Romanians Find Cure For Conficker 145
mask.of.sanity writes "BitDefender has released what it claims is the first vaccination tool to remove the notorious Conficker virus that infected some 9 million Windows machines in about three months.
The worm, also known as Downadup, exploits a bug in the Windows Server service used by Windows 2000, XP, Vista, Server 2003 and Server 2008. It spreads primarily through a buffer overflow vulnerability in Windows Server Service where it disables the operating system update service, security center, including Windows Defender, and error reporting.
The Romanian security vendor said its removal tool will delete all versions of Downadup and will not be detected by the virus."
so what? (Score:4, Interesting)
And above all that I'm skeptic about the "delete all versions" phrase, because BidDefender as a (bloated) AV that it is, is pretty much signature based, and has very weak heuristic detection...
could have done with this yesterday... (Score:5, Interesting)
We need a removal tool that can be run from a safe Linux environment (ie boot using a live disk etc., then run the tool from a USB drive)... not running it from inside windows where the Conficker is already running
Re:could have done with this yesterday... (Score:3, Interesting)
har, har... that's as pointless as the ubuntu link troll earlier... The laptop runs Vista because of the applications that have to run on it, it those apps ran in Linux, then I wouldn't have had the problem in the first place...
Re:That many Windows Servers unprotected and onlin (Score:5, Interesting)
You seem to be working under the assumption that most servers have real admins.
Fact of the matter is, outside the very largest of companies, a very large majority of internet connected servers are run by small to medium size business who do not have a full-time IT department and/or often cannot either afford all the necessary equipment and software and man-hours necessary to secure against these threats, esp. since good security often winds up annoying a high-level manager who insists that they should be able to log in to the network and all their apps without a password and insists they have passwords to every computer in the building and that they can use myspace messenger and browse the web from the DNS server if they want to (which they will).
Also, many many many web servers are hosted with hosting companies like the one I work for where less than 5% of the 10,000+ physical servers have anything like a knowledgeable admin and are instead run by idiots in India who use cracked VoipSwitch software (which is itself virus infected, but they keep using it anyway even though the virus causes them to have to re-install every week or two). Or you get people who want to run their own website but simply don't have the skills to maintain it properly, but are convinced they don't need a real admin either... or a firewall... or anti-virus.
Oh, and the desktop has nothing to do with anything - these services would exists and be just as exploitable regardless of a GUI, as it's not the GUI that is being exploited - it's the poorly coded system services and libraries that aren't subject to any kind of external or peer review that are written by people who usually don't even know exactly what they are coding, leaving plenty of room for exploits to bad code crop up.
Funny, now that I think about it, MS treats the coding of it's OS similar to a terrorist operation, small groups of people working on compartmentalized tasks, never knowing who is doing exactly what or what the desired end-product actually is. This may be a great idea if you're a terrorist organization trying to get away with something and trying to prevent a loss of the whole project due to the capture of one or more cells, but this is not a good way to write software - I think the past 10+ years of shoddy performance and infection/exploit history of MS products should be a clear enough sign of the problem, but the MS execs are obviously too blind or ignorant to figure this out for themselves.
Re:That many Windows Servers unprotected and onlin (Score:5, Interesting)
Funny, now that I think about it, MS treats the coding of it's OS similar to a terrorist operation, small groups of people working on compartmentalized tasks, never knowing who is doing exactly what or what the desired end-product actually is.
Funny, now I think of it, this is EXACTLY how the whole Linux development goes on. You have a bunch doing the kernel, doing X, doing Gnome, doing Gimp, doing OOo, etc. All doing little parts of what is going to be the operating system, without having a clue of what the end product even could be. They just make sure that their little piece works fine. And for the software to communicate with each other they use some standard protocols.
Microsoft has at least some top management that will define the final look and feel (at least I assume so, any reasonable OS company would do so). So the little parts do not need to know the total, they just need to know what THEY have to do.
For example the printer server (like CUPS). They have to make sure they can address all kinds of printers on all kinds of ports, and then produce some interface for other software to talk to the printer server. The printer server people don't need to know the total picture. They just have to make sure their printer server works, and that they can answer requests according to specifications.
It seems the problem of Windows development may be that they do NOT work like that. That they want to keep it as a whole, finding interfaces to talk to all different programs in different ways, instead of standardising and creating independent components. Like Linux where you can add the components you need, and depending on the components you have a business work station (include word processor, image viewer, e-mail software), a multimedia station (install Gimp, some video editor, video and music players), or a server (do not install any GUI, instead Postfix, Apache and the rest).
The reason all these little programs can talk to each other is that they use certain standards. All open standards, official or not, some may have developed their own standard. But they use standard file formats, standard interfaces (named pipe, sockets, network) that other software also uses, and thus they can be patched together and generally work fine with each other. And then the distro producers (Mandriva, Ubuntu, Debian) test and make sure all works as expected, and optionally add bits of glue or eye candy to the whole.
Microsoft could be well off by starting to work like that. Kernel and GUI separate. Split off IE and Media Player. Set some goals for the new version, plan for each part what functionality it has to provide and how it is going to provide this to the outside world (e.g. API), and when the parts are done, glue them together. It may just work.
Re:Another link to the tool (Score:3, Interesting)
I used that same tool on another virus. Haven't had an issue since!
Me too. I can't find drive C: ever since.
Re:could have done with this yesterday... (Score:3, Interesting)
My experience has been that *nix livecd based rescue disks aren't worth spit.
The reason given by Kaspersky for discontinuing their linux based rescue cd was that in order to effectively access and safely make changes to the windows data structures.
In essence, they had to engineer a mini windows.
And given the nature of how av works, it stands to reason that the extent of the emulation have to be very exact for the package to be effective.
That's why they switched to a PE based rescue disk.
I use ubuntu as one tool against malware.
I require those using usb sticks to bring them by my desk periodically. Insert/mount/visually delete any file in the root that shouldn't be there - move on.
I also have a desktop that runs Ubuntu with xp in a vm used only for certain specific apps.
The xp vm has no internet or lan access, other than imap and smtp to a specific address, and with the snapshot function, I can reroll the xp vm in a moment should I find that I missed a hole and something got in anyway.
I like Ubuntu, but it does have one notable negative effect - it's lowered the bar to linux entry to the point now where every tool that can double click wubi now thinks that makes them an expert, and that their opinion is well informed, when it really isn't.
That's not a condemnation of linux or the efforts to bring *nix to the masses - it's just the nature of the beast.
Its required for Message Queueing Service (Score:3, Interesting)
which is an additional service that increases the latencies greatly in Xp pro and vista and up. ie, it can bring down a 400 ms world of warcraft connection to 120 ms ping in average case.
Re:Another link to the tool (Score:3, Interesting)