PDA

View Full Version : Virus Warning - All Members Please Read



Rob
08-19-03, 12:08 PM
Although this is not Corvette related, I feel that it's important enough that it should be posted here to alert and protect our members.

There is a nasty virus that has made a return today and you need to be aware of it. <b>PLEASE MAKE SURE THAT YOU ARE RUNNING VIRUS PROTECTION SOFTWARE AND THAT YOUR VIRUS DEFINITIONS FILES ARE CURRENTLY UP TO DATE</B>:

From: eWeek:

August 19, 2003
SoBig Virus Returns
By Dennis Fisher

Welcome to the summer of the worm.
Hard on the heels of the Blaster worm outbreak , yet another version of the resilient and ever-popular SoBig virus began spreading rapidly on the Internet Tuesday morning. Known as SoBig.F, the new variant behaves much like its older siblings, infecting Windows machines via e-mail and sending out dozens of copies of itself.

The variant began spreading early Tuesday Eastern time, and by 9 a.m. Tuesday, MessageLabs Inc. had stopped more than 10,000 copies. The virus size is approximately 73 KB, and the attachment that actually contains the malicious code can carry any one of a number of names, according to iDefense Inc., a security company based in Reston, Va. Among the file names seen so far are:

application.pif
document_all.pif
details.pif
document_9446.pif
movie0045.pif
thank_you.pif
your_details.pif
your_document.pif
wicked_scr.scr

The subject line of the e-mail message that carries the attachment is also randomized, and many of the subjects are similar to previous SoBig variants. They include:

Re: Details
Re: Approved
Re: Re: My details
Re: That movie
Re: Thank you!
Re: Your application
Re: Wicked screensaver
Thank you!
Your details

SoBig.F installs a copy of itself in the Windows registry, in a file named "winppr32.exe." MessageLabs lists the worm as originating in the Netherlands, and its statistics show that SoBig.F has spread mainly in that country and Norway at this point. However, that is likely to change as workers in North America begin checking their e-mail Tuesday.

SoBig.F's appearance comes just eight days after the initial onset of the Blaster worm, which has infected several hundred thousand Windows PCs.

Link: http://www.eweek.com/article2/0,3959,1225395,00.asp

69MyWay
08-19-03, 05:07 PM
Rob,

Thanks for the link.

I logged on my home email just now and got three emails from unknown senders. I had:

Re: Details
Re: Your application
Re: Wicked screensaver

My Norton Popped up and said I had been updated with LIVE UPDATE.

The emails were empty (no attachements).

I guess they were on top of it.

I went through and removed all traces from the system.

What kind of sick people out there waste their time coming up with ways to make computers sick. These people are pure terrorists! The expense they cause on the global economy is incredible.

Rain
08-19-03, 05:27 PM
So very glad to be on Macintosh computers here in the office.
Its just so easy for a virus to be written for Windows, that they dont take the time to write any for Mac OS.

Good luck you guys and keep that virus software updated!

Rain
*mac user since 1987

67HEAVEN
08-19-03, 05:40 PM
The Ontario Safety Commissioner explained, on this evening's news, that computer worms are currently complicating the balancing-of-the-electrical-generation-vs.-consumption problem we are still experiencing in Ontario.

When are lawmakers and judges going to make an example of some of these bottom-breathers that write this stuff?

A large portion of my income comes directly from dealing with this plague on society, but I still hate the ******** who create them. :mad

SlowRide
08-19-03, 05:53 PM
Please help a computer novice understand.....

if I get one of these emails and don't open it, and immediatley delete it, am I ok? If I recieve an email from an unknown origin, I do not open it, I always delete it.

If I receive the infected email, does it infect my computer? Or, is it activated by opening only?

Thanks for the help......Nick

Ken
08-19-03, 06:34 PM
My Yahoo mail got hit. I left for a while this afternoon and when I came back there were ten new messages in there, all with attachments (.pif files). My Oulook mailbox was not hit because of my Firewall/Virus Protection.

I'm with Chris on this one:
What kind of sick people out there waste their time coming up with ways to make computers sick?

Some seriously disturbed people out there. :eyerole

Rob
08-19-03, 07:36 PM
Originally posted by SlowRide
Please help a computer novice understand.....

if I get one of these emails and don't open it, and immediatley delete it, am I ok? If I recieve an email from an unknown origin, I do not open it, I always delete it.

If I receive the infected email, does it infect my computer? Or, is it activated by opening only?

Thanks for the help......Nick Yes, you're ok. The virus/worm is activated by opening it. Do not open it. Delete it immediately.

Rob
08-19-03, 07:37 PM
I can tell you that I have been getting slammed with this virus all day long and I do mean SLAMMED. I cannot stress enough that EVERYONE running Windows based operating systems on their computers should be using anti-virus software and it should be kept up to date.

In some instances, yes, you have to pay for the software which is like $30.00 but it is the best $30.00 you ever spent.

