<a href="http://www.cnn.com/2003/TECH/internet/08/13/internet.blaster.reut/index.html">http://www.cnn.com/2003/TECH/internet/08/13/internet.blaster.reut/index.html</a><br /><br />I'm just wondering how many here got bitten by the MS Blaster worm. If you haven't patched for it yet, you may get bitten by it while running Windows Update itself, as one of my employees did on their home PC. :roll: You can find out specifics about this vulnerability at <a href="http://www.microsoft.com/security/security_bulletins/ms03-026.asp">Microsoft's security site</a> which includes links to the downloads.<br /><br />Many don't bother reading the news either that has been warning them of this. I had someone tell me today they didn't open email on their home PC. :idontthinkso: Note that if you haven't patched for it yet and you are planning on waiting until this weekend, don't bother. It is estimated over 140,000 machines are infected and that number will climb in the next few days. On Saturday, they are scheduled to bring MS's Windows Update site to its knees with a DDOS attack, so you won't be able to download it then.

Knew about it weeks ago. Laughed when I got 8 IMs yesterday from different people saying the exact same thing.

Wonder what's going to happen with the alleged DDOS network being built up by some of these worms. Woo take down the RIAA! :P

I´t has been a Blast!

I work as an IT administrator for a Pricewaterhousecoopers office here in Honduras. We were attacked!!! All of our laptops were infected. We had to clean the same laptop up to 3 times! Despite our efforts to have them install the patch (we even sent it to them via lotus notes mail) few bothered doing it themselves.

I found out that people rather have us go around cleaning their machine instead of taking 5 minutes to install the patch and update their antivirus software thus preventing getting other people´s machines infected though the network.

I now have a huge head ache, becuase of this woem :| !

I am a Net Admin for a large private school and none of our 600+ machines have been infected largely do to strict policies on updates, up to date AV, and knocking on wood!! :lol:

The solution..? Stop using windows. :)

you need to add an option for the vote that says:

No, I wasn't infected because I'm smart enough to have a properly configured firewall and up-to-date virus software installed.


I'm the IT Director for a nationwide publication company and not one machine, neither in corporate offices nor telecommuters got hit with the virus. Thank god for good firewalls and AV software....

Work machine (provided by client) - Yes
My own laptop (I had to beg to have it connected to the networ) - No
...knock wood

My laptop runs ZoneAlarm and I have work really hard at keeping everything up to date (ZA, windows, office, Norton, AVG, etc.)

I had a full day of of downtime on the client machine while they figured out who's machine to fix first...because, of course, I don't have admin rights to remove it myself from the client machine....

K

Thank god for good firewalls and AV software....
Amen!!! :D

you need to add an option for the vote that says:

No, I wasn't infected because I'm smart enough to have a properly configured firewall and up-to-date virus software installed.



True!

I had a subscription to the MS Security Update service, and the patch applied a month ago. Laughing when people around me here started going home because of this.

At home, behind my cable modem I have a router, and my Win2000 desktop has Windows File and Printer share disabled.

The worst thing is - our company actually delivers update automatically to all computers, but the suckers, er, I mean users, cancel the install.

Go figure.

My machines at home were just fine. I always have them up to date. The 2,000 or so at work? Big mess. Users at work use their computers under a Win2k domain as users, so they have no access to install anything. We got hitted hard. I got out of work yesterday at 11pm (from 8am) implementing a way to deploy the patch using group policy (we don't have a SUS server) and making a file that remote users can download and run to install the patch with elevated rights. That was only for corporate users. The other 1,000 computers or so that we have at the stores were worst. We still run NT4 there, and to make things worst, only SP5. The patch won't install if you don't have SP6. So a massive rollout of SP6a and the patch took place.

I don't think I need to say that yesterday it was an interesting day at work. :D

I didn't get hit, but imagine my surprise last week to find out that my server (Windows 2000) had a Nimbda variant on it! And the most embarassing thing? The virus scanning software that I was *positive* I had installed on the machine... wasn't!

*sigh*

Work - NO. Great fire wall and anti-virus.

Home - No. Running Mac OS 9.2

:D

How about one that says "No - I have a firewall that blocks the ports properly!"

It's really funny. If broadband users took a simple Linksys/DLink/NetGear/(Insert your brand here) hardware NAT/Firewall router and put it between their broadband modem device and their network (or their computer itself), this wouldn't really happen.

Symantec says in their update on Blaster to block TCP port 4444 (this is blocked on most brands' home firewall appliances) and block TCP port 135 (usually blocked unless opened manually) and UDP port 69 (TFTP, and who uses TFTP on a daily basis anyways unless you update routers for a living?)

Broadband routers are available really cheap - and it's a no brainer to install. My mom's pretty computer illterate and she was able to read the manual and install it on her cable modem setup at her home.

Worst time to have a tech geek nightmare! 1 day before my finals, it struck our campus. I lost 8 hrs. for study time due to this virus. Couldn't go home untill 11pm :soapbox:

The solution..? Stop using windows. :)

Yep, and you can avoid dying of old age by killing yourself. My company has chosen to standardize on Windows, and all the snide comments in the world won't change that. If another operating system were as common as Windows, then it would be the target of these attacks.

