Forgot your password?
typodupeerror
Microsoft Security Worms

Microsoft Won't Offer Patch Before Worm Strikes? 274

Posted by Zonk
from the i-object? dept.
techmuse writes "According to an article in Information Week, Microsoft is aware that the 'Kama Sutra/Blackworm/MyWife' worm will hit on Friday, overwriting office documents, but will not release a patch until its regular monthly patch release on February 14th. Unless, that is, you subscribe to one of Microsoft's pay security services, in which case your machine will have the worm removed in advance." From the article: "The blog offered no explanation why the tool wouldn't be updated earlier, nor did Microsoft immediately respond to questions. Each month, Microsoft pushes a revised tool to Windows users who have Automatic Update enabled for Windows Update or Microsoft Update. The Redmond, Wash.-based company has released the Malicious Software Removal Tool off-schedule once before, in August 2005, shortly after the Zotob worm began striking Windows 2000 systems."
This discussion has been archived. No new comments can be posted.

Microsoft Won't Offer Patch Before Worm Strikes?

Comments Filter:
  • by DaHat (247651) on Wednesday February 01, 2006 @12:38PM (#14616631) Homepage
    So Microsoft wont help out the unwashed masses with an early patch... what about the anti-virus publishers? Can they detect and remove the worm?
    • by Anonymous Coward on Wednesday February 01, 2006 @12:56PM (#14616857)
      Just FYI...
      Microsoft is not distributing the patch out of cycle because it is not a vulnerability, it is a mass mailing worm. It has been categorized as low risk. The "unwashed masses" can get the removal tool from

      http://www.microsoft.com/security/encyclopedia/det ails.aspx?name=Win32%2FMywife [microsoft.com]
      • by ShamusYoung (528944) on Wednesday February 01, 2006 @01:51PM (#14617456) Homepage
        How hard is it to not run software mailed to you by a stranger? If I mailed you a syringe labeled "everlasting life", would you jam it in your arm and shoot it? No? Did I mention it's FREE and that you are our LUCKY WINNAR? Cuz you are.

        What we really need is for MS to release a patch to repair the stupid and irresponsible users out there. Why haven't they fixed this obvious security loophole?

        The problem with these viruses is that they do not kill the victims. If they did, then at least we could look forward to the point when Darwinisim fixed the problem for us. :)

        • How hard is it to not run software mailed to you by a stranger?

          Not hard.

          How hard is it to not run software mailed to you from a (forged) sender you do know?

          Apparantly much harder.
          • it is exactly as easy, just don't do it
          • by LurkerXXX (667952) on Wednesday February 01, 2006 @02:28PM (#14617877)
            It shouldn't be, but apparently it is. People keep coming to me after they've trashed their systems. I ask way they opened an unknown attachment and they always say the same thing "But it was from my co-worker/friend/family member X. They wouldn't send me anything bad!". That's after I've told them literally dozens of times that modern viruses spoof the name of the sender and that person X's machine may be infected, or someone who has both person X and them in their address book may be infected. Don't ever open any attachment unless you know what it is. If your not sure what it is it only takes 2 seconds to hit the reply button and ask "What's this".... It never sinks in. Even after the "I love you" virus, etc. They just can't be educated.

            And no, I don't think that moving to *nix is the answer either. I've had users follow instructions included with an email virus to type in a password required to unzip the payload, then run it. Those users will certainly be willing to type in "rm *" or whatever instructions come along with a virus. Their user files, the only thing of value on the machine, are toast either way. These are the same folks that will never back up their data either, so they really are toast.

            • by kalirion (728907) on Wednesday February 01, 2006 @03:26PM (#14618595)
              I remember receiving a "security patch" from the Microsoft Security Center on my college email account. I almost executed it too, before thinking "why in the hell would microsoft be sending security patches over email???" Later I found out that several professors in the university's Computer Science department fell for it....
            • I have actually had the message sink in to some people by saying do NOT under any circumstances open anything from anyone unless you call them in person and ask what the file is. of course I back this up I back this up by telling them that if they don't verify everything, then their computer will start hosting kiddie porn, and the only way I will be able to fix it again would be to reinstall windows.
        • by gstoddart (321705) on Wednesday February 01, 2006 @02:47PM (#14618136) Homepage
          How hard is it to not run software mailed to you by a stranger? If I mailed you a syringe labeled "everlasting life", would you jam it in your arm and shoot it? No? Did I mention it's FREE and that you are our LUCKY WINNAR? Cuz you are.

