http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html :bigmouth:

Heh, while I appreciate the help, I can see this one causing problems too. It's pretty funny though, a virus to catch a virus.

Yeah!! The good guy worm! You know the retards in the Gov would still prosecute this guy for distributing a virus.. :shady:

Retards?

I work in a hospital. While we didn't get hit by MS Blaster, this new one infected our network this afternoon when someone connected a non-hospital computer to the network. It brought our entire network to its KNEES with all of the ICMP traffic it created, shutting down critical systems. I just got home minutes ago after removing the virus and patching my share of 170+ machines and we still have more to go tomorrow.

So I don't think I'll mind if the "retards" in the government do go after the creators of this "helpful" worm.

Guess there are retards at the hospital that didn't patch 170+ machines.

How "critical" are your systems when no one patches them?

[/$.02]

Originally posted by SnotRocket
How "critical" are your systems when no one patches them?
[/$.02]


Ooooooh..... tu che'. :heh:




Dave.

Originally posted by SnotRocket
Guess there are retards at the hospital that didn't patch 170+ machines.

How "critical" are your systems when no one patches them?

[/$.02]

<slashdot>
+2 Flamebait
+2 Informative
</slashdot>
:P

Originally posted by SnotRocket
Guess there are retards at the hospital that didn't patch 170+ machines.

How "critical" are your systems when no one patches them?

[/$.02]

If you would read his post clearly you would see that a non- organizational computer was put on the network. It is quite possible that most of the computers he had to fix were only accessible by his intranet and not the internet. Therefore running Windows Update on the machines would be futile if they did not have an internet connection, which would make patching much more time consuming, which would be quite difficult to do if he is in charge of 170 computers, don't you think? :rolleyes:

I had about 15 machines infected at my work out of the 120 I support. Most were because the doctors using them would fail to run the installation of the critical update even though I had set them to be downloaded automatically.

By the way I should mention, I also support 60 mac users, who all had a great time watching all the PC users squirm :hehehmm:

I got around the "I can't access the web" excuse by mapping a drive to a machine with the patches on it and running them.

I even got really fancy and wrote a batch file that does it all in one click.

I have no sympathy for anyone who wasn't patched. If you have ANY kind of network with ANY outside access (email, floppies, USB) then your stuff shoulda been patched. We all had almost a month to get this done and no one in this business has the right to claim ignorance.

If I was CIO at a company that had a major outbreak, somebody would lose their head.

Originally posted by SnotRocket
Guess there are retards at the hospital that didn't patch 170+ machines.

How "critical" are your systems when no one patches them?

[/$.02]

Wow.

I'm not even going to comment further on this. We are understaffed and maybe YOU have the money to pay people to go to over 600 machines in the hospital which are NOT on active directory and keep them up to date every time a patch comes out from Microsoft (weekly?), and if so then please write us a check.

If you want to be insulting and rude, be my guest. Doesn't mean I'm going to listen to you.

Originally posted by seqiro


Wow.

I'm not even going to comment further on this. We are understaffed and maybe YOU have the money to pay people to go to over 600 machines in the hospital which are NOT on active directory and keep them up to date every time a patch comes out from Microsoft (weekly?), and if so then please write us a check.

If you want to be insulting and rude, be my guest. Doesn't mean I'm going to listen to you.

I hear ya. Not all of us work in the computer industry, where everyone knows how to patch their comps. The schools are WAY backloged for tech issues, so many of our schools are getting slammed.

and I wish people would think about what they post before they post...it's tough to tell when someone is being light and really just kidding...as I'm sure Snotrocket was (?)

What a dick :2far:

Originally posted by eSDeeLoco
What a dick :2far:

Really? I thought SnotRocket's comments were pretty spot-on... does the job of a network admin not include regular maintenance? Or do they simply set it up... then sit back and unlock user accounts for the rest of their tenure?

I understand if someone ELSE was responsible for patching those machines... that you'd be pissed that you have to do the cleanup.

Now... if you are handcuffed by some sort of lockdown of the systems that can't be changed without management approval (or something crazy like that)... then I could understand why some didn't get patched.

