Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Refuses To Patch Rootkit-Compromised XP Machines

timothy posted more than 4 years ago | from the define-yourself-as-outside-the-fence dept.

Security 330

Barence writes "Microsoft has revealed that its latest round of patches won't install on XP machines if they're infected with a rootkit. In February, a security patch left some XP users complaining of endless reboots and Blue Screens of Death. An investigation followed and Microsoft discovered the problems occurred on machines infected with the Alureon rootkit, which interacted badly with patch KB977165 for the Windows kernel. Now Microsoft is blocking PCs with the rootkit from receiving its new patches. 'This security update includes package-detection logic that prevents the installation of the security update if certain abnormal conditions exist on 32-bit systems,' Microsoft cautions in the patch notes."

cancel ×

330 comments

The Microsoft way! (0, Troll)

Neuroticwhine (1024687) | more than 4 years ago | (#31861260)

Microsoft has always held the moto, "If its broke... dont fix it."

Why would they change that now?

Re:The Microsoft way! (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#31861276)

BUT, consider:

1. No known species of reindeer can fly. BUT there are 300,000 species of living organisms yet to be classified, and while most of these are insects and germs, this does not COMPLETELY rule out flying reindeer which only Santa has ever seen.

2. There are 2 billion children (persons under 18) in the world. BUT since Santa doesn't (appear) to handle the Muslim, Hindu, Nigger, Jewish and Buddhist children, that reduces the workload to 15% of the total - 378 million according to the Population Reference Bureau. At an average (census rate of 3.5 children per household, that's 91.8 million homes. One presumes there's at least one good child in each.

3. Santa has 31 hours of Christmas to work with, thanks to the different time zones and the rotation of the earth, and assuming he travels east to west (which seems logical). This works out to 822.6 visits per second. This is to say that for each Christian household with good children, Santa has 1/1000th of a second to park, hop out of his sleigh, jump down the chimneys, fill the stockings, distribute the remaining presents under the tree, eat whatever snacks have been left, get back up the chimney, get back into the sleigh and move on to the next house. Assuming that each of these 91.8 million stops are evenly distributed around the earth (which, of course we know to be false but for the purpose of our calculations we will accept), we are now talking about .78 miles per household, a total trip of 75.5 million miles, not counting stops to do what most of us must do at least once every 31 hours, plus feeding and etc. This means that Santa's sleigh is moving at 650 miles per second, 3000 times the speed of sound. For purposes of comparison, the fastest man-made vehicle on earth, the Ulysses space probe, moves at a poky 27.4 miles per second - a conventional reindeer can run, tops, 15 miles per hour.

4. The payload on the sleigh adds another interesting element. Assuming that each child gets nothing more than a medium-sized Lego set (2 pounds), the sleigh is carrying 321,300 tons, not counting Santa, who is invariably described as overweight. On land, conventional reindeer can pull no more than 300 pounds. Even granting that "flying reindeer" (refer to point #1) could pull TEN TIMES the normal load, we cannot do the job with eight, or even nine. We need 214,200 reindeer. This increases the payload - not even counting the weight of the sleigh - 353,430 tons. Again, for comparison - this is four times the weight of Queen Elizabeth.

5. 353,000 tons traveling at 650 miles per second creates enormous air resistance - this will heat the reindeer up in the same fashion as spacecrafts re-entering the earth's atmosphere. The lead pair of reindeer will absorb 14.3 QUINTILLION joules of energy per SECOND, EACH! In short, they will burst into flames almost instantaneously, exposing the reindeer behind them, and create a deafening sonic boom in their wake. The entire reindeer team will be vaporized within 4.26 thousandths of a second. Santa, meanwhile, will be subjected to centrifugal* forces 17,500.06 times greater than gravity. A 250 pound Santa (which seems ludicrously slim) would be pinned to the back of his sleigh by 4,315,015 pounds of force.

In conclusion - If Santa ever DID deliver presents on Christmas Eve, he's dead by now. And he'd be a faggot.

======================
*Please note that centrifugal is a made-up non existent word. The real word should be centripetal. Centrifugal is a made up force that physics people HATE! So please, everyone use the world centripetal, not centrifugal. Thanks!

Re:The Microsoft way! (4, Insightful)

sopssa (1498795) | more than 4 years ago | (#31861410)

I recall slashdotters complaining that they didn't do CRC check or similar (they do, but the rootkit gave 'real' value and it was worthless).

