General discussion


Dealing with continuing worm attacks

By debate ·
What do you think about Jonathan Yarden's proposal that Microsoft should distribute Windows service packs on free CD-ROMs? How do you feel about Microsoft's idea to make software updates automatic? Share your comments about dealing with continuing worm attacks, as discussed in the Sept. 8 Internet Security Focus e-newsletter.

If you haven't subscribed to our free Internet Security Focus e-newsletter, sign up today!

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Service Packs want to be FREE!

by cmessina In reply to Service Packs on CD-ROM

To the folks who would be willing to pay for service packs
on CD, you're being far to generous to M$!!! C'mon, their
code is responsible for costing small businesses
throughout the world billions in lost revenue, lost
productivity and system failures. If they really are serious
about security and patching their machines, they should
send EVERYONE who activates their copy of Windows a free
lifetime subscription to service packs and updates. I mean,
why else activate Windows then to give M$ a way to contact
its users about security threats?

Furthermoe, AOL built its business by sending out billions
of free CDs with their software on it. Why can't M$ do the
same with their service packs? Shouldn't this be included in
the price of admission? Shouldn't M$ do this to make up for
all the lost revenue the users stomach for M$'s
incompetence?? I mean, at what point does this become an
issue for Ridge's Homeland Security Dept? Maybe the GOVT
should be sending out these service packs in the interest of
national security?!

Collapse -

And a workable solution, if not complete.

by Paranoid In reply to Dealing with continuing w ...

Given the number of CDs they send out trying to attract people to MSN, this should represent a small investment for MS. This is one of the more workable solutions I've seen yet, although it certainly won't eradicate the threats by any means. My feeling is that the fewer machines out there that are susceptable, the lesser the impact on all of us who connect.

It would also go a lot farther towards giving credence to MS's much publicized stance on security. Having a court mandated annual audit by a CISSP on a single product line simply doesn't give me a warm and fuzzy, at least if updates are free and easily available, I can still feel fuzzy or warm and for now, either one will suffice.

Collapse -

Oxymoron: Microsoft Security

by rograham1 In reply to Dealing with continuing w ...

When NT was being developed, Microsoft employed a novice project manager for security. Contrary to popular belief, the experience of DEC's Cutler did NOT penetrate into MOST of the components of NT. For most of its life, Microsoft has traded function for quality (to its great advantage...witness the demise of the reliable and secure OS/2). It comes down to this, if you don't have problems to address or versions to upgrade, you don't have mind share and you can be disintermediated...or minimally lose maintenance revenue. It is human nature to IGNORE items that don't bother us....when we should be appreciating them every day of our lives.

No matter how good MS gets, there will still be errors and exploits. They need an effective reset button methodology (System Restore on steroids) to go along with improved quality. Most users are going to have to access the Internet through a personal DMZ eventually.

Isn't it ironic that the OLDER versions of Windows were held harmless in the exploits
of newer technology features.

The holy grail of virus writers (or disgruntled MS employees) will be to penetrate an automatic update facility. There is a middle ground for such a facility...a user can elect only the lag time and the implementation schedule, not the content...and warnings should become increasingly insistent...since the life you affect is not just your own.

Collapse -

Well I can see two problems with this

by HAL 9000 Moderator In reply to Dealing with continuing w ...

The First is obvious and that is just the fact of life that it isn't possible to find a Worm, make a fix and then distribute it world wide in the time frame allowed/necessary.

The second is a Privicy issue as if Microsoft required everyone who activated a MS product to register their name, address ect there could be a real problem if/when the MS site getts "Hacked" and all that user information gets stolen.

Otherwise I can't see a problem but honestly I think that MS has got it about right now and while I'm not all that happy to keep downlaoding patches all the time it is at least faster than having to wait for a CD to arive in the mail that may cause more problems than it is susposed to fix.

Collapse -

12 hours to download updates

by ikayak In reply to Dealing with continuing w ...

I agree that Microsoft should make service packs available on CD. I would also like to see the updates be downloadable so they can be burned to a CD. Over the weekend I visited my sister and installed Win XP and SP1 (from CD) on her system. She is a rural user and only has a dialup connection. It took me over 12 hours to download all of the upgrades she needed. Imagine how much more convenient it would be if rural uses could request a CD or if they could download and burned to a CD. I am too far away to take the computer and return it later. There must be thousands of users with this issue.

Collapse -

Download them.

by mrbill- In reply to 12 hours to download upda ...

Go to the MS web page, download center and download the patches you need. Then use your CD-burn s/w to make a super-sneakernet disk.

Collapse -

But you can and I do this regurarly

by HAL 9000 Moderator In reply to 12 hours to download upda ...

All you have to do is log onto the MS download page and then manually select what you require and save these to the revelant folder on the HD and then when they are all downloaded burn off a CD.

You of course need a fully patched system so you can check up on exactly what was needed and once you have this list there are only the "Device Drivers" left and these don't take all that long to download and install from the Windows Update page. @|Downloads&displaylang=en

I do this if only to save myself the problem of having to download up to 60 MEG of Patches for XP and I have a full set of updates for all previous Microsoft OS's it is a bit messy and you also have to use the Office download site as well but it is worth the effort as it saves a lot of time.

What I particuarly like about all the patches/Hot Fixes for XP and 2000 and there are lots is the fact that MS still insists that Linux requires many more patches to keep it secure "If that possible as presently there is no secure OS" and MS insists that they have the more secure and less patched OS now if only that was true.

I actually do this because I to only have a dialup connection here as the broadband ends about 300 yards down the roqad and at present they have been telling me that it will be connected within the next 12 months but thats been going on for 5 years now and unless I want to personally pay to have the neighbourhood wired they aren't presently planning on extending the cable for the time being at least.

Collapse -

You hit it on the head

by bjunkait In reply to Dealing with continuing w ...

If Microsoft every used common sense, none of us would know what to do.
This was one of the best articles I have ever read.

Collapse -

Dealing With Continued Worm Attacks

by BpBlacky In reply to Dealing with continuing w ...

I think Mr. J. Yarden's proposal about Microsoft giving the patches free is excellant, except whoever suggests it to Mr. B. Gates had better have a resusitator on hand and paramedics standing by. Mr. B. Gates gives very little, percentagewise of his wealth, away free!

Microsoft's idea of automatic downloads is the worst idea since 1900! That would wipe out my computer's total capacity in one month, and I imagine many other peoples' personal home computer as well.

Collapse -

And so what percentage to you give?

by RCOM In reply to Dealing With Continued Wo ...

I think one should investi-Gate before making statements and or accusations. The Gates foundation gave away over 6 billion dollars last year, what about you?

Bill Gates is a person and Microsoft is a corporation. The fact that people don't realize the difference between the 2 is what leads you to make a statement like this without actually knowing the facts.

There's many issues that Microsoft needs to addressed. They have the challenge of trying to make an OS that is free of all these defects and can still be as functional. This is no easy task but if they want to continue to be the giant they've become there's no other choice.

On the other hand John Q. Public has to be aware that he needs to protect his OWN system. Like with the recent attacks a patch was out and the creeps that created these worms probably did it after hearing of the vulnerability. They expected a high percentage of success based on the fact that most users don't pay attention.

I think the best money spent would be on educating users. This is already available all over the place but if free CDs are to be made this is where I'd start.

Microsoft should offer automated software for security auditing. Thus letting users know of potential risks and how to correct the situations. Included should be easy to understand presentations on how to protect the PC.

One thing no one's mentioned is that for so many of you out there that have unpaid for OS' I wouldn't offer support anyway.

Related Discussions

Related Forums