Microsoft Won't Offer Patch Before Worm Strikes? 274
techmuse writes "According to an article in Information Week, Microsoft is aware that the 'Kama Sutra/Blackworm/MyWife' worm will hit on Friday, overwriting office documents, but will not release a patch until its regular monthly patch release on February 14th. Unless, that is, you subscribe to one of Microsoft's pay security services, in which case your machine will have the worm removed in advance." From the article: "The blog offered no explanation why the tool wouldn't be updated earlier, nor did Microsoft immediately respond to questions. Each month, Microsoft pushes a revised tool to Windows users who have Automatic Update enabled for Windows Update or Microsoft Update. The Redmond, Wash.-based company has released the Malicious Software Removal Tool off-schedule once before, in August 2005, shortly after the Zotob worm began striking Windows 2000 systems."
All should not be lost... (Score:5, Interesting)
Re:All should not be lost... (Score:5, Informative)
Microsoft is not distributing the patch out of cycle because it is not a vulnerability, it is a mass mailing worm. It has been categorized as low risk. The "unwashed masses" can get the removal tool from
http://www.microsoft.com/security/encyclopedia/de
Re:All should not be lost... (Score:5, Insightful)
What we really need is for MS to release a patch to repair the stupid and irresponsible users out there. Why haven't they fixed this obvious security loophole?
The problem with these viruses is that they do not kill the victims. If they did, then at least we could look forward to the point when Darwinisim fixed the problem for us. :)
Re:All should not be lost... (Score:3, Interesting)
Not hard.
How hard is it to not run software mailed to you from a (forged) sender you do know?
Apparantly much harder.
Re:All should not be lost... (Score:2)
Re:All should not be lost... (Score:5, Insightful)
And no, I don't think that moving to *nix is the answer either. I've had users follow instructions included with an email virus to type in a password required to unzip the payload, then run it. Those users will certainly be willing to type in "rm *" or whatever instructions come along with a virus. Their user files, the only thing of value on the machine, are toast either way. These are the same folks that will never back up their data either, so they really are toast.
Even people who should know better make mistakes (Score:5, Interesting)
Re:All should not be lost... (Score:2)
Re:All should not be lost... (Score:2)
Re:All should not be lost... (Score:5, Interesting)
Well, experience has told us that not all of these Microsoft vulnerabilities have anything to do with 'stupid and irresponsible' users.
Thanks to Microsoft, there's so many viruses that don't even require user intervention; some products will simply decide that it should both hide the extension and automatically run it for you.
I don't know the specifics of this worm, but times have come a long way from where you'd have to click on at attachment, select save, and then run. Nowadays the infection can happen automatically, instantly, and completely unobserved -- all because Microsoft figures it should automatically execute anything that looks executable (or that you're not really mature enough to see the extension of this file, so it looks like a JPG, or just simply because it's fun.)
I think it's far more irresponsible of Microsoft to effectively say "Well, between now and when we release the patch, you could lose all of your data. But if you've paid extra, you can have the patch now."
Time was when someone would send you an e-mail warning you that should shouldn't even click on an attachment since it could be a virus, you would politely tell them it was impossible. Nowadays, that's simply not true any more.
I think blaming the users 100% for this is absurd.
TROLL???? (Score:3, Informative)
Re:TROLL???? (Score:5, Interesting)
At least CBS News pointed out in their report on the worm that Mac users were unaffected.
Stranger? WHAT stranger? (Score:2)
"The email wasn't from a stranger. It was from my %#@! mother!"
Social engineering, my friend. Social engineering. If you pretend to belong where you don't people are unlikely to ask you to leave. I've had staff at an airport give me a ride from one 'secure' area to another because I looked lik e I belonged, (I didn't realize, at the time, that I was doing anything wrong).
The only way to completely shut down attacks like that is to turn o
Re:Simple fix (Score:3, Insightful)
Re:Simple fix (Score:2)
I'm also annoyed that these new-fangled "compilers" and "assemblers" make it easy for the unwashed masses to produce their own software. A real man just uses "cat>a.out". It's easy enough to work around bytes that can't be produced by a real keyboard.
In other words, "no."
