| The Free Site | vBuddy - make friends, share photos, blogs, have fun | Cheap Web Hosting - starting at $5 |
There is a much better way to protect yourself against such nasty things: buy a Macintosh already
---------------------
Or a linux based netbook.
Anyone, who uses an inferior operating system like Windows XP (which allows by default automatic execution of programs on removable media) on a network, is risking becoming the next statistic.
Do yourselves a favour and get a Mac or linux system for surfing the web (and you can keep your windows box as an expensive gaming machine....).
---------------------
Hey you Mac fanatics, since the worm doesn't affect OS X with less than 2% of the PC market, why don't you stop your partisan nonsense. And make sure you don't actually boot Windows unpatched (as of last October) on your Mac's that are only glorified PC's after all using the Intel x86 processor like any other PC's except at 4X the price. Another way to look at it is 1/4 the performance of a common PC... Quad core included.
And a PC can boot any Linux. Personally, I use the latest Knoppix liveCD whenever I need to.
Oh have you looked today at the stock investor's downgrade of Apple's Jobs less recommendations? US$70. From the glory days in Aug 14 2008 of US$179.42 per share?
And for the unfortunate Windows users that are at risk, give credit where credit is due:
Back on Oct. 23, 2008, Microsoft released a critical security update for Windows: MS08-067
But no, some users are so clueless, that they don't auto-update their systems...
None of this is happening to the majority of Windows users that are following 'automatic' recommendations for critical security patches.
And no need to overspend on a Mac hardware at all...
Remember, you can also boot any Linux / FreeBSD on any real PC... For free!
An ounce of prevention is better than ten pounds of cure.
---------------------
Tired of all the Mac hype, I bought one. Imac 20 when they first came out. Intel chip, 2g ram, yada yada.
Now, if you have an older pc (2-3 years +) you might like it. At least speed wise. (Provided you can get used to everything working backwords) Old PC vs Mac... toss up.
But if you have a new PC and buy a new Mac... no comparison. New PC vs new Mac... well, it's like buying a 3 year old PC. Macs are slow, clunky and bizarrely outdated to work with. And contrary to popular belief, you can crash a mac if you give it too much to chew on at once. PC's are made to chew a lot at once. Yeah, the mac doesn't blue screen. It just pops up a message saying you're screwed.
And probably due to ridiculous but popular tv ads lately, virus progs are beginning to show up for the mac. The only thing I hate about windows (the program I love to hate) is that every release gets closer and closer to the mac gui. You know, the one I detest?
---------------------
Or is it the other way around?
Don't forget Windows was there first. Yes first. It wasn't pretty but neither was the original MacIntosh. And the real first discovery / invention of a windowing system including the first mouse, was done at Xerox Palo-Alto Research Center PARC.
And when 2% of a market tells the rest that THEY are the elite, well, the 2% might as well remain in ignorance believing it's own delusions.
Have you considered this historical perspective?
FYI a Mac is merely a PC (in disguise)
Funny over time, reality is that the entire Apple / Mac 'Raison d'�tre' has changed from:
- We're better just because.
- This Motorola 6502 is better than the Intel 8080.
- This Motorola 68000 is better than the Intel 8086.
- This Motorola PowerPC is better than the Intel x86.
- This Intel x86 of ours is better than yours...
As for the OS:
From the first Mac OS to the 10th 'generation' OS X now happens to be based on BSD, and specifically for the x86 chip architecture, called FreeBSD (originally available for any PC {for free} back in 1992).
Oh the wisest move by Apple IMHO was to adopt the ubiquitous Industry Standard Architecture (ISA) Intel x86 CPU PC processor, since now you can actually boot Windows and Linux on a Mac! (Without virtualization that is).
Well, reality is that 17 years later, every OS has significantly improved. But realize that Windows also has access to all the technological improvements developed by all the good people of open-source, including FreeBSD, Linux, and everybody else... In addition to a US$250 Billion dollar company behemoth resources in R&D, that may or may not be put back into the public-domain.
Like it or not, there is no available superiority in any modern operating system from anybody. Period.
Because nowadays, a MAC is just another PC.
