Amie
08-18-2003, 06:11 PM
Written by:
Dan Gookin
August 18, 2003
Weekly Wambooli Salad
Answering your questions and calming your fears about Blaster.
1. Is Blaster a virus or a worm?
It's a worm because it can replicate itself. Viruses merely infect a computer, but do not propagate. The confusion comes because both programs are unwanted, both typically arrive via the Internet and both have the potential to damage files on your computer.
Despite the name difference, anti-virus software deals with both viruses and worms, as well as similar programs (Trojan Horses, and so on).
2. Is Blaster harmful?
No. This is the amazing thing: The worm infected computers but it did not delete any files, nor did it send your personal information off to a database in Asia.
The worm's point was to infect as many computers as possible. Then, at a present time (August 16), the worm would force the computers to connect to the Windows Update service, effectively knocking that service out of commission. That's called a Denial Of Service or DOS attack. (And it didn't happen, which shows how quickly the virus was cleaned up.)
So while individual computers were infected, there really was no damage done and the real purpose was to cause the infected computers to bother Microsoft.
3. How did the worm infect the computer?
Unlike other viruses or worms, this one did not arrive through e-mail or from infected software downloaded from the Internet. Instead, it wandered in through a vulnerability in Windows, specifically an open port.
4. What is an open port?
Though you have only one connection to the Internet, internally your Internet connection uses about 65,000 ports. Think of these as tiny little doors that open to specific traffic on the Internet.
For example, port 80 is used for serving up web pages. Port 21 is used for FTP, or sending files back and forth. E-mail uses port 25. On-line games use ports in the 20,000-range. There are thousands of port assignments.
You would think that these ports would all be closed, but they're not. Many are left open, allowing services on the Internet to access them — kind of like leaving all the doors and windows open on your house.
For many ports, being open isn't a problem. For example, my Unix computer keeps port 21 open for FTP. The FTP program restricts access, however, to only those who have active accounts on the computer. So for me, keeping that port open is safe.
Other than opening specific ports you may need, the general idea is to close all other ports. Often times this must be done manually or by using a firewall.
The Blaster worm attacked ports 135 and 69. Microsoft left these ports open and kept the RPC protocol running on the ports in Windows XP, NT, 2000 and on the Windows 2003 server. Last month they recognised this gross error and presented an update patch to close the port.
5. Should I install more Windows Updates? You told me not to upgrade Windows and I got infected!
This is correct — and I've caught a lot of flack from a few readers. I do not recommend upgrading Windows or applying security patches that seem to be announced three-a-week. The reason is simple: many of the patches are bad. For example:
Not every patch is compatible with all PC hardware
Applying a patch does not guarantee that your computer will run after the patch is installed
One patch denied Internet access to over 600,000 people
One patch caused many computers to run at an extremely slow pace
One patch caused some computers to run too fast and overheat
One patch Microsoft itself urged people to uninstall
With a track record like that, plus the e-mail I get from many, people who regret upgrading,I am loathe to recommend it.
But look: If you want to update your computer, please do so. I don't update or upgrade any of my systems, and that's just me. If you want to start updating your own computer, go ahead.
6. What if this happens again and we need to update Windows?
I'll send out an e-mail note letting you know what to do if this happens. If ever there is any Windows update that is immediately necessary, such that anti-virus software or a firewall will not provide protection, I will let you know about it here in this newsletter. If it's an emergency, then you'll get a note via e-mail, just as everyone got last Monday.
7. How can I prevent this from happening in the future?
Install and use two programs: Anti-virus and Firewall. Between the two, you will keep the bad guys out of your computer.
I can also recommend anti-spyware software. The best so far appears to be the HijackThis program. I recommend it.
http://www.spywareinfo.com/~merijn
http://www.webattack.com/get/hijackthis.shtml
8. How can a firewall protect me?
Firewalls plug the same holes that the Windows update patches supposedly plug, and they do a much better job of it. With a Firewall installed, you can control who or what can send data into or from your PC. Especially for a high-speed Internet connection, a Firewall is a must.
http://www.zonelabs.com/store/content/home.jsp
Amie :amie:
Dan Gookin
August 18, 2003
Weekly Wambooli Salad
Answering your questions and calming your fears about Blaster.
