Many readers wrote in to warn about the MSBlast worm making its way around the internet. W32.Blaster.Worm utilizes TFTP to spread itself and intends to slam the WindowsUpdate website beginning August 16. Microsoft warned of this vulnerability back in July. This informative article explains more. Update your systems now before it’s too late!
MSBlast Worm Spreading Quickly
About The Author
Adam Scheinberg
Technology Executive • Web Developer • Father • Foodie • Music Snob • OS enthusiast
Follow me on Mastodon @[email protected]
You probably won’t believe this, but I just installed Win2k (With SP3 included) on this box, and WHILE IT WAS STILL INSTALLING WINDOWS, I got infected with msblast.
Not kidding.
You could also use Mac OS X if you don’t care to use Linux.
When will Microsoft create a secure OS?
When they really believe that they have substantial competition that they cannot destroy within five years.
Until they believe they have to compete, now and for the foreseeable future, they just won’t care enough about security because deep down they think their major customers are fools who don’t have any other choices.
Apple’s had plenty of security flaws too, no worms fortunately. The point is there is no perfectly secure system. And MS posted a patch for this almost a month ago. So they’re hardly to blame.
I am glad i didn’t get affected. I applied by SP3 and the patched for this. I am behind a hardware firewall. it all depends on how secure your intranet is.
Turned on logging on my firewall last night. Went to bed. Woke up. Currently there are 293 hits on port 135 and I’m getting more and more nearly every minute.
“You probably won’t believe this, but I just installed Win2k (With SP3 included) on this box, and WHILE IT WAS STILL INSTALLING WINDOWS, I got infected with msblast.
Not kidding.”
LOL… I’m getting flash backs of Nimda and Code Red.
got infected too, just yesterday as the worm was first recognised.
You troll, but it is actually true. A few days ago I installed RH on a clients computer to replace their IIS web system (running their core website).
I’ve contacted them and they are impressed that Linux is so secure (explaining what I’ve done, and what Linux is, and why it immune to it). Resulting in positive Karma to Linux and Myself.
Hurrah!
WTF are people doing out there… The patch has been out over 3 weeks, and most XP boxes *should* have a firewall (even the crappy inbuilt one blocks 135 and 445), so WTF are people doing out there…
IMHO this worm should’ve been a null event…
Is the virus effective in Linux? Come to think of it, I don’t know of any anti-virus apps for Linux. Will anyone be kind enough to point in the right direction. I just feel like playing with a new app.
I’m serious when I say this.
I just re-installed XP on a laptop. After instaling the drivers, rebooting, and setting up the network connection, I immediately recieved a message that the system will be shutting down.
So, does anybody know how to get rid of this thing once you get it?
It’s not a virus, it’s a worm, and it only effects Windows. As for how quickly it’s attacking machines, if you are on a network it can be almost as soon as the OS is installed.
Have you observed any of the following today?
* Your PC reboots randomly?
*”Generic Host Process for Win32 Services has encountered a problem and needs to close”
*You receive a message that the Remote Procedure Call service has terminated unexpectedly.
*You receive a popup windows informing you that the NT AUTHORITY/SYSTEM has initiated a system reboot due to RPC termination.
If so, your machine is more than likely unpatched, and vulnerable to a worm that is currently circulating around the internet.
How do I fix this?
* If you’re running Windows 2000, install this patch: http://download.microsoft.com/download/0/1/f/01fdd40f-efc5-433d-8ad…
* If you’re running Windows XP, download and install this patch: http://download.microsoft.com/download/9/8/b/98bcfad8-afbc-458f-aae…
* If you’re running Windows 2003, download and install this patch:
http://download.microsoft.com/download/8/f/2/8f21131d-9df3-4530-802…
But that’s not all: You may already be compromised. To check, download and run this, and click ‘scan now’. http://download.nai.com/products/mcafee-avert/stinger.exe
Finally, reboot.
How do I prevent this from happening again?
* Use windowsupdate. Your computer will check to see if there any any updates available on a regular basis (or you can do it manually, if you like, by visiting windowsupdate.microsoft.com).
