Sasser Virus

egan007

Originally posted by ColmOT [MSFT]
Gillo, this is probably a case of 'the pot calling the kettle black', but Apple OSs aren't without vulnerabilities either...

http://docs.info.apple.com/article.html?artnum=61798

'let he who has not sinned case the first stone'!

I work on solaris
*throws stone*

ColmOT [MSFT]

hehe - yeah - Solaris is nice....I've got it at home as well...

*catches stone - saves it for later*

smoke.me.a.kipper

Originally posted by Cabaal
I don't even have to do that
Loads of people ringing work with it
If there lucky I'll do shutdown -a and give em ms site
otherwise VENDORRR!!!

music to my ears when someone says there pc keeps shutting down. btw, i think vendor is fast becoming my favourite word!

Cake Fiend

Originally posted by RicardoSmith
The reason MS gets hit so often with virus'es is because its the most popular and its the most popular because its an easy system to develop, which also makes it the easiest to develop virus for.

Right, so it's got nothing to do with the inherent insecurity of MS operating systems then? If Linux were to become as popular as Windows XP, do you believe there would be as many successful viral attacks against it?

Oh dear, we're getting awfully off-topic here.

seamus

Originally posted by Sico
Right, so it's got nothing to do with the inherent insecurity of MS operating systems then? If Linux were to become as popular as Windows XP, do you believe there would be as many successful viral attacks against it?

Oh dear, we're getting awfully off-topic here.

Who's to say Sico, that if Linux were a privately-developed OS, owned by a monopolistic company, that there wouldn't be as many successful attacks on it?

We may never know.

ando

Originally posted by seamus
The patches we've been rolling out are causing more hassle than the worm itself.

I applied that ms patch today on about 30 pcs, 2 of them didnt come back up... and just my luck one of them was the MD's

RicardoSmith

Originally posted by Sico
Right, so it's got nothing to do with the inherent insecurity of MS operating systems then? If Linux were to become as popular as Windows XP, do you believe there would be as many successful viral attacks against it?

Oh dear, we're getting awfully off-topic here.

Your comparing a square against an circle. Different beasts with different problems.

RicardoSmith

Originally posted by ando
I applied that ms patch today on about 30 pcs, 2 of them didnt come back up... and just my luck one of them was the MD's

Isn't that always the way

Jorinn

Originally posted by ColmOT [MSFT]
AU & Firewall are turned on by default in XP SP2, as is a popup-blocker.

And to your other comment...I'm not brainwashed, I just understand software development and the fact that Windows isn't the only OS with bugs. Someone else is allowed to post a 'tongue-in-cheek' comment, and I can't? Where is your reasoning to this?

You should get yourself a commercial interaction forum.

Cake Fiend

Originally posted by RicardoSmith
Your comparing a square against an circle. Different beasts with different problems.

Eh? Not sure what that's supposed to mean. If MS had put in the effort, they could have made XP a more secure OS, without sacrificing its ease of development. They didn't. Linux works in a far more secure fashion out of the box, even as a desktop OS. I don't see the problem in comparing these two operating systems, aside from the fact that Windows is currently more widespread among desktop users than Linux.

Originally posted by ColmOT [MSFT]
Someone else is allowed to post a 'tongue-in-cheek' comment, and I can't? Where is your reasoning to this?

Fair enough, I jumped the gun on this one a bit (I have a lack of patience for MS fanboys). But it does grate when someone compares a mountain of MS patches to a molehill of Apple updates. It just smacked a bit of a desperate ditch to change the focus of attention. As Emboss posted:

there's a handfull of fixes there over TWO years for 9 and OS X and the majority of the fixes are for 3rd party software and not the base OS.

Colm, any chance of a figure for the number of critical and/or security updates that have been released so far for XP?

RicardoSmith

Does linux have dll's, com, ocx, ActiveX, VBA, VB, .net etc. Does it even have anything similar? Does i have anything like VBA or Office from a Development point of view? No. Thats fundamental to understanding how different these OS are.

You're only focusing on it from the end user experience. Thats the tip of a large iceberg.

Emboss

Colm, any chance of a figure for the number of critical and/or security updates that have been released so far for XP?

hehehe

While you're at it, check and see how good MS's own staff are at applying these patches.

get the stats for the amount of ports shut down by netsec since slammer......

I could do with a laugh

leeroybrown

I'm not a Microsoft fan but in fairness to them their security is slowly improving over time, mainly due to a major requirement from their big customers for it.

Still, the big gripes I have with Microsoft security are:

- A large percentage of problems are remotely exploitable (Blaster and Sasser being examples)
- When exploited these problems generally expose the entire OS, filesystem and all applications on it to the attacker.
- Most of these problems require a reboot to complete the reinstallation.

I average a minimum of one security related reboot a week on my XP desktop at work (which doesn't have many exploitable apps/servers installed).

Conversely, I'm involved in administering some Linux (debian) servers with large user bases and a lot of server processes running. These have required ~5 security related reboots in the past 12 months. None of these were directly remotely exploitable either.

