Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Sober.P Worm Accounts for 5% of all Email Traffic

CmdrTaco posted more than 9 years ago | from the thats-a-lotta-bits dept.

Worms 451

destuxor writes "The grave insecurity of the day is the Sober.P worm which is currently pushing nearly 5% of all email traffic at the moment. Unlike previous worms, Sober can disable the Windows Firewall and Symantec Antivirus. Interestingly, patched machines are not vulnerable to the exploits used by this worm. What are we going to have to do to convince "ordinary users" to visit WindowsUpdate once in a while?" update percentage corrected.

Sorry! There are no comments related to the filter you selected.

sober.p (2, Funny)

Anonymous Coward | more than 9 years ago | (#12467992)

is that like the anti-tequila worm?

LOL WWWWIDE PAEG!! (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#12468182)

)

. MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MMMMMMMMMMMMMMMMM

POST user illegal appropriate
offensive read people posting
use clear subject describes
POST user illegal appropriate
offensive read people posting
use clear subject describes
POST user illegal appropriate
offensive read people posting
use clear subject describes

Re:LOL WWWWIDE PAEG!! (0)

Anonymous Coward | more than 9 years ago | (#12468235)

u fail it again there, Stratjakt [slashdot.org]

first post? (-1, Offtopic)

rainmn20001969 (664518) | more than 9 years ago | (#12467999)

first post?

Re:first post? (1)

rainmn20001969 (664518) | more than 9 years ago | (#12468030)

guess not!!!!

Yay, its go time! (2, Funny)

e133tc1pher (752949) | more than 9 years ago | (#12468000)

Oh better hurry and update iptables and patch my kernel and emerge sync;emerge -uv world... oh windows, they get all the fun!

Only 1 way (3, Funny)

Turn-X Alphonse (789240) | more than 9 years ago | (#12468002)

Whenever your PC gets infected with a virus or 10 bits of spyware a large foot swings out from under the desk and hits you in the groin. It'd even work on them guys pretending to be women!

Re:Only 1 way (1)

pedigree (700642) | more than 9 years ago | (#12468150)

Shows you just how many fucking stupid people are out there, people that shouldnt be allowed to own computers, by law!

Nothing really (1, Interesting)

Stonent1 (594886) | more than 9 years ago | (#12468003)

If they have SP2, the computer automatically runs the updates.

Re:Nothing really (1)

Ruud Althuizen (835426) | more than 9 years ago | (#12468057)

No it doesn't, you can still change the settings.

Re:Nothing really (3, Interesting)

Short Circuit (52384) | more than 9 years ago | (#12468068)

That works, until they or a relative disable it.

Most people don't have broadband; Windows Update takes a long time when all you want to do is get your email.

Now, if they graduated from an HTTP download to rsync, the download size would be significantly smaller.

An even better solution would be to have the source code on the computer, and have the machine compile the patches locally from a (much quicker to patch) source code. Of course, they'd need to find a way to securely encrypt the source code so those "evil GPL coders" don't peek.

Re:Nothing really (5, Insightful)

Keruo (771880) | more than 9 years ago | (#12468172)

Rsync isn't really an option for updating windows since the patch usually changes few dlls to different ones.

Most people don't have broadband, but most people don't have fast computers either, it might take long time to compile the source distributed update.
And your average joe won't have compiler on their machine anyway.
I'd remove compiler from linux workstations too. The normal user, who surfs and reads email on the machine, won't have any need to compile things.

If local patches were used, I wouldn't worry about gpl coders peeking the code. I'd worry about worms patching the source code and creating new holes through modifying patch sources.

Re:Nothing really (5, Interesting)

Short Circuit (52384) | more than 9 years ago | (#12468249)

It doesn't have to be in the same high-level languge the OS was written in; it could be a compiler-specific intermediate language, like GCC's SSA.

Such an arrangement offloads some of the compiling process to Microsoft's servers, and obfuscates the patch.

The compiler included with the OS doesn't even have to support any other language. And it can require a signed certificate from Microsoft to accept the code.

Re:Nothing really (2)

leon.gandalf (752828) | more than 9 years ago | (#12468199)

Or just refuse to install it do too it killing half your apps.

Re:Nothing really (2, Informative)

westlake (615356) | more than 9 years ago | (#12468275)

Most people don't have broadband; Windows Update takes a long time when all you want to do is get your email.

Windows Update downloads in the background, and allows other programs the bandwith they need. It should never be a problem, even over dial-up. If you didn't have the patience to wait out the download of SP2 over a slow connection, you could mail order it on CD from Microsoft, no charge, even for postage.

