09-17-2003, 01:00 PM
|
|
Contributing Editor Emeritus
Join Date: Aug 2006
Posts: 8,228
|
|
Son Of Blaster On The Way - Get Patched
http://www.sfgate.com/cgi-bin/article.cgi?file=/news/archive/2003/09/16/national1842EDT0790.DTL
"Researchers from iDefense Inc. of Reston, Va., who found the new attack software being distributed from a Chinese Web site, said it was already being used to break into vulnerable computers and implant eavesdropping programs. They said they expect widespread attacks similar to the Blaster infection within days. "
Despite what you'd think people would learn from the original blaster attack, the patch rate still isn't that great. "Amy Carroll, a director in Microsoft's security business unit, said 63 percent more people have already downloaded the latest patch than downloaded the patch for last month's similar vulnerability during the same five-day period."
Only 63% more? Come on people! Go to Windows Update or Microsoft's Security Site to download and install the patch. You should then visit Microsoft's site to learn how to keep your computer secure, or you can have download some software to automatically configure your machine for you. Let your friends and family know abou these links so you aren't up late this weekend removing some new worm from their system like you did in mid-August.
You can also download a free tool from Microsoft that will allow you to scan anywhere from a few to thousands of PCs quickly to determine if they are patched. End of public service announcement. :wink:
|
| |
|
|
|
09-17-2003, 02:55 PM
|
|
Intellectual
Join Date: Feb 2007
Posts: 169
|
|
Am I correct that these worms do not affect Win98 machines?  ops: I know we still have two machines running Win98 ops: The rest of the machines are patched and behind a firewall so hopefully our office is fine 
Thanks for the help Ed!
-Eric
|
| |
|
|
|
09-17-2003, 02:58 PM
|
|
Ponderer
Join Date: Jan 2003
Posts: 77
|
|
I am getting tired of these things. These people have nothing better to do than cause all of us (who do have better things to do) to be concerned with their (poorly coded) worms.
|
| |
|
|
|
09-17-2003, 03:21 PM
|
|
Intellectual
Join Date: Jul 2003
Posts: 221
|
|
Quote:
|
Originally Posted by VanHlebar
Am I correct that these worms do not affect Win98 machines? ops: I know we still have two machines running Win98 ops: The rest of the machines are patched and behind a firewall so hopefully our office is fine
Thanks for the help Ed!
-Eric |
Virgin Win98 installs weren't be affected by the las bout - they didn't have the required functionality that was exploited.
However this was added by various upgrades ( probably Office & Internet Explorer - I can't remember off the top of my head).
As with all secuirty issues, it's always best to assume that you're vulnerable by default. I'm sure we'd all rather spend 30 minutes making sure than risk the next one doing a FORMAT C:\ on your behalf.
|
| |
|
|
|
09-17-2003, 03:23 PM
|
|
Oracle
Join Date: Aug 2006
Posts: 899
|
|
Take active response, don't wait for the next Welchia/Nachi (which incidentally created more problems than it was worth for our network router, but I digress) :mrgreen:
|
| |
|
|
|
09-17-2003, 03:24 PM
|
|
Pontificator
Join Date: Mar 2002
Posts: 1,329
|
|
OS X is looking better and better by the day. Alas I'm in a holding pattern until a 17" G5 PowerBook shows up. *fingers crossed* Next Spring. Then I can run VPC and have the best of both worlds.  Unfortunately that won�t rid me of patches since I still have my server and my desktop.
Also someone posted a ragging on virus writers. Don't just blame the virus writers. I lay blame as follows:
Virus\Worm Writer 50%
Microsoft code: 40%
Users that don't patch: 10%
And with blaming the user I'm being overly generous with 10%. I think it�s asinine to expect users to have to patch their system every two weeks. If for no other reason then that not everyone has a high-speed net connection. I have people coming into the IT department all the time requesting that I burn a CD of SP [whatever is the current version] or the patch of the week. These people spend hours downloading patches.