          What we really need is for MS to release a patch to repair the stupid and irresponsible users out there. Why haven't they fixed this obvious security loophole?

          Well, experience has told us that not all of these Microsoft vulnerabilities have anything to do with 'stupid and irresponsible' users.

          Thanks to Microsoft, there's so many viruses that don't even require user intervention; some products will simply decide that it should both hide the extension and automatically run it for you.

          I don't know the specifics of this worm, but times have come a long way from where you'd have to click on at attachment, select save, and then run. Nowadays the infection can happen automatically, instantly, and completely unobserved -- all because Microsoft figures it should automatically execute anything that looks executable (or that you're not really mature enough to see the extension of this file, so it looks like a JPG, or just simply because it's fun.)

          I think it's far more irresponsible of Microsoft to effectively say "Well, between now and when we release the patch, you could lose all of your data. But if you've paid extra, you can have the patch now."

          Time was when someone would send you an e-mail warning you that should shouldn't even click on an attachment since it could be a virus, you would politely tell them it was impossible. Nowadays, that's simply not true any more.

          I think blaming the users 100% for this is absurd.
          • TROLL???? (Score:3, Informative)

            by gstoddart (321705)
            How the hell is pointing out that it's not always "stupid and irresponsible users" a friggin' troll?
            • Re:TROLL???? (Score:5, Interesting)

              by Overly Critical Guy (663429) on Wednesday February 01, 2006 @04:55PM (#14619621)
              If you haven't noticed, Slashdot has been invaded in recent years by a pro-Microsoft contingent who thinks Windows is great, outrage over its ridiculous security flaws is overblown, and who mod down those who point out how much time and money Windows has forced people to waste. For Christ's sake, you have to diaper Windows today with a hodge-podge of anti-virus, anti-spyware, firewall, registry cleaner, defragmenter, etc. just to keep it running smoothly for longer than six months, and even then, Windows naturally slows down after a year and requires a complete reinstall to regain its speed. Simply amazing.

              At least CBS News pointed out in their report on the worm that Mac users were unaffected.
        • How hard is it to not run software mailed to you by a stranger?

          "The email wasn't from a stranger. It was from my %#@! mother!"

          Social engineering, my friend. Social engineering. If you pretend to belong where you don't people are unlikely to ask you to leave. I've had staff at an airport give me a ride from one 'secure' area to another because I looked lik e I belonged, (I didn't realize, at the time, that I was doing anything wrong).

          The only way to completely shut down attacks like that is to turn o

      • Well, two things I feel;

        Use a different emailer, it's no so hard to use Moz Thunderbird, mutt or Sylpheed.

        I bet clamav will be saving mail to /dev/null shortly.
  • by Ph33r th3 g(O)at (592622) on Wednesday February 01, 2006 @12:38PM (#14616637)
    Nice Windows machine you've got there. Wouldn't want anything to, um, happen to it. You need insurance, and we happen to sell insurance. Capiche?
  • by ackthpt (218170) * on Wednesday February 01, 2006 @12:38PM (#14616639) Homepage Journal

    What, me worry? [wikimedia.org]
  • by sterno (16320)
    Unless, that is, you subscribe to one of Microsoft's pay security services, in which case your machine will have the worm removed in advance.

    This is what is commonly referred to as "extortion". Pay them now or something bad might happen. You wouldn't want something bad to happen would you?
    • by CXI (46706) on Wednesday February 01, 2006 @12:47PM (#14616734) Homepage
      Wrong. The entire content of this story is that Microsoft isn't releasing a malicious software removal tool until the 14th, as usual. So, go use any virus checker on the planet instead, including Microsoft's, to solve the problem now.
      • While I agree with you, and it is Microsoft's right to not provide any fixes based on the existing license agreement, there's still two things that I'd like to put out as food for thought.

        1. What if Microsoft intentionally wrote bad code, and conspired with worm authors to agree on a worm release date, then said "You can pay to have the fix before this day, or get it for free after this day". Well, it's just a thought, I'm not making any accusations.

