Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

1 In 3 Windows PCs Still Vulnerable To Worm Attack

kdawson posted more than 5 years ago | from the so-patch-already dept.

Security 242

CWmike writes "The worm that has infected several million Windows PCs, Downadup or 'Conficker,' is having a field day because nearly a third of all systems remain unpatched 80 days after Microsoft rolled out an emergency fix, security firm Qualys said. Downadup surged dramatically this week and has infected an estimated 3.5 million PCs so far, according to Finnish security company F-Secure Corp. The worm exploits a bug in the Windows Server service used in Windows 2000, XP, Vista, Server 2003, and Server 2008. Qualys' CTO said, 'These slow [corporate] patch cycles are simply not acceptable. They lead directly to these high infection rates.'" This is indicative of why some are calling for Microsoft to rethink Patch Tuesday, as reader buzzardsbay pointed out.

cancel ×

242 comments

Sorry! There are no comments related to the filter you selected.

If you have worms...on windows (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#26482527)

your doctor can help you first posting.

worm attack (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#26482535)

Your mother loves my worm attack. Drink Tequila, lick the salt, swallow the worm, greedily eat every last drop of my man-sauce.

router (5, Insightful)

TheSHAD0W (258774) | more than 5 years ago | (#26482539)

This is why I recommend everyone have a router installed on their internet connection, even if they have only one PC. Routers inherently block almost all worms.

Re:router (2, Insightful)

the_humeister (922869) | more than 5 years ago | (#26482657)

I find it easier to setup the internet connection with the router instead of using my own computer. I'm using Linux, and I find fiddling around with pppoe with the router is a lot easier than on my main computer.

Re:router (4, Insightful)

Trevelyan (535381) | more than 5 years ago | (#26482677)

You assume that the router has a some firewall, acl or nat set, ie its not inherent. Also this is more for home users. However this worm is doing well in corporate networks, spreading from one co. to another via latops, and so negating any external firewall.

Re:router (-1)

dremspider (562073) | more than 5 years ago | (#26482719)

NAT must be set for a router to work. The very nature of a router is to use NAT. Ironically though it is a bigger issue on corporate networks as they are more likely to forward off ports. Not that NAT is a panacea by any means, but it is better then nothing. All routers need to do some type of NAT period, it is how a router works.

Re:router (3, Informative)

0racle (667029) | more than 5 years ago | (#26482813)

Routers do not require NAT, they never have and they never will. However, with the way customer ISP's are set up, small consumer routers would almost certainly have NAT functionality.

Re:router (5, Funny)

corsec67 (627446) | more than 5 years ago | (#26482847)

The very nature of a router is to use NAT.

No, the very nature of a router is to... route.
Or do the core internet routers also NAT?
Is China behind a large NAT? (This will probably be true in 2015, so hello people from then)

Re:router (4, Informative)

jrumney (197329) | more than 5 years ago | (#26482921)

All routers need to do some type of NAT period, it is how a router works.

There are 14 routers between me and slashdot.org, not one of them is doing any type of NAT.

Re:router (4, Informative)

Muad'Dave (255648) | more than 5 years ago | (#26482951)

In recent parlance "router" implies a consumer level router/NAT appliance, but that's not necessarily so. Routers predated NAT by a zillion years, and routing is distinctly separate from any NAT functionality. There are plenty of routers using in large IT shops where requiring NAT would be a serious handicap.

Re:router (5, Funny)

jrumney (197329) | more than 5 years ago | (#26482953)

My ISP has a router installed on my internet connection, so I must be safe right?

Re:router (4, Informative)

Xelios (822510) | more than 5 years ago | (#26483251)

Along with a router a software firewall is a handy thing to have. A router won't alert you when a program or service tries to access your connection, but a software firewall will. If something on my PC is trying to access the internet without me telling it to, I want to know about it.

And it's great for all those annoying programs that try to phone home or check for updates at random times. What's that Acrobat Reader? You want to look for an update? No, I think I'll decide for myself when it's time to update you rather than have you nag me about it every time you're opened. Tick "create rule", hit "block". Enjoy your stay in the blacklist.

ESET Smart Security. Best $50 I've ever spent on software (except maybe The Orange Box).

Re:router (4, Interesting)

YouWantFriesWithThat (1123591) | more than 5 years ago | (#26483379)

yes, yes, and yes.

when something malicious got through AVG, spybot, and adaware i was clued in when fdsb423.exe started trying to connect with the internet. a software firewall is not a defense, but it is a good way to tell that you have something going on. i also agree it is fun to turn off the dial-home on software that doesn't need to talk to it's mommy. HP printer drivers, i am looking at you.

Re:router (0)

MasterOfMagic (151058) | more than 5 years ago | (#26483923)

A software firewall is a defense, but defense in depth is the way to go.

