Current worm warning should be taken very seriously, immediately

Current worm warning should be taken very seriously, immediately

Summary: If you're like me, then you're probably one of those people who often procrastinates when Microsoft's Update component either tells you it has updates to install, or asks if you want to reboot now or later (after installing an update). Because of whatever applications I have open, what's going on in those apps, and what a pain it would be to get back to that state, the loss in productivity means that I can almost never afford to reboot when Microsoft Update wants me to.

SHARE:
TOPICS: Malware
21

If you're like me, then you're probably one of those people who often procrastinates when Microsoft's Update component either tells you it has updates to install, or asks if you want to reboot now or later (after installing an update). Because of whatever applications I have open, what's going on in those apps, and what a pain it would be to get back to that state, the loss in productivity means that I can almost never afford to reboot when Microsoft Update wants me to. Generally speaking, I file the thought away in my head as "I'll do it later, just before dinner, when I can gracefully shut all my apps down."  But then dinner comes, some of those apps are still running with half-completed work (eg: Wordpress with a blog post publishing form half-filled out and an an important item in the clipboard that I don't want to lose), and I don't reboot. This morning, Microsoft Update was nagging me again and I'm glad it was.

Compared to other nags -- even ones for viruses (I sometimes put those off too) --  this is one nag you don't want to procrastinate with.  The current round of updates includes protection for a worm that most security experts are saying is inevitable.  That doesn't mean its inevitable that you're going to get it.  That means the worm's existence --  in other words, its release onto the Internet -- is a sure bet.  Not that I'd suggest putting off updates that address viruses. But viruses, generally speaking, require some action on your behalf in order for you to get infected.  For example, opening an infected e-mail attachment or downloading and opening some sort of software from the Internet that hasn't been pre-tested for an infection can result in your own infection (one of the advantages of getting software from ZDNet's sister site Download.com has long been that all software is pre-tested: the tagline "Safe, trusted, and spyware-free" says it all).

As far as I know, it has been a very long time since any of my systems has gotten a virus and some of them don't even have anti-virus protection on them. One reason those systems are virus free (especially the ones without A/V protection) is that best practices can go a long way towards preventing infection. Although it's not a guarantee, I don't open e-mail attachments from just anyone and there are certain types of attachments I'll never open. I almost never open e-mail attachment by double-clicking on them. Instead, I detach them and will sometimes open them using a separate Virtual Machine-based instance of Windows XP that can afford to be infected. I also prefer to run at least some of my systems in a lesser privileged user (LPU) mode.  In other words, the user ID does not have administrative privileges which in turn raises another barrier to some viruses, which like other legitimate software, simply can't install themselves under the limited access control rights that are available to the LPU.

But worms are different.  You don't have to do anything for a worm to wriggle its way into your system. With no assistance from you, worms essentially find their way into your system through a backdoor and once they're in, devastation can follow.  Some of the worst exploits in PC history were worms.  Slammer, Blaster, Code Red, Sasser, and Zotob come to mind.  Not only can a worm do an incredible amount of harm to your own systems, it can deputize your system in an effort to spread itself to other systems, essentially turning your system into a Typhoid Mary. This is one reason why it's even super critical for businesses to patch their systems immediately because once a worm gets behind a company's firewall, there isn't much that protects the other systems on the network from becoming infected.

It's exploits like the expected worm that Microsoft considers to be so critical that, in the interests of protecting the Internet (which sometimes can be completely overwhelmed by the traffic that results from worms) as well as its legitimate customers, the Redmond-based software giant will even patch pirated version of its operating system just to keep the exploit at bay.  And anytime Microsoft is willing to patch even pirated versions of its software, you know it's serious. So, trust me on this one.  Right now, save all your work, copy whatever is in your clipboard to a Notepad or word processing file, copy any open URLs that you want to return to into that file as well, save it, and run Microsoft Update.  I know it's a hassle.  But it's nothing compared to the hassle you could be in for if you put it off much longer.

Topic: Malware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

21 comments
Log in or register to join the discussion
  • Clipboard

    There are various free programs which will allow saving and managing what's on the clipboard without making a special effort.

    I've used Clipboard Magic, just as an example:

    http://www.cyber-matrix.com/cmdownloads.html

    Ever had one of those moments when you've copied something into the clipboard and realized you've just displaced something else you've needed?


    Also, I take it you don't turn off your computer at night. Might be superstition, but I think self-healing goes on while the computer is shut down.

    That would also make a good opportunity to install updates. Windows does the install, then turns the computer off, so you don't have to be concerned with how long the process requires.
    Anton Philidor
  • Antivirus!

    I can believe that ignorant people still have machines without virus protection. That someone that is knowledgeable does so is unthinkable. That someone that writes a technical article and tries to justify not running an AV program is the same as our president in South Africa who does not believe that aids exists and our previous vice president that had unprotected intercource with a known HIV positive woman and thought that showering afterwards will clear him!!
    hcb_z
    • The systems I run without A/V...