        2. What if all security product vendors took the same sta
    • I would not say it is extortion, but a new business strategy. Big businesses which can afford to pay for updates now will. All others will get them on the monthly plan. It is setting up a division of resources, depending on how much you are willing to pay. This could be very lucrative for Microsoft.
    • by RyoShin (610051) <.tukaro. .at. .gmail.com.> on Wednesday February 01, 2006 @01:12PM (#14617042) Homepage Journal
      Not quite.

      Extortion [wikipedia.org] is when someone says "pay or do this, or something bad could happen later", and the person saying that is the one that will make the bad happen later.

      In this case, it's Microsoft saying "We'll take care of this problem sooner for a little money", but someone else will make the bad thing happen regardless. Microsoft is just offering clean up/prevention, not "assured safety". Your lack of acceptance will not make the problem better or worse; it will stay exactly the same.

      An analogy might be that there's a gang of kids going around defacing houses, and Company XYZ says "We'll stick a security guard in front of your house for a little extra money, so you'll be ready when those kids show up, and won't have to wait for the police to show up when you do get hit." XYZ is offering an enhanced service; if you turn them down, your house will likely get defaced, but not because of anything XYZ did.

      (If you can show that XYZ/Micrsoft is in cohorts with the kids/virus writer, then that is indeed extortion, but at face it's mislabeling.)
    • Micrsoft has scheduled the updates for every 'black friday'. If they start releasing the updates when they're needed, then you'll have security releases all over the place -- destroying any appearance of control that MS pretends to have over the security arena.

      Remember: Microsoft appears to be controlled by their marketing department, not their engineering department. In such a regime, appearances are far more important than good customer support.

  • Friday is also the 30th anniversary of the "Homebrew Letter" that Gates wrote complaining about copying basic on the altair. And also my 30th birthday.
  • by bushidocoder (550265) on Wednesday February 01, 2006 @12:42PM (#14616683) Homepage
    Unless, that is, you subscribe to one of Microsoft's pay security services, in which case your machine will have the worm removed in advance.

    Or, if you had read the very article you're posting, "Both the company's free online security service, Windows Live Safety, and its in-beta OneCare Live software, however, will disinfect compromised computers, Microsoft said."

    • will disinfect compromised computers, Microsoft said."

      After the damage is done to your files?
      • Well, the virus doesn't hit until Friday, so in theory, if you're infected you'll have time to remove the worm before it starts damaging your system.
      • will disinfect compromised computers, Microsoft said."

        After the damage is done to your files?


        ZEN: Repair monitors report explosive device attached to primary power channel.

        BLAKE: Where?

        ZEN: Hold three, access duct seven.

        BLAKE: Can the automatics neutralize it?

        ZEN: No.

        BLAKE: Why not?!

        ZEN: There is no damage.

        AVON: Computer logic. Until the bomb explodes there is nothing for the repair system to repair. Zen, can you reprogram the automatics?

        ZEN: Preemptive interference in crew activity is forbidden.

        BLAKE: Oh,
    • by nologin (256407) on Wednesday February 01, 2006 @01:07PM (#14616982) Homepage
      Unfortunately, the effort here by Microsoft here won't save the users most likely affected by the virus. Those users who don't know how to protect themselves adequately probably rely on Windows Update to keep their computer safe. How many of them will be informed in time to use Live Safety, or for that matter, how many of them know that it exists?

      At least I know how to protect my computers. So the impact to me would be none regardless of what Microsoft does. It is those users that don't even know the definition of malware that are most at risk, and will be the least likely to use Microsoft's proposed remedy.
      • by ocbwilg (259828) on Wednesday February 01, 2006 @02:43PM (#14618086)
        Unfortunately, the effort here by Microsoft here won't save the users most likely affected by the virus. Those users who don't know how to protect themselves adequately probably rely on Windows Update to keep their computer safe. How many of them will be informed in time to use Live Safety, or for that matter, how many of them know that it exists?