Re:Nothing really (1, Interesting)

Neophytus (642863) | more than 9 years ago | (#12468100)

But unless they've bought a new PC in the last 6 months, they won't have visited windowsupdate to install SP2 to get said updates.

Re:Nothing really (1)

Exter-C (310390) | more than 9 years ago | (#12468183)

The issue is that they are not updated so the issue is probably that they wont have installed SP2.. the cycle continues.. :().

They really need to start making it so that you cant turn off the updates on home edition etc. I can understand corporates wanting to do still disabled patching etc and power users (maybe a registry hack or something). That way all systems get patched when they are on the internet. Its getting rarer and rarer that a home computer is not internet connected . its just a shame about the size of the downloads if you have a modem.

Taking all that into account I guess there is no perfect solution...

Reading the article? (5, Informative)

r2q2 (50527) | more than 9 years ago | (#12468006)

I read that the article refrences that it only comprises 4.65 percent of all email traffic? Where does this article say 25 percent???

Re:Reading the article? (2, Funny)

0x461FAB0BD7D2 (812236) | more than 9 years ago | (#12468064)

Looks like someone needs to get Sober:P

Re:Reading the article? (2, Funny)

m4ximusprim3 (619388) | more than 9 years ago | (#12468077)

because here on slashdot, anything stastically alarming is squared to make it even more alarming. its in the end user agreement :)

Re:Reading the article? (1)

mattdm (1931) | more than 9 years ago | (#12468098)

because here on slashdot, anything stastically alarming is squared to make it even more alarming. its in the end user agreement :)

Wouldn't that be 0.25%, though? Or 0.216%, as the case may be?

"25%" makes for much better tabloid journalism (1)

Praxxus (19048) | more than 9 years ago | (#12468089)

Who needs to be burdened by facts, when you can get sensationalist and have /. accept your story? :-P

Re:Reading the article? (1)

Anubis350 (772791) | more than 9 years ago | (#12468090)

its the all new, proven slashclick system. Increase clicks to a given story by multiplying all numbers by 5. Will make you longer and stronger (at least virtually). Also will help grow back hair on your head. cowboyneal will soon be selling this incredible new self-help book for the all time low price of $15.99.

Re:Reading the article? (0)

Anonymous Coward | more than 9 years ago | (#12468118)

Psssshhh...I know of a place where you can get that book for $3.20...

Re:Reading the article? (1)

CSMastermind (847625) | more than 9 years ago | (#12468175)

Well actually that's part of the Slashdot effect. See it was 4.65 but then they posted an article on slashdot and everyone went out and got it to check it out and now it's 25%. Oh my if they would only use their power for good.....

Nearly 1 in 25 e-mails maybe? (0)

Anonymous Coward | more than 9 years ago | (#12468224)

because 4.65% gives 1 in 21.50 emails. Although "nearly 1 in 20 e-mails" would make more sense.

Solution (4, Funny)

0x461FAB0BD7D2 (812236) | more than 9 years ago | (#12468007)

What are we going to have to do to convince "ordinary users" to visit WindowsUpdate once in a while?

Easy. Make it an invite-based system. People take for granted what they can get effortlessly.

Add a cost to it, and people will appreciate and use it more.

Re:Solution (4, Insightful)

numbsafari (139135) | more than 9 years ago | (#12468273)

That sounds silly, but think about it... How much is spent on "personal firewalls" and "anti-virus" software every year by people who could simply run over to WindowsUpdate and get what probably constitutes the single most important security tool of all (bug fixes) for free?

ps... I'm not saying firewalls aren't important security tools, but when it comes to at-home desktops, bugs are the real issue... and viruses are just exploiting bugs that haven't been patched yet.

How about... (-1, Redundant)

Heem (448667) | more than 9 years ago | (#12468008)

What are we going to have to do to convince "ordinary users" to visit WindowsUpdate once in a while?"

Teach them how to use Linux.

I know, that's not going to be easy, but it's entirely possible. Perhaps we could come up with some positive thoughts on how to convince our friends to switch?

Re:How about... (1)

mattyrobinson69 (751521) | more than 9 years ago | (#12468040)

i know its not for the right reasons but i showed my cusin how good kde can look (screenshot), he said "wow, can i have that".

Re:How about... (2, Funny)

Short Circuit (52384) | more than 9 years ago | (#12468088)

Doesn't work. Quoth the page [microsoft.com] :

Thank you for your interest in Windows Update

Windows Update is the online extension of Windows that helps you get the most out of your computer.

