Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

The Next Worm Could Disable U.S. Communications and Computers
Yahoo Business News ^ | Aug. 22, 2003 | John Mariotti

Posted on 08/22/2003 9:37:05 AM PDT by FairOpinion

click here to read article


Navigation: use the links below to view more comments.
first previous 1-2021-4041-44 next last
To: Apple Pan Dowdy
"am I right that I do not need a firewall if all computers are connected through a router?"

--

I only have a little knowledge, more than that average person, perhaps, but significantly less than people who really know what they are talking about.

My understanding is that you still need a firewall. Just think, all companies connect their computers through routers and even firewalls and get hacked into routinely.

I think if you have a computer directly connected to the router, to act as a server for your own network, then connect your other computers to that one, THEN, as long as you have a firewall on the first computer, to catch everything, then you don't need a firewall on the rest of the computers.

But to have a router with NO firewall anywhere, I don't think is adequate, in fact I think it leaves you very vulnerable.

As I said, I don't know a great deal, but just consider the logic. I would suggest you do a few google searches, read up on it and get a firewall.
21 posted on 08/22/2003 10:59:47 AM PDT by FairOpinion
[ Post Reply | Private Reply | To 18 | View Replies]

To: Apple Pan Dowdy
The potential of Y2K problems was indeed huge -- at least to the business community. There was massive prep for it, software manufacturers went through their code and either certified it as "Y2K-Ready" or fixed it so it was, businesses tested their stuff and made corrections as necessary (our staff discarded hundreds of old machines and thousands of old software packages that couldn't be certified, spent many weekends in the server room setting system clocks so they would roll-over and then testing the apps, and all of us were on-hand on New Years Eve 1999)... that things went as smoothly as they did does NOT mean that the problem was overblown -- indeed, our overseas ops were hit hard because they didn't do the prep that we did -- we knew it was coming and we were prepared for it.

The current worm/virus situation requires at least as large an effort to get under control. Customers should demand bug-free certified and tested code from their vendors, as they demanded Y2K-Ready certifications. That is the only to stop these attacks -- remove the vulnerabilities.

The current system is designed so that everyone makes money and no one is responsible for anything. From throwing release after release of buggy code over the fence (which must be constantly updated), to AV companies insisting on subscription-based AV applications which will never be able to anticipate the next attack (and must ALSO be constantly updated).

Solving the root cause of these problems will require absolute acceptance of major change in/to the software industry. And that will never happen.

22 posted on 08/22/2003 10:59:50 AM PDT by TechJunkYard (because... so much is riding on your wires)
[ Post Reply | Private Reply | To 14 | View Replies]

To: jfritsch
>> Well, there -will- be more worms as long as Microsoft puts out horribly insecure products. So the solution is simple: abandon all Microsoft use. Get another OS (Macintosh, Linux, FreeBSD, VMS, Solaris, HPUX, IRIX, AIX, I don't care), and use it instead. None of them are as worm-ready as Microsoft. <<

EXACTLY! I'm partial to Solaris myself. Wouldn't it be GREAT if EVERYONE abandoned Microcrap software and started using a truly superior OS?

Hey Bill! Can you say chapter 11
23 posted on 08/22/2003 11:00:31 AM PDT by appalachian_dweller (If we accept responsibility for our own actions, we are indeed worthy of our freedom. – Bill Whittle)
[ Post Reply | Private Reply | To 9 | View Replies]

FREE PC PROTECTION:

24 posted on 08/22/2003 11:48:41 AM PDT by martin_fierro (A v v n c v l v s M a x i m v s)
[ Post Reply | Private Reply | To 1 | View Replies]

To: FairOpinion
Luckily he just oh so happens to have a book to sell...
25 posted on 08/22/2003 11:49:55 AM PDT by Diddle E. Squat
[ Post Reply | Private Reply | To 1 | View Replies]

To: FairOpinion
My company has dozens of computers, and we havent had a single incidence of virus or worm in the last 3 years. NOT ONE. Ignorant and lazy consumers and network managers are to blame if they are infected.
26 posted on 08/22/2003 12:11:48 PM PDT by montag813
[ Post Reply | Private Reply | To 1 | View Replies]

To: jfritsch
I agree completely. These worms do NOT threaten all computers and only threaten computers with insecure OS's! It's not rocket science guys...I suppose the zeitgeist is very strong...

27 posted on 08/22/2003 12:14:03 PM PDT by =Intervention= (Moderatism is the most lackluster battle-cry.)
[ Post Reply | Private Reply | To 9 | View Replies]

To: Apple Pan Dowdy
Other than a few crackpots who liked the media coverage, I don't remember seeing the tech community going overboard on Y2K. Yes, many corporations needed to spend some bucks to protect legacy systems, but truly the need for that isn't in the slightest bit debatable. That some went off half-cocked isn't the fault of techies, IIRC I read that the same thing happened in 1900.

I do agree that many who own PCs don't have an inkling of a clue when it comes to security, anti-virus, etc. Most people don't have a clue how to rebuild a carburator either. When they have a problem with their car, they go to a technician. It's the same with PCs, except computers, at least as far as a personal appliance, aren't considered as necessary as an automobile. This will work itself out in the long run, but I think we'll see even more virus/worm attacks before it does.

Let's face it, other than lost productivity and one nuclear power plant that was already off-line, there really hasn't been any damage proven yet. We still have yet to see what comes out of the latest blackout.

Corporate networks definitely need to ramp-up their security. Mr. FourPeas works in IT security and there *still* isn't the emphasis there that I'd expect. Apparently when it comes to the bottom line, the various outages caused by Blaster, Sobig, et al. really aren't that worrisome to the decision makers in corporations. So be it.

There may be a call someday for good computer security. If so, we have all the resources necessary to provide it. Until then, apparently the consensus is the status quo is just fine.

28 posted on 08/22/2003 2:28:53 PM PDT by FourPeas
[ Post Reply | Private Reply | To 14 | View Replies]

To: FairOpinion
BFL
29 posted on 08/22/2003 2:31:04 PM PDT by CyberCowboy777 (SELECT * FROM users WHERE clue > 0 ................................................. 0 rows returned)
[ Post Reply | Private Reply | To 1 | View Replies]

To: montag813
Ignorant and lazy consumers and network managers are to blame if they are infected.

Mr. FourPeas works for a company with thousands of computers in more countries than I care to count utilizing wireless, VPN, you-name-it. Almost every time, the virus or worm causes at least some problems. Ignorance and laziness is a part of it, but certainly not all. For the most part, even to large corporations, IT security is not that important. Budgets are small; influence is minimal; standards are a joke. Trying to design a complex network where everything works seemlessly is not a piece of cake. Verifying that current revs of anti-virus and firewalls are rolled out to thousands of computers in a timely fashion requires time, money, clout, sufficient policies, enforcement, etc. It's just not THAT simple.

30 posted on 08/22/2003 2:34:52 PM PDT by FourPeas
[ Post Reply | Private Reply | To 26 | View Replies]

To: lilylangtree
lol join the group, some of us have been getting this for days now
31 posted on 08/22/2003 2:37:56 PM PDT by boxerblues (God Bless the 101st, stay safe, stay alert and watch your backs)
[ Post Reply | Private Reply | To 11 | View Replies]

To: montag813
Ignorant and lazy consumers and network managers are to blame if they are infected.

Lazy consumers? Perhaps.

Lazy network managers? Only the one's for very small sites.

Let's take Blaster, for example and a typical enterprise, say, about 1000 servers and 10,000 desktops.

Each of those servers runs applications. Not all the same application, sometimes a mix of different ones, sometimes single purpose apps, sometimes apps in standby for a disaster recovery situation.

Let's say that there are, conservatively, 1000 servers with 100 different apps running on them. Each server configuration must be patched and then tested before going into production. That requires that either you have an exact duplicate machine for each production machine (which is prohibitively expensive both in hardware and Windows licensing costs) or you have a few machines that you can format, install Windows, install and configure the software, install the patch and test.