A fix for this vulnerability has been available for almost a month. Microsoft notified customers on their security watch list at that time (although they were a bit overshadowed by the horrendous Cisco bug found the same day), and they sent additional notifications last week and had a warning first thing on the Windows website. The situation was also covered on several news websites last week before MSBLASTER started propagating. With that many warnings, no administrator worth his salt should have been taken unaware.

Home users are a different story, but that's who Windows Update is for.

OK, I guess I'll get off my soapbox now. Sorry for the rant.

BTW, if you are an admin who needs to manage hotfixes and patches on Windows systems, look at St. Bernard software's Update Expert...It's a great product and extremely reasonably priced. (I have no affiliation with St. Bernard, just impressed with their product)

http://www.stbernard.com/products/updateexpert/products_updateexpert.asp

-Jim

I tried to vote twice, but I couldn't. Three home PC's - no. My company laptop, yes (connected from home through my router and cable modem via VPN). Called company tech support. They confirmed it's on the network. They sent me the removal tool and patch this morning. The sad thing is they still haven't communicated anything to anyone. We've got thousands of PC's running either Win2K or WinXP and they still aren't being aggressive about fixing this.

I am a developer for a large insurance company. There policy is to not install anything until it is completly tested as to the effect it will have on our software. Hence critical patches have never been installed. We where pretty much brought to our knees yesterday as the blaster was running wild. All are on XP and many didn't even have SP1 installed. Because of that, the patch did nothing to stop the blaster. One of my co-workers without SP1 would get rid of the worm to only be immediatly reinfected because the port was still open. Yesterday was not what could be considered a fun day :cry:

Hopefully, our gurus :oops: have now seen what problems not installing patches causes that they won't be so concerned about applying MS patches to fix know vulnerabilities.

I found out that people rather have us go around cleaning their machine instead of taking 5 minutes to install the patch and update their antivirus software thus preventing getting other people´s machines infected though the network.

I know how you feel. That's what I've been doing at work lately. My home computers were fine though. I don't let anything happen to my babies.

Another reason to use Mac OS X... :lol:

The solution..? Stop using windows. :)
Nope, not enough ;) Note that gnu.org was hacked by a wu-ftpd vulnerability today. That said, the frequency of buffer overflows in MS code as of late has been astonishing, and hits at Microsoft's credibility in releasing secure code. :? It's not hard to write buffer overflow-free code, if you apply the proper practices; I've done it myself. I understand that MS has a lot of legacy code that's difficult to revamp, but they need to take more drastic measures or their reputation will continue to suffer blows.

jmulder: there's also Microsoft's (free) Software Update Services tool for Windows networks. Worth checking out if you have 20+ machines.

--janak

It's really funny. If broadband users took a simple Linksys/DLink/NetGear/(Insert your brand here) hardware NAT/Firewall router and put it between their broadband modem device and their network (or their computer itself), this wouldn't really happen.
Actually, many infections were caused by infected laptops being plugged into a LAN behind a firewall. At that point, the firewall's useless. ;) However, a good router/firewall is a very good first line of defense. It certainly helped one of my clients.

--janak

I am a developer for a large insurance company. There policy is to not install anything until it is completly tested as to the effect it will have on our software.
This is a major, and increasing, problem as the time between patch availability and worm release decrease. Microsoft & co. can't afford to sit on their laurels much longer -- before long, we'll have worms loosed the same day or a day after the patch is out -- and they'll cause incredible amounts of damage. On the other hand, a lot of large companies can't afford to deploy untested patches -- sometimes patches have side effects that wreak havoc. I have one server that runs perfectly fine under W2kSP3 but keels over immediately after applying W2kSP4. Fortunately this patch installs without SP4.

If you want to read a truly scary research paper on the subject, check out "How to 0wn the Internet in your spare time" (http://www.icir.org/vern/papers/cdc-usenix-sec02/). It was presented at the USENIX conference (a rather prestigious operating systems conference) last year. It truly is only a matter of time until disaster strikes.

--janak

I'm using a router and I have never even had a virus on my computer before. I just started using Zone Alarm the other day when I heard about this new worm....figured it would be a good idea just in case. Maybe I'm just lucky that I have never had a virus....or maybe it's because I'm using a router and I tweak my system out so much and disable all of those services running in the background that I can't get hacked. :?

Thank god for good firewalls and AV software....
By the way, I highly recommend Symantec's Corporate Antivirus software for networks. It's one slick solution for doing distributed antivirus management. You can lock the settings down thoroughly so the end-users can't uninstall or turn off virus protection. You can even enable automatic LiveUpdate in v8.x when they're away from the network too long. And yes, SAVCE is another good first-line defense. There was one box at one client that we overlooked patching :oops: but SAVCE immediately quarantined the executable before it had a chance to run.

--janak

The solution..? Stop using windows. :)

That's the plan when I get a 17" PowerBook. But not until a G5 PB shows up. The current G4 is a snail compared to the Pentium M so I will be waiting for a G5er.

After last week of upgrading to SP3 (I can't do SP4 since it breaks a few of our corp wide applications and I only got the go ahead to install SP3 a few weeks ago.) and this patch on 164 computers its no longer if I'm getting a Mac. Its when. I'm sick of patches. I can't keep my home server up for more then 3 weeks because of the patch of the month put out by MS.

