The problem is with Windows that Operating Systen has too many holes and it's too vunerable. I believe that we should do something, if you look at it, they keep selling new software and nobody is doing nothing to help the end users.
By Anonymous (not verified) on Wed, 08/17/2005 - 9:17am.
What do you propose we do? I agree that it does not seem like Microsoft is doing much in the way of protecting end users, but what can we as a community do about it? The problem is that most people are comfortable or ignorant with windows problems. They dont know about security and do not want to learn. In a society where people don't care, they just want to play games or surf the web, what can we really do to help the situation. With Microsoft's big name recognizability, truckloads of money to fight anybody that tries to compete with them, and their closed source on the OS, how do we begin a change that will assist end users on a global, or even local, scale?
By Anonymous (not verified) on Wed, 08/17/2005 - 6:47pm.
Microsoft has been taking steps over the past couple of years to assist in addressing these challenges. They modified the patch release schedule to minimize the amount of effort required for patching systems. They've recently switched to a consolidated patching system (Microsoft Update) rather than having multiple locations to verify patch availability.
They released free utilities to assist the patch efforts (MBSA, SUS, WSUS) and they released a patch that, if applied, addressed this attack vector.
Combining these functions with network and system management (blocking all but absolutely necessary outgoing ports, for example) would greatkly decrease the atatck surface.
Blaming the OS is silly - other operating systems have just as many vulnerabilities. Patches for them are released just as (if not more) often, and need to be applied. As long as software is written by software engineers, it will continue to be imperfect. Proactively managing a network can relieve the pressure of a new exploit such as this.
CNN, ABC, etc. did not go down because of a bad operating system. They went down because they failed to patch their systems quickly, even with news that zero-day attacks were already occuring. Considering the nature of viruses in the last 2 years - most noticeably with variants of Agobot and Spybot - you can't afford to NOT install a critical security hotfix.
I think the big issue here is trying to balance Business Continuity with Data Integrity. They may have very narrow windows for rebooting servers given their industry, but they're going to have to factor that into their IT Strategy if they want to remain protected.
The fact that companies have been severely hit by Zotob indicates that lessons haven’t been leant from Blaster which struck back in 2003. It again highlights the vital need for internal firewalls in addition to anti-virus software and regular patching and updating, so that road warriors cannot bring infection into the company.
MessageLabs has identified that Virus writer Diabl0, author of some of the MyTob family of viruses, appears to be responsible for the current outbreak of Zotob variants that, over the last few days, has affected many organizations, including several global media companies.
More importantly, in what could spell the beginning of a period of intense malware activity similar to the Netsky-Bagle wars, we have discovered separate malware in the wild – one which is a similar worm identified as Bozori – that is designed to de-install Zotob. These competing factions are part of organized criminal gangs and seem to be duelling for control of the botnets of domestic PCs in order to perpetrate wider internet criminal activity. We may well now see a period of intense malware activity as these groups via for pole position.
By Anonymous (not verified) on Wed, 08/17/2005 - 11:38am.
Did you get hit?
No - we switched to Linux and never looked
back. These recurring articles are a constant
reminder that we made the right choice.
Who's to blame?
Microsoft? No.. it's the people who continue to
buy their products and the governments who
support their illegal business practices.
Microsoft is in the business of taking money
from suckers, more power to'em.
By Anonymous (not verified) on Wed, 08/24/2005 - 7:00am.
I cannot say it better than that. Their software methodology sucks (they produce software that is full of holes and bugs), their support sucks (they charge way too much money to talk to someone in another figggin country that can barely read from the paper they use to trouble shoot, let alone actually solve the problem) and they don't care about the customer (the customer is NEVER right). Ban, Microshaft products if you want to teach them a lesson. Take their money and they will listen, that is the power that you have (as consumers). Hit them where it hurts, in the profit margin!
Enough already
epantner (via feedback form):
I'm getting tired with all those attacks.
The problem is with Windows that Operating Systen has too many holes and it's too vunerable. I believe that we should do something, if you look at it, they keep selling new software and nobody is doing nothing to help the end users.
What are we going to do?
What do you propose we do? I agree that it does not seem like Microsoft is doing much in the way of protecting end users, but what can we as a community do about it? The problem is that most people are comfortable or ignorant with windows problems. They dont know about security and do not want to learn. In a society where people don't care, they just want to play games or surf the web, what can we really do to help the situation. With Microsoft's big name recognizability, truckloads of money to fight anybody that tries to compete with them, and their closed source on the OS, how do we begin a change that will assist end users on a global, or even local, scale?
I think you're missing something here
Microsoft has been taking steps over the past couple of years to assist in addressing these challenges. They modified the patch release schedule to minimize the amount of effort required for patching systems. They've recently switched to a consolidated patching system (Microsoft Update) rather than having multiple locations to verify patch availability.
They released free utilities to assist the patch efforts (MBSA, SUS, WSUS) and they released a patch that, if applied, addressed this attack vector.
Combining these functions with network and system management (blocking all but absolutely necessary outgoing ports, for example) would greatkly decrease the atatck surface.
Blaming the OS is silly - other operating systems have just as many vulnerabilities. Patches for them are released just as (if not more) often, and need to be applied. As long as software is written by software engineers, it will continue to be imperfect. Proactively managing a network can relieve the pressure of a new exploit such as this.
I agree, don't blame MS for Zotob
CNN, ABC, etc. did not go down because of a bad operating system. They went down because they failed to patch their systems quickly, even with news that zero-day attacks were already occuring. Considering the nature of viruses in the last 2 years - most noticeably with variants of Agobot and Spybot - you can't afford to NOT install a critical security hotfix.
I think the big issue here is trying to balance Business Continuity with Data Integrity. They may have very narrow windows for rebooting servers given their industry, but they're going to have to factor that into their IT Strategy if they want to remain protected.
MyTob Author Battles it Out With Peers in New Bot War
The fact that companies have been severely hit by Zotob indicates that lessons haven’t been leant from Blaster which struck back in 2003. It again highlights the vital need for internal firewalls in addition to anti-virus software and regular patching and updating, so that road warriors cannot bring infection into the company.
MessageLabs has identified that Virus writer Diabl0, author of some of the MyTob family of viruses, appears to be responsible for the current outbreak of Zotob variants that, over the last few days, has affected many organizations, including several global media companies.
More importantly, in what could spell the beginning of a period of intense malware activity similar to the Netsky-Bagle wars, we have discovered separate malware in the wild – one which is a similar worm identified as Bozori – that is designed to de-install Zotob. These competing factions are part of organized criminal gangs and seem to be duelling for control of the botnets of domestic PCs in order to perpetrate wider internet criminal activity. We may well now see a period of intense malware activity as these groups via for pole position.
Did you get hit? Who's to blame?
Did you get hit?
No - we switched to Linux and never looked
back. These recurring articles are a constant
reminder that we made the right choice.
Who's to blame?
Microsoft? No.. it's the people who continue to
buy their products and the governments who
support their illegal business practices.
Microsoft is in the business of taking money
from suckers, more power to'em.
Microsoft sucks!!
I cannot say it better than that. Their software methodology sucks (they produce software that is full of holes and bugs), their support sucks (they charge way too much money to talk to someone in another figggin country that can barely read from the paper they use to trouble shoot, let alone actually solve the problem) and they don't care about the customer (the customer is NEVER right). Ban, Microshaft products if you want to teach them a lesson. Take their money and they will listen, that is the power that you have (as consumers). Hit them where it hurts, in the profit margin!