<a href="http://www.sfgate.com/cgi-bin/article.cgi?file=/news/archive/2003/09/16/national1842EDT0790.DTL">http://www.sfgate.com/cgi-bin/article.cgi?file=/news/archive/2003/09/16/national1842EDT0790.DTL</a><br /><br />"Researchers from iDefense Inc. of Reston, Va., who found the new attack software being distributed from a Chinese Web site, said it was already being used to break into vulnerable computers and implant eavesdropping programs. They said they expect widespread attacks similar to the Blaster infection within days. "<br /><br /><img src="http://www.pocketpcthoughts.com/images/hansberry/redalert.gif" /><br /><br />Despite what you'd think people would learn from the original blaster attack, the patch rate still isn't that great. "Amy Carroll, a director in Microsoft's security business unit, said 63 percent more people have already downloaded the latest patch than downloaded the patch for last month's similar vulnerability during the same five-day period."<br /><br />Only 63% more? Come on people! Go to Windows Update or <a href="http://www.microsoft.com/security/security_bulletins/ms03-039.asp">Microsoft's Security Site</a> to download and install the patch. You should then visit Microsoft's site to <a href="http://www.microsoft.com/security/protect/windowsxp/firewall.asp">learn how to keep your computer secure</a>, or you can have download some software to <a href="http://protect.microsoft.com/security/protect/WSA/en/default.asp">automatically configure your machine</a> for you. Let your friends and family know abou these links so you aren't up late this weekend removing some new worm from their system like you did in mid-August.<br /><br />You can also <a href="http://support.microsoft.com/?kbid=827363">download a free tool from Microsoft</a> that will allow you to scan anywhere from a few to thousands of PCs quickly to determine if they are patched. End of public service announcement. :wink:

Am I correct that these worms do not affect Win98 machines? :oops: I know we still have two machines running Win98 :oops: The rest of the machines are patched and behind a firewall so hopefully our office is fine :)

Thanks for the help Ed!

-Eric

I am getting tired of these things. These people have nothing better to do than cause all of us (who do have better things to do) to be concerned with their (poorly coded) worms.

Am I correct that these worms do not affect Win98 machines? :oops: I know we still have two machines running Win98 :oops: The rest of the machines are patched and behind a firewall so hopefully our office is fine :)

Thanks for the help Ed!

-Eric

Virgin Win98 installs weren't be affected by the las bout - they didn't have the required functionality that was exploited.
However this was added by various upgrades ( probably Office & Internet Explorer - I can't remember off the top of my head).

As with all secuirty issues, it's always best to assume that you're vulnerable by default. I'm sure we'd all rather spend 30 minutes making sure than risk the next one doing a FORMAT C:\ on your behalf.

Take active response, don't wait for the next Welchia/Nachi (which incidentally created more problems than it was worth for our network router, but I digress) :mrgreen:

OS X is looking better and better by the day. Alas I'm in a holding pattern until a 17" G5 PowerBook shows up. *fingers crossed* Next Spring. Then I can run VPC and have the best of both worlds. :D Unfortunately that won’t rid me of patches since I still have my server and my desktop.

Also someone posted a ragging on virus writers. Don't just blame the virus writers. I lay blame as follows:

Virus\Worm Writer 50%
Microsoft code: 40%
Users that don't patch: 10%

And with blaming the user I'm being overly generous with 10%. I think it’s asinine to expect users to have to patch their system every two weeks. If for no other reason then that not everyone has a high-speed net connection. I have people coming into the IT department all the time requesting that I burn a CD of SP [whatever is the current version] or the patch of the week. These people spend hours downloading patches.
Also maybe it’s just me but I don't believe there should be such a massive security hole in an OS where it requires the department of homeland insecurity to issue a warning. Insane. Its all insane. :evil:

PS- Have you guys heard about the new Patches for Office? This applies to Office 97, 2000, and XP. Get em while they are hot and non-exploited

OS X is looking better and better by the day.You only get security by obscurity with OSX.

Take a look at the patches that Mac, RedHat Linux, BSD and all the other OSs have had. They all have patches. The only reason they don't have worms like this is they are such a small percentage of machines and the worms won't spread as fast and far as they will if they are Windows based.

OS X is looking better and better by the day.You only get security by obscurity with OSX.