I don't need this headache anymore.

That's the plan when I get a 17" PowerBook. A last the current G4 is a snail compared to the Pentium M so I will be waiting until a G5 shows up in a PowerBook.
The irony is, migration to OS X for security is effectively a "security through obscurity" mechanism for now. Since the population of OS X users is relatively small, the number of attacks against it are few and far between.

However, the other interesting thing about UNIX OSes is that they're far more modular, and as such deploying updates is quite a bit easier. There's no registry, just dot-files, so one can theoretically do a distributed copy, a distributed reboot, and boom! Patched from one computer. This does require some expertise, though.

--janak

That's the plan when I get a 17" PowerBook. A last the current G4 is a snail compared to the Pentium M so I will be waiting until a G5 shows up in a PowerBook.
The irony is, migration to OS X for security is effectively a "security through obscurity" mechanism for now. Since the population of OS X users is relatively small, the number of attacks against it are few and far between.

However, the other interesting thing about UNIX OSes is that they're far more modular, and as such deploying updates is quite a bit easier. There's no registry, just dot-files, so one can theoretically do a distributed copy, a distributed reboot, and boom! Patched from one computer. This does require some expertise, though.

--janak

Actually I'm aware that since OS X only has what? a 2.5% market share they aren't going to be as targeted by virus writers but it doesn't change the fact that there is limited virus activity on the Mac and I don't have to patch the crap out of it.
I'm also quite happy with our only Unix based server in our office. Brown betty I like to call her. Been running for. Heck. Since I started working here 5 years ago. Its never gone down. That's reliability. When you can shove a server in the corner and let it do its thing. If the same can be applied to what was it? Darwin? In OS X. Apple has a very solid foundation to work on. IMHO of course.

That's the plan when I get a 17" PowerBook. But not until a G5 PB shows up. The current G4 is a snail compared to the Pentium M so I will be waiting for a G5er.

After last week of upgrading to SP3 (I can't do SP4 since it breaks a few of our corp wide applications and I only got the go ahead to install SP3 a few weeks ago.) and this patch on 164 computers its no longer if I'm getting a Mac. Its when. I'm sick of patches. I can't keep my home server up for more then 3 weeks because of the patch of the month put out by MS.

I don't need this headache anymore.

Eep. Don't even get me started on windows as a server OS.

...the frequency of buffer overflows in MS code as of late has been astonishing, and hits at Microsoft's credibility in releasing secure code.

Agreed. But in Microsoft's defense (and call me a MS fanboy if you must), there have been very few critical updates pertaining to Windows Server 2003, which was the first OS released since Microsoft underwent 'security training' last year. Granted, this particular vulnerability does affect Win2K3, but there have been several critical security notifications that did not pertain to Win2K3.

jmulder: there's also Microsoft's (free) Software Update Services tool for Windows networks. Worth checking out if you have 20+ machines.

Yep, but in usual MS style, it's just enough to get the job done, not necessarily enough to get the job done well. I would also highly recommend the free Microsoft Baseline Security Analysis (MBSA) tool (available on Microsoft's site), even for home users.

Agreed. But in Microsoft's defense (and call me a MS fanboy if you must), there have been very few critical updates pertaining to Windows Server 2003, which was the first OS released since Microsoft underwent 'security training' last year.
Agreed, and they've done some nice work in locking down services (finally!) in WS2k3. Privilege separation in IIS and secure browsing in IE were things that I noticed right away. Still, WS2k3 has a lot of legacy code, and that worries me; it remains to be seen how much of it has been cleaned up.

--janak

We have a large user base who, due to the nature of their jobs, need to have Admin rights to the workstation. Also, many are out of the office connecting to client networks and/or high speed connections at home. Still, thanks to NAV Corporate Edition and SMS, we have had relatively few workstations affected.

A funny side note: I worked on the MS03-026 installer for our company when it first came out. It was my main focus for a couple days. It went out without a hitch. Yesterday one of my home machines got hit with Blaster. I forgot my home systems after making sure over 5000 of the machines at work were safe! :bangin:

you need to add an option for the vote that says:

No, I wasn't infected because I'm smart enough to have a properly configured firewall and up-to-date virus software installed.


I'm the IT Director for a nationwide publication company and not one machine, neither in corporate offices nor telecommuters got hit with the virus. Thank god for good firewalls and AV software....
No patch and you are still vunerable. All it takes is one contractor or employee with an infected machine to RAS in or VPN in to your LAN and take all of your machines out. You have to get the patch so your RPC service isn't vunerable. :D

Hi,
I, too, think you forgot a valid choice. I have a d-link router with a firmware firewall in front of a xp machine and a me machine. I think this protects me from that cr*p. Can someone who knows more than I about a router confirm or not.
Thanks,
Ron...

I wish people would stop having the attitude of "oh, how stupid you must be to not get the latest patches, la la la".

No. It doesn't work that way; not when you're on dial-up. Any patch over 2MB is excruciatingly difficult to get. For example, there are two critical patches I have been trying and trying to get, they are both 5.3MB in size. Even taking them one at a time, I usually get disconnected, either from Windows Update, or from the internet totally before I get them downloaded; this is at any given time of the day, not just busy times. Remember, you cannot resume downloads from Windows Update (as far as I know, if there is a resume, it must be really obscure).