----------------------------------
And for the record, the largest software provider for Apple was and still is Microsoft. Nowadays, OS X is based on FreeBSD the Darwin kernel, which was available in complete source back in 1992, for the x86 platform. And is still available today (albeit) 17 years later. Interestingly, Linux and other variants of UNIX look alike (Solaris, HP-UX, AIX, and others) became mainstream and the most popular ones are available in open-source format. This implies that any 'superior' technology at the source-code level is available today to ANYBODY, including Microsoft. The reverse however is not true. And any technological developments in the proprietary NT is not necessarily available to just anybody. Microsoft being the largest software company in the world today has immense R&D and financial resources behind it, twice that of IBM's. Apple's doesn't even compare or is in the same class as Microsoft. You can look at it anyway you want, financially, market-share wise, or intellectually. Nowadays, anything that can be done with any existing operating system can also be done with Windows. And vice-versa. That is the state-of-the-art of technology today. Don't overlook the fact that today a Mac is a mere PC in disguise, locked in hardware so OS X can only run on a Mac, yet a Mac can boot any x86 based operating system, including Windows, Linux, FreeBSD, QNX, or other variants as well. Because a Mac is a PC. Mac fanatics won't like this bit of news, but it is all true, and verifiable. Don't deny it. Just Google it.
Back to topic. When the 'critical mass' is reached, Macs will become as much of a target to viruses as Windows PCs, and that is the best thing that could happen to Apple, because that will also mean, they've become a significant force, rather than an insignifcant one as it is today.
---------------------------------
Most of the Conficker-infected computers are in enterprise networks. The Mac and Linus religionists are just wasting bandwidth screaming on sites like PC world about their favorite gods because few here are vulnerable, i.e. we use patched MS systems. The Mac and Linux people should take their preaching elswhere, like Network World.
Good luck with that, because for whatever reason, MS has a lock on corporate networking, where patching isn't automatic and timely.
---------------------------------
Just install Linux.
It's not just security through obscurity. It's security through decades of tried and tested security. It's just damned hard to write one executable that will attack 'any' version of kernel and all the optional things that get attached to it. And 'optional' includes the GUI, and all things attached to it.
Windows XP, by default, runs all apps as 'Administrator', which means any 'hole' in any app is a potential root kit.
The 'UAC' they added to Vista to address this is widely disabled. Do a web search for 'Disable UAC'. Even when enabled, people get into the habit of clicking it away (granting permission) without even looking at it, allowing 'anything' to happen. So as a security measure, it's a complete failure. Botched top to bottom. In a way, Windoze is only trying to catch up to where Unix-like operating systems were in the 1970's.
So what if we're <1%? We're the 'Mensa' 1%, not the other 99% who are dumb enough to PAY FOR buggy, insecure versions of better software that they could have and share for free.
---------------------------------
I glad i'm not the only person who sees the truth with Apple. Those TV commercials burned me up when Apple cmputers have the same hardware as PC's. Why doesn't Apple just take a page from Microsoft and just sell the Apple operating system seperate from the hardware like Microsoft sells it's windows operating system and let's see which one wins?
--------------------------------
Oh, dear! Another virus, another "Get a Mac! Get Linux!" thread.
It's hard to argue that if everybody switched to Macs then no one would get viruses. Average computer users would still click on files sent to them by IM, would still give their passwords to strangers and would still disable their OS security.
With Linux I agree a bit more, because of the many kernel variants; but I doubt that Linux will make it to the masses without a specific version coming on top in user preferences. Maybe Ubuntu, maybe Mandriva, but making it easier for virus developers to find a large target.
Anyway, I've been a Windows user for 15 or so years now. I have never used an antivirus and have never been had a virus (at least not by accident). Of course, I always patch and am very careful with what I download and keep a close eye on everything that runs on my computer.
I know that the possibility of being infected is still there, and I'll probably get infected some time in the future (that's why I keep back-ups), but for using a "buggy", "inherently insecure" and "inferior" OS I think I've had a very good run.
----------------------------
I had similar near virus-free experience through 15 years of Windoze use, prior DOS use, and 'other things' before MS-DOS through simple caution. My experience was that antivirus was more destructive than viruses. What drove me away from Windoze was Vista's shockingly bad performance on my new Dell, and to be fair, Dell is on my $#!% list, too for even offering that OS, certainly knowing how badly it worked with their notebook.
Over the years, I've had to 'rescue' a LOT of other people's Windows PCs. One memorable one took a very long time to boot. When I finally got far enough in that I could get a click in edgewise and install 'Spybot S&D' on it, and let that run, it found over 4,000 pieces of malware (actually, probably a lot fewer - Spybot calls out every hook a piece of malware uses). But it was an impressive number however you want to measure it, and that was before I could install and launch AVG to check for the rest. It was a 'family' PC and the teen daughter downloaded pretty much anything she liked, and since it was a 'Home' edition of XP, there wasn't anything I could do with permissions. I'm confidant that not long after I sorted that thing out, it became just as full of crap as if I'd never been there.