Re:router (4, Informative)

toleraen (831634) | more than 5 years ago | (#26483755)

A router won't alert you when a program or service tries to access your connection, but a software firewall will.

Turn on logging and your router can notify your PC, your email, your blackberry, etc etc.

Re:router (0)

Anonymous Coward | more than 5 years ago | (#26483787)

"A router won't alert you when a program or service tries to access your connection..."

Never say never. When you roll your own firewall/router, there is all kinds of things you can do if you want.

Re:router (4, Interesting)

Opportunist (166417) | more than 5 years ago | (#26483265)

That works well in home scenarios where the router is the only possible entry point of a worm. In office environments, you have laptop users that travel. They may or may not connect from home, often with mobile access or from their private line. Something you cannot shield, and more often than not is not shielded.

I've been lobbying in various consulting sessions that laptops from traveling workers are to be seen as "semi-trustworthy", if that. Because they can and do connect not only from within the trusted and firewalled network, but because of this very reason, they can connect in insecure scenarios and may be infected when they connect to the company networks. I have been lobbying to put them in a separate network ("separate but equal" has such a bad ring, but in this case it's pretty much what the idea is). If the worst case happens, it would at least only infect a usually very manageable number of computers instead of the whole corporate network.

Well, I guess I finally have a real life example of what happens when you don't heed it. Companies are like little kids, you have to let them touch the stove once before they believe you it's hot. But fortunately, some companies are willing to learn from the mistake of others...

Re:router (4, Informative)

Ephemeriis (315124) | more than 5 years ago | (#26483531)

This is why I recommend everyone have a router installed on their internet connection, even if they have only one PC. Routers inherently block almost all worms.

I think, what you're trying to say, is that it is important for everyone to have a firewall on their Internet connection... Not a router. Routers don't inherently offer any protection at all. Many home-grade routers come pre-configured with NAT, which does get you some basic protection... But not all routers do NAT, and not all of them give you any protection.

And an external firewall on your Internet connection only protects you so far. It might keep a worm from crawling in through your Internet connection... But it won't stop a worm from spreading once it is inside your network.

That's why it is important to control the traffic inside your network, as well as traffic to/from the Internet. Maybe it isn't necessary to run a firewall on each and every PC, but you sure as hell better be monitoring your traffic and keeping your machines patched.

XP SP2 (2, Informative)

jgtg32a (1173373) | more than 5 years ago | (#26483929)

All that does is drops unsolicited messages, kinda like the windows fire wall does, which has been activated by default for almost 4.5 years.

Worm Holes (-1, Offtopic)

screenbert (253482) | more than 5 years ago | (#26482573)

Microsoft is a giant elephant, and we all know what you get when you cross a a worm and an elephant?

Giant worm holes in your garden!

http://www.youtube.com/watch?v=lvp8m8CqIDc [youtube.com]

Genuine Advantage Validation (5, Interesting)

RichMan (8097) | more than 5 years ago | (#26482591)

I know a lot of people who are afraid of updates because of the genuine advantage validation. They got student priced versions of the software 5 years ago and are no longer students. They don't want to risk losing Visio/Word/PowerPoint or having some other software disabled on their computer.

The fear factor of automated reporting/validation is stopping a lot of people from running the updates.

Re:Genuine Advantage Validation (0)

Anonymous Coward | more than 5 years ago | (#26482647)

XP x64 has two major advantages.

1. It's user base is small so viruses tend not to target it.

2. It's user base is small so MS doesn't deploy WGA on it.

Re:Genuine Advantage Validation (0)

Anonymous Coward | more than 5 years ago | (#26482809)

The user base is so small, Microsoft won't even release Zune software for it. From a simple Google search, I know that the overlap between XP x64 and Zune users is at least 3.

Re:Genuine Advantage Validation (-1, Troll)

Larry Lightbulb (781175) | more than 5 years ago | (#26482971)

I know no one who is afraid of updates because of the genuine advantage validation.

Re:Genuine Advantage Validation (2, Funny)

Anonymous Coward | more than 5 years ago | (#26483055)

Thank you Captain Widely-Spanning Representative Sample!

Count 3. (1, Informative)

Benanov (583592) | more than 5 years ago | (#26483079)

You know of my parents and I, then.

They switched to Ubuntu and I to gNewSense as a result.

Re:Genuine Advantage Validation (2, Informative)

smooth wombat (796938) | more than 5 years ago | (#26483085)

So don't go through the automated process. Send them to Microsoft's Security Bulletin Search [microsoft.com] and they can search for the updates by hand.

I do this for my 2K system and my parents XP systems. Not because the systems aren't legitimate but because we have dial-up and getting automated updates would take forever. I just d/l the patches at work, plop them on my thumb drive and install.

One caveat. Every so often there is a patch/update which does require you to validate your system. You are notified so you have the option of not getting that update (or have a friend get it for you).

