>yet if I copy a 2GB file from one drive to another, the stupid operating system will swap out all the applications it can just to make the cache larger.
Then I would propose that when the OS does a filesystem-to-filesystem copy like that, especially if the source image is read-only, it should not be cached.
>How do you know they are extinct? Maybe they had a space program, left for another plnet, and let the Earth be hit by the asteroid.
Where is their technology in the fossil record then?
They didn't just invent oil, did they?;-)
Still, you have a point; dinosaurs ruled earth for a hundred million years, right?
You figure we've been around for less than 2 million by some estimates and "ruling" the planet for even less than that.
So maybe you're right, with a hundred million years of evolution and the resultant technology, the dinousaurs teleported themselves, their belongings and their technology away just moments before the asteroid hit.
The bad news is they'll be back soon and when they see what we did with the place, well... Let's just say Godzilla would be a picnic, comparatively.
>A lot of free-access stock quotes are 15-30 minutes old. Plus, it was going better earlier in the day.
That's right, and the minute the stock started tanking, a Microsoft shell corporation immediately took some of the 80 million Microsoft has allotted for just such an occasion and started buying to bring the price of the stock back up.
I'm NOT kidding; I'm certain that since MS KNOWS that the average investor knows nothing about any of this, they figure they can artificially maintain SCO's credibility for them.
Call me a tin-foil-hat-wearing nut, but I'm sure if you follow the money, that's what you'll find.
>RPC worms like Blaster and Sasser are impossible to ignore [...]
Yes, that's why I think that this is a Good Thing (TM), because those constantly-rebooting machines will have to be dealt with now.
Up until now, if those machines were part of a spam relay or what have you, they might have been easy to ignore if the infection didn't do anything to hinder the user too much.
Now though, there will be now way for the administrator of the machine to ignore it any longer.
And if the admin DOESN'T take care of it, well the machine can't be used to spam because it's constantly rebooting.
OMG I mean I *know* I suggested something straight out of the tinfoil-hat brigade's greatest-hits, but your post makes me wonder if I'm paranoid ENOUGH.
Tell me about it! I dumped Windows 4-5 months ago because of a bug in XP's activation module.
Even though I stopped using Windows Immediately, I still spent the first month or so looking around, evaluating distros.
I was able to access all my data all the while because I ran Knoppix as my desktop for that period.
TRULY a great, useful tool, Knoppix.
Anyhow, I finally settled on Gentoo, and apart from having a much tougher time getting everything working compared to Windows, it's been rock-solid, and I'll never go back to Windows.
>Actually, this shouldn't happen, because any clueful network/firewall guys are already doing egress filtering of outbound TCP/UDP 135-139, and 445, as a result of some other worms from the last couple years...
Probably a case of someone who brought their laptop home and has DSL/Cable.
I believe it was mentioned somewhere that sasser ACTIVATED friday or saturday, but that would mean that there had been a period of dormance before?
So you could have had an infected laptop brought into work, and when the virus activated, every machine on the LAN became a target.
I think the solution is to firewall EACH MACHINE, like Linux.:-)
And you should know that I am NOT a Microsoft shill. I'm not excusing Microsoft, I just think someone out there has an agenda that is different that the typical worm-writer's.
Net effect? These machines will keep crashing until they are DEALT WITH!
That means brought up to date. And that means - No more vulnerabilities, no more infections, no more spam-relays...
I think it's WONDERFUL that this worm causes the computer to reboot constantly; that's SURE to get the system the attention it requires, and in the meantime, it effectively takes it out of commission.:-)
The whole spam-relay network is made up of apathetic users who run an infected machine, but other than being inconvenienced a little by their machine being a bit slower, either don't care, are too lazy or are clueless to address the problem.
The rationale that I've seen among those users is "well, I haven't lost any data, and other than the pop-ups, it doesn't really get in my way or bug me that much, so, meh..."
Kinda hard to ignore now though, what with your computer rebooting all the time, isn't it?
>Interesting theory, but there's one problem. Whoever wrote Sasser did not intend for it to crash systems. This is a side effect of sloppy coding; it's not intentional.
You know what? I think that yesterday, I received a LOT LESS spam than usual. I'm talking a fraction; instead of 200-300, I only received about 20.
So even if taking down all those spam-relays was just a side-effect, I'LL TAKE IT!:-)
Right... But have you noticed, it can only infect computers that are not properly patched and up-to-date...
I read a while ago that 0-day exploits on Windows are mostly unheard of, while most viruses seem to come out a few weeks AFTER Microsoft has issued a patch, because the virus-writers wait for a patch to disassemble it and learn how to exploit the weakness, which is easier to do that figuring out how to exploit the vulnerability.