--------------------------
As far as the original NT goes, a good portion of the code was borrowed from OS/2 v1.2, which Microsoft cowrote with IBM. In fact, the original NT supported HPFS partitions and would run OS/2 scripts. There used to be a command to let NT know to process an OS/2 program, which was named, get this, OS2.
As far as the virus goes, whatever OS is dominant in the field is going to be targeted the most for attack. It's simple economics. If Mac's or Linux were the king of the heap, they would have the lion's share of viruses and malware directed at them too. So, you can be mainstream and deal with constant attacks, or you can be fringe and deal only with a small percentage of the malware out there. If you really want to be malware free, why don't you try BeOS or GeoWorks?
It really isn't rocket science to have a secure machine. Keep your MS patches on automatic update, install a decent virus scanner with automatic protection, install a good spyware/malware scanner with automatic protection, install a decent firewall, and if you want, use the malware immunization tools from software like Spyware Blaster, or Spybot S&D.
For the truly paranoid, use Firefox and install NoScript. You won't be able to run ActiveX, but that's the price you pay...
----------------------------
I agree with you.
But why would anyone pay for a free operating system (FreeBSD)?
So the conspiracy is that Apple has to brainwash uneducated gullible people with the hyped-up concepts like 'We're the best, we're the elite, we're the underdogs, and the rest are imbeciles, just because we, Apple says so'. Thus gain a foothold onto a very lucrative business, which otherwise they couldn't; Disinformation for survival. The end justifies the means...
And part of that conspiracy, is now in order to sell Macs (hardware), mere PC's in disguise (yes everybody already knows), they have to tie it up with something 'superior' Mac OS X...
In the end, nobody cares, not even Apple about which type of processor, operating system, or whatever, but how many dollars on the bottom line they can sell. And the only way to sell overpriced (or sub-standard?) hardware is to lock it in with hype and style, since there's no substance.
Well they did reneged on all past attempts at feeding BS, such as the 6502, 68000, Z8000, PowerPC, finally conceding the best CPU was and still is the Intel x86 since day one. They've adopted the PC ISA architecture. They've adopted one of the many PC operating systems (FreeBSD).
Thus since the beginning, it's only been a hilarious and ridiculous series of contradictions to finally end up like a PC, running PC type operating systems ...
Bottom line reality is:
Doesn't modern Apple Macs boot Windows, Linux, FreeBSD, and all others PC compliant variant operating system natively?
Isn't the Mac hardware locked with 'security' chips so the Mac OS X can only boot on such locked-in captive hardware?
Are there not a multitude of websites focusing on making OS X boot on ANY PC? (ie: http://hackint0sh.org)
Guys, what is a Mac? A Mere PC in Disguise. As for the bad, mean, despicable dark side of the force: Microsoft, after their bailout of Apple in 1997, suddenly, they've got access to the entire Apple user base, as a bonus! Stupid Microsoft guys eh?
Or who really is being stupid now?
---------------------------
The first operating system offering by Microsoft was: Microsoft Xenix
Xenix was Microsoft's version of Unix intended for use on microcomputers; since Microsoft was not able to license the "UNIX" name itself, they gave it an original name. The -ix ending follows a convention used by many other Unix-like operating systems.
Microsoft purchased a license for Version 7 Unix from AT&T in 1979, and announced on August 25, 1980 that it would make it available for the 16-bit microcomputer market. The initial port of Xenix to the Intel 8086/8088 architecture was performed by The Santa Cruz Operation "SCO".
MS-DOS (short for Microsoft Disk Operating System) is an operating system commercialized by Microsoft. It was the most commonly used member of the DOS family of operating systems and was the main operating system for personal computers during the 1980s.
MS-DOS development originally started in 1981, and was first released in 1982 as MS-DOS 1.0.
The point here is that Microsoft had the full-source code to the entire Unix operating system 'owned by Bell Lab's AT&T' before they designed MS-DOS...
And the very reason FOSS movement started, was that Unix is a proprietary (closed, not open-source) piece of software engineering.
The conclusion is that if something is superior, and 'obfuscated though close-source', then Microsoft had all the goodies, secrets and techniques of the UNIX operating system BEFORE they started working on DOS or Windows... Then, all subsequent improvements and developments that occurred through FOSS, well, Micosoft also has access to ALL of them like anybody else as well...
So ??? Who has the exclusive God-given right of inherent born superiority?
Apple & FOSS fanatics, don't deny it. Just Google it.
PS: ehm, have you seen the devil logo of FreeBSD and what it does to Tux, the Linux penguin? ...
Juvenile tards...
