Page 2 - Viruses, Microsoft and *nix

>>Its those systems that the coders can exploit and use in DOS and other attacks.

A denial of service attack is not OS specific. Any OS can be a target or attacker. In the most lethal form it is mainly routers that are used to perform a DDDOS.

>>Microsoft's patching history is HORRID.

They can't even patch their own servers. What hope do we mere mortals have?

>>they just can't be exploited as easily most of the time.

Code on EXACTLY how to exploit *NIX is not posted on every skript kiddies web page by radbid MS haters within minutes of the exploit being reported. Remember Blaster was for a reported exploit for which there was already a patch.
The reason the exploits are made public is however MS's fault. Years ago MS refused to fix a critical flaw. When the flaw was published MS was forced to fix the problem.

>>The argument that it's exploited because it's popular just doesn't have any solid ground to stand on, really

In a way it does.

These idiots are trying for the Warhol Virus (one that infects the 'net in 15mins).

If you were going to write a comercial desktop app for sale but can only do so for one OS. Are you going to write it for *NIX or MAC or for the OS running on 90% of your customers PC's? Its about maximising your target audience.....

>>There really isn't much of anything that can be done about home users opening infections unless we can get them to stop doing it

Well before the OS allows you to send similar mail to everybody in your list WITH an attachment, it could confirm with a messagebox. Not exactly hard to do.

Some of this stuff MS just does not want to fix. It motivates you to continue buying the new OS's (at 70%+ profit to MS)

>>On most of my XP and 2k networks users can't install anything, or change anything.

But this does not stop worms like Blaster. They can easily get admin access.

I wasn't trying to stop viruses, just protect users from themselves - Installing stupid screensavers, spyware, and other programs that cause problems.

For viruses I rely on firewalls, antivirus, etc. Sonicwall makes a nice firewall product that lets you disable any type of email attachment at the firewall just by specifying the extension - .pif, .exe, etc.

Not only that, Blaster got admin rights as incidental side effect of dumping a service running as admin. I highly doubt it actively sought to escalate privileges.

I work in a business now that either owns or services a great number of Kiosks in this area and most run off of Win2kpro with a Kiosk program on top of that, but when I first started here the boxes were not locked down.

Even though the software was not "supposed" to allow people do download things, AIM, CASINO.net, and a few other programs that used explolits in MSIE caused some major headaches. The Kiosk software on several of these terminals had to run in FAT32 and would not function under NTFS meaning that locking down those boxes was impossible.

And even on the ones that require an administrator's password, there are still some apps that some how manage to bypass that and install themselves anyway.

Recently we switched to a Linux based OS that was designed for digital signage and Kiosk usage and the two test boxes have been running for 13 days and 23 days without a single reboot and no problems with downloads. Even if they would download stuff, its not going to work. We will be switching all of the Kiosks we own around here to the Linux based system over the next 6 months and all future kiosks will be running the Linux OS.

As IT director, it makes my job a lot easier since if it breaks, I have to stop whatever I am doing, go out and fix the damn thing. When the Blaster Virus came along, two of our 14 kiosk got struck by it so we had to go out, swap hardrives, format and ghost the infected drives. In the future when that *#$&# comes along, I won't have to worry as much, just fix the boxes we have service contracts with.

>>When the Blaster Virus came along, two of our 14 kiosk got struck by it so we had to go out, swap hardrives, format and ghost the infected drives.

Why?

It takes two minutes to delete the worm from the system32 folder and find, then delete its reg entry.
And another few minutes to download the MS patch.

Higher up's want the drives wiped.