Internet Security Warnings 296
Juha-Matti Laurio writes "Internet Storm Center's Diary reported today: Due to a number of very well working Windows exploits for this weeks patch set, and the zero-day Veritas exploit, we decided to turn the Infocon to yellow. The following Internet Threat Level meters are at level 2/4 because of Windows Plug and Play vulnerability's several exploit codes too: Symantec ThreatCon as a part of global DeepSight Threat Management System saying Increased alertness and Internet Security Systems X-Force with Increased vigilance at AlertCon."
It hate to say it... (Score:5, Funny)
Jerry
http://www.cyvin.org/ [cyvin.org]
Re:It hate to say it... (Score:5, Insightful)
Oh, but of course that's a troll, so I've gotta say something constructive.. Microsoft's been doing a lot better with security now that everyone on earth is making a buck off of "securing" Windows. As more and more security-related technologies such as antivirus, firewall and antispyware make their way into Windows, however, lots of these companies will die or be bought by MS, and they'll be held a lot more responsible for security, and thus, when Vista rolls around, security is likely to be absymal again. Maybe it'll be just what's needed for a huge evacuation from the MS dependency...
Here's for hoping..
Re:It hate to say it... (Score:5, Insightful)
What are the chances of Microsoft making a secure anti-virus or a secure anything? Remember their last "security push?" 1 month of "emphasis on security" isn't a magic wand to fix 20 years of code; nor will it change the underlying corporate culture. It was all for the media. And they ate it up, being too lazy (or too addicted to free meals - see the story on groklaw about that) to bother telling the truth. http://www.groklaw.net/article.php?story=200508121 9304040 [groklaw.net] or, for those too lazy to click, Microsoft is offering free pizza:
Anyone guillible enough to believe there really is such a thing as a free lunch deserves what they get.Re:It hate to say it... (Score:5, Informative)
Re:It hate to say it... (Score:2)
Why spend 10 bucks on a burger at Moscone when you can have a slice on Microsoft?
What's the big deal here? Next sentence down...
Come join the Microsoft Embedded group at Moscone Pizza...
Ok..so they ask why spend $10 on a burger at Moscone PIZZA. Well, the answer should be obvious. Nobody in their right mind would buy a burger at a good pizza joint, it just defeats the purpose. Unless you're the kind of genius that walks into
Re:It hate to say it... (Score:2)
Re:It hate to say it... (Score:2)
Re:It hate to say it... (Score:5, Interesting)
I mean just look at the terrificly terrible job they've done with the Xbox, or the bang up job they've done to date with patching well known security issues in Windows. Their attempts at security seem half-assed at best, as most of the more critical bugs are found by companies outside of Microsoft, and as Microsoft acquires more of these companies, I doubt if their advisories will ever make it out the front door.
Thus, I believe when Vista comes out, there will be a million new exploits, just as were delivered with Windows XP when it came out. And as most of these exploits will be retroactive (as the NT platform is known for carrying bugs for years without them being detectable), WinXP and 2000 will be at risk as well. It's only an opinion, but it's a well thought out one. At this point it's all speculation.
Re:It hate to say it... (Score:2)
Why do I love Windows98 SE... (Score:2, Interesting)
Microsoft Windows NT 4.0 up to and including SP6a
Microsoft Windows 2000 up to and including SP4
Microsoft Windows XP up to and including SP2
Microsoft Windows Server 2003 up to and including SP1
It's nice to be a Microsoft "reject"...
at least when worms come out I don't give a damn.
Just don't use Internet Explorer and have a good Firewall...
The only problem with Windows 98 SE, is that most newer machine cannot install it properly, since drivers do not exists!!! arggggg.
Which means.... hmmm
may
Re:It hate to say it... (Score:2)
I'm serious, look at it for a sec:
"There should be a firewall on every desktop" done
"Patches should just show up one day, stupid users shouldn't have to think to install them" done
"Damn compiler shouldn't allow buffer overflows" done (to the degree to which it's possible)
All these exploits are against a five year old OS. XP's moved on.