You must be running a Microsoft Windows operating system in order to use Windows Update.

Re:How about... (5, Insightful)

theTerribleRobbo (661592) | more than 9 years ago | (#12468103)

As much as I'm a Linux fanboy, that's not going to solve the problem.

Setting aside the debatable 'inherently more secure' argument, unless distros start doing something rash like including and starting an 'apt-get update && apt-get upgrade' cron job, they're going to hit the same problems if a nasty worm comes out that affects on or more distributions of Linux (eg. a SuSE worm, etc).

Re:How about... (0)

Anonymous Coward | more than 9 years ago | (#12468128)

That'd be soooo cool. Then, as the Linux user base went mainstream (say 40% of machines or so) we'd get to see all the worms and shit attach Linux. 'Cause you know those same Windows users who can't be bothered to run as non-admin are going to run Linux as root or the equiv. So that "stuff just works" like they are used to without getting these prompts about root access needed (which after a few times of doing your auto-updates with something like YaST prompting you for the root password you just give out automatically whenever asked for anyway). Sure, let all the bonehead users move to Linux and watch the attacks start hitting US...

Re:How about... (1)

TheScottishGuy (701141) | more than 9 years ago | (#12468164)

find the easiest to install linux distro, it has to be so simple that they just click dialog boxes, when it comes to partitioning it says "perform recommended partition procedure?" and you click yes, for install you punch in basic info and click yes, the user interface is pretty much not the main issue i've encountered with people switching, it's the install, that and not being able to find software for it easily (along the lines of tucows and cnet) it may not be what linux fans want to hear, but win. users want simplicity, right now that simplicity is fed by familiarity. switching to linux needs to be as easy as doing a clean winxp install or it's not worht the hassle.

Re:How about... (1)

dioscaido (541037) | more than 9 years ago | (#12468260)

Because recompiling the kernel to apply a security fix is somehow easier?

Re:How about... (1)

delire (809063) | more than 9 years ago | (#12468280)

what?

Re:How about... (2, Interesting)

Ernesto Alvarez (750678) | more than 9 years ago | (#12468292)


What are we going to have to do to convince "ordinary users" to visit WindowsUpdate once in a while?"

Teach them how to use Linux.


That won't work. Irresponsible users will always be irresponsible, no matter what OS they are using.
If that is your case, consider the user's responsibility and skills.

If he has no computer skills at all, just change his settings without him knowing.

If he thinks he has lots of computer know how, but really is some inexperienced (and irresponsible) n00b, I suggest tricking him into doing theing securely appealing to his 133tness ("Only ordinary mortals use IE6, we hackers use IE7 firefox edition", the firesomething extension might be useful in that case).

If he's responsible, but reluctant to change, wait for him to screw up, make him feel bad for screwing things up (just letting him know how much effort it takes to reinstall a workstation usually works) and them offer him a chance to do things securely. If doing things securely is not a hassle (activating windows update, for example), he will not change back either because the same inertia will make him stay secure, or because he sees the benefit of doing things securely.

There are more things to consider, but that should be a rough guide. Some people do not know how to use a general purpose machine, and would be happy with a "web browser" (or other) appliance. You cannot let these people loose with root priviledges.

RTFA, Taco (5, Informative)

Draoi (99421) | more than 9 years ago | (#12468018)

The Sober.P worm is still spreading fast and made up almost 5 percent of all e-mail traffic

From the first line ... 5%, not 25%. Big difference ....

Re:RTFA, Taco (1)

stabChmo (861088) | more than 9 years ago | (#12468066)

Actually it's 4.65%... Btw, that green thingy up there is a caterpillar, not a worm -.-

Re:RTFA, Taco (1)

waynelorentz (662271) | more than 9 years ago | (#12468177)

Perhaps it's an Inch Worm. Aren't they caterpillars?

Interesting? (3, Insightful)

RoadkillBunny (662203) | more than 9 years ago | (#12468019)

Interestingly, patched machines are not vulnerable to the exploits used by this worm.

What is so interesting about that? It would only be interesting if the patched machines were still vulnerable.

Re:Interesting? (1)

antiMStroll (664213) | more than 9 years ago | (#12468253)

What's interesting is that my fully patched XP Home box picked up Sober when I inadvertently clicked an e-mail spoofing my ISP's address. At least TrendMicro's online scan said it removed Sober. I was in an unpriviledged user account at the time.

Re:Interesting? (1)

Haydn Fenton (752330) | more than 9 years ago | (#12468272)

In the articles context, I'd say he was being sarcastic.
Sarcasm doesn't work too well on the internet.