So, when you live out in the sticks, by no choice of your own (I'm 17), and you can only get a 26.4k connection, even the smallest of files can be very hard to get. (no, $70/month crappy satellite is not really an option)

To answer the question, though, I haven't been hit by it.

Hi,
I, too, think you forgot a valid choice. I have a d-link router with a firmware firewall in front of a xp machine and a me machine. I think this protects me from that cr*p. Can someone who knows more than I about a router confirm or not.
Thanks,
Ron...

The router helps prevent the spread, but there are still ways to get it, especially in corporations that often have outsiders dial in or connect to their LAN behind the firewall. You should definitely get the patch.

Think of it this way. The patch is a vaccination. Your firewall is a space suit. As long as you keep the suit on, you don't need the vaccination. If for whatever reason, you take the suit off, or you let someone in the suit with you (uhm.... where am I going it this.... :wink: ) you can get infected.

Get the vaccination, and keep the suit on too!

you need to add an option for the vote that says:

No, I wasn't infected because I'm smart enough to have a properly configured firewall and up-to-date virus software installed.
No patch and you are still vunerable. All it takes is one contractor or employee with an infected machine to RAS in or VPN in to your LAN and take all of your machines out. You have to get the patch so your RPC service isn't vunerable. :D
That may be true in his case, but, in a home network, that's not as likely to be an issue. How many people are going to be bringing in laptops and hooking into my network? :-)

I voted that I had the patch installed automatically, but I'm not sure. Since the poll didn't identify a patch, how does one know if they have it installed?

Also, I have Windows Update notify me when an update is available, but I decide if it gets installed. I still count that as automatic because I didn't go out and search for the patch, download it myself, etc.

Steve

I voted that I had the patch installed automatically, but I'm not sure. Since the poll didn't identify a patch, how does one know if they have it installed?
Go to Windows Update (manually), and see if it's listed in Critical Updates. If not, you've almost definitely installed it. Detailed instructions on verifying patch installation are in the MS03-026 (http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-026.asp) bulletin.

--janak

you need to add an option for the vote that says:

No, I wasn't infected because I'm smart enough to have a properly configured firewall and up-to-date virus software installed.
No patch and you are still vunerable. All it takes is one contractor or employee with an infected machine to RAS in or VPN in to your LAN and take all of your machines out. You have to get the patch so your RPC service isn't vunerable. :D
That may be true in his case, but, in a home network, that's not as likely to be an issue. How many people are going to be bringing in laptops and hooking into my network? :-)
Maybe none, but when I have problems with my DSL connection, the first thing BellSouth wants me to do is connect my PC directly to the DSL modem, so I have to take my "suit" off temporarily.

Patch, patch patch. I am quite surprised the number of people that want to leave the security risk in place and assume that a router offers 100% protection. Just install the patch for petes sake. I udnerstand corps need time to get them tested, but home users? Just install the thing.

No critical updates are listed for my machine via Windows Update, so I assume I am safe. As a rule I check for critical updates on a weekly basis. Evidently the last update I installed included this fix. I really wish more people would take viral security more seriously. Windows update is our friend. Visit him often. :bangin:

No critical updates are listed for my machine via Windows Update, so I assume I am safe. As a rule I check for critical updates on a weekly basis. Evidently the last update I installed included this fix. I really wish more people would take viral security more seriously. Windows update is our friend. Visit him often :bangin:

Just set WU to download automatically and remind you. I rarely visit the site directly.

I wish people would stop having the attitude of "oh, how stupid you must be to not get the latest patches, la la la".

No. It doesn't work that way; not when you're on dial-up. Any patch over 2MB is excruciatingly difficult to get. For example, there are two critical patches I have been trying and trying to get, they are both 5.3MB in size. Even taking them one at a time, I usually get disconnected, either from Windows Update, or from the internet totally before I get them downloaded; this is at any given time of the day, not just busy times. Remember, you cannot resume downloads from Windows Update (as far as I know, if there is a resume, it must be really obscure).

So, when you live out in the sticks, by no choice of your own (I'm 17), and you can only get a 26.4k connection, even the smallest of files can be very hard to get. (no, $70/month crappy satellite is not really an option)

Sounds like you need a new ISP. When I was on 28.8 with a several-year-old 33.6kbps modem (56kbps had been out for a very long time at that point, our ISP just didn't care to upgrade) I rarely had that problem. And this ISP wasn't known for it's excellent service!

And I never let it download automatically. When I see the little globe in the system tray, I check out evreything about it before I download. At that point, I usually download and install the update, but not always. Microsoft has made mistakes in the past, ya know.

I wish people would stop having the attitude of "oh, how stupid you must be to not get the latest patches, la la la".

No. It doesn't work that way; not when you're on dial-up. Any patch over 2MB is excruciatingly difficult to get.

To answer the question, though, I haven't been hit by it.

You will. I know 2 users on dialup that have been bitten already. Normally dialup users aren't targeted because they are slow connections, but this worm doesn't care. It is scanning IP ranges and doesn't give a flip about whether or not you are on a dialup or broadband network.