1. Is Blaster a virus or a worm?
It's a worm because it can replicate itself. Viruses merely infect a computer, but do not propagate. The confusion comes because both programs are unwanted, both typically arrive via the Internet and both have the potential to damage files on your computer.
Despite the name difference, anti-virus software deals with both viruses and worms, as well as similar programs (Trojan Horses, and so on).
2. Is Blaster harmful?
No. This is the amazing thing: The worm infected computers but it did not delete any files, nor did it send your personal information off to a database in Asia.
The worm's point was to infect as many computers as possible. Then, at a present time (August 16), the worm would force the computers to connect to the Windows Update service, effectively knocking that service out of commission. That's called a Denial Of Service or DOS attack. (And it didn't happen, which shows how quickly the virus was cleaned up.)
So while individual computers were infected, there really was no damage done and the real purpose was to cause the infected computers to bother Microsoft.
3. How did the worm infect the computer?
Unlike other viruses or worms, this one did not arrive through e-mail or from infected software downloaded from the Internet. Instead, it wandered in through a vulnerability in Windows, specifically an open port.
4. What is an open port?
Though you have only one connection to the Internet, internally your Internet connection uses about 65,000 ports. Think of these as tiny little doors that open to specific traffic on the Internet.
For example, port 80 is used for serving up web pages. Port 21 is used for FTP, or sending files back and forth. E-mail uses port 25. On-line games use ports in the 20,000-range. There are thousands of port assignments.
You would think that these ports would all be closed, but they're not. Many are left open, allowing services on the Internet to access them — kind of like leaving all the doors and windows open on your house.
For many ports, being open isn't a problem. For example, my Unix computer keeps port 21 open for FTP. The FTP program restricts access, however, to only those who have active accounts on the computer. So for me, keeping that port open is safe.
Other than opening specific ports you may need, the general idea is to close all other ports. Often times this must be done manually or by using a firewall.
The Blaster worm attacked ports 135 and 69. Microsoft left these ports open and kept the RPC protocol running on the ports in Windows XP, NT, 2000 and on the Windows 2003 server. Last month they recognised this gross error and presented an update patch to close the port.
5. Should I install more Windows Updates? You told me not to upgrade Windows and I got infected!
This is correct — and I've caught a lot of flack from a few readers. I do not recommend upgrading Windows or applying security patches that seem to be announced three-a-week. The reason is simple: many of the patches are bad. For example:
Not every patch is compatible with all PC hardware
Applying a patch does not guarantee that your computer will run after the patch is installed
One patch denied Internet access to over 600,000 people
One patch caused many computers to run at an extremely slow pace
One patch caused some computers to run too fast and overheat
One patch Microsoft itself urged people to uninstall
With a track record like that, plus the e-mail I get from many, people who regret upgrading,I am loathe to recommend it.
But look: If you want to update your computer, please do so. I don't update or upgrade any of my systems, and that's just me. If you want to start updating your own computer, go ahead.
6. What if this happens again and we need to update Windows?
I'll send out an e-mail note letting you know what to do if this happens. If ever there is any Windows update that is immediately necessary, such that anti-virus software or a firewall will not provide protection, I will let you know about it here in this newsletter. If it's an emergency, then you'll get a note via e-mail, just as everyone got last Monday.
7. How can I prevent this from happening in the future?
Install and use two programs: Anti-virus and Firewall. Between the two, you will keep the bad guys out of your computer.
I can also recommend anti-spyware software. The best so far appears to be the HijackThis program. I recommend it.
http://www.spywareinfo.com/~merijn
http://www.webattack.com/get/hijackthis.shtml
8. How can a firewall protect me?
Firewalls plug the same holes that the Windows update patches supposedly plug, and they do a much better job of it. With a Firewall installed, you can control who or what can send data into or from your PC. Especially for a high-speed Internet connection, a Firewall is a must.
http://www.zonelabs.com/store/content/home.jsp
Amie :amie: