Microsoft’s quick response to network worms….



This is an ironic title because frankly, Microsoft has seemed to be slow in solutions for the recent zotob worm. Of course, they announced the vulnerability and accompanying update to solve the issue to begin with, but after the virus started propagating what do we see from Microsoft? They have a page titled What you should know about Zotob



Their main page has a big add for a free trial of Office, another big add encouraging you to upgrade your server, an even bigger add highlighting different music players and a thin line at the bottom in relatively small print and plain text (smaller by far than the ads) titled What You Need to Know About the Zotob.A Worm. As of this writing it is rated as a low threat (although it allows for remote control of a pc?) and they have only listed variants A-C while most virus vendors are already talking about .D .E and .F (and now .G)

Their malicous software removal tool has not seen an update in over a week and a half, so they offer no automated removal tool. (August 9 was the update along with their security fixes for the month.) They do give manual instructions for the A-C variatns in their malicious software database. The fact is though that they are lagging behind the antivirus vendors in providing solutions.

A little over a year ago, Microsoft bought an antivirus company (a GOOD antivirus company.) I used one of their products on a linux mail server I administer. They promptly killed off the linux server flavors and when the subscription for updates expired so did my use of the product. Given that they are the single most dominant software company in the world isn’t it funny that they can’t seem to get a removal tool out the door quicker than x y and z antivirus company?

Beyond that it boggles my mind WHY plug and play which is focused on LOCAL hardware detection had to have a network capable call.

Now this current worm isn’t as widespread as it might seem. (When the media is affected that magnifies the seeming impact.) But, about half of business workstations run Windows 2000 still. I’m just wondering if and when Microsoft really will get serious about security.

Now, I know they’ve said they have refocused on security but I’ll ask a few things. How is it that vulnerabilities can be held and released one Tuesday a month. My perspective is, if you know about a bug that could let someone remotely exploit a system you get the announcement and fix out as soon as possible. One of these days a virus is going to beat Microsoft to the punch and the consequences are going to be pretty rough. Now in all fairness Windows 2000 was probably in design stages in 1997 so there are some fundamental architecture issues that perhaps cannot be significantly solved. Microsoft at some point should bite the bullet on compatibility and venture to redesign/rethink the system from a security standpoint. Their incremental changes are maintaining compatibility, but at the expense of a spaghetti of vulnerabilities hidden in absurd thoughts (pnp receiving data from the network.)

The fact that a security patch on one thing can affect several other pieces of software is a fact of life. Microsoft needs to approach the concept of patches differently. Maybe design a patch so that it can be easily rolled back, or that a vulnerable unpatched service can be run “in a sandbox” that can’t escape to the rest of the system.

Over at the security fix, Brian talks about the recent worm event and points out among other things that we’ll have this one with us a while. (We still have many of the old worms still active online.) Among other things he reminds us it was 5 months after the blaster worm that Microsoft offered a removal tool. (There’s snappy service for you….) He also points out that there have been times that Microsoft has put some of it’s cash to use and offered rewards for the arrest of Virus writers. This is something that they should seriously revisit as it seemed to pay off. The only problem is they only stepped up with money when a virus was an extreme embarrasment.

I think this last point is a sign that they’re still not serious about dealing with the security problem that they’ve brought us to. They need to PROMINENTLY display information about vulnerabilities on their main corporate page and use their power to accomplish something significant in the war against worms and viruses.

Until then I don’t foresee leaving linux as a desktop platform because it puts more of the security of it in my hands and not up to the whims of the manufacturer… I run as a user not as an administrator, this mitigates a lot of threats. If there is a server that’s particularly exploitable it can be run in a chroot’ed environment. I have more control over what services run and what services do not. In Windows there are sometimes peculiar connections between various services.

There is an age old debate about “if Linux had 90% market share it would have just as many worms…” I don’t think that if 90% of the market were running Linux (or a combination of Linux and Mac which is really a BSD based cousin), that we would see these kinds of outbreaks. The main reason is because there are so many different varieties of linux, there is an entirely different security model. (Componentized) Additionaly there are many different implementations of various software that could be vulnerable.

This article gives a good overview of where the writer stands in that age old debate. Among other things he points out that more linux machines make up the backbone of the internet than windows machines which would seem to counter the “if there were as many linux machines” claim. I would think network backbone machines would make a more interesting target than Mom’s desktop PC. It’s an interesting read and worthwhile if you’re thinking about a switch (even if you’re not).

Related Posts

Blog Traffic Exchange Related Posts
  • Antivirus Removal Tool List Update Just a quick note that I've updated the Antivirus Removal Tool list to include VIRUS removal tools. (I originally intended the list to be those utilities to clean up a system so that it could deal with a fresh install of an antivirus product. (Can't count how many times I've......
  • Facebook Fan Check Application Virus Just as last week, the facebook fan check application virus rumor is making the rounds again. And also just as last week people searching for information on the facebook fan check virus are running into some of the top search results hosting malware. There were several attack sites up last......
  • How to Remove APCDefender | How to Remove SysProtector | How to Remove InSysSecure | How to Remove SysDefenders It looks like we've been awash in variants of the wini family lately so I'm combining three of the latest rogue antivirus applications in that family into one post. This post will talk about removing APCDefender, removing Sysprotector and Removing InSysSecure and removing SysDefenders. Some of the same steps would......
Blog Traffic Exchange Related Websites
  • Microsoft ships Windows 7 SP1 and Windows Server 2008 R2 SP1 Microsoft has released the Service Pack 1 (SP1) update for Windows 7 and Windows Server 2008 R2. The update is available via the Microsoft's Update Center or Windows Update. The service pack releases add to the performance improvements and security enhancements to the existing versions of corresponding operating systems. Below......
  • Most Popular and Useful Security Apps for a Smart Phone The following is a post from staff writer Crystal at Budgeting in the Fun Stuff, where she writes about finding the balance between paying your bills, saving for your future, and budgeting in the fun stuff along the way. Buying a smart phone is a major investment because you spend......
  • Review of Windows Live Writer When you find a tool that makes life easier, there is nothing more exciting. The need for corporations to simplify and systematize their processes has to do with working smart and taking advantage of things that allow workers to reach their goals without having to work quite as hard. One......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

One Response to “Microsoft’s quick response to network worms….”

  1. Avery J. Parker - Web site hosting and computer service Says:


    [...] In an earlier post today, I talked about the places that they have dropped the ball in responding to this. Yes, they patched it, very good, but there are still some fundamental problems with Microsoft’s approach to security. I looked at the Microsoft blogs, the most precient entry I could find was a “look inside the situation room” which basically started out along the lines that “when there is a situation affecting customers we bring the right people into the room” (paraphrased…). It’s disappointing to see better coverage of a worm affecting Microsoft Windows coming from sources OUTSIDE Microsoft. After all, Microsoft knows their code better than anyone (hopefully) and should be in the best position to analyze what’s happening and INFORM in an attempt to keep their customers armed with the information they need. [...]


Switch to our mobile site