If you are having that much trouble over dialup, you should get another ISP. I remember downloading 50MB NT servicepacks over dialup. I'd start them at night and they'd be done when I woke up. 28K baby! :rock on dude!:

Just set WU to download automatically and remind you. I rarely visit the site directly.

Ya and wait for the day a hacker\cracker infects a windows update server and.....

So far so good at the western front. We have almost 600 servers and 10,000 machines and so far no one has been hit. But, I am still at it with the rest of the guys patching like it is going out of style. Thank god for RIS.

It's really funny. If broadband users took a simple Linksys/DLink/NetGear/(Insert your brand here) hardware NAT/Firewall router and put it between their broadband modem device and their network (or their computer itself), this wouldn't really happen.
Actually, many infections were caused by infected laptops being plugged into a LAN behind a firewall. At that point, the firewall's useless. ;) However, a good router/firewall is a very good first line of defense. It certainly helped one of my clients.

--janak

A good firewall blocks things both ways. Yes, it may infect other machines behind the firewall, but nothing goes out.

Just set WU to download automatically and remind you. I rarely visit the site directly.

Ya and wait for the day a hacker\cracker infects a windows update server and.....
Nothing is hack proof, but WU uses SSL and digital certificates for all of their updates. Any hacker with those skills would be better served ripping off a bank, not annoying Microsoft.

I have a firewall and now have the patch, so I'm okay (I guess).

But about ISPs... well, it doesn't matter, I've tried a few different ones and they are all the same, 26.4k. The phones lines here are probably too old and full of noise to support a better connection, since the numbers are 56k capable.

Keep in mind, I can't get cable TV or mobile phone signals here either. :roll:

I have a firewall and now have the patch, so I'm okay (I guess).

But about ISPs... well, it doesn't matter, I've tried a few different ones and they are all the same, 26.4k. The phones lines here are probably too old and full of noise to support a better connection, since the numbers are 56k capable.

Keep in mind, I can't get cable TV or mobile phone signals here either. :roll:
Totally OT, but I had a telephone guy tell me that many times when this is the case, you can switch two wires in your phone box out side of your house and your connectoins may go up to 43K and above. You might google for info on it or contact a phone repair person that has a clue about modems and connectivity. It has no bearing on voice calls, but data calls do care about these two wires and how they come into the house.

Does the poll first choice mean Windows 98 is not affected?

Apparently Win98 and SE are not affected, or at least so reports our national radio service. Neither is ME, so our two notebooks should be safe from this one.

I don't often connect to my ISP with a PC, though my girlfriend does from hers. Having seen the nightmares of virus-vulnerability with a couple of family members who use cable or DSL, I just ain't interested. Dialup is plenty fast for my needs.

When I do connect the other notebook, it's pretty much just to get Windows Updates or those freebie Reader novels this summer (which of course MS doesn't let PPC users download direct to the device). Otherwise, I connect via a Socket modem from my iPAQ. Since there are exactly zero virii for the PPC, I'm safe thus far. I don't even use the notebooks to download the latest AVG virus definitions; the iPAQ grabs those in about 15 minutes. I distribute them via CF card/PC adapter to the two notebooks and they have the best AV I've encountered without ever connecting to the web and becoming exposed to dangers in the process. AVG nails down anything before it can launch, as their team seems to keep the difinitions more current than anyone else.

Just thought I mention my situation, as yet another user pattern which isn't available in the Vote list. Being a PPC guy has advantages, kinda like Mac in this case.

Yeah we also have the Symantec AV Enterprise Edition suite (SAVCE, SAV/Exchange/Domino, SAV/SMTP-Gateway, Web Security, etc). Per our maintenance contract we got the latest 8.6 suite update in the mail a few weeks back, but keep forgetting to install it on our servers :oops:

Anyways I've MS patched all servers but still have to contend w/ the clients (sorry to say we don't yet have a fully comprehensive IT maintenance policy). IIRC I did close off some of these ports on our Cisco router a long time ago though...

No critical updates are listed for my machine via Windows Update, so I assume I am safe. As a rule I check for critical updates on a weekly basis. Evidently the last update I installed included this fix. I really wish more people would take viral security more seriously. Windows update is our friend. Visit him often :bangin:

Just set WU to download automatically and remind you. I rarely visit the site directly.

Ed, where exactly is this "checkbox" to do Windows Updates automatically? I remember when I had it on, but I switched it off, and now I don't remember where this feature was located within Windows.

As for a new OS besides Windows; Red Hat Linux 9 offers an amazingly new way to control your computer and is VERY stable, from what i've heard. Also, since Linux is an open source platform, if a virus is caught from anyone, a patch fixing this file would be out within hours.

I hope you all remain safe, and update your AV's, firewalls, and Router firmware (although this eventually would not allow me to walk into somewhere and leech :mrgreen: )

I have rollback software installed, so it doesn't matter what happens to my computer, it always returns to the exact same state after rebooting :-) Take that h4x0r$!

My Norton Anti-Virus defs were up to date and I still got it. :oops:
It detected the virus, but couldn't delete it.

I want a firewall, but the last time I installed Zonealarm, I couldn't sync my ppc with my desktop.

Any suggestions?

Just set WU to download automatically and remind you. I rarely visit the site directly.