Re:Genuine Advantage Validation (5, Insightful)

0prime (792333) | more than 5 years ago | (#26483237)

Uhhh as a former student, this seems pretty silly. I haven't had any problems with XP or the Office 2003 Suite at all. What are these people expecting Windows to do, pull their personal info, poll it to Microsoft through WGA, and have Microsoft check College enrollment records?

I do know of one other reason why people would be afraid of WGA, though.

Re:Genuine Advantage Validation (2, Informative)

cbiltcliffe (186293) | more than 5 years ago | (#26483477)

They shouldn't be. WGA is pathetically easy to get around, even on pirated copies of Windows.

Don't know for sure about Office, because I've never looked into it, but for Windows XP, it's about a 30 second job to disable it, permanently.

Re:Genuine Advantage Validation (1, Insightful)

Anonymous Coward | more than 5 years ago | (#26483713)

You're missing the point, though. Yes, it is pretty silly: people are pretty silly in general. The point is, it happens, whether or not it "should" be happening.

Re:Genuine Advantage Validation (3, Insightful)

Ephemeriis (315124) | more than 5 years ago | (#26483659)

I know a lot of people who are afraid of updates because of the genuine advantage validation. They got student priced versions of the software 5 years ago and are no longer students. They don't want to risk losing Visio/Word/PowerPoint or having some other software disabled on their computer.

The fear factor of automated reporting/validation is stopping a lot of people from running the updates.

I'm not sure how many people there are that are aware they should be running updates but actively decide not to because of WGA. I'm sure there are some folks, but I can't imagine it's all that many.

But you are correct, updates don't happen nearly enough, which is why machines are still vulnerable.

You've got updates for Windows, updates for Office, updates for whatever antivirus you're running... All those updates take a decent bite out of your productivity. They eat some of your bandwidth, then eat some of your computing power, then they ask for a reboot.

I know plenty of people who just ignore all the update notices. Unless the machine does all its updating completely automatically without interrupting the user, frequently it just doesn't happen.

Get any work done? (3, Funny)

drewzhrodague (606182) | more than 5 years ago | (#26482597)

Jeez, with virus scanners, several types of automatic updates, and other gadgety things polluting the standard corporate desktop, it is a wonder that people can get any work done on their PCs anyway. Six Inches of Air.

Re:Get any work done? (1)

Spazztastic (814296) | more than 5 years ago | (#26482679)

Jeez, with virus scanners, several types of automatic updates, and other gadgety things polluting the standard corporate desktop, it is a wonder that people can get any work done on their PCs anyway. Six Inches of Air.

It keeps plenty of business open for people like me who repair them in their spare time to make some extra cash. :)

Re:Get any work done? (1)

sgt scrub (869860) | more than 5 years ago | (#26483817)

Not to mention all of the people in third world countries that depend on the income from phishing scams.

See! Microsoft has love and respect for the little people!

Not that bad considering it's Windows (5, Funny)

jerep (794296) | more than 5 years ago | (#26482605)

If my years of tech support taught me anything it's that 9 out of 10 Windows users are more damaging to computers than anything else.

Re:Not that bad considering it's Windows (5, Funny)

ColdWetDog (752185) | more than 5 years ago | (#26482639)

Worse than that... It's OPEN SOURCE's fault:

"By using the exploit from the Metasploit module as the code base, a virus/worm programmer only needs to implement functions for automatic downloading and spreading," said Xiao Chen, a McAfee security researcher, in an entry to the company's blog. "We believe that this can be accomplished by an average programmer who understands the basics of exploitation and has decent programming skills.

"It's obvious that worm writers are abusing open-source tools to their advantage to make their work easier," Chen added.

You all ought to be ashamed of yourselves...

Re:Not that bad considering it's Windows (1)

nschubach (922175) | more than 5 years ago | (#26483247)

(sarcasm alert)

Why not? I mean, Ubuntu kept that poor woman from going back to school [slashdot.org] . As we've been properly educated by far more intelligent people, Open Source is a cancer and should be exterminated. The Internet would be much safer without it. In fact, I doubt we'd even have a problem with some Windows worm if Open Source never even existed to route those evil packets around the world like that.

Re:Not that bad considering it's Windows (3, Insightful)

Opportunist (166417) | more than 5 years ago | (#26483299)

Why does anyone take anything coming out of McAfee still serious? Has nobody ever used their software? Well? And you STILL believe anything they say about security?

Re:Not that bad considering it's Windows (1)

Hyppy (74366) | more than 5 years ago | (#26483475)

Unfortunately, I still have to "use" their software.

Hey, it's just a job. With the economy and all...

Re:Not that bad considering it's Windows (0)

Anonymous Coward | more than 5 years ago | (#26483771)

Like terrorists abuse public transportation to make their work easier.