This hole was patched by Microsoft, when? A few weeks ago...
So other than annoying people with improperly-maintained machines, Sasser doesn't really seem to be more than a proof-of-concept, or as I believe, a virus crafted to SPECIFICALLY annoy people who's machines are not properly patched.
And let's face it; if your machine is not properly patched, it's probably already being used as a spam relay, so it's not the spammers who would want this.
Rather it feels like someone waging war ON THE SPAMMERS!
Slashdot Mirror
>Java has this problem is becuase it uses a mark-and-sweep garbage collector.
Yeah, I can see where the former is a problem, which is why I like c++ better; you can structure memory-use any way you want.
>The generational garbage collector used in newer Java virtual machines will probably help
Surely, and I wonder if at that point people will start writing their own allocation schemes in Java... I wonder what form that could take.
All the same, I like Java because it has nice consistency across its types and is well-suited to aiding in the learning of computer science.
>yet if I copy a 2GB file from one drive to another, the stupid operating system will swap out all the applications it can just to make the cache larger.
Then I would propose that when the OS does a filesystem-to-filesystem copy like that, especially if the source image is read-only, it should not be cached.
>delete ALL whitespace from the code because he thought it would make the programs smaller and faster.
It won't make it execute faster, but it'll compile faster.
>Say, fine the RIAA members $100K per non-paying incident, like they were threatening to charge the kiddie downloaders?
Well, if they're guilty of stealing from artists, like they claim P2P users are, then they should pay the same fines, shouldn't they?
Oh boy, it would be interesting to watch the RIAA lobby for that!
>How do you know they are extinct? Maybe they had a space program, left for another plnet, and let the Earth be hit by the asteroid.
;-)
Where is their technology in the fossil record then?
They didn't just invent oil, did they?
Still, you have a point; dinosaurs ruled earth for a hundred million years, right?
You figure we've been around for less than 2 million by some estimates and "ruling" the planet for even less than that.
So maybe you're right, with a hundred million years of evolution and the resultant technology, the dinousaurs teleported themselves, their belongings and their technology away just moments before the asteroid hit.
The bad news is they'll be back soon and when they see what we did with the place, well... Let's just say Godzilla would be a picnic, comparatively.
MS can easily spare a few million dollars if it's going to delay acceptance of Linux for even another week.
>A lot of free-access stock quotes are 15-30 minutes old. Plus, it was going better earlier in the day.
That's right, and the minute the stock started tanking, a Microsoft shell corporation immediately took some of the 80 million Microsoft has allotted for just such an occasion and started buying to bring the price of the stock back up.
I'm NOT kidding; I'm certain that since MS KNOWS that the average investor knows nothing about any of this, they figure they can artificially maintain SCO's credibility for them.
Call me a tin-foil-hat-wearing nut, but I'm sure if you follow the money, that's what you'll find.
>Like the airlines think Saftey, Saftey, Saftey - Microsoft need to adopt the slogan.. Security Security Security
I thought Microsoft's slogan was
"Developers developers developers" ?
http://www.ntk.net/media/developers.mpg
aztekum,
I should have titled the original post "What is this virus's PURPOSE?" instead of "What does it do?"
The method of infection is clear; it gets onto your computer by connecting on an open TCP port.
What isn't clear is WHY was this virus developed...
>RPC worms like Blaster and Sasser are impossible to ignore [...]
Yes, that's why I think that this is a Good Thing (TM), because those constantly-rebooting machines will have to be dealt with now.
Up until now, if those machines were part of a spam relay or what have you, they might have been easy to ignore if the infection didn't do anything to hinder the user too much.
Now though, there will be now way for the administrator of the machine to ignore it any longer.
And if the admin DOESN'T take care of it, well the machine can't be used to spam because it's constantly rebooting.
So, cool.
OMG
I mean I *know* I suggested something straight out of the tinfoil-hat brigade's greatest-hits, but your post makes me wonder if I'm paranoid ENOUGH.
LOL
Tell me about it!
I dumped Windows 4-5 months ago because of a bug in XP's activation module.
Even though I stopped using Windows Immediately, I still spent the first month or so looking around, evaluating distros.
I was able to access all my data all the while because I ran Knoppix as my desktop for that period.
TRULY a great, useful tool, Knoppix.
Anyhow, I finally settled on Gentoo, and apart from having a much tougher time getting everything working compared to Windows, it's been rock-solid, and I'll never go back to Windows.
>Actually, this shouldn't happen, because any clueful network/firewall guys are already doing egress filtering of outbound TCP/UDP 135-139, and 445, as a result of some other worms from the last couple years...
