Conficker Worm Discussion (esp. 1 April, 2009)

[fredunderhill]

Another way to word this would be. Linux has the eyes of the world looking at it from a QA standpoint, and can deliver security patches on so many fronts much faster than Microsoft can, as the primary providers of such vulnerability fixes on Windows are Microsoft, and Microsoft only.

I protest that any "real" damage would require sudo. If you store data on your system at all, you store it in your $HOME directory. You don't need sudo to destroy that... In the end, your OS is free and replaceable. Your data is never so easy to replace.

actually, i installed ubuntu using wubi, so that in case i screw up doing something, not all will be lost. this being said, i store everything on the windows partition and have all my defaults set to there.

[Swagman]

Yeah, I'm wondering what happened on 4th of January as well?

I suspect they actually mean 1st of April though

1/4/2009

[Vevmesteren]

There was, once upon a time the dooms day millenium bug that was to bring the whole world to a stand still. I remember watching TV that night. Seeing the rockets shoot into the sky of Sidney, I was so disappointed that night... No crashing buildings. no chaos. Now I have a child and am in another place. But am secretly hoping that this Microsoft hoax maybe might come true...which off course unfortunately would make it 'my problem' too. but really I think it is a MS way of blowing companies using cracked free versions of their software wide open...I just hope my (so far non-bailed-out-bank) is paying their Excel Spreadshits...no wait...

[toupeiro]

You should be making regular backups of your data.

But in any case, erasing people's personal files isn't very lucrative, and most malware these days isn't created for the "Ah-ha! Gotcha" thrill. Most malware now is for financial profit.

You can bet one of the reasons malware thrives in Windows is that it's tied to system files and so difficult to remove. If malware lived only in the user space, you could delete it as easily as deleting a user account and creating a new one.

If we are taking into account all disaster recovery measures are in place, then who cares really what OS it is, or what the security model is. Backups are backups. This whole stance would be moot if you are going to facture that in. Anti-virus and malware is preventative maintenance to avoid using backups, regardless of the realm of attack, backups themselves are a completely different scope. With or without these preventative tools, if you don't have backups, you're playing with fire, so thats not the scenario I wanted to pitch because I felt it was pretty much assumed.



Also, it completely depends on how you would classify your personal data, whether or not you think its lucrative to exploit. Just because its in user space doesn't mean its not very critical.. I've seen it a thousand times. When it comes down to the destruction of an operating system, people don't care about that box anymore, all they care about is what was on it. They don't care if its a new box, or a new OS, as long as the data was not compromised. Without good backups, you probably just lost your job, with good backups, it doesn't make your loss of data any less critical whether its in user space or system space if its been classified as critical. My point was, if someone wanted to be malicious, it doesn't necessarily mean they have to take their system down, or exploit an OS security hole. There is a lot of damage to be done in the user space with data saved in home directories that malware would love to crawl over, or flat out corrupt or delete. Don't think that just because in most cases linux OSes can't be exploited as easily as Windows ones, that there is not plenty of havoc that can be wreaked. I think one reason we don't see many of these incidents on linux is that typically linux users have a higher awareness level of their system, but if that paradigm changes, I believe you will see this exploited much more. Your browsing history, installed app configurations, and perhaps things like your financial data and tax info are all in your $HOME. You're ships not sinking, but its a pretty pointless ship now that everything on it is gone. /bad_analogy

[Lunx]

People get sick of the updates forcing automatic reboots so they turn them off and never think of them again.

And also remember there are plenty of people running dodgy copies of Windows who don't go anywhere near a patch or anything else ( some estimates I've come across say this could be as high as 30% of Windows users). MS won't allow them to update security, so these #*$% users can keep on infecting everyone elses machine. Don't quite get the MS take on this issue, since surely the credit they would gain by having a secure system that people could have faith in would more than offset the loss of $$$ they cop from people pirating the software.

[toupeiro]

actually, i installed ubuntu using wubi, so that in case i screw up doing something, not all will be lost. this being said, i store everything on the windows partition and have all my defaults set to there.

Thats a smart config as long as you keep windows patched and backed up Of course, if something happens to your filesystem (like a nasty BSOD), and you're wubi install is on that partition, bye bye wubi and windows.

[Dustin2128]

how many computers do you think will go down day after tomorrow? I'm thinking a couple thousand, nothing that will make a dent in the M$ market share.

[FuturePilot]

I just saw a piece on the news about this. But what I found interesting was, and I quote,

...Mac and Linux are not affected.

Did I hear that right? Linux got mentioned in the news!

[Grant A.]

Conficker/downadup has infected over 9,000,000 Windows-running computers.

[swoll1980]

This should be fun to watch. I think it's another 01/01/2000. All show, and no go. Maybe a scam to increase Norton's bank account