Re:It hate to say it... (Score:2)
In the virus top-10 7 out of 10 spots are variants of the (self-updating, turning your machine into a spam-zombie) MyTob worm, accounting for 39% of infections (excluding any that the virusscanner can't pick up because MyTob will stop it from updating itself). That's fairly effective. MyTob accepts commands from a channel on IRC (of course) and usually makes your zombie machine send out a lot of spam. [sophos.com]
Re:It hate to say it... (Score:5, Interesting)
That's what I meant.
Jerry
http://www.cyvin.org/ [cyvin.org]
How does this affect my PowerBook? (Score:2, Funny)
Re:How does this affect my PowerBook? (Score:5, Insightful)
IIRC we're all plugged into the same internet. A potentially mid to high level set of Windows exploits raises the *Internet* Storm Center's alert level to yellow.
This should tell you something. Ideally it should tell you that when X million Windows boxes are exploited, that there will be a noticeable degradation of quality or service on the internet. That the resultant poor quality traffic and noise created by a large scale (poorly written) worm will degrade the connection your PowerBook is enjoying.
Don't ever forget that we're all in the same boat, and it does little good to sit at the stern and laugh at the suckers at the bow as they dip gently under the water for the Nth time.
Damn, I posted, and I had mod points to burn too.
Re:How does this affect my PowerBook? (Score:2)
Re:How does this affect my PowerBook? (Score:2)
Also, how are they going to do it? Inspect their traffic and see who's spreading viruses? Do you have any idea of how much overhead per packet that's going to cause them? Do you have any idea how troublesome it is for an ISP to inspect your traffic (they could be hel
Not to sell a used car at a funeral, but... (Score:2, Interesting)
Never buy from a used car salesman (Score:3, Insightful)
The thing is, the whole claim that OSS has inherently better security has been exposed as hype for a long time now.
Some OSS projects have excellent security, because the project leaders place sufficient emphasis on it, and the coders code with that emphasis in mind.
Other OSS projects do not have good security, sometimes not even as good as Microsoft and co.
Consider this: I have downloaded patches for more security flaws in Firefox than for IE in recent weeks. Moreover, the IE patches were offered to
Another color-code system? (Score:5, Interesting)
Re:Another color-code system? (Score:3, Informative)
Applying these alert levels doesn't make any sense at the individual level, for the exact reason you gave.
Jerry
http://www.cyvin.org/ [cyvin.org]
Re:Another color-code system? (Score:2)
I've never been to the US, do they really do that in the airports or are you just pulling my chain?
Re:Another color-code system? (Score:4, Insightful)
You do get searching of vehicles at the airport entrance when the threat level is orange, however, or at least of vehicles with ferners in 'em.
None of these color codes is intended to be useful to the common man - they're indicators for security professionals, in whatever field is relevent. The media can't go 3 days without a "crisis" however, so they're good for a scare on a slow news week. I'm not sure why people still pay attention to media hysteria, but apparantly it still gets ratings.
Re:Another color-code system? (Score:3, Insightful)
Re:Another color-code system? (Score:4, Funny)
I totally agree w/ you. We need more clear statements about what the problem is and what we should do about it... like this.
Symantec ThreatCon as a part of global DeepSight Threat Management System saying Increased alertness and Internet Security Systems X-Force with Increased vigilance at AlertCon.
LOLOMGWTFBBQ? At least with the colors you can say, oh well red is bad, and green is good... and so that's that. When AlertCons are X-Forced w/ 3 points of Increased Vigilence and 1 point of Vitality, whose to know what could happen or what arcane anti-sploit knowledge you should call upon.
Re:Another color-code system? (Score:5, Funny)
Re:Another color-code system? (Score:2)
Re:Another color-code system? (Score:2, Funny)
I'm sorry, after seeing the lunacy of coloured threat levels hyped for decades, and the
Re:Another color-code system? (Score:2)
Windows Update (Score:2)
I set my Windows update to manually update (too paranoid?) but anymore it might just be better to set it to update automatically so I don't have to keep checking on security vulnerabilities. I don't run Windows enough for it to be a big problem, but still.