        Dude, what are you smoking? Those users who don't know how to protect themselves adequately probably don't even know what Windows Update is, let alone rely on it to keep their PC safe.
  • Incorrect Story (Score:5, Interesting)

    by CXI (46706) on Wednesday February 01, 2006 @12:44PM (#14616699) Homepage
    Come on people. This story is completely wrong. Microsoft is not withholding anything. They simple do not have a Malicioius Software Removal Tool currently ready because the system is built around deploying it on the 14th. The reference to Microsoft's pay services are the same as if you used Symantec or any other virus scanner out that which already detects the worm. It's not extortion, it's not even a story.
    • MS didn't always have this idiotic system of waiting til a certain date to fix problems. It used to actually react without regard to some artificial and arbitrary schedule that simply has nothing at all to do with when threats and bugs actually exist.
  • by digitaldc (879047) * on Wednesday February 01, 2006 @12:44PM (#14616708)
    Microsoft is aware that the 'Kama Sutra/Blackworm/MyWife' worm will hit on Friday, overwriting office documents, but will not release a patch until its regular monthly patch release on February 14th.

    How ironic that a patch for the Kama Sutra/MyWife worm will be released on February 14th.
    Happy Valentine's Day - Love, Microsoft.
  • by Shimdaddy (898354) on Wednesday February 01, 2006 @12:45PM (#14616717) Homepage
    If you can't / don't want to pay, but you still want to be secure, you still have an option. You see, if you read the full article, and go to the knowledgebase post about it, Microsoft says that up-to-date anti-cirus will take care of it. Don't have up to date anti-virus? That's ok too! Just visit the onecare part of safety.live.com, and Microsoft will scan your computer for viruses (including this one) in addition to all the other crap that builds up on computers.

    Now, speaking as someone who has tried the online virus scanner, I have to say it works really quite well. It's just the tool to clean your computer of viruses, spyware, malware, unused/unneeded files -- and even knocks out those MICRO$OFT haters on /.!
    • by ZachPruckowski (918562) <zachary.pruckowski@gmail.com> on Wednesday February 01, 2006 @12:59PM (#14616896)
      Your argument reminds me of something a friend said. We all have seen those "hardest American football hits ever" sports reels, right? Now they look nice and pretty, and they knock the ball carrier down, right? Now here's the problem: in almost every case, the guy had already caught the ball and picked up yards.

      Do you see what I'm getting at? All those viruses and spywares and worms on your computer have already done damage when you get them removed. The goal is to keep them from getting on your computer or at least keep them from running. And MS is deliberately charging for that feature. Their online virus-removal thing is nice, and can mitigate some damage, but the horse already left the barn.
      • Do you see what I'm getting at?

        No, I don't see. Because the part they aren't releasing is a removal tool, which will only help if the user is already infected. As has been said, if you have up-to-date virus protection you should be ok. This is not a vuln in a product, this is the user running an executable. If you get infected there are several free avenues for removing the virus. But yeah, boo Micro$oft. Teh r da evul.

  • Haha... (Score:2, Informative)

    by gru3hunt3r (782984)
    Yet another reason i'm glad our IT department decided to standardize on open office. Doesn't appear opendoc files are targeted.

  • The constant hate... (Score:3, Informative)

    by Last_Available_Usern (756093) on Wednesday February 01, 2006 @12:47PM (#14616743)
    I know this is probably redundant, but is it possible for people to make a story submission relating to Microsoft without drawing imaginary horns and a "666" on their logo every time? I will grant that Micrsoft should probably release the patch to everyone right now for secuirty reasons, but I'm sure there are ample folks who use Oracle, and they won't give you *any* patches at *any* time, or allow you to peruse any of their Metalink site, without first paying.
    • ...but I'm sure there are ample folks who use Oracle, and they won't give you *any* patches at *any* time, or allow you to peruse any of their Metalink site, without first paying.

      And I'm sure there are some not-so-ample folks (I myself am fairly svelte) who use Oracle... but I digress. You're right; this kind of "we know it's broken but don't expect us to drop everything and fix it" logic is pervasive in the software industry. It's like buying a 6-cylinder car, having only 5 cylinders work, and the dealer

      • That's what you get with liability exclusions for software.

        The only software that should be eligible for exclusion of liability of Free as in Beer or Free as in Speech software.

        Everything else should have bugs be accountable to the software maker. Why not? Every other industry in the world works like that, why not software?

  • Honestly... (Score:2, Insightful)

    by JFlex (763276)
    ... Why would they hold back on the patch? If they have it available and ready to push out, why not just do it? I don't understand, its as if this is their way of raising their right hand and flipping everyone off.
  • by Cr0w T. Trollbot (848674) on Wednesday February 01, 2006 @12:51PM (#14616799)
    "Why do you want to return it?"

