Linked by Thom Holwerda on Tue 14th Apr 2009 15:19 UTC
The Conficker worm, which spreads by infecting Windows computers who are not properly kept up-to-date, was supposed to make a big splash on April 1, but that day passed with a deafening silence on the Conficker front. Since then, there has been some movement by the worm, and data gathered from enterprise users of Sophos' Endpoint Assessment Test indicates that 10% of Windows machines have still not been properly patched, leaving them wide open to a Conficker infection.
Thread beginning with comment 358543
To view parent comment, click here.
To read all comments associated with this story, please click here.
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[8]: Comment by kaiwai
by BluenoseJake on Tue 14th Apr 2009 22:40
in reply to "RE[7]: Comment by kaiwai"
Member since:2005-08-11
No, no, no... I cannot agree to this assertion at all. There was a time when Linux distros would ship with lots of services turned on, daemons that were listening for connections from the internet by default and stuff like that but that has been rectified a long time ago. Besides, Linux desktops maybe a smaller target than the huge number than Windows morons out there but there are plenty of Linux servers that, given the chance of them being rooted, would make for a far more attractive target for crackers.
except those servers are run by (I hope) professionals, who know how to harden a linux server, and keep their network clean. Does your grandma know how to configure selinux? how about SSH to disable root logins?
Windows has also lessened it's attack surface, and decreased the amount of services running at install time. IE 7 and 8 are miles above IE 6 security wise. All operating systems move forward, even Windows, it would take a fool not to recognize that Windows XP Sp2 and Vista are not Windows 98. A fool, or perhaps somebody living under a rock.
Hey, track record says that another Conficker will show up sooner or later. Is it MS fault? Perhaps not... But it is disgusting to see each and every Windows hole out there being blamed solely on the user. But that's me.
I'm not blaming the hole on the user, I'm blaming the 10% of all windows machines on the users. The blame for the hole lies with fallible, imperfect programmers. As I've stated, all OS's have holes, but Windows has automatic update. If a Windows box is not being updated, there is only one entity to blame, the person who turned off automatic updates. This isn't a 0-day attack, the fix has been available for almost 6 MONTHS, and was distributed via Automatic updates.
What else do you want? Perhaps a medal for all the idiots who's systems are infected with conficker? Poor users, they are at the mercy of big bad MS, poor dumb bastards.
Except in this case, MS did their job 6 months ago.
Recent Original Stories
Recent Comments
Headlines
Random Comments
Random Stories
Random OS Link
Member since:
2006-01-09
How do you know? The only reason your unpatched debian box will not become part of a botnet is because the total amount of linux desktop users is so small to make it uneconomical for spammers to use it. I posted the links for the different update pages, if you're to lazy to read them and realize that all OS's have buffer overflows, bugs and holes, then too bad for you.
No, no, no... I cannot agree to this assertion at all. There was a time when Linux distros would ship with lots of services turned on, daemons that were listening for connections from the internet by default and stuff like that but that has been rectified a long time ago. Besides, Linux desktops maybe a smaller target than the huge number than Windows morons out there but there are plenty of Linux servers that, given the chance of them being rooted, would make for a far more attractive target for crackers.
You were reading too much in what I said: I didn't mean to imply that Kaiwai's box is unpatched. I think that most OSNews visitors should know better than that. What I meant is that, even if it were, chances that it would become part of a huge botnet would be negligible given that it is not Windows.
They did fix it, in October! Look at those friggin' links, you'll see that all the major desktop operating systems have holes, and they are fixed. This is not MS's fault, they did their job.
Every operating system has holes, you will not see an argument from me there. However, I'd argue that the severity of Windows systems are far higher than the typical hole found on most other operating system these days. It seems as if any hole on MS OSes will let an attacker drive the machine to do anything, no matter what.
10% of all windows users, apparently, what's that? 20,000,000 (I have no idea the real number) machines? They are all are to blame for conficker, everyone. If they kept their machines patched, then it wouldn't have been able to infect any machines, and would have died out. Stop blaming MS for users stupidity, there is more than enough to blame them for, this worm is not one of those things.
This problem with conficker was fixed in october, for gods sake. Oh, but it's MS's fault. Yeah right, whatever.
Hey, track record says that another Conficker will show up sooner or later. Is it MS fault? Perhaps not... But it is disgusting to see each and every Windows hole out there being blamed solely on the user. But that's me.