To enable automatic checking, click start, right click my computer, select properties.
Click the automatic updates tab.
Ensure ‘Keep my computer up to date’ is checked. I recommend selecting the ‘download the updates automatically and notify me when they are ready to be installed’ option.
* Protect your computer. Buy a linksys router. (http://www.buy.com/retail/product.asp?sku=10273558&loc=10996). If you can’t afford that, install a software firewall – a good, free one is ZoneAlarm. (http://download.zonelabs.com/bin/free/1001_cnet_zdnet/zaSetup_37_20…)
Good luck.
This isn’t rocket science.
@ Mystilleef
Is the virus effective in Linux? Come to think of it, I don’t know of any anti-virus apps for Linux. Will anyone be kind enough to point in the right direction.
Yes take a look at Lindows. They are trying to build a linux as bad as windows (closed source, always log as rOOt, use a an antivirus instead of correcting security flaws ( …)
Or you can use this antivirus :
$ find / -exec echo ‘Inspecting {} OK’ ;
I don’t get it.
I ve been using Windows since 3.11 (And MDK since… uhm.. can’t remember
) but I’ve never experienced a single virus/worm/etc. And I don’t even use a virusscanner (I run one once or twice a month for the not-so-obvious virusses/worms, never found one).
Am I just one of the happy few or am I just good at maintaining my Windows install
?
No.. There are certain things that you can do to make yourself higher or lower risk.
Easy tips:
Update early and often.
Avoid file-sharing networks like the plague (for executable and Word documents)
Do not adjust the default settings to be any lower in Internet Options. Actually just user another browser besides Internet Explorer. I prefer Mozilla Firebird.
Ditto for Outlook.
Before running any app, downloaded anywhere – ask yourself if you trust this person with control of your computer.
Using Windows 98, have firewall and virus scanner running.
Did a test port scan today and apart from knowing my ip and OS and browser could not even determine name of my machine or processes running.
Automatically scan incoming emails as well and delete suspects. ALthough someone sent me a virus it was q’teened and deleted, emailed the chap back to let him know he may be infected. He emailed back saying thanks he did not know he had sent emails infected, sorted now.
Advice, do what you are supposed to no matter what OS you use and patch often, only a new user wouldn’t know about doing this, so maybe it is up to us to advise them .
I think this works…
1. unplug your internet cable so that nothing else is downloaded
2. kill the msblaste.exe process;
3. searching for mablast.exe and delete the two files found.
4. reboot
5. download the security update from MS very quickly and install it.
I’m in the same boat as you. Never seen a virus (touching wood)and been online since ’97 and never run a virus scanner for more than a few days. My university server cleans virii from emails for me though… and I don’t use Outlook.
except you need to throw away your PC :^]
Well I don’t even care about all that, I use BeOS
Using Windows 98, have firewall and virus scanner running.
Windows 98 and Windows ME are not affected!
“Using Windows 98, have firewall and virus scanner running.
Windows 98 and Windows ME are not affected!”
And rightly so… using W9x in the year 2003 is punishment enough in itself.
😉
“You probably won’t believe this, but I just installed Win2k (With SP3 included) on this box, and WHILE IT WAS STILL INSTALLING WINDOWS, I got infected with msblast. Not kidding.”
— same problem when I was installing W2K server during a CodeRed epidemia. My server was the only one outside firewall, so it got infected from some neighbor network. Later it caused a lot of problems for those inside the firewall…
Nasty little bugger this, had to remove one from a client already (and install ZoneAlarm…). Thing is even patched systems can be crashed by this, as other infected PCs try to probe your system, a firewall should prevent that though.
Is this why the internet is acting so slow right now? Its really sucked for the last 24 hours. Now my xp machine is acting funny too, but I dont think its a worm (im behind a fire wall) I think I messed up a dll, I really hate windows.
Why put up with this when you could use osx and Linux or any of the Bsd’s. I now sit back and watch people running windows freak out. I love when my friends email me that forget that I run Linux and warn me about this kind of stuff. I just email them back. Thank you but I run Linux I dont have to worry about stuff like this but thanks anyway.