That means formating, installing and testing around between 100 and 500 servers in order to test every configuration. And that doesn't include testing every desktop configuration too.

Considering that a typical install evolution consisting of Windows, application and system configuration can take around 2 hours per server, plus add on a 24 hour window to let the machine run (during which time the machine can't be formated and move on to the next test platform) it's not unusual to require 3 to 6 months to test all servers and then patch them once a patch has shipped.

Blaster gave them about three weeks.

32 posted on 08/22/2003 2:41:42 PM PDT by Knitebane
[ Post Reply | Private Reply | To 26 | View Replies]

To: Knitebane
Let's say that there are, conservatively, 1000 servers with 100 different apps running on them. Each server configuration must be patched and then tested before going into production

I dont get your estimates. Once the patch came out, it took us less than 36 hours days to write scripts and patch 450 servers and workstations.

33 posted on 08/22/2003 2:47:08 PM PDT by montag813
[ Post Reply | Private Reply | To 32 | View Replies]

To: Apple Pan Dowdy
Can you blame us for doubting that this threat will be all that dangerous?

Yes I can considering I just spent all day killing off the Welchia worm after spending a full day last week killing off the Blaster worm. Our company is well protected compared to most and they still got in. This is starting to have real economic impact. Our company is small, but it cost several thousand dollars worth of lost productivity and man hours.

The threat is real and will wind up impacting all of us.

34 posted on 08/22/2003 2:53:59 PM PDT by 6ppc
[ Post Reply | Private Reply | To 14 | View Replies]

To: Knitebane
"Lazy network managers? Only the one's for very small sites."

The NY Times was shut down, a while ago the computers at Edwards Air Force Station had to be shut down, I understand there was a problem with the trains, all because of the worm.

35 posted on 08/22/2003 4:46:16 PM PDT by FairOpinion
[ Post Reply | Private Reply | To 32 | View Replies]

To: FairOpinion
The Next Worm Could Disable U.S. Communications and Computers

After wasting three hours of my time and that of a technician in clearing
SoBig from some lab computers...I knew how Arnold could assure his election as governor
of California. He'd just have say:

"I will propose sentences of 25 years to life for writers and willful facilitators of
spam, viruses, worms and other sorts of Internet terrorism. That's 25 years to
life for each offense, with sentences to run consecutively."

At this point, such a rational proposal would be greated by me with a
"what? no death penalty?".
36 posted on 08/22/2003 5:03:37 PM PDT by VOA
[ Post Reply | Private Reply | To 1 | View Replies]

To: FairOpinion
Bump!
37 posted on 08/23/2003 1:10:05 AM PDT by JustPiper (The Free Republic of America! "W" is our President !!!)
[ Post Reply | Private Reply | To 6 | View Replies]

To: martin_fierro
I want to thank you! Since you first posted these likes I got and am using Popup Popper, it is GREAT! I am using Mail Washer, it is a JOY! Ad-Aware has found so many files of spyware on my two drives, unbelievable, I supposedly had an excellent spyware on my pc, NOT! What do I do with the quarantined files though? And is Zone Alarm better than MS firewall or comprable? Question what about replacing IE with Mozilla?
38 posted on 08/23/2003 1:17:04 AM PDT by JustPiper (The Free Republic of America! "W" is our President !!!)
[ Post Reply | Private Reply | To 24 | View Replies]

To: Bikers4Bush
Al Qaeda doesn't have the skill. This is more likely of chinese influence.

And if it is, there are many thousands here who will see that as a challenge. I'll bet we'll learn to bounce a cyber bomb right back at them.

39 posted on 08/23/2003 1:39:32 AM PDT by FlyVet
[ Post Reply | Private Reply | To 10 | View Replies]

To: JustPiper

40 posted on 08/23/2003 3:37:03 AM PDT by martin_fierro (A v v n c v l v s M a x i m v s)
[ Post Reply | Private Reply | To 38 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-44 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson