Sasser or system?
p2pnet.net News:- The Toledo Blade’s Michael Woods is one of the victims of the Sasser e-worm attack.
But at first, he thought he was undergoing a systems failure.
In a column here, he says, “The scene: After a few minutes of running, the computer displays an error message, ‘:/WINNNT/system 32 lsass.exe terminated unexpectedly with status code 128.’ It includes a 60-second countdown clock that turns the computer off and back on. After rebooting, the computer runs for a few minutes, flashes the same error message, and reboots itself in the same way.”
However, he trolled the Net and discovered he’d become yet another Microsoft Windows user to be bitten by the Sasser worm.
Woods eventually ended up on Microsoft’s What You Should Know About the Sasser Worm where one learns, “Microsoft teams have confirmed that the Sasser worm (W32.Sasser.A and its variants) is currently circulating on the Internet. Microsoft has verified that the worm exploits the Local Security Authority Subsystem Service (LSASS) issue that was addressed by the security update released on April 13 in conjunction with Microsoft Security Bulletin MS04-011.”
Good on ya, Microsoft.
“Microsoft’s site also offers a reminder that none of this would have happened if I had downloaded their security patch issued in April,” says Woods, going on:
“None of this would have happened, either, if Microsoft sold secure software.”
Meanwhile, an 18-year-old high school student says he created the Sasser e-worm “Police in Lower Saxony state arrested the youth Friday after a search of his parents’ home”.
And back at the ranch-house where Longhorn is corralled, the Microsoft teams are hard at work.
At the begining of the year Microsoft said it was working on security technologies for the upcoming Longhorn release of Windows, “that will protect users against security threats by monitoring system and network behavior as well as the security patches that Microsoft has issued,” says an IDG News story here.
“The new technologies will allow Windows to detect irregular system behavior – in terms of network traffic, memory usage or system calls, for example – and respond to them automatically, Microsoft Chairman and Chief Software Architect Bill Gates said.
“The result of the development effort, which Microsoft refers to as ‘active protection technologies,’ should protect systems from worms and viruses by preventing and containing attacks, according to the company.”
Back to Woods, “Wait a minute,” he concludes in his column.
“Long ago I configured this computer to automatically download and install those security patches and updates.
“Let’s check. Click on the Start Button. In the new menu click on Settings, Control Panel, and Automatic Updates.
“Automatic Updates is disabled. That’s odd, because I am the only user of this computer, which is password protected.
I click ‘Enable,’ select automatic downloads and installations, and click Apply and OK. I checked again next day …
… and the feature again was disabled.”
May 9th, 2004 at 4:37 pm
Doesn’t surprise me
May 9th, 2004 at 5:07 pm
Isn’t this A Typical for todays Society….
Everybody blames someone else…If those “Criers” had spent a bit of time being prudent instead of being lethargic and lazy…then we wouldnt have seen this story…
willy
May 9th, 2004 at 7:57 pm
It is obvious that this jentlemen is not very familiar with Windows operating system and blaims Microsoft for the fact that his Automatic Protection service gets disabled every time.
I wander when he checked his system for viruses and took a look at how many non Microsoft programs are starting when he boots up his system.
There are millions of computers running Windows with Automatic Updates service turned on, and believe me, it DOES NOT GETS DISABLED ON IT’s OWN.
I advice the autor of this article to check his computer for viruses and stop blaming Microsoft for not being able to prevent users’ faults.
It is the same to blame cars manufecturers for not being able to prevent traffic accidents.
May 9th, 2004 at 7:57 pm
It is obvious that this jentlemen is not very familiar with Windows operating system and blaims Microsoft for the fact that his Automatic Protection service gets disabled every time.
I wander when he checked his system for viruses and took a look at how many non Microsoft programs are starting when he boots up his system.
There are millions of computers running Windows with Automatic Updates service turned on, and believe me, it DOES NOT GETS DISABLED ON IT’s OWN.
I advice the autor of this article to check his computer for viruses and stop blaming Microsoft for not being able to prevent users’ faults.
It is the same to blame cars manufecturers for not being able to prevent traffic accidents.
May 9th, 2004 at 8:11 pm
Ha ha!
Seems you poor windoze users came such a long way to take these things as granted! I mean, that viruses exist and one has to deal with them (read accept them).
Wake up! This is not the way it should be. Fact is that ms-software is a crappy, bloated, difficult to manage piece of sheet. The world would have been a very different place if IBM had choosen another software company for their IBM-PC back in 1984.
Unless you won’t “think different” and switch to a Mac or a Linux, you’ll probably have to fight with updates and new installs. Oh well…
May 9th, 2004 at 8:34 pm
Microsoft: 60,000 viruses & worms
Linux: 40 viruses & worms
You do the math.
May 9th, 2004 at 8:56 pm
Oh, puhleez. There are far more users of MS Windows, what operating system do you think crackers are going to write hostile code for? What self respecting jerk would get his/her thrill from creating the next Linux worm?? The proportion of useful (usable) software is probably the same.
There is no such thing as “Secure” software, as we’ve been told over and over by security experts. The only possibility is to attempt to stay ahead of the game. This user clearly doesn’t know how to use Windows, so I’m certain he’ll find himself in the same predicament again. I seriously doubt he’d have the skills necessary to set up and use a Linux system.
May 9th, 2004 at 9:00 pm
If this guy’s computer is on a network administered by someone else, he can’t just enable automatic protection, and most system admins won’t allow users to do so.
May 9th, 2004 at 9:03 pm
Shoot the little son of a bitch
May 9th, 2004 at 9:06 pm
I always get a kick out of people who blame Gates for their pc woes.. It up to each individual to check for updates often. If u are worried about sercurity all the time, sell your pc.. I have never had a problem with these worms.. it is only common sense to have a firewall…
… and I laff at all these people, harpin on Gates, who themselves are running pirated copys of windows.. lolol… if security is an issue with u, go do a puzzle or fly a kite.. then again, u could get hit by a meteorite outside.. muah
«ÃhäötïäLüñätïû
aka
Zo|Tro Enterpris3®
May 9th, 2004 at 9:07 pm
..”… and the feature again was disabled.”
..bug?
..or, _really_ a feature?
..ever _read_ the licenses you clicked “Ok” to accept?
..Microsoft even spent 5 mill on a reward plot?
..you might even wanna compare it to that “viral” license the Chairman spent 86 to 105 mill in 2003 in just one plot, to try defeat:
http://www.gnu.org/licenses/gpl.html
http://www.gnu.org/philosophy/selling.html
http://www.gnu.org/licenses/gpl-faq.html
http://www.gnu.org/philosophy/linux-gnu-freedom.html
..rolling up that plot: http://groklaw.net/
May 9th, 2004 at 9:19 pm
I’m not a security expert, but this links to a pretty convincing argument (by someone who is), that the vulnerability of microsoft products lies not in some intrinsic flaw, but in that they are so commmonly found. Worms, viruses, trojans, etc. are platform specific so because MS products are the most commonly used, they provide the juiciest targets, get hit the most and also spead the fastest.
Read Larry Seltzer’s article “Could a Worm on Mac or Linux Ever Get Traction?”
here: http://www.eweek.com/article2/0,1759,1586637,00.asp
May 9th, 2004 at 9:20 pm
Yes, but car companies can do a lot to prevent car crash’s and fatalities therein. Sasser wouldn’t have been albe to spread if not for poor security practices by Microsoft, mainly having open ports by default. In general Windows XP machines are designed with LAN free of worms in mind… this has become a fantasy.
And, why doesn’t Microsoft include a virus scanner with the OS? It is a necesity. Its like building a car without seat belts.
I’m hopefully about the next version of Windows, hopefully it won’t be so easy to write worms for/have so many exploits.
May 9th, 2004 at 9:30 pm
Microsoft: 90.000.000 machines
Linux: 50.000 machines
Who wants to break into the slum tenements?
May 9th, 2004 at 9:32 pm
It would be very difficult to write a Linux worm even if every computer ran Linux. Because Linux is a more diverse OS in general… what servers are running, what ports are on by default depends on where you get Linux from. So worms exploiting a given application will have a harder time spreading, since less people will run it. And most distributions have no ports open at all by default, often by having a firewall automatically running.
And history has shown that even if there is a wide spread *nix application, worms aren’t created. Apache (which runs on a variety of OS’s and most of the worlds websites) has a good security record, and I’m 99% sure hasn’t been the target of a widespread worm.