Here's what to do (2, Insightful)

bazmail (764941) | more than 9 years ago | (#12468020)

A nationwide (USA) TV expose (-ay) of how spam is sent and how "your kids PC is helping terrorists send unsolicited email" would bring that percentage down to 5%.

Ordinary users just have no idea. Many don't enven know about Windows Update.

Re:Here's what to do (1)

imsabbel (611519) | more than 9 years ago | (#12468148)

oh my, I just read the article and it seems that happened already :)

Visiting windows update once in a while (2, Insightful)

jurt1235 (834677) | more than 9 years ago | (#12468022)

I think that there are 2 categories:
1. unaware users (like about all my neighbours and friends)
2. Users who do not want to patch their system into a less controlable state (hence SP2 trouble).
I think better filters at mailservers could help:
The content of the mail may be unknown (different headers all the time), but the attachment is known. A simple filter should be able to get rid of it, no need for very expensive antivirus software.

Re:Visiting windows update once in a while (1)

jurt1235 (834677) | more than 9 years ago | (#12468142)

lets clear one thing up:
I meant that the first group is ignorant and does not run updates.

Re:Visiting windows update once in a while (3, Informative)

Karzz1 (306015) | more than 9 years ago | (#12468173)

At my office I have MailScanner [soton.ac.uk] configured with Postfix [postfix.org] , SpamAssassin [apache.org] , and ClamAV [clamav.net] . Every bit of this configuration is free (beer and speech) and works very well. I have the rules set fairly loosely, yet it still manages to catch >80% spam and I have yet to see a virus make it passed. It is a bit of a bear to set up, but for those who would rather not, all of those packages can be found in openprotect [openprotect.com] (with or without commercial support).

Now, for the caveat. As is the case with any type of email scanner, it is very resource intensive. As such, I have a dedicated dual Athlon machine which handles scanning for 50-100,000 emails/day and it stays very busy (load over 1, >50% processor utilization).

Re:Visiting windows update once in a while (1)

jurt1235 (834677) | more than 9 years ago | (#12468286)

But it works against users who do not update, so I will call it succesfull

Duh??? (-1, Redundant)

burdicda (145830) | more than 9 years ago | (#12468025)

Automatically forward them to the linux download mirrors.....LOL

Obligatory... (3, Insightful)

Anonymous Coward | more than 9 years ago | (#12468033)

I use a Mac...I have no problems.
I use Linux...I have no problems.

(however, my email box is filled up with these stupid Sober.P-generated messages)

What will it take for people to switch? All of the news reports I've heard this week about Sober.P don't even mention that it ONLY affects MS-based PCs running Outlook. I would think that the news industry would at least do one minute of digging and include this little nugget of information to help its listeners/viewers.

TDz.

Re:Obligatory... (1)

mobby_6kl (668092) | more than 9 years ago | (#12468198)

I use Windows...I have no problems.

Re:Obligatory... (0)

Anonymous Coward | more than 9 years ago | (#12468296)

If you compute they way you punctuate,
you have a problem.

Getting People to Update... (5, Insightful)

quark101 (865412) | more than 9 years ago | (#12468036)

It's been my experience that it is almost impossible to get ordinary (read: non-computer) people to update their machines, be it Windows or Norton Virus updates. The only way that most of them will get these updates, ever, is if 1. Someone does it for them, or 2. If it is automated, and does it for them.

Otherwise, they just don't see the reason to, don't have the motivation to, and just plain don't care.

And it's for free! (1, Funny)

kryogen1x (838672) | more than 9 years ago | (#12468043)

Funny how something called sober is free as in beer.

Re:And it's for free! (1)

bazmail (764941) | more than 9 years ago | (#12468112)

yeah funny how nobody wants to host the source code.
strange.

In my experience (0)

Anonymous Coward | more than 9 years ago | (#12468050)

Most "ordinary users" actually do use Windows Update regularly. Scorn and ridicule have worked well in achieving this goal.

It's the GDGA vendor attitude that 'cornsumers' (4, Insightful)

Senor_Programmer (876714) | more than 9 years ago | (#12468055)

be brainwashed into believing that the computer is an easy to use appliance, like a toaster or TV, and NOT a potentially hazardous tool like a chainsaw.

That this has become the holy grail of huge numbers of Linux afficianados is likely the worst thing there is for Linux. Instead of promoting Linux as the 'thinking man's alternative' most of it's fanbase has bought into the whole 'computer as appliance' mindset.