But this is a major reason why network admins are employed... security. Being proactive is always best. And you get to tell your employer that you prevented the system from suffering because of your proactive approach. Cases like this provide a great example. You can point to Lockheed Martin (or similar) who is ground down to a halt... while you enjoy high network health.

If they're all on the network and have shares... do what you gotta do and find a way to make it happen (.bat file, or whatever).



Dave.

Originally posted by Dave_7


If they're all on the network and have shares... do what you gotta do and find a way to make it happen (.bat file, or whatever).


I'm not saying that it isn't our job to take care of business like we're supposed to. In my case almost all that were affected were not "department" computers but rather personal computers that were sharing our network and which I did not have Administrator rights. I know it sucks but that's just the way it works here. All the computers that were under my watch were not affected. The thing is, snotrocket made an assumption on what sequiro's work environment was like and called him a retard based on this assumption. That's just not cool. Sequiro has been here a while and has been very helpful in this forum in particular, so that was uncalled for. Even if sequiro was slacking off at his job(which I'm sure he wasn't) snotrocket shouldn't have assumed he was.

Sometimes I am amazed at the high horses that some MS babies ride on :bigmouth:

Originally posted by eSDeeLoco
Even if sequiro was slacking off at his job(which I'm sure he wasn't) snotrocket shouldn't have assumed he was...

I see what you are saying. I didn't read it that way at all. I thought it was a mild quip at those at the hospital (not sergio) who didn't get the machines patched.

:bandit:


Dave.

i'm with esdee.

and on another note, it's pretty funny that everyone accepts these constant updates and patches as ok. keeping on top of every patch is a full-time job. let alone the fact that people's grandmothers are supposed to be able to use such an "easy OS" to use. yeah...walk someone's grandmother through patching her OS sometime, then multiply that times a hundred and then tell me how good the OS is and how people who didn't update were just slackers. bah, it's the OS, not the endusers.

granted, other OS's have "critical updates" and patches. but some of these security flaws are just wrong :2far:

Originally posted by mojo
i'm with esdee.

and on another note, it's pretty funny that everyone accepts these constant updates and patches as ok. keeping on top of every patch is a full-time job. let alone the fact that people's grandmothers are supposed to be able to use such an "easy OS" to use. yeah...walk someone's grandmother through patching her OS sometime, then multiply that times a hundred and then tell me how good the OS is and how people who didn't update were just slackers. bah, it's the OS, not the endusers.

granted, other OS's have "critical updates" and patches. but some of these security flaws are just wrong :2far:

The other part of the "fun" of keeping up with updates on a crital network is trying to get all the downtime approved in the first place. I am the network administrator for my company and while we were not infected it was more luck then anything. We are behind a properly configured firewall, but that means nothing when you have laptop users on your network that travel with the computers and dial up the internet on them.

Laptop users are the hardest to keep up with the updates on, because they are sometimes missed when they are out of the office.

So because of the fear of a laptop user bringing this thing inside the network, I have been working from home many a night this week patching and rebooting our servers via a VPN and remote desktop connection. Even this isn't all that easy because we are pretty much a 24X7 shop. I still have a few more to go, all I can say is the past couple of weeks have NOT been fun.

At least we got most of the end user workstations patched a couple of weeks ago because of another worm/virus threat. (MiMail?) That took days as we have a couple hundred windows stations here along, not to mention the other plants.

:stupid:

Since we have offices all over the world, we don't have a maintnance window for our servers during the week - they are being hit 24 hours a day. It's a huge pain to schedule the downtime for even a simple reboot.

I love how the morons who cause this havoc blame the OS - "I was just pointing out a security flaw so MS can fix it!" Well, moron, do you go breaking into people's cars & stealing radios to point out the security flaws of Honda? :rolleyes:

Originally posted by mojo
i'm with esdee.
...it's pretty funny that everyone accepts these constant updates and patches as ok.
...granted, other OS's have "critical updates" and patches. but some of these security flaws are just wrong :2far:

Agreed. Though, I am certainly not OK with it... it's just reality. Company politics can play a part in creating the situation. Often times, it isn't the experts making the OS decisions... it's the users (management). Now THAT deserves one of these :2far:



Dave.