Now they're doing the right thing and we get news how they refuse to patch the systems which .dll files have been damaged? Welcome to slashdot.

Re:The Microsoft way! (0, Troll)

ciroknight (601098) | more than 4 years ago | (#31861672)

Now they're doing the right thing and we get news how they refuse to patch the systems which .dll files have been damaged? Welcome to slashdot.

Why is not patching the system acceptable? Shouldn't it just determine if the DLL was damaged and replace it with the correct, working patched version if it is? Sorry, but automatically throwing their hands up and saying "you're fucked" is the Microsoft shortcut for not being able to fix their own security problems.

Re:The Microsoft way! (5, Informative)

gzipped_tar (1151931) | more than 4 years ago | (#31861772)

If the kernel is fucked, nothing works any more. Any results from on-line determination of the damage status of the machine itself should be assumed fake because the malware is in control of all local resources. To accurately determine the status of the computer, it must be taken offline.

Never trust what rooted machines say about themselves...

Re:The Microsoft way! (4, Insightful)

HeronBlademaster (1079477) | more than 4 years ago | (#31861896)

Shouldn't it just determine if the DLL was damaged and replace it with the correct, working patched version if it is? Sorry, but automatically throwing their hands up and saying "you're fucked" is the Microsoft shortcut for not being able to fix their own security problems.

Isn't that what they did last time, and it caused bluescreens?

Do you want every single patch, no matter how small, to try to detect rootkits and, if a rootkit is detected, replace every DLL in the system with known clean copies? That's absurd.

The problem wasn't that the DLL the patch installed caused bluescreens, it's that DLLs the patch didn't touch - because it wasn't patching them - were now incompatible with the clean (patched) DLL (because they were part of the rootkit).

What do you propose Microsoft do about it? Patch the DLLs anyway, knowing it will cause bluescreens? Provide the entire slew of kernel DLLs for download via Windows Update, and install all of them every time there's a kernel patch?

I don't mind what MS is doing at all - they're doing their best to make sure that their users won't get bluescreens, even if they're rooted.

Re:The Microsoft way! (4, Informative)

Rockoon (1252108) | more than 4 years ago | (#31861996)

You don't know how computers work, do you?

The blue screen crashing that this rootkit caused after the previous update was not due to rootkit modifications to the files that were being patched.

The problems occured because code that was NOT being patched (the rootkit!) was making direct jumps into kernel memory, to offsets that were no longer relevant after the patch.

First things first (5, Insightful)

BadAnalogyGuy (945258) | more than 4 years ago | (#31861272)

If the rootkit is still on your computer, maybe you should look into having it removed.

how shall thee pull out the mote that is in thine eye, when thou thyself beholdest not the beam that is in thine eye? Luke 6:42

Re:First things first (1)

gzipped_tar (1151931) | more than 4 years ago | (#31861332)

Theoretically, you're right. Practically, Murphy's Law takes precedence over the Scriptures, and you _will_ find "installing the MS patch" a necessary step in the rootkit removal.

Jesus Christ administrated, but He's still a newbie in system administration ;)

Re:First things first (5, Funny)

Skarecrow77 (1714214) | more than 4 years ago | (#31861346)

no! I need the newest microsoft patch so that there are not any new security holes in my computer! I'll deal with that huge gaping sucking chasm of a security hole that's already there, created by the rootkit, at some later date.

Re:First things first (2, Insightful)

sopssa (1498795) | more than 4 years ago | (#31861448)

You need the newest microsoft patch that - because of the rootkit and the .dll files it has damaged - will BSOD your system? Somehow someone turned this news into an rant and like it's a bad thing to really make sure the windows update should be able to patch things before proceeding.

Re:First things first (1)

Skarecrow77 (1714214) | more than 4 years ago | (#31861532)

I'm just assuming that my previous post is the standard line of thinking of most of these people. if they can't see a big banner saying "you've been rootkitted. your computer's botnet name is '17004-G81', just so you know" on their desktop, then they don't care I guess.

whoosh! (1)

chaboud (231590) | more than 4 years ago | (#31861762)

That was the sarcasm train, clearly passing you by.

Re:First things first (0)

Anonymous Coward | more than 4 years ago | (#31861488)

Your paraphrase / shortening of the verse doesn't make any sense.

