Slashdot Mirror
Romanians Find Cure For Conficker
mask.of.sanity writes "BitDefender has released what it claims is the first vaccination tool to remove the notorious Conficker virus that infected some 9 million Windows machines in about three months.
The worm, also known as Downadup, exploits a bug in the Windows Server service used by Windows 2000, XP, Vista, Server 2003 and Server 2008. It spreads primarily through a buffer overflow vulnerability in Windows Server Service where it disables the operating system update service, security center, including Windows Defender, and error reporting.
The Romanian security vendor said its removal tool will delete all versions of Downadup and will not be detected by the virus."
they are not "distributing a worm", it's a tool for disinfection and I suspect that they'll need to take a page out of biology's book on dealing with dangerous microbes and evolve along with the worm. In other words, constantly update their tool as the worm adapts. So it's likely going to be quite dynamic.
Sigs are too short to say anything truly profound so read the above post instead.
In the first case blame the administrators (for not knowing how to properly protect a Windows server), in the second case blame Microsoft (for running servers on a desktop that should not be there in the first place). I would expect the second case as that I recall we have seen before, a virus exploiting a bug in a server function that can not even be stopped on a desktop.
Description of the Server service:
Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Dependant services: Computer Browser ("Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained.")
I think it starts automatically.
It can probably be disabled, but who knows...
This "server" service has nothing to do with what you might expect from a "server", i.e. being a big machine that hosts a lot of stuff like mail or webpages. This "server" service is an integral portion of Windows' ability to share files through the local network and access network printers. Also, some other services (IIRC the whole bunch that deals with networking, from WiFi to telephony) depends on it.
In other words, the term "server" is maybe a bit preposterous. It's just the thingie that enables networking on Windows machines.
So, IMO, it's neither. It's neither a "real" server crappily configured by admins that should get their hands tied and pushed into administration where they can't do no harm, nor is it MS's fault for putting something that only a server OS should have on a desktop. It's simply the network thingamajig gone bad.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
We need a removal tool that can be run from a safe Linux environment (ie boot using a live disk etc. ...)
Well, the guys at bitdefender do have a rescue cd that can be used to disinfect a windows machine.
Sad but true. The pain that is WiFi on Linux is a bigger hurdle than the games IMO. I'd take Linux on my laptop if I could do so without extensive work to get the WiFi working. And the laptops with Linux that the WiFi works on don't meet my needs.