How I survived MSBlast

The other day, after I'd been online for a few minutes, my Windows 2000 PC started behaving oddly. Nothing serious -- it wouldn't let me disconnect my dial-up connection, and the cut-and-paste function stopped working -- but there had been enough front-page headlines about the MSBlast worm lately that I figured I'd better play it safe and protect myself.

That was the beginning of what turned out to be a mind-numbingly tedious and frustrating day, an experience which I fear has become all too common for Windows users as viruses become an increasing nuisance. One thing that came through loud and clear: the patching process is far too cumbersome for dial-up users -- who still account for most of the Internet population, after all -- and it's really no wonder there are so many insecure PCs out there.

MSBlast is different from the usual run-of-the-mill worms, which often spread via email, in that you don't have to do anything or even be running any applications to be vulnerable. I've found you can protect yourself from some of the worst security problems simply by using an email program other than Outlook. But a study carried out as MSBlast began to gain momentum found that a computer had only to be connected to the Internet for a few seconds before it was attacked. The worm seeks out computers with a known vulnerability, then exploits that vulnerability to insert code on the machine. Firewalls can keep the malicious code out, but the best protection is to install Microsoft's patch -- which has been around for a month.

I was working from home on a dial-up connection that day, and had thought to bring a copy of the Microsoft patch along on a disk, along with a MSBlast-removal program from Symantec. I executed the patch program. That was when I ran into my first problem of the day: I found I needed a service pack installed before I could use the patch -- Service Pack 2 or later.