Merged: W32 Blaster Virus

[hawkmoon]

Quote:

Originally posted by Steve_NTL
Everyone should get on to Microsoft.. Say they've lost loadsa dead important stuff.. Might get some freebies, Infact im going to ring them now :p

Wouldn't think so - MS released a patch for this vunerability around 28th July. If people haven't patched the system then that is not MS's fault.

My system is now patched.
After declaring ages ago that I wouldnt run a firewall I have recently installed one......30 mins ago
Norton internet security (got it with Mainboard) had 22 attempted hacks so far and one "default block sokets de trois v1. Trojan")
Maybe I was wrong and I should be running a firewall all the time.

[hawkmoon]

Quote:

Originally posted by Roger K
I still can't believe that they haven't fired some senior people in that company.
They charge like £200 for a copy of Windows and make the worst OS known to man.
I've lost count of the number of large-scale exploits M$ systems have had in the last year.

What a load of BS.

...and they complain that people hate them and that Open Source is their biggest threat...damn right it is.

The main reason you tend to see more MS exploits is because hackers / script kiddies, etc target this OS more. This is because it is mainstream.

Linux has some pretty major exploits as well (don't believe the hype that it is secure, etc). After installing Mandrake and running their update utility there were at least 50Mb of security updates avail. Do a search on Google for Linux exploits - for those who are too lazt take a look here http://www.linuxsecurity.com/advisories/

Should Linux become the mainstream home user OS then the number of serious exploits / viruses / trojans will explode.

Secondly a fix for this exploit has been out for some time.

[Ramrod]

This may be of some use to people.
....click on the buttons marked common ports, file sharing, all service ports etc........

[Richard M]

Quote:

Originally posted by hawkmoon
The main reason you tend to see more MS exploits is because hackers / script kiddies, etc target this OS more. This is because it is mainstream.

Very true but it is also easier to "crack".
As you will know, it is much harder to compromise a Linux machine because of the different way processes are run in the environment.

[DeadKenny]

Quote:

Originally posted by Roger K
Very true but it is also easier to "crack".
As you will know, it is much harder to compromise a Linux machine because of the different way processes are run in the environment.

All it requires is an unpatched server (web, ftp, telnet, etc), a buffer overflow and privallige elevation to root and they're in. They can cause as much damage as they want.

Don't kid yourselfs that linux is secure. It's not. Just that few people have "got it in" for linux.

I use linux, unix and windows systems, and no matter what I always look out for the latest patches. I'd be a fool to just sit there with a smug "ah, I'm okay I use linux" attitude. Of all things I concentrate very carefully on Apache patches as that's the one thing exposed to the outside world on my system.

And has everyone ensured they've got the ICMP patch for their linux based routers? Very few people know about that one and many assume a dedicated linux router/firewall is rock solid and never needs patching, yet this will open their entire network up.

[DeadKenny]

Quote:

Originally posted by BenH
There is no 64_bit version of XP, just some extended libs that allow it to be run on an Itanium or Opteron processor. Currently the only real 64_bit OS is any one of the unicies, including Linux.

Other than...

Windows Server 2003 Enterprise 64bit edition (note that it replaces the old 'limited' edition which might be the library version you mention, see here)
Windows XP 2003 64bit edition



In fact many unix systems are actually 32bit with 64bit libraries unless you explicitly install the 64bit kernels (just take a look at 64bit AIX). The 64bit kernels often cause major headaches, so most run with 32bit kernels and just run 64bit apps on the system. Not really a true 64bit OS.

XP 64bit and 2003 Server 64bit use 64bit kernels/subsystem and the Win64 API from the ground up AFAIK. 32bit apps run with WOW32 which is a subsystem to run 32bit (Win32) under 64bit (a bit like the old WOW used to run 16bit on 32bit NT, but nothing like Win9x which was 16bit DOS hacked to run 32bit on top of it and Windows on top of that ).

[hawkmoon]

Quote:

Originally posted by DeadKenny
All it requires is an unpatched server (web, ftp, telnet, etc), a buffer overflow and privallige elevation to root and they're in. They can cause as much damage as they want.

Don't kid yourselfs that linux is secure. It's not. Just that few people have "got it in" for linux.

I use linux, unix and windows systems, and no matter what I always look out for the latest patches. I'd be a fool to just sit there with a smug "ah, I'm okay I use linux" attitude. Of all things I concentrate very carefully on Apache patches as that's the one thing exposed to the outside world on my system.

And has everyone ensured they've got the ICMP patch for their linux based routers? Very few people know about that one and many assume a dedicated linux router/firewall is rock solid and never needs patching, yet this will open their entire network up.

Yup this is the point I was trying to make. All OS's have their vunerabilities, etc.

Many Linux / Unix users have become lax because of this perceived security that Linux has gained. Site like astalavista, neworder, etc are full of exploits and vunerabilities for all OS's including Linux, Win, FreeBSD, etc.

As Linux achieves more attention for home users then I think we will start to see more virus / trojan activity as well as more vulnerability exploits, etc.

I think that the difference is that Linux is proabably more secure out-of-the-box so to speak than NT / XP is, but both can be made pretty secure with some work and the application of the constant security updates that both formats see.

[BenH]

Quote:

Originally posted by DeadKenny
Other than...

Windows Server 2003 Enterprise 64bit edition (note that it replaces the old 'limited' edition which might be the library version you mention, see here)
Windows XP 2003 64bit edition

Ahh, but has anyone been dumb enough to use it on production systems yet :-)

Quote:

In fact many unix systems are actually 32bit with 64bit libraries unless you explicitly install the 64bit kernels (just take a look at 64bit AIX). The 64bit kernels often cause major headaches, so most run with 32bit kernels and just run 64bit apps on the system. Not really a true 64bit OS.