Re:Not that bad considering it's Windows (1)

sgt scrub (869860) | more than 5 years ago | (#26483867)

Oops! Thanks to you, my earlier post about it being Microsoft that has love for the little people was wrong. Now I know it is the open source folks allowing deprived third world people income from phishing scams. Thank you sir/madam/pooch for showing me the error of my ways.

Re:Not that bad considering it's Windows (0)

Anonymous Coward | more than 5 years ago | (#26483535)

As long as they manage to blow up their computers before it blasts spam email into the net, it's not that bad (except for the tech support guy who has to deal with them...)

blackhat thoughts (4, Funny)

Kartoffel (30238) | more than 5 years ago | (#26482629)

With all this talk of Microsoft losing money, maybe they should get into the botnet business for themselves. Vertical integration!

Re:blackhat thoughts (1, Interesting)

Anonymous Coward | more than 5 years ago | (#26482903)

> With all this talk of Microsoft losing money, maybe they should get into the botnet
> business for themselves.

Perhaps they already are.

Re:blackhat thoughts (1)

mxs (42717) | more than 5 years ago | (#26483737)

It's called Grid computing. Millions of people, every day, allow unknown other people to run software on their computers. (worldcommunitygrid.org, seti@home, folding@home, distributed.net, and dozens of other networks). Microsoft could easily leverage these people (who, for the most part, simply do not care about their power bills, apparently) by offering grid computing under another brand -- or, alternatively, to offset the licensing cost of Windows. Don't want to pay for Windows 7 ? Just agree to run their client 12 hours a day.

The idea is not as far-fetched as you may think.

Re:blackhat thoughts (3, Funny)

sgt scrub (869860) | more than 5 years ago | (#26483899)

I can hear it now.

worm developers!
worm developers!
worm developers!

Not an easy calculation (2, Informative)

einer (459199) | more than 5 years ago | (#26482633)

How much downtime is caused (money is lost) by patches that break things versus how much money is lost when machines get hacked? This isn't a windows only issue. I've seen Debian security releases break things too. They're a bit easier to rollback, but the problem is fundamentally an ROI or EV problem, not a technical one.

Re:Not an easy calculation (2, Informative)

turbidostato (878842) | more than 5 years ago | (#26483227)

"I've seen Debian security releases break things too."

Can you provide an example, please?

Re:Not an easy calculation (1)

KasperMeerts (1305097) | more than 5 years ago | (#26483493)

Remember the broken private key generator?

Re:Not an easy calculation (1)

Hyppy (74366) | more than 5 years ago | (#26483701)

It wasn't a security patch that did that.

Has anyone seen my bagels? (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#26482637)

PLEASE SLASHDOT, HELP ME THIS IS EXTREMELY URGENT!

Hello, you may be surprised to receive this cordial greeting from me, but I knew from a trusted mutual friend that you are a person of great personal personality. This is the situation in which I urgently beg your forgiveness and assistance for which I will reward you munerosiously forwith. I am prince Farabundo Elsomnolio, the ex-PRESIDENT OF THE UNITED STATERS OF AMERICA (Ph.D.) and this morning I awoke to the shock and horror that my bagels were missing. If you have a bagel, or have access to the procurement of a bagel/bagels, please remit them via WESTERN UNION to me at 1600 Spencylvania Avenue, Bronx, NY 10455 A.S.A.P.!!!! I will repay you my dear bosom friend!!!!! To the tunme of $1MILLIONE!!!!

Weekly updates? Still not enough. (1)

hendrix2k (1099161) | more than 5 years ago | (#26482649)

I've often encountered companies who run windows updates on a weekly or bi-weekly basis, thinking this will be enough. It is not. And not to promote the idea of the lazy IT worker (though I consider myself to be one), but situations like this truly do require a machine-by-machine check. So all you folks out there who rely on Saturday night updates, well, you might want to do a quick check on that.

Re:Weekly updates? Still not enough. (4, Informative)

cavtroop (859432) | more than 5 years ago | (#26483145)

Have you ever tried managing 17,000 desktops? No, didn't think so.

Most large corps run WSUS, with updates on a weekly schedule, at most. To do otherwise would cripple the network, or require such an investment in equipment and manpower as to be nearly impossible to pull off.

Having said that, most large companies also have a mechanism for quick-release of highly critical patches. I know we rolled out the MS08-067 patch to our desktops immediately, and had a 98% acceptance rate within 3 days.

Re:Weekly updates? Still not enough. (1)

Hyppy (74366) | more than 5 years ago | (#26483527)

At 17,000 desktops, you should probably be running SMS or at least a tiered WSUS environment. It's not that hard to patch machines nightly, as long as you don't have them all going to a single poor WSUS server.

Re:Weekly updates? Still not enough. (1)

QuantumRiff (120817) | more than 5 years ago | (#26483919)

Sure, I'll just run out to the 40 or so client sites within a 75 mile radius that all my employees are working onsite at, and double check their laptops. Then, I'll go visit the employees that are working at home. Of course, I'll drive the two hours to our remote office, to check all desktops and laptops there... I'll get right on that...