Re:Windows Update (Score:2)
I used to subscribe to the mailinglist back when I actually used windows, as I wasn't too keen on stuff getting automagically installed.
IIRC it was what kept me safe during Blaster while the campus network went to crap.
Re:Windows Update (Score:3, Interesting)
Now I just have it on full auto. What the heck. If they fuck up, I think I'll be reading about it on slashdot within few minutes and s
Windows Threat Assessment (Score:5, Funny)
The app could download data automatically using IE and ActiveX, format the data using an Excel Macro, then email results to me using Outlook.
Because I care about security.
Re:Windows Threat Assessment (Score:2)
Re:Windows Threat Assessment (Score:2, Funny)
"Hi, it looks like you're fucked!"
Here's my assessment (Score:4, Insightful)
Here are my conclusions about the current Windows threat level:
Today, 173 users of Slashdot will post comments about how Windows security sucks, they've had enough, and they'll be switching their entire corporate network to Linux on Monday. None of them will.
Threat assessment: hollow.
*Obligitory offtopic* (Score:2)
Re:*Obligitory offtopic* (Score:2)
Color for security level is great (Score:5, Funny)
Plug and Play vulnerabilities already known (Score:2, Informative)
http://grc.com/UnPnP/UnPnP.htm [grc.com]
You'll notice this was circa December 2001, fully 4 years before these new exploits.
Re:Plug and Play vulnerabilities already known (Score:5, Informative)
Re:Plug and Play vulnerabilities already known (Score:2, Informative)
August 9th Release, which is 4 days ago. Exploits were reported in the wild on Friday, 3 days after the release. There's also a remote exploit in the Spooler service, which is of course enabled by default on all Win2k/XP/2k3 machines. I approved this patch on Friday, hopefully Monday won't bring scores of hosed machines.
Microsoft Security Bulletin MS05-039 (899588)
http://go.microsoft.com/fwlink/?LinkId=48900/ [microsoft.com]
Alert level to Yellow (Score:5, Funny)
"Are you sure, sir? It means changing the bulb...
Netcraft Confirms It. (Score:5, Informative)
Well, it's deathly ill, mostly. The average Windows end user is in a never ending battle against the baddies. They buy their systems at the Best Buy, bring them home, run for a couple of months, and then complain that they can't login.
Then they call me, or someone like me. With disdain, I inform them that I'm wicked busy but I'll do it "this time".
When I get my grubby hands on their machines, they're fubar. It's not for lack of trying either, because there are multiple Virus, Trojan, and Firewall apps, all fighting over the same machine, including the odd fake anti-trojanwares. You know the one's I'm talking about. We've all seen them. "Click here for a FREE security scan!" and then the machine gets YET another bit of evil.
I simply don't know what to do anymore. I clean them up, set up security, knowing - just KNOWING that it's all in vain. Just yesterday, I got an "e-postcard" in the mail, and it was just an overt attempt at infection. There wasn't anything that would trip an AV or firewall in the mail, just an obfuscated link that actually pointed at a crypically named
Toast. Totally goddamn toast. The fact that Windows programs have their execute bit as part of the filename is probably the worst thing ever to happen to an OS. One click, and yet another "svchost.exe" process. No lube, no kiss, no reach-around, just total PC anal rape.
And without a total redesign of Windows or dumping the platform for Apple or Linux, Joe and Josephine User are SOL. Vista is going to be more of the same, as it's going to be simply XP SP3 with more chrome.
Ah well.
If anyone knows anything about a0190313376667.gif.exe, mail me at my alias AT Entropy dawt TMOK dawt com. There's hardly anything on the 'net about it except some German blogs.
--
BMO
Re:Netcraft Confirms It. (Score:3)
Although. it might have something to do with my new payment policy: $40/hr or sexual favors of equal or greater value.