Take a look at the patches that Mac, RedHat Linux, BSD and all the other OSs have had. They all have patches. The only reason they don't have worms like this is they are such a small percentage of machines and the worms won't spread as fast and far as they will if they are Windows based.


Does it really matter at this point? The fact is that they don't have any viruses. If it's because they only have a 2% market share or because they use a 10 point font for their OS or if they do the hula every morning before they code it still doesn't matter. Until I see outbreaks as widespread or as automated (Read: can automatically spread from system to system with no user intervention.) I still consider OS X, and *nix a better platform. At this point Windows is more of a necessary evil then anything else. I use it because I have several thousand dollars in software sunk into it. Our company uses it simply because that's what everyone else uses. (That whole monopoly thing again.)

And if you really want to talk about security through obscurity MS practically invented the term. During the antitrust trials they all but admitted that they used this approach to allow some of the functionality of windows to ummm well function. This was the main reason they were so rabid about giving the states the source code to Windows. They didn't go into specifics of where and how for obvious reasons.
At least with OSX you can download the source for Darwin at www.opendarwin.org. We have no idea how many more holes are in Windows. We'll never really know. And honestly do you think MS combs through 10 million lines of code searching for holes or do you think they are focusing on Longhorn at this point?
I see it this way. Apple took an opensource OS that is proven, BSD is about as rock solid as you are going to get. (We have a BSD server sitting in the corner of our computer room that hasn't been touched since I started working here and that was about 5 years ago.) They took a known proven OS and did some tweaking and slapped a GUI on it. Now where do you think they now spend their time focusing on improvements? The core OS? That's opensource. Everyone already works on that. Nope they can spend their time tweaking the GUI and all the underlying tech that OS X is based on. It’s a different design philosophy. Whether or no its a good one is debatable until heck freezes over.
Honestly before Panther I didn’t give OS X a second glance. But patching a medium sized office of 164 systems and trying to track down the users who are out of the office with their laptops and then doing it again within 2 weeks and now more patches for office has a tendency to sour one on the windows eXPerience.

Does anyone know exactly what information gets sent from your computer to MS every time you run Windows Update?

The current viruses have gotten more and more people to seriously run Windows Update more often, and more people have broadband, which makes it easier.

If Windows Update does collect information, then this is a good time for MS to collect since everyone is running it now.

If anything it sends them information about your system configuration, not anything personal. Someone would have figured it out by now if they were collecting personal information without telling users and would have sued the pants off of them. I would think they would know better then to try to pull off that stupid of a scam....goes against the CYA principal :)

Personally I have NO pity for people who get viruses because they are stupid--because they open a file, because they don't run an antivirus program, because they don't patch their machines against a KNOWN threat.....they deserve to get viruses. If you're not smart enough to know how not to get infected, then you're not smart enough to have a computer.

This does not apply to people who get infected even though they were taking all the proper precautions, which does occasionally happen, but I'd venture to say that the VAST majority of infections occur because of user stupidity.

Not to excuse the virus writers either, I mean really have you nothing better to do? But if there were no stupid people in the world, then they'd get so much less satisfaction from writing these things and many of them might get bored and give up on it.

Does anyone know exactly what information gets sent from your computer to MS every time you run Windows Update?
They only send you the catalog. Your machine then matches the available catalog with what you have installed then recommends you install those that aren't installed.

The only thing MS tracks is how many downloads are happening.

Personally I have NO pity for people who get viruses because they are stupid--because they open a file, because they don't run an antivirus program, because they don't patch their machines against a KNOWN threat.....they deserve to get viruses. If you're not smart enough to know how not to get infected, then you're not smart enough to have a computer.

This does not apply to people who get infected even though they were taking all the proper precautions, which does occasionally happen, but I'd venture to say that the VAST majority of infections occur because of user stupidity.

Not to excuse the virus writers either, I mean really have you nothing better to do? But if there were no stupid people in the world, then they'd get so much less satisfaction from writing these things and many of them might get bored and give up on it.


Well it does come down to what you define as stupid. I know more then a few people that have an alphabet soup in front of their name and literally are rocket scientists who have been hit by Blaster. The question is: Is it reasonable to expect users to run window updates on their system weekly? I mean I don't check my oil every time I fill up my tank. Maybe once a month or once every couple of months. Does that make me stupid?
As for AV updates. In the case of the 4 people I cleaned blaster off of their subscription for NAV has expired and they didn't feel like spending more cash on a product that they had already spent what? 50-60 on to begin with. Also there is the simple fact that viruses like Blaster. AV software won't catch them until Symantec releases an update. So in the meantime system will be susceptible.