Ctfoodguy2000
08-19-03, 07:43 PM
Rob - thanks for the info. Also, great advice on having current anti-virus software. I can't stand all these viruses that are being sent over the internet!

Gorgon
08-19-03, 08:39 PM
Originally posted by Rain
So very glad to be on Macintosh computers here in the office.
Its just so easy for a virus to be written for Windows, that they dont take the time to write any for Mac OS.

Good luck you guys and keep that virus software updated!

Rain
*mac user since 1987

Nobody cares to write worms for 4% of the market the Mac has. ;)

Leon

Rain
08-19-03, 09:36 PM
Leon,
Too bad you do not know how professional macs are or the number of things you come into contact each and every day that are created by macs.

Till then, keep replacing your computer every year or 2 and enjoy the security holes in your OS and your plain beige towers.

I have nothing against PCs or their users. I just dont like Microsoft, their OS, and their business practices. They release proven inferior products.

respectfully,
Rain

Computers are for business, PlayStations are for games.

Rain
08-19-03, 09:38 PM
And by the way Leon, Worms are not written. They are easily exploited security flaws in a OS that you have been convinced to purchase and have blindly assumed is secure.

Ken
08-19-03, 09:45 PM
Golly Rain, you Mac users are a sensitive bunch aren't ya? :L

Just kidding ya know. ;)

_ken :CAC

Rain
08-19-03, 10:10 PM
Ken, LMAO! :D
Yes, we really are, honestly. You will rarely see such passion and product loyalty from a windows user.
(its a love for a solid platform built on creativity) :)

Nothing against Leon, he just threw out that same card that every anti-mac person tosses out. If they would simply do some research, show us why Mhz matter, or even come up with useful innovations in their OS that is not a copy of something Mac OS, then I might not shut them out. (not saying Mac OS is an original thought here. )

Most Windows users simply surf the web a few hours a week, write email, and play solitaire or bridge. Those folks need a $499 computer that never needs to be rendering video, designing advertisements, creating billboards and magazines or newspapers, or even editing movies and producing hit records. They own a windows machine because thats what is readily available at wal mart and radioshack and its what they have at work. Familiarity, plain and simple.

If the machine does what you need it to in order to be productive and on time, then you are fine with what you have.

The windows users that get my goat are the ones who claim they need this super computer power to play games on each night. Again, no real output or product involved. Its a game station to them.

Yes, Apple doesn't have a high dollar stock, or a high market share. Big deal. They are a forward thinking technology company that builds solid machines, creative outlets, and provides their users with a secure and stable OS platform. My tower gets rebooted once a week whether it needs it or not. My notebook has not been rebooted or crashed since I bought it 9 months ago. (its used for portable recording, editing, Photoshop, HTML coding, surfing and email)

Who else bought a tower computer in 1996 that is still their main workstation? I have a nearly stock PowerMac 8600 that I do daily music editing and recording, Photoshop photo and graphics work, and basic video editing. If it were too slow to be competitively productive, I would have felt the need to upgrade. This technology is still viable after all these years in these markets and more.

With the introduction of Apple Retail stores, I expect to see many more home users switching to the Mac OS. Many of you have never had your hands on a Mac. Ignorance of the product platform is a huge hurdle.

Try to swing by your local Apple Retail Store. Touch a mac. Ask for a demo. These sales people are SO MUCH better than the minimum wage kids at CompUSA.

End of rant: Thanks KEN! haha
Rain

Ken
08-19-03, 10:15 PM
I first learned on a Mac. Hell, I may even go back one day because it is so much nicer to work with graphics. ;)

Rain
08-19-03, 10:49 PM
I hear ya, Ken. My dad got me on my first one while doing papers in HighSchool in the mid 80s. They were Apples back then.
He had them at the school he was headmaster of.
At home we had the TI 128 (programs on cassette tape- learned BASIC on that machine) and the typical Com 64(first floppy I ever saw)
I had a used FatMac 1991-1993 with 512k of RAM, no hard drives, 2 external floppies, (first Mouse I had ever used) and a dot matrix printer.

Programming courses I took in Highschool were all on TRS 80 radio shack tandys and IMB xt(i think). Keyboard, CPU, and monochrome monitor - boy have things progressed!

No Offense Ken, But I'll bet you have seen computers progress from crawling to flying!

cheers,
Rain

Ken
08-19-03, 11:15 PM
Originally posted by Rain
I'll bet you have seen computers progress from crawling to flying!

I'm too old to remember! Ouch, did I just say that? ;LOL

Rain
08-19-03, 11:27 PM
;LOL

Rain
08-19-03, 11:36 PM
http://corvetteobsession.homestead.com/files/01interior.jpg

Ken
08-19-03, 11:47 PM
That is so old! Where have you been?

http://corvetteobsession.homestead.com/files/MYcorvette/2003_August/afterwiring_05.JPG

_ken ;)

Rain
08-20-03, 12:00 AM
My goodness!
*to put us back on topic - I thought that virus had gotten your Vette!*

Just shot thru the annals of your vette site. Whew! Start wanting to keep it stock and look where ya ended up. :)

Simply Amazing!

