Author Topic: Microsoft asked for Sasser Worm?  (Read 620 times)

Vector

  • Newbie
  • *
  • Posts: 1
  • Kudos: 0
    • http://www.korynas.com/
Microsoft asked for Sasser Worm?
« on: 7 May 2004, 19:50 »
I'm a new member. I was told about this site after letting a buddy of mine know how ticked I was about Microsoft's handling of the Sasser situation.
I was one of the first to be affected. Trying to find out what was going on, I found out about the LSA problem. Over the weekend, I started researching about other users with simmilar problems, and how they were dealing with it. My search discovered some facts that I knew and a few that I didn't. Virus software (I run both AVG and McAfee VirusScan w/ firewall) could not detect the worm initially, and trying to contact MS about the problem was very problematic. I rooted around Microsoft's site to find the right patch and failed. It was a link on a bulliten board (not Microsoft) that I was able to find the patch.
Here's my gripe: Microsoft released an anouncment that there was a security hole in LSA in the middle of April. When Sasser hit at the end of April, it attacked the very hole that Microsoft released. Why not wait until they fixed the problem <i>before</i> they let the hacks know about it??? The way they handled it, it almost seemed like they invited Sasser to happen.
Maybe I'm missing something...
"How do you want to be screwed today?"

flap

  • Member
  • **
  • Posts: 1,268
  • Kudos: 137
Microsoft asked for Sasser Worm?
« Reply #1 on: 7 May 2004, 21:03 »
The idea behind telling people about it before you release a fix is that they can take limited measures to prevent an attack, even if they're not able to fix the problem. Generally it's better to be told the problem exists, rather than to be kept in the dark in the hope that potential attackers will also be kept ignorant. However Microsoft don't always bother telling people once they've been informed of a vulnerability.
For example, if you'd read the security bulletin you could have blocked the appropriate ports on your firewall, though you probably should have had them blocked anyway.

[ May 07, 2004: Message edited by: flap ]

"While envisaging the destruction of imperialism, it is necessary to identify its head, which is none other than the United States of America." - Ernesto Che Guevara

http://counterpunch.org
http://globalresearch.ca


M51DPS

  • VIP
  • Member
  • ***
  • Posts: 608
  • Kudos: 30
Microsoft asked for Sasser Worm?
« Reply #2 on: 8 May 2004, 01:34 »
quote:
Originally posted by flap:
For example, if you'd read the security bulletin you could have blocked the appropriate ports on your firewall, though you probably should have had them blocked anyway.


This is good advice. By default, you should block all ports except for the ones you know you need. Things like the 135-139 range (NetBIOS) most likely aren't necessary.

flap

  • Member
  • **
  • Posts: 1,268
  • Kudos: 137
Microsoft asked for Sasser Worm?
« Reply #3 on: 8 May 2004, 02:00 »
If he's running a firewall I don't know why he wouldn't have had that blocked already. The average user should simply have all incoming connections rejected by their firewall - whatever system they're running.

[ May 07, 2004: Message edited by: flap ]

"While envisaging the destruction of imperialism, it is necessary to identify its head, which is none other than the United States of America." - Ernesto Che Guevara

http://counterpunch.org
http://globalresearch.ca


Calum

  • Global Moderator
  • Member
  • ***
  • Posts: 7,812
  • Kudos: 1000
    • Calum Carlyle's music
Microsoft asked for Sasser Worm?
« Reply #4 on: 8 May 2004, 02:21 »
windows firewalls generally don't encourage you to know what ports are and will generally manage firewalling from an applications perspective, rather than an actual network security one.

as for microsoft's approach to users and their concerns:

visit these websites and make yourself happy forever:
It's my music! | My music on MySpace | Integrational Polytheism

FOO

  • Newbie
  • *
  • Posts: 6
  • Kudos: 0
Microsoft asked for Sasser Worm?
« Reply #5 on: 12 May 2004, 01:54 »
Look at it like this if you had a bunch of friends over at "bobs" house and you heard that there was ganna be a shooting at bobs house would you try see if you could stop the shooters and not warn your friends or would you tell them that this threat is there ?
Friends will bail you out of jail. Best friends will be right next to you saying, That was fucking AWSOME.