I work for an ISP. Today, we’re dealing with the latest Microsoft security flaw exploit, the Sasser worm. Most of our XP users haven’t ran any security updates, so now, they got this worm and can’t browse the web. Which, they understandably blame on us, their ISP.
“YOU gave me this virus!”
Uh, no. Your unpatched OS made you vulnerable to this virus. We still have people who haven’t run the update from last summer that addressed the Blaster worm vulnerability. Now this latest one.
I realize that not everyone is computer savvy, that’s why I have my job. But this stuff is all over the news, the web, the little blinking “Windows Update” icon in the system tray.
Please, please. Please. Visit www.windowsupdate.com regularly. Keep your security updates current. Keep your anti-virus software current. Not keeping current makes the baby Jesus (and your friendly tech support workers of the world) cry.
Unfortunately, Microsoft has put out a product so full of holes, you’d have to patch it every couple of weeks to really stay up to date. For people on dial-up that could potentially tie up a lot of time downloading the patch. When I’m in the office running the various updates our IT group warns us about, it takes a good 15 minutes to run, (given time to close programs, reboot, etc.) and I’m on a lightning fast LAN.
I shudder to think of the millions of man hours spent doing nothing but patching up Microsoft’s crap-ass product.
I knew I was supposed to apply that patch, but I was busy surfing the SDMB, and I didn’t want to go through the hassle of the download and restart, etc. But the OP put a fire under me, and after a good 20 minutes of downloading, and an additional 15 or so of installing and restarting, I am now thoroughly patched, at least until the next hole is discovered.
So you can feel good that your rant made a difference to at least one user.
Yeah it amused me too that the worm exploited a fix… heh.
I totally emapthize with my users who have to DL the patches on dialup; it just sucks dealing with the fallout of stuff like this. The Blaster worm, at least turning on XP’s firewall kept 'em online so they could DL the patches. This latest fun makes it impossible to view webpages, so saying “go to www.windowsupdate.com” is pretty useless. We’re their ISP, they can’t view webpages while connected to our ISP, and since we’re their ISP, of course we gave them the virus! It’s hard to educate people when they’re pissed first of all cuz they can’t surf the web and have been on hold for like 25 min, only to be told “you need to DL a patch from Microsoft.” (Though we discovered that ending the avserve.exe process let them surf so they could DL the patch.)
Nothing like walking in on what you thought would be a normal slow Saturday to find the phone queue lit like a Christmas tree all day. Ugh.
Oh, gyawd, I had to come in at 8:30 tonight to help deal with this BS. I was supposed to come in at 11:30 for something else, and was going to get a nap first. No nap. A hearty Fuck You to all these jerkoffs with nothing better to do than create viruses and worms.
WORD!!! :: pumps fist in air, Huey Newton style ::
Also, a big FUCK OFF to those who voluntarily use either MSIE and/or Outlook Express, and doubly so to clueless admins who mandate that their underlings use that POS! That damn thing is the Typhoid Mary of the world’s email servers. Lock those damn things behind your firewall (you do have a firewall, DON’T YOU???) and disallow them access to the 'net until they get real security.
If the mandatory d/l of all this patchware is so time consuming, M$ should seriously consider change the minimum requirements for XP to broadband internet access.
I’m not particularly wild about Microsoft, but in all fairness, I have to speak in their defense.
Sasser isn’t exploiting a fix. Sasser is exploiting a hole that people, if they had installed the fix when it was released in April, wouldn’t have.
Me? I do not and never have used any flavour of Outlook, and the only time I use IE is if I have to visit a known site that is so optimized for it that nothing else will work. Stupid Webmasters.
I just spent the past 3 hours or so trying to download the critical update re: Sasser virus (please don’t yell at me! This is NOT my computer, it’s my father’s!) As anyone who has contracted Sasser can tell you, the reason that it took so long (other than the fact that it took me a bit of time to figure out what the problem was, not being a particularly savvy computer user in the first place) was that Dad has a dial-up connection, and the damned computer kept shutting down before I could download the updates!
This has been my first adventure in virus/worm world, and it has not been an enjoyable one, no sir.
I asked Dad whether he recalled seeing those little balloons down on the toolbar about Windows Updates, and he said, “Yeah, but I didn’t know what it meant, so I just left it alone.” Sigh.
In all fairness, I blame myself for not coming over more often and making sure that everything was kosher. Considering how often Dad had to pick my sorry butt up from the side of the road in freezing weather so I could sit in his car with the heater on while he tried to figure out why my latest piece-o-crap car wouldn’t start, I’m not really in a position to complain about having to spend a couple of hours playing with his computer.
Anyway, the updates are installed and the firewall is on – so, would someone please assuage my ignorance by telling me if that means that the Sasser thingie is gone now? Or is it just down to a dull roar? (The computer hasn’t shut down on me in the time it has taken me to type this, which is definitely a good sign. On the other hand, I notice that the “hourglass” is showing pretty much all the time, even though the pointer dutifully shows up and the computer is not frozen, so I suspect there is still some bad mojo here. (A chicken foot in the hard drive? I wouldn’t be surprised.)
I’ll check back in a half hour or so. Right now, I have to drive home and drain the dogs. Sigh.
Well, it’s Monday and Microsoft has stopped offering support on their 866 PC Safety hotline. It now refers them to Windows Update’s website. REAL helpful, since the problem is that USERS WITH SASSER CAN’T VIEW WEBPAGES.
Phone queue’s still lit up like a Christmas tree with pissed off people.
If your users ctrl-alt-del and force close the sasser program tree (I think it’s avserve.exe and avserve2.exe, just look for whatever exe is sucking up large chunks of the cpu), they should be able to hit webpages again for long enough to dl the patch. At least, that’s what worked for me.
Yeah, we discovered on Saturday that that would work… the other problem is most of these people haven’t run any updates, so not only do they get hit with Sasser they’re getting Blaster as well. With XP we can turn on the Firewall and that lets 'em stay online… and for Sasser we just end the avserve.exe process and that lets them browse… but… this is sad and scary but pressing CTRL ALT DEL is… above the heads of most of our customers. I’m serious. I spent 10 minutes with one guy telling him “See the key that says CTRL? It’s down near your space bar most likely. Press that key. Ok, now the one near it that says ALT? Press that too. Ok, now, holding them both down still, find the DEL key; it’s probably near your number keys. It says DEL. Keep holding down CTRL and ALT, then press that DEL key. Ok. You let go of CTRL and ALT? Let’s try it again. No, you don’t have to do it with one hand. Yes, you can use your right hand to hit the DEL key. No, no don’t hit it repeatedly. Your computer is restarting? Ok. We’ll wait for it to restart…”
Oh, and Gaudere? I don’t know if I ever told you this but, your “Fuck you, Netscape” rant from… probably a couple years ago now, is bookmarked on my Favorites. I don’t know if you even remember it but it has to be one of the best rants I’ve ever seen on this Board. I felt your pain, and cried with laughter.