Where have I been? Wish I knew! HAHA
Im only about 20 years younger than you, but have very few lasting memories of the past decade. Not due to drinking or drugs (very minimal drinking and little to no drug use), but due to being a workaholic. Seems I wanted to never say NO to a show, so 250-300 shows a year for the past 13 years have overloaded my mind to where alot of it had no retention. Living show to show and before ya know it, its next year and you forgot to file taxes! haha

Now that fatherhood is coming in December, Im performing much less, trying to keep a journal (if I cant remember it, at least I can read about me - LOL), and finally living life with my eyes open while taking time to take it all in. All helps by having a girl who loves you and supports you by your side!

Enough about my circle -
Great work on the vette - Looks like you've learned by doing and doing it well!

Rain (needs to read more of the CAC inorder to be up to date on projects)

Gorgon
08-20-03, 08:12 AM
Wow, too bad I went to bed and missed all this.

I did not bring up the the Mac percentage as a slam against the Mac. On the contrary, I have a lot of respect for the Mac and it's capabilities. OS X I hear is the best OS Apple has put out in a while.

Let me clarify some assumptions you have made. While I am a PC user, I build my own boxes. I am also unhappy with MS and thier business practices. With the exception of some gaming, all my work is done in Linux. My web browser is Mozilla whether I'm in Linux or Windows. For some of my engineering work I am forced to use Windows, not much I can do about it, though I'm trying to get as much stuff working in WINE as I can.

Back to the topic, worms are aggressive programs that are written. Typically they are written to take advantage of security flaws with an OS and are used to gain control of the infected PC. From here the PC can be used for DOS attacks and such. The fact is, regardless of your or my opinion of Mac, that Mac has a very small percentage of the market. If you are going to write a worm to do the most damage it can do, you don't write it to take advantage of a security whole in 4-8% of the computers connected to the web.

This also holds true for Linux. It makes up a small portion of the computers connected to the web. There are a few worms that will take advantage of Linux and Apache, but very few.

If you go back to look at my thread you will see the winky face. It was a joke. I'm sorry to have got you bent out of shape.

Leon

Piet
08-20-03, 08:25 AM
MACs..... funny......

We (the company I work for) used to be a Mac shop.... but due to industry pressure, we switched to Windows/ Unix operating environments. Macs are now the territory of:
1) Journalists
2) School children
3) Graphic artists
4) Video editors

Although the last three are starting to come to an end....(for a funny Mac Video (http://forum.e-officedirect.com/forum.exe?ForumName=FLStudio_FAQ&ACTION_DOWNLOAD=OK&FileName=mac2.wmv) )

Note: There are some "GREAT" viruses for the mac (and I am not refering to OS 10.3 :L ) so don't get too complacent...

Our company has a policy for ALL our machines (including people who use thier home machines to connect to work)

1) A HARDWARE firewall (I use the Linksys BEFSR41 (http://www.linksys.com/products/product.asp?grid=34&scid=29&prid=20) ) software firewalls CAN be bypassed... no matter what they say in thier advertising

2) Antivirus software.... I prefer Norton... Macafee is not as good but better than none. On my kids machine I use a free Anti-Virus software called AVG (http://www.grisoft.com/us/us_dwnl_free.php) from Grisoft.... works well enough)

It's cheap protection really.....

Gorgon
08-20-03, 08:39 AM
Piet, I saw that vid a few days ago. Funny stuff. ;)

Rob
08-20-03, 08:57 AM
If you suspect you have the worm on your computer, download this removal tool from Symantec and run it.

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

chockey
08-20-03, 09:18 AM
I have nortons on my computer at work and I still got a virus, used the free stinger from mcafee and it removed it.

At home my son got the blaster and it played havoc with it, downloaded the patch from microsoft and fixed it, the next day ran the stinger program and found another virus. So i'm running the stinger at least once a day and if on line a lot running it twice.
Its a little more work but worth the effort.

Rob, thanks for the information.

Chuck

Ken
08-20-03, 11:54 PM
I ran a scan just the other day, now today I came up with an infected file. McAfee cleaned the .exe file alright, but I'm left with these "Potentially Unwanted Programs" which I've quarantined until I find it's ok to delete them. Tell me it's ok to delete them. ;)

http://corvetteobsession.homestead.com/files/misc/McAfee_quarantinedfiles.jpg

My concern is: "ieaccess2.dll" and "BrowserToolbarLoader.exe", both of which appear in several locations.

HELP!! ;help

Rain
08-21-03, 01:03 AM
Ken

Id start with Google.com

typing those file names into Google and doing searches pulled some hits. Looks like you need a spyware blocker. SpyBlaster was suggested on some of the sites, not sure if its free.

