Server 2008. Qualys' CTO said, 'These slow [corporate] patch cycles are simply not acceptable. They lead directly to these high infection rates.'" This is indicative of why some are calling for Microsoft to rethink Patch Tuesday, as reader buzzardsbay pointed out.

22 of 242 comments (clear)

router by TheSHAD0W · 2009-01-16 03:54 · Score: 5, Insightful

This is why I recommend everyone have a router installed on their internet connection, even if they have only one PC. Routers inherently block almost all worms.
1. Re:router by Trevelyan · 2009-01-16 04:04 · Score: 4, Insightful
  
  You assume that the router has a some firewall, acl or nat set, ie its not inherent. Also this is more for home users. However this worm is doing well in corporate networks, spreading from one co. to another via latops, and so negating any external firewall.
2. Re:router by corsec67 · 2009-01-16 04:18 · Score: 5, Funny
  
  The very nature of a router is to use NAT.
  No, the very nature of a router is to... route.
  Or do the core internet routers also NAT?
  Is China behind a large NAT? (This will probably be true in 2015, so hello people from then)
  
  --
  If I have nothing to hide, don't search me
3. Re:router by jrumney · 2009-01-16 04:23 · Score: 4, Informative
  
  All routers need to do some type of NAT period, it is how a router works.
  There are 14 routers between me and slashdot.org, not one of them is doing any type of NAT.
4. Re:router by Muad'Dave · 2009-01-16 04:25 · Score: 4, Informative
  
  In recent parlance "router" implies a consumer level router/NAT appliance, but that's not necessarily so. Routers predated NAT by a zillion years, and routing is distinctly separate from any NAT functionality. There are plenty of routers using in large IT shops where requiring NAT would be a serious handicap.
  
  --
  Tiller's Rule: Never use a word in written form that you've only heard and never read. You will end up looking foolish.
5. Re:router by jrumney · 2009-01-16 04:25 · Score: 5, Funny
  
  My ISP has a router installed on my internet connection, so I must be safe right?
6. Re:router by Xelios · 2009-01-16 04:48 · Score: 4, Informative
  
  Along with a router a software firewall is a handy thing to have. A router won't alert you when a program or service tries to access your connection, but a software firewall will. If something on my PC is trying to access the internet without me telling it to, I want to know about it.
  
  And it's great for all those annoying programs that try to phone home or check for updates at random times. What's that Acrobat Reader? You want to look for an update? No, I think I'll decide for myself when it's time to update you rather than have you nag me about it every time you're opened. Tick "create rule", hit "block". Enjoy your stay in the blacklist.
  
  ESET Smart Security. Best $50 I've ever spent on software (except maybe The Orange Box).
  
  --
  Murphey's fighting Occam, and we're in the stands.
7. Re:router by Opportunist · 2009-01-16 04:49 · Score: 4, Interesting
  
  That works well in home scenarios where the router is the only possible entry point of a worm. In office environments, you have laptop users that travel. They may or may not connect from home, often with mobile access or from their private line. Something you cannot shield, and more often than not is not shielded.
  I've been lobbying in various consulting sessions that laptops from traveling workers are to be seen as "semi-trustworthy", if that. Because they can and do connect not only from within the trusted and firewalled network, but because of this very reason, they can connect in insecure scenarios and may be infected when they connect to the company networks. I have been lobbying to put them in a separate network ("separate but equal" has such a bad ring, but in this case it's pretty much what the idea is). If the worst case happens, it would at least only infect a usually very manageable number of computers instead of the whole corporate network.
  Well, I guess I finally have a real life example of what happens when you don't heed it. Companies are like little kids, you have to let them touch the stove once before they believe you it's hot. But fortunately, some companies are willing to learn from the mistake of others...
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
8. Re:router by YouWantFriesWithThat · 2009-01-16 04:58 · Score: 4, Interesting
  
  yes, yes, and yes.
  
