New Windows worm wreaking havok

[DeeBye]

http://www3.ca.com/threatinfo/virusinfo/vi...s.aspx?id=39012

The "Sasser" worm is on the loose. A sign of infection is repeated crashes of "LSASS.EXE" (Local Security Authority Subsystem Service, a required Windows file).

A visit to Windows Update will patch the hole, but you should also be sure to run a firewall at all times.

Two good free ones are:
ZoneAlarm
and
Kerio Personal Firewall

This brings me to something that's been on my mind for a while. Call it a bit of a rant if you will.

People who do not regularly update their OS, who do not regularly scan for viruses (and keep their virus definitions updated) and who do not run firewalls, while regularly connecting to the internet CAN ALL BURN IN HELL!

Viruses, worms, and trojans would be almost unheard of if people just spent 10 minutes every week to ensure that their computers are secure. The only reason why these things have such a widespread and destructive effect is because of people who are too ignorant to practice even a little bit of common computing sense. These ignorant people are the ones who propagate crap like Sasser which wreaks havok on the internet. These are the people who send me e-mail saying "I send you this file in order to seek your advice".

It doesn't take a whole lot of effort to keep your computer secure.

• Update your OS regularly
  <>
  
• Scan for viruses often, and ensure that your scanner is up to date
  <>
  
• Run a firewall while connected to the internet
  <>
  
• Don't open stupid unknown files called "britney_spears_nude.jpg.exe.vbs.wtf.omg", even if it was e-mailed to your from your dear Aunt Esther.<>
  [st]
  
  Here is a picture of a really big bug.
  

[Artega]

My install of Windows 98 is three years old.

Every time I get past the log-in screen, I get a BSOD which forces me to manually (read: use the power button) shut down the computer, and then sit through a five-minute AutoScan. AIM crashes my computer at least three times a day, Internet Explorer crashes literally every time I've opened it (occasionally taking vital things, like online purchases or downloads, with it), and even venerable StarCraft has crashed out to the desktop in mid-game.

600MB of my 4GB drive have been mysteriously missing for the past eight months, and I can't find them, no matter what I try. If I delete enough crap to have the space to install Diablo II or Baldur's Gate II (112MB and 82MB remaining, respectively), I get 12fps and 19fps at best, respectively. I have lost $27.19 over the years in crashed online purchases (mostly shipping labels in the process of being printed via PayPal) when IE died.

My ZIP drive mysteriously disappeared from Windows eleven months ago. It is still completely connected, and it still receives power from the PSU. It accepts ZIP disks, but Windows will not allow me to access them, because Windows apparently thinks that the ZIP drive does not exist.

The ATI Rage II+ that powers my system's visuals is integrated with the off-brand motherboard (I still haven't been able to find labels or printing that reveals a brand.) I do not have an AGP slot. Therefore, I cannot upgrade my visuals. Ever.

The modem that connects me to my pathetic dial-up ISP maxes out at 49.3k. I have never gone under 650 ping connecting to a Battle.net server. I installed Half-Life and Counter-Strike (a long time ago, before the jackasses had to do all of that visual-upgrade crap and make Counter-Strike unplayable on older machines) for kicks once, and successfully managed to run CS at 9fps at 320x240 resolution, and with 971 ping on a server located in the same ZIP Code as I.

I'm going to go cry in the corner now.

[--Pete]

Hi,

Viruses, worms, and trojans would be almost unheard of if people just spent 10 minutes every week to ensure that their computers are secure. The only reason why these things have such a widespread and destructive effect is because of people who are too ignorant to practice even a little bit of common computing sense.

That's like blaming shooting victims for not wearing bulletproof vests. The fault is with a company that puts out the holiest OS out there, and has used Mafia business tactics to gain 95% market share of the desktop. So, yeah, savvy computer users can operate in relative safety. But the *average* user doesn't have a clue and shouldn't need to have a clue. Your statement is an admission that our vaunted technology is just so much undependable crap -- and that is *not* the user's fault.

--Pete

[gekko]

Your statement is an admission that our vaunted technology is just so much undependable crap -- and that is *not* the user's fault.

--Pete

Hmmm... now why does that sound familiar? Oh right, I remember...

"Your list of suggestions of how to avoid being raped (don't walk alone, avoid dark secluded areas, etc.) suggests that the fault lies with the victim. The only person responsible for a rape is the rapist. I should not have to avoid walking alone in the dark to my car. This is societies problem, not mine."
- letter to the editor of a local university newspaper

Such an argument, while absolutely true, ignores the true issue. In my example, the fact that it's not the victims fault doesn't change reality -- if a girl walks alone through a university campus away from buildings at night, she is at risk. In a perfect world, you shouldn't have to be careful. But just because it's not my fault if I get raped, doesn't mean I shouldn't take steps to avoid being raped.