Additionally, it’s harder to write virus’s for Linux, since users don’t run as root (administrator) by default, unlike Windows XP Home. To play games in Windows you often have to be administrator, unlike Linux even with commercial games. The fact that it works this way shows how un-security concious Microsoft is. There are ways you could make having a restricted normal user and a super user easy to use, in regard to installing software and what not. But Microsoft decided not to give the effort.
Though it’s really a silly agrument. If you were working IT and had to decide which OS was most secure, you would pick Linux or one of the BSDs over Windows. The fact that *nix is less widespread is one reason why, true. But for folks making these decisions “oh, but its so widespread, its not really Windows’s fault”, is no defense at all.
May 9th, 2004 at 9:42 pm
Sasser exploits a port open on most Windows machines by default, even though (especially for home or dorm users) its not something that needs to be on. This is clearly Microsofts fault.
Macintosh has similar issues. Both still live in the 80s (though perhaps MS is waking up), when the internet for personal computer didn’t exist and security wasn’t a concern.
The article ignores that some environments are dominated by one alternative OS or another. Yet, no major worms for anything but Microsoft products. As he concludes “But for the present, it’s hard to argue with history.”
May 9th, 2004 at 9:45 pm
Given how close the release of the update was to start of the worm spreading, this is the first worm that I can’t really see any blame in the users at all. Seems like if you update once every few weeks, it should be enough. Apparently not.
May 9th, 2004 at 9:50 pm
where in the hell are these numbers coming from? both seem low. There are 165.75 million internet users in the US alone (according to the CIA). Obviously that doesn’t equal 165.75 million computers, but still.
May 9th, 2004 at 9:51 pm
Automatic Updates? You will not be able to choose which updates you want, some of which may disable features you may use.
Also, some patches may not work as designed and leave your computer disabled. If you apply all the patches at once, how will you know which one broke you computer?
May 9th, 2004 at 9:52 pm
as far as I’m concerned, too bad. we can’t let people be irresponsible and have choose to have un-updated computers.
May 9th, 2004 at 10:03 pm
If you used linux or mac, like a good boy, you wouldn’t have these problems.
May 10th, 2004 at 1:35 am
“Seems like if you update once every few weeks, it should be enough. Apparently not.”
Definitely not. And all people everywhere, without exception, who think that “once every few weeks” should be any kind of a standard at all *deserve* to have viruses and to have their data destroyed. You just can’t be *that dumb* and expect to enjoy a secure computing experience. Threats have to be acknowledged and defended against *as they present themselves*, not on a schedule. And that, of course, should be obvious. And to those to whom it isn’t, one should not have sympathy.
May 10th, 2004 at 8:45 am
On 19 Jan, 2038 03:14 an Anonymous Coward wrote:
“Macintosh has similar issues. Both still live in the 80s (though perhaps MS is waking up)”
It seems +you+ live in the 80s. The MacOS X is now standard on all Macs delivered since 2001. And figure out, MacOS X is based on Unix BSD, one of the most secure OS’s on the planet.
There is another issue I want to address: it seems there is a common misconception out there that if an OS is not widespread, there will be no virsuses/worms written for them. That’s IMO not true: as someone here already pointed out, Apache is the software used by over 60% of the web servers on the Internet: that makes a nice majority. No major problems have been yet reported!
And there is another fact that disturbs me: people keep telling us that the problems occur solely because “ports are left open” on MS software. This is not the issue: a simple open port cannot cause that much trouble. The real problem was the standard buffer overrun (read “sloppy programming”) that nowadays plagues so much of the MS software. Vulnerability description:
“A buffer overrun vulnerability exists in LSASS that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take complete control of the affected system.”
So please shut up an stop pretending this is normal. Security is an issue that must be built from ground up in a system. Unfortunately, MS-Windows is not one of them. But such sistems exist, just look at the venerable, 30 years+ old Unix based OSes: MacOS X and Linux are living examples. As such, even in the (unfortunately unlikely) alternative that in 2 years Linux + Macs will make 90% of the OSes out there, there will be not many more succesful attacks on those machines as there are today.
May 10th, 2004 at 3:33 pm
It’s “Windows”, dude.
May 10th, 2004 at 10:25 pm
It reminds me of the old joke that desciribes how a car would perform if it were built by Microsoft… You could not avoid crashes…
May 10th, 2004 at 10:28 pm
“It’s “Windows”, dude.”
Either that is really funny or you are a ‘tard.
Made me laugh…