1 In 3 Windows PCs Still Vulnerable To Worm Attack 242
CWmike writes "The worm that has infected several million Windows PCs, Downadup or 'Conficker,' is having a field day because nearly a third of all systems remain unpatched 80 days after Microsoft rolled out an emergency fix, security firm Qualys said. Downadup surged dramatically this week and has infected an estimated 3.5 million PCs so far, according to Finnish security company F-Secure Corp. The worm exploits a bug in the Windows Server service used in Windows 2000, XP, Vista, Server 2003, and Server 2008. Qualys' CTO said, 'These slow [corporate] patch cycles are simply not acceptable. They lead directly to these high infection rates.'" This is indicative of why some are calling for Microsoft to rethink Patch Tuesday, as reader buzzardsbay pointed out.
Genuine Advantage Validation (Score:5, Interesting)
I know a lot of people who are afraid of updates because of the genuine advantage validation. They got student priced versions of the software 5 years ago and are no longer students. They don't want to risk losing Visio/Word/PowerPoint or having some other software disabled on their computer.
The fear factor of automated reporting/validation is stopping a lot of people from running the updates.
Patches are good, not bad! (Score:4, Interesting)
What drives me absolutely nuts is how people who are not computer professionals talk about patches with contempt. In any magazine article about an operating system, whether it be from the Windows family, Mac OS X, or Linux, when the subject of patches comes up, the writer will usually say something to the effect that a downside of using this operating system is the high frequency of patches.
In a perfect world, software would have zero bugs (security holes are bugs, too, if you think about it). No product would have any problems. Everything would be perfect. There would be no need for patches.
But unfortunately we do not live in a perfect world, and software does have bugs. When patches are available at a frequency such as daily (as is sometimes the case if you use Ubuntu, patches not only for the OS but for any programs you have installed too), or every few weeks as is the case with Mac OS X, you know that people behind the product are responsible, are continuing to develop and refine the software, and you benefit from those refinements at the frequency of the patches.
We all know this, yet because many people feel contempt toward software patches, and because magazines and newspapers write inaccurately about this subject, many boxes out there are vulnerable to many types of attack, and this won't change any time soon. I think some effort needs to be expended by the marketing departments of various software companies to convince people that patches are good, not bad.
I just had one additional thought about this Windows patch. Perhaps some of these boxes are using illegitimate copies of Windows and are therefore ineligible for the patch?
Re:blackhat thoughts (Score:1, Interesting)
> With all this talk of Microsoft losing money, maybe they should get into the botnet
> business for themselves.
Perhaps they already are.
Our site had 350 machines infected in 4 hours (Score:1, Interesting)
We had better than 95 percent MS08-067 patch coverage and the infection still went that fast. Due to the random date stamping of dropped files, I can't tell who was infected first, and I can only speculate as to how it spread so fast. I believe it would actually use logged on credentials first before trying the exploit, and we have poor local permissions(lots of local admins). Still, I have about 30 machines that were patched and no one is local admin on(except domain admins), and they were infected with everyone else.
Re:Not Acceptable? (Score:3, Interesting)
I've worked at several places that didn't roll out patches right away. It wasn't because the IT department was busily testing the patches. It was because they were afraid of the patches, but had no time to test them.
For one example, we had a farm of servers. I suggested that they let the developers patch their machines first, then the test servers, then the staging servers, then production. That way there was no risk, and no need to go about with extra testing effort. They agreed -- but nothing happened. The internet-facing production servers were sometimes a year out of date, while all the dev and test machines were running the latest stuff just fine.
Re:router (Score:5, Interesting)
That works well in home scenarios where the router is the only possible entry point of a worm. In office environments, you have laptop users that travel. They may or may not connect from home, often with mobile access or from their private line. Something you cannot shield, and more often than not is not shielded.
I've been lobbying in various consulting sessions that laptops from traveling workers are to be seen as "semi-trustworthy", if that. Because they can and do connect not only from within the trusted and firewalled network, but because of this very reason, they can connect in insecure scenarios and may be infected when they connect to the company networks. I have been lobbying to put them in a separate network ("separate but equal" has such a bad ring, but in this case it's pretty much what the idea is). If the worst case happens, it would at least only infect a usually very manageable number of computers instead of the whole corporate network.
Well, I guess I finally have a real life example of what happens when you don't heed it. Companies are like little kids, you have to let them touch the stove once before they believe you it's hot. But fortunately, some companies are willing to learn from the mistake of others...
Re:router (Score:4, Interesting)
when something malicious got through AVG, spybot, and adaware i was clued in when fdsb423.exe started trying to connect with the internet. a software firewall is not a defense, but it is a good way to tell that you have something going on. i also agree it is fun to turn off the dial-home on software that doesn't need to talk to it's mommy. HP printer drivers, i am looking at you.
I blame Vista Update Service (Score:1, Interesting)
We've had more than 30% of Vista machines come up with a error code 80070424 that stopped the machines from downloading updates from microsoft or our WSUS server. The only solution to it after becoming aware of it has been to completely re-install the OS.
With update services like that, I'm not surprised that the number isn't higher.
Re:Genuine Advantage Validation (Score:1, Interesting)
However, the lesson from the original story is that Windows is unfit for corporate use, and probably for home use as well.
Written from Opera on FreeBSD.
Re:How about installing updates? (Score:3, Interesting)
Here are a few reasons why computers should be expected to have more updates than cars:
* Unlike cars you don't have to recall the car to refit it, but can instead send the refit to the customer and have it install itself. (This is mostly an argument for more non security updates)
* Computers connected to the internet exist in a hostile environment unlike cars that exist in a relativly friendly environment. (Imagine if other drivers could earn money by pushing your car of the road, and rarely would get punished for it. I would think that you would be more willing to get the car manufacturers latest anti pushing fixes installed)
* Cars mostly exist in a more restricted environment, while the computer environment is more generic. (You'll need far more maintenance on your car if you run offroad, and far less maintenance on your computer if it runs in a lockdowned environment)
3 In 3 Windows PCs Still Vulnerable To Something (Score:3, Interesting)
Every single windows systems is vulnerable to something, it's just a matter of time until the right attack vector is tried.
If you use windows you will get some kind of malware sooner or later. If you are lucky this will be something relatively harmless. If you are unlucky you have already been sending personal and company data to organized crime groups for some time.
The big picture has not changed in many years. Windows is not fit to hold anything you don't want made public. Anti-virus software and firewalls are a band-aid not a fix.