The same is true of computers. If you own a computer, hook it up to the internet, and don't have a clue about protecting your system, you are going to be the victim of viruses, hacks, trojans, etc. That's reality. It sucks, but that's life.

gekko

[Taem]

I agree that people should learn about protecting their computers from attackers, however if they literally know nothing about computers, who is going to tell them how to protect their computer?

Until someone or some entity takes it upon their shoulders to inform ALL computer users about how to protect their computers from nasties, should the ignorant really be at fault? I just can't help but think of my grandmother learning how to turn on her computer this week and trying to send an email. I'm scared that she'll get a "verify your PayPal account by clicking this link now," message and be ruined. It's a very real fear for me and that sucks!

I also think Pete is right about Microshaft. They really need to do more QA testing before releasing their products/patches, and upgrade more often when a problem arises, not make it some optional download you can get at your leisure that you never knew existed for over a year.

However that brings me back to my second paragraph, why should Microshaft make better products if they own everyone and everything (sarcasm) and people will buy their products NO MATTER WHAT? This being the case, I doubt they care about helping protect their customers from nasties if it takes away from their capital because of the added resources of a more in depth QA.

So now we're pointing the finger again. Can't blame the ignorant consumer who wasn't warned correctly (hey, now that’s got some good sue potential ;) ). Can't blame the creator of the OS because... they don't give a damn. Got to blame the virus creators who spend their time making this crap to ruin ignorant people's lives. That's who you really got to blame if you insist on pointing the finger.

[Quark]

Obviously Windows is a problem.

However, completely ignoring that, my Network Administrator sent out 4 emails before campus started, each saying to update before coming back because of the Blaster worm. School started and over half the campus became infected. At our Help Desk, there was a line down three flights of steps of people waiting. We were working on up to 10 systems at the same time. Meanwhile, our network didn't recover from the worm's stress until a month after school started.

All because people couldn't read 1 of 4 e-mails. Yes, I can blame the user, some of the time.

[Quark]

Two systems confirmed infected already. Since one has probably been connected to the campus network, it's Blaster all over again for us. Only this time we haven't sent out 4 emails, so chances are it'll be even worse.

I'm imagining the legions coming back tonight with the laptops: "my system wasn't working well at home, maybe it'll do better on campus." And thus the firewall is broken down.

[Artega]

Makes you love life, doesn't it?

[kandrathe]

Again, something we entirely agree about.

To the idea some people have that one must be an expert with computers before using one. Not every car driver is Mario Andretti or his pit crew. Imagine the chaos if automobiles were as susceptible to external hacking as computer OS's. The problem with much of the internet is that it was designed and built with little forethought to mailice.

MS is to blame for not turning off services that most users do not use by default. MS is to blame for building into their architecture, Active X which has Administrator authority over the entire machine. Even if one is very, very aware of all MS foibles, you cannot be any safer to the unexplored bug that is awaiting discovery. Just be thankful when you get the patch installed before the worm has done it's damage.

That said, I have very few problems in my shop.

Beyond the natural defenses of a firewall, here are my rules;

1] No dangerous or large attachments -- I have an e-mail (and Bayesian spam) filter remove every known executable and deliver to the sender and receiver the message that "Email is not to be used for file transfer." If you want to do file transfer use the FTP server. Each server, including the e-mail server, scans itself for malware.

2] All machines on the network must have an active Anti-Virus software that attempts to update its signatures every day, and performs a full system scan. The results are collated and reported to the administrator to review in the morning.

3] All machines on the network have automatic patch updates installed, either RPM's or WindowsUpdate.

4] All daily usage accounts are not Administrator accounts and have no authority to alter the OS, or core files on even the local system. Administrator accounts are used for applying changes only. My users cannot even install Shockwave without getting the help desk's approval.

Even with these precautions I had one incident this spring. An external infected laptop (an executive's) was attached to the network and infected an embedded OS in our phone system with Nachi. Prior to that incident, the phone system was managed by the telecom vendor. But, after that incident I decided that any device on the network had to be fully managed and monitored by us.

There is of course a bigger picture solution. PKI. But, then again, no one really wants to sacrifice all privacy for security.

[gekko]

Until someone or some entity takes it upon their shoulders to inform ALL computer users about how to protect their computers from nasties, should the ignorant really be at fault?

The fact that you are ignorant of risks does not change the reality that risks exist.

When I go to buy chicken at the grocery store, should the clerk always inform me about salmonela poisoning? When I stop for gas, should the cashier remind me how flamable gas is before I drive away? When I sell someone a computer, should I be required to inform them of every virus known to man, and how to protect themselves from them all?

Microsoft should do a better job of designing and protecting their systems... right. So microsoft is now responsible for ensuring their system is secure enough to stop the thousands and thousands of hackers around the world. Sorry, but I don't buy that.

