<a href="http://www.msnbc.msn.com/id/4890780/">http://www.msnbc.msn.com/id/4890780/</a><br /><br />Please check and make sure your system has been updated for the latest security patches, and tell your friends and family members to run Windows Update and verify that all critical patches have been installed. The new Sasser worm is making its way around the internet and requires nothing more than you being online to catch it. It does not spread via email.<br /><br /><img src="http://www.pocketpcthoughts.com/images/hansberry/redalert.gif" /><br /><br />"If you haven't patched, it's going to find you. It's just a matter of of time," said Sharon Ruckman, Senior Director of Security Response at Symantec Corp. Some indicators show the virus actually impacting the overall performance of the Internet as well. Keynote Systems Inc., which monitors Internet performance, said there was a noticeable downgrade in performance of Internet routers on Tuesday. It wasn't enough to slow down Web page browsers, said Kirsten Husak, consulting manager with Keynote, but it might interfere with streaming video or voice over IP traffic."<br /><br />Ok, you can now post the obligatory rants on XP, security and other irrelevant academia on the matter. :wink:

Thanks for the warning Ed!

Now for the rant!

RANT RANT RANT RANT bloody Microsoft!!! :bad-words: RANT RANT RANT Lack of Security! :bad-words: RANT RANT RANT useless OS! :bad-words: RANT RANT RANT time to switch to Linux!!!

:wink:

:treadmill:

:rofl:

I am patched. I was late about it but I did update the patches before the brunt of Sasser got to the states. I did not get it probably because I also am Natted and have firewall software. Patching does prevent it, but if your a bit slow, at getting these done, a good combo of a software firewall/hardware firewall/Antivirus Program(with auto refreshing of the signature data) will help. That and Roadrunner seems to have their act together on scanning for these things either on the mail server or on the network.

Call me confused, but its my understanding Sasser is a variant of Blaster, right? If so, if we're patched for Blaster, why do we need to patch for Sasser? Again, I'm admiting confusion here :? Thanks.

Being more computer literate than most of my friends/family/neighbors, I often get called upon to fix their computer problems caused by viri, etc. I really get tired of fixing things an ounce of security would prevent. But so many people have no idea what they should be doing, so they do nothing. So, I made this webpage.

www.nettally.com/gohlke/sec.html

It is what I call security for dummies. It is written to be very simple on purpose, so there is not really an explanation of why they should do this things, since most people don't want to know the why anyway.

Dang.... I forgot that's a problem when running Windows... oh well... I just finished setting up Windows Update to install all critical updates at night...

I generally leave patches a day or two to check if anyone has any issues with it, then patch away. So, already fully patched! 8)

just curious...does running a software firewall like ZoneAlarm on an unpatched Win2k box stop Sasser?

Nevermind...found the answer :)

http://download.zonelabs.com/bin/free/securityAlert/11.html

I just finished setting up Windows Update to install all critical updates at night...

Thank you, I didn't know that was possible. For others who weren't aware, it's in Control Panel->System->Automatic Updates tab. That's on an XP. On W2K, Control Panel->Automatic Updates.

Call me confused, but its my understanding Sasser is a variant of Blaster, right? If so, if we're patched for Blaster, why do we need to patch for Sasser? Again, I'm admiting confusion here :? Thanks.
Nope. Totally different. The only reason they are confused is the media is comparing the delivery method - meaning you just have to be online.

Saying you are patched for one so the other is also good is like saying "but I am patched for Netsky, you mean I have to patch for Swen too?" :mrgreen:

Just what I needed at work....2 hours extra babysitting crying professors during finals week that we continually remind to say Ok whenever the new update is ready to install. Now, compatibility be dammed I just set their PC's to auto download and install patches.

And the ZoneAlarm fix was not made for PC illeterate ppl. I removed a sasser form a friend running ZA yesterday.


All this S(*& for bragging rights. We should let Saddam Hussein free and give him the job of white collar crime castration, esp geeks!

I admit that M$ Windoz is holier than any religion itself, but they're only half the blame.

Now.... back to studying for Physics finals........... :|

Thank god for SUS. We implemented it in early Feb nation wide. That coupled with a in-house patch scanning utility has made my life drastically easier. I have 3 systems left to patch. 1 system with 04-11 and 2 systems with 04-12. Still trying to figure out why the systems never downloaded the patches but 3 out of several hundred is a heck of a lot easier to deal with then sneakerneting around to every system to check that the install occurred through a script. Now if MS would only get this new version of SUS out that can do Office and other MS product updates my hellish life in patch purgatory will be over. :D

Oh and what is the deal with MS dropping the ball with the release date of SP2 for XP?

PS- UPDATE YOUR OS X SYSTEM NOW! NOW NOW NOW!!! Before its too late!! ;)

http://www.apple.com/support/downloads/securityupdate_2004-05-03_(10_3_3_Client).html

Oh wait. No one cares about decimating Apple. Never mind ;)

PS- UPDATE YOUR OS X SYSTEM NOW! NOW NOW NOW!!! Before its too late!! ;)

http://www.apple.com/support/downloads/securityupdate_2004-05-03_(10_3_3_Client).html

Oh wait. No one cares about decimating Apple. Never mind ;)

And I like it that way...

I already updated my laptop. This seems like a really nasty one. My internet speeds have slowed to a crawl and sometimes the connection drops completely! Very annoying.

my speeds have been fantastic for the last 3 or 4 days ! perhaps many scared people have taken their machines offline completely !

A friend of mine recently brought a machine infected with this to me for repair, but it had @least 2 other viri/worms that need removal.

I am a little confused. How can this "virus" infect a system without executing some program or piece of code? I can understand it scanning for open ports but if one is behind a firewall what's the danger? Any links on how it works?

- Me

I am a little confused. How can this "virus" infect a system without executing some program or piece of code? I can understand it scanning for open ports but if one is behind a firewall what's the danger? Any links on how it works?
See http://www.linuxworld.com/story/33998.htm for buffer overruns. That is what Sasser is. No user intervention required, just like Blaster and Slammer.

I am a little confused. How can this "virus" infect a system without executing some program or piece of code? I can understand it scanning for open ports but if one is behind a firewall what's the danger? Any links on how it works?
Addendum on what Ed said: it "injects" code through a software bug in the LSASS.EXE process, which listens for network connections by default.

If you're firewalled, you might not get hacked immediately -- but be careful, as if an infected machine (say, laptop) gets "behind" the firewall you'd be in huge trouble.

(If you have the built-in XP firewall turned on, it'll most likely mitigate the situation somewhat -- but you should still do a Windows Update ASAP!)

--janak

Agreed, that was how my friend got infected, Patch NOW! if you haven't already done so.

You may need to run the removal too if you see errors in the Lass.exe or you PC has suddenly started spontaneously rebooting. If it has been doing this for sometime now, it may be hardware related if there is no error message. (my last PC had this issue because I wanted to run one less fan than was safe)