Microsoft Worm

Okay, answer this one for me: Why do people continually get attacked by
these worms? If you and I could create a firewall with the solutions
that were posted here, why is it that people are still getting attacked
successfully.

I have a LinkSys Wireless-B 4 port router/switch, and I use Zone Alarm
(save the spyware issues for another post). I wasn't even phased by the
worm.

To my surprise, Comcast was affected by it and it was very detrimental.
Why? Where is the network administrator and why is Comcast not securing
their network. If hackers can't see you, they can't hurt you, right?

Okay, so its a bit of naivette on my part, but that does hold true in
most cases regarding Internet security.

What is the opinion of the security professionals in a.c.s.?

Dino

Dean Palladino

Dean Palladino wrote:

> Okay, answer this one for me: Why do people continually get attacked by
> these worms? If you and I could create a firewall with the solutions
> that were posted here, why is it that people are still getting attacked
> successfully.

Because Windows doesn't ship with a personal firewall turned on BY DEFAULT,
that's why.


> I have a LinkSys Wireless-B 4 port router/switch, and I use Zone Alarm
> (save the spyware issues for another post). I wasn't even phased by the
> worm.
>

There's some variant code kicking around that by-passes Zone Alarm. You
ain't seen nothing yet. This worm was just a warning...


> What is the opinion of the security professionals in a.c.s.?

Use a Mac or Linux.

In article <> ,
says...
> Okay, answer this one for me: Why do people continually get attacked by
> these worms? If you and I could create a firewall with the solutions
> that were posted here, why is it that people are still getting attacked
> successfully.

Most people get hacked because they think of the internet as they do
their toaster - it's there and it works and I don't have to know more
about it.

In reality I would place most of the blame on the ISP's - they know that
people are easy targets and that for about $50 they could provide them
with simple NAT Routers that would block most of the attempts. If they
provided them with NAT Router and Antivirus software it would fend off
most of the hacks out there.

As for this worm, anyone having a simple NAT Router would have been
safe. People with personal firewall software, where they didn't
misconfigure it, would be safe.

Most people have no clue about their computers, their software, and even
less about dial-up connections.

--
--

(Remove 999 to reply to me)

People who pay regular attention to windows update would be safe as well.

--
Jeff Umbach

"Leythos" <> wrote in message
news:...
> In article <> ,
> says...
> > Okay, answer this one for me: Why do people continually get attacked by
> > these worms? If you and I could create a firewall with the solutions
> > that were posted here, why is it that people are still getting attacked
> > successfully.
>
> Most people get hacked because they think of the internet as they do
> their toaster - it's there and it works and I don't have to know more
> about it.
>
> In reality I would place most of the blame on the ISP's - they know that
> people are easy targets and that for about $50 they could provide them
> with simple NAT Routers that would block most of the attempts. If they
> provided them with NAT Router and Antivirus software it would fend off
> most of the hacks out there.
>
> As for this worm, anyone having a simple NAT Router would have been
> safe. People with personal firewall software, where they didn't
> misconfigure it, would be safe.
>
> Most people have no clue about their computers, their software, and even
> less about dial-up connections.
>
> --
> --
>
> (Remove 999 to reply to me)

In article <3f3b81fc$0$18274$>,
says...

> Because Windows doesn't ship with a personal firewall turned on BY DEFAULT,
> that's why.
>

Windows shouldn't ship with a personal firewall turned on by default.
However Windows Server 2003 does install locked down by default.

OS should only be that: an OS.

In article <>, tpacpl1220
@netscape.net says...
> The real question should be, " Why do people continue to use such crap
> software like Microsoft?"

You've got it wrong - the real question is why don't ISP's provide a NAT
device or personal firewall for ANYONE connecting to their services?

The MS Bashers seem to forget the weekly vulnerabilities found in Linux
and the others found in non-MS OS's.

If the ISP's were to provide some instruction and blocked ports that
don't need to be exposed to the internet for the common OS's it would
prevent most of the problems. Blame the ISP's, not MS - if every ISP
would block ports 135~139 and a hand full of others, the net would be a
much nicer place.

--
--

(Remove 999 to reply to me)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bit Twister wrote:
>> If the ISP's were to provide some instruction and blocked ports that
>> don't need to be exposed to the internet for the common OS's it would
>> prevent most of the problems. Blame the ISP's, not MS - if every ISP
>> would block ports 135~139 and a hand full of others, the net would be a
>> much nicer place.
> Yes, it is the ISP's fault for not blocking ports for services
> that Micro$loth should have disabled on install.