Makes sense... (1)

TheSpoom (715771) | more than 4 years ago | (#31861288)

Microsoft isn't really in the business of providing a virus scanner as one of their free updates. Oh wait... [microsoft.com]

*continues running Ubuntu*

Re:Makes sense... (2, Interesting)

mwvdlee (775178) | more than 4 years ago | (#31861314)

To be fair, does the MS virusscanner detect and remove the rootkit?

Re:Makes sense... (5, Interesting)

HerculesMO (693085) | more than 4 years ago | (#31861444)

The malicious software removal tool will take care of it. Their antivirus will not.

They are giving you the tool to get rid of it and then saying you should install your patches afterwards. But they are chastised for not coming up with a all-in-one solution? Jeez.

Re:Makes sense... (0, Troll)

NatasRevol (731260) | more than 4 years ago | (#31861514)

Yes, they are being criticized, and rightly so.

If Microsoft can detect the rootkit, they can fix it...BEFORE running the patch. It really can't be that hard.

Re:Makes sense... (5, Informative)

clone53421 (1310749) | more than 4 years ago | (#31861592)

And that’s what will happen. Installation of the patch will fail, if the rootkit is detected. The malicious software removal tool will be pushed out and remove the rootkit. And eventually the patch will be installed again since the installation failed the first time, and if the rootkit is gone the patch should install properly.

Re:Makes sense... (4, Insightful)

Rakishi (759894) | more than 4 years ago | (#31861702)

And if the rootkit remover bricks some systems you'd be yelling at Microsoft for not making it a separate update so users could prepare for it, right? I doubt it matters what MS does, you'd find a reason to think they're wrong no matter what.

Security updates are security update, malware removal is malware removal. Mixing the two is a horrid idea.

And rightly so. (2, Insightful)

khasim (1285) | more than 4 years ago | (#31861744)

But they are chastised for not coming up with a all-in-one solution?

Yes. Because when patching, you want the process to be as simple as possible for the END USER.

The more steps the end user has to follow, the more likely that the end user will make a mistake somewhere.

If it can be done in one step at the end user's level, then it should be done in one step at the end user's level. No delays.

Time to reinstall it all (1)

bobs666 (146801) | more than 4 years ago | (#31861292)

You keep your original software. Time to wipe it and reinstall. Of perhaps boot Linux and get a faster computer.

Re:Time to reinstall it all (1)

Skarecrow77 (1714214) | more than 4 years ago | (#31861400)

windows and it's virus propensitiy is pretty much the only reason I'm still running linux as my desktop OS at this point. In pure useability, windows 7 wins, much as I hate to say it.

Re:Time to reinstall it all (1)

Nadaka (224565) | more than 4 years ago | (#31861912)

Not for me. I keep win7 for a few videogames that don't run on linux at all.

If I want to watch something from my computer on my 42in HDTV and get sound through the hdmi cable?

In windows 7 I must first turn my TV on and switch it to the apropriate hdmi channel, then reboot my computer or I get no audio.

In ubuntu, it just works.

If I plug an standard formatted SD memory card into my computer?

In windows 7 it won't read the card unless it formats it first, even if it had previously formatted the exact same card card.

In ubuntu it just works.

Windows has only two advantages for me.
It is easier to change my default monitor when using a stretched desktop.
It runs a handful of video games that I like but don't work on ubuntu or even with wine.

I understand why MS is doing this... (1)

teknopurge (199509) | more than 4 years ago | (#31861302)

Provided they[MS] provides doco on how to remove the rootkit, I don't take issue with this. This is similar to MS testing a 3rd-party developers product to make sure it works, when in the marketplace it's the job of the 3rd-party shop. Somehow I doubt the rootkit devs are going to get their kit validated by MS as a certified app......

The right thing to do (2, Informative)

techno-vampire (666512) | more than 4 years ago | (#31861326)

If Microsoft has a way of detecting the rootkit, they should make it available separately so that people can test their machines before they try to update them. Of course, this is Microsoft we're talking about, so you know they're not interested in what's right unless it's also profitable.

Re:The right thing to do (1)

Skarecrow77 (1714214) | more than 4 years ago | (#31861406)

patching 9 year old operating systems that they've "obsoleted" twice now, is "profitable"? really?

Re:The right thing to do (1)

jedidiah (1196) | more than 4 years ago | (#31861846)

It doesn't matter how old XP is.

It only matters how old the machine is that came pre-installed with it.

It's moronic and highly anti-consumer to advocate anything else.