Re:Simple fix (Score:5, Insightful)
get with the times, should be a tracking link to your torrent.
ftp works for the 2% of people who have their own non nat, static ip address with a ftp server that hasn't been blasted off the face of the internet. I am even in the small percent that do have a static ip, but the people I send files to don't have VPN access to any of my servers, and having ftp openly accesable to the net would just be stupid (and which windows users have sftp client installed? ok I do have port 80 access to a webserver that could serve the file, but thats probably not average or easier than attach either.)
Re:Simple fix (Score:2)
and having ftp openly accesable to the net would just be stupid (and which windows users have sftp client installed?
Haven't you ever heard of iptables and port knocking for friends with dynamic IPs? --reject-with tcp-reset is your friend :) You could scan every single port on my PC and it'd get you nowhere. And all windows users have at least a basic command line ftp client by default.
Re:Simple fix (Score:5, Insightful)
Clearly a solution for the unwashed masses. We can't seem to get people from double clicking every email attachment, I'm sure their ready to setup, configure and tweak their own IPTables.
Re:Simple fix (Score:2)
You expect too much of people...
Re:All should not be lost... (Score:2)
Use a different emailer, it's no so hard to use Moz Thunderbird, mutt or Sylpheed.
I bet clamav will be saving mail to
Re:All should not be lost... (Score:4, Insightful)
Attachments from unknown people? Delete!
Scan Attachments before clicking!
Ask sender if they meant to send attachment!
Microsoft has no responsibility to cover a users idiocy.
Ok, bring the bad karma.
Re:All should not be lost... (Score:2)
You aren't the first person I've seen state this, but reading through I haven't seen anyone mention what I'm about to say either.
Some of these mass mailing pieces of crap use the address of the host they have infested to do their mailing. I don't know how many times I've had to tell my mother "Did you expect to receive the attachment from the person who sent it? No? Don't you think you should email/call them first to make sure they sent it?".
I don't think it's use
Re:All should not be lost... (Score:2)
Re:All should not be lost... (Score:5, Informative)
Prior art for this MS business plan. (Score:5, Insightful)
Re:Prior art for this MS business plan. (Score:5, Informative)
This includes the URLS http://beta.windowsonecare.com/ [windowsonecare.com] and http://safety.live.com/site/en-US/default.htm [live.com]
I'm guessing that's free as in beer. I like to bash Microsoft at least as much as the next guy, but I think they've provided a free solution for this one.
-hank
Re:Prior art for this MS business plan. (Score:3, Insightful)
Re:Prior art for this MS business plan. (Score:2, Insightful)
Re:Prior art for this MS business plan. (Score:2)
Re:Prior art for this MS business plan. (Score:2)
http://safety.live.com/site/en-US/default.htm?jgm
Gives me:
"Firefox has detected that the server is redirecting the request for this address in a way that will never complete."
I guess my Powerbook is gonna get nuked on Friday, huh?
Re:Prior art for this MS business plan. (Score:2)
Re:Prior art for this MS business plan. (Score:2)
--LWM
mmkay (Score:3, Insightful)
(2) there is a standalone patch available from Microsoft. Download it, put it on a network share or push it using SMS.
Actually it's MS that should be suing. (Score:2)
They should sue the asses off the virus authors for violating their patent on "user screwing."
New Microsoft Chief of Software Security (Score:3, Funny)
What, me worry? [wikimedia.org]
A simple word for it... (Score:2, Insightful)
This is what is commonly referred to as "extortion". Pay them now or something bad might happen. You wouldn't want something bad to happen would you?
Re:A simple word for it... (Score:5, Insightful)
Re:A simple word for it... (Score:2, Insightful)
1. What if Microsoft intentionally wrote bad code, and conspired with worm authors to agree on a worm release date, then said "You can pay to have the fix before this day, or get it for free after this day". Well, it's just a thought, I'm not making any accusations.
2. What if all security product vendors took the same sta
New Business Strategy Actually (Score:2)
Re:A simple word for it... (Score:4, Insightful)
Extortion [wikipedia.org] is when someone says "pay or do this, or something bad could happen later", and the person saying that is the one that will make the bad happen later.
In this case, it's Microsoft saying "We'll take care of this problem sooner for a little money", but someone else will make the bad thing happen regardless. Microsoft is just offering clean up/prevention, not "assured safety". Your lack of acceptance will not make the problem better or worse; it will stay exactly the same.
