T
Testy
You obviously do not have a clue about what you are doing.
Testy
Testy
Mike Terenni said:
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
Trustworthy Computing inaction... Oops, of course I mean "in action"
P
purplehaz
Ok, I just found that out, but doesn't a firewall block it, while you getMike Terenni said:x-no-archive: yes
purplehaz said:Well first you can't get the virus by just turning on your computer.
It gets transmitted on kazza file sharing servers. So if you're out
of town for three weeks, when you get home, before firing up kazza to
steal copyrighted material you should goto windows update and install
the updates. Windows update should be done once a week or at least
once every two weeks. That's just a fact of computing(with any os,
even linux and macs need patches). So if your gone for that long,
when you get back before you start downloading, surfing, or checking
email, goto windows update, get patched, and you're all set.
So, yes it would be your fault in the situation you describe.
What was your argument again? (Cari was right on)
I just tried to get to Windows Update, and I *can't*. This worm commits
a DoS attack against the WU servers, plus everyone else in the world is
trying to get this "patch that shouldn't be necessary". So, if I can't
access WU, I should just hang out and not use my system until I can?
But actually, you lost all credibility when you said "[Y]ou can't get
the virus by just turning on your computer. It gets transmitted on
kazza file sharing servers." What actually happens with the
vulnerability in question is that a malformed RPC message is sent to the
target machine. It has nothing to do with Kazaa. It *does* happen just
by being online.
the patches? *Everyone* should have a firewall.
The patch has been out for a month, if you haven't been to windows update in
over a month, that is not smart computing. Windows update should be done
once a week or at least once every 2 weeks. You should have the patch by
now. If you were on another planet for the last month, then in this rare
situation the smartest thing to do would be to disconnect the internet for a
day or so and then get the patches when windows update is working correctly.
M
Mike Terenni
x-no-archive: yes
A firewall is like a sidearm. You have it "just in case", but you damn
sure shouldn't NEED to have it.
If your life and limb depends on you flashing a gun, why is that?
Because predatory criminals would otherwise do harm to you. Blame the
criminals.
If your entire computing security relies on your firewall, why is that?
Because the product is flawed. Blame the manufacturer.
Or do you blame mugging victims for not packing heat?
A firewall is like a sidearm. You have it "just in case", but you damn
sure shouldn't NEED to have it.
If your life and limb depends on you flashing a gun, why is that?
Because predatory criminals would otherwise do harm to you. Blame the
criminals.
If your entire computing security relies on your firewall, why is that?
Because the product is flawed. Blame the manufacturer.
Or do you blame mugging victims for not packing heat?
E
EGMcCann
It's not "Did you know they had an update?" If MS buried the update
somewhere, never told anyone, made it hard to find, I'd be agreeing with
you.
BUT - they have Windows Update. Easy to get to from the start menu. If THAT
set of three clicks of the mouse is too confusing, Windows Update *downloads
them itself* and tells you they're ready to install, so you have to..
*gasp*... double click.
Don't even have to worry about if your copy of XP is 32 or 64 bit.
Would you prefer Microsoft send somebody out to each and every registered
user to double click the icon FOR them? You've had trouble with them. Follow
the instructions? Strange how I probably have the *EXACT SAME* ones and have
had no problems.
If someone doesn't install a patch WITH A BIG FRINGGING FLAG ON IT SAYING
"READY TO INSTALL" then yes, I say it's the user's fault.
--
If you have to ask if your copy of XP is 32 or 64 bit, it's 32.
Getting Messenger popups? Turn on your firewall!
Patch from Microsoft:
http://tinyurl.com/h84v
More info from MS:
www.microsoft.com/security/incident/blast.asp
(Stolen with pride from Gary Thorn... thanks!)
somewhere, never told anyone, made it hard to find, I'd be agreeing with
you.
BUT - they have Windows Update. Easy to get to from the start menu. If THAT
set of three clicks of the mouse is too confusing, Windows Update *downloads
them itself* and tells you they're ready to install, so you have to..
*gasp*... double click.
Don't even have to worry about if your copy of XP is 32 or 64 bit.
Would you prefer Microsoft send somebody out to each and every registered
user to double click the icon FOR them? You've had trouble with them. Follow
the instructions? Strange how I probably have the *EXACT SAME* ones and have
had no problems.
If someone doesn't install a patch WITH A BIG FRINGGING FLAG ON IT SAYING
"READY TO INSTALL" then yes, I say it's the user's fault.
--
If you have to ask if your copy of XP is 32 or 64 bit, it's 32.
Getting Messenger popups? Turn on your firewall!
Patch from Microsoft:
http://tinyurl.com/h84v
More info from MS:
www.microsoft.com/security/incident/blast.asp
(Stolen with pride from Gary Thorn... thanks!)
E
EGMcCann
Mike Terenni said:x-no-archive: yes
I see nothing wrong with the "Trustworthy Computing" banner. Doesn't it
just mean "You can trust it to be insecure"?
Go look up the definition of "trustworthy computing." It's exactly the
opposite of what most would expect, yet in some ways it makes sense.
Yes, I think it should be called something else. Yet even the
"trusted/trusting" domains work the same way.
--
If you have to ask if your copy of XP is 32 or 64 bit, it's 32.
Getting Messenger popups? Turn on your firewall!
Patch from Microsoft:
http://tinyurl.com/h84v
More info from MS:
www.microsoft.com/security/incident/blast.asp
(Stolen with pride from Gary Thorn... thanks!)
E
EGMcCann
Mike Terenni said:x-no-archive: yes
What about right now? What if I needed to get the patch now? What if I
don't like Automatic Updates? I can't even access Windows Update right
now. The malware in question is committing a DoS attack against the
Windows Update servers.
Weak excuse.
1. Get a firewall.
2. OTHER SITES with the patch have been listed AT LEAST all day today.
3. Quit making weak excuses.
--
If you have to ask if your copy of XP is 32 or 64 bit, it's 32.
Getting Messenger popups? Turn on your firewall!
Patch from Microsoft:
http://tinyurl.com/h84v
More info from MS:
www.microsoft.com/security/incident/blast.asp
(Stolen with pride from Gary Thorn... thanks!)
E
EGMcCann
You can get it by just turning on your computer and connecting to the
internet, and stay connected for 25 minutes.
http://tech.msn.com/ip/msnart1000.asp
So where's your firewall?
--
If you have to ask if your copy of XP is 32 or 64 bit, it's 32.
Getting Messenger popups? Turn on your firewall!
Patch from Microsoft:
http://tinyurl.com/h84v
More info from MS:
www.microsoft.com/security/incident/blast.asp
(Stolen with pride from Gary Thorn... thanks!)
K
kurttrail
purplehaz said:Ok, thanks for the info Kurt. But doesn't a firewall, which everyone
should have, keep you safe while you get the updates?
Nope.
"Most software firewalls wouldn't have protected most people that use
FrontPage! I use both hardware & software firewalls, and locked down
the RPC ports in both. Early this morning, I started up FrontPage, and
Norton Internet Security gave me a message telling me it block an
application from listening to ports that I blocked manually to stop any
RPC funny business! If I hadn't made my own firewall rule, Norton
Auto-Config of programs would have let FrontPage listen until it heard
from BLASTER. And I'm sure there are a few other programs that do the
same thing."
"And NIS is a hell of a lot better than Window inbound-only firewall,"
and lets any outbound request to listen to ports from programs already
installed on you machine.
I'm quoting myself! ;-)
--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.kurttrail.com
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei!"
K
kurttrail
Testy said:Anyone who does not use a firewall regardless of their OS is just
plain stupid. Apparently you are.
Most software firewalls wouldn't have protected most people that use
FrontPage! I use both hardware & software firewalls, and locked down
the RPC ports in both. Early this morning, I started up FrontPage, and
Norton Internet Security gave me a message telling me it block an
application from listening to ports that I blocked manually to stop any
RPC funny business! If I hadn't made my own firewall rule, Norton
Auto-Config of programs would have let FrontPage listen until it heard
from BLASTER. And I'm sure there are a few other programs that do the
same thing.
And NIS is a hell of a lot better than Window inbound-only firewall,
which lets any outbound request to listen to ports from programs already
installed on you machine.
--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.kurttrail.com
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei!"
M
Mike Terenni
x-no-archive: yes
I didn't contradict myself. Whether that mugger has a *nix T-shirt or a
Solaris T-shirt or a Windoze T-shirt on, he's still a scumbag. I need a
sidearm to protect against them, but scumbags shouldn't exist in the
first place.
Whenever people successfully hacked *nix, or Linux, or Solaris, guess
what? Those products were at fault, too. Did I say any of them were
perfect? No, it's just that the typical Microsoft fanboy falls back on
that argument--"Sure, Windoze has flaws, but the other ones do, too!"