Every other update could be done live with a ~5 second downtime on individual server processes to restart daemons with the patched code in place. For example, the most recent update required was for the 'exim' mailserver which is a package specific patch in the same way Exchange patches would be.

Originally posted by leeroybrown
Theres nothing like having to schedule downtime for all your production windows servers in one afternoon to get an IT support group running around the place looking worried.

I shouldn't have tempted fate. Talking to a colleague who was involved in the patching roll out, it appears that a couple of the first batch (production servers) to be done failed to boot up after the post patch reboot and patching the rest was consequently postponed.

D

Apparently some german teenager has been arrested and charged for the creation of the sasser

kaimera

yip. a german teen caught and questioned for about the sasser.

speaking of which, thank frick I got my Norton updates fairly rapidly becos it has caught and deleted sasser 5 times and counting since I've been online in the last 15 mins

secret_squirrel

Originally posted by Kaimera
speaking of which, thank frick I got my Norton updates fairly rapidly becos it has caught and deleted sasser 5 times and counting since I've been online in the last 15 mins

Then maybe you should get a software firewall? Or atleast turn on the one build into winxp if you're using XP.

Nick_oliveri

Anyone know how to scan the automatic updates that have been downloaded and not installed? I keep putting it off for three days cus it keeps downloading the same stupid sh!t. Dont want sasser or any other little fockers coming through microsoft. Because i can see it happening.

Turner

I use Sygate personal firewall....

Seems to have worked for me.

bus77

I use win98.
Im untouchable me:D

Jorinn

Originally posted by RicardoSmith
Does linux have dll's, com, ocx, ActiveX, VBA, VB, .net etc. Does it even have anything similar? Does i have anything like VBA or Office from a Development point of view? No. Thats fundamental to understanding how different these OS are.

You're only focusing on it from the end user experience. Thats the tip of a large iceberg.

[cynical]No it doesn't have as much inherent vulnerabilities[/cynical] Dunno about the rest but there is a .net equivelent called mono it think.

RicardoSmith

Originally posted by Jorinn
[cynical]No it doesn't have as much inherent vulnerabilities[/cynical] Dunno about the rest but there is a .net equivelent called mono it think.

What do you mean "inherent vulnerabilities". Appreciation of all these technologies and why they are so useful, gives you the reasons why Windows is on almost every desktop in the world.

tuxy

Originally posted by bus77
I use win98.
Im untouchable me:D

when win 98 was the most common os those were fun days
so many people had file sharing open to the net with full read/write access

cournioni

The worm seems to have disabled my norton antivirus autoprotect and I have to keep enabling it every time I start my computer. Has anyone any ideas on how to fix this problem?

Nick_oliveri

If its a case that sasser has turned off autoprotect, and is therefore malicious, my following statement is null.

Sasser is an annoyance....restart restart restart..
It doesnt seem to be malicious. This German guy is to be arrested or to quote Euronews "employed". Did the virus drop planes from the sky, set off nuclear warheads from America, or kill anyone? I dunno, but i doubt it. If Osama was a programmer and found this security hole things could be a lot worse. Jesus, you would think it formats your entire hard disk in Fat32 or something the way you all worry about it. Relax. I beleive corparations owe a lot to this german dood, repair prices and so forth, even though it takes a simple tool that cant be more than a megabyte to download and about half an hour or less to get rid of. Whole load of crap for nothing. And i'll admit i didn't get the sasser variant (got the one before that) but i seen it in action, and iv'e had viruse's 100 times worse.

secret_squirrel

Since Sasser-E was released after the german guy was nicked..ppl are now assuming that there were a group of VX'ers behind it rather than just him.

He's also confessed to the Netsky virus as well.....which makes him (and his mates) malicous even if sasser isnt that malious. (Although I would call any virus that causes multiple reboots and takes out various bits of Scandinavian Banks and bits of the UK coast guard as pretty malicous. Even if the reboots appear to be down to bad programming.)

seamus

Originally posted by secret_squirrel
Even if the reboots appear to be down to bad programming.)

Not so much bad programming, as unnecessarily paniky defaults. The infection is due to bad programming, but you can stop the machine very easily from shutting down.
Although the flip side being that if it didn't keep rebooting, most people wouldn't even realise they'd been infected.

secret_squirrel

Naah ya missed my point I wasnt refering to bad programming by M$, when sasser first came out, the reports were that most of the reboots were caused by bad coding within the sasser worm rather than a diliberate action of the sasser worm. Afaik thats still the case with variants B-E.

seamus

Originally posted by secret_squirrel
Naah ya missed my point I wasnt refering to bad programming by M$, when sasser first came out, the reports were that most of the reboots were caused by bad coding within the sasser worm rather than a diliberate action of the sasser worm. Afaik thats still the case with variants B-E.

Ah, lol.

Damn script kiddies with their shoddy code

secret_squirrel

Actually i was a little wrong.... sasser-A caused reboots from bad coding. B-E were purely malicous.

cournioni

Originally posted by Nick_oliveri
If its a case that sasser has turned off autoprotect, and is therefore malicious, my following statement is null.

Do you know how I can fix it? It's driving me bonkers. And I can't get on the net for long enough to download the patch. :dunno: