SASSER WORM IS A BITCH!

[kurttrail]

Goodbye Joh,
This is a Help newsgroup. Not a political Form.
You make it so easy. Goodbye Troll.
The NetNut.

Look out folks! We got us another Serial Plonker on our hands! I bet
this Nutcase gets off every time it adds someone to it's kill-file.

Soon virtual killing won't be enough to sate the hunger of this Serial
Plonker. Serial Plonking, as we all know, is just the first step down
the road to becoming a Serial Killer.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei!"

 

[Vagabond Software]

With decades of code with little thought towards security, not just by MS
but throughout the commercial software market, how long do you think before
we see a Sasser-like bug before MS gets to release a patch?

One thing I will say about Microsoft is that they are damned good at getting patches out ASAP!

I recall waiting about six months for a patch to secure the NFS Server vulnerability in the 1.1 Linux kernel. The heinous thing about the NFS Server vulnerability is the Debian for Dummies book came with a Linux CD that installed and configured the NFS Server by default!

I also recall waiting several months for a fix to the Apache chunk vulnerability, but that may have been because the "fix" offered by Apache was to upgrade the entire server to the latest version, and it took us some time to plan that migration.

- carl

 

[kurttrail]

One thing I will say about Microsoft is that they are damned good at
getting patches out ASAP!

I recall waiting about six months for a patch to secure the NFS
Server vulnerability in the 1.1 Linux kernel. The heinous thing
about the NFS Server vulnerability is the Debian for Dummies book
came with a Linux CD that installed and configured the NFS Server by
default!

I also recall waiting several months for a fix to the Apache chunk
vulnerability, but that may have been because the "fix" offered by
Apache was to upgrade the entire server to the latest version, and it
took us some time to plan that migration.

- carl

http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=Microsoft+waits+patch+six+months

And MS has been doing too much bundling of CRITICAL UPDATES.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei!"

 

[Mike Brannigan [MSFT]]

http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=Microsoft+waits+patch+six+months

And MS has been doing too much bundling of CRITICAL UPDATES.

--

Kurt it is a very fine line between releasing critical patches that we
expect everyone to apply - and in corporate terms this can mean a
significant amount of man hours spent regression testing their entire
environment - in rapid succession, and rolling up a number of patches into
one.
Also there was in a number of cases a significant amount of deep
investigation required to prepare a patch. This ensured that the patch was
as comprehensive as possible for the vulnerability identified.

--
Regards,

Mike
--
Mike Brannigan [Microsoft]

This posting is provided "AS IS" with no warranties, and confers no
rights

Please note I cannot respond to e-mailed questions, please use these
newsgroups

 

[Vagabond Software]

http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=Microsoft+waits+patch+six+months

And MS has been doing too much bundling of CRITICAL UPDATES.

Well, unlike the case I mentioned with the NFS Server and Apache, Microsoft's decision to wait six months was apparently justified since there was not a single reported instance of a malicious exploit of the vulnerability.

By the way, what exactly are we looking for here? Are we looking for an Operating System that has no vulnerabilities? I guess I could recommend CP/M. Although it's been years since I've used it, I think it is a strong OS, very stable, very secure, but not very feature-rich compared to Windows, Linux/UNIX, or OS X.

Of course, that's the whole point isn't it? Most vulnerabilities result from the introduction of new features.

- carl

 

[Danny Mingledorff]

Look out folks! We got us another Serial Plonker on our hands! I bet
this Nutcase gets off every time it adds someone to it's kill-file.

Soon virtual killing won't be enough to sate the hunger of this Serial
Plonker. Serial Plonking, as we all know, is just the first step down
the road to becoming a Serial Killer.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei!"

Watch out for postings from Toucan-Son-of-Sam, the cereal killer...

....danny

 

[kurttrail]

Well, unlike the case I mentioned with the NFS Server and Apache,
Microsoft's decision to wait six months was apparently justified
since there was not a single reported instance of a malicious exploit
of the vulnerability.