All it takes is a single question to a friend, relative, or even a sales associate (providing you can find one you can trust ;) ), asking about some simple steps on how to protect your system. Ignorance is not an excuse to hoist this responsability onto microsoft.

gekko

ps by the way, I'm a mac user who thinks microsoft is stupid :)

[DeeBye]

Microsoft has posted an update about the Sasser worm, including an ActiveX utility to see if you've been infected.

I'm good.

[Taem]

I don't blame Microsoft for anything. They can do what they want with their software. What Pete and others were saying was because Microsoft software has a lot of possible holes, that when one is exploited in a worm/virus/trojan/etc., it seems only reasonable that Microsoft would supply an automatic update, but they don't. You have to click on your start menu and find the Automatic Update selection manually to get these updates.

Like I said above, I personally don't have a problem with that fact or Microsoft for that matter. I actually find their cutthroat method of business exhilarating and overwhelmingly competitive in an enjoyable way.

I guess most of you people here on the Lounge don't have any elder family members starting on the web now-a-days like I do, but I really can't and don't blame the users because I think most of the poor saps who get infected are new to the web or computers in general (or complete idiots).

The OBVIOUS entity to blame would be the creators of this malicious code. It's easy to say, "if that exploit wasn't there in the first place, then a 'hacker' couldn't have made that virus," or, "those idiots looking at stag pictures keep downloading viruses and spreading them!" If I give some uncultured third world person a computer with internet connection and he gets a virus, am I too say, "geeze, your a moron!" Please...! But I haven’t heard a single person in this thread yet blame the creators of the malicious code. Seems like something’s wrong here! BLAME goes to the hackers who made the code. However a FIX to the problem must start with the program itself.

Just my 2-cents.

[kandrathe]

Yes, but how many years was ntdll.dll buffer overflow exploit around before it was made public and patched? That to me is exactly like driving down the road in my new car and having the engine explode because someone made a cell phone call. The defect was inherent in the design. The solution? Upgrade every 2 years to Microsoft latest poorly designed code and hope that at least the old exploits are gone. But, how many new exploits are there? Even if you are patched to the latest code, there is all the bugs that have not been found at least by the good guys yet.

The day I was installed to my broadband provider according to their method, I was able to find my home windows machine through the internet and break in. I bought a router/firewall on my way home. Most home users still have no clue how exposed they are. I could literally go out right now and find thousands of hard drives I could browse and alter at will. I think the cable provider is partly to blame because their useless techs are required to perform the installation, and provide no firewall or other protections. It's like the "Dumb and Dumber" of network connectivity. All the Windows networking services that make the machine vulnerable are left in place.

So in a proper metaphor, its like giving babes with tricycles a license to go 75 mph on the information super highway -- populated with the post apocalyptic scum from "Mad Max". Some of us understand the danger and are prepared to try to defend ourselves, but the majority are not.

[Yrrek]

Sure, it's annoying, but just like you said, they are ignorant. :)

[Quark]

So it hit my campus earlier than we expected. I had sent preliminary e-mails to my boss describing the potential problems, then a friend of mine came over with her laptop. She was infected.

I get a call from the guy "on call" today for the Help Desk -> he has no idea what is going on, it's way too busy for a normal Sunday, and my boss referred him to me. So I head up and spend the next 8 hours cleaning up systems on a day we're not even supposed to be open :(

Not just that, but we're starting our "Laptop Swap" tommorow, where current Sophmores turn in their Lattitude C510s and get Lattitude C600s. Problem is, the C600s were set up awhile ago. They don't have the patch. So now we have +1800 laptops running that need to be fixed, and +500 laptops being handed out that need to be fixed. Oy vey.

[TaMeOlta]

Got to blame the virus creators who spend their time making this crap to ruin ignorant people's lives.&nbsp; That's who you really got to blame if you insist on pointing the finger.

Yes , they are to blame .... now we need the ultimate punishment to deter virus makers ....... :P

How about : When they are located and caught , we download the Barney theme song into their heads so that they are forever hearing "I love you , you love me ....." over and over and over and .......

[kandrathe]

I find the "Barbie Song" by Aqua to be 100 times more obnoxious than Barney. I'm sure there are others.

Edit: BTW someone recently posted the worst songs of all time -- "Ackey Brakey" was the polled #1 worst song of all time. That might work as well.

[--Pete]

--Pete

[TaMeOlta]

Oh no way Pete , we must torture these people with cruel and unusual punishment now ...... lots of it :P !

Just think , in the future we will hafta start of our mornings by checking to make sure our Microsoft Houses have not been infiltrated by worldly viruses , then taking a shower , having coffee , go out and do the virus check/update on our vehicles , then go to work where the first two hours are spent ..... fighting viruses , followed by 6 hours of work and a return trip home to cleanse / purge s'more ...... then again , maybe mankind will develop a super intelligent AI system that will do all this for us ... :lol:

[--Pete]

Hi,

maybe mankind will develop a super intelligent AI system that will do all this for us

Wasn't that used in Governator 1, 2, and 3? Named something like "Taxnet"?

--Pete