An analogy might be that there's a gang of kids going around defacing houses, and Company XYZ says "We'll stick a security guard in front of your house for a little extra money, so you'll be ready when those kids show up, and won't have to wait for the police to show up when you do get hit." XYZ is offering an enhanced service; if you turn them down, your house will likely get defaced, but not because of anything XYZ did.
(If you can show that XYZ/Micrsoft is in cohorts with the kids/virus writer, then that is indeed extortion, but at face it's mislabeling.)
Re:A simple word for it... (Score:2)
Saying that we should blame mainly Microsoft for virii is saying like we should mainly blame the homeowner for leaving the window opening (or the window maker, for making a window that could be left open), which allowed the robber to come in and steal everything.
Yes, it was a stupid move, but nothing would have happened had the robber not intended to be malicious. The open window only made things
It makes perfect sense (kinda) (Score:2)
Remember: Microsoft appears to be controlled by their marketing department, not their engineering department. In such a regime, appearances are far more important than good customer support.
Also on Friday (Score:2)
Re:Also on Friday (Score:2, Funny)
Oh, and happy birthday.
Re:Also on Friday (Score:2)
Re:Also on Friday (Score:2)
Try to be a little fair (Score:5, Informative)
Or, if you had read the very article you're posting, "Both the company's free online security service, Windows Live Safety, and its in-beta OneCare Live software, however, will disinfect compromised computers, Microsoft said."
Re:Try to be a little fair (Score:2)
After the damage is done to your files?
Re:Try to be a little fair (Score:2)
All I said was, "What do you think of the outfit?" (Score:2)
After the damage is done to your files?
ZEN: Repair monitors report explosive device attached to primary power channel.
BLAKE: Where?
ZEN: Hold three, access duct seven.
BLAKE: Can the automatics neutralize it?
ZEN: No.
BLAKE: Why not?!
ZEN: There is no damage.
AVON: Computer logic. Until the bomb explodes there is nothing for the repair system to repair. Zen, can you reprogram the automatics?
ZEN: Preemptive interference in crew activity is forbidden.
BLAKE: Oh,
Re:Try to be a little fair (Score:5, Insightful)
At least I know how to protect my computers. So the impact to me would be none regardless of what Microsoft does. It is those users that don't even know the definition of malware that are most at risk, and will be the least likely to use Microsoft's proposed remedy.
Re:Try to be a little fair (Score:4, Insightful)
Dude, what are you smoking? Those users who don't know how to protect themselves adequately probably don't even know what Windows Update is, let alone rely on it to keep their PC safe.
Incorrect Story (Score:5, Interesting)
Re:Incorrect Story (Score:2)
Happy Valentine's Day! (Score:5, Funny)
How ironic that a patch for the Kama Sutra/MyWife worm will be released on February 14th.
Happy Valentine's Day - Love, Microsoft.
Re:Happy Valentine's Day! (Score:2)
Or if you don't want to pay (Score:3, Informative)
Now, speaking as someone who has tried the online virus scanner, I have to say it works really quite well. It's just the tool to clean your computer of viruses, spyware, malware, unused/unneeded files -- and even knocks out those MICRO$OFT haters on
Re:Or if you don't want to pay (Score:5, Insightful)
Do you see what I'm getting at? All those viruses and spywares and worms on your computer have already done damage when you get them removed. The goal is to keep them from getting on your computer or at least keep them from running. And MS is deliberately charging for that feature. Their online virus-removal thing is nice, and can mitigate some damage, but the horse already left the barn.
Re:Or if you don't want to pay (Score:2)
No, I don't see. Because the part they aren't releasing is a removal tool, which will only help if the user is already infected. As has been said, if you have up-to-date virus protection you should be ok. This is not a vuln in a product, this is the user running an executable. If you get infected there are several free avenues for removing the virus. But yeah, boo Micro$oft. Teh r da evul.