Ed, where exactly is this "checkbox" to do Windows Updates automatically? I remember when I had it on, but I switched it off, and now I don't remember where this feature was located within Windows.
In XP, it is on the Automatic Updates tab of the System icon in the Control Panel. In 2000, I think there is a new Automatic Updates icon in the control panel.

Come to think of it, I have never gotten a virus or anything on my Mac G4...Smooth sailing all the way. :)

Our Windows 2000 systems at work though got slammed and just came back up yesterday.

Come to think of it, I have never gotten a virus or anything on my Mac G4...Smooth sailing all the way. :)
Reminds me of an old joke. "Of course Mac's don't get viruses. Nobody writes anything for the Mac. :rotfl:

Sounds like you need a new ISP...
Slow or dropped connections aren't always the fault of the ISP; more often than not, they're the result of older or faulty phone lines. For example, I know that from home I can use my corporate dial-up connection and get 48kps, but from my mother-in-law's house in another state the best I can hope for is a 24kps connection which gets dropped about every 20 minutes.

Yep I've been getting phone calls from friends, from friends of friends and from friends of friends of friends etc in a panic. Saying their computer keeps wanting to shut down and it the exact same problem on every machine.


I really should start charging.

Slow or dropped connections aren't always the fault of the ISP; more often than not, they're the result of older or faulty phone lines. For example, I know that from home I can use my corporate dial-up connection and get 48kps, but from my mother-in-law's house in another state the best I can hope for is a 24kps connection which gets dropped about every 20 minutes.
When my father moved to the boonies in S. Carolina, he could only get a 9600 connection. If he was lucky. 8O

It was the phone system, because even trying to make a voice call, there was TONS of static on the line.

People talk as if MS is the only one with these problems. - http://msnbc-cnet.com.com/2100-1009_3-5063683.html?part=msnbc-cnet&tag=alert&form=feed&subj=cnetnews

Redhat 8 has 84 security fixes since Jan 1, 2003. https://rhn.redhat.com/errata/rh8-errata-security.html

MS has 13 for the same time period for Windows 2000. http://www.eu.microsoft.com/technet/treeview/default.asp?url=/technet/security/current.asp?productid=6&servicepackid=0&submit1=go&isie=yes and 12 for Windows xp - http://www.eu.microsoft.com/technet/treeview/default.asp?url=/technet/security/current.asp?productid=121&servicepackid=0&submit1=go&isie=yes

casioman; if you feel like it, give AVG a go. It's been rock solid for me since I first found out about it in a thread on PocketPCPassion winter before last, from Dale Coffing. I use the free edition, which covers all the virii for single, private users, and no networks. If you intend to use it for a business, then you'll want the latest Pro edition, now version 7.0. Unlike Norton, McAfee, and others I've used, AVG doesn't mess with the smooth booting and running of the PC. It's the most transparent AV made, as far as I can tell. You only really notice it when it finds something, and then it locks all functions down instantly and gives a virus no opportunity to do anything, just renders the virus inoperable before letting the user regain control of the PC.
http://www.grisoft.com/us/

Unlike Norton, McAfee, and others I've used, AVG doesn't mess with the smooth booting and running of the PC.
I have Norton AV installed on 4 home PCs I am responsible for, including my own and McAfee VirusScan Enterprise on our corporate boxes - all XP Pro or Win2K Pro. I've never seen a problem with booting after installing these. XP had a bug that has since been fixed (introduced in Feb, fixed in May/June) on file access with all AV products, but that was within the AV API and not a problem with a specific vendor.

What boot problems are you referring to?

Actually, many infections were caused by infected laptops being plugged into a LAN behind a firewall. At that point, the firewall's useless. ;) However, a good router/firewall is a very good first line of defense. It certainly helped one of my clients.
A good firewall blocks things both ways. Yes, it may infect other machines behind the firewall, but nothing goes out.
Uh, say that again? I'm talking about a machine plugged in behind a firewall infecting machines over the LAN. If you want to isolate every machine on the LAN from each other, it isn't really a LAN, then, is it? About the only time you want such a disconnected LAN is if everyone is only doing Internet access and no file sharing.

--janak

Apparently Win98 and SE are not affected, or at least so reports our national radio service. Neither is ME, so our two notebooks should be safe from this one.
Correct -- neither have a RPC service.

I don't often connect to my ISP with a PC, though my girlfriend does from hers. Having seen the nightmares of virus-vulnerability with a couple of family members who use cable or DSL, I just ain't interested. Dialup is plenty fast for my needs.
Really??? 8O I could never go back to dial-up permanently.

--janak

Does the poll first choice mean Windows 98 is not affected?

Only 2000 Pro and XP.

I don't often connect to my ISP with a PC, though my girlfriend does from hers. Having seen the nightmares of virus-vulnerability with a couple of family members who use cable or DSL, I just ain't interested. Dialup is plenty fast for my needs.
Really??? 8O I could never go back to dial-up permanently.
I've already seen dialup users infected with this worm. The slow speed is no barrier like it is for someone that wants to hack into your system and poke around.

Only 2000 Pro and XP.
No -- you forgot NT4, 2000 Server and WS2k3 (and presumably 3.51, but if you have that on the net, you have other problems). Every NT-based OS is vulnerable.