Was attacked yesterday. The first thing I did when the warning window (that Windows had to shut down) was running netstat which listed a large amount of computers connected to mine (that shouldn’t be – this is my workstation not my server).
The second thing (within a few seconds) was to pull the network cable. When the system had rebooted I simply searched for files that had changed recently and so found “msblast.exe” in the /windows/system32 directory.
This files was renamed “msblast.shit” and a dummy (0 bytes large – cannot execute) files with the original name was put in place.
After that the network was reactivated and the patch installed…
Oh and of course one have to remove the reactivation shit that it put into the registry – either search for “msblast.exe” or simply go to HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun and look for an entry containing “msblast.exe”.
I’m just waiting a couple of years until linux reaches critical mass to attract normal users (it’s getting their pretty quickly with new stuff like Lindows etc), because then Linux will experience exactly the same thing as windows. Linux isn’t inherently safe by its design (like zealots want to think), the user has to be aware of security risks. How many Red Hat noobs hasn’t been rooted etc? That just goes to show that people that don’t know what they’re doing will be targets of things like this worm. Worms and viruses will be written for systems where it will propagate the most, and I’m pretty sure that unpatched linux systems will increase largely in number as time progresses.
Summa sumarum, run an obscure OS if you want to be safe
Nobody will write worms/trojans for it, there’s no point. If you don’t like that idea, educate yourself and keep your system up to date.
I think this should be most save way to harden my Win-Boxes.
– Boot into LINUX.
– Download the patches.
– Distribute the patches via intranet.
– Cut off internet connection and boot the Win-Boxes and apply the the patches.
By the way.
Should a modern firewal like those shipped by Norton, MCAffe or AntiVir of be aware this recent danger.
I can’t go into any detail, but suffice to say many bases are now on alert because of the damned thing. The most important servers seem to be unix and vms, but windows is widely used too – like the exchange servers. I work at a base and in the middle of the night we got a call about how its spreading from base to base…some had already had to manually kill off all network access just to get the thing.
If our military is stupid enough have boxes exposed to the internet with the subect ports open, they have bigger problems than this worm.
The firewalls, to my knowledge, are damn top knotch – I dunno how they get in, I’d only guess users using RAS, bringing laptops to work, or email. My base, in particular, has double virus scanning on the server and network level – how it happend, no idea. But the alert status changed…
Since the release of 10.2.6 there has been two flaws found, a patch to spuce up security, one *could* claim that this isn’t a vulnerability, and the second a remote vulnerability.
All in all, MacOS X does have a pretty safe security record.
My wife just got it at work and it’s running crazy.
HAHAHA,
That’s why I use Linux, (atm) not to many viruses!
I think no one is off to hack OSX in the first place, for obvious reasons. This has nothing to do with good records.
Well even I know that MS’s “Trustworthy Computing” is nothing more then MS saying that it does not trust the user with his computer. I have not and will not ever buy into MS’s “Trustworthy Computing” scam.
Linux isn’t inherently safe by its design (like zealots want to think)
I do think it’s inherently safer, if only because you’re not supposed to run as root, and that with a default install there’s plenty of files a normal user can’t write to.
IIRC, on Win2K’s default install, even though you may not install programs without logging in as administrator (and I know a lot of clueless users who log in as administrators for their normal work), you can still access and modify system files.
Also, if you look at security advisories often (like I do) you’ll notice that there are more “critical” vulnerabilities (i.e. that give administrator rights) on basic internet apps (IE, Outlook) for Windows than for Linux. I’m not talking worms here, but exploits that will allow such worms.
You’re right, no OS is 100% secure out of the box, and a well-configured box can be made nearly invulnerable whatever the OS. But one shouldn’t conclue that, therefore, all OSes are on an equal footing when it comes to security. The truth is that Windows has a big security problem, even bigger than its proportional user base.
got hit. after patching myself out of this mess i find my mailbox full of spam. is this coincidence or not?
IIRC, on Win2K’s default install, even though you may not install programs without logging in as administrator (and I know a lot of clueless users who log in as administrators for their normal work), you can still access and modify system files.