If you dont get a hit by searching for the file names, then try virus name. (adware..., dialer...mp3search...)
It might talk about the file that you are researching and let ya know if its part of your browser or OS or a virus/spyware.

The Adware stuff is probably popups or spyware that is reporting your web activity back to some server.

the IEaccess seems to have replicated itself around your hard drive.

Id start by reseraching those file names via Google.com. They will lend much more insight than I can muster after a full day of contracts, promo kits, and CD production and a short 3 hour gig.

Hope I have helped a bit -
Rain

Ken
08-21-03, 02:02 AM
Originally posted by Rain
... try virus name. (adware..., dialer...mp3search...)
It might talk about the file that you are researching and let ya know if its part of your browser or OS or a virus/spyware.
McAfee doesn't have any info on those. For example:SEARCH RESULTS
We found no records matching the following criteria:
Virus name beginning with "Adware-Xupiter".
Please try narrowing your search by using fewer characters.
... the IEaccess seems to have replicated itself around your hard drive.
But what should I do about it? Anything? :confused

Thanks man. :CAC

cntrhub
08-21-03, 02:44 AM
I have nothing on my computer that is of importance. I don't use any spyware or anti-virus programs. To eliminate spyware, I go to "tools" - "internet options." Then on the general tab, I click "delete cookies" and "internet files." I tested this by using lavasoft and spybot freeware. I started both programs and found cookies planted. I then closed the software without removing the cookies. I went to tools, ran the clicks off, and then returned to both lavasoft and spybot to see if there were any cookies? It showed, "congratulations, no cookies" (paraphrasing). Yes, I do know about some of the hard to get off cookies planted. For that, I go into the registry.
As for a virus, I was hit by the Nimda32 bug a few years back. That puppy sent mail I deleted weeks ago, to everyone all over again. It was sending out the same mail twice a day. I had Norton running at the time. A lot of good that did. I am not that computer savvy. I couldn't figure out how to knock the virus out with Norton's patch? I never could figure out the computer language they walk you through? I Still can't.
So I learned on my own, how to do a low level "Debug" on my OS. I've done it so many times, I can almost write-in the debug codes by memory. It takes less then two and a half hours to debug, reload the OS, printer, scanner, and ISP software.
The computer runs like new everytime I wipe out the hard drive. I've only started to learn about this computer stuff in late 1999. I wish I could say I knew Dos, when you talk about the good old days. I don't know what that is even? Old computer OS is my guess?
There is one thing I do know after getting hit by a bug.....
Bring on those viruses.
Hope some of this helped?.......maybe?

Ken
08-21-03, 03:14 AM
:L No.

Everytime though, when I see it, I sure do like your "handle"! :upthumbs

Did I ask you before, is it short for "centerhub"? :cool

http://corvetteobsession.homestead.com/files/misc/centerhubwheel.jpg

_ken :w

cntrhub
08-21-03, 03:39 AM
Hey there Ken,

No, you never asked about the handle. Actually yes, it is short for center hub. But the center hub isn't the wheel company I was thinking of. It's the one piece wheel bearings on the Corvette front spindles, and rear half shafts........thooooose cntrhub's. :Roll

cntrhub
08-21-03, 04:04 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html#recommendations

fix for latest W32.Sobig.F@mm virus by symantac

Rain
08-21-03, 10:28 AM
http://www.geeknewscentral.com/archives/000664.html

Rain
08-21-03, 10:30 AM
http://allentech.net/parasite/IEAccess.html

Rain
08-21-03, 10:32 AM
another on the ieaccess



http://www.dslreports.com/forum/remark,5538414~root=security,1~start=4~mode=flat

Rain
08-21-03, 10:34 AM
Leak Test
http://www.uksecurityonline.com/husdg/windowsxp/currentsecurity.htm

jester
08-21-03, 01:10 PM
As of this morning Norton had picked up ten of these little buggers trying to get into my system.

Ken
08-21-03, 02:04 PM
To hell with it all! There is no gravity, the world sucks!

Thanks for the links Rain.

Rain
08-22-03, 03:48 AM
News of how business and personal productivity has slowed due to these virues(viri) reminded me of some quotes from Ernie Ball guitar string corp.

They actually got busted on a software licensing lawsuit and dropped ALL microsoft products from their entire company use.
And survived, is saving $, time, and more.

Check it out - They decided not to go with Apple since Microsoft invested 150$ mill. in Apple.
At that time Apple's Market Cap was about 22 billion, and $150 million is only about 2/3rd of one percent (and it was non voting stock too). I will say he was being a flake and just looking for an excuse not to use Apple. Someone must have said "I told you so, you should have used Apple" and he got ****ed and decided to not go with them either, no matter what.