Can't say the same with the IE Address bar spoof, MS waited to release
that patch in a IE rollup patch, even as more & more people were taken
in by phishers using it.

By the way, what exactly are we looking for here? Are we looking for
an Operating System that has no vulnerabilities?

A competive market.

What percentage of desktop computer users are under threat by any non-MS
OS vulnerablity? 5%! Not the potential 95% with MS OSs! Now say
there were 5 PCOS companies out there, and for the sake of argument
let's
say that they share the PCOS market equally, what percentage of users
are
potentially at risk by an exploit of any one given companies OS? That's
right! 20%. Not 95%. So which PCOS market would be a safer for the
general public, a market with one big fat-assed OS, or one with multiple
OS
where the risks are spread out over multiple targets?

It's just plain and simple common sense. Windows ubiquity on the PCOS
desktop, make the whole computer world in more danger the longer it is
allow to monopolize the PCOS market.

I guess I could
recommend CP/M. Although it's been years since I've used it, I think
it is a strong OS, very stable, very secure, but not very
feature-rich compared to Windows, Linux/UNIX, or OS X.

Of course, that's the whole point isn't it? Most vulnerabilities
result from the introduction of new features.

And one day, probably sometime soon, MS will be holding up a patch to
roll up in a bigger patch, and somebody will hit that vulnerability
before the patch is released. When that day comes, watch out! It is
not a matter of if, but when. So do we sit idly by, and pray that the
5% solution will protect us, or do we start to do something about the
fact the it is MS's desktop monoculture is a big part, maybe even the
biggest part of the problem of trying to protect the our virtual world?

Do we sit back and take our time, like the Bush administration did prior
to 911, or should we be more proactive about securing ourselves from the
computer terrorist, and try to lessen the effect of any one given
computer nasty by breaking up the giant target of the MS OS?

Using Common Sense, the answer is easy. MS's monopoly is not more
important to society as a whole, as protecting the general public from
the one big target that MS monoculture puts us all in.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei!"

 

[kurttrail]

http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=Microsoft+waits+patch+six+months


Kurt it is a very fine line between releasing critical patches that we
expect everyone to apply - and in corporate terms this can mean a
significant amount of man hours spent regression testing their entire
environment - in rapid succession, and rolling up a number of patches
into
one.

That's what service packs are for. Almost 2 years will have passed
between SP1 & SP2. Instead of adding a whole bunch of crap to SP2, you
all should be putting out the single patches as soon as possible, and
Service Packs every quarter. Then every two years put out a new
features in a Features Pack.

Fixing the critical holes should Priority One. Service Packs should be
Priority Two. Feature Changes & updates, shouldn't even be a priority
when compared to Patches and Service Packs, and should be pushed to the
side until Priority One & Two have been satisfied.

NEARLY TWO YEARS BETWEEN SERVICE PACKS IS JUST PLAIN NEGLIGENCE!

Also there was in a number of cases a significant amount of deep
investigation required to prepare a patch. This ensured that the
patch was
as comprehensive as possible for the vulnerability identified.

How many times has the RPC/DCOM been patched and repatched over the last
year? Obviously that wasn't as comprehensive as possible, but at least
MS fixed things with those patches, as the case arose. But there is
absolutely no excuse for waiting to patch a critical vulnerability, just
so you can you guys can seem to be putting out less patches, than the
previous year, by rolling it up with other patches! One day soon MS's
arrogance with it's customers computer safety is gonna bite ya'll in the
ass, and I will be there to say, "I told you so."

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei!"

 

[Steve Nielsen]

Vagabond Software wrote:

One thing I will say about Microsoft is that they are damned good at getting patches out ASAP!

No they did NOT! This vulnerability has existed unpatched since Win2K
was released. The vulnerability does not exist in Win2K3 Server and how
long ago was THAT OS released? Why doesn't Win2K3 server have the
vulnerability? Win2K server does. Do you think M$ fixed it "by accident"
in Win2K3? The patch was issued less than three weeks ago. You do the math.