    "Because there's a car bomb on it set to go off on Friday."

    "Sorry, that's not our car bomb."

    "No, but when I bought the car, there was a modular plug next to the engine with PLACE CAR BOMB HERE written on it!"

    "Sorry, not our problem. You knew this car was prone to car bombs when you bought it, and your purchase agreement specifically spells out that we're not responsible for car bomb damage."

    "Can you at least remove the car bomb?"

    "Sorry, but your contract specifically states that we're under no obligation to remove any car bombs attached to your car. Now, if you would be interested in purchasing our special Car Bomb Insurance..."

    - Crow T. Trollbot

    • More like this (Score:2, Informative)

      by thisislee (908426)
      "I'd like to buy a car"

      "OK here you go. We also offer a car bomb detection service. Our car is as car bomb proof as we were able to make it but those terrorists are pretty clever. So you can pay us to make sure that any new ways of getting car bombs into cars that we find out about is prevented. "

      "No thanks. What are the chances I'm gonna get targeted by a terrorist" ....... some time later .........

      "I want you to fix my car and all other cars for free"

      "What's wrong with it"

      "Car bomb set to go off in 3
      • Re:More like this (Score:5, Insightful)

        by ivan256 (17499) * on Wednesday February 01, 2006 @02:09PM (#14617641)
        Your analogy is more accurate than the parent, but still faulty. The problem is with this part:

        Our car is as car bomb proof as we were able to make it

        I'm fairly certain that Microsoft engineers were fully capable of making Windows more secure. They have smart people working there. Reality is that they made it as secure as they were willing to make it. It's like cars in the '60s. Safety didn't sell if it was an inconvienience. Adding more security to Windows would have meant less ease of use and less backwards compatability. Both are important to maintain the customer base and prevent people from considering alternatives. Were they right or wrong? That depends on how you look at it, but you certainly can't say they implemented security to the limits of their ability.
    • "Do you have any idea who would install a bomb in your car?"

      "My friend Steve did it."

      "He doesn't sound like a very good friend."

      "Well, it wasn't actually Steve, but he really looked like Steve, except for the moustache."

      "Oh, so you let a total stranger install the bomb?"

      "It was a very convincing moustache."

  • The story and summary are confused; This is not a worm, and what is discussed is not a patch for it. Blackworm is a regular old "run this fine file I have emailed you!"-trojan, so as long as people don't randomly run email attachments they are safe. What is not scheduled for release until the regular patch-cycle is the "removal tool" which is included in every patch-cycle. It just removes malicious software which has already sneaked onto the computer, in this case through user carelessness.

    Some may argue

    • Some may argue that Microsoft should release a removal tool before the patch cycle anyway, and there is some credibility to the idea, though the logical extreme is that Microsoft should include an anti-virus program for free with Windows.

      And some may argue that more time needs to be spent at Redmond in thwarting these things outright, rather than having to patch them or update the malicious software removal tool every cycle. It's not like this Trojan is old news.

      • Easy to say that they should "solve it", as far as I know no other platform has solved it. Only possible thing I can think of would be to only allow the OS to run appropriately digitally signed applications, which they have worked on, but that appears slightly impopular around Slashdot.
  • by analog_line (465182) on Wednesday February 01, 2006 @12:52PM (#14616804)
    Check the license agreement for Windows XP. Nothing in there says that Microsoft will ever provide fixes, period. If you don't like their service-after-the-sale, get off the upgrade treadmill and stop buying licenses from them or buy an expanded service agreement from them. They aren't

    Software licenses are agreements that should have the full weight of contract law. There is no other way that the licenses I prefer, like the GPL, BSD, Mozilla, MIT, etc, get any legal weight. If you can't abide by the terms, take a stand, show some guts, and click "Cancel" on the install. Find some software that is licensed under terms you can accept. Don't be a sheep and agree just because it would be too hard, or make you go look for other software if you disagree.

    THIS STUFF IS IMPORTANT.
    • There are no significant bugs in our released software that any significant number of users want fixed.
      -Bill Gates
    • Software licenses are agreements that should have the full weight of contract law. There is no other way that the licenses I prefer, like the GPL, BSD, Mozilla, MIT, etc, get any legal weight.

      That's completely false. Licenses like the GPL work because it is illegal to distribute a copyrighted work without permission from the copyright holder.