The Link:
http://news.com.com/2008-1082_3-5065859.html?tag=lh

KOPBET
08-22-03, 07:38 AM
Originally posted by Ken
I ran a scan just the other day, now today I came up with an infected file. McAfee cleaned the .exe file alright, but I'm left with these "Potentially Unwanted Programs" which I've quarantined until I find it's ok to delete them. Tell me it's ok to delete them. ;)

My concern is: "ieaccess2.dll" and "BrowserToolbarLoader.exe", both of which appear in several locations.

HELP!! ;help

Ken ...:nono

IEAccess is an ActiveX control used to download and install premium-rate dialers, primarily for porn sites.

Xupiter toolbar is one of the biggest spyware threats out there besides Gator. Ditch 'em all. Xupiter can be fairly prolific so be sure to search for removal instructions for registry entries this POS puts on your PC. Sadly, you agreed at some point to install it.

Will somebody please tell the world that "cookies" are not SPYWARE? Don't sweat the small stuff.

Gorgon
08-22-03, 01:06 PM
Originally posted by Rain
News of how business and personal productivity has slowed due to these virues(viri) reminded me of some quotes from Ernie Ball guitar string corp.

They actually got busted on a software licensing lawsuit and dropped ALL microsoft products from their entire company use.
And survived, is saving $, time, and more.

Check it out - They decided not to go with Apple since Microsoft invested 150$ mill. in Apple.
At that time Apple's Market Cap was about 22 billion, and $150 million is only about 2/3rd of one percent (and it was non voting stock too). I will say he was being a flake and just looking for an excuse not to use Apple. Someone must have said "I told you so, you should have used Apple" and he got ****ed and decided to not go with them either, no matter what.

The Link:
http://news.com.com/2008-1082_3-5065859.html?tag=lh

Chalk up another win for open source. It's good to see success stories like this. :)

Leon

oldace84
08-22-03, 02:09 PM
Also of some note, for users of WIN98/WIN98SE/ME/, should go to microsoft update page and get the latest explorer fixes/updates. WIN XP also.
Right?
tony

KOPBET
08-22-03, 02:16 PM
Rather users of WIN/ME should reformat and install W2K or XP.

Rob
08-22-03, 11:03 PM
Originally posted by oldace84
Also of some note, for users of WIN98/WIN98SE/ME/, should go to microsoft update page and get the latest explorer fixes/updates. WIN XP also.
Right?
tony Right. If you use MS Windows/Explorer, make sure you update your web browser periodically.

Rain
08-25-03, 12:14 AM
New turn of events:

A new policy from China's governing body states that all government ministries must buy only locally produced software at the next upgrade cycle.
The State Council's move, aimed at breaking the dominance of Microsoft on desktop computers, will eliminate Microsoft's Windows operating system and Office productivity suite from hundreds of thousands of Chinese government computers over the next few years.
Gao Zhigang, an official with the Procurement Center of the State Council, told reporters that the new policy will be in place by year's end.
At a special congress held to encourage ministries to upgrade to WPS Office 2003, a China-made office productivity suite, Gao said the government will purchase only hardware preinstalled with domestic operating systems and applications. Those seeking exceptions will need to submit a special request.

cntrhub
08-25-03, 01:03 AM
Since I don't use Norton or other Firewalls anymore, I can tell when I have an infected computer. I open My Computer, click C:, then Windows, click Show Files. I click Temp Internet Files, go to the top bar, click Edit, then click Select All on the drop down box. Then to the left, I click File, select Delete at the drop down box, hit it, and watch the icons clear. Now if something stays in the Temp File folder, I know I have a problem. If I see a clear file with no icons, I'm home free. Just to make sure, I reboot, and go right back to Temp Files before loggin on to the internet. I open it and hope no icons are showing. IF none pop back on, I have a virus/bug/worm free computer. You can do the same with Temp also. Just thought I pass that along if you're wondering if your anti-virus is working.

Ken
08-25-03, 01:38 AM
I haven't had anything come back since I first caught it the other day. I deleted the suspicious files and cleaned out any cookies I didn't want (I now watch that on a daily basis. ;)), now things are clear. I haven't even had an "endad" pop-up in weeks--knock on wood. :eyerole

And I'm tellin' you guys, I never, ever visited a porn site--I can't afford it! :L

_ken :w

Rain
08-28-03, 10:13 PM
Triggered by a Microsoft's full-page "Protect your PC" ad in the Wall Street Journal, Russ McGuire wrote a column about How Microsoft Fuels Internet Terrorism in the way its develops and distributes Windows, offering a solution to the problem:
Bottom line, thanks to the powerful tools (or should I say weapons) that Microsoft has built into their products, criminals now dominate the Internet. Common citizens don't feel safe anymore. They fear that their thousand dollar computer investment will be destroyed by these criminals, and due to the increasing unusability of the Internet, in many respects they already have been. I hate to say it, but maybe these terrorists have won.
In their full page ad, Microsoft provides three "simple" steps to protect your PC. I'd like to propose a different solution - a single step solution: Either buy a Mac, or switch to Linux.