Steve

 

[Vagabond Software]

A competive market.

What percentage of desktop computer users are under threat by any non-MS
OS vulnerablity? 5%! Not the potential 95% with MS OSs! Now say
there were 5 PCOS companies out there, and for the sake of argument
let's
say that they share the PCOS market equally, what percentage of users
are
potentially at risk by an exploit of any one given companies OS? That's
right! 20%. Not 95%. So which PCOS market would be a safer for the
general public, a market with one big fat-assed OS, or one with multiple
OS
where the risks are spread out over multiple targets?

It's just plain and simple common sense. Windows ubiquity on the PCOS
desktop, make the whole computer world in more danger the longer it is
allow to monopolize the PCOS market.

Ok, let's use some common sense. How is Microsoft monopolizing the market? As far as I can tell, the most prohibitive force in the non-microsoft OS market are the OS producers themselves.

Who is stopping me from buying OS X and installing it on my computer? Apple.

Who stopped Compaq and Zeos from shipping their clone computers with OS/2 Warp installed? IBM. This is the most amusing part of all this. IBM is in the strongest position for a consolidation of Linux. If and when that were to ever occur, do you think IBM will sell you or I a Linux OS at ANY price without having to buy their hardware as well? I think not.

If the Computing/OS industry is a David and Goliath battle, Bill Gates is David and IBM, Novell, Apple, and Sun Microsystems are the Goliath that want to rule and oppress the little home user as they enjoyed doing in the past.

Indeed, if Microsoft were wiped out tomorrow, we'd all be chained to clearly identifiable LEASED net appliances connecting to large servers running LEASED operating systems just as it was in the days of old when IBM, Novell, and Sun ruled with arrogance and disdain.

- carl

 

[Ian Merrithew]

Ok, let's use some common sense. How is Microsoft monopolizing the
market?

Microsoft is a convicted monopolist under US anti-trust law. That a
definitive enough authority for you?

If and when that
were to ever occur, do you think IBM will sell you or I a Linux OS at ANY
price without having to buy their hardware as well? I think not.

Ever read the GPL? Know the first thing about Linux? That statement
suggests "No" to both.

 

[Vagabond Software]

Ever read the GPL? Know the first thing about Linux? That statement
suggests "No" to both.

Really? It must only be folks like you that have access to the part of IBM's website where you can buy the IBM version of the Linux OS and install it on your own hardware because I can't find it for the life of me.

Oh yes, the beloved GPL. So, we'll all be able to download our favorite boutique distribution. That does absolutely nothing to address anything mentioned in this thread, as is clearly evidenced by the current reality. For example, everyone can download their favorite boutique Linux distribution now, but so few do... I wonder why? Perhaps the same relatively ignorant users that are getting jacked by a vulnerability that was patched weeks ago wouldn't fair well trying to compile the driver for the 3C920 network adapter in their laptop. Perhaps these same users would foolishly forget to go back in and disable the anonymous FTP server that some distributions install by default.

What a bitter choice! Waste my life dinking around with boutique distributions that are no more stable or secure than the OS I'm using now or sell my soul to devils at IBM, Novell, or Sun? No thanks.

- carl

 

[Joh N.]

Vagabond Software, after spending 3 minutes figuring out which end of the pen to

Really? It must only be folks like you that have access to the part of IBM's
website where you can buy the IBM version of the Linux OS and install it on
your own hardware because I can't find it for the life of me.

Oh yes, the beloved GPL. So, we'll all be able to download our favorite
boutique distribution. That does absolutely nothing to address anything
mentioned in this thread, as is clearly evidenced by the current reality. For
example, everyone can download their favorite boutique Linux distribution now,
but so few do... I wonder why? Perhaps the same relatively ignorant users
that are getting jacked by a vulnerability that was patched weeks ago wouldn't
fair well trying to compile the driver for the 3C920 network adapter in their
laptop. Perhaps these same users would foolishly forget to go back in and
disable the anonymous FTP server that some distributions install by default.