--janak

I've already seen dialup users infected with this worm. The slow speed is no barrier like it is for someone that wants to hack into your system and poke around.
Oh, I know. Worms are very very small -- it's just enough code to trigger the buffer overflow, and to load in the TFTP client. The exploit itself is probably a few hundred bytes. I'm just commenting on the fact that Gerard seems to use dial-up mostly for his Internet surfing. ;)

--janak

My Norton Anti-Virus defs were up to date and I still got it. :oops:
It detected the virus, but couldn't delete it.

I want a firewall, but the last time I installed Zonealarm, I couldn't sync my ppc with my desktop.

Any suggestions?

Tell Zonealarm to let WECESmgr.exe and WCEScomm.exe access the internet. You can both of them without any problems.

Only 2000 Pro and XP.
No -- you forgot NT4, 2000 Server and WS2k3 (and presumably 3.51, but if you have that on the net, you have other problems). Every NT-based OS is vulnerable.

--janak

All NT based versions of windows? I thought it was only 2k and XP. Hmm. Regardless I'm sure I'll do fine since my machines all run UNIX, with the exception of a 2k Pro install on main workstation for windows development. :)

All NT based versions of windows? I thought it was only 2k and XP. Hmm.
• Microsoft Windows Server 2003, 64-Bit Enterprise Edition
• Microsoft Windows Server 2003, Enterprise Edition
• Microsoft Windows Server 2003, Standard Edition
• Microsoft Windows XP Professional
• Microsoft Windows XP Home Edition
• Microsoft Windows XP Media Center Edition
• Microsoft Windows XP Tablet PC Edition
• Microsoft Windows 2000 Advanced Server
• Microsoft Windows 2000 Professional
• Microsoft Windows 2000 Server
• Microsoft Windows NT Server 4.0
• Microsoft Windows NT Server 4.0 Terminal Server Edition
• Microsoft Windows NT Workstation 4.0

They no longer even test NT 3.x, but I am sure it is vulnerable too.

Janak and Ed; Yes indeed, dialup is plenty for my needs. I don't have any interest in downloading 50MB+ files, and for anything less there's CEDownloader on the iPAQ or FlashGet on the PC, making it easy enough to start a big download and then go to sleep or go for a hike. Actually, the largest file I've downloaded was some silly video editing suite, a 29.5MB trial version, which turned out not to be able to convert MOV to MPG anyway so I deleted it. The second largest was the bSquare Utility Suite, back in 2000, which came in just over 28MB. Mostly I don't grab any files bigger than about 4 or 5MB, with newer versions of Textmaker at around 12MB being the main exception. Even those don't take all that long on the iPAQ, maybe 90 minutes if I recall correctly. My Socket CF modem performs very nicely, and my ISP, Quik, has very good modems and guarantees the highest potential speed available for dialup.

As for the AV comments I made, well, my experience isn't that extensive. I've seen Norton misbehave on the PCs of two relatives, and no amount of updating or reinstalling could stop the errors reported on reboots. I ended up uninstalling it on both. Stubborn thing to get rid of! Both my aunt and sister-in-law now run AVG, and neither has had an infection of any kind since, as I've configured their's to automatically scan for AV definition updates.

McAfee has misbehaved similarly for another relative, and oddly, she persists in using it. Guess it's because she paid so much for it... McAfee supresses AVG functions until fully uninstalled, at which point AVG springs into life and starts scanning for virii (that was a bit of a surprise, actually). She had to do a total hard drive format last spring, while keeping all the McAfee stuff current, thanks to a couple of worms that snuck in while her ADSL modem was connected and she was asleep. There was no firewall that I know of, but I'm no broadband expert, and neither is she... Anyway, she's back to using McAfee again, and we'll see if she gets this infection. Hope not.

I get the feeling that people are generally nervous about a free AV, as though by not paying one is not getting anything worthwhile. In my rather extensive experience of PPC freeware I've found that there is no definable difference, no safe generalisation regarding the relative merits of freeware and shareware. At least half of my favourite programs don't cost a dime, and work flawlessly. Many sharewares are buggy as hell. I just think that if you want a proven and reliable AV program, Grisoft's is a good way to go.

Actually, the largest file I've downloaded was some silly video editing suite, a 29.5MB trial versionKind of makes me nervous. I take it you use Win98 or ME then? If you have 2000 or XP, you have a 30+MB download to do to get them on the latest SP, then for XP about 90MB of patches. With 2000, SP4 released just a few weeks ago means you only have 4-5MB of patches to download after the SP.

That's right. Our older notebook, a dog of an Acer Travelmate, runs Win98SE, and my girlfriend's Fujitsu notebook runs ME. We're happy enough not spending any more money on PC junk, though a recent boo-boo on her part (involving an OK on a final warning from the DVD drive, playing a Japanese DVD) means we'll be buying 'RegionFreeDVD' this week. For the most part I ignore the PCs, just using one for unpacking CAB files from some PPC installers, and for capturing video from my VCR using an IREZ cable. Oh, I rip the odd CD to MP3 too. That's about it. The Acer kinda sits there feeling sorry for itself most of the time. I find Pocket IE easily adequate for forums and software downloads, and am primarily a PPC user, not a PC user. If developers would all just release stuff as ZIPped CAB files I'd be a lot happier.