67HEAVEN
08-29-03, 07:23 AM
Originally posted by Rain
I'd like to propose a different solution - a single step solution: Either buy a Mac, or switch to Linux.

I am certainly no fan of WinDoze, but wanna bet that if everyone switched to Mac or Linux, the virus-writers would too. No code is completely safe........the virus-writers are simply going where the action is.

We switch......they switch. You can take that to the bank.

KOPBET
08-29-03, 07:27 AM
Originally posted by 67HEAVEN
I am certainly no fan of WinDoze, but wanna bet that if everyone switched to Mac or Linux, the virus-writers would too. No code is completely safe........the virus-writers are simply going where the action is.

We switch......they switch. You can take that to the bank.

Agreed. And Linux has NEVER been "safe".

Gorgon
09-03-03, 07:10 AM
Originally posted by KOPBET
Agreed. And Linux has NEVER been "safe".

In what way?

KOPBET
09-03-03, 07:56 AM
For example, this is a list of OS vulnerabilies in 2001 as of October 2001.

http://www.zdnet.com.au/shared/images/newstech/Table1WinLin.gif

Bugtrax 2000:

http://www.zdnet.com.au/shared/images/newstech/Table2WinLin.gif

Where is Linux on these lists?

Gorgon
09-03-03, 10:59 AM
Interesting. Do you have a link to the article? Or an explanation of the vulnerabilites? I've seen people lump Apache vulnerabilities in with Linux when they are two different things. I see that IIS 4 is listed separately from WinNT4, yet I don't see a separate listing for IIS for Win2k. Did it just not make the list? Or are those vulnerabilities lumped in with Win2k.

From 2000 to 2001 Win2k dropped its number of vulnerabilities from 52 to 24. Is this due to patching and updates supplied by MS? This would seem to be the case. So in the year that RH 7 was in the market no one bothered to patch the system?

Now I don't believe that Linux is Fort Knox. I'm just curious as to how some of this really compares and how this list looks for 2002 and 2003.

Leon

oldace84
09-03-03, 11:23 AM
My antivirus program (Norton), always on, even checks my e-mail.
Just an update. Only $14.95 for a year of updates, nothing is free anymore.
Just an FYI.
tony

Gorgon
09-03-03, 11:26 AM
Never mind. I found the web site where this data was collected. Hardly an accurate comparison. I leave you with a quote from the website.


Several things should be taken into consideration when interpreting these numbers:

* These numbers are dated; the collection and calculation of data stopped in early August 2001 due to a site migration issue. We are currently working on this issue and should have it resolved in the near future.

* There is a distinct difference in the way that vulnerabilities are counted for Microsoft Windows and other operating systems. For instance, applications for Linux and BSD are often grouped in as subcomponents with the operating systems that they are shipped with. For Windows, applications and subcomponents such as Explorer often have their own packages that are considered vulnerable or not vulnerable outside of Windows and therefore may not be included in the count. This may skew numbers.

* This is a simple raw count of the vulnerabilities in our database that are associated directly with an operating system. The factors mentioned above were not taken into consideration when generating these graphs.

The numbers presented below should not be considered a metric by which an accurate comparison of the vulnerability of one operating system versus another can be made.



Seeing as how I cannot uninstall IE from a Windows install and I can uninstall ANY of the "subcomponents" from Linux, I don't see how they collect the data the way they did. I find little valid information in any of this data.

Leon

Ken
09-03-03, 12:38 PM
Ok, we all know that I am a moron, but how on earth do I get rid of a message that's infected on the server but not downloaded yet. McAfee's VirusScan tells me that there is a tainted message, and that it's been deleted, but my mail just sits at the server and won't come to me. Every time Outlook goes to retrieve the mail, McAfee alerts me to a virus, but the message with a virus must be holding up delivery of the rest. It seems that I must delete it from the server before things will work again, but for the life of me I cannot remember how I remedied the situation the last time, and it was only a few weeks ago! :hb

http://corvetteobsession.homestead.com/files/misc/VirusScan_alert.bmp

;help

KOPBET
09-03-03, 01:03 PM
The point of the post was not to compare one against the other. The point was that "switching to Linux" will not protect your PC. Linux has a ton of its own vulnerabilities. But, since you questioned the above, consider this:

Microsoft Windows XP and Red Hat Linux 7.2 were released within a few weeks of each other. Both are still current and are actively supported by their respective vendors:

For Red Hat Linux 7.2, go to the Red Hat "errata" page https://rhn.redhat.com/errata/ and from there to the page specific to version 7.2 https://rhn.redhat.com/errata/rh72-errata.html. You'll see that, to date, Red Hat has issued 170 or so patches and updates (mostly for security issues; that's what the "broken lock" icon means) for that Linux version.