      • If software licenses were found illegal tomorrow, then all the "good stuff" (GPL, MIT, BSD) would be fine. There would still be copyright on the software. And you'd still be free to enter into completely voluntary agreement with the FSF or whoever if you want to add to/use their copyrighted stuff. However, stuff that takes away more individual rights than copyright would be illegal.
      • Distribution is not the issue. Restrictions on use, and other simmilar topics are addressed as well in software licenses. Even the GPL deals with these issues. From section 0 of version 2 of the GPL: "Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted..."

        Copyright law does not speak to whether I can use copyrighted material without the express permission of the copyright holder. (IE, c
    • Software licenses are agreements that should have the full weight of contract law.

      You're right. End user licenses should be considered as valid as any other contract with no consideration and no signature.
  • The Redmond, Wash.-based company has released the Malicious Software Removal Tool off-schedule once before

    Our sources say that this 'malicious tool' looks just like 'rm', but is made with evil bits. Some viewers have called in to report sinister rm.666 files all over the file systems - experts suspect these to be soft links to /bin/rm. Reports are steadily streaming in of other variants aliasing themselves to 'rm -rf /'.

    Viewers are urged to remain cautious. We shall return at 11 to talk about these and

  • by sixpaw (648825) on Wednesday February 01, 2006 @01:03PM (#14616940)
    • Despite the eagerness to imply that this is something roaming the net randomly looking for computers to infect, it's pretty much your run-of-the-mill e-mail worm that actively requires opening an executable (.scr) attachment to infect a system. Under normal circumstances (i.e., without the free opportunity to bash Microsoft attached), how many IT pros would say that anyone opening a random attachment e-mailed to them deserved what they got?
    • McAfee rates this one as low-risk [mcafee.com] for both home and corporate users.
    • Symantec gives it a run-of-the-mill threat assessment [symantec.com] (low geographical distribution, easy containment).

    AFAICT this is as run-of-the-mill as virus threats get, and I'm grateful that MS is maintaining a level of software discipline and not jumping all over themselves to instantly respond to every stupid little worm that crosses the net. I'd much rather see meaningful updates once a month than frantic, possibly-buggy scramble fixes three times a week.
  • by teslar (706653) on Wednesday February 01, 2006 @01:03PM (#14616946)
    from the summary:
    According to an article in Information Week, Microsoft is aware that the 'Kama Sutra/Blackworm/MyWife' worm will hit on Friday, overwriting office documents, but will not release a patch until its regular monthly patch release on February 14th. Unless, that is, you subscribe to one of Microsoft's pay security services,

    from TFA:
    Both the company's free online security service, Windows Live Safety, and its in-beta OneCare Live software, however, will disinfect compromised computers, Microsoft said.
  • Bad title (Score:2, Insightful)

    by pjbgravely (751384)
    Microsoft Won't Offer Patch Before Worm Strikes?

    This is not a worm, but a virus, and MS is not releasing a patch, but an updated virus definition.
    Viruses are not caused by a system flaw but by user intervention, that is unless it is installed without user intervention, then it is a system flaw. I am not a Microsoft user but I see no fault they are doing.
  • Both services mentioned that remove the worm for you are FREE. http://safety.live.com/ [live.com]
  • Misleading headline (Score:2, Informative)

    by blast3r (911514)
    "will not release a patch until its regular monthly patch release " Someone should have researched this a bit before approving it. Microsoft has no obligation to patch this. This is a worm that relies mainly on user's opening up an evil email attachment. What is M$ supposed to patch? The end-user?
  • fat bil (Score:2, Funny)

    by lucky130 (267588)
    mmmm, protection racket.
  • Apparently the virus is of the executable-email-attachment variety, so if you don't open unknown attachments you're probably not in any danger. A local college announced to the media today that one of their administrative servers had been "infected by a hacker with a virus", whatever that means. I wonder if this is the one they've got; if so there's apparently no exposure of their data involved. I also wonder at the wisdom of announcing something like this (although the server in question did contain em
  • I don't consider it Microsoft's responsibility to ensure that every Windows user gets just-in-time virus removal for free. It might be different if the virus exploited an OS flaw, but to my knowledge this one doesn't. This is why people pay money for AV software. That said, it would be nice if they'd schedule an out-of-cycle release of the malicious software removal tool, but doing so could create a precedent they don't wish to establish.