-------------------------
I used to have to run Linux on an image acquistion computer in my lab. Worst virus I ever got was on that box. A rootkit that totaled my OS and forced a clean reinstall on a very complex machine. I spoke to my RH support rep about this and asked "What did I do wrong, how did this happen?" He answered "Nothing, you just got unlucky."
I have had a few viruses sneak by on my PC's, but cleaning them is a snap.
I'll take my Windows XP over Linux anyday as far as viruses. Sure, there are mor for Windows, but it is not like they don't exist for Linux. And for Windows, at least there are the tools to deal with them.
--------------------------
The term rootkit or root kit originally referred to a maliciously modified set of administrative tools for a Unix-like operating system. If an intruder could replace the standard administrative tools on a system with a rootkit, the modified tools would give the intruder administrative control over the system while concealing his activities from the legitimate system administrator. The earliest known rootkit was written in about 1990 by Lane Davis and Steven Dake for SunOS 4.1.1. There was an earlier, quite famous, exploit equivalent to a rootkit which was perpetrated by Ken Thompson of Bell Labs against a Naval Laboratory in California to win a bet. Thompson subverted the C compiler in a distribution of Unix to the Lab.
The point is ANY and EVERY operating system has its flaws and NOTHING is 100% secure or fail-safe from hackers... That is the sad reality today...
And let's give credit where credit is due: The weakest link in any security strategy is the 'admin users'. Under Windows, most everybody operates as a super-user, something totally unthinkable in the Unix world. Well, average (vulgar, common) Windows users will live and learn from their own mistakes.
-------------------------
McAfee Analysis of Conficker Worm:
Content
W32/Conficker.wormType: Virus
SubType: Worm
Discovery Date: 11/24/2008
Length: 58,368 bytes
Risk Assessment:
Corporate User: Low
Home User: Low
Overview: a worm that exploits the MS08-067 vulnerability in order to spread. It may also download and execute various files onto the affected system.
Aliases: Worm:Win32/Conficker.A (Microsoft) Crypt.AVL (AVG) Mal/Conficker-A (Sophos) Trojan.Win32.Pakes.lxf (F-Secure) Trojan.Win32.Pakes.lxf (Kaspersky) W32.Downadup (Symantec) Worm:Win32/Conficker.B (Microsoft) WORM_DOWNAD.A (Trend Micro) Characteristics
When executed, the worm copies itself using a random name to the %Sysdir% folder.
(Where %Sysdir% is the Windows system folder; e.g. C:\Windows\System32)
It modifies the following registry key to create a randomly-named service on the affected syetem:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{random}\Parameters\"ServiceDll" = "Path to worm" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{random}\"ImagePath" = %SystemRoot%\system32\svchost.exe -k netsvcsAttempts connections to one or more of the following websites to obtain the public ip address of the affected computer.
hxxp://www.getmyip.org hxxp://getmyip.co.uk hxxp://checkip.dyndns.org
hxxp://whatsmyipaddress.comAttempts to download a malware file from the remote website: (Rogue Russian site is up but not serving file anymore)
hxxp://trafficconverter.biz/[Removed]antispyware/[Removed].exe
Starts a HTTP server on a random port on the infected machine to host a copy of the worm.
Continuously scans the subnet of the infected host for vulnerable machines and executes the exploit. If the exploit is successful, the remote computer will then connect back to the http server and download a copy of the worm.
Later variants of w32/Conficker.worm are using scheduled tasks and Autorun.inf file to replicate on to non vulnerable systems or to reinfect previously infected systems after they have been cleaned.
Symptoms:
This symptoms of this detection are the files, registry, and network communication referenced in the characteristics section.
Users being locked out of directory
Access to admin shares denied
Scheduled tasks being created
Access to security related web sites is blocked.
Method of Infection:
This worm exploits the MS08-067 Microsoft Windows Server Service vulnerability in order to propagate.
Machines should be patched and rebooted to protect against this worm re-infecting the system after cleaning.
Upon detection of this worm the system should be rebooted to clean memory correctly. May require more that one reboot.
Scheduled tasks have been seen to be created on the system to re-activate the worm.
Autorun.inf files have been seen to be used to re-activate the worm.
Removal:
Users infected by W32/Conficker.worm should perform an On Demand Scan to remove remnants of the worm in memory using the latest DATs.
Upon detection of W32/Conficker!mem and REBOOT, the W32/Conficker.worm malware components will be removed.
This worm exploits the MS08-067 Microsoft Windows Server Service vulnerability in order to propagate.
Machines should be patched and rebooted to protect against this worm re-infecting the system after cleaning.
Upon detection of this worm the system should be rebooted to clean memory correctly. May require more that one reboot.