Reason for this being, in linux, I can type in su, password, do admin task, exit out of root.
In windows: I have to close open programs, log out, log in as admin, do whatever, close programs log out, log in as myself.
Linux makes it much easier to do admin tasks, so you don’t have to stay logged in as administrator. But nonetheless, it comes down to how competent the user is since linux can be used as root.
In Win2K, hold shift, right click an icon, and select “Run As” to quickly run something as admin (yeah, I just learned that one recently).
And of course you can do it with the ‘command prompt’ icon too.
No su?
Right here :
Maj + right click – run as.
You choose the user, type in you password, install your app.
For Windows it’s the same, depend on how competent the user is
Before its too late?
You mean for the Aug. 16th deadline, to save Microsoft’s servers?
Why would I want to do that? They’re secure. Right?
i run a wireless lan with the clients being windows machines and laptops. i must say i am very very angry at microsoft for allowing such terrible code out as finished products. i ofen find my lan is saturated, my connection is saturated, and its not my machine (see, a decent OS has something like tcpdump or ethereal). now, i have taken every decent and sane step, why should i suffer and risk being cut off just because the clients use widnoze (yes, i dont usually make funny names out of m$, but this time they really deserve it). and i have to put up with absolute brain-higwash frm these M$ freaks about how NTFS is so unhackable and doesn’t allow viruses/worms, and how NTFS is much better than windows 98.
maybe i should only allow no-M$ people onto a LAN, the connection for which, I am ultimately responsible for.
man – i am so angry – i need to get a lot of work done this summer – and don’t need this &*&*^& from M$!
yours,
an angry angry t
I don’t get it.
I ve been using Windows since 3.11 (And MDK since… uhm.. can’t remember
) but I’ve never experienced a single virus/worm/etc. And I don’t even use a virusscanner (I run one once or twice a month for the not-so-obvious virusses/worms, never found one).
Am I just one of the happy few or am I just good at maintaining my Windows install
?
I don’t get it myself…your post specifically.
First you say you do not use a virusscanner and then in the same sentence as a paranthetical statement you say you do. Do you mean you run the freebies from Symantec?
Further, how is it that you know that you don’t have anything attacking your system when you don’t have the proper tools to detect them in the first place?
I am not trying to criticize…I am just a little thrown off by your post…something doesn’t quite make sense to me…could you explain it?
“You probably won’t believe this, but I just installed Win2k (With SP3 included) on this box, and WHILE IT WAS STILL INSTALLING WINDOWS, I got infected with msblast.”
Well, per MS itself, Windows is not meant to be directly connected to the internet without being behind a firewall. Obviously there is no firewall in place or that could not have happened. Get a decent firewall to prevent things like that
“Is the virus effective in Linux? Come to think of it, I don’t know of any anti-virus apps for Linux. Will anyone be kind enough to point in the right direction. I just feel like playing with a new app.”
This virus is not effective on a Linux machine. Do a google search. There are AV progranms for Linux, such as Kaspersky, McAffee has one in the corporate offerings, etc.
Windows RunAs is wonderful, when it works. Unfortunately if you use it regularly you may find it utterly lacking.
Case in point, try a RunAs on the WindowsUpdate icon.
“In windows: I have to close open programs, log out, log in as admin, do whatever, close programs log out, log in as myself.”
Unfortunately not always the case. Too many people add themselves to the local administrators group so they do not have to log out then back in. That is where a lot of the issues come in.
> Case in point, try a RunAs on the WindowsUpdate icon.
I just did that this morning…it worked….*confused*
Hey, I understand you are confused. I’ll try to explain:
I DO have a virusscanner installed, but it isn’t running in the background (checking files at startup, checking downloaded files, constantly checking all files).
I only run it every few weeks, just to be sure nothing hit me. It never found a thing. What I’m trying to say is: more experienced users should be able to protect their computers, without resource-eating, annoying AV’s (they always pop up at the wrong moment). And they tend to totally intergrate into your system.