  when something malicious got through AVG, spybot, and adaware i was clued in when fdsb423.exe started trying to connect with the internet. a software firewall is not a defense, but it is a good way to tell that you have something going on. i also agree it is fun to turn off the dial-home on software that doesn't need to talk to it's mommy. HP printer drivers, i am looking at you.
9. Re:router by Ephemeriis · 2009-01-16 05:10 · Score: 4, Informative
  
  This is why I recommend everyone have a router installed on their internet connection, even if they have only one PC. Routers inherently block almost all worms.
  I think, what you're trying to say, is that it is important for everyone to have a firewall on their Internet connection... Not a router. Routers don't inherently offer any protection at all. Many home-grade routers come pre-configured with NAT, which does get you some basic protection... But not all routers do NAT, and not all of them give you any protection.
  And an external firewall on your Internet connection only protects you so far. It might keep a worm from crawling in through your Internet connection... But it won't stop a worm from spreading once it is inside your network.
  That's why it is important to control the traffic inside your network, as well as traffic to/from the Internet. Maybe it isn't necessary to run a firewall on each and every PC, but you sure as hell better be monitoring your traffic and keeping your machines patched.
  
  --
  "Work is the curse of the drinking classes." -Oscar Wilde
10. Re:router by toleraen · 2009-01-16 05:23 · Score: 4, Informative
  
  A router won't alert you when a program or service tries to access your connection, but a software firewall will.
  
  Turn on logging and your router can notify your PC, your email, your blackberry, etc etc.
Genuine Advantage Validation by RichMan · 2009-01-16 03:57 · Score: 5, Interesting

I know a lot of people who are afraid of updates because of the genuine advantage validation. They got student priced versions of the software 5 years ago and are no longer students. They don't want to risk losing Visio/Word/PowerPoint or having some other software disabled on their computer.
The fear factor of automated reporting/validation is stopping a lot of people from running the updates.
1. Re:Genuine Advantage Validation by 0prime · 2009-01-16 04:47 · Score: 5, Insightful
  
  Uhhh as a former student, this seems pretty silly. I haven't had any problems with XP or the Office 2003 Suite at all. What are these people expecting Windows to do, pull their personal info, poll it to Microsoft through WGA, and have Microsoft check College enrollment records?
  
  I do know of one other reason why people would be afraid of WGA, though.
  
  --
  I am not a *blank*, but I did stay at a Holiday Inn Express last night.
Not that bad considering it's Windows by jerep · 2009-01-16 03:58 · Score: 5, Funny

If my years of tech support taught me anything it's that 9 out of 10 Windows users are more damaging to computers than anything else.

--
Do you D?
1. Re:Not that bad considering it's Windows by ColdWetDog · 2009-01-16 04:01 · Score: 5, Funny
  
  Worse than that... It's OPEN SOURCE's fault:
  
  "By using the exploit from the Metasploit module as the code base, a virus/worm programmer only needs to implement functions for automatic downloading and spreading," said Xiao Chen, a McAfee security researcher, in an entry to the company's blog. "We believe that this can be accomplished by an average programmer who understands the basics of exploitation and has decent programming skills.
  
  "It's obvious that worm writers are abusing open-source tools to their advantage to make their work easier," Chen added.
  
  You all ought to be ashamed of yourselves...
  
  --
  Faster! Faster! Faster would be better!
blackhat thoughts by Kartoffel · 2009-01-16 04:00 · Score: 4, Funny

With all this talk of Microsoft losing money, maybe they should get into the botnet business for themselves. Vertical integration!
Patches are good, not bad! by Anonymous Coward · 2009-01-16 04:04 · Score: 4, Interesting

What drives me absolutely nuts is how people who are not computer professionals talk about patches with contempt. In any magazine article about an operating system, whether it be from the Windows family, Mac OS X, or Linux, when the subject of patches comes up, the writer will usually say something to the effect that a downside of using this operating system is the high frequency of patches.

In a perfect world, software would have zero bugs (security holes are bugs, too, if you think about it). No product would have any problems. Everything would be perfect. There would be no need for patches.

