Windows Virus Takes Out Gov't Agencies in MD, PA 984
Zolzar writes "Looks like the Md. State Motor Vehicles Administration is the first government agency reporting a failure of their systems due to the recent virus." This is a more specific story about the outage. And the city of Philadelphia has suffered as well.
Yes (Score:1, Interesting)
I don't pity them (Score:1, Interesting)
3M Plant Shut Down (Score:1, Interesting)
It's allways so much fuzz (Score:2, Interesting)
And I guess that eveyone that have some firewalls and uses common sense allways survive these attacks. At my companys network we use Win 98 instead, so we were able to escape this worm. Actually it looks like all the new exploit are on these new Win2000 and XP versions, so to me Win 98 or Win Me looks like a much better choice in the security area.
Comment removed (Score:3, Interesting)
What make Windows 2003 so secure? (Score:5, Interesting)
PS: Please don't mod me for flaming, I'm really wondering what inner changes there are, other than the ones above that give the impression of security.
EA Vancouver went down ... (Score:2, Interesting)
the enemy of my enemy is my friend etc... (Score:1, Interesting)
Re:A good arguement for... (Score:5, Interesting)
Yeah, but it's not like the Department of Homeland Security put out a notice telling people they should install the patch. Oh wait, yes they did [dhs.gov]. Maybe that's why a group of us worked late on Friday 8/1 making sure the patch was installed on all of our servers and workstations.
Re:What make Windows 2003 so secure? (Score:5, Interesting)
By the way I can make win 2003 server crash in minutes if I am allowed to be a user on it. Shame, its not that much better, but leaving ports closed is a good idea, and a long idea comming.
Re:What make Windows 2003 so secure? (Score:3, Interesting)
It is also the first version of Windows that had teams of programmers whose sole purpose is to audit code and check it for security problems. Sweeps for coding patterns that lend themselves to exploitable bugs were done. Utilities were written to help flag suspicious bits of code. And so on
Re:Yes (Score:3, Interesting)
OK, so maybe not, but I hope you get my point.
What I found interesting in the article was that now, apparently, only Windows machines are connected to the internet: "Millions of unprotected personal computers remain vulnerable to the worm, which can infect any machine connected to the Internet, experts said Tuesday".
Who are these experts saying this, or is it just another case of a reporter getting it wrong?
Re:We Got Hit (Score:5, Interesting)
I remember the Klez virus kept infecting our system. I put antivirus on all the machines and wiped and cleaned them several times. Still my boss had his computer go down several times and started to suggest I was incompetent.
Turns out he got a fake email on his AOL account with the virus attached from a potential client who he has been trying to sell to for a long time. He loaded the virus from his laptop and ignored and disabled the antivirus warnings desperately trying to see what this guy was sending him. For those that don't know, Klez emails itself to any email addresses it can find.
Problem finally solved. I was not mention this matter to anyone else. Yeah Right.
Re: Monoculture (Score:3, Interesting)
> I'm all for Microsoft making the DEFAULT behaviour to be to download and install the patches without updating.
In principle, yes, but...
a) Would Microsoft (or any other company) be willing to accept the legal liability?
b) How long until someone highjacks that very mechanism as a way of spreading grief?
The funniest part (IMHO) is... (Score:2, Interesting)
I look at the never ending laziness of network support as continuing to supply me with the opportunities to secure my employment. Also, the thank you email from the prez really gave me a chubby.
Re: When are people going to wake up? (Score:5, Interesting)
> My wife's entire 1500 plus employee company was instructed today to not turn on their computers until IT came around to look at them.
Where I work they just kicked everyone with an exposed system off the network as soon as the DoHS warning came out 2-3 weeks ago, and let them back on the network when they could demonstrate that their system was fixed.
Call it "opt-in security", if you will.
Re:I don't pity them (Score:5, Interesting)
Re:Thanks for nothing. (Score:3, Interesting)
So bullshit to your post.