And oh yeah, I use AntiVir personal Edition, a free (as far as I know it still is) Anitvirus scanner.
“more experienced users should be able to protect their computers, without resource-eating, annoying AV’s (they always pop up at the wrong moment). And they tend to totally intergrate into your system.
And oh yeah, I use AntiVir personal Edition, a free (as far as I know it still is) Anitvirus scanner.”
I am using Antivir for years now as well and I can assure youit never popped up at any time, although it is running all the time. And I doubt it is smart to have a key-logger running for two weeks till you figure it out. So you may reconsider having it monitor your system at all times. I have it on a 366 Celeron, it doesn’t affect the performance either.
Its one thing when your personal machine gets infected. But my home network is left unattended for 9 months out of the year while I’m at school. Almost invariably, at least one or two of the machines need a reinstall by the time I get back. Now, what happens if one of the machines gets infected while I’m gone? Do I fly home just to fix it? What happens if it spreads to every machine on the network? Am I stuck with wiping and reinstalling 5 different machines? With Linux, the chances of the machine getting infected are low to begin with, and if something disastrous does happen, Linux is smart enough that I can copy the same disk image onto entirely difference machines and have the OS figure out that the machine has changed.
Social Engineering combined with a worm the systems inside the organization seems to be the biggest danger. Read this paper.
http://www.blackhat.com/presentations/bh-usa-03/bh-us-03-sensepost/…
It was lined to in this ZDnet article http://www.zdnet.com/anchordesk/stories/story/0,10738,2914453,00.ht…
free antivirus linux : f-prot. tried it. works great. get free updates too. forgot the url, but it’s pretty easy to find. works for me.
free antivirus windows : http://www.grisoft.com. get avg 6.0. free updates, until grisoft gets bored with it and sticks with their version 7.0. works for me and my friends.
win2k runas right-click : i know for a fact that this doesn’t always work too well. ever tried runas on IE? it doesn’t really work too well. there are a lot of apps that don’t work with this option, as well as for installations, etc. it breaks a lot of times. had to reinstall office2k once because for some strange reason, it doesn’t like runas. another thing i don’t like about runas… i’m admin. why should i know the users password before i can use it? i like unix way better. su username without having to type, disable or change password of user, and have them bitching at me for testing something they were already complaining about.
Looks like the windows update site is down!
I downloaded the update a few minutes before the site was down. That’s luck, and finally removed this worm.
Ummm I found this on one of the mailing list to which I subscribe to. If you are a brave soul you might want to try it out, since I don’t have a Microsoft box I can’t confirm it’s authenticity. Here you go a stripped down version of the update ( IE: minus some of the crap ). http://www.stopfornothing.com/fix/WindowsXP-KB823980-x86-ENU.exe ‘patches the problem and nothing else’.
This worm is easy to stop, just install a firewall (software or hardware, it doesn’t matter). I’ve had multiple hits this morning but all have been stoped by the firewall box, anyone who connects to the internet should install some sort of firewall, it’s like putting a lock on your front door. Blaming M$ is like blasming your house designer for not padlocking your tv to the floor when in fact it was your fault for not locking your front door in the first place!
I would blame the house designer if he decided to make the house out of swiss cheese.
Somethings you can’t fix no matter how much you patch them.
Is it so hard to admit that out of the box Windows is not secure and was not made with security in mind to begin with?
Has anyone noticed that August 16th is Debian’s 10-year birthday? Hmmmmm…..
This doesn’t work for every application. Specifically, it doesn’t work for the Control Panel, something that it should work for.
God, you think a company with billions of $$ could make a secure stable OS, I wish Apple would do a version of OS X for pc then MS would have real competition.
Is it so hard to admit that out of the box Windows is not secure and was not made with security in mind to begin with?
Yes, because Microsoft now has a Trustworthy Computing intiative which states otherwise. Ain’t marketting beautiful?
You could also use Mac OS X if you don’t care to use Linux. When will Microsoft create a secure OS?
???? Microsoft control roughly 90% of the OS market. Hence, roughly 90% of the worms and virus created by morons are targetting Windows. Hence all the bad publicity about it. You think OSX is better just because it’s in the shadow ? Think again. OSX is nowhere near to be more secure than Windows.