Give a man a bananna and he might choke on the skin. Teach him to peel and he'll be hell's bells.

potentially hazardous tool (2, Insightful)

m4ximusprim3 (619388) | more than 9 years ago | (#12468180)

"a potentially hazardous tool like a chainsaw."

last time i severed my leg with my computer, i was reminded of this fact.

The object of linux SHOULD be to make the computer as easy to use as possible, because the people who care about how their computer actually works are a stastical minority of computer owners. The reason thses viruses spread is that people REFUSE to be educated. If your goal is to become a mainstream OS [which I'm not convinced yours is, but it seems to be the goal of the majority of the linux community], your job is to offer more noticeable features [e.g. less slowdown due to viruses, etc] than windows without addint any more required user input.

joe blow doesnt want to think about his computer. he just wants it to play deer hunter 2005 faster.

And it should be like a toaster (0)

Anonymous Coward | more than 9 years ago | (#12468276)

Computers for most people really should be like a toaster, easy to use and they do what you want them to do. After all, that's what computers and personal computers are there for, they are tools people use.

The problem is that computers today are far away from achieving this. This holds especially true for computers running windows, as even simple things as checking email can potentially turn fatal (for the computer at least), which leads simple minds to compare a PC to a chainsaw (Just imagine, the Texas Personel Computer Massacre...).

"That this has become the holy grail of huge numbers of Linux afficianados is likely the worst thing there is for Linux."
Why? You should at least provide an argument.

"Instead of promoting Linux as the 'thinking man's alternative' most of it's fanbase has bought into the whole 'computer as appliance' mindset."
Ehm, computers are appliances. Every thinking man should notice that. And what I really don't get is how these oh so 1337 people like you always seem to assume that ease of use equals less power, this is simply not the case.

Besides, nobody, really nobody is trying to prevent you from recompiling your kernel 5 times a day and you are free to not use X at all, or not use one of the more userfriendly, advanced desktops. If twm is your cup of tea, fine, who cares and nobody is going to take it away from you, so get a grip.

Re:It's the GDGA vendor attitude that 'cornsumers' (0)

Anonymous Coward | more than 9 years ago | (#12468278)

Yet another "pull unwarranted generalizations out of my ass" troll aimed at Linux users, flying completely against the experience of anyone who's read this board more than a week. As such, expect a +5 Insightfull any minute.

Updates too big to download (1, Informative)

Anonymous Coward | more than 9 years ago | (#12468056)

What are we going to have to do to convince "ordinary users" to visit WindowsUpdate once in a while?"

Not make the update 100mb+?
How can anyone download that when the only connection they have to the internet is a modem.

use windows update - how? (1, Insightful)

Anonymous Coward | more than 9 years ago | (#12468060)

Mom's computer is unfortunately equipped with Windows Me. Aside from the weird profile handling, the other difference from Windows 98 appears to be that Windows Update always hangs, in particular when trying to patch its MSIE installation. I'm not going to even try to convince her to run it, when I can't get it to finish once.

Re:use windows update - how? (1)

YrWrstNtmr (564987) | more than 9 years ago | (#12468247)

Change her WinME to something...ANYTHING...else. 2000, XP, Linux. There are other reasons besides better WindowsUpdate to switch from WinMe.

Alternatively, d/l any and all patches to a CD. Run it locally.

Send A Bill To Microsoft? (0)

Anonymous Coward | more than 9 years ago | (#12468067)

Will that get their attention, or will they just pay?

A difficult choice (0)

Anonymous Coward | more than 9 years ago | (#12468069)

So one can visit windows update and receive Microsoft's latest "spyware" (what they call a 'service pack') or just wait and get one for free from a "third party" over time. Hmm...

its not just windows-users (2, Interesting)

rehabdoll (221029) | more than 9 years ago | (#12468070)

I get _TONS_ of logs from various ssh-worms roaming around these days.

Re:its not just windows-users (1, Insightful)

Anonymous Coward | more than 9 years ago | (#12468170)

I get _TONS_ of logs from various ssh-worms roaming around these days.

I believe Linux users that are not very competent admins of their system (and that probably includes a lot of people that wouldn't include themselves) is much more of a target than they realize.

It is a problem that is going to come back and bite us that this often is ignored, or shoved under the rug, while ridiculing Windows users.

As someone who runs a honeypot or 12 ... (1)

ProfaneBaby (821276) | more than 9 years ago | (#12468179)

Most of them are the same worm, and they're doing dictionary attacks for weak passwords (not quite the same flaw as not being updated).

The phpBB, awstats, and openwebmail worms were better examples.