Scheduled tasks have been seen to be created on the system to re-activate the worm.
Autorun.inf files have been seen to be used to re-activate the worm.
Users infected by W32/Conficker.worm should perform an On Demand Scan to remove remnants of the worm in memory using the latest DATs.
Upon detection of W32/Conficker!mem and REBOOT, the W32/Conficker.worm malware components will be removed.
----------------------------------
Win32/Conficker.AA, also known as W32/Worm.AHGV, Win32.Worm.Downadup, Net-Worm.Win32.Kido.bg, Worm:Win32/Conficker, W32/Conficker.worm.gen, and Mal/Conficker, is a malicious worm that spreads to computers in a local network by utilizing Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability. The Win32/Conficker.AA worm can perform numerous hideous actions on your PC. Win32/Conficker.AA worm can block your access to security websites as well as erase System Restore points before infecting your computer. Win32/Conficker.AA will remove all NTFS file permissions, with the exception of execute and directory traversal files in order to shield itself from being deleted.
----------------------------------
The Conficker worm spreads itself primarily through a buffer overflow vulnerability in the Server Service on Windows computers. The worm uses a specially crafted RPC request to execute code on the target computer.
When executed on a computer, Conficker disables a number of system services such as Windows Automatic Update, Windows Security Center, Windows Defender and Windows Error Reporting. It then connects to a server, where it receives further orders to propagate, gather personal information, and downloads and installs additional malware onto the victim's computer. The worm also attaches itself to certain Windows processes such as svchost.exe, explorer.exe and services.exe.
The A variant of Conficker will create an HTTP Server and open a random port between 1024 and 10000. If the remote machine is exploited successfully, the victim will connect back to the http server and download a worm copy. It will also reset System Restore Points, and download files to the target computer.
Symptoms of infection:
Account lockout policies being reset automatically.
Certain Microsoft Windows services such as Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender and Error Reporting Services are automatically disabled.
Domain controllers respond slowly to client requests.
System network gets unusually congested. This can be checked with network traffic chart on Windows Task Manager.
On websites related with antivirus software, Windows system updates cannot be accessed.
In addition, the worm launches a brute force dictionary attack against administrator passwords to help it spread through ADMIN$ shares, making choice of sensible passwords advisable.
On 15 October 2008 Microsoft released a patch (MS08-067) to fix the vulnerability.[19] Removal tools are available from Microsoft,[20] Symantec[21] and Kaspersky Lab while McAfee[22] can remove it with an on demand scan.[23] Since any virus can spread via USB drives that trigger AutoRun, disabling the AutoRun feature for external media through modifying the Windows Registry is recommended.[24] While Microsoft has released patches for the later Windows XP Service Packs 2 and 3 and Windows 2000 SP4 and Vista, it has not released any patch for Windows XP Service Pack 1 or earlier versions (excluding Windows 2000 SP4), as the support period for these service packs has expired.
----------------------------
Most antivirus software should detect and block the Conficker worm, so if you have updated antivirus software on your computer, you have a relatively low risk of being infected by the Conficker worm.
If you or your network administrator have not installed the latest security updates, and if you have file-sharing turned on, the Conficker worm could allow remote code execution. Remote code execution allows an attacker to take control of your computer and use it for malicious purposes.
----------------------------
Once run or given access to an unprotected machine, Conficker.B begins searching for other systems or shares within the local network that it can infect. Shared systems, removable drives, or unpatched systems are all eligible targets, as are machines with weak passwords. This last bit is an important new feature of Conficker.B; a complete list of the passwords it checks for can be found here. If Conficker.B manages to successfully guess a password, it moves in and continues hunting for new targets. Microsoft summarizes the new strain as follows:
Worm:Win32/Conficker.B is a worm that infects other computers across a network by exploiting a vulnerability in the Windows Server service (SVCHOST.EXE). If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled. It may also spread via removable drives and weak administrator passwords. It disables several important system services and security products.
Roger confirmed that the Malicious Software Removal Tool (MSRT) has checked for and removed Conficker.B since December 29, 2008, but it's not possible to access any Microsoft website once Conficker.B has infected a system; the worm blocks access to multiple domains based on string identification. If you've got a system that's infected, you'll need to download the latest MSRT from Microsoft on a clean system and run it manually.
Not all AV scanners currently detect Conficker.B, even if they've been updated to detect Conficker.A�I don't have a list of specific solutions that can't currently catch the new worm, but all of Microsoft's antimalware/antivirus products�Forefront, OneCare, and the Online Safety Scanner�will find Conficker.B if it's present (and you somehow haven't noticed).