Re:Netcraft Confirms It. (Score:4, Interesting)
It's just that people don't care enough, or don't know enough. "Here's a Mandrake install disc, have fun." Maybe they'll mess with it for a few minutes, but then the killer question comes: "How do I put my kids' <i>Game X</i> on it?" or "How do I use my camera?" I've tried to convert several people to Linux, and there's <i>always</i> a killer question. Some site needs Active X, or some shit company doesn't make Linux drivers for their hardware. If nothing else, "This doesn't look like Excel. How do I put Windows back on?"
I'm sure you've all read those jokes in the respectable upstanding citizen! magazines like Reader's Digest, about how computers are unreliable. Everyone I talk to has this conception that computers are inherently unreliable machines that will always break. But when they say computers, they really mean Windows. They don't know the difference between a monitor and a modem, they just want to push the little blue button and have their email pop up... viruses and all.
In summary, Windows will be the #1 OS until a significant proportion of Wal Mart computers come with an alternative OS (not likely unless MS looses their grip) or people get smarter (not likely period).
Re:Netcraft Confirms It. (Score:2)
That conception existed well before Windows. Take a machine that requires proper hardware setup, build it upon a computing paradigm that is entirely too literal, and throw less than human-friendly software on it, and you'll get generalizations that computers are unreliable.
Don't get me wrong, Windows is a major contributer to this line of t
Re:Netcraft Confirms It. (Score:2)
Except the "Windows is dying" part. I dont know what planet you're on. That must just be wishful thinking.
Re:Netcraft Confirms It. (Score:2, Informative)
If I'm not mistaken, that particular executable file is probably one of many created by a program called WinPup(WinPup32?). When I used windows I noticed spikes in CPU usage at about five second intervals. I called up the mighty(HA) task manager and took a look at the processes. Randomly named
Do a google on WinPup. It will involve(if I remember correctly) deleting the winpup file from
Re: 40 mothers agree: Cleaning Windows is a PITA (Score:5, Informative)
Tools required:
Process Explorer(procexp) from http://www.sysinternals.com/ [sysinternals.com]
autoruns.exe from the same, or hijackthis.exe from http://www.merijn.org/ [merijn.org]
Any good virus scanner(McAfee's Enterprise scanner is decent. Use a simple scanner if possible, not a scanner/firewall/spam filter/personal servant. It will be generally be faster and simpler.
Ad-Aware from http://www.lavasoft.de/ [lavasoft.de]
LSPFix from http://www.cexx.org/lspfix.htm/ [cexx.org]
Updated Stinger from McAfee http://vil.nai.com/vil/stinger/ [nai.com]
Experience enough to know valid windows processes and files.
Have all of this on a USB drive or CD. Will probably fit on a 64mb drive, unless your virus package is bulky.
Boot to safe mode
Start Task Manager or Proc Explorer and kill anything that doesn't look good, or everything that you know isn't part of windows. You could go to Control Panels:Admin Tools:Services and stop all services first, this will narrow the field.
Run Stinger, just let it scan memory and running apps. Don't wait for it to do a full system scan.
Run Ad-Aware, do the same. Just trying to ditch bad things that are actually running.
If you've gotten this far in 15 minutes, the machine probably isn't in too bad of shape. Dump all temp files, c:\temp, c:\winnt(windows)\temp, c:\documents and settings\username\local settings\temp, c:\documents and settings\username\local settings\temporary internet items
Update virus definitions and do a full scan. Latest SuperDAT from McAfee or Definitions from Symantec or whoever you use, should also be put on the USB drive or CD.
So, virus scan didn't deal with it, or couldn't stop/remove it? This is where it gets tricky and completely manual. This is the point where most people give up, since you really need to know what should be where in Win2k/XP/2k3. I'm really not thinking of 95/98/Me, if those are hosed just wipe it clean and move to XP home for $99-199
Run HiJackthis and look for gremlins. This tool really requires an eye for what is supposed to be there, but pay special attention to startup objects and BHOs(Browser Helper Objects aka evil Internet Explorer plugins)
Add/Remove programs. Go through it with the client. Anything they don't recognize, or know they don't need, ditch. This can be risky, since people forget, but compared to a reinstall . .
Now for the real manual part . .
Run lspfix and check for foreign entries. There are normally 2-4 LSP's present. I usually only do this if there are persistent network failures.
Check Hosts file at c:\winnt(windows)\system32\drivers\etc\hosts There really should only be one entry in here, for 127.0.0.1 localhost. You may have already checked this with hijackthis
Browse to c:\winnt(windows). Sort by date. On a default install, the file modify dates are going to be a long time ago. If you see anything from within the last few months, get suspicious. Ignore log/text files, but don't ignore those without an extension. Do the same for c:\winnt(windows)\system32 This can be a bit trickier, there are way more files in system32 than winnt(windows), but the same rule generally applies. Anything from the last 3-6 months is suspicious.
Do the same for c:\program files Delete any empty folders that your previous uninstall didn't remove. You should have an idea what is supposed to be here, after doing Add/Remove programs, so hack and slash the folders that you don't think belong.
In one of these deleting sprees you are sure to find something bad that won't let itself be deleted, usually a
Re: 40 mothers agree: Cleaning Windows is a PITA (Score:3, Insightful)
Save yourself some of your lifespan dude and do what's the only right thing to do to a compromised machine: reinstall from fresh media.
Re: 40 mothers agree: Cleaning Windows is a PITA (Score:2)
I will have my CD ready for my next family reunion.
Re: 40 mothers agree: Cleaning Windows is a PITA (Score:3, Informative)
Try googling rootkit. *nix has been around ~35
Re:Netcraft Confirms It. (Score:5, Informative)
I am _not_ a professional admin who has a network of machines to maintain or easy access to the machines I fix or the authority to command people to do as I want. I'm "the guy that fixes stuff" for his friends/enemies.
Go 'round every couple of months requesting that everyone send me their machines for updating the OS? Are you out of your mind? Ghost? Are you out of your mind? These are all individual machines, not something cookie-cutter that I could administer in a sane way.
Yes, I would love to standardize all these machines with the same Windows distribution. I would love to partition the drives so that the OS resides on a separate partition from the user data, and yet another partition for the extra installed programs. That would be sane. But that would mean I would have to furnish boxed copies of XP at the retail price myself, to be sold to the "customers" so I can do it up right.
"But I have Windows! Why do I have to buy another?"
Things were so much simpler when PCs came with full OS licenses and a full set of disks. Now, the only choice is to either manually disinfect for HOURS without disturbing too much of the installation, or format and use the "recovery" cd, and the user is fucked for whatever was on the machine if it was never backed up.
It's fucking maddening is what it is.
The day that Microsoft stopped the likes of Dell and HP from furnishing OEM CDs spelled doom for the customer who wanted to have a multiple partition setup. Now if you want that, you need a purchase a full Windows kit that costs 200 bux for XP Home.
--
BMO
Re:Netcraft Confirms It. (Score:2, Insightful)
Sometimes it doesn't even save you money on your machine, but we all know it increases their margins a little bit - which adds up.
I do happen to do professional tech work, and since I also run into the "what package of documentation and CDs?" problem - I jus
Yellow is pretty rare.. (Score:5, Insightful)
In other words.. the alert level tends to stay stubbornly at green unless there is a real issue - the ISC is usually extremely conservative about threat assessments. If they've raised the alert level as a precaution then it's definitely time to take notice.
As for me.. I check the ISC at least once every day to see what emergent threat are out there. There are also a number of tools [sans.org] you can use such as a small Windows app that can help to inform you when the threat level changes.
It's worth having these tools - when Sasser came out I'm pretty sure they saved my backside.. because in that case the short amount of time between the vulnerability being announced and the worm coming out was so short that many organisations hadn't even started patching. Thanks to the ISC we managed to get almost everything secured in a day, so when the inevitable rogue laptop user physically brought a worm infected machine into the office, then we managed to contain the outbreak effectively.
Re:Yellow is pretty rare.. (Score:2)
And Dynamoo, you're spot on. The Handlers do not arbitrarily upgrade to yellow on a whim.
-buf
Re:Yellow is pretty rare.. (Score:5, Funny)
Red alert sould be used at each Windows release.
