Comments on: Conficker postmortem: Hype distracted but threat is real

Experts say media hype of Conficker worm may have distracted people from the real but less sexy threat--the ongoing, everyday risks on the Internet.

[jag0]

EPIC FAIL for the *entire* news media....*sigh*

Stuff like this is why I don't even bother watching the local news b/c they are so completely ignorant when it comes to anything that is technology related.

[skillingssucks]

...but you're not, right?

[Michichael]

Protip - consult a real IT professional, ask your local ISS instead of relying on egotistical wannabe experts.

[wjmcalman]

Sigh~~~! I am so relieved and all this did was cause me to do everything I should have been doing prior to the threat. Prevention, blah, blah, blah, could have saved me a lot of work on March 30 and 31st. Had good security now I have the best and it is a real treasure.

Grany

[gggg sssss]

Still have Auto updates turned off. Too many users are getting in the habit of clicking on every warning. Every piece of crap wants to do auto updates. Come on. Why do I care if Roxio needs an update. FOAD install shield. Why do I care if the Dell bios is out of date? Or if Crapple wants to update it splayer?

They see something that says they are infected - click here, and THEN they are indeed infected.

[Seaspray0]

That's not a good thing, gggg ssss. Updates not only fix vulnerabilities, but they can also provided improved functionality. I don't think you will find a single security expert who will agree with you turning off the updates. I know you're going to do what you want, but I do not appreciate you public condoning people turning off updates like you just did. I'm asking nicely... please don't do it anymore.

[AjoyBhatia]

Do not throw out the baby with the bath water!! I agree with you about not caring about Roxio or Crapple player updates (unless you want some new features) but.... but. A Dell BIOS update is on a totally different footing altogether. I would strongly advise you to not ignore that.

[MrCanuck]

This worm has been built up by the Anti Virus company's as a major threat, which obviously makes them big money because people go scrambling to buy their product.

And what amuses me to no end is that after Conficker looks to be a total bust the Anti Virus Company's are still pushing their products.

This part here i find extremely amusing.

"The problem is that there are tons of malicious programs and attacks out there on the Internet every day and people don't do enough to protect their computers, experts say. People need to be vigilant in patching their systems and updating their antivirus and other security software all the time, and not just when there is a virus outbreak."

I think they should get their facts straight. If the so called "experts" bothered to look here on CNET i believe they mentioned that only 5% or 6% of infected computers are in North America. It seems like North America did an excellent job of protecting themselves from Conficker and probably many other threats.

The bottom line is Conficker was able to be a threat because of an open hole in Microsoft's Operating system.

Users have done a great job, it is Microsoft that let us down and the Anti Virus Company's jumping on it and using it to their advantage to sell more of their paid products to get rid of it.............and in the time of a recession...........tsk tsk.

If their is one thing i have learned from all of this it is to get far away from Microsoft and stick to the very capable Free Anti Virus Programs.

[Vegaman_Dan]

"Users have done a great job, it is Microsoft that let us down"

"If their is one thing i have learned from all of this it is to get far away from Microsoft and stick to the very capable Free Anti Virus Programs. "

Wow... this is ignorance in motion. How is it Microsoft's fault by patching a hole in the OS *before* the exploit existed? A patch that was released and installed on most systems through Automatic Updates back in October, six months ago? They fixed the problem before there was a problem. Good luck in that argument.

The only group here that failed was the media for driving up the hype for a problem that didn't actually exist to the levels they made it out to be.

It was a classic Chicken Little moment for the media.

[Mac OS XP]

Vegaman_Dan makes a good point. But MrCanuck's statements aren't completely without merit. If I could be devil's advocate.

The thing is this: Microsoft made an OS with the vulnerability in the first place, and they have time and time again made updates that would completely mess up computers. One time I had to completely reinstall Windows because of a Windows Automatic Update. Furthermore, Windows Updates alone are not sufficient to protect against viruses. Things like this encourage people to turn it off. So yes, Microsoft did let users down in that sense.

[Dalkorian]

Don't forget WGA folks, it's the primary reason I took control of all updating on my winblows game machine. Yeah, I too have auto updates turned off, or more accurately set to tell me there is something to download before doing ANYTHING (and sometimes it slips stuff past me anyway - how could anyone like this trashware anyway?). It asks my permission (or it's supposed to) when it "smells" more "garbage" from M$. That said, I never refuse a true security update. They may have snuck some WGA trashware past me again for all I know by simply mis-labeling it (like they did before), but the bottom line is I know I'm patched against conficker.

If you remember a few years ago, M$ released a betaware product called Windows Genuine Advantage that really is nothing more than an anti-piracy kill switch with a fancy name (yup, Billy boy's finger is on the trigger, as is good old stable Ballmer's. Either one of them could revoke your winblows license and basically brick that partition once the machine is shut down, which they can also trigger. Isn't slavery fun?) It was released as a security update, in fact labeled as a critical security update to trick their users into installing it without question. Later they updated this kill switch, except there was a problem with the update. It caused many legitimate winblows installs to suddenly refuse to boot because the malware thought the winblows license was bad. Persistent little bugger this was too, there was absolutely positively NO WAY to access any files locked within unless M$ released to you a new license key and unlocked the system. I know, I tried for 3 days; in fact it's the trigger that got me to install Linux on another partition on that machine (Debian at the time - Dan, want some Linux fun? Try setting up Debian Sarge! Worked great once I suffered the setup though, I must say.) Nothing besides a phone call and reading a ridiculously long license key back and forth would get my files back. Nothing.

