Microsoft Won't Offer Patch Before Worm Strikes?

techmuse writes "According to an article in Information Week, Microsoft is aware that the 'Kama Sutra/Blackworm/MyWife' worm will hit on Friday, overwriting office documents, but will not release a patch until its regular monthly patch release on February 14th. Unless, that is, you subscribe to one of Microsoft's pay security services, in which case your machine will have the worm removed in advance." From the article: "The blog offered no explanation why the tool wouldn't be updated earlier, nor did Microsoft immediately respond to questions. Each month, Microsoft pushes a revised tool to Windows users who have Automatic Update enabled for Windows Update or Microsoft Update. The Redmond, Wash.-based company has released the Malicious Software Removal Tool off-schedule once before, in August 2005, shortly after the Zotob worm began striking Windows 2000 systems."

All should not be lost...

[DaHat]

So Microsoft wont help out the unwashed masses with an early patch... what about the anti-virus publishers? Can they detect and remove the worm?

Incorrect Story

[CXI]

Come on people. This story is completely wrong. Microsoft is not withholding anything. They simple do not have a Malicioius Software Removal Tool currently ready because the system is built around deploying it on the 14th. The reference to Microsoft's pay services are the same as if you used Symantec or any other virus scanner out that which already detects the worm. It's not extortion, it's not even a story.

Windows Live site uses a cookie exploit

[Anonymous Coward]

if you goto the Windows Live.com site (hxtp://safety.live.com) to stop this malicious program/worm the MS site uses a malicious [pc-help.org] cookie [neohapsis.com] exploit [techweb.com] against you, if you deny the exploit you cant get to the site to get help

its like a Hospital saying "we have to break your leg so we can fix your arm"
they should be ashamed

Re:All should not be lost...

[That's Unpossible!]

How hard is it to not run software mailed to you by a stranger?

Not hard.

How hard is it to not run software mailed to you from a (forged) sender you do know?

Apparantly much harder.

Re:All should not be lost...

[gstoddart]

How hard is it to not run software mailed to you by a stranger? If I mailed you a syringe labeled "everlasting life", would you jam it in your arm and shoot it? No? Did I mention it's FREE and that you are our LUCKY WINNAR? Cuz you are.

What we really need is for MS to release a patch to repair the stupid and irresponsible users out there. Why haven't they fixed this obvious security loophole?

Well, experience has told us that not all of these Microsoft vulnerabilities have anything to do with 'stupid and irresponsible' users.

Thanks to Microsoft, there's so many viruses that don't even require user intervention; some products will simply decide that it should both hide the extension and automatically run it for you.

I don't know the specifics of this worm, but times have come a long way from where you'd have to click on at attachment, select save, and then run. Nowadays the infection can happen automatically, instantly, and completely unobserved -- all because Microsoft figures it should automatically execute anything that looks executable (or that you're not really mature enough to see the extension of this file, so it looks like a JPG, or just simply because it's fun.)

I think it's far more irresponsible of Microsoft to effectively say "Well, between now and when we release the patch, you could lose all of your data. But if you've paid extra, you can have the patch now."

Time was when someone would send you an e-mail warning you that should shouldn't even click on an attachment since it could be a virus, you would politely tell them it was impossible. Nowadays, that's simply not true any more.

I think blaming the users 100% for this is absurd.

Even people who should know better make mistakes

[kalirion]

I remember receiving a "security patch" from the Microsoft Security Center on my college email account. I almost executed it too, before thinking "why in the hell would microsoft be sending security patches over email???" Later I found out that several professors in the university's Computer Science department fell for it....

Re:TROLL????

[Overly Critical Guy]

If you haven't noticed, Slashdot has been invaded in recent years by a pro-Microsoft contingent who thinks Windows is great, outrage over its ridiculous security flaws is overblown, and who mod down those who point out how much time and money Windows has forced people to waste. For Christ's sake, you have to diaper Windows today with a hodge-podge of anti-virus, anti-spyware, firewall, registry cleaner, defragmenter, etc. just to keep it running smoothly for longer than six months, and even then, Windows naturally slows down after a year and requires a complete reinstall to regain its speed. Simply amazing.

At least CBS News pointed out in their report on the worm that Mac users were unaffected.