What a bitter choice! Waste my life dinking around with boutique
distributions that are no more stable or secure than the OS I'm using now or
sell my soul to devils at IBM, Novell, or Sun? No thanks.

- carl

With absolutely no citing whatsoever, you've nailed it all on the head...in
your own opinion (which is also not worth a skunk turd). Because of this, I'm
sure you'll be voted into the MVP herd soon!

Joh N.

 

[kurttrail]

Really? It must only be folks like you that have access to the part
of IBM's website where you can buy the IBM version of the Linux OS
and install it on your own hardware because I can't find it for the
life of me.

Oh yes, the beloved GPL. So, we'll all be able to download our
favorite boutique distribution. That does absolutely nothing to
address anything mentioned in this thread, as is clearly evidenced by
the current reality. For example, everyone can download their
favorite boutique Linux distribution now, but so few do... I wonder
why? Perhaps the same relatively ignorant users that are getting
jacked by a vulnerability that was patched weeks ago wouldn't fair
well trying to compile the driver for the 3C920 network adapter in
their laptop. Perhaps these same users would foolishly forget to go
back in and disable the anonymous FTP server that some distributions
install by default.

What a bitter choice! Waste my life dinking around with boutique
distributions that are no more stable or secure than the OS I'm using
now or sell my soul to devils at IBM, Novell, or Sun? No thanks.

- carl

Diversity in a market is good for consumers, both as a means to keep prices
low, as a way to keep that market secure for the benefit of the general
public as a whole. Pure and simple capitalism. If some business
catastrophy happens to one computer, with a diverse market, the other
companies will quickly pick up the void left by that company. With a Global
economy and as inconnected as the internet joins our virtual and commercial
worlds, it is a matter of GLOBAL security interests to move as quickly as
possible to plug the MicroMonoculture vulnerability for the sake of the
Global economy, and for every individual living on this planet.

Don't let Gates & Co. fiddle around with you until Rome burns. Speak out.
It is only a matter of time until a Windows vulnerability gets hit before a
patched is released. And even the 5% not using a MS OS won't be safe if
that happens, because they won't be able to communicate with each other as
the Net will be DDoSed by all the Windows Computer trying to infect each
other. The time to act was yesterday, and our virtual 911 maybe just around
the corner. Act Now, before it is too late.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei!"

 

[Don Burnette]

To a moron like you, you see scum. In Reality, I only change the
last 3 letters of Microsoft. That way I got to CUM on MS name with
me domain.

That's allright Don, no one expects you to be bright enough to figure
it out, as one sees only what one is! You see scum, you are scum.

Only scum I see is you.
What a pathetic immoral moron.
Steal anything lately??????

 

[Don Burnette]

LOL! I love how in your recent posts you lay bare what you
subconsciously think about yourself.

Umm, yeah, right.
Like I said, get a room.
That nonsense doesn't need to be displayed in these forums.
Speaking of these forums Mr./Mrs anti-MS, why are you even here? Switch to
Linux and go to their forums, maybe you'll get others to make you feel all
warm and fuzzy.

 

[Don Burnette]

He reminds me of a guy that frequented another forum on another server back
in 99. He kept preaching how the change of the millenium was going to cause
great havoc everywhere, he was even stockpiling food and supplies in some
sort of cellar. Everyone pretty much laughed at him. And of course, when the
millenium change came and went, he dissappeared. Heck , for all I know,
he/she could be one and the same.

Cottontail is not only paranoid, I believe he/she borders on mental
disorders.
It would appear, his only fullfilment in life, is to peruse these newsgorups
for any opportunity to promote his scumbag agenda, and try to recruit others
to do the same.

Good example of children left unsupervised. Probably thinks the world owes
him as well.
Our taxpayers money probably already goes to support him/her, while he sits
around looking for any and every opporunity to type his childish words.

Don Burnette

Kurt should enter a foot race for the paranoid, it runs deep
in his line.