Weekly updates is more than good enough. MS Only pushes updates out Monthly anyways. If they do occasional do an out of order patch, I make it a higher priority. This bug was patched 2 MONTHS ago by MS. Weekly or bi-weekly patches mean all of your computers should be fine.

That's nothing (1, Funny)

ZeroExistenZ (721849) | more than 5 years ago | (#26482653)

My PC is vulnurable to butterflies. I estimate 90% of all windowsmachines could be as well.

Patches are good, not bad! (4, Interesting)

Anonymous Coward | more than 5 years ago | (#26482667)

What drives me absolutely nuts is how people who are not computer professionals talk about patches with contempt. In any magazine article about an operating system, whether it be from the Windows family, Mac OS X, or Linux, when the subject of patches comes up, the writer will usually say something to the effect that a downside of using this operating system is the high frequency of patches.
 
In a perfect world, software would have zero bugs (security holes are bugs, too, if you think about it). No product would have any problems. Everything would be perfect. There would be no need for patches.
 
But unfortunately we do not live in a perfect world, and software does have bugs. When patches are available at a frequency such as daily (as is sometimes the case if you use Ubuntu, patches not only for the OS but for any programs you have installed too), or every few weeks as is the case with Mac OS X, you know that people behind the product are responsible, are continuing to develop and refine the software, and you benefit from those refinements at the frequency of the patches.
 
We all know this, yet because many people feel contempt toward software patches, and because magazines and newspapers write inaccurately about this subject, many boxes out there are vulnerable to many types of attack, and this won't change any time soon. I think some effort needs to be expended by the marketing departments of various software companies to convince people that patches are good, not bad.
 
I just had one additional thought about this Windows patch. Perhaps some of these boxes are using illegitimate copies of Windows and are therefore ineligible for the patch?

Re:Patches are good, not bad! (1)

zach297 (1426339) | more than 5 years ago | (#26482933)

I am pretty sure that you don't need a legit copy of windows to get security fixes.

Re:Patches are good, not bad! (1)

joelmax (1445613) | more than 5 years ago | (#26483163)

All too true... for security fixes and windows updates... all you need to know is the MS fix number (In this case it is MS08-067) and then you can pop that into the kb and download the particular file direct from the article. No windows update, no WGA; however, there are a few of them out there that still may do the check, but it has been ages since I have seen anything like that.

Re:Patches are good, not bad! (3, Insightful)

Zerth (26112) | more than 5 years ago | (#26483253)

When patches are available at a frequency such as daily (as is sometimes the case if you use Ubuntu, patches not only for the OS but for any programs you have installed too), or

.

Your mistaking speed of availibility with frequency of occurance. I like patches to come out as soon as possible. I do not like patches to come out as frequently as possible.

If a bug is found and the patch is available the next day, that is a good thing.

If patches come out every day because there are bugs found when somebody just glances at the code, that is a bad thing because the code either had incompetant QA or is so chock full of bugs it took that long to work down the list that QA returned.

Re:Patches are good, not bad! (3, Insightful)

King_TJ (85913) | more than 5 years ago | (#26483811)

Honestly, users wouldn't feel nearly as much contempt over patches if they were less obtrusive.

The number of times a Windows update patch requires a system restart is ridiculous.

Even with WSUS pushing out all the updates in the middle of the night, and auto rebooting boxes, it irritates people who purposely left a PC logged in, with the screen password-locked, before going home at night for one reason or another. They come in the next morning to find they were forcibly logged out, with work potentially lost or some operation not finished they intended to let run overnight.

(And let's be fair here. This is ALSO a big issue with Mac OS X. Most, if not all, of their required reboots could be eliminated if they'd stop and restart the appropriate services, instead of just doing a restart as an "easy way" to accomplish the same thing.)

Immune (5, Funny)

Alsee (515537) | more than 5 years ago | (#26482681)

I'm immune to the worm. I'm still running Windows98 and it doesn't have "Windows Server service" and all that other wormbait crap.

Oh, hold on.... I'll be right back. I've been online 40 minutes and I need to reboot.

-

Re:Immune (1)

jbeale53 (1451655) | more than 5 years ago | (#26483071)

We had a system admin for a department at an organization I worked for that absolutely refused to upgrade his Novell 3.12 server. (This was in 2006). His justification was always that all these viruses that we were getting elsewhere in the organization never affected him, because they didn't hurt his old as dirt system.

Re:Immune (3, Funny)

oahazmatt (868057) | more than 5 years ago | (#26483075)

And here I thought you didn't attract worms because you walk without rhythm.

Re:Immune (0, Redundant)

acohen1 (1454445) | more than 5 years ago | (#26483371)

And here I thought you didn't attract worms because you walk without rhythm.

Awesome Dune Reference

Re:Immune (1)

Hyppy (74366) | more than 5 years ago | (#26483605)

A subtle reference is not as awesome once you point it out clear as day.

Not Acceptable? (5, Insightful)

PolyDwarf (156355) | more than 5 years ago | (#26482747)

Qualys' CTO said, 'These slow [corporate] patch cycles are simply not acceptable. They lead directly to these high infection rates.'"

It's also not acceptable that corporate desktops become useless because of an update that MS rolled out that broke mission-critical software.

There's a reason there's an IT vetting process with patches (fool me once, shame on you... fool me twice, three times, every patch tuesday, shame on me). There's also a reason why those processes take a while. If you disagree with IT workers doing their jobs and making sure that an update won't screw up the network/application/productivity/company, take it up with software vendors and MS, not with the people who are trying to make sure their company stays functioning. Or will you be willing to pay for their time in fixing problems if they apply patches that break things?

Re:Not Acceptable? (0)

Anonymous Coward | more than 5 years ago | (#26483103)

Is your company willing to pay for the damage to others when your machines get pwned? You're responsible for what your computers do. Are you taking that responsibility seriously?

Did you think about this when you picked the software and designed the network?

The rest of the world doesn't care about your mission.

Re:Not Acceptable? (1)

mulvane (692631) | more than 5 years ago | (#26483395)

What if my mission was handling your money and my mission crashed because of a patch that I didn't have an immediate fix for? Its easier to fix a system in a state you know than the state a patch potentially puts it in.

Re:Not Acceptable? (2, Interesting)

MobyDisk (75490) | more than 5 years ago | (#26483141)

I've worked at several places that didn't roll out patches right away. It wasn't because the IT department was busily testing the patches. It was because they were afraid of the patches, but had no time to test them.

For one example, we had a farm of servers. I suggested that they let the developers patch their machines first, then the test servers, then the staging servers, then production. That way there was no risk, and no need to go about with extra testing effort. They agreed -- but nothing happened. The internet-facing production servers were sometimes a year out of date, while all the dev and test machines were running the latest stuff just fine.

Re:Not Acceptable? (1)

jbeale53 (1451655) | more than 5 years ago | (#26483181)

But his point is that the corporate patch cycles are too slow, not that they shouldn't test the patches. IT folks need to test their systems when the patches come out, not 3 months later when they get around to it.

Re:Not Acceptable? (1)

ACMENEWSLLC (940904) | more than 5 years ago | (#26483835)

Patch Tuesday broke a mission semi-critical server. Removing the patches did not fix it. It had to be FDisked and rebuilt.

And our backup guy forgot to add it to his new backup server rotation.

The vendor who built the server software (one off custom) did charge for his 12 hours to rebuild it.

Should we charge that back to Microsoft? The same patches only broke one other machine. 600 others were fine.

Too bad this OS wasn't written properly in the first place. At $300 a pop, the development quality assurance department should check every line of code for failure to check for buffer under or over flows, imo.

I bet a lot of the infected... (0)

Anonymous Coward | more than 5 years ago | (#26482783)

..are the 1337 ones who tell all and sundry that they don't need to update their OS because they're a "pro" or "power" user.

FagoRz (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#26482797)

downward spira7. In

How about installing updates? (4, Insightful)

HerculesMO (693085) | more than 5 years ago | (#26482849)

The update was issued in October.

If you haven't patched, there's no fault of anybody but your own.

If your car has a recall for a safety belt problem, and you don't get it fixed and get into an accident, is it suddenly the car manufacturer's fault? No.

And likewise it's not MS's fault if you can't install patches on your OS.

Re:How about installing updates? (1)

Chris Mattern (191822) | more than 5 years ago | (#26483037)

If your car has a recall for a safety belt problem, and you don't get it fixed and get into an accident, is it suddenly the car manufacturer's fault? No.

It is when you can point to a past recall for a safety belt problem that caused the car to fail to start.

Re:How about installing updates? (0)

Anonymous Coward | more than 5 years ago | (#26483269)

And likewise it's not MS's fault if you can't install patches on your OS.

Ummmm WGA? (Yeah yeah I know it's because of an illegit copy and all but that's besides the point. No chance in hell I'm using the legit vista that came with my pc, even if I only use windows for gaming!)

Re:How about installing updates? (2, Insightful)

Anonymous Coward | more than 5 years ago | (#26483533)

Well, yeah.

But now imagine that cars are recalled literally EVERY SINGLE MONTH, for SEVERAL life-threatening problems each and every time. Would you still say that the manufacturer is doing their job well?

Of course not; you'd switch away from that manufacturer ASAP.

But wait! Now imagine that there's only one large car manufacturer that controls 95% of the market, and the only other cars are either luxury cars that are totally different (Apple) or home-built hobbyist cars.