Re:The right thing to do (0)

Anonymous Coward | more than 4 years ago | (#31861860)

It's called the malicious software removal tool. I'm pretty sure it comes down automatically through Windows Update too.

Re:The right thing to do (0)

Anonymous Coward | more than 4 years ago | (#31861872)

They did. Check out Microsoft Malware Removal Tool, or Windows Defender, or Microsoft Security Essentials.

Re:The right thing to do (1)

willda (1369247) | more than 4 years ago | (#31861952)

They do have a way to detect the rootkit.......it's call the malicious software removal tool.

Re:The right thing to do (2, Informative)

TrancePhreak (576593) | more than 4 years ago | (#31862012)

If Microsoft has a way of detecting the rootkit, they should make it available separately so that people can test their machines before they try to update them.

They do just this. Malicious Software Removal Tool.

Re:The right thing to do (0)

Anonymous Coward | more than 4 years ago | (#31862098)

This would just make it possible for every rootkit producer to "test" their techniques against the latest patches. There are no perfect ideas, but if MSFT has an effective mechanism for detecting rootkits, there are many good reasons not to make the tool run-on-demand.

Lesser of two evils? (5, Insightful)

HockeyPuck (141947) | more than 4 years ago | (#31861344)

Let's see what do I want?

A) A working machine that has a rootkit installed.
B) A machine that nolonger works.

Can you expect MSFT to test their patches against machines that have been modified via rootkits? Or should the patches themselves remove the rootkits. You are assuming that MSFT can remove the rootkit in the first place.

Re:Lesser of two evils? (0)

Anonymous Coward | more than 4 years ago | (#31861454)

My guess, though I haven't RTFA or anything, is that Microsoft simply does not show the update as available. It seems they could at least show a warning saying the computer probably has a rootkit, since they can detect it anyways.

Re:Lesser of two evils? (1, Insightful)

spidercoz (947220) | more than 4 years ago | (#31861570)

C) A working machine that's immune to rootkits and doesn't have an obsolete OS.

hint: always choose C.

Re:Lesser of two evils? (1)

clone53421 (1310749) | more than 4 years ago | (#31861614)

What is this miraculous machine to which you refer?

Re:Lesser of two evils? (1)

Rockoon (1252108) | more than 4 years ago | (#31861746)

I'm sure that you've HURD of it.

..oh..did you want one that actually works and stuff?

Re:Lesser of two evils? (1)

Dishevel (1105119) | more than 4 years ago | (#31861780)

Immune is a strong word and obsolete would be in the eye of the beholder, but I kind of like Ubuntu. Updates regularly. Works. Never had a virus. Would have to be an idiot to allow it to get rooted. YMMV.

"Updates regularly" (1)

ClosedSource (238333) | more than 4 years ago | (#31861942)

More like Obsoletes regularly. Wait a year to update and you can be SOL.

Re:Lesser of two evils? (1)

Mordok-DestroyerOfWo (1000167) | more than 4 years ago | (#31861804)

My NES has proven remarkably efficient at blocking rootkits. I was able to get one loaded as a test, but I had to blow real hard on it first.

Re:Lesser of two evils? (1)

maxwell demon (590494) | more than 4 years ago | (#31861806)

A sufficiently old car. It's a working machine (assuming it's not broken), it's immune to rootkits (because it has no processor which could run them) and it doesn't have an obsolete OS (it has no OS at all).

Re:Lesser of two evils? (2, Funny)

clone53421 (1310749) | more than 4 years ago | (#31861894)

It most certainly does have an Operating System. In fact if it has disc brakes it even has a Disc Operating System...

Um, working for whom? (2, Insightful)

Colin Smith (2679) | more than 4 years ago | (#31861754)

A) A working machine that has a rootkit installed.

And is sending all key presses and bank account details to criminals.

 

Misuse of phrase (4, Funny)

girlintraining (1395911) | more than 4 years ago | (#31861348)

What ever happened to backwards compatibility? Why, I remember the day when any virus, worm, or piece of malware, would run no matter what!

Re:Misuse of phrase (0)

Anonymous Coward | more than 4 years ago | (#31861816)

Because at some point you have to let the backwards compatibility ride off into the sunset for the good of the majority of your client base. Have you heard of MS still supporting Win 3.1? Have you heard of Apple still supporting the 2E with new software updates? Have you heard IBM patching OS/2 with a new security fix?

