Go check for viruses. Now!

There’s a new worm afoot. It scans the victim’s systems for e-mail addresses and generates virus e-mails to them, all with forged senders of course. My inbox already receives several hundred virus e-mails per day.

Here’s a document with more details:
http://www.f-secure.com/v-descs/swen.shtml

I keep getting the one purporting to be a Microsoft security patch, but I’m not stupid enough to open it. It really is a good idea to keep up to date with the genuine Microsoft updates. Virtually all of the recent viruses are exploiting holes that Microsoft have plugged, but people haven’t got around to installing the fix. If you’re not happy about having WinUpdate check automatically, at least run it manually at regular intervals,

Seems to pretend either to be Microsoft update, security update, or a “returned email”!

Exactly. The real problem with this one is that you can’t do anything to protect yourself from having your inbox clogged with this crap. When I logged back on today MailWasher found 640 messages – all worms. Maybe I accidentally deleted a real e-mail in-between – I wouldn’t know, there’s no way I can check all those messages.

Damn those idiots who have no firewall, no virus scanner, don’t apply the real MS security updates, are constantly connected to the Internet, and don’t even notice that a worm is happily sending messages through their connection all the time. :evil:

I think a lot of the problems are caused by large companies and organisations who have maybe 1000 PCs, but only allow the 6 person PC support team to install the official MS patches, which is obviously going to take time, particularly if the PCs are spread over more than one geographical location. In the UK at the time of the blaster worm, companies were complaining that they hadn’t had enough time to apply the fix.

Of course there are a number of ways around this, such as allowing individual section heads to apply the update in their own office/locality (it’s hardly rocket science), but then you start getting involved in internal company politics where the actual needs of the business often don’t take first place.

[dbl post]

6 IT support guys? Luxury! Our office of 500 PCs gets by with only two warm bodies. The key is to automate certain aspects of the job.

For example, there are remote management options that an IT department can run as Windows 2000 and XP services to “push” patches to all the machines in the company at the same time.

Damn the computer industry for making it so complicated that lay-people need to know about things like firewalls, security upgrades, virus scanners and givingn us constant connectivity to the internet, do you mean? Where do you get the idea that the bad design of an industry is somehow the fault of the consumer that was sold all of this stuff but not given proper warnings or education about how to use it? :roll:

I was following the standard internet procedure of plucking figures out of my arse :) .

Even though its a bitch to set up and get working right, SUS alone would make me buy some MS employees a beer if they are in Central Arkansas.

Give me a break and drop the victim attitude. Are you complaining about car makers that let you start your car without fastening your seat belt? Hey, it’s way more dangerous!

These issues have been around for a while and get a lot of publicity. Yes, operating systems should come with an enabled firewall and virus scanners out of the box but there’s no excuse to have a broadband connection today (56k dialups are hardly responsible for the spread of the recent worm) and not be aware of possible security issues when connecting to the Internet. Hell, even my mother knows how to run a virus scanner.

The computer industry is in the same condition as, oh, the automobile industry before Nader’s Unsafe At Any Speed. Sure, every once in a while a horrible disaster happens, and they fix it, but the practices of the entire industry just aren’t done with security in mind. Microsoft appears to be trying, for one, but I still don’t think they get it.

Microsoft appears to be trying, for one, but I still don’t think they get it.

If Microsoft “got it” they wouldn’t have this imbecilic programs-as-data concept for email and other forms of Internet access. The very idea of getting email which runs a program is just stupid, as is anything even vaguely associated with Active X. Java as an applet language is a dumb idea too*, not MS’s fault, but then they picked it up and ran with it with all their other dumb web client scripting crap. And I still don’t comprehend how buffer overflow attacks on servers are possible when programmers have understood the concept for at least 10 to 15 years now. What part of the integer return value of the “read” system call don’t they understand?

*Java is a nice application programming language, though; it’s just applets are stupid.