Re:its not just windows-users (0)

Anonymous Coward | more than 9 years ago | (#12468266)

Hmmm, I have ssh firewalled with access granted from around 12 static IP's. I'll have to default permit and turn on logging but I think I'll still see more attempts to find phpbb or IIS GET vulnerabilities logged by apache. SSH scans were quite rare when I had the port wide open.

Are you sure it's not just your subnet?

"Ordinary users" (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#12468072)

Some 'ordinary users' are seriously too stupid to run auto-update. Believe me, I know, I've been there.
I work at a University IT helpdesk, and after far too many malware problems from far too many dumb lusers (and many of them repeat visits), I've adopted a new policy.
If a student or member of faculty comes in with malware problems for the first time, I fix it for them and I give them a Gentoo Linux install CD to go away with. If they come back with viruses/spyware a second time, I tell the luser to stop bothering me, and that I gave them the solution to install last time. Linux is an OS immune to these kinds of problems.

Re:"Ordinary users" (1, Insightful)

Anonymous Coward | more than 9 years ago | (#12468193)

How is Linux immune? Viruses and trojans can be written for Linux just like any other OS.

Looking at the BugTraq mailing lists, it is also obvious that there are plenty of common software that runs on Linux that gets exploited on an almost daily basis.

What was your point again?

Re:"Ordinary users" (1, Insightful)

Anonymous Coward | more than 9 years ago | (#12468200)

Thats not quite true. There's a virus going around that infects any platform's PHP parser into loading any visitor using IE's computer up with drive-by-downloads. The virus itself isn't affecting IE, it's affecting the parser, so no, linux is not immune to virus/worm problems.

Trusting MicroSoft (4, Interesting)

KiloByte (825081) | more than 9 years ago | (#12468082)

What are we going to have to do to convince "ordinary users" to visit WindowsUpdate once in a while?"

The problem is, MicroSoft went a long way to tell people that no, they can not trust them when it comes to privacy. People from random businesses around here are pretty paranoid now -- I've talked to the CEO of a ~300 employees big company who, albeit a non-technical user himself, went on a long tirade about not letting Windows phone home.

try... (1)

Pliep (880962) | more than 9 years ago | (#12468097)

try releasing one update that actually works; you'll only have to get people to update one time.

Huh? (0, Redundant)

rnelsonee (98732) | more than 9 years ago | (#12468101)

Interestingly, patched machines are not vulnerable to the exploits used by this worm

Not that interesting - that's exactly what's expected. I guess the submitter is trying to say that's an indication of how many machines are unpatched?

Fight Fire With Fire? (2, Funny)

tbuckner (861471) | more than 9 years ago | (#12468105)

But if you slashdot the Sober.P worm, who wins?

Windows Update is useless to dialup users (3, Interesting)

LTSharpe (809868) | more than 9 years ago | (#12468120)

I have tried using windows update on several machines over the years ever since it came out. All I ever receive in return are page script errors, stalled connections and general frustration of all kinds. I especially hate waiting for it to do something after god knows how long only to have it error out and start all over again. I gave up on windows update long ago which is fine because I generally follow and advise others to follow hte rule of 'if it ain't broke then don't fix it'.

What are we going to do? (3, Insightful)

LO0G (606364) | more than 9 years ago | (#12468145)

What are we going to have to do to convince "ordinary users" to visit WindowsUpdate once in a while?"

I dunno. Maybe we should stop running all those stories about how evil WindowsUpdate is, and how Microsoft is spying on your computer?

And proclaiming to the heavens that <insert my linux distro> doesn't need updates because it's secure?

Re:What are we going to do? (1)

tbuckner (861471) | more than 9 years ago | (#12468178)

A machine with no OS but a Knoppix CD is pretty damn wormproof, isn't it?

Re:What are we going to do? (1)

YrWrstNtmr (564987) | more than 9 years ago | (#12468295)

And pretty damn restrictive for the average user. What? I can't play this new game? I can't install TurboTax2006? Get rid of this damn CD thing and let me do what I want!

I speak for millions when I ask (0)

Anonymous Coward | more than 9 years ago | (#12468149)

What is this WindowsUpdate you speak of?

Will it require me to give personal information? Annual gross income? Name of my firstborn? Serial number of my Pentium? Location of hidden tattoo and Body piercings?

The solution? Fines (1, Redundant)

tannhaus (152710) | more than 9 years ago | (#12468153)

They should start fining people whose computers are used in an attack that could have been prevented if they had patched their systems. Many people are under the impression "Oh, it really doesn't matter. It's just the internet".

