Re: conficker worm

Well I run Linux... so...

Most people probably just turn on the windows firewall and call it good. I usually put my customers behind a firewall / router, which alongside AVG on their computers seems to do the job. They have to go out of their way to screw that up, although a few do manage to find a way.

Re: conficker worm

Isn't this an issue for those who don't have a fully up-to-date system?

Re: conficker worm

>Isn't this an issue for those who don't have a fully up-to-date system?

no, afaik it is not.
how will virus reach the server service(think that was the one with a bug) if that service sits behind a firewall?

i mean this is not
http://en.wikipedia.org/wiki/Blaster_(computer_worm)
and it's not the time when less peple cared about firewall...

more details
http://vil.nai.com/vil/content/v_vul40728.htm
"Attack Vector..................Malicious local network traffic "

ie majority of people got this crap by either clicking on crap, or by runnign system without firewall...

be it either, it illustrates level of user "expertise" these days...

i don't quite understand this
"Conficker and other worms are typically of most concern to businesses that don't regularly update the desktops and servers in their networks. Once one computer in a network is infected, it often has ready access to other vulnerable computers in that network and can spread rapidly.

Home computers, on the other hand, are usually protected by a firewall and are less at risk. However, a home network can suffer as well. For example, a laptop might pick up the worm from a company network and launch attacks at home. "
http://www.pcworld.com/article/15787...cker_worm.html

is the author suggesting business users don't have firewall?
why?
if they do have it, only way to infect it is to execute the virus file in some way...ie by clikcing on scam links ets.
then again, what are antivir programs doing?
why have them at all if they won't pay special attention to such problems?

Re: conficker worm

Yes it is.

MS had the patch out last October.
http://www.microsoft.com/technet/sec.../MS08-067.mspx

But as we all know from previous threads i4004 doesn't believe in MS Updates.

~~

Firewalls don't catch everything especially when you have laptops on the network that travel and get used where there may not be a firewall.

.

Re: conficker worm

Well, who can resist fixing their rundll32? Or getting free porn for life by downloading a fake codec?

Re: conficker worm

>Yes it is.
MS had the patch out last October.
http://www.microsoft.com/technet/se...n/MS08-067.mspx
But as we all know from previous threads i4004 doesn't believe in MS Updates.


i install critical updates and had this one as soon as it was out.
that doesn't change the fact that this can't get in if firewall is working.
if everybody got firewall in time of msblaster(see link above) it would equally not pose any problem, because it would not get into the machine, because any "forcefull" traffic from outside is what firewall blocks.

am i wrong?
bonez, you answer.

(oh yeah, your memory is quite amazing if you know what i said about updates god knows how many months back...well done! right(and "right") side of the bell curve, right? <wink> )
~~

>Firewalls don't catch everything especially when you have laptops on the network that travel and get used where there may not be a firewall.

sure, but from the point of firewall, it should not allow outbound attack on the system
oh yeah, i have some ports open on my router(so i can engage in a variety of illegal activities..) so i take care important patches make their way on my system...

but this was not the virus that was sniffing ALL ports and entering that way...

Re: conficker worm

Firewalls don't catch everything especially when you have -> laptops on the network that travel and get used where there may not be a firewall. <-

> That's who.

Non PC savvy business people use laptops in Hotels all the time.
They don't know what a firewall is, they don't ask if the hotel has one, and if the Hotel said 'no' they'd probably use the LAN anyway.
Then they haul them back and plug them into the LAN at the office behind the firewall.

.

Re: conficker worm

sure

Re: conficker worm

Usually companies can not run firewalls in their internal network
Since they rely on AD which requires the Windows Server Services ports open (135 > 139) for them to communicate

Anyway, a patched system is not so much at risk, it is quite rare for 0-day exploits (but it does happen)

I run my personal system behind a firewall, a box with IPCOP, but on the PC's behind my firewall I don't have more firewalls... (Just like the company example)

Re: conficker worm

"hardware firewall" (= router) + Brain 1.0

ftw :>

Re: conficker worm

yes, my point was that if everbody had firewall and users that don't click trash this would never happen...
(wait...did i just say that? lol!...people usually prefer to surf porn at workplace, as that way wives won't see them...)

Re: conficker worm

Our local telecomm company owns all the phone cabling, so it's the only choice for ADSL broadband. This glorious company gave an USB ADSL modem for free to its new suscribers. They did this for years, so the installed base is huge. These pieces of S**T don't include a firewall.
Add this to the ton of PCs sold with windows updates disabled (builders don't want their clients complaining when WGA kicks in) and you have a huge number of PCs at risk.

Re: conficker worm

The McAfee site lists this worm as a Low Risk.
I have no clue why the media is scaring everybody with this one, when AV2009, etc, are SO much more problematic.

As noted above, the fixes came out last year.
Anybody running McAfee AV or Norton with anywhere close to a current DAT file has no worries.

I'm getting a LOT of mail from my client base about this. They are all responding to the media B.S. about this.

Re: conficker worm

The big deal seems to be the huge number of PCs infected.
Right now it is low risk because whoever programmed it is missing in action... The infected machines connect to certain random addresses to download a payload that would allow the worm creator to control the resulting botnet. Luckily, until now, none of these addresses contain the payload.

Re: conficker worm

My sister had something called Anti Spyware 2009 I had to remove what a pain in the ass (it was really resistant to my attempts but in the end my will was stronger). I'm sure the program you mention has the same intent flag false viruses and ask you to pay up for the program. Where in my case of course it was spyware and worms.

As far as security goes my router is my only line of defense (a Linksys BEFSR41) with a 16 port switch and a WAP following I did some GRC tests on my connection and it seems pretty solid security wise.

My WAP is secured with WPA-Personal. 90% of my network is wired anyways the wireless is just for my 2 print servers and 2 laptops.

I think that's where the major security risk is encryption protection I have found quite a few unsecured WAPs on my block. Imagine if someone conducted illegal activity on YOUR connection and then the cops come knocking on YOUR door .

If I do use public APs I turn on Windows Firewall it's better than nothing.

Who has a broadband connection without a router on it nowadays anyways?

Re: conficker worm

>This glorious company gave an USB ADSL modem for free to its new suscribers. They did this for years, so the installed base is huge. These pieces of S**T don't include a firewall.

mmhhmmmmmm....pretty bad....
here such modems were never really widespread....
i don't really know if they ever offered usb modems at all(ie those small craps with just usb connection)...i think i saw one once, but i think that was a replacement for real modem(that user bought on his own), or something like that...

it's usually siemens, d-link, zyxel, thomson...all have firewalls...

>Add this to the ton of PCs sold with windows updates disabled (builders don't want their clients complaining when WGA kicks in) and you have a huge number of PCs at risk.

yeah, but xp has it's own firewall which should be on on all machines...
to get this virus(without user intervention) you need system without hardware firewall AND xp firewall disabled...AND no patch that protects against it...
(putting aside local network ways of infection, those mostly don't apply to home users anyway)

Re: conficker worm

I remember those modems I got my cable Internet service back in 02 and got a Motorola SB4200 (USB and ethernet capable) and it's been chugging along with ethernet ever since.

I think I remember seeing USB only modems but I passed on that crap ethernet is what I would use anyways.

Re: conficker worm

IPCOP does support a few USB modems, might be worthy to know
Then again, having a dedicated firewall as a suggestion for someone that uses a USB modem will probably not be seen upon as an excellent solution (even if it is)

Re: conficker worm

Thanks, Per Hansson. I'll look into it.