Next, do the same thing for XP Professional, starting on Microsoft's errata page, the HotFix & Security Bulletin Service (http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/security/current.asp?productid=121&servicepackid=0&submit1=go&isie=yes); use the pull-down menu to isolate just the XP-related items. You'll see that the page lists about 34 XP-specific patches and updates to date.

Maybe that's not a fair count. XP is the newest Windows version, but RH 7.2 isn't the newest Linux version. Red Hat's newest version is actually version 9.0, so let's look at that. Its errata page lists about 44 security patches and bug fixes issued since the operating system has been available.

"Linux will make you safe and protect you from the Microsoft plague!"

uh huh.

Gorgon
09-03-03, 01:38 PM
I understood the point of the post, Linux is not as secure as some think. I was just taking the time to differentiate OS vulnerabilites versus system vulnerabilites.

Red Hat is one of the largest distributions of Linux in that it includes a large number of programs so that you don't have to go to different sites and download all your favorite programs. This includes Ximian Evolutions (for mail), Mozilla (web browsing), Apache (web server), GIMP (Graphics), Open Office (Office suite),etc. I remember seeing an errata to patch a vulnerability in TuxRacer, a video game. To make a valic comparison, I guess you would have to filter through the vulnerabilites that are listed for RH and determine which are OS/kernel related and are included program related. If you compare this to a distribution such as Slackware, the number of vulnerabilites are greatly reduced due the lack of included packages in the distro. RH9 is three CD's worth of binary installs while Slackware 9 is one.

As to XP, they only list OS fixes. This list does not included IIS, IE, Office, let alone any third party program that the user may install that will compromise their system.

I think we are both on the same page as to PC security. I just felt the need to expand on some of the data presented.

Leon

KOPBET
09-03-03, 02:41 PM
Yep we're probably on the same page and that is good.

Ok, I'll throw in the 15 or so IE hot fixes and cumlative patches, as long as we don't count just Linux kernel issues since most 'nix vulns aren't with the kernel anyway, they are program problems like buffer overflows in stuff like sendmail, KDE, RPC, telnet, Apache, etc. And of course MSOffice isn't bundled with XP either, and, just like Apache or sendmail, you don't have to install and use IIS, SQL or Outlook. Or use I.E for that matter. Amazingly, the worms every one hears about these days are only able to exploit KNOWN vulns because admins and others don't take the time to obtain a freely available and easily installed patch. If admins would have patched SQL and IIS, worms like slammer, code red wouldn't have been able to do what they did, regardless of whether it was Windows or Linux (slapper, scalper) that was the base OS.

And don't forget ... the Klez virus runs on Linux platforms now too! (along with ELF and others).

What really gets my goat is when people who get hit by a worm or virus that exploits a known vulnerability that has had a fix for several weeks or months (i.e code red), bashes MS to high heaven when they themselves failed to keep their own house in order by patching! [Step off soapbox].

I have used and enjoyed MS products for years and they even help pay for everything I own so I probably won't throw the baby out with the Linux or Mac bathwater. And, as long as I do my job and keep the systems I'm responsible for updated and patched, I will hopefully continue to have a ... CORVETTE!!!
:beer

johnl
09-03-03, 02:48 PM
Well said KOPBET.
:m

Gorgon
09-03-03, 03:17 PM
Originally posted by KOPBET
If admins would have patched SQL and IIS, worms like slammer, code red wouldn't have been able to do what they did, regardless of whether it was Windows or Linux (slapper, scalper) that was the base OS.

And don't forget ... the Klez virus runs on Linux platforms now too! (along with ELF and others).

What really gets my goat is when people who get hit by a worm or virus that exploits a known vulnerability that has had a fix for several weeks or months (i.e code red), bashes MS to high heaven when they themselves failed to keep their own house in order by patching! [Step off soapbox].



Very well said. This is the very problem I have with many computer users and admins. They don't take the time to make sure their systems are up to date and then complain when they get compromised. Ironically, many have no idea that they are even compromised. That's the really scarey part.

:beer

Leon

Ken
09-03-03, 07:47 PM
Originally posted by Ken
Ok, we all know that I am a moron, but how on earth do I get rid of a message that's infected on the server but not downloaded yet. McAfee's VirusScan tells me that there is a tainted message, and that it's been deleted, but my mail just sits at the server and won't come to me. Every time Outlook goes to retrieve the mail, McAfee alerts me to a virus, but the message with a virus must be holding up delivery of the rest. It seems that I must delete it from the server before things will work again, but for the life of me I cannot remember how I remedied the situation the last time, and it was only a few weeks ago! :hb

http://corvetteobsession.homestead.com/files/misc/VirusScan_alert.bmp

;help

JrdnsEdu
09-03-03, 08:15 PM
Ken- I do not have Mcafee (Norton user) but I went to their web page for ay and looked in their help contents. Maybe this will help?

They have a walk-thru drop down system called 'Answer Center'.