Actually, many infections were caused by infected laptops being plugged into a LAN behind a firewall. At that point, the firewall's useless. ;) However, a good router/firewall is a very good first line of defense. It certainly helped one of my clients.
A good firewall blocks things both ways. Yes, it may infect other machines behind the firewall, but nothing goes out.
Uh, say that again? I'm talking about a machine plugged in behind a firewall infecting machines over the LAN. If you want to isolate every machine on the LAN from each other, it isn't really a LAN, then, is it? About the only time you want such a disconnected LAN is if everyone is only doing Internet access and no file sharing.

--janak

A good firewall will not allow traffic out to the real world unless you tell it to pass it. So, if someone took an infected laptop and put in on your private side of the network, your firewall should still block the traffic to where it's 1) not participating to infect others in the real world, and 2) it's not receiving any commands from the real world to trigger anything else.

The said infected laptop is still going to infect everything on your side of the firewall, but it's not going to contribute to the problem at large. It's all localized.

Does this make sense?

The said infected laptop is still going to infect everything on your side of the firewall, but it's not going to contribute to the problem at large. It's all localized.That is of no consolation to the IT department and employees that are down. Patch, patch, patch.

I saw a real-life virus-caused-mess yesterday.

The 24 hour customer service department, which has approximately 500 persons and 300 PCs went out-of-service for 24+ hours yesterday. The PCs are worm-infested. The customer service department has a very strict downtime limit in their KPI: 5 minutes maximum in 7x24 hours.

And they were down for 24 hours yesterday. I predicted that several IT people will get a last warning letter because of the incident.

Yep I've been getting phone calls from friends, from friends of friends and from friends of friends of friends etc in a panic. Saying their computer keeps wanting to shut down and it the exact same problem on every machine.


I really should start charging.

Tell them to go to the command prompt and type shutdown /a. This will abort the shutdown allowing them time to get to windows update and let the virus scan get rid of the blasted blaster.

When I do connect the other notebook, it's pretty much just to get Windows Updates or those freebie Reader novels this summer (which of course MS doesn't let PPC users download direct to the device). Otherwise, I connect via a Socket modem from my iPAQ. Since there are exactly zero virii for the PPC, I'm safe thus far. I don't even use the notebooks to download the latest AVG virus definitions; the iPAQ grabs those in about 15 minutes. I distribute them via CF card/PC adapter to the two notebooks and they have the best AV I've encountered without ever connecting to the web and becoming exposed to dangers in the process. AVG nails down anything before it can launch, as their team seems to keep the difinitions more current than anyone else.

Just thought I mention my situation, as yet another user pattern which isn't available in the Vote list. Being a PPC guy has advantages, kinda like Mac in this case.Excuse my ignorance, what is a Socket modem??? :?:
I am still in prepaid cellphone service.... :mrgreen:

Excuse my ignorance, what is a Socket modem??? :?:
I am still in prepaid cellphone service.... :mrgreen:

A popular brand of modem. http://www.socketcom.com/product/56k.asp

Thanks Ed. I did a review of the Socket CF modem (for dialup connections) on pocketnow, here:
http://www.pocketnow.com/index.php?a=portal_detail&t=reviews&id=181

Strangely, it offers consistently faster download speeds than should be possible over a 56K/V.90 connection, and even faster if I use it with a notebook PC via a CF>PC adapter. Grabs files rather quickly. My old Casio CF modem behaved the same way, delivering most satisfactory connected speeds. Too bad about the fragility of that Casio, as I quite liked it. Dumb to use a dongle between the phone line and the card though. The Socket is nice and simple.

Anyway, this has got WAY off topic. Sorry about that.

A good firewall will not allow traffic out to the real world unless you tell it to pass it. So, if someone took an infected laptop and put in on your private side of the network, your firewall should still block the traffic to where it's 1) not participating to infect others in the real world, and 2) it's not receiving any commands from the real world to trigger anything else.
Right. I've deployed firewalls for a living, so I know. ;) But the original post I quoted mentioned AV and firewalling being sufficient. As Ed says, it's not, for all the machines behind the firewall.

--janak

Tell them to go to the command prompt and type shutdown /a. This will abort the shutdown allowing them time to get to windows update and let the virus scan get rid of the blasted blaster.
I didn't know about the shutdown command, so I'm glad you mentioned that.

However, to do what you said, wouldn't someone have to invoke a command prompt during the shutdown and manage to type that command in rather quickly? I suppose you could have the prompt open and create a batch file with a short name to invoke that command.

I also noticed there's a remote shutdown command. That could be some fun. :twisted:

Steve

However, to do what you said, wouldn't someone have to invoke a command prompt during the shutdown and manage to type that command in rather quickly? I suppose you could have the prompt open and create a batch file with a short name to invoke that command.
You have about 60 seconds, so it isn't too bad.

--janak

However, to do what you said, wouldn't someone have to invoke a command prompt during the shutdown and manage to type that command in rather quickly?
You have about 60 seconds, so it isn't too bad.
If you have the presence of mind to fire up the command interpreter and type that in, you probably have a clue and downloaded the patch.

If you have the presence of mind to fire up the command interpreter and type that in, you probably have a clue and downloaded the patch.
:rofl: Of course, people with clues could still help the clueless with that tip.

Steve