And also imagine that the dominant manufacturer has secretly blackmailed road builders to make sure only THEIR cars work on roads. And now imagine that they were convicted of these illegal practices and others, too, but that when the government changed, suddenly, interest in actually holding them accountable suddenly waned, with the result that the average Joe Sixpack still can't change manufacturers and still has to return his car EVERY SINGLE MONTH for SEVERAL life-threatening problems to get fixed.

And now imagine that things have gotten to a point where Joe Sixpack assumes that this is normal and acceptable - if he knows about it in the first case, that is.

Oh, and imagine that when the manufacturer fixes these life-threatening problems with your car, they will also - for all that Joe Sixpack knows - check that he didn't give his car - his OWN car! - an unauthorised paint job or any other kind of modification.

Would you still say that this car manufacturer is not in the wrong?

Re:How about installing updates? (0)

Anonymous Coward | more than 5 years ago | (#26483575)

Actually it is Microsoft's fault in the case of PC's that are running pirated copies of XP, by technicality, and these are likely the PC's that are really causing the problem (sorry MS fanboy). If Microsoft were interested in global computer security they would recognize this and rethink WGA, rather than Patch Tuesday.

Then there's the cases of WGA invalidating real, authentic keys for XP (you can look that one up on Google if you want, it's not exactly a small problem). Is it Microsoft's fault if WGA blocks your LEGITIMATE key and you can't install patches? Why yes, yes it is. Sorry again fanboy.

I won't even get into your car example because it's so fundamentally flawed that I have to wonder whether or not you're just some Microsoft shill altogether.

Obligatory bad car analogy (1)

PPH (736903) | more than 5 years ago | (#26483603)

If your car has a recall for a safety belt problem, and you don't get it fixed and get into an accident, is it suddenly the car manufacturer's fault? No.

I can just see it now .... recall Tuesday.

Re:How about installing updates? (0)

Anonymous Coward | more than 5 years ago | (#26483699)

I work for a company that just suffered from this attack. By policy, we have automatic windows updates configured to run on our machines. Once the attack was on (last week), I manually did an update and found I was 32 patches behind. Many people were behind by 10 to 25 patches. All of them had automatic updates enabled. We're still baffled but this indicates that the windows update system is not very reliable.

Re:How about installing updates? (1)

Rutefoot (1338385) | more than 5 years ago | (#26483801)

To take that analogy further, this car of yours would have an autodrive feature that drives itself back to the dealership to be fixed in the event a recall is ordered. You of course intentionally deactivated this default safety feature.

Talk about glasses being half full (1)

zappepcs (820751) | more than 5 years ago | (#26482963)

Really? 1 in 3? That's the most optimistic statement I've heard in a month, and that includes a 5 year old's wish list.

This morning, I'm lamenting the issues I'm having with flash video on AMD-64 Ubuntu 8.10... then I read the story of the latest "Worm on Windows"(tm) and thought "thank fsck I am using Linux".

Yeah, I know that abbreviates to WoW... so what? I don't play games.

Re:Talk about glasses being half full (1)

Yvan256 (722131) | more than 5 years ago | (#26483119)

You could always play WoG instead.

Re:Talk about glasses being half full (1)

nschubach (922175) | more than 5 years ago | (#26483431)

If you follow the directions for copying the files to the specific .mozilla folder of your home directory... Flash 64 works great. At least it does for me. I have yet to witness a crash, but I do get some tearing in full screen.

Re:Talk about glasses being half full (1)

zappepcs (820751) | more than 5 years ago | (#26483491)

Well, it 'works' if you call it that. It seems like the buffering is done on some other machine... in India or something. I can download with flashgot etc. and all plays fine. For some reason the buffering SUCKS. Also, not all flash plays. If anyone has really good links for help, it would be appreciated. I'm not finding the bestest latest greatest tutorials on this.

This is news... (-1, Redundant)

dfn5 (524972) | more than 5 years ago | (#26482977)

...how?

12:00 ..... 12:00 .... 12:00 (1)

madbavarian (1316065) | more than 5 years ago | (#26483095)

Is this the same ratio as the number of VCR's that are flashing 12:00?

Our site had 350 machines infected in 4 hours (1, Interesting)

Anonymous Coward | more than 5 years ago | (#26483137)

We had better than 95 percent MS08-067 patch coverage and the infection still went that fast. Due to the random date stamping of dropped files, I can't tell who was infected first, and I can only speculate as to how it spread so fast. I believe it would actually use logged on credentials first before trying the exploit, and we have poor local permissions(lots of local admins). Still, I have about 30 machines that were patched and no one is local admin on(except domain admins), and they were infected with everyone else.

Re:Our site had 350 machines infected in 4 hours (1)

SBrach (1073190) | more than 5 years ago | (#26483283)

So the only computers that can get owned are the ones used by the only people that can own your entire network. Sweet.