I hate M$ as much as anybody, but the same is true of a good number of
Linux distributions. It may have changed recently but last time (a year or
two ago I guess) I fired up vmware to have a peek at a few distributions
they all had tons of crap in startup scripts and inetd.conf enabled that
shouldn't be.

There's pretty much two very simple things Microsoft have been slow in
doing. Fixing its email clients to not automatically execute every freakin
scripting language supported by the OS when simply previewing a message,
and firewall enabled by default. It is getting there. Real slow.


- --
Frode

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQA/AwUBPz5yPeXlGBWTt1afEQLm5gCgk2lbKq0hJ3j64NsD+7/kAk7WqucAniHa
vsP79wh00LYgZi4vjtE81jxE
=mW81
-----END PGP SIGNATURE-----

In article <>,
says...
> In article <>, tpacpl1220
> @netscape.net says...
> > The real question should be, " Why do people continue to use such crap
> > software like Microsoft?"
>
> You've got it wrong - the real question is why don't ISP's provide a NAT
> device or personal firewall for ANYONE connecting to their services?
>
> The MS Bashers seem to forget the weekly vulnerabilities found in Linux
> and the others found in non-MS OS's.
>
> If the ISP's were to provide some instruction and blocked ports that
> don't need to be exposed to the internet for the common OS's it would
> prevent most of the problems. Blame the ISP's, not MS - if every ISP
> would block ports 135~139 and a hand full of others, the net would be a
> much nicer place.

Again you miss the point - MS uses ports 135~139 for network traffic -
they use it as a base part of the OS so that it makes life easier for
networking in LAN/WAN environments. While the flaw in RPC is not
something I defend, the fact that ISP's have know about RCP traffic on
their networks for years and have done nothing about it is the root of
the problem.

I'm not a MS Lover, I don't care about the company. I have MS NT4, 2000,
XP, AIX, SCO and a couple other OS's here.

ISP's should be responsible for installing a NAT router at the least for
every customer - for business accounts they should require a firewall.
This will keep the broadcasts and inbound traffic down and prevent
ignorant users from being compromised.

You will find that 135~139 is needed in a normal business network - it's
part of the OS. There is NO NEED to allow 135~139 outbound or inbound
from a personal or business network. If you want remote access you
create a VPN connection.

So, don't bitch about MS, they provided a patch before this hit.

If they disabled everything by default 90% of the users would never be
able to us their computers and then you would be bitching about that
too.

People use MS because it's got TONS of support, works well, is as easy
to use as the next OS, supports more hardware/software than any other
OS, and is cheap.



--
--

(Remove 999 to reply to me)

On Sat, 16 Aug 2003 19:14:49 GMT, Leythos wrote:

> ISP's should be responsible for installing a NAT router

I do not want MS stupidy costing me money to us a service.
Now, if the ISP makes it a requirement for NAT routers for
MS users, ok I go along with that.

> Again you miss the point - MS uses ports 135~139 for network traffic -
> they use it as a base part of the OS so that it makes life easier for
> networking in LAN/WAN environments. While the flaw in RPC is not
> something I defend, the fact that ISP's have know about RCP traffic on
> their networks for years and have done nothing about it is the root of
> the problem.

Nope, there is no good excuse for shipping product with the services
enabled. MS has plenty of wizards to allow the user to turn them
on if required.

Third Party Software install wizard can ask user if user wants
port opened if required.

On Sat, 16 Aug 2003 20:20:43 GMT, Leythos wrote:

> Do you hammer the Open Source community and Red Hat when they provide
> products that have holes in they too or do you just slam MS?

That is a related problem.

> Thanks for the conversation, it was good to chat about this, but we have
> two different views on the causes of internet related problems and how
> they could easily be corrected.

Yes, I just cannot see why everyone else has to limp when Microsoft's
leg is broke.

You would think that with the history of viruses/worms MS would
implement basic security settings during install.

They finaly bought a firewall product. Was it enabled during install
on Home XP. Why have they not put those in products and Service Packs
to clean up basic security holds on current products. They updated
Internet Explorer for 98.

Yes the User has to load the SP. MS needs to at least _start_ putting
out the forest fire instead of hauling logs to the fire.