Ok folks, obviously things need explaining.

- I wasn't trying to slam seqiro outright, hence why I made the comment in general, NOT explicitly at him. Seqiro, I apologize if you took it as a personal attack.

My point is simply this: I don't run out and patch every system right away with every patch that comes out. This one however, was a big deal according to EVERYONE. I have spent the last 3 weekends and many nights patching all of my systems. I too am responsible for over a hundred critical servers that are used around the world. Downtime is not easy to come by - Hence the weekend work.

As it was stated, this is part of our jobs! I also find it much easier to patch my stuff now by putting in extra hours at my convenience, then to wait till my network is shot and then have to work 24 hours straight.

A couple of solutions I've used are to make a batch file and run it manually for servers. For users, I email the batch file (or a link to it) to all of them and tell them to double click on it.

At the end of the day, had seqiro's network been patched, the unauthorized laptop would not have had any effect on it.

Again, I apologize if I offended you. I know that I spent A LOT of unpaid overtime over the last few weeks getting my systems patched - so I know that it is a pain in the butt, but because I did that my network is running clean. I still can't feel too bad about people getting infected by the Blaster virus or the newer one since they both could be prevented with the patch.

by Paul Thurrott, News Editor, [email protected]

Last week, the MSBlaster (LovSan) worm rocked the IT world. The worm
took down more than 385,000 Windows-based computers, according to
antivirus vendor Symantec, and forced Microsoft to redirect its
Windows Update Web site to prevent a scheduled August 16 Distributed
Denial of Service (DDoS) attack. Windows & .NET Magazine UPDATE warned
readers about the security vulnerability that paved the way for the
MSBlaster worm in the July 22 issue ("Windows Server 2003 Gets Its
First Major Security Vulnerability,"
http://www.winnetmag.com/windowsserver2003/index.cfm?articleid=39649 ),
and of course our other publications also provided ample warning
that IT administrators should seriously consider applying the patch
that Microsoft first supplied on July 15, 2003. Furthermore, the US
Department of Homeland Security (DHS) twice warned the public that
this security vulnerability could cause problems if users didn't
install the patch; print and TV media around the globe covered this
news.
Despite these and other warnings, the MSBlaster worm, which
launched a month after Microsoft patched the affected vulnerability,
took down computers in companies large and small. Individuals,
including a friend of mine, saw their computers spontaneously reboot
because of this problem, which made downloading the patch impossible.
My friend had plugged in a new computer, navigated to Windows Update
to download all the available critical security updates, and was
infected immediately before the download was able to finish. That's
incredible.
Last week, I wrote a somewhat controversial opinion piece for
WinInfo Daily UPDATE titled "Windows Worm Should Never Have Been a
Problem"
( http://www.wininformant.com/articles/index.cfm?articleid=39849 ), in
which I noted that we expend a lot of energy blasting Microsoft, often
rightfully so, for its security problems. These vulnerabilities have
cost IT administrators countless hours of frustration, testing time,
and downtime, and the flood of updates that these problems necessitate
probably isn't going to end soon. But with the MSBlaster worm, I have
to wonder if we're not taking the blame game a little too far. We'd
been warned adequately that this worm was coming, and I honestly feel
that many people simply weren't being responsible and doing their
jobs: This worm shouldn't have been so disruptive.
In the matter of full disclosure, yes, I live in the proverbial
ivory tower. Yes, the infrastructure I manage is
sub-small-business-small. And yes, it has been years since I worked in
the field, being responsible for production machines at a real
company. Just the same, blaming Microsoft for everything is easy,
isn't it? After all, the company is a convenient target and, not
coincidentally, often at fault. My point isn't that administrators are
solely responsible for the devastating effects of MSBlaster, but
they're part of the problem--a part that could have done more to fix
things proactively. I know your jobs are hard, and I know you're not
appreciated as much as you should be; but as systems administrators,
you're personally responsible for protecting your network, computers,
and users. We can blame Microsoft for not creating a more secure
system, but we must also accept the blame for not working with the
tools we do have to ensure that this worm was contained. This worm was
an embarrassment for both the Windows IT community and Microsoft.