And as I pointed out there are more then a few people on dialup. I know off the top of my head at least 10 of my relatives are still on dialup because they don't use it for more then e-mail and web surfing something which a dial up connection is enough. (Why spend $30-$70 a month on bandwidth you don’t need?)
Do me a favor and add up the total MB's that have been released for XP since its release. Including IE updates. Bet it totals a few hundred MB. That on a 56k connection sucks badly. Again I stand by my 50%/40%/10% figure. You can always point the finger at something or somebody but there is almost NEVER something or somebody that it 100% to blame.

Not to excuse the virus writers either, I mean really have you nothing better to do? But if there were no stupid people in the world, then they'd get so much less satisfaction from writing these things and many of them might get bored and give up on it.

You think the virus writers aren't stupid? The people exploiting the code aren't the ones intelligent enough to find the problem and whip something up that exploits it. In many cases, these brats download something that somebody else created (oftentimes a proof of concept, if for no other reason) and unleash it on the world.

Speaking of proof of concept, did you know that 60GB of data can be compressed to less than 1MB?

I still consider OS X, and *nix a better platform.

Something to think about: the PPCT server is running on Red Hat Linux 7.2, and I'm shocked at the number of security bulletins and alerts the server team alias gets. We've done a couple of critical sendmail patches lately, and apparently we have to do another one - and there was a period about a month ago where we must have received at least five or six "alert" messages about things that needed patching.

Unix and Linux are just as patch-needy as Windows from what I can see. Every OS has exploits.

What does it send again? (http://www.infoworld.com/article/03/03/21/12winman_1.html)

What does it send again? (http://www.infoworld.com/article/03/03/21/12winman_1.html)
Thanks. Prior to the change, Microsoft merely downloaded a list of all available fixes. Your PC then figured out which ones you didn't have without sending any data back to the software giant.I wasn't aware it had changed. If you knew, why did you ask? :?:

As one of the few users of this board on dial-up, I can say that it royally sucks to download patches from microsoft. I have windows 2k. I took 4 hours to download the 4th patch only to find out that I needed to already have the second one installed prior to having the fourth one installed. I went back to the site to have the second one installed (which took several hours) and then tried to install the fourth one a second time. It was taking so long that I went to sleep and let it download over night. In the morning, I found that and during one of these procedures I was promptly infected by the blaster worm that I was on the web trying to defend against in the first place. I ran norton antivirus but during my several hour exposure to the internet the worm had seriously fried my hard disks. NAV hurt it real bad, but it didn't die and it had already hurt my computer worse. I had to reformat by two harddisks and searched at my work's high speed connection to try to burn them on a CD. To my dismay I found that they were scattered all over the site and it was a royal pain getting them all together if you weren't going to let microsoft scan your computer and gather the necessary software first. I had to goto a friend's place so he could help me find the relevant downloads and then we burned them from his computer. There were plenty of advertisments allowing me to order the update CD directly from Microsoft during my search for the correct patches. Now I have a firewall in addition to my NAV for DIAL UP. That's a lot of trouble and money for an internet connection at home that cost me $10 a month, used for email and to surf the web periodically.
Previously, I hadn't bothered with the updates bc we had NAV and that checked all the emails prior to our downloading anything. Now we MUST get the updates bc blaster gets you even if you practice safe email. That's seriously uncool. Plus the dial up connection is too slow to get patches through autoupdate which just means for hassles as the jerks making the viruses and worms keep doing their mischeif. I'm hoping Longhorn is better. If not, maybe they'll leave w2k alone when Longhorn comes out.

Okay my fellow PPCT Thought Thinkers, have I got a pickle. I can't seem to download the SP1 install from the MS Update site. I constantly get the error, "Setup could not verify the integrity of the file Update.inf. Make sure the Cryptographic Service is running on this computer. Service Pack 1 Setup Error." Can someone point me the right direction.

By the way, I do have installed Norton's 2003 Firewall and Antivirus software.

Okay my fellow PPCT Thought Thinkers, have I got a pickle. I can't seem to download the SP1 install from the MS Update site. I constantly get the error, "Setup could not verify the integrity of the file Update.inf. Make sure the Cryptographic Service is running on this computer. Service Pack 1 Setup Error." Can someone point me the right direction.