Haha... (Score:2, Informative)
The constant hate... (Score:3, Informative)
Re:The constant hate... (Score:2)
And I'm sure there are some not-so-ample folks (I myself am fairly svelte) who use Oracle... but I digress. You're right; this kind of "we know it's broken but don't expect us to drop everything and fix it" logic is pervasive in the software industry. It's like buying a 6-cylinder car, having only 5 cylinders work, and the dealer
Re:The constant hate... (Score:2)
The only software that should be eligible for exclusion of liability of Free as in Beer or Free as in Speech software.
Everything else should have bugs be accountable to the software maker. Why not? Every other industry in the world works like that, why not software?
Honestly... (Score:2, Insightful)
"I would like to return this car" (Score:5, Funny)
"Because there's a car bomb on it set to go off on Friday."
"Sorry, that's not our car bomb."
"No, but when I bought the car, there was a modular plug next to the engine with PLACE CAR BOMB HERE written on it!"
"Sorry, not our problem. You knew this car was prone to car bombs when you bought it, and your purchase agreement specifically spells out that we're not responsible for car bomb damage."
"Can you at least remove the car bomb?"
"Sorry, but your contract specifically states that we're under no obligation to remove any car bombs attached to your car. Now, if you would be interested in purchasing our special Car Bomb Insurance..."
- Crow T. Trollbot
More like this (Score:2, Informative)
"OK here you go. We also offer a car bomb detection service. Our car is as car bomb proof as we were able to make it but those terrorists are pretty clever. So you can pay us to make sure that any new ways of getting car bombs into cars that we find out about is prevented. "
"No thanks. What are the chances I'm gonna get targeted by a terrorist"
"I want you to fix my car and all other cars for free"
"What's wrong with it"
"Car bomb set to go off in 3
Re:More like this (Score:5, Insightful)
Our car is as car bomb proof as we were able to make it
I'm fairly certain that Microsoft engineers were fully capable of making Windows more secure. They have smart people working there. Reality is that they made it as secure as they were willing to make it. It's like cars in the '60s. Safety didn't sell if it was an inconvienience. Adding more security to Windows would have meant less ease of use and less backwards compatability. Both are important to maintain the customer base and prevent people from considering alternatives. Were they right or wrong? That depends on how you look at it, but you certainly can't say they implemented security to the limits of their ability.
Re:"I would like to return this car" (Score:2)
"My friend Steve did it."
"He doesn't sound like a very good friend."
"Well, it wasn't actually Steve, but he really looked like Steve, except for the moustache."
"Oh, so you let a total stranger install the bomb?"
"It was a very convincing moustache."
*Trojan*, not worm (Score:2)
Some may argue
Re:*Trojan*, not worm (Score:2)
And some may argue that more time needs to be spent at Redmond in thwarting these things outright, rather than having to patch them or update the malicious software removal tool every cycle. It's not like this Trojan is old news.
Re:*Trojan*, not worm (Score:2)
Re:*Trojan*, not worm (Score:2)
Re:*Trojan*, not worm (Score:2)
You get what you pay for (Score:5, Insightful)
Software licenses are agreements that should have the full weight of contract law. There is no other way that the licenses I prefer, like the GPL, BSD, Mozilla, MIT, etc, get any legal weight. If you can't abide by the terms, take a stand, show some guts, and click "Cancel" on the install. Find some software that is licensed under terms you can accept. Don't be a sheep and agree just because it would be too hard, or make you go look for other software if you disagree.
THIS STUFF IS IMPORTANT.
Microsoft Policy Guideline? (Score:2)
-Bill Gates
Re:You get what you pay for (Score:2)
That's completely false. Licenses like the GPL work because it is illegal to distribute a copyrighted work without permission from the copyright holder.
Mod Parent UP! (Score:2)
Re:You get what you pay for (Score:2)
Copyright law does not speak to whether I can use copyrighted material without the express permission of the copyright holder. (IE, c
Re:You get what you pay for (Score:2)
You're right. End user licenses should be considered as valid as any other contract with no consideration and no signature.
Malicious software removal tool (Score:2)
Our sources say that this 'malicious tool' looks just like 'rm', but is made with evil bits. Some viewers have called in to report sinister rm.666 files all over the file systems - experts suspect these to be soft links to /bin/rm. Reports are steadily streaming in of other variants aliasing themselves to 'rm -rf /'.