And the issue is? (5, Insightful)

dirk (87083) | more than 4 years ago | (#31861360)

I really don't have a problem with this. If the system is already rooted, the patch isn't going to actually help anything since their security is already compromised. And with all the bad press MS received last time over something that was not their fault at all, why should they risk it again? If your system has a serious issue like being rooted, then you have to take care of the issue before you can install the patch. Seems logical to me.

can't MS come up with a patch to block rooting? (3, Interesting)

swschrad (312009) | more than 4 years ago | (#31861502)

I mean, they already have the malicious software removal tool, so they could blow the roots away if they wanted to. but what is really needed here is to block the rooting mechanism altogether.

or go back to the saner architecture of nt 3.0/3.1/3.5, where only the kernel and its designated MS helpers ran at level 0 to start with. the world started to go to hell when they allowed the video driver into level 0.

Re:can't MS come up with a patch to block rooting? (0)

Anonymous Coward | more than 4 years ago | (#31861710)

or go back to the saner architecture of nt 3.0/3.1/3.5

Or upgrade to Vista or later where video drivers can run with low privileges.

Re:can't MS come up with a patch to block rooting? (1)

AndGodSed (968378) | more than 4 years ago | (#31861726)

Remember. He who play in root, eventually kills tree.

Re:can't MS come up with a patch to block rooting? (1)

yuhong (1378501) | more than 4 years ago | (#31861778)

or go back to the saner architecture of nt 3.0/3.1/3.5, where only the kernel and its designated MS helpers ran at level 0 to start with. the world started to go to hell when they allowed the video driver into level 0.

That would have been useless, as the rootkit had nothing to do with the Win32 subsystem. It involved the file system, which has been in kernel mode from the beginning of NT.

Why bother? (5, Insightful)

trifish (826353) | more than 4 years ago | (#31861372)

Rightfully so. Security patching a rootkit-ed OS is mildly amusing and also a bit redundant. The only way to secure such an OS starts with reformatting the system partition.

Re:Why bother? (1)

gzipped_tar (1151931) | more than 4 years ago | (#31861452)

I see your point, but I guess by "redundant" you meant to say "futile", or has my humor filter been rooted?

Re:Why bother? (1)

SCPRedMage (838040) | more than 4 years ago | (#31861652)

Actually, I rooted it last night. I used this access to encrypt your humor-related files, and will give you the encryption keys once you wire $1,000,000.00 USD to my overseas bank account.

Misleading title (1, Insightful)

Anonymous Coward | more than 4 years ago | (#31861386)

The title is totally misleading. It gives the sense that Microsoft refuses to deliver some patch that fixes the rootkit infection. While in fact Microsoft avoids to deliver the patch to keep the machines in a working (albeit infected) condition.

I bet that the poster is a fanboi that found his opportunity to bash Microsoft... :-P

Re:Misleading title (5, Insightful)

SCPRedMage (838040) | more than 4 years ago | (#31861660)

Screw that. Deliver the patch, BSOD the idiots, and get them off the net so that they're not a danger to the rest of the world.

Re:Misleading title (1)

willda (1369247) | more than 4 years ago | (#31862066)

Point taken..........fewer bots and such.

Sensationalism drives page views (1)

Nimey (114278) | more than 4 years ago | (#31861690)

and hence advertising revenue.

Re:Sensationalism drives page views (0)

Anonymous Coward | more than 4 years ago | (#31862106)

You know, PCPro seems to be really sketchy in this department. They seem to churn out a lot of BS and openly-biased articles. Time to get up in arms.

Microsoft - Pragmatic solution to hard issue. (5, Interesting)

irreverant (1544263) | more than 4 years ago | (#31861388)

I think microsoft acted responsibly in this situation. They merely mitigated any future issues these patches might have, they didn't want the same thing to happen again. In this case it was prevention not intervention. Unfortunately, there are many ways to get a rootkit installed on a computer; however, most of the time it's usually the user that infected themselves. This is why there are measures that a user can take to prevent or minimize the occurrence. Microsoft did make a note to remove the infection and then install the patch. If they don't know how to remove the infection or don't know they can download if not purchase one of many anti-virus solutions or pay someone to do it, then maybe the user's should rethink their web browsing behaviors.

Re:Microsoft - Pragmatic solution to hard issue. (1)

Rich0 (548339) | more than 4 years ago | (#31861550)

I tend to agree. If I were running a megacorp with 30k computers, and it turns out that 1000 of them have a rootkit I'd rather that they didn't just all die at the same time from a random patch.