By the way, I do have installed Norton's 2003 Firewall and Antivirus software.

http://support.microsoft.com/default.aspx?scid=kb;en-us;326815 :way to go:

Then I can run VPC and have the best of both worlds. :D
Sorry to disappoint you, but VPC won't work on G5 chips. :lol:

Oh, and I can't seem to install Direct X 9 on my PC thru the update service. Is there any way to redownload the update? (Whenever I try, it's obvious it sees it's already downloaded and tries (and fails) to install) :?

You can get the installer by buying a PC Gamer magazine...

or you can d/l the redistributable file which has the full update
HERE (http://www.microsoft.com/downloads/details.aspx?FamilyId=A6DEE0DB-DCCE-43EA-87BB-7C7E1FD1EAA2&displaylang=en)

Something to think about: the PPCT server is running on Red Hat Linux 7.2, and I'm shocked at the number of security bulletins and alerts the server team alias gets. We've done a couple of critical sendmail patches lately, and apparently we have to do another one - and there was a period about a month ago where we must have received at least five or six "alert" messages about things that needed patching.
Minor correction: we're running 7.3. But yes, it's patch-needy, especially system services. There were two patches to OpenSSH in the last two days, and we have to upgrade sendmail tonight. &lt;sigh>

Unix and Linux are just as patch-needy as Windows from what I can see. Every OS has exploits.
There are a few differences:

1. UNIX makes it harder to run trojans via email, as users usually aren't privileged.
2. Open-source solutions release patches quicker.
3. You don't need to reboot to install OpenSSH or sendmail upgrades.

But, yeah, every platform has service-level vulnerabilities up the wazoo. We need to slap all of these programmers upside the head and teach them to use bounded string functions, etc.

--janak

But, yeah, every platform has OS-level vulnerabilities up the wazoo. We need to slap all of these programmers upside the head and teach them to use bounded string functions, etc.
Hmm... Linus Torvalds + UNIX = Linux

perhaps Janak Parekh + UNIX = Janux! :lol: Seriously, make your own OS, Janak! :D

perhaps Janak Parekh + UNIX = Janux! :lol: Seriously, make your own OS, Janak! :D
Hah. That is a lot of work. A lifetime, quite frankly, if I were to do it. So I won't. ;)

--janak

I would pay for Janux 8O

Jason + UNIX = Jasux? :mrgreen:

Just for the record, shindullin would not be one of the "stupid users" who I don't feel sorry for. He tried to do everything right and got infected anyway. It's the people who IGNORE the warnings to patch ASAP, and run AV/Firewall software, etc, that I don't feel sorry for.

So MS still doesn't collect any personal information through Windows Update, just about your machine. I can live with that, all it tells them is statistics, nothing about who each person is.

Looks like this is what gets sent. (http://www.tecchannel.com/security/client/58/16.html)

Not much personal info.

As one of the few users of this board on dial-up, I can say that it royally sucks to download patches from microsoft.
Agreed. :evil: Windows Update is perhaps the biggest motivation for broadband yet. I'm sorry to hear of your travails, but I have no magic advice. I have some customers who are on dialup, and we're forced to download patches on other machines and burn them to CDs. A huge hassle, but what else can you do? :cry: Even if Longhorn is 5 times better, you'll still have large patches to download. Software is expanding. :(

--janak

i believe the amount of illegal windows copies is the reason for the low update-rate.

since people know that their OS is communicating with the MS server, they rather take the risk of being infected than being "discovered" by Bill.

then again, most of my friends had no idea of the blaster virus, their computers were just going nuts and they all called me to fix them :(

As one of the few users of this board on dial-up, I can say that it royally sucks to download patches from microsoft.
Agreed. :evil: Windows Update is perhaps the biggest motivation for broadband yet. I'm sorry to hear of your travails, but I have no magic advice. I have some customers who are on dialup, and we're forced to download patches on other machines and burn them to CDs. A huge hassle, but what else can you do? :cry: Even if Longhorn is 5 times better, you'll still have large patches to download. Software is expanding. :(
Hey, I'm on dialup too! I set aside one day per week that I update windows, norton, make a backup "checkpoint", run scandisk, and defrag my HD. 8) The whole process takes a few hours, but if I know in advance how long it takes then it's not so bad :D

Hmm... Linus Torvalds + UNIX = Linux

Mr. Torvalds is noted as #3 in Forbes' Top Ten Most Influential, Under The Age of 40. Awesome.