"kurttrail" <[email protected]>
wrote in message

kurttrail wrote:
Mike Brannigan [MSFT] wrote:

why microsoft started it of course. bugs in the code ,ya know.

-----

Bugs that were fixed weeks before the Sasser worm was released.
If you had applied the critical update when it was released ( as
well as operated good PC protection practices ) you would never
have been effected. The vast majority of worm and virus writers
wait for the parch to an issue being released where we detail that
issue - they then code an exploit and reply on people not having
applied an already available fix.

Windows Update
http://windowsupdate.microsoft.com


And if your company wasn't a monopoly, and there was actually
competition in the Desktop PC OS market, Sasser & all the rest
would hardly do anything. There are Mac nasties & Linux nasties,
but the have hardly any affect on the world as a whole.

There are the people that had problems with MS patch slowing down
their computers, Windows Update working really flakey right after
the patched was released.

Your company's predatory business practices, and decades of
ignoring security in coding, plus the problems people have had
with both the patch and Windows Update, add it all together, and
your company is at least as culpable as the Sasser scumbags.

Your company is NOT the victim here. We the People are!


Hardly.
Free society, and democracy.

You forgot Capitalism.

There certainly are other choices

besides Windows, and nothing stopping a company from developing
another OS.

Their bottom line. Because MS ownes 95% of the desktops in the
world, what commercial entity is gonna make a business decision to
support so few? That's just one way that MS's monopoly stifles
innovation by other companies.

No problems with patches here.

Of course you only think about yourself and your miserable life.
F*ck everybody else.

No problems with updates

Well, you don't realy help anybody around here, so you probably
wouldn't have noticed all the questions about Windows Update
problems recently, especially around the time this round of patches
was released.

Poor victim, guess you think the world owes you everything don't
you?

And that's show how you see this, it's all about you against me,
don't worry about other people! Go back and look at my post, I was
talking about me, I was talking about the problems of others.

Get a life.

Why would I need two? And please don't think I would want yours!
If a had your life, I'd see Dr. Kevorkian, to put me out of your
misery.

Get a job.

Got one, and I turn down jobs just about every week.

Try and make a difference.

Not only do I try, but I do. I try to help educate my fellow human
being, every single day.

Knowledge is Power!

Your words, only show more each day how nutty and obsessed you
really are.

I bet you were looking at your reflection in your monitor when you
wrote that.

http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=windows+monoculture+ubiquity

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei!"

 

[Don Burnette]

You only attack me because you are jealous. You are a true-believer!
Buy everything you are told, by Bush and Microsoft. And anybody that
thinks for themselves is your enemy, because you envy their courage
to stand up for their own beliefs, where you can only stand up for
what you have been told to think!

Too bad your jealousy and blind devotion prevents you from arguing
against my opinions, so the only weapon you have are lame putdowns
that an elementary school kid would be too embarrassed to use!

LOL, your the king of lame putdowns, you and your little buddy Jon. That's
all you know how to do.
Talk about calling the kettle black.
I seriously doubt, you are even beyond the 9th grade at best.
How you derived jealousy out of that post, is beyond comprehension. But
then, so are you .

Your mom really needs to see to it you turn off your toy and go to bed
sooner LOL.

 

[Don Burnette]

He/she won't. Believes the world owes him. Very typical for that type.
I guarantee you, he/she , whatever, sits on his butt all evening, doing
nothing construction whatsoever, probalby never held a steady job, and most
likely a very mentally imbalanced individual.
Of course, now that school is about out, this adolescent I am sure will now
be doing this 24 hours a day.

People like this one are a dime a dozen, and easily recongnizable.


Don Burnette.

 

[Don Burnette]

Why are you so uncaring about that problems of others? Do you really
feel that insecure in yourself that that is the only person you care
about?

What problem???
I should be uncaring about people that got robbed because they did not
bother to lock their house at night?
I care more, about the price we have to pay for our software, because of
piracy advocates like you.
Go rob a store.