Re:Yes (Score:5, Interesting)
Re:Yes (Score:5, Interesting)
The idea that scares me is a slowly spreading virus - hiding as well as it can, and remaining on systems for months or years.
I had a full description of a possible payload, and the effects it could have, but I thought better and deleted it.
All I will say, is that a virus that targeted not the computers, but the business processes of the company that uses them could do some major damage.
Re:Yes (Score:5, Interesting)
Hey when I was a contractor I walked in, did what they asked me to do, then went on to the next job site. I didn't go around asking if they had seperate LANs for sensitive equipment because...well...I was paid salary and wanted to go home after my 10 hr day. I'm sure the current contractors feel the same way.
Being a local sysadmin/network admin is different. It's your baby, you get the call at 3am when things go bad, you make sure that doesn't happen. Too bad employers don't see that and I bet you this one still doesn't see it that way.
More info (Score:4, Interesting)
If the worm we got autostarts anything, it uses one of the sneakier methods. I didn't check the ini files, but I did check out both run and both runonce keys and there was nothing unexpected in any of them. File sizes and dates on the files that were there matched a clean system (although that's not a guarantee, I didn't run checksums). The damage to explorer, IE, and Word did survive a reboot, however, so it modifies something on the system. We had the system up for the better part of an hour on the network, watching ethereal on the switch's mirror port, and didn't see any strange traffic, so I don't know what triggers it's spread. The dial-in client that was one of the original vectors had been connected for something like 8 hours when it started scanning, and we are it's internet access so it couldn't have been (easily) infected from outside today without us seeing it (we were monitoring after central's exchange server went boom), so I strongly suspect it's got a timer or trigger to start scanning. (Maybe idle time? It started roughly half an hour after they closed for the night, hence us kicking them off and revoking their dial-in privliges instead of just calling them.) I didn't catch any actual infections in the packet dumps, only scans after the vulnerable machines had already been hit, so I don't have a network dump, but I'll hook an infected machine to the test network in the morning and try to get one. If I can talk the manager into leaving me alone for long enough I'll try to get it to infect a dummy machine I've imaged and see exactly what changes it makes. Anyways, good luck to anyone still playing with these things.
Provincial Government of Ontario hit hard too (Score:2, Interesting)
I thought it was interesting that a member of the Justice system in Ontario was complaining that 'Microsoft is not providing the proper tools to properly manage an enterprise with 1000 servers spread throughout the province and ensure that patches and service packs are kept up to date. The cost of maintaining these manually is too high'
To which I asked 'How much is it costing you to scramble and fix this problem now?'
Enterprises either need to bear the cost of a 3rd party tool to maintain patches through the enterprise or find the money and resources to keep things up to date properly on an ongoing basis. Otherwise, they will find it costs 2-3 times that amount of money to respond to patching and cleaning large pools of servers in this type of worm situation.
new comp infected within 3 minutes of first boot (Score:2, Interesting)
Public perception and customer feedback (Score:4, Interesting)
I was at the gym for the 3pm NZST news today, and Microsoft took a hammering. Only Microsoft Systems are affected... MSFT this, MSFT that - I'd like to see what Microsoft New Bliss-Land [microsoft.com] do to spin this.
I've just checked their NZ home page [microsoft.com] and they are soliciting for feedback on customer feelings towards MSFT today, and have some obvious customer advice in big, bright colours. Microsoft US [microsoft.com] doesn't seem to care in comparision.
The feedback form has three cute faces with various different states from happy to angry on them. Perhaps you may want to give them some feedback to ;)
Re:new comp infected within 3 minutes of first boo (Score:2, Interesting)
because it would cost them (PC manufacturers) lots of money to stop shipment on all those systems and reimage them all over again. they would be glad to toss a CD in the box if they kept track of which hard drives were in which systems, but they don't. honestly, just make your own damn cd. it will work until the next service pack is released, and then you'll have a brand new office frisbie to play with. you can't lose!
Speaking of Money (Score:5, Interesting)
Has anyone compiled a list to see something like how much M$ has cost the world due to insecure software?