So, if they are held financially responsible for the damage they help cause, they will spend the time it takes to update their computers.

Also, Microsoft needs to get a clue. I've visited windows update before. You select all the updates and then it tells you "You can't select this update along with any others". So, you have to install that one single update by itself...and then REBOOT. That's about the stupidest thing I've ever heard. Why don't they make it so you can download ALL the updates, then reboot as necessary AFTER you've gotten all the updates. Don't make the process take an hour or more with multiple visits to windowsupdate.

Re:The solution? Fines (1)

tbuckner (861471) | more than 9 years ago | (#12468234)

So week before last I was over at my wife's sister's house and they were having a heck of a time with their Pentium 4 Dell, which ought to run fast enough, but it was choking on web pages, even. I d/led Spyware Doctor and ran it, and it found 2,654 infections. Granted, that's mostly cookies'n'cream, but STILL. 2,654! The meme that average nontechnical users need to hear is that "A computer is not like a toaster, it's like a car. A toaster works, and if it breaks you throw it away. A car needs constant attention, fuel, check the oil, service the brakes, etc. or it stops working. A computer is like a car." A seriously secure computer, I keep saying, would be for instance a no-OS machine with a Knoppix disk glued in the CD reader. Pro: no new programs, like malware. The hard drive used only to store user-created data (pictures, etc. Con: no new programs. Lots of people don't want or need new programs very often anyway; a new disk might suffice.

Re:The solution? Fines (1)

YrWrstNtmr (564987) | more than 9 years ago | (#12468271)

'They' should start fining people? They who? The ISP?

Re:The solution? Fines (0)

Anonymous Coward | more than 9 years ago | (#12468294)

Don't make the consumer liable that just lets the manufacturer off the hook. Why make a safer product if they can always let the user take the fall. Make sure the manufacturer is liable for more than the cost of the sofwtare too. It may not be possible but at least we should raise the bar on quality and see to it that they have an incentive to make better products. Cars are safe today because it was costing more money to deal with the issues of image, etc and dealing with all those expensive litigations.

Re:The solution? Fines (0)

Anonymous Coward | more than 9 years ago | (#12468298)

I removed IE and OE from a 2K box using MS menu options and had windows update prompt me to install the same 2 patches about 20 times...

I was using it as a fileserver but SAMBA is prooving to be a much better choice.

The political way (1)

fsck! (98098) | more than 9 years ago | (#12468154)

Someone needs to publish a list of ISPs that refuse to keep their virus definitions up to date. Boycott everyone on that. I'm not talking about a software blacklist, I'm talking about a financial boycott. Make sure gramma is using someone else. Let the good ISPs use that list to target their customers for migration. This is just like the spam problem. Their negligence is hurting the Internet as a whole.

This is imperfect, though. I bet a lot of the trouble relays are small business mail servers without the staff to keep their systems up to date.

Hmm... (0)

Anonymous Coward | more than 9 years ago | (#12468156)

Do this.

Set up a routine that will disconnect a luser's PC if it all of a sudden starts abusing the mail servers. Call the luser with an automated message saying the following.
"Your computer has violated our ISP antivirus policy. If you have no antivirus program, please purchase one and run it immediately. If you do have an antivirus program, run an immediate scan and update your program according to the instructions included with it. Your connection will be restored in 24 hours, and you will have 24 hours to comply once it has been restored. Further violations will result in further action up to and including termination of your account. Internet safety and security is everyone's responsibility, and if you won't hold up your end of the bargain then we can't have you corrupting our network. Have a nice day."

Interestingly? (3, Interesting)

merdaccia (695940) | more than 9 years ago | (#12468168)

Interestingly, patched machines are not vulnerable to the exploits used by this worm.

Isn't life is full of little surprises!

Re:Interestingly? (5, Funny)

merdaccia (695940) | more than 9 years ago | (#12468207)

I officially retract that last comment. The grammatical mistake was more retarded than the quote it was making fun of.

What are we going to have to do to convince "ordin (0)

Anonymous Coward | more than 9 years ago | (#12468197)

Re: What are we going to have to do to convince "ordinary users" to visit WindowsUpdate once in a while?"

Make sure the patches don't cripple Windows for some users? Pretty bad when a patch causes other errors.

Laws (0)

Anonymous Coward | more than 9 years ago | (#12468211)

I think that people need to be made aware of the importance of computer security, and that those who cause or contribute to a significant detrimental effect on society, such as this, due to their carelessness should be held responsible under the law.