      .. run in virtual machines and I use them for testing.... testing that I don't want the A/V to interfere with at all.

      db
      dberlind
      • Testing

        I do exactly the same thing, since I also test viruses against various AV software, since I've been collecting viruses for years, and AV's are after the horse left the barn anyway.
        JG
        john_galt@...
    • Steve Gibson doesn't use A/V

      FWIW, at Steve Gibson's site, www.grc.com, I read recently where he (of SpinRite fame) does not use A/V software. And he made no mention of operating with VMs. But he says his operating practices are scrupulously careful, and thus he's never had a problem (I'm paraphrasing from memory).
      spike46
      • I used to not either

        The only reason I have antivirus is because the VPN software I use to connect to work requires that I have antivirus installed and up to date. Prior to this, I never had antivirus installed, and never got a virus.

        Also, I don't have, and never had, antispyware software installed. And I've never had a spyware infection.

        How do I do it? Easy: I run as a limited user; I keep my machines up to date; I leave the Windows Firewall turned on; I don't install apps like Kazaa that come bundled with malware; I don't run malicious e-mail attachments; I keep an eye on what's running on my machine and would know when something doesn't look right.

        Should "typical" users go without antivirus and antispyware? No way. They need this protection because they do stuff like install Kazaa and double-click email attachments. They wouldn't recognize a suspicious EXE in Task Manager if they saw one. They run as administrator and follow that porn site's instructions to click the gold bar and install that ActiveX control. Thus, the average user needs extra protection.
        PB_z
  • The End of the Beginning

    This latest indignity will likely put additional pressure on
    Microsoft to ship Vista and the promise of security that comes
    with it. The promises are the same promises that came with XP.
    Most secure ever is the claim. Hope springs eternal. Meanwhile
    there are indications that the network stack in Vista is what they
    say it is, brand new and largely untested. Claims of security may
    be considered optomistic or dead wrong, but it doesn't matter. If
    this is new code those claims should not have been made. The
    testing has not been done. Even if Vista ships with better out-
    of-the-box security, the challenges that a untried stack brings
    to stability are huge.

    The tree-house meetings of the Windows comiseration club
    should end. Time after time, the Windows centric and largely
    Windows sponsored ZDNet has validated the Windows choice.
    The complaints are the largest validation. They send the
    message that the status quo and the conventional wisdoms are
    available for criticism, but not for abandonment. This is
    codependancy. It's unhealthy.


    To truly take the latest Windows security threat seriously, one
    has to seek viable alternatives to Windows. It's that simple.

    Throughout the Windows landscape we are watching these
    ballons pop. One by one people are getting fed up. They are
    switching. It doesn't matter what they switch to. It doesn't
    matter if they switch back. What it does, is for a period of time,
    takes money out of the Microsoft coffers, evens the competetive
    landscape, and introduces a new experience. It frees the logic
    gate and endorsed diversity and interoperability within that
    diversity.
    Harry Bardal
    • Why?

      "To truly take the latest Windows security threat seriously, one
      has to seek viable alternatives to Windows. It's that simple."

      I've been a "cracker" and "hacker" (before hacker became a dirty word, thanks to some idiots) for years, and mostly for my own amusement.

      There will never be any such thing as a "secure system" regardless of what OS you decide to run or not. The fact that MS is the largest will always leave it open to attacks, and don't think for a second the "little guys" don't get their share of attacks.
      Lets put it this way, 'Anything that man creates, another man can distroy...and will.' That's been mankind's mentality since since he stopped scratching his underarms. The battle lines were drawn, when the first "back-door" was put in the first OS for testing purposes, and someone else discovered it.

      If you want perfect security, get off the net, and don't make contact with anyone.
      JG
      john_galt@...
  • Are you nuts, David?

    "I also prefer to run at least some of my systems in a lesser privileged user (LPU) mode. In other words, the user ID does not have administrative privileges which in turn raises another barrier to some viruses, which like other legitimate software, simply can't install themselves under the limited access control rights that are available to the LPU."

    *Some* of your systems? Some?

    The first law of computing is Thou shalt not run as Administrator. Period. Admin rights are for installing stuff and doing system maintenance.

    If you still have software that "won't" (notice the quotes) run except as Admin, then you need new software. There's just no excuse for running as Admin, especially for someone as embedded in the computer industry as yourself.

    Especially since novices are likely to use you as an example of best practices. Jeez.
    wolf_z
    • LOL

      "The first law of computing is Thou shalt not run as Administrator. Period. Admin rights are for installing stuff and doing system maintenance."

      I'd tell that one to the millions, of "New systems, with an installed OS" to the millions that have them sitting at home, not to mention them being on 'Dial-up', and deciding that DL'ing patches for hours is fun they can "get-off-on."
      I've been repairing computers and software issues for years, and less than 1% have ever not been on Admin login, and that includes a majority of Corp systems as well.
      JG
      john_galt@...
      • A is A/or The 1st law

        no one has ever told me NOT to run as Admin...yes, I'm a newbie..last year Microsoft and I had weekly contact that lasted for hours because my new (and first)PC crashed. Microsoft called me to inforam me it had crashed MY system.
        (by the way, that issue is still not resolved)..I,ve moved up and moved on..my roommate is alledgedly a pc pro(not hacker statis)and he runs as Admin and I do too..plus 3 other log-ons.....Should we not be ? I first read aynrand in '73 and re-read AS everyyear at new years ...so I trust what john galt would recommend...Thank you, dagny
        Dagny
  • You can always patch pirated Windows by downloading patches manually

    It's kind of misleading to say that this patch can even be applied to pirated Windows. Because if you download any security patches manually from Microsoft's site, you can install any of them on pirated Windows. (Except service packs, traditionally.)