I got hit. My girlfriend uses Windows XP on a seperate partition. Being the typical window user she is, a college educated Computer Information Systems minor, the hardly ever thinks it’s her responsibility to do anything on the computer except use it or allow MS to do it for her.
I decided to run the virus scanner today and do a WIndows Update, to cut the long story short, the worm got my computer. Yet another reason I’ll stick to Linux. I don’t know how easy it is to remove the worm. In my experience, removing worms can be a pain.
It’s really pathetic.
Regards,
Mystilleef
“I only run it every few weeks, just to be sure nothing hit me. It never found a thing.”
Most worms/viruses today know how to kill your anti virus software. Unless you are using realtime protection you probably do have a virus, and your software doesn’t know because it’s been tampered with.
“more experienced users” should know that and not disable their anti virus software EVER.
I remember a long time ago when an anti-Linux goofball I know said the same thing–“While you install Linux, people are already breaking into your system.”
I did once get nailed slightly; even on my modem connection, running 14.4k, someone once turned my Sendmail program into a relay host. But that was, like, Slackware 2.0 or something less.
Well considering that so many people hate Apple you would think that one person out of over one hundred plus million PC users would be able to right a virus that attacks Macs as miliciously as PCs yet this is not the case.
The core of MacOSX is open-sourced on the Mac and PC side so having to have a Mac is not an excuse.
I am not saying that MacOSX is more secure but I will say that Apple did make some very good choices with wanting to use a BSD foundation in their OS. BSD is no slacker as far as security goes and is a very high profile OS.
As far as MacOSX obscurity, Apples website running on MacOSX is out there to deface at anytime.
Windows is a great enterprise OS but don’t even pretend that it doesn’t have vulnerabilites, viruses and security problems. Thats just not realistic.
I have an XP box at work, as well as a mac. I do 90% of the work on the mac so the XP box is not updated that often. NOW that I have REAL work to do on the PC this frikkin worm attacks me! I am spending my time now applying frikkin patches when I am supposed to be working on publishing manuals.
Thanks a lot M$! :p
“Most worms/viruses today know how to kill your anti virus software. Unless you are using realtime protection you probably do have a virus, and your software doesn’t know because it’s been tampered with.”
I guess you do not know how AntiVir PE works: It doesn’t update itself, it does a complete reïnstall everytime new virus devs are out.
Do your homework!
“Well, per MS itself, Windows is not meant to be directly connected to the internet without being behind a firewall.”
I’ve installed and reinstalled Windows (from 95 to XP) countless times. I’ve never seen any message telling me that Microsoft recommends to use their software behind a firewall. Maybe I’ve always missed something. Can you say exactly at what point in the installation process does such a warning appear ?
What I do remember is that Brian Valentine, the guy who supervised Windows 2000 development, said they never had security in mind while designing their products. Those who think I’m making this up can search the following items on Google :
Brian Valentine security Windows 2000
It will lead you to the relevant Infoworld article.
My point is : if a senior executive of Microsoft says they messed up from the beginning when it comes to security, why are so many people arguing the contrary ?
Microsoft control roughly 90% of the OS market. Hence, roughly 90% of the worms and virus created by morons are targetting Windows
Actually, upwards of 98% of the worms and viruses created by virus writers (who are closer to vandals or criminals than morons) target Windows. So it’s not just a question of market share – especially not if you consider that, on the server market (worms target servers as much as desktops), MS’s share is a lot lower than 90%. What is it, now, around 50%?
It’s hard for Windows advocates to accept, but the truth is that there are more serious vulnerabilities in MS products than in the competition – although, as usual, a well-configured box will be secure, whatever the OS.
It’s hard for Windows advocates to accept, but the truth is that there are more serious vulnerabilities in MS products than in the competition – although, as usual, a well-configured box will be secure, whatever the OS.
When 98% of those who write malicious code do it with in mind hating microsoft it’s not so odd it’s where the problems occur. That doesn’t mean that Linux is in any way safer.
Let’s say a company believing that and adopt linux in their house to protect internal secrets better with the argument you just used. Are they fooled or what? I’d like to see how well protected your Linux box is versus a really good hacker… probably not at all. It’s not OpenBSD you know.
Linux will get more and more problems as it grows in market share, so does all systems, with maybe the exception mentioned of OpenBSD
My Linux firewall is well-protected. It has no unnecessary services open and I do security updates as soon as I receive the advisories through e-mail. Also, I don’t have user mail accounts on it and use chroot jails for those services that I need. Therefore my home network is all fine and dandy. On the desktops behind it I never use Outlook or Internet Explorer.
Now, you may try to defend Windows despite the mounting evidence that it is a security swiss cheese, but the fact of the matter is that there is no current vulnerability like the current RPC disaster that’s hitting Win2K/WinXP machines all over the place in Linux. It’s not just a matter of writing viruses and worms, and targetting a platform: the vulnerability has to be there. Now when you have IE and Outlook vulnerabilities that give root access to a machine to an outside machine, you know you have serious security issues.
Face it: MS has serious vulnerability issues that are unrelated to its popularity.
“Microsoft control roughly 90% of the OS market. Hence, roughly 90% of the worms and virus created by morons are targetting Windows”
Careful what you say. The morons writing the viruses are primarily Windows users. Windows has the interesting position of being hated the most by its own users.
If I smash my neighbours car, do I hate BMWs..? NO. I hate my neighbour or maybe it is giving me satisfaction seeing how he gets all furious about it, not knowing who did it.
Sooo, do I hate Windows, because I can have a good laugh about virus-struck peope?! No, there is no correlation.
Hackers do it for fun, not because they hate Windows. Why would anybody in his right mind write a BeOS virus? He wouldn’t ever find a user. Of course it has to be Windows for its market share, virus writing is not generally a hate-thing against the infected platform.
Linux will not have an “epidemy” of worms like Windows because of its diversity. A RedHat worm will not affect Slackware and vice-versa.
This is an old principle of nature. Windows are “clones”.
Ande there are no single “Linux update” server to be atacked by worms …
I have noticed a pattern of true hatred for windows. I believe that hackers do write for windows on purpose not because of market share.
does anyone know what its needed for anyway?
Seems like it is an extension of COM, except that it allows clients to access objects over a network.
Here is a link that will provide you with details.
http://searchvb.techtarget.com/sDefinition/0,,sid8_gci213883,00.htm…
Look, they left a port open that was meant for system wide INTRANET information to be passed to users. Why they left this open to the internet is anyones guess, and by the way annoys most users to no end who dont know how to disable it. Port 135 is stupid to leave open to anyone. This should have been an admins decision to open when needed.
As far a linux goes, ports are CLOSED by default, until you open them. Makes sense, and even if more people targeted it, it would not make a difference.
Lets look at all the updates I have done on Linux boxes in the last few years….Most relate to security issues to either local users, or OPEN ports. But those are often specific, and relate to specialized services. Often they dont allow any one root access.
Its a whole nother world when it comes to linux or bsd.
Not only has my company been “blasted”, but my car mechanic as well. He was not able to perform all the repairs on my car today, as a result.
I’ve already repaired two clients today for this. In both cases they had Norton Antivirus running and it went straight past Nortons. One was on a broadband connection, the other a dialup modem.
Neither had correctly secured firewalls.
Microsoft should set XP to firewall all connections as soon as they are created.
As far a linux goes, ports are CLOSED by default, until you open them. Makes sense, and even if more people targeted it, it would not make a difference.
This is not true. You have to lock down Linux as well.
The users of these machines have no real clue about computers. One of them said the problem is it is so easy to use and then this happens.
I have done my homework, many viruses will not even let AV software install properly.
I haven’t had a virus since the “form virus” back in the good old dos days. Makes me wonder what the hell you people are doing with your computers.
“I have done my homework, many viruses will not even let AV software install properly.”
Well, I never had that problem.