I don't have this problem on my Ubuntu partition, I leave the auto-updates turned on there and often install them all without even looking at what's getting updated. I have a level of trust with them still, one that I *USED TO* have with M$ as well. A level of trust that M$ violated, leaving me with a brick until I phoned them and begged forgiveness for installing their crapware to begin with. (If you can't tell, WGA ticked me off to no end; that was a couple of years ago at least and I'm still not over it, nor do I ever plan to be. Fista is not welcome on any equipment I own, neither in it's current form or in it's relabeled "w7' or "fista sp 3" version, period.)

Rape me once, shame on you. Rape me twice, shame on me.

[kojacked]

@Whaakorian:

"Winblows"? "Fista"? "M$" Sounds like the words of 13 year old going on a rant. Get over yourself. If you looks at the numbers (and a little thing I like to call "facts") you'd find it more rational to leave automatic updates on for most people. If people listened to you Conficker would have been more of a success.

[Mac OS XP]

Kojacked, What's wrong with Dalkorian being upset by being screwed over by Microsoft? It's not his fault, it's Microsoft's. Like I said, I've had problems just like that. It's people who leave automatic updates ON that make Conficker spread: If people would actually be discriminating (like Dalkorian and I now are) about what updates to install, people wouldn't always have to say "updates messed up my computer!", which then causes people to turn it off. When people inform about what to be careful about, then they can be properly protected. You may be fine now, but sooner or later you're going to have a big $1000 paperweight if you keep up your blind faith in Microsoft.

And yes, Linux updates are fine. Never had a problem with them, Linux developers don't try to make poorly tested updates. Same story with Apple.

Dalkorian: FYI, it was easy as pie for me to make a partitioned openSUSE install. DVD in>Click to have it partition>Install>finished.

[ITcomposer]

A little bit about this worm...

1. Unless you're behind a corporate firewall and have a way to isolate your machines that aren't patched, you have no excuse, you should have patched.

2. The patch was issued last october, and the tools to rid yourself of the virus were issued 2 weeks ago,, use them.

3.For those who said they'd stay away from MS products, i hate to tell you this, but even Apple has viruses out in the wild that affect Apple computers (disclaimer: i own quite the few pieces of apple accessories)

4. The media is well, the media, everytime they open their collective mouth, well they spread FUD, you knew this date was coming, you should have patched or in the very least had Windows updates turned on.

5. I highly recommend INTERNET EXPLORER 8 for the less tech savvy folks, the NX Bit that is now enabled by default will save you a headache like this from possibly happening in the future as it stops malicious code from coming in, i know i know (WINDOWS VISTA ONLY!) .... Let the flaming begin.

[Dalkorian]

Alright, I'll leave the flame bait alone for now (how DARE you recommend internet exploder! What's wrong with you anyway, they're already in a house with cheese cloth for a front door and you're telling them to rip it down and sleep on the lawn?) and just comment on 3 instead.

It took a second to notice how carefully you crafted that comment, in fact I wonder if that was intentional or accidental. The last *virus* known to affect Apple computers was nearly 10 years ago and affected OS 9. Yes, they were released to the wild, like winblows viruses are. Yes, there currently are *trojans* in the wild that affect OS X. Yes, I believe if someone tried hard enough they could write a virus for OS X.

But there is currently no such thing as a virus that infects OS X and there hasn't been in close to 10 years. Rail against that all you want, but it's a fact. "Market share" doesn't wash (explain viruses for OS 9, undoubtedly less popular than OS X is today). Is there another argument that could explain this, besides a better security model (not perfect; nothing is "perfect")?

[Mac OS XP]

Who's responsible for the blunder of having a MacBook Pro behind the Danger signs?

iTcomposer: There is a small amount of malware and a couple trojans for Mac OS X, but thankfully no true viruses that can spread and install themselves. And why is IE 8 better than FF 3? My DAD can use Firefox!

[Dalkorian]

Wow, I didn't even notice it was a MacBook Pro in that pic. Nice eye!

Maybe it's just keeping you on your toes, you *could* have been masochistic enough to install fista through Boot Camp on that MBP and just like that - there goes all that security!

;-)

[jcomputm]

Its possible that this menace to the internet become destructive with just a click of the programmer's mouse. I mean, there is just too big of a risk to explore anywhere you want. If you go to any of your favorite websites that a lot of people visit everyday and that virus gets into your computer, X-(. Your computer is now as dead as your personal info. So better watch out

[lizardlips]

Despite what everyone 'FEELS', and what MS says!
Conficker hit and did effect alot of things. After one full week of cleaning updating and using every tool out there, I still cannot get Windows Defender to work. It is fried. Came with Vista of course, and I cannot remove it~system will not let you, MS says "go to our Newsgroups and talk with others there for resolution.
Microsoft doesn't even know how to fix their own products. They cannot tell me how to disable this one so I can download a uninfected Windows Defender.
I have never hated Vista as much as I do now.
They keep pushing IE8 and it just crashes the system and is useless and bulky when you do get it going. pulled it off, went back to 7.
I have never had a straight answer for anything from MS.
Everyone passes the buck, just like the government, its someone else's job to resolve or fix anything.
THERE ARE NO ANSWERS.
Your stuck if you cannot buy a new system (not MS!)
Having the best security on it didn't help either, had to trash it, and purchase new one. Of course it wasn't their fault either so I am just out, the extra months already paid for the old product. Yee haw MCAFEE.
Will go back to Symantic next time..
Why did we need computer's in the first place?? Now we can't live without them?