    Maybe what you mean is that Windows Update will even patch pirated versions? That's slightly different, and noteworthy.
    PB_z
    • Eye Patches for Pirate Windows

      I have a legit installation of WXP Pro which, since the last WGA Validation update widget was forced into that computer, has continuosly failed to complete the WGA validation process. I have been "working" with MSFT tech support via email without any success. Consequently, just like the installations of pirated WXP, I have to laboriously download the security patches and install them. For me, there's no WG"Advantage" and, contrary to MSFT's goal of eliminating pirated installations of WXP, this problem has turned me into a pirate for any and all future installations of WXP but I think the real pirate here is MSFT for pirating away the genuine status of my legit installation of WXP.
      Golem
      • WGA fun!

        I've got 5 systems running on a home network, with a different OS on each of them. All but one are "Legit", and that's one copy of XP-Pro, since XP-Home sucks. I haven't got an issue with WGA, since getting rid of it, was nearly as much fun as getting it.

        Yes I have all the "patches" and handy-dandy updates. As I mentioned in another post, the "game was ON when the first back-door was found in the first OS. Of course MS screwed up with WGA as many frustrated customers with legit copies will attest to, but it's a bit late for MS to try and close the barn door, after the horses got out.
        JG
        john_galt@...
        • It's a pirate's life for me due to Microshaft.

          I, too, run a number of systems on a home network, Windows and MacOS. All but one WXP installation works with WGA validation. I am imminently going to get a new computer for one of my sons who is starting university. I won't be buying Dell/Intel/Microshaft, etc., I'll be buying one of the new Intel Macs and, Me Hearty, because of Microshaft's WGA screwing up a legit installation of WXP on one of my Dells, I will be running an illegitimate installation of WXP Pro on it. Har! Har!
          Golem
          • Pirates.. ELP

            Was one of my favorites, even before CD's . Back then I could not afford a Meridian, but appreciated. But I had a Thorens and other stuff....

            Anyway on the second side disc 2 of the Album (disc?) was Pirates the other song/title/tune on that side was "Fanfare for the Common Man".... Along with Pirates

            This was the mid to late '80's (Miami vice) Someone gave me a IBM 5150, yet at work I had Mac's, NeXT, Sun & DEC as well as IBM.

            I applaud your choice of looking at the alternatives, and Mac's are a great & convenient choice. (the Mac Pro & Macbooks are very interesting)

            But if interested
            I would also suggest looking at Linux.
            One place to start is
            http://distrowatch.com/dwres.php?resource=major
            another is
            http://system76.com/

            There are many others.......

            It is all up to what you may need or want...
            LazLong
          • Pirates.. ELP

            Was one of my favorites, even before CD's . Back then I could not afford a Meridian, but appreciated. But I had a Thorens and other stuff....

            Anyway on the second side disc 2 of the Album (disc?) was Pirates the other song/title/tune on that side was "Fanfare for the Common Man".... Along with Pirates

            This was the mid to late '80's (Miami vice) Someone gave me a IBM 5150, yet at work I had Mac's, NeXT, Sun & DEC as well as IBM.

            I applaud your choice of looking at the alternatives, and Mac's are a great & convenient choice. (the Mac Pro & Macbooks are very interesting)

            But if interested
            I would also suggest looking at Linux.
            One place to start is
            http://distrowatch.com/dwres.php?resource=major
            another is
            http://system76.com/

            There are many others.......

            It is all up to what you may need or want...
            LazLong
  • What About Firewalls?

    It would seem that even on an unpatched system, an attempt to attack a system with an operating 2-way firewall such as ZoneAlarm would trigger an intrustion alert that would result in it being blocked by even a moderately alert user. And surely the same thing would happen if there was any attempt to communicate back to the "Mother PC" or to look for other PC's to infect. Am I misunderstanding how either or both worms and firewalls work?
    JRobert345
    • Depends on the particular threat

      The vulnerability that this article refers to is in the Server service, which communicates via ports 139/445. On a home network, blocking these ports with a firewall effectively kills sharing files and printers between computers. Instead of blocking, restricting traffic on these ports to "local subnet only" will prevent outsiders from using this flaw to attack you (I believe this is the default situation with XPSP2). Though, if you bring an infected computer into your network, you are again vulnerable.

      Outbound filtering could help your machine from being used to attack other machines. Though, it might not prevent "Mother PC" communication -- probably because the worm would be set to use port 80 (used by HTTP and usually open in firewalls). I suppose if you restrict outgoing port 80 traffic to only certain EXEs (e.g. your web browser), then it would be more helpful.
      PB_z
    • Ditto

      ZoneAlarm will block the WGA call home feature, however that's only one of the issues wth WGA.
      john_galt@...