Conficker virus rant (boring)

OK, I've been reading about this terrible worm that's been affecting millions of PCs etc...

I'm having a rant, don't take what I say here as fact, it's mostly speculation and wonderings.

There doesn't seem to be a lot of information about how the worm actually attacks, I understand it's through a security hole in the windows 'server' service. All the advice on the web says, "users should always install all the latest patches from microsoft and make sure your security software is up to date".

Personally I suspect this is crap (although I don't know for sure). I've seen many PCs with automatic updates enabled and running the latest security magic and they all run like a bag of hammers and half the time you've got things popping up from the taskbar demanding attention, restarts, updates more resources etc etc. And often these PCs still have viruses anyway! After recently fixing a PC for someone I updated them to the latest version of AVG, this litterally halfed the performance of the machine. For years I've run windows XP with no anti-virus, with no automatic updates (although I do install service packs) and with windows friggin security center disabled. I am behind a hardware firewall and use a hosts file to block ads etc and have sensible surfing habits! I haven't had a virus in the last 4 or 5 years.

Now I don't see why my firewall alone isn't enough to stop this virus from infecting me, as I understand it the worm is on the wan side and my computer would effectively have to ask to be infected before anything could get through to my network unless I was specifically forwarding ports to allow external access to the windows networking (foolish). Am I right?

Is the real answer to the problem, "everyone use a firewall"?

I don't see the point in preventing viruses etc by running software which uses half your memory, constantly scans files, flashes messages in your face, uses network bandwidth and cripples performace, is that not just like having a virus?

The latest AVG is awful, but it can be made reasonable if you disable the link scanner part of it before installing.

A lot of these e-mails warning you of "big dangerous virus" or "big dangerous scam" are pure spam.

FOOD MONOCULTURE = DANGEROUS.
SOFTWARE MONOCULTURE = EQUALLY DANGEROUS

btw "windows for warships" is being brought out by the MOD!

"Monoculture and the Irish Potato Famine: cases of missing genetic variation"

If you want to see how easy it is, just search 'metasploit' on youtube.

Note that microsoft are a little wierd about it - suggesting users to use the existing windows firewall(which is rubbish). Yes our firewall is limited,but that makes things easier.Ive found that the average user isnt capable of deciding what traffic to let out. Yes they 'learn' and remember your settings. But what when thisisnotavirus.exe wants to make an outbound connection?

According to my understanding,yes a proper firewall that will block the windows service -preventing it spreading via that manner. Ofcourse you may get it from your buddys USB stick, and then your firewall may ask if a wierd exe can setup an outbound to an odd URL.

Ive been following this too. I had to look at several sites to collect decent info.

It seems to spread also by malformed autorun.inf on usb sticks aswell - check for a crazy .vmx in notepad in it.Or disable autorun.

You know its funny, Ive used XP for years with a 3rd party firewall , no AV for 99% of that time. Almost no problems,and the benefit of a very fast PC. I was on dialup until recently,so gave up updating. But im not your average user using outlook to send/receive funny .ppt,.doc,britneyspears.jpg.exe, or attempting to download LOST from warez etc.


If you scroll through the long MS article, it tells you the work arounds -disable 'computer browser' and 'server' services. These are to do with SHARES and  a person who has one pc wont even need.

Prevention is better than the cure,as anyone who has treid removing nasty malware would know.

I actually have a small XP partition,ready for quick formatting , install drivers from CD and then its fresh as...
I do about 6times a year - heaps of spyware hides in windows\system32 or your documents and settings - where youl never find it.Especially if your rootkitted-youl never even seen the malicious files. I guess you might see them if you used a linux live cd and mounted your windows partition and had a look.

I found an informative mcafee blog which explains interesting malwares. Il post the link when I find it again.
 



Edited by tb_mike - 22 January 2009 at 4:54am

Just a pointer. I've seen the Conflicker on two memory sticks now. In both occasions the stick showed up in My Computer as a folder, not a drive. When cleaned back to normal.

Disco Stu wrote: [QUOTE=djgorey] Macs have viruses too, they just dont have a big enough market share yet for people to bother, as a huge amount of people own windows machines, and microsoft is particularly vulnerable. If they overtake microsoft and become the main computer market, you will see more viruses. Its just a computer, ALL systems can be hacked. Stu