I would guess it's a couple billion dollars by now. Why does no one care?
Windows Update and regular users (Score:2, Interesting)
I'm convinced that most regular users do not "get" what Windows Update is for, and see no tangible benefit to using it until/unless their system crashes. It's a bit like backing up the hard drive -- most people won't do it until a bad experience convinces them it's worthwhile. (This goes double for dial-up Internet users, who have to babysit giant downloads, and may have to start from scratch if they get disconnected.)
I think Microsoft needs to add some kind of positive reinforcement and explanation of the value of the Windows Update service. Even a big splash screen at the end of each update that says "Your computer is more secure!" would be an improvement.
In my experience, Windows Update works pretty well in Windows XP. Updates can be set to download and install automatically, or download then notify, or simply notify when updates are available. The system works.
By my very unscientific reckoning, however -- based on the visitor logs on my Web site -- the latest Windows (XP) accounts for just 50% - 60% of current Windows users. 20% are still running Windows 98 (and 20% are running Windows 2000).
Why does that matter? Remember that Windows Update in Win98 was not automatic. In fact, it often completely failed to work!
Many of today's users had at least one bad experience with Windows Update before Microsoft got the bugs out. (You might recall that the Win98 version had several "known issues" including the infamous "freezes at 0%" problem that completely prevented users from accessing the update system.
Microsoft also alienated some users in the early days of Windows Update by marking unnecessary (even unwanted) system software as "Critical Updates." If I remember correctly, version 1.0 of buggy and bloated Internet Explorer 6 was installed as a "Critical Update" to IE5.
In short, Windows 98 users who tried Windows Update learned these lessons:
- Windows Update doesn't work very well (or at all)
- the updates do not appear to make any difference
- Microsoft uses this system to force unwanted software on me
It's no wonder many Windows users don't bother to fire up Windows Update. And as long as some Windows users are apathetic (or actually hostile) towards the update system, EVERY Windows user is vulnerable.
(A brief digression: users who have dial-up Internet accounts are less likely to use Windows Update than broadband users. They would need to see some major tangible benefit to keeping their systems up-to-date. Big downloads are relatively painless with broadband, but they're a major hassle for dial-up users -- especially to anyone who pays by the minute to be connected.)
Anyway.
It's clear that automatic updates are the way to go. Microsoft could easily fix the whole problem by issuing free software to make "Critical Update" downloads automatic in older versions of Windows. That would eliminate a major reason for upgrading to XP (i.e. because Win98 is insecure by default), but it would benefit ALL Windows users.
But there's the rub: this would eliminate a major reason (perhaps THE major reason) to move from Win98 to WinXP.
I spent more than an hour on the phone today with a friend whose Windows XP system was infected by the Blaster worm. She thought she was safe -- she has anti-virus software, she updates her virus definitions daily, and she thought she was using Windows Update regularly. (She was wrong, as it turns out -- Windows wasn't up-to-date, although she swears she said yes to automatic updates sometime last week.)
If a bright, conscientious, well-meaning user can get burned by this system, there's something wrong.
Solutions? I think "Critical Updates" should be mandatory for all Windows users. If people refuse to update the updated system software, Windows would shut down after a reasons period of time -- say 30 days -- until the user agrees to get the Critical Update.
Another idea: write and distribute th
Re:Yes (Score:5, Interesting)
Back in the day, I was called to a hospital in the middle of nowhere that stored everything (patient records, accounting, etc) on a single IBM AIX box.
Someone who was supposed to be an admin blasted the
The last backup had been made approximately 3 years before and the system had been upgraded several times. Nobody knew what version the system was actually on, and the one contractor who did was climbing a mountain somewhere. (This is happening at 2AM saturday) It was also in "Trusted" mode.
To make a long story short, we eventually got in and got everything up on Sunday night.
Lesson #5675: Never underestimate the incompetence of hostpital IT staff. (Particularly small hospitals).
Re:The patch isn't that great to begin with (Score:2, Interesting)
And this does not only affect this patch, but if you had installed SP4 the same thing happens. Its like my PDF files getting flucked because I got the new DirectX 9.0b.