But unfortunately we do not live in a perfect world, and software does have bugs. When patches are available at a frequency such as daily (as is sometimes the case if you use Ubuntu, patches not only for the OS but for any programs you have installed too), or every few weeks as is the case with Mac OS X, you know that people behind the product are responsible, are continuing to develop and refine the software, and you benefit from those refinements at the frequency of the patches.

We all know this, yet because many people feel contempt toward software patches, and because magazines and newspapers write inaccurately about this subject, many boxes out there are vulnerable to many types of attack, and this won't change any time soon. I think some effort needs to be expended by the marketing departments of various software companies to convince people that patches are good, not bad.

I just had one additional thought about this Windows patch. Perhaps some of these boxes are using illegitimate copies of Windows and are therefore ineligible for the patch?
Immune by Alsee · 2009-01-16 04:05 · Score: 5, Funny

I'm immune to the worm. I'm still running Windows98 and it doesn't have "Windows Server service" and all that other wormbait crap.
Oh, hold on.... I'll be right back. I've been online 40 minutes and I need to reboot.
-

--
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
Not Acceptable? by PolyDwarf · 2009-01-16 04:11 · Score: 5, Insightful

Qualys' CTO said, 'These slow [corporate] patch cycles are simply not acceptable. They lead directly to these high infection rates.'"
It's also not acceptable that corporate desktops become useless because of an update that MS rolled out that broke mission-critical software.
There's a reason there's an IT vetting process with patches (fool me once, shame on you... fool me twice, three times, every patch tuesday, shame on me). There's also a reason why those processes take a while. If you disagree with IT workers doing their jobs and making sure that an update won't screw up the network/application/productivity/company, take it up with software vendors and MS, not with the people who are trying to make sure their company stays functioning. Or will you be willing to pay for their time in fixing problems if they apply patches that break things?
How about installing updates? by HerculesMO · 2009-01-16 04:18 · Score: 4, Insightful

The update was issued in October.
If you haven't patched, there's no fault of anybody but your own.
If your car has a recall for a safety belt problem, and you don't get it fixed and get into an accident, is it suddenly the car manufacturer's fault? No.
And likewise it's not MS's fault if you can't install patches on your OS.

--
The price is always right if someone else is paying.
Re:Weekly updates? Still not enough. by cavtroop · 2009-01-16 04:41 · Score: 4, Informative

Have you ever tried managing 17,000 desktops? No, didn't think so.
Most large corps run WSUS, with updates on a weekly schedule, at most. To do otherwise would cripple the network, or require such an investment in equipment and manpower as to be nearly impossible to pull off.
Having said that, most large companies also have a mechanism for quick-release of highly critical patches. I know we rolled out the MS08-067 patch to our desktops immediately, and had a 98% acceptance rate within 3 days.
Re:Get any work done? by Ephemeriis · 2009-01-16 05:41 · Score: 4, Insightful

Jeez, with virus scanners, several types of automatic updates, and other gadgety things polluting the standard corporate desktop, it is a wonder that people can get any work done on their PCs anyway. Six Inches of Air.
Corporate desktops aren't that bad. I mean, they can be... But usually there's at least a little oversight. You don't typically see people with eleven different smiley-toolbars in a business... It happens, but not so much.
Home users, on the other hand, can be a true nightmare. Plugins for various web pages... Piles of downloaded crapware games... IncrediMail... Several different media players and a pile of music or movies... A couple different P2P programs... A couple different malware scanners... I cringe just thinking about it.
You're right though. Entirely too many different bits of software want to do their own updates. Windows Updates, Office Updates, anti-malware updates, updates for Adobe Reader, updates for Flash, updates for Java, updates for Real Player, updates for HP's drivers and suites, updates for QuickTime and iTunes...
It's ridiculous. I'll routinely see at least a half-dozen updaters running in the background.
That's one of the things I really like about most Linux distributions... Generally you've got a single package manager that takes care of everything for you.

--
"Work is the curse of the drinking classes." -Oscar Wilde