Configuring Account Properties in Version 2.9

Right-click on the SpamKiller icon by your system clock.
Click Open.
In the left pane, click Accounts.
In the right pane, click Properties.
The Account Properties window appears. Click the Events tab.
Select do not run any programs for all four event types.
Click OK.
Configuring Account Properties in Version 4.x

Right-click on the SpamKiller icon by your system clock.
Click Open.
In the left pane, click Accounts.
In the right pane, click Properties.
The Account Properties window appears. Click the Events tab.
Uncheck the box next to run e-mail program when new mail arrives.
Click OK.

67HEAVEN
09-03-03, 08:15 PM
Well Ken, you could provide me with your Incoming eMail Server Address, your eMail User ID and your Password, and then I could blow it away..... :D

Better yet, call your ISP Tech Support line and have them do it for you. :w

Ken
09-03-03, 09:01 PM
Originally posted by JrdnsEdu
Configuring Account Properties in Version 4.x

Right-click on the SpamKiller icon by your system clock.
Click Open.
In the left pane, click Accounts.
In the right pane, click Properties.
The Account Properties window appears. Click the Events tab.
Uncheck the box next to run e-mail program when new mail arrives.
Click OK.

That is the way I've always had it set up. ;)

Bob, if tech doesn't get anywhere or rather, I can't get through to them, you'll be hearing from me. My mail keeps building up again just like the last time. I wish I could remember what it was that cleared it before. :hb

Why did I ever get into the Internet??? If I could just get my hands around the throat of just ONE of the idiots that dreams this **** up (viruses), I swear I'd kill them!!!!!!! Why doesn't someone make an example of one of them? :r

KOPBET
09-03-03, 09:10 PM
Ken,

I'm not trying to be a smartass, but just turn of the AV until you get the mail and then delete it. Klez affects I.E 5.01 and 5.5. which I doubt you have. Check and be sure. Turn your AV back on afterwards.

Ken
09-03-03, 09:14 PM
Turn it off? In today's mood of distrust?? Are you sure of that? I'll do it if it's safe. :confused

KOPBET
09-03-03, 09:22 PM
3 questions:

Is your XP up to date?
Is your IE up to date?
Will you NOT open ANY attachments?

If you can answer yes to all of these then you will not be harmed by Klez.

Ken
09-03-03, 09:26 PM
Yep, yep and yep. I'll try it, thanks.

Ken
09-03-03, 10:12 PM
That worked. I told you I was a ****ing moron. :hb

Thanks. :upthumbs

KOPBET
09-03-03, 10:20 PM
:beer

And all this time I thought FM stood for ****ing magic ;shrug

Rain
09-04-03, 01:54 PM
http://www.komotv.com/stories/27000.htm
_________________________________


September 4, 2003

By KOMO Staff & News Services

SEATTLE - Those of you using Mac OS or Linux can relax this time, but those using MS Office on Windows, take note: Microsoft has issued some more security alerts.

Microsoft is reporting five new flaws in its software, including one of "critical" severity that affects nearly all programs in its Office suite of software.

The critical vulnerability could allow an attacker to read files on a victim's computer or run programs. To be successful a person would have to open a tainted email attachment.

The flaw appears in nearly all programs included in Microsoft Office 97, 2000 and XP (Word, Excel, PowerPoint and Access).

It also affects Visio 2000, 2002 and Project 2000 and 2002.

The other four vulnerabilities affect Microsoft Office, Access, Word and Windows, and include flaws of lower severity.

Microsoft has disclosed 38 security flaws so far this year.

For More Information:

microsoft.com

bossvette
09-04-03, 03:16 PM
My mcafee picked up several today, I deleted them. I would like to see one of those virus writers hung from a tall tree.

On a lighter note I got this virus warning today:

AFFECT THOSE BORN PRIOR TO 1960.
SYMPTOMS: Causes you to...
1. ...send the same e-mail twice
2. ...send a blank e-mail
3. ...send e-mail to the wrong person
4. ...send e-mail back to the person who sent it to you
5. ...forget to attach the attachment
6. ...hit "SEND" before you've finished
7. ...hit "DELETE" instead of "SEND"
8. ...hit "SEND" when you should hit "DELETE"
It's called ... the C-NILE VIRUS...

Now I know what has been affecting me
:duh

Ken
09-04-03, 06:32 PM
:L Craig, sounds like myself, why'd ya hafta single me out? ;LOL

bossvette
09-04-03, 07:21 PM
.
why'd ya hafta single me out?
Ken
I am not singleing you out, I suffer from it also,as I am sure some others as well. I also have oldtimers disease, I go out to the barn to get a tool I need to do something in the house and forget what it was I needed then I have to go back in to see what I was doing, then hope I remember when I get back out at the barn what it was I wanted in the first place. Confusing to say the least
Craigsr

Ken
09-04-03, 07:26 PM
I realize that Craig, I was just joshin' ya. ;)