Also maybe it�s just me but I don't believe there should be such a massive security hole in an OS where it requires the department of homeland insecurity to issue a warning. Insane. Its all insane. :evil:
__________________
PDA History: Palm Pilot 5000 -> Apple Newton 2100 -> Casio E-11 -> iPaq 3650 (64MB Upgrade) -> iPaq 3700 -> Casio EM-500 -> HP Jornada 568 -> HP iPaq hx4705 www.spreadfirefox.com |
| |
|
|
|
09-17-2003, 03:36 PM
|
|
Pontificator
Join Date: Mar 2002
Posts: 1,329
|
|
PS- Have you guys heard about the new Patches for Office? This applies to Office 97, 2000, and XP. Get em while they are hot and non-exploited
__________________
PDA History: Palm Pilot 5000 -> Apple Newton 2100 -> Casio E-11 -> iPaq 3650 (64MB Upgrade) -> iPaq 3700 -> Casio EM-500 -> HP Jornada 568 -> HP iPaq hx4705 www.spreadfirefox.com |
| |
|
|
|
09-17-2003, 03:38 PM
|
|
Contributing Editor Emeritus
Join Date: Aug 2006
Posts: 8,228
|
|
Quote:
|
Originally Posted by Jonathan1
OS X is looking better and better by the day.
|
You only get security by obscurity with OSX.
Take a look at the patches that Mac, RedHat Linux, BSD and all the other OSs have had. They all have patches. The only reason they don't have worms like this is they are such a small percentage of machines and the worms won't spread as fast and far as they will if they are Windows based.
|
| |
|
|
|
09-17-2003, 04:24 PM
|
|
Pontificator
Join Date: Mar 2002
Posts: 1,329
|
|
Quote:
|
Originally Posted by Ed Hansberry
Quote:
|
Originally Posted by Jonathan1
OS X is looking better and better by the day.
|
You only get security by obscurity with OSX.
Take a look at the patches that Mac, RedHat Linux, BSD and all the other OSs have had. They all have patches. The only reason they don't have worms like this is they are such a small percentage of machines and the worms won't spread as fast and far as they will if they are Windows based. |
Does it really matter at this point? The fact is that they don't have any viruses. If it's because they only have a 2% market share or because they use a 10 point font for their OS or if they do the hula every morning before they code it still doesn't matter. Until I see outbreaks as widespread or as automated (Read: can automatically spread from system to system with no user intervention.) I still consider OS X, and *nix a better platform. At this point Windows is more of a necessary evil then anything else. I use it because I have several thousand dollars in software sunk into it. Our company uses it simply because that's what everyone else uses. (That whole monopoly thing again.)
And if you really want to talk about security through obscurity MS practically invented the term. During the antitrust trials they all but admitted that they used this approach to allow some of the functionality of windows to ummm well function. This was the main reason they were so rabid about giving the states the source code to Windows. They didn't go into specifics of where and how for obvious reasons.
At least with OSX you can download the source for Darwin at www.opendarwin.org. We have no idea how many more holes are in Windows. We'll never really know. And honestly do you think MS combs through 10 million lines of code searching for holes or do you think they are focusing on Longhorn at this point?
I see it this way. Apple took an opensource OS that is proven, BSD is about as rock solid as you are going to get. (We have a BSD server sitting in the corner of our computer room that hasn't been touched since I started working here and that was about 5 years ago.) They took a known proven OS and did some tweaking and slapped a GUI on it. Now where do you think they now spend their time focusing on improvements? The core OS? That's opensource. Everyone already works on that. Nope they can spend their time tweaking the GUI and all the underlying tech that OS X is based on. It�s a different design philosophy. Whether or no its a good one is debatable until heck freezes over.
Honestly before Panther I didn�t give OS X a second glance. But patching a medium sized office of 164 systems and trying to track down the users who are out of the office with their laptops and then doing it again within 2 weeks and now more patches for office has a tendency to sour one on the windows eXPerience.
__________________
PDA History: Palm Pilot 5000 -> Apple Newton 2100 -> Casio E-11 -> iPaq 3650 (64MB Upgrade) -> iPaq 3700 -> Casio EM-500 -> HP Jornada 568 -> HP iPaq hx4705 www.spreadfirefox.com |
| |
|
|
|
09-17-2003, 05:46 PM
|
|
Philosopher
Join Date: Jul 2003
Posts: 495
|
|
Does anyone know exactly what information gets sent from your computer to MS every time you run Windows Update?
The current viruses have gotten more and more people to seriously run Windows Update more often, and more people have broadband, which makes it easier.
If Windows Update does collect information, then this is a good time for MS to collect since everyone is running it now.
|
| |
|
|
|
|
|
|
Linear Mode