Turn off rpc? (1)

abigor (540274) | more than 5 years ago | (#26483261)

I'm not a huge Windows user, but I know you can turn off the rpc service via msconfig. Why don't more companies do this? Or is it needed for certain things, like maybe Exchange? I confess my ignorance here.

Re:Turn off rpc? (2, Informative)

cbiltcliffe (186293) | more than 5 years ago | (#26483773)

Killing the RPC service effectively kills the computer. Pretty much everything is dependent on it.

It's basically like running in safe mode, but without the "Safe Mode" in the corner of the screen, and with more stuff that doesn't work.

Like the Event Viewer. You can't even see the list of events in the viewer if the RPC service isn't running.

It's ugly. Don't do it.

Re:Turn off rpc? (2, Informative)

King_TJ (85913) | more than 5 years ago | (#26483889)

Although I do use and support Windows every day, I don't claim to be an expert on the Windows services and the apps that need them....

But yes, I *do* believe you need to leave the RPC service running in most circumstances. The fact it is called "remote" doesn't imply it only relates to remote computers on a network. Rather, it means separate program modules, even running on the SAME machine. Service Pack 2 for XP turns it on by default, and even grays out the option to disable it - which is a strong hint that you're supposed to leave it running.

A list I found on the net of things that require RPC in Windows include:

Background Intelligent Transfer Service (Used by Windows automatic updates)
Cryptographic Services (Used by Windows updates, both automatic and manual)
Distributed Link Tracking Client (Maintains links between NTFS files)
Help and Support System
Logical Disk Manager
MS Software Shadow Copy Service (MS Backup requires this)
Network Connections
Print Spooler
Protected Storage
Shell Hardware Detection (Do you want to play a music CD? You need this)
System Restore Service
Task Scheduler
TrueVector Internet Monitor (Required by ZoneAlarm, and probably other apps)
Volume Shadow Copy (Backup uses this)
Windows Audio
Windows Installer
Windows Management Instrumentation (Many apps depend on this service)

I'm sick of hearing about Windows bugs (1)

DBAN (1454439) | more than 5 years ago | (#26483365)

Everything has bugs, flaws needs patching etc.. but because Microsnot creates buzz the headlines are pushed and IT geeks have to pet our managers and assure them things will be okay. We all know "its" much worse than this headline. MS is not the flaw.. it's the users!

Conflicker? How about Sasser? (1)

Opportunist (166417) | more than 5 years ago | (#26483401)

Remember it? I know, over 4 years now, but it's still pounding at my firewall.

And anyone is wondering that 1/3 of the machines running Windows are still unpatched for a threat that's not even half a year old? I'd rather wonder if it's the same 1/3 of machines that pound against my door trying to sell me Sasser and Mydoom.

What the hell? (1)

Amasuriel (1176527) | more than 5 years ago | (#26483629)

The summary states "This is indicative of why some are calling for Microsoft to rethink Patch Tuesday, as reader buzzardsbay pointed out."

I know this is /., but really, how is a company not patching their systems eighty days after the patch was release in any way the fault of Microsoft?

Patch Tuesday is great for planning compatibility testing and patch management. MS also releases the odd patch out of cycle if it is important enough, so what's the issue?

pink floyd (1)

shvytejimas (1083291) | more than 5 years ago | (#26483657)

Tag: ateintohisbrain
The reference is pure genius. I'd mod up a tag if I could.

Not patched, not worried (1)

myxiplx (906307) | more than 5 years ago | (#26483683)

As I've said many times, patches are nowhere near as high a concern if you lock things down in the first place, and Microsoft do provide some pretty good tools for doing that in Windows (namely Group Policy).

Our protection against viruses is pretty thorough, and we've not had a sniff of an infection in 3+ years:

- All of our machines have filtered access to the outside world
- Staff can only visit work related sites during working hours (enforced at the firewall)
- No website can run any kind of script unless approved by IT (takes 5 mins or so to approve)
- All CD-ROM drives are disabled on machines.
- Users do not have permission to install USB drives
- Autorun is disabled site wide via group policy
- Downloads of executables, zips, etc is disabled at the firewall
- Emails are also filtered, and in addition all Office Documents are quarantined before manual release.
- Oh, and AV on all desktops (Sophos), updating within 15 mins of new virus definitions coming out.

Over the last 2 years, I've only seen three security warnings from Microsoft which we're not already exempt from because of the mitigating factors, and while this might sound over the top, it doesn't get in the way of our users doing their work, and takes under a single man hour each day for the IT department to manage. Quiet days probably only take up 15 mins or so.

Although to be honest, I still don't consider this a final solution. Future plans include:

- Whitelisting of all executable software
- Full DR procedure for desktops (to allow quick recovery when we do get hit by a virus)
- Physical isolation of key machines to protect them in case of an outbreak

Re:Not patched, not worried (1)

codepunk (167897) | more than 5 years ago | (#26483965)

That is a example of a fairly good security policy, however if someone really wishes to own your network they will.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>