Of course, I'd be scanning for stuff like this anyway, so I'd be fixing these problems before they got out of hand.

Even so, adding a major outage to a major security problem isn't necessarily an improvement.

Re:Microsoft - Pragmatic solution to hard issue. (2, Insightful)

VGPowerlord (621254) | more than 4 years ago | (#31861566)

Microsoft also included some measures in newer versions of Windows to mitigate user stupidity... and even one to mitigate programmer stupidity in Internet Explorer.

Not that there aren't still holes in those methods... or the user can just be stupid and click Allow.

The Important Question (0)

Anonymous Coward | more than 4 years ago | (#31861398)

So, does this detection result in a message like "Windows Update had an error. Code 0xB302392838271" or "YOU'VE BEEN HACKED!!! GET YOUR COMPUTER FIXED!!!!"?

Re:The Important Question (2, Informative)

BadAnalogyGuy (945258) | more than 4 years ago | (#31861426)

Code 0xB302392838271

This is why I come to Slashdot. So many computer-literate people...

Re:The Important Question (0)

Anonymous Coward | more than 4 years ago | (#31861540)

Coool... Windows 42-bit edition!

Re:The Important Question (0)

Anonymous Coward | more than 4 years ago | (#31861632)

42 may be the Answer, but that's 52 bits...

Re:The Important Question (1)

The Archon V2.0 (782634) | more than 4 years ago | (#31861862)

So, does this detection result in a message like "Windows Update had an error. Code 0xB302392838271" or "YOU'VE BEEN HACKED!!! GET YOUR COMPUTER FIXED!!!!"?

Oh, like those lovely programs XP Antivirus and "Security Tool" do! Yes, I think that trying to scare and confuse the user into an irrational course of action is the way to go.

Oddly enough... (3, Interesting)

HerculesMO (693085) | more than 4 years ago | (#31861416)

Their Malicious Software Removal Tool (sent out on Patch Tuesday) can remove the rootkit.

But I won't stop the Slashdotters here from complaining about it.

Re:Oddly enough... (1)

maxwell demon (590494) | more than 4 years ago | (#31861678)

Their Malicious Software Removal Tool (sent out on Patch Tuesday) can remove the rootkit.

So the tool to remove it comes in a patch, and patches refuse to install if you are infected?

Re:Oddly enough... (1)

HerculesMO (693085) | more than 4 years ago | (#31861736)

Yes, because they are asking that if you're infected, to remove the problem (using a provided tool) and then try the patches again.

This really isn't rocket science, is it? Why should MS come up with a solution for only a small percentage of users when they provide the tool to fix it themselves?

bargaining (0, Troll)

shentino (1139071) | more than 4 years ago | (#31861418)

I'd bet that Microsoft is just using the rootkit as leverage to force people to upgrade.

If anything this will make them EOL XP even faster.

Re:bargaining (0)

Anonymous Coward | more than 4 years ago | (#31861498)

I'd bet that Microsoft is just using the rootkit as leverage to force people to upgrade.

http://it.slashdot.org/comments.pl?sid=1620142&cid=31861416 [slashdot.org]

Summary title in error (5, Informative)

Rockoon (1252108) | more than 4 years ago | (#31861434)

From the article:

As Microsoft has noted, while the solution prevents users from suffering the misery of Blue Screens of Death, it does leave them unprotected and the company has urged users to download its Malicious Software Removal Tool to clean up their machines and run the patch as soon as possible.

It isnt that they wont patch these systems, its that they wont automatically install the MSRT, which removes the rootkit, as part of the update.

..and to be perfectly honest, who wants the MSRT to be a mandatory component. Things like that are capable of unexpectedly altering the system, something typically frowned upon in enterprise.

Re:Summary title in error (1)

slimjim8094 (941042) | more than 4 years ago | (#31861578)

Though to be fair, if you have a rootkit on your corporate machines, the MSRT is the least of your worries.

Re:Summary title in error (1)

Rockoon (1252108) | more than 4 years ago | (#31861784)

I still assume that uptime is your biggest worry in enterprise. Compromised security is dealt with in a way that preserves the uptime required to operate the business.

Re:Summary title in error (1)

Jeian (409916) | more than 4 years ago | (#31862074)

Things like that are capable of unexpectedly altering the system, something typically frowned upon in enterprise.

Agreed. Our administrators are perfectly capable of bricking our systems on their own, thank you very much.