Re:Yellow is pretty rare.. (Score:5, Informative)
You are correct. We want the infocon to stay at green most of the time and only raise it when necessary. Think about this, if we keep it at yellow all the time, it would eventually lower people's perception of the current threat. Trust me, we do try very hard to only raise it when necessary and appropriately.
Disclaimer: I am one of the ISC guys.
That's not what "disclaimer" means (Score:2)
Re:Yellow is pretty rare.. (Score:2)
Oh, just wait. We've got till December [wikipedia.org].
/me eagerly awaits the coming of the Cursed Wave.
Ahhh i love color codes... (Score:2)
Tom Ridge ever so often goes: "Today's a blue day. No, orange--RED!!!".
Re:Ahhh i love color codes... (Score:2)
How long? (Score:4, Insightful)
On the other hand, it would be bad for obvious reasons. But, IMO, it's only a matter of time. What color will the Infocon be then?
Go to Jail, Go directly to Jail... (Score:2)
It seems that the majority of people in the US and Canada believe that people who advocate terrorism should be jailed.
If they wanted to, that law and your post would be all that it would take.
It's getting scary out there.
Re:How long? (Score:2)
Good spam relay? Zombie? No, but it just might get some people to clue in and patch/etc.
Re:How long? (Score:2)
It's already come and gone. It was called the Chernobyl virus. It was a subtle little app that would attach itself to.. oh.. EVERYTHING. Then, on the anniversary of Chernobyl, it'd blow away your fat table, effectively and instantaneously killing your computer. Kinda neat, though frustrating. It nuked an impressive number of computers.
Frankly, this didn't work for a simple rea
Re:How long? (Score:2)
Re:How long? (Score:2)
Hooray, we're both right.
I'm no grammar Nazi, but (Score:4, Funny)
"Symantec ThreatCon as a part of global DeepSight Threat Management System saying Increased alertness and Internet Security Systems X-Force with Increased vigilance at AlertCon."
What. The. Fuck.
Alert Level Red? (Score:3, Interesting)
color threat codes.. (Score:2)
American paranoia at its best (Score:5, Insightful)
Re:American paranoia at its best (Score:2)
Once more, in English? (Score:2)
WTF is this supposed to mean? Is there anyone in the office who took a grammar course in the last two decades who could translate this?
Re:Once more, in English? (Score:2)
defcon level 0 (Score:2)
Thanks Linus!!
Infocon goes to yellow... (Score:4, Funny)
Re:Infocon goes to yellow... (Score:2)
All Hands To Battlestations... (Score:5, Funny)
Picard: Geordi, can we triangulate the originating source?
Geordi: Yes sir, it's coming from a planetary system 15 light years from our present location. Long range sensors indicate it is...
Picard: Yes, I know... Microsoft...
Picard: All hands, yellow alert. Data, set a course for the source of the transmissions. All hands, to battlestations. Worf, put us to red alert upon enterting the system. We don't want another Code Red Incident. And send out a subspace communication to the Federation, all ships, all systems.. We have engaged Microsoft..
Worf: Yes Captain.
Picard: Data, we did test our monthly Microsoft patches on the first Tuesday of the month, correct.
Data: Negative Captain. Unfortunately, there were exploits in the wild which take advantage of the weaknesses in the Upnp service installed on the ship's computer, and the Federation threat level was raised, so we did not test them.
Picard: Damn Microsoft. Alright, let's be careful. We don't know yet what we're dealing with. Maximum Warp! Engage!
Hey Guys.. (Score:5, Funny)
But what does this mean?
STOP: 0x0000000A (00000595 00000002 00000000 8010da41)
IRQL_NOT_LESS_OR_EQUAL
One less (Score:2)
The only thing better would be to change the security switch on that machine from [I]nsecure to [O]versecure, which will change your machines threat level from blue (panic) to black(get a life). Typically the security switch is found on the back of the computer. Flip it. Go outside, enjoy the day.
the AC
Going to follow my own advice now
Re:Hey Guys.. (Score:2)
kernel: Uhhuh. NMI received for unknown reason 21 on CPU 0.
kernel: Dazed and confused, but trying to continue
kernel: Do you have a strange power saving mode enabled?