I also think that Microsoft should stop polluting the world with their evil principles and ridiculous software.

better question (1)

greenrom (576281) | more than 9 years ago | (#12468212)

What are we going to have to do to convince "ordinary users" to visit WindowsUpdate once in a while?
Better yet, what are we going to have to do to convince "ordinary users" not to run executable email attachments? Some users are smart enough not to run executable attachments. Some users are too dumb to know how to open any attachment. It's all the other users that cause most of the problem. Unfortunately, there are a lot of them.

Re:better question (0)

Anonymous Coward | more than 9 years ago | (#12468282)

Better yet, what are we going to have to do to convince "ordinary users" not to run executable email attachments?

By executables you do mean .doc, .jpeg, .jpg, .zip and other files like that, which can contain viruses?

decrease in spam? (1)

Lawrence_Bird (67278) | more than 9 years ago | (#12468216)

on a related note.. has anybody else noticed a decrease in
spam the past week or so? I've done nothing new on my side
but volume is down at least 50% if not a bit more.

what to do? (1)

be_kul (718053) | more than 9 years ago | (#12468222)

take every computer that sends out infected mail immediately from the net - together with a warning that they will only be allowed to connect again after: - they ordered a patch CD from Microsoft by (normal) mail, - installed it under supervision of a certified security engineer (for 100 $ per personal visit) and - the certification is sent by invoice mail to their ISP. This procedure they will be necessarily only once in every case, I'm sure. Kulinux

Use a Real Anti-Virus (1)

FreyarHunter (760978) | more than 9 years ago | (#12468226)

Windows updates end up with so many different updates in so many little packages, that it's incredibly difficult for the average user to decide which ones to install. Average PC users don't even care to update so long as thier PC is running fine. Once there is a problem, then they look for updates.

In my opinion, there shouldn't be fines, shouldn't be blackouts, it's not fair to those who don't know what they are doing is the equivilant to being mentally incapable of understanding the situation in a courtroom.

It IS a security hazard, and I do admit that I don't appriciate having infected files sent to my e-mail, but if I can stop it, then I will on my own machine. Why go out there, and get other people angry because you are imposing on thier personal use of thier machine?

Strong companies, and personal computers that have people that are sane in this field should be able to defend it quite nicely. updated Anti-Virus, and a close look at files sent to the mail.

It's not that hard to say, "Hey! My grandmother doesn't know how to send attachments." or "Hey! I don't even belong to that organization!"

As far as I'm concerned, a virus infecting someone's network is thier own damn fault and they have to deal with the consequences.

But... But... "It Just Works!" (2, Insightful)

localroger (258128) | more than 9 years ago | (#12468269)

Non-computer-oriented users have no idea what is possible or what is necessary or, usually, even that their system is compromised and is spamming the crap out of their neighbors. As long as it puts up the pretty desktop and does the few things they have always understood, why should they do something they don't understand that will have no obvious benefit (to them) and might make it stop working?

The only way to wake people up (5, Interesting)

NtroP (649992) | more than 9 years ago | (#12468277)

Remember the good old days when viruses did real damage? Remember when they actually did format your hard drive or screw up you boot sector? That made people sit up and take notice.

If virus writers ever changed their tactics from one of "sneak in and just borrow their CPU cycles and bandwidth for my bot-net" to one of "let's infect, spread, then kick them in the nuts" people would take notice once again.

Several years ago there was a virus that went around replacing jpegs with copies of itself (or something). My friend had a struggling web-hosting business where he hosted websites for about 100 different small mom-and-pop shops. Even though I warned him about the risks of viruses and that he should run his site with Linux/Apache he didn't listen. That virus wiped him out.

No, he didn't have up-to-date backups. But guess what? He keeps meticulous backups now and keeps his computers patched with up-to-date virus software and only connects to his web server via ftp (no mounted shares any more).

Alas, he still hasn't embraced Linux or OS X, but at least he's not part of the problem any more.

Just think what would happen if a virus spread around and just looked for .xls files and quietly changed all the 3's to 7's? How far back would companies have to go into their backups to be sure they had a known-good copy? D'ya think they might take viruses and security more seriously then?

The last major hassle we had with a worm was primarily due to the enormous amount of traffic it generated, bringing our networks to their knees. That was an annoyance to management, but they saw it as a network problem - not a virus/worm/security problem.

One of these days some one or some group is going to unleash a virus that really IS going to do real damage. Maybe then people will realize that they aren't sitting in front of an internet toaster, but sophisticated computing device that has a tremendous impact on many aspects of all of our lives.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?