Attn infected PC users: Can't have it both ways. (5, Insightful)

techvet (918701) | more than 4 years ago | (#31861436)

First, you beat up Microsoft because their patch trashed machines that were *already* infected. Then you beat them up because they backed off on applying the patches to avoid trashing the machines. Get thee to SuperAntiSpyware and Anti-Malwarebytes and get your machine cleaned up before you complain.

Re:Attn infected PC users: Can't have it both ways (0)

Anonymous Coward | more than 4 years ago | (#31861490)

You expect consistency when it comes to bashing Microsoft? You must be new here.

Re:Attn infected PC users: Can't have it both ways (1)

jedidiah (1196) | more than 4 years ago | (#31861892)

Microsoft let the crap get on the machine in the first place.

They're ultimately responsible any way you try to spin this situation.

I will say that again s-l-o-w-l-y: It's Microsoft's OS. They are responsible for it. You even paid money for it.

Re:Attn infected PC users: Can't have it both ways (0)

Anonymous Coward | more than 4 years ago | (#31861696)

I did no such thing! I was happy with the trashed machine and now they go and do this!

You can't put it off forever! (3, Funny)

fred fleenblat (463628) | more than 4 years ago | (#31861462)

This just proves that it's a great time for people who have been sticking with XP to take the plunge and upgrade to Windows 2000 Professional.

User Experience FAIL (2, Insightful)

_KiTA_ (241027) | more than 4 years ago | (#31861474)

If they have the ability to detect these things, why in the world doesn't a little popup appear in the systray or security center saying "Your system appears to have a form of Malicious Software installed. Windows Updates are currently disabled. Please see your Network Administrator."

Seriously, the rogue spyware apps do this all the time, why can't Windows itself do it?

Re:User Experience FAIL (0)

Anonymous Coward | more than 4 years ago | (#31861676)

If they do too much they get sued for putting other companies out of business because of their monopoly. If they do too little you bitch because everybody else does it. And why on earth would they add that functionality to a product as old as XP when there are already products out there that do the same thing for you?

Re:User Experience FAIL (0)

Anonymous Coward | more than 4 years ago | (#31861852)

Because not receiving one patch that can hose a system so that it's unbootable is different than denying patches that may prevent it from becoming further infected. And secondly not everyone has a Network Administrator to run to. Think of clueless home users.

You can't fix stupid (5, Insightful)

rudy_wayne (414635) | more than 4 years ago | (#31861494)

"Microsoft discovered the problems occurred on machines infected with the Alureon rootkit"

There are many reasons to hate Microsoft, and their QA failure when it comes to security is certainnly one of them. However, the spread of rootkits, viruses and other malware is primarily caused by user stupidity, something that is not Microsoft's fault. In the early days of personal computers I took the time to learn how things worked. If you're having the problem described in this article then you can wipe your hard drive and re-install Windows. If you don't know how to do this, then maybe it's time you learned. If you're not willing to learn, then do the rest of the world a favor and throw your computer out the nearest window.

Re:You can't fix stupid (1)

maxwell demon (590494) | more than 4 years ago | (#31861938)

However, the spread of rootkits, viruses and other malware is primarily caused by user stupidity, something that is not Microsoft's fault.

Of course it's Microsoft's fault. If they made the OS so that stupid people were unable to use it, stupid people wouldn't use it and therefore they wouldn't get rootkits on it. :-)

Order (0, Redundant)

gmuslera (3436) | more than 4 years ago | (#31861504)

Couldnt them had included a program to detect and clean that rootkit, then proceed to install the patch instead of just refusing?

Anyway, having a rootkit active means being walking over thin ice. You could clean it, but it could be used to install something that gives a more direct access, and the rootkit could not be required anymore to do what they want with your machine. Backup data and reinstall should be the recommended way of acting unless you are capable to detect the other changes.

Re:Order (1)

Locke2005 (849178) | more than 4 years ago | (#31861602)

Couldnt them had included...Had you been knowing English long?

Re:Order (1)

VGPowerlord (621254) | more than 4 years ago | (#31861622)

Chances are, if it's a rootkit, it's already overwritten the "known good" versions of those files Windows keeps around.

Plus, they can't guarantee that other files won't be modified by different versions of the same rootkit.