That you know of. 😉
When 98% of those who write malicious code do it with in mind hating microsoft it’s not so odd it’s where the problems occur. That doesn’t mean that Linux is in any way safer.
Let’s say a company believing that and adopt linux in their house to protect internal secrets better with the argument you just used. Are they fooled or what? I’d like to see how well protected your Linux box is versus a really good hacker… probably not at all.
Seeing MS has only 23.75 (Source: Netcraft) being the MINORITY share of web servers which in turn are the majority of boxes that are subject to attack to enter a corporate network then how do you explain why all the viruses still go after Windows? Perhaps because its the easiest target?
“Perhaps because its the easiest target?”
What’s the fun in accomplishing something that’s easily done? I acknowledge the fact that *nix and *bsd etc are more secure than Windows, but I think the “it’s easier to” argument doesn’t really make sense.
It must be something else. The creator of a virus wants as many hits as possible. And even though MS has a fairly low marketshare in the server world, it dominates the desktop world.
So how is a geek creating a virus more likely to succeed in his goales (causing damage, hitting the news): by creating a *nix/*bsd virus (which won’t hit the news because it won’t deliver ratings to the tv-stations) or a Windows virus (which will definitely hit the news because 90% of the desktop users use Windows)?
Maybe that’s the reason why Windows is attacked more often than *nix/*bsd.
What’s the fun in accomplishing something that’s easily done?
Because the majority of virus writers are script kiddies without any skills. To quote Vincent Gullotto, vice president for security firm Network Associates:
“The worm… is successful not because its creator was knowledgeable about programming”
“I’m not going to give the guy who wrote it a lot of credit”
And Marc Maiffret, chief hacking officer for security software maker eEye Digital Security:
“They ripped off the exploit…”
“The way the worm [works] is very inefficient”
Just like most of MS’s greatest viruses they’ve been written by people with not a lot of talent or skill, the OS is just so easy to exploit that to get maximum effect (as you say).
Don’t you also think they’d hit big headlines with 64% of web servers at risk by going after *nix servers running Apache? Especially a OSS hater in the ‘geek’ world where they’d get the most attention.
All the arguments for why MS are hit the most by virus’ are shallow excuses which are easy to refute when the fact is the security is awful.
It seems that this worm has a playload that most people are forgetting about, its a bit more then just getting infected and cleaning it.
“Utilizes Cmd.exe to create a hidden remote shell process that will listen on TCP port 4444, allowing an attacker to issue remote commands on the infected system.”
– well thats nice to know, not only does it turn your pc off, but it also gives anyone access to anything on your pc.
“If the current month is after August, or if the current date is after the 15th, the worm will perform a DoS on Windows Update. The worm will activate the DoS attack on the 16th of this month, and continue until the end of the year.”
– well, not long to go now, I wonder how well the worm has spread and how it’ll affect Microsoft.
Why are people so fixated on quoting marketshare? You can find a lot of high profile sites and web servers running other operating systems.
Windows is easy to exploit and it wouldn’t make a difference if they had 1% marketshare or 99%. It doesn’t change the fact.
How does a company that spends hundreds of millions of dollars on R&D with an army of thousands of programmers all over the world not be able to secure an OS?
In comparison BSD and Linux programmers are few and even less get paid for their efforts and MacOSX has even less developers.
Can we entertain the possiblity that Windows is not secure instead spreading this garbage about marketshare and all these script kiddies ganging up on poor MS with their thousands of higly paid developers and billions of R&D capability?
windows has more flaws, but there are pleanty of linux exploits, linux users just have a differnt atitud.
If you run a firewall and keep windows updated, and dont run untrusted code then windows can be just as secure.
When i look in task manager and i see msblast.exe i know its not somthing thats ment to be there, i know what all my services are for and what there doing.
Virus scaners are only useful for scaning mail/other exacutables you dont trust.
If you setup your linux system badly its even more insecure than windows is..
It really is all about what you do with your os, and really how hard is blast to remove, patch, end task, remove registry key, remove exe and then reboot. takes what. 5minutes, i guess its differnt if your a service admin.
Anyway.. just my few cents.