Viewers are urged to remain cautious. We shall return at 11 to talk about these and
A few more facts to throw water on the fire (Score:5, Insightful)
AFAICT this is as run-of-the-mill as virus threats get, and I'm grateful that MS is maintaining a level of software discipline and not jumping all over themselves to instantly respond to every stupid little worm that crosses the net. I'd much rather see meaningful updates once a month than frantic, possibly-buggy scramble fixes three times a week.
how about reading TFA? (Score:4, Informative)
from TFA:
Bad title (Score:2, Insightful)
This is not a worm, but a virus, and MS is not releasing a patch, but an updated virus definition.
Viruses are not caused by a system flaw but by user intervention, that is unless it is installed without user intervention, then it is a system flaw. I am not a Microsoft user but I see no fault they are doing.
NO PAY (Score:2)
Misleading headline (Score:2, Informative)
fat bil (Score:2, Funny)
About the virus... (Score:2)
At the risk of being branded a MS apologist.... (Score:2, Insightful)
I don't consider it Microsoft's responsibility to ensure that every Windows user gets just-in-time virus removal for free. It might be different if the virus exploited an OS flaw, but to my knowledge this one doesn't. This is why people pay money for AV software. That said, it would be nice if they'd schedule an out-of-cycle release of the malicious software removal tool, but doing so could create a precedent they don't wish to establish.
About MyWife... (Score:2, Funny)
Sceduled Virus Release Date (Score:2)
Patch timing not the problem... (Score:3, Insightful)
A program that removes some stuff that Microsoft decides is significant enought to be called "malicious" isn't much of a tool to begin with, and then to factor in that it's only updated once per month makes it even less valuable. Oh, I might also mention that the program only detects an underwhelming 54 "malicious programs?" Wow, gimme summa that.
There's really no issue with Microsoft not releasing an update for the removal tool. It's expected, standard behavior. It's right there in the documentation, second paragraph. This is not an anti-virus program that updates daily, this is some kind of other tool that exists in an awkward dimension all of its own.
Missing something? (Score:3, Insightful)
Realizing this is
*pop!* That was my karma. It was good karma but it's gone now. I've offended the fanboys.
Re:Missing something? (Score:2)
Trial/free anti-virus that remove Win32/MyWife (Score:5, Informative)
A bit of searching came up with the following free or trial versions of anti-virus programs which are capable of detecting and removing Win32/MyWife [microsoft.com] (née CME [mitre.org]-24 [mitre.org]):
Alwil [alwil.com] - Avast! 4 Home Edition [avast.com] (free for personal non-commercial use)
ESET [eset.com] - NOD32 trial version [eset.com] (30-day evaluation)
Grisoft [grisoft.com] - AVG Free Edition [grisoft.com] (free for personal non-commercial use)
Kaspersky Lab [kaspersky.com] - Anti-Virus Personal 5.0 [kasperskyusa.com] (30-day evaluation)
McAfee [mcafee.com] - VirusScan [mcafee.com] (30-day evaluation)
Microsoft [microsoft.com] - Windows Malicious Software Removal Tool [microsoft.com] (KB890830 [microsoft.com]) (free)
Panda [pandasoftware.com] - Titanium Antivirus 2006 [pandasoftware.com] (30-day evaluation)
Sophos [sophos.com] - Anti-Virus [sophos.com] (30-day evaluation)
Symantec [symantec.com] - W32.Blackmal@mm Removal Tool [symantec.com] (free)
Trend Micro [trendmicro.com] - PC-cillin Trial Version [digitalriver.com] (30-day evaluation)
I'm certain other readers will look up and post links to additional vendors, too. Ob-disclaimer: I happen to work for one of the companies listed above, so there.
Regards,
Aryeh Goretsky
Why the Name? (Score:2)
Re:Two words (Score:2, Funny)
I think I've heard that before...
Re:Al Capone would be proud (Score:2)
-Calling it worm is somewhat misleading, you still have to actually run the exectuable attachement in the email to get infected. Meaning that this is not a software exploit, more of a classic idiot user exploit.
-Any anti-virus program, including the free online service offered by MS, will remove the virus.
-Yet somehow becaue MS opted to not rush an unfinished update to their spyw
Re:Seems quite logical...but... (Score:3, Funny)
Re:Hmph... (Score:2)
Re:fuel for the fire (Score:2)