:-)
Probably a case of someone who brought their laptop home and has DSL/Cable.
I believe it was mentioned somewhere that sasser ACTIVATED friday or saturday, but that would mean that there had been a period of dormance before?
So you could have had an infected laptop brought into work, and when the virus activated, every machine on the LAN became a target.
I think the solution is to firewall EACH MACHINE, like Linux.
>why not just get a nice Samsung 19"
;-)
A 27-inch screen versus a 19-inch?
No contest!
>Actually your probably not doing it intentionally but your just repeating Microsoft marketing-speak
8 14 ,92037,00.html
So someone at Microsoft wrote this article and invented all the facts in it?
http://www.computerworld.com/printthis/2004/0,4
And you should know that I am NOT a Microsoft shill.
I'm not excusing Microsoft, I just think someone out there has an agenda that is different that the typical worm-writer's.
Non, no, no.
/ 0,4814 ,92037,00.html
I DON'T blame the users.
At the heart of all this is a terrible product - Windows, that has got all its users caught-up in this maelstrom of problems.
But zero-day exploits are VERY rare, if not non-existant.
Even more dangerous is releasing a patch!
Read this
http://www.computerworld.com/printthis/2004
>Maybe the problem was using XP in the first place? ;-) Maybe.
It's not to be sanctimonious, or to laugh at you, but you got infected because you hadn't patched your system recently, right?
Of course, infecting you is LOW, of course it's mean, of course it's underhanded, and I empathize with you, because it's a pain-in-the-ass...
So while a lot of innocent people will get caught by this too, I'm sure an even greater number of delinquent users will get caught.
Sorry about your troubles though. Good luck sorting it out.
Again, right!
:-)
Net effect?
These machines will keep crashing until they are DEALT WITH!
That means brought up to date.
And that means -
No more vulnerabilities, no more infections, no more spam-relays...
I think it's WONDERFUL that this worm causes the computer to reboot constantly; that's SURE to get the system the attention it requires, and in the meantime, it effectively takes it out of commission.
The whole spam-relay network is made up of apathetic users who run an infected machine, but other than being inconvenienced a little by their machine being a bit slower, either don't care, are too lazy or are clueless to address the problem.
The rationale that I've seen among those users is "well, I haven't lost any data, and other than the pop-ups, it doesn't really get in my way or bug me that much, so, meh..."
Kinda hard to ignore now though, what with your computer rebooting all the time, isn't it?
>Interesting theory, but there's one problem. Whoever wrote Sasser did not intend for it to crash systems. This is a side effect of sloppy coding; it's not intentional.
:-)
You know what?
I think that yesterday, I received a LOT LESS spam than usual. I'm talking a fraction; instead of 200-300, I only received about 20.
So even if taking down all those spam-relays was just a side-effect, I'LL TAKE IT!
Right...
But have you noticed, it can only infect computers that are not properly patched and up-to-date...
I read a while ago that 0-day exploits on Windows are mostly unheard of, while most viruses seem to come out a few weeks AFTER Microsoft has issued a patch, because the virus-writers wait for a patch to disassemble it and learn how to exploit the weakness, which is easier to do that figuring out how to exploit the vulnerability.
This hole was patched by Microsoft, when? A few weeks ago...
So other than annoying people with improperly-maintained machines, Sasser doesn't really seem to be more than a proof-of-concept, or as I believe, a virus crafted to SPECIFICALLY annoy people who's machines are not properly patched.
And let's face it; if your machine is not properly patched, it's probably already being used as a spam relay, so it's not the spammers who would want this.
Rather it feels like someone waging war ON THE SPAMMERS!
Right, but let's look at each of those;
Scanning random IP addresses on port 1068, to make copies of itself. OK, a virus needs to reproduce to have any effect, so that makes sense.
It acts as an FTP server, to copy itself, again...
I don't know the purpose of the remote shell... That one is a mystery.
What does Sasser actually DO?
Usually, viruses have a goal, like collecting your personal information, DDOSing SCO, or SOMETHING...
What does this one actually do?
My theory is that someone wrote it to disable all the spamware-infested computers out there.
They can't be spamming us if they're rebooting constantly, can they?
And if the owner doesn't disinfect them and protect them from future attacks, they'll just start rebooting again...
I mean I understand that it replicates and all, but most viruses are programmed to perform specific tasks.
Like popping-up ads on the user's machine, redirecting the user's browsing requests, DDOSing SCO, etc...
What is this viruses goal other than replicating?
Thanks for giving me a huge laugh. I needed it right about now.