  • Customer: So I'm really getting sick of MyWife. Is there any way I can get rid of it by Valentine's day? I really don't want to pay for it. Valentine's is so expensive and all... Microsoft: Well, if you make a special trip to us we can get rid of your MyWife for you. Otherwise you'll be chained to her until kingdom come. Just kidding! We'll patch things up right after Valentine's. We think that we need to let things run their course with your MyWife. After all, isn't that what marriage is for? T
  • So the moral of the story is that virus/worm writers should design their programs to trigger before the 2nd Tuesday of the month for maximum impact, preferably the thursday or friday before to ensure that the differential cost impact of the fix update will be too high to release just a few days early.
  • by slackmaster2000 (820067) on Wednesday February 01, 2006 @02:17PM (#14617743)
    The problem is the Malicious Software Removal Tool itself. It's a half-assed product that just sort of does "some stuff." I'm not sure who it's intended for. As someone in IT I certainly have never once used it professionally. There's no point because we're already using better tools. As a PC user at home I have never bothered to use it because, again, there are already better (& free) tools out there.

    A program that removes some stuff that Microsoft decides is significant enought to be called "malicious" isn't much of a tool to begin with, and then to factor in that it's only updated once per month makes it even less valuable. Oh, I might also mention that the program only detects an underwhelming 54 "malicious programs?" Wow, gimme summa that.

    There's really no issue with Microsoft not releasing an update for the removal tool. It's expected, standard behavior. It's right there in the documentation, second paragraph. This is not an anti-virus program that updates daily, this is some kind of other tool that exists in an awkward dimension all of its own.
  • Missing something? (Score:3, Insightful)

    by SComps (455760) on Wednesday February 01, 2006 @02:21PM (#14617791) Homepage
    Microsoft is aware that the 'Kama Sutra/Blackworm/MyWife' worm will hit on Friday, overwriting office documents,


    Realizing this is ./ I fully expect to be laughed at here, but why do these submitters feel a need to place half-truths in their writeups to make MS look worse than it already does? This particular worm affects MANY files by extension, not just office documents. Writeups such as this only attract the anti-ms zealots and lull the uninformed into thinking they're just fine as long as they don't use Office. Even the link referred to in the article stated that it affected many files *including* office documents. Not exclusively office documents.

    *pop!* That was my karma. It was good karma but it's gone now. I've offended the fanboys.
    • Your missing it. "office documents" and "Office documents" are two different things. The first one refers to documents used in the office. The second refers to the MS Office product.
  • by Aryeh Goretsky (129230) on Wednesday February 01, 2006 @03:01PM (#14618301) Homepage
    Hello,

    A bit of searching came up with the following free or trial versions of anti-virus programs which are capable of detecting and removing Win32/MyWife [microsoft.com] (née CME [mitre.org]-24 [mitre.org]):

    Alwil [alwil.com] - Avast! 4 Home Edition [avast.com] (free for personal non-commercial use)
    ESET [eset.com] - NOD32 trial version [eset.com] (30-day evaluation)
    Grisoft [grisoft.com] - AVG Free Edition [grisoft.com] (free for personal non-commercial use)
    Kaspersky Lab [kaspersky.com] - Anti-Virus Personal 5.0 [kasperskyusa.com] (30-day evaluation)
    McAfee [mcafee.com] - VirusScan [mcafee.com] (30-day evaluation)
    Microsoft [microsoft.com] - Windows Malicious Software Removal Tool [microsoft.com] (KB890830 [microsoft.com]) (free)
    Panda [pandasoftware.com] - Titanium Antivirus 2006 [pandasoftware.com] (30-day evaluation)
    Sophos [sophos.com] - Anti-Virus [sophos.com] (30-day evaluation)
    Symantec [symantec.com] - W32.Blackmal@mm Removal Tool [symantec.com] (free)
    Trend Micro [trendmicro.com] - PC-cillin Trial Version [digitalriver.com] (30-day evaluation)

    I'm certain other readers will look up and post links to additional vendors, too. Ob-disclaimer: I happen to work for one of the companies listed above, so there.

    Regards,

    Aryeh Goretsky
  • What's the history behind the name?

"I have just one word for you, my boy...plastics." - from "The Graduate"

Working...