Hmm.. patch and can't work. Don't patch and can't work. Crap.
And yeah, I just made a midnite run to a client site because mail/website/firewall were not responding. My OpenBSD firewall was tighter than a dolphins' ass. It was the whole damn Internet rebooting. ISP went up in flames.
Re:Speaking of Money (Score:1, Interesting)
See
http://www.americanactionmarket.org/concep
--rgb
Re:Our system (Score:3, Interesting)
Our lab is XP-only, and it's very up to date on all security patches, with ONE exception, the machine I was using for the floppy recovery. That one is running Windows98, and I know for a fact it's not patched.
I'll look into it tomorrow, to see what's going on.
Re:Thanks, Microsoft! (Score:2, Interesting)
It's trouble enough for retailers to sell both Mac and PC games. Do you really think shrinkwrapped boxes are going to contain the seven CDs necessary to have the app run on 15 seperate OSes?
Yeah, everything will be distributed as source code. Uh-huh. People will like that.
Ermm.. no (Score:3, Interesting)
Uhhh.. no. This is a side effect of a homogenized world. It's no different than growing a forest of cloned trees, or a race of cloned people. Because they are all identical, they all suffer the same weaknesses. As a result an infestation that would ordinarily kill hundreds instead ends up killing off the whole forest - or an entire race.
If everyone had macs (or linux) virus writers would be targeting macs or linux. The problem isn't just windows: it's that a single OS - a single "species" - is far too pervasive.
Re:I don't pity them (Score:3, Interesting)
As soon as you play the "blame game" you have already lost, and you know it.
The virus writers win because they get the attention they wanted, Microsoft wins because they saved billions by releasing quick-n-dirty designed software early.
Re:Our system (Score:4, Interesting)
Hopefully someone will find out what this new virus is and create a removal tool for it, however I think this one might be pretty nasty, it completely hosed word/outlook and norton av on one system and trashed the windows installer service on another causing office and norton av to think they weren't installed, and making it impossible to reinstall them.
We also did not see it scanning, and it seemed to be infecting slowly (the client has 30+ machines all win2k, and after 8 hours only 3 had been infected, those 3 were pulled from the net then but they had many hours to infect the rest of the hosts on the network and didn't).
Any info on this new strain would be greatly appreciated.
Re:Speaking of Money (Score:3, Interesting)
Not that MS are the only providers of this software, but you have to balance what inconveniences they cause against the benefits they have given.
This much damage from half a worm (Score:5, Interesting)
It's not a new problem. Nor is any amount of wishful thinking is going to fix the problem, Microsoft's products just aren't engineered for security [infoworld.com]. It's a problem that would take years to fix. Bill Gates himself made allusions to the U.S. Apollo space program of the 1960's which was $25 billion over 10 years. However, for the time being, the security issue is treated like a PR problem and the customers are taking the lumps.
A this point the problem is sociological or psychological. Like any other cult, Microsoft provides a sense of purpose and belonging to it supporters. Note that neither a technical background nor even an analytical way of thinking is a prerequisite, thus fulfilling even the unconditional acceptance aspect of a cult.
As much as IT staff and, especially IT manangers, admire the personal wealth of Bill Gates, they just need to be able to let go of Windows and move on.
Move on, either to Macintosh or Linux or QNX or BSD or Novell there are many choice. There will be some up front costs, but even without the viruses and worms these upfront costs will be offset by the number of maintenance hours saved.
Re:Thanks, Microsoft! (Score:2, Interesting)
This is why Microsoft's trusted computing has the potential to do exactly what you suggest. If a no-brainer user reads Microsoft PR nonsense about how safe their computer will be with Palladium, they'll buy it, without considering the fact that Microsoft are also the people who've been leaving holes in their systems for years.
Re:Yes (Score:4, Interesting)
MEDICAL DATA CAPTURE STUFF NEEDS TO BE VALIDATED AGAINST FDA REQUIREMENTS. THIS IS *HARD* AND YOU DON'T GET IT BY ACCIDENT.
Ask anyone who's worked on a validated or 21CFR11-compliant system.
I can't breathe on our systems without exhaustive revalidation procedures and that's the way it should be.
It's very easy to poke fun at sectors you have no experience of, but rest assured all the checks and balances you think should be there, ARE. And then some.
Re:A good arguement for... (Score:2, Interesting)
These were not the only gov't offices (Score:2, Interesting)
The problem: Lazy Sysops - and *nix is worse! (Score:4, Interesting)
I regularly do security audits of all kinds of systems. When I walk in to a microsoft shop I can immediately tell how it goes. If the sysop says "I don't trust the patches, I test them, but they're not deployed unless there's a REAL problem" It won't go well, those guys usually don't update virus files either. On the other hand if the sysop is using patch management practices he can often go out in real time and check the current status of a server, workstation, and active version of the virus definition file in realtime (they usually have good WRITTEN policies on unauthorized (untested) soft/hardware with sanctioned backup). I haven't found malware in any of the latter cases.
I've yet to find a good *.nix shop. They often have good processes and procedures that SHOULD avoid problems, but the truth is it's easier to sign a piece of paper that says sourcecode was patched and applied than to actually do it. Things look great on paper. Check the source or decompile sendmail (one of my favorite targets) and it's another story. I'm still finding the same hole T.Morris used years ago on active servers. The excuse is always the same, "that was the way it came, shouldn't that have been fixed in the distro by now?" (i.e. too lazy to look, just signed the paper). Many don't even check SANS or CERT regularly. At least windows will notify you when critical updates are available, and all you have to do to apply it is run the
"I'm unaware of the [Microsoft] patch being available," said David Hugel, the deputy chief administrator of the MVA. "I've talked to our IT people and we weekly update the virus protection we do have, and this just happened to fall between those points when we had updated it and we didn't have the [new] update available yet."
(How did this guy get his position or experience? Even "end-users" successfully use critical update with relatively NO technical experience or fiscal responsibility.)
Any sysadmin that can't keep a system patched, or falsifies patch records should be punished up to and including dismissal as far as I'm concerned.
Incidently, just so you know my audit document is the CERT advisories on securing systems. If you want a great basic book try OReillys "Practical Unix and Internet Security"
Has anyone figured out yet that as far as I'm concerned the problem is NOT theoretical design differences in OSs as much as the incompetance of the people running them?
Re:Speaking of Money (Score:3, Interesting)
If 95% of the desktops and servers were Linux-based, I really do believe you'd see more Linux security flaws exposed and taken advantage of. (No, I don't think Linux is nearly as "slapped together" as most MS code. No, I don't think it's going to be as "insecure". But yes, I do think it currently benefits from far fewer hackers having an interest in discovering and exploiting flaws in it.)
Also, I'm not really certain how many of Microsoft's security issues are due to recently-created portions of their code, as opposed to flaws in older code that finally got fixed? Quite a few of the security patches deal with code that's at least 3+ years old. (Anything for Windows '98, for example.) Once the bad code was developed and put out there, the only options are to ignore it, or release update patches. To Microsoft's credit, they are actively patching things.
If this rate of security flaw finding continues with the current code they're releasing, then folks *do* have a right to complain, long and loud, that MS has *NOT* made good on their promises to take security more seriously. Right now, I think maybe it's still too early to tell if that's the case or not? All I can say is "Here's hoping they keep up those patches, to iron out the old/buggy stuff."
Re:Speaking of Money (Score:3, Interesting)
Citing Microsoft for gained productivity is fallacious. CPU/RAM/Disk speed and capacity increases should be given more credit, as word processing and spreadsheets have not improved dramatically in well over a decade.
Even in the late 1980's my Commodore 64 with GEOS and a Okidata printer did very good word processing. Microsoft has done nothing other than genius marketing and spinning information until most people can't think of anything but their products.
When will people realize that Microsoft's main business is not even technology?