These just start showing up in the log, sometimes hours before the system dies. Most of the time, it has nothing to do with power saving, but has long been considered a sign of failing ram.
Nooooooo! (Score:2)
*Jumps out the nearest window*
Re: (Score:2, Funny)
Mostly Business as usual... (Score:4, Informative)
morning newspaper (wakeup + gallon of coffee) along with some others, so for the sake of people who don't grok the need to be aware (but: go read doug adams and don't panic as well!):
Here goes: (sometimes costs me an hour in the morning, but it's worth the effort...).
http://www.dshield.org/ [dshield.org] http://secunia.com/ http://vitalsecurity.org/ http://www.f-secure.com/weblog/ - gossip and just
plain fun (cough) dilbert (cough).
(many others, but i'm tooo lazy on a sunday morning to write em...).
Oh, and be sure to replace the windows task manager with the wonderful (process explorer)
over at the always splendid Mark Russinovich's sysinternals.com (it'll save you when your friends machine gets pwn3d). (hint: it shows tcp/ip connections so you can see if ET is phoning home).
Finally, no list would be complete without a pointer to "comp.risks" (google groups ok?). Laugh. It helps...
cheers all,
Andy.
Too many comic book / bad movie buzzwords.... (Score:5, Insightful)
"Internet Storm Center"
"turn the Infocon to yellow"
"Internet Threat Level meters"
"Symantec ThreatCon"
"DeepSight Threat Management System"
"Internet Security Systems X-Force"
"AlertCon"
Sounds like a bad CIA / X-Men / Matrix rip off movie.
Windows, the final news item to make you smile (Score:3, Funny)
Here on
Yellow Alert? (Score:2, Insightful)
Doesn't every ISP already have the typical windows ports blocked already?
I mean, in every one of my routers I block 135-139,445 TCP/UDP. (Yes, I know, there's one or two that aren't windows specific, but its easier on the FW rules considering its exceedingly rare for any legitimate traffic to go over the 'net on 'em)
Maybe the yellow alert is warrented, but imo its jumping the gun. And to those network admins who haven't gotten the hint yet and blocked those ports, DO IT NOW! Thanks. Oh, and while we're at i
Sometimes... (Score:5, Interesting)
Of course, people would probably build bridges between the two networks, and the bridges could probably be exploited by worms...but the vulnerabilities would probably be on the Microsoft side for the most part, meaning that worms could travel from the Internet to the Microsoft network, but hardly the other way around.
Ah, how pleasant dreams can be...
EULA (Score:2, Insightful)
Must read carefully (Score:3, Funny)
Did anyone besides me originally read that as the global DeepShit Threat Management System?
I think I like it better that way.
There is at least one worm active out there. (Score:3, Interesting)
A large client was affected last night because of it. And they patched almost all servers this week, but how can you keep patching up with thousands of workstations, including home users accessing through vpn?
Tightening more is not an easy option as people want to do all what Microsoft promises them. When security teams (or just plain support) insist on patching they are labeled as annoying dorks, and when a worm/virus hits because of lame users not patching... just plain dorks!
Sometimes I wish I liked painting instead of computers.
Re:The waiting game? (Score:3, Funny)
Re:The waiting game? (Score:4, Informative)
Re:And it doesn't help that many legit Windows use (Score:3, Informative)
Re:And it doesn't help that many legit Windows use (Score:2)
Re:This just in... (Score:3, Insightful)
So ok, let's use that number, just for shits and giggles. If popularity of OS == abundance of malware, let's do some math.
Depending on who you ask, there are between 60 and 70 THOUSAND Windows viruses, trojans, etc.
I'll use the low number, just so nobody can accuse me of bias.
5 percent of 60,000 is 3,000.
Where are the THREE THOUSAND viruses that should be out
Re:This just in... (Score:3, Insightful)
Re:Sensationalism... (Score:2)