Now, I bet if Mr. Gates is still around 30+, he will be #0 in the list.

Personally I have NO pity for people who get viruses because they are stupid--because they open a file, because they don't run an antivirus program, because they don't patch their machines against a KNOWN threat.....they deserve to get viruses. If you're not smart enough to know how not to get infected, then you're not smart enough to have a computer.

Hum... I just fedex-ed one of my workstation from singapore. I am on dial-up down here in Indonesia. Yesterday, I was thinking of downloading the patch. I noted that the patch is going to take approximately 8 hours to download. 8 hours of internet connection + 8 hours of local calls = USD25. Not bad, I thought ... Started the download at 8 P.M., watched movies, play ICQ, went to bed. In the morning, I got notified that I was disconnected by the internet provider at 3 A.M., Apparently the internet provider shutted down the servers and modem banks for periodic maintenances.

I got disconnected after 7 hours of download. Can you imagine how I felt when I read the disconnection message ? :evil:

Will I download the patch again tonight ? No way jose. I'd rather backup my data, get my winXP installation CD ready, and face the virus. Bring it on.

Patching up while you are on dial-up is a pain. Especially when you have unstable internet company and telephone company that charges you by the minute of connection.

Taking a FEW HOURS - EVERY WEEK just to keep your computer from getting an internet STD doesn't seem like an "Easy life" to me. :roll: I guess that's what I have to do from now on as well. Since worms get you even when you're being careful. But it still sucks. The amount of time I'm going to have to spend on this stuff is greater than all the time I spend maintaining our cars and out yard combined. That's rather ridiculous if you ask me.

I'm sure once MS knows that it has a reliable and profitworthy user base updating regularly over broadband (along with what hardware and software they are using), the rest of its automagic update services will be launched.

OS X is looking better and better by the day.You only get security by obscurity with OSX.

Take a look at the patches that Mac, RedHat Linux, BSD and all the other OSs have had. They all have patches. The only reason they don't have worms like this is they are such a small percentage of machines and the worms won't spread as fast and far as they will if they are Windows based.
Such a comment shows quite a bit of ignorance on your part. :roll:

On a properly administered UNIX system there is pretty much nothing that a normal user can do to adversely affect the operating system (besides eating up CPU time). UNIX and Linux are infinitely more secure than Windows, and it's -not- through "obscurity".

I got notified that I was disconnected by the internet provider at 3 A.M., Apparently the internet provider shutted down the servers and modem banks for periodic maintenances.

I got disconnected after 7 hours of download. Can you imagine how I felt when I read the disconnection message ? :evil:

...

Patching up while you are on dial-up is a pain. Especially when you have unstable internet company and telephone company that charges you by the minute of connection.

http://www.interlog.com/~tcharron/wgetwin.html :)

Oh, and I can't seem to install Direct X 9 on my PC thru the update service. Is there any way to redownload the update? (Whenever I try, it's obvious it sees it's already downloaded and tries (and fails) to install) :?

You should stay away from DX9 for now though, no? Are there any games that require it? I don't think there are.. I am not too sure though as I don't have much time (or inclination even) to play games these days. *sigh*

...wellll with the exception of a few good old NES and SNES ones anyway. :)

Personally I have NO pity for people who get viruses because they are stupid--because they open a file, because they don't run an antivirus program, because they don't patch their machines against a KNOWN threat.....they deserve to get viruses. If you're not smart enough to know how not to get infected, then you're not smart enough to have a computer.
I have a bit of pity for these users. They just want to email their friends and surf the 'net. Why should they have to deal with such things as this? I also have a bit of pity for users who don't know everything they can do with their PC - voice / video chat, 3D games, etc - but that is another discussion I suppose.

On a properly administered UNIX system there is pretty much nothing that a normal user can do to adversely affect the operating system (besides eating up CPU time). UNIX and Linux are infinitely more secure than Windows, and it's -not- through "obscurity".
On a properly administered Windows system there is also pretty much nothing that a normal user can do. :roll: The key is "properly administered". Granted, Windows makes it much too easy to be an administrator, but that's changeable.

In either case, a worm can nuke one's homedirectory. That's still not really helpful.

--janak