Just for the record, it wasn't my call to not patch the systems. I'm part of Desktop Support and while I can recommend something, I can't make anything happen.

The hospital I work at does not have an IS department, per se. Instead, IS is a division of finance. And the VP of finance does not know a thing about computers except that they cost money.

Desktop technicians don't have keys to all of the offices, so after hours we pretty much can't do anything and are not authorized to do so whether we get paid or not. There are four desktop technicians who handle all of the support calls and two project technicians who handle new deployments and other large scale projects. We have ONE network admin overseeing a ton of servers including AS/400, NT, Win2K, Novell, and other machines I've never heard of. We are hardly up to date here, so every MS operating system since Windows 3.11 is installed and running somewhere in this building. That makes for very busy technicians.

It is near impossible to convince the powers that be in finance that we have to work on a computer that, as far as they are concerned, isn't broken and make it so the hospital workers can't do their jobs even for 10 minutes. They don't understand patches, they don't understand our jobs, and mostly they wish they didn't have to pay for us in the first place. Since it IS a hospital, there are people here around the clock. Getting permission to shut down the network or reboot a server takes an act of god.

Normally I am on the project team and every new PC that I have put out since the patch came out has been patched. I've also updated machines that I've worked on for one reason or another. But I can't do any more than that. None of my machines at home got the worm and neither did my parents machine because I've kept them up to date because they ARE my responsibility.

However.

None of this exonerates the person who wrote the Nachi worm. Anything that invades your computer and changes settings without your permission, no matter the intent, is NOT good. This worm even opens up a port without letting you know. It's no better than the Blaster worm--which we didn't get, by the way, because our net admin has done a terrific job with the firewall--and can cause unforeseen damage (two computers in the building wouldn't boot even into safe mode after getting the virus). If our system that tracks the vitals of patients in ICU/CCU had gone down, their lives could have been at risk. Even if it was a small risk, it's too much.

So yes, there is definitely a responsibility to keep your systems patched and if I had my way every system in this building WOULD be patched and we'd have the personnel to do it and management who would give us their blessing. But the REAL world isn't like that and if the virus writer spends a couple months making license plates for writing his "good" virus, he won't get sympathy from me either.

We can blame Microsoft for not creating a more secure
system, but we must also accept the blame for not working with the
tools we do have to ensure that this worm was contained. This worm was
an embarrassment for both the Windows IT community and Microsoft.tell that to gramma, whose computer is still rebooting and can't for the life of her figure out why.

thing is, windows markets itself as a product that anyone can use. which is true enough. but when the expectation for non-technical people to do more technical things comes into play, i gotta question it. i mean, sure, it's easy enough to patch the stuff. it's easy enough to understand. but if you don't work with it every day, such simple things can be difficult. and weeding through the real requests to update and the fake ones can be even more so.

so who's gonna be the one that says that gramma has no business on the internet? not me, thanks. she has just as much right to be there as i do. and it should be easy for her to use. and it should be secure out-of-the-box. and the powers that be at microsoft should be pressured in real time for action. and not just when it's too late.

Grandma could have bought a Mac.

But Macs would be targets, too... if they were a greater percentage of the PC population.



Dave.

gramma should have bought one. and then yeah, they'd be bigger targets. and maybe ms could have some heat taken off of them :P

Originally posted by mojo
gramma should have bought one. and then yeah, they'd be bigger targets. and maybe ms could have some heat taken off of them :P
Ha!

Forgive me, I mistyped... you are correct... could = should. :P




Dave.

Originally posted by seqiro

The hospital I work at does not have an IS department, per se. Instead, IS is a division of finance. And the VP of finance does not know a thing about computers except that they cost money.


Why is it that so many companies lump IT under finance? At my company my dept is under R&D (thank goodness), but I still constantly have to deal with finance guys trying to make IT decisions. They have a real hard time believing that people running CAD software need a different machine than the people answering the phones.

But at least they're better than a past company I was with - the VP was a marketing guy who thought that when we bought a single software license that it was perfectly OK to install it on every PC in the company.

Sadly, many companies don't see the value of an IT dept until a major problem occurs, and by then it's too late.