Too bad they don't have anywhere near AS MANY flaws. Or do all
operating systems have two critical updates per week?
EGMcCann said:You contradict YOURSELF. Why does your security require a firewall?
Because - oh, wait, there are people out there who WANT TO BREAK IN
TO YOUR SYSTEM. They broke into *nix systems before Windows was
around. They break into Linux systems. They break into Sun Solaris
systems. They break into HP-UX systems. They break into systems
running IIS, Apache, Telnet software, FTP servers.
Gee, we should just sue the entire software industry, shouldn't we!
Yeah, users shouldn't have to patch ANY of those systems either! All
software should be held until its perfect!
Guess what, genius. NO software is perfect. (I know, you typed up
"Hello world" and it didn't crash, right? Or was that put off while
you were on a desert island for the last year and couldn't update
yoru system?)
I didn't contradict myself. Whether that mugger has a *nix T-shirt or a
Solaris T-shirt or a Windoze T-shirt on, he's still a scumbag. I need a
sidearm to protect against them, but scumbags shouldn't exist in the
first place.
Whenever people successfully hacked *nix, or Linux, or Solaris, guess
what? Those products were at fault, too. Did I say any of them were
perfect? No, it's just that the typical Microsoft fanboy falls back on
that argument--"Sure, Windoze has flaws, but the other ones do, too!"
Too bad they don't have anywhere near AS MANY flaws. Or do all
operating systems have two critical updates per week?
M
Mike Terenni
x-no-archive: yes
What a well-reasoned argument you have there! Sure put me in my place!
What a well-reasoned argument you have there! Sure put me in my place!
Testy said:You obviously do not have a clue about what you are doing.
Testy
Mike Terenni said:I just tried to get to Windows Update, and I *can't*. This worm
commits a DoS attack against the WU servers, plus everyone else in
the world is trying to get this "patch that shouldn't be necessary".
So, if I can't access WU, I should just hang out and not use my
system until I can?
But actually, you lost all credibility when you said "[Y]ou can't get
the virus by just turning on your computer. It gets transmitted on
kazza file sharing servers." What actually happens with the
vulnerability in question is that a malformed RPC message is sent to
the target machine. It has nothing to do with Kazaa. It *does*
happen just by being online.
K
kurttrail
GSV said:I bet that's about 0.1% of the sufferers, most of whom don't even know
what Frontpage is, much less have it running on their system
And do you think that FrontPage is the only program that listens to
otherwise stealthed or closed ports?
But apparently still rather shoddy. 8>.
No, I know how to use it to protect my computer with it, but most people
can't organize their Start Menus, let alone know how to properly use a
firewall.
--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.kurttrail.com
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei!"
E
EGMcCann
Mike Terenni said:x-no-archive: yes
I didn't contradict myself. Whether that mugger has a *nix T-shirt or a
Solaris T-shirt or a Windoze T-shirt on, he's still a scumbag. I need a
sidearm to protect against them, but scumbags shouldn't exist in the
first place.
Whenever people successfully hacked *nix, or Linux, or Solaris, guess
what? Those products were at fault, too. Did I say any of them were
perfect? No, it's just that the typical Microsoft fanboy falls back on
that argument--"Sure, Windoze has flaws, but the other ones do, too!"
Too bad they don't have anywhere near AS MANY flaws. Or do all
operating systems have two critical updates per week?
You DID contradict yourself.
Your first example, boiled down - "I carry a gun because I'm threatened by
others."
Your second example, boiled down - "I didn't run the patch or a firewall to
protect myself, so now I'm threatened by others."
The first is preventative. The second is trying to shift blame for not
taking precautions. And you're falling back on the *same* argument you say
the "fanboy" (gee, must be why I'm getting the money together for a Mac,
huh) uses.
You're right, "scumbags" shouldn't exist in the first place. But in this
case, they're the hackers and virus/trojan/worm writers, NOT Microsoft. It
doesn't matter WHAT system someone's using, Linux, Windows, Mac - If
1. There's a patch available to fix the vulnerability,
2. The patch is made easily accessible and easy to apply,
3. The user ignores the patch, even if it's HANDED to the user, and
4. The user's systsem is hacked because of the very vulnerability the patch
HANDED to them wasn't patched,
then yes, it is the user's fault.