Yes it does tend to be easier to use 32_bit kernels, however the 64_bit is there and ready to use if you want it and has been for a while. Still the greatest problem I've ever faced is explaining to people that 'Yes the computers clock is only running at 400Mhz, but that its a 64_bit sparc.

Quote:

XP 64bit and 2003 Server 64bit use 64bit kernels/subsystem and the Win64 API from the ground up AFAIK. 32bit apps run with WOW32 which is a subsystem to run 32bit (Win32) under 64bit (a bit like the old WOW used to run 16bit on 32bit NT, but nothing like Win9x which was 16bit DOS hacked to run 32bit on top of it and Windows on top of that ).

Well its nice to know that you windows boys are finally catching up at last; but I think I'll stick to a system that I own rather than MS

Regards,

Ben

[Tricky]

Quote:

Originally posted by DeadKenny
All it requires is an unpatched server (web, ftp, telnet, etc), a buffer overflow and privallige elevation to root and they're in. They can cause as much damage as they want.

Don't kid yourselfs that linux is secure. It's not. Just that few people have "got it in" for linux.

I use linux, unix and windows systems, and no matter what I always look out for the latest patches. I'd be a fool to just sit there with a smug "ah, I'm okay I use linux" attitude. Of all things I concentrate very carefully on Apache patches as that's the one thing exposed to the outside world on my system.

And has everyone ensured they've got the ICMP patch for their linux based routers? Very few people know about that one and many assume a dedicated linux router/firewall is rock solid and never needs patching, yet this will open their entire network up.

Might also be fair to say that as more is known about the linux code/kernal that the challenge is not there. And the fact that everyone hates Micro$oft.

I gave my Micro$oft account manager some grief today though!

[DeadKenny]

Quote:

Originally posted by BenH
Ahh, but has anyone been dumb enough to use it on production systems yet :-)

Big corporates must be evaluating it at least otherwise there's no reason for a software company like the one I work for to be developing and testing on 64bit platforms because our customers request it.

There's no reason why it's a problem. We're talking the NT line here and after all 32bit NT (proper operating system) was way more robust than nasty 16bit DOS/Windows (spawn of the devil ), so not much reason why 64bit XP/Server2003 (NT really) is no less robust as 32bit. As with unix, it drops down to 32bit as necessary anyway (slightly better at it than the old 16bit WOW which was more emulation, whereas this relies on the 64bit processor ability to run 32bit... I think).

[hawkmoon]

Quote:

Originally posted by Tricky
Might also be fair to say that as more is known about the linux code/kernal that the challenge is not there. And the fact that everyone hates Micro$oft.

I gave my Micro$oft account manager some grief today though!

Yes this is also likely a major factor in it, plus you can be certain that all XP Pro installs will have the same vunerability, which can't strictly be said for Linux as major distro's often do things slightly differently than each other, even down to tweaks in the kernal.

[BenH]

Quote:

Originally posted by DeadKenny
All it requires is an unpatched server (web, ftp, telnet, etc), a buffer overflow and privallige elevation to root and they're in. They can cause as much damage as they want.

Don't kid yourselfs that linux is secure. It's not. Just that few people have "got it in" for linux.

Sure, if your lax in your updates, run as root all the time, dont check for root kits and leave ports wide open then you are screwed. However all the servers you mentioned are turned off initially and if you wanted to turn them on you had better know what your doing. If not then your incompetant or lazy and who cares.

Linux is more inherently secure than the other leading os, mostly because of the security models used. MS sets up their systems to fully integrate into their not so secure infrastructure such as windows update; their programs are riddled with bugs that they have no intention of fixing and hides the running services that can be compromised such as Messenger and allows a user to have administrative priveliges.

It also supports the script kiddies favorite language - VB.


This is not to say that Linux does not have its own problems, the difference is that these exploits are much, much harder to impliment especially against a user who has a clue about security. Also when an exploit is discovered it is paxtched as rapidly as possible. You can also install SE Linux, which promptly deals with the script kiddies, the so called L33T hackers and quite a few of the competant ones, at the possible expense of opening your system up to the NSA :-)

Quote:

I use linux, unix and windows systems, and no matter what I always look out for the latest patches. I'd be a fool to just sit there with a smug "ah, I'm okay I use linux" attitude. Of all things I concentrate very carefully on Apache patches as that's the one thing exposed to the outside world on my system.

And who has the largest number of patches, not including the 150 linux distros which MS loves to factor in on its FUD? And in regard to Apache (given that it mainly runs on Linux), how many patches vs IIS? AIRC the last major exploit was discovered about 18 months ago and had a working patch released within hours.

Quote:

And has everyone ensured they've got the ICMP patch for their linux based routers? Very few people know about that one and many assume a dedicated linux router/firewall is rock solid and never needs patching, yet this will open their entire network up.

We use a Borderware firewall based off BSD, theres a reward of $100,000 for the person who cracks it. If you fancy your luck just say :-)

Regards,

Ben

[BenH]

Quote:

Originally posted by hawkmoon
Yes this is also likely a major factor in it, plus you can be certain that all XP Pro installs will have the same vunerability, which can't strictly be said for Linux as major distro's often do things slightly differently than each other, even down to tweaks in the kernal.

Theres also the fact that as its open source its inherently more secure as the exploits are out there in the open for everyone to see and fix. As opposed to closed source which tries to sweep its mess under a carpet of secrecy.

There is no security in obscurity as any CISSP should be able to tell you.

Regards,

Ben

[Ramrod]

The thread on .com is good