Other than that, Microsoft already pushes a new version of the Malicious Software Removal Tool [microsoft.com] through Windows Update every month.

classically mindlessly anti-microsoft (3, Insightful)

circletimessquare (444983) | more than 4 years ago | (#31861528)

microsoft doesn't refuse to patch rootkitted systems, microsoft is UNABLE to patch rootkitted system. NO ONE can patch a rootkitted system, of ANY OS. you need to wipe the system and reinstall

it is ok to be against microsoft, but you have to base your opinion on genuine problems. when you base your opinion on mindless propaganda, you are just another useless partisan in this world: loud, dumb, useless

The first patch installs... (-1, Troll)

goffster (1104287) | more than 4 years ago | (#31861568)

the Alureon rootkit

Does it notify the user of why? (0)

Anonymous Coward | more than 4 years ago | (#31861612)

With them providing a free solution to cleaning the system with MSE I can't be offended by this, but hopefully it explains to the user why it's not installing. (/me did not rtfa)

MSE claimed to work (4, Interesting)

Bearhouse (1034238) | more than 4 years ago | (#31861616)

See:

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Virus:Win32/Alureon.A [microsoft.com]

I've have reasonably good experiences with MSE so far with my Windows users. Anybody else want to weigh in here?

Re:MSE claimed to work (1)

pongo000 (97357) | more than 4 years ago | (#31861864)

I'm by no means a Microsoft fanboi, but I have nothing but good things to say about MSE: It's free, the definition files are updated regularly, and (best of all) it doesn't slow down my laptop even when I'm running a scan. If you're not running MSE, you owe it to yourself to try it out. I can almost promise you that you'll toss whatever antivirus software you're running now.

MSE, Anti-Malwarebytes, and SpywareBlaster has taken care of everything the big bad world has thrown at my machine.

Hmmmm.... (-1, Troll)

kenp2002 (545495) | more than 4 years ago | (#31861706)

A: Support Expires
B: Release New OS
C: No One Adopts New OS
D: "SOMEONE" Develops a rootkit\virus\malware that targets old OS.
E: Anti-Virus keeps the old OS limping along
F: Anti-Virus vendors keep releasing updates to prevent new viruses\rootkits\etc.
G: Over time thousands, if not millions of Old OS systems get infected by root kits that the large population isn't aware of.
H: Create a new patch that specifically, when coupled with the largely ignored\unnoticed rootkit\virus\malware, makes Old OS unuseable.
I: Choice: switch to Linux or upgrade to New OS.
J: Laugh histerically as at least 50% upgrade to New OS and you bath in $20 bills soaked in Champaign.
K: Profit.

Reads like a Tom Clancy novel of industrial espionage. We are just missing a lone whistleblower to out the research in making the patch kill the machine with the rootkit...

The leaked email would read:

Engineer - "There is a 80% chance this patch would cause a kernel halt if they have the rootkit."

Boss - "Would an upgrade to New OS be impacted if their machine died?"

Engineer - "No I dont think so."

Boss - "Great so 80% of those Old OS hold outs will need to upgrade to New OS right?"

Engineer - "They could go to Alt OS out of frustration sir."

Boss - "Yeah but they aren't New OS customer anyway. Even if 50% of them go to Alt OS we are talking a boom of at least 2-3 million new New OS customers! It's brilliant!"

Customer Satisfaction (4, Insightful)

xerio (1001881) | more than 4 years ago | (#31861798)

I'm strangely ok with this. If they update the computer and the rootkit conflicts with the new patch and makes the computer unusable, they'll just get blasted for breaking people's computers. But if they don't update the computer, then the person is still able to use it. If they're warned that they can't update because they have a rootkit on their system and they do nothing about it, I feel no sympathy for them. At least Microsoft didn't make their system less operational. They should get rid of the rootkit and then update. If Microsoft let people update while knowing that it would make the computers unusable if they had this rootkit. People would still call foul on Microsoft. This way they're at least giving people a warning and chance to fix their problem, not making the problem worse.

Sad (2, Insightful)

Voulnet (1630793) | more than 4 years ago | (#31861810)

Seeing the summary and many of the posts here, it's so sad to see how the internet gave every idiot a podium. It's always going to be catch-22 for Microsoft, even if they donated 40 billion dollars for every open source foundation/cancer research facility in the world. It's sad to see CS graduates, sysadmins and programmers with the mentalities of 4channers. Huh

iphone patch? (1)

adachan (543372) | more than 4 years ago | (#31862030)

If MS won't support a 10 year old system anymore, I don't stand much of a chance getting my first gen root-kitted iPhone patched then.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...