Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Refuses To Patch Rootkit-Compromised XP Machines

Posted by timothy on from the define-yourself-as-outside-the-fence dept.

Barence writes "Microsoft has revealed that its latest round of patches won't install on XP machines if they're infected with a rootkit. In February, a security patch left some XP users complaining of endless reboots and Blue Screens of Death. An investigation followed and Microsoft discovered the problems occurred on machines infected with the Alureon rootkit, which interacted badly with patch KB977165 for the Windows kernel. Now Microsoft is blocking PCs with the rootkit from receiving its new patches. 'This security update includes package-detection logic that prevents the installation of the security update if certain abnormal conditions exist on 32-bit systems,' Microsoft cautions in the patch notes."

15 of 330 comments (clear)

  1. First things first by BadAnalogyGuy · · Score: 5, Insightful

    If the rootkit is still on your computer, maybe you should look into having it removed.

    how shall thee pull out the mote that is in thine eye, when thou thyself beholdest not the beam that is in thine eye? Luke 6:42

    1. Re:First things first by Skarecrow77 · · Score: 5, Funny

      no! I need the newest microsoft patch so that there are not any new security holes in my computer! I'll deal with that huge gaping sucking chasm of a security hole that's already there, created by the rootkit, at some later date.

  2. Lesser of two evils? by HockeyPuck · · Score: 5, Insightful

    Let's see what do I want?

    A) A working machine that has a rootkit installed.
    B) A machine that nolonger works.

    Can you expect MSFT to test their patches against machines that have been modified via rootkits? Or should the patches themselves remove the rootkits. You are assuming that MSFT can remove the rootkit in the first place.

  3. And the issue is? by dirk · · Score: 5, Insightful

    I really don't have a problem with this. If the system is already rooted, the patch isn't going to actually help anything since their security is already compromised. And with all the bad press MS received last time over something that was not their fault at all, why should they risk it again? If your system has a serious issue like being rooted, then you have to take care of the issue before you can install the patch. Seems logical to me.

    --

    "Information wants to be expensive" - Stewart Brand, the same guy who said "Information wants to be free"
  4. Why bother? by trifish · · Score: 5, Insightful

    Rightfully so. Security patching a rootkit-ed OS is mildly amusing and also a bit redundant. The only way to secure such an OS starts with reformatting the system partition.

  5. Microsoft - Pragmatic solution to hard issue. by irreverant · · Score: 5, Interesting

    I think microsoft acted responsibly in this situation. They merely mitigated any future issues these patches might have, they didn't want the same thing to happen again. In this case it was prevention not intervention. Unfortunately, there are many ways to get a rootkit installed on a computer; however, most of the time it's usually the user that infected themselves. This is why there are measures that a user can take to prevent or minimize the occurrence. Microsoft did make a note to remove the infection and then install the patch. If they don't know how to remove the infection or don't know they can download if not purchase one of many anti-virus solutions or pay someone to do it, then maybe the user's should rethink their web browsing behaviors.

    --
    Of all the things I've lost; I miss my mind the most. - Mark Twain
  6. Summary title in error by Rockoon · · Score: 5, Informative
    From the article:

    As Microsoft has noted, while the solution prevents users from suffering the misery of Blue Screens of Death, it does leave them unprotected and the company has urged users to download its Malicious Software Removal Tool to clean up their machines and run the patch as soon as possible.

    It isnt that they wont patch these systems, its that they wont automatically install the MSRT, which removes the rootkit, as part of the update.

    ..and to be perfectly honest, who wants the MSRT to be a mandatory component. Things like that are capable of unexpectedly altering the system, something typically frowned upon in enterprise.

    --
    "His name was James Damore."
  7. Attn infected PC users: Can't have it both ways. by techvet · · Score: 5, Insightful

    First, you beat up Microsoft because their patch trashed machines that were *already* infected. Then you beat them up because they backed off on applying the patches to avoid trashing the machines. Get thee to SuperAntiSpyware and Anti-Malwarebytes and get your machine cleaned up before you complain.

  8. Re:Makes sense... by HerculesMO · · Score: 5, Interesting

    The malicious software removal tool will take care of it. Their antivirus will not.

    They are giving you the tool to get rid of it and then saying you should install your patches afterwards. But they are chastised for not coming up with a all-in-one solution? Jeez.

    --
    The price is always right if someone else is paying.
  9. You can't fix stupid by rudy_wayne · · Score: 5, Insightful

    "Microsoft discovered the problems occurred on machines infected with the Alureon rootkit"

    There are many reasons to hate Microsoft, and their QA failure when it comes to security is certainnly one of them. However, the spread of rootkits, viruses and other malware is primarily caused by user stupidity, something that is not Microsoft's fault. In the early days of personal computers I took the time to learn how things worked. If you're having the problem described in this article then you can wipe your hard drive and re-install Windows. If you don't know how to do this, then maybe it's time you learned. If you're not willing to learn, then do the rest of the world a favor and throw your computer out the nearest window.

  10. Re:Makes sense... by clone53421 · · Score: 5, Informative

    And that’s what will happen. Installation of the patch will fail, if the rootkit is detected. The malicious software removal tool will be pushed out and remove the rootkit. And eventually the patch will be installed again since the installation failed the first time, and if the rootkit is gone the patch should install properly.

    --
    Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
  11. Re:Misleading title by SCPRedMage · · Score: 5, Insightful

    Screw that. Deliver the patch, BSOD the idiots, and get them off the net so that they're not a danger to the rest of the world.

    --
    My sig can beat up your sig.
  12. Re:The Microsoft way! by gzipped_tar · · Score: 5, Informative

    If the kernel is fucked, nothing works any more. Any results from on-line determination of the damage status of the machine itself should be assumed fake because the malware is in control of all local resources. To accurately determine the status of the computer, it must be taken offline.

    Never trust what rooted machines say about themselves...

    --
    Colorless green Cthulhu waits dreaming furiously.
  13. Re:The Microsoft way! by maxwell+demon · · Score: 5, Funny

    What if it hides in the documents?

    --
    The Tao of math: The numbers you can count are not the real numbers.
  14. Re:The Microsoft way! by Yaddoshi · · Score: 5, Insightful

    I agree, I thought the title of this submission was skewed - especially after reading the rest of the article. Microsoft does not appear to be "refusing to patch rootkit infected computers".

    A more accurate title would be something along the lines of: Microsoft attempts to prevent inadvertently bricking XP systems with Windows Updates

    Bear in mind I'm terrible at coming up with titles. Also bear in mind I'm not a big fan of Windows.