Had this happened even just *three* months ago, WITHOUT the patch, I'd be
saying it's Microsoft's fault, no questions asked.And probably have a link
to Zonealarm in my .sig as well.
--
If you have to ask if your copy of XP is 32 or 64 bit, it's 32.
Getting Messenger popups? Turn on your firewall!
Patch from Microsoft:
http://tinyurl.com/h84v
More info from MS:
www.microsoft.com/security/incident/blast.asp
(Stolen with pride from Gary Thorn... thanks!)
K
Kevin Davis³
x-no-archive: yes
I just tried to get to Windows Update, and I *can't*. This worm commits
a DoS attack against the WU servers, plus everyone else in the world is
trying to get this "patch that shouldn't be necessary". So, if I can't
access WU, I should just hang out and not use my system until I can?
Well, duh - turn on the firewall. Use your computer normally.
Install the patch when you can connect to MS's server. Problem solved
with a *little* bit of thought..
But actually, you lost all credibility when you said "[Y]ou can't get
the virus by just turning on your computer. It gets transmitted on
kazza file sharing servers." What actually happens with the
vulnerability in question is that a malformed RPC message is sent to the
target machine. It has nothing to do with Kazaa. It *does* happen just
by being online.
But not if you have a firewall on, which if you had any brains you
would.
K
Kevin Davis³
x-no-archive: yes
So, what if ZoneAlarm crashes on me? What if it was accidentally
misconfigured? What if I was running DMZ and forgot? What if some
malware disabled my firewall?
What if some frickin' meteor landed on your house and smashed you?
Quit coming up with lame excuses. If ZoneAlarm crashes on you,
restart your system and scream at ZoneLabs for their crappy software.
If the firewall was "accidentally" misconfigured or whatever - that is
YOUR fault.
K
Kevin Davis³
x-no-archive: yes
A firewall is like a sidearm. You have it "just in case", but you damn
sure shouldn't NEED to have it.
You clearly don't know what you're talking about. Does Linux OS's
have a firewall included in the OS? They had it built in before
Windows. Ask virtually any Linux user if they use the firewall. They
will probably look at you like you are crazy because that's about the
first thing they setup when they install the operating system.
K
Kevin Davis³
x-no-archive: yes
When did I say that I did not use a firewall? I didn't say that at all.
So, with the apparent lack of reading comprehension, what was that ad
hominen statement again? By the way, a user who doesn't know any better
where firewalls are concerned is "ignorant", not "stupid". Buy a
dictionary.
I have a hardware firewall and software firewalls in place, and I
installed the patch when it came out. I have not been hit by the latest
vulnerability.
My point here isn't that "woe is me, damn Microsoft for making me
miserable", but rather that the hapless user--of which there are a great
many--is NOT 100% to blame for the ills they suffer. Microsoft is NOT
100% off the hook.
I don't think many people here are suggesting that MS is 100% off the
hook. However I do think that quite a few (myself included) feel that
most (this means > 50%, but not 99%) of the blame is on the end user
because of the following:
1. MS had a patch available a month before the outbreak (no lame
excuses about not installing the patch because it would hose up your
system. After a couple of weeks you'd have heard about it and you
didn't hear anything wrong about this patch, so it should have been
installed)
2. MS provides the user several levels of implementing the patch from
fully automatic to manual.
3. Any reasonably knowledgable person should be running a firewall of
some sort (if not also some kind of NAT router) which also would
protect them.
K
Kevin Davis³
And do you think that FrontPage is the only program that listens to
otherwise stealthed or closed ports?
Which other applications would be susceptable to this worm with a
firewall on?
K
kurttrail
Kevin said:Which other applications would be susceptable to this worm with a
firewall on?
Probably any MS Office app that can publish HTML docs to the web.
http://www.microsoft.com/com/tech/DCOM.asp
http://www.microsoft.com/com/wpaper/dcomfw.asp
http://www.microsoft.com/ntserver/techresources/appserv/COM/DCOM/1_Introduction.asp
--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.kurttrail.com
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei!"
D
Don Burnette
So you don't lock the door to your house at night either?
Being open to attacks online, is akin to leaving your house unlocked.
Especially for folks with broadband. IF their not running a firewall or
behind a nat router, than they are wide open.
Now tell me , how is that MS fault??
Don Burnette
Being open to attacks online, is akin to leaving your house unlocked.
Especially for folks with broadband. IF their not running a firewall or
behind a nat router, than they are wide open.
Now tell me , how is that MS fault??
Don Burnette