Windows worms knocking out computers

Network worms that shut down computers running Microsoft's Windows 2000 operating system on Tuesday may be linked to competition between rival hackers, security experts said.

Computers across the United States have been hit, including those at cable news station CNN, television network ABC and The New York Times. Tokyo-based antivirus company Trend Micro blames the havoc on various worms, including the Zotob worm that hit the Internet over the weekend and new variants of the Rbot worm.

Some security researchers claim the outbreak is tied to a "war" between rival virus writers. "We seem to have a botwar on our hands," Mikko Hypponen, chief research officer at Finnish software security firm F-Secure said in a statement issued on Wednesday.

"There appear to be three different virus-writing gangs turning out new worms at an alarming rate, as if they were competing to build the biggest network of infected machines," he said.

All of the worms exploit a security hole in the plug-and-play feature in the Windows 2000 operating system. Microsoft offered a fix for the bug as part of its monthly patching cycle last week. The software maker deemed the issue "critical," its most serious rating.

CNET security center
Zotob prevention and cure

New worms attack vulnerable Windows 2000 and Windows XP SP1 machines.

"It seems like every couple of minutes a new variant comes in. We cannot pinpoint the infections to one variant," Joe Hartmann, director of the antivirus research group at Trend Micro, said on Tuesday. "We are still gathering infection reports. It is coming globally."

Symptoms of infection include the repeated shutdown and rebooting of a computer, Trend Micro said.

Microsoft is investigating the reports of the worm outbreak, the company said in a statement. It lists "Worm_Rbot.CEQ," an Rbot variant, as the possible cause of the trouble.

The company also sought to downplay the threat and said Windows 2000-based PCs running the latest patch are protected. "Zotob has thus far had a low rate of infection. Zotob only targets Windows 2000. Customers running other versions such as Windows XP, or customers who have applied the MS05-039 update to Windows 2000 are not impacted by this attack," the company said in a statement issued Tuesday.

Inside job
The multiple worms are hitting individual organizations rather than computer users at large, said Johannes Ullrich, chief research officer at the SANS Institute, an Internet security training and research outfit.

"These worms are not having an impact on the Internet," Ullrich said on Tuesday. "They do have a substantial effect on organizations running Windows 2000 without last week's Microsoft patch installed."

The pain is being felt "on the inside," agreed David Cole, the director of product management at Symantec Security Response. The worms might slither onto the networks of companies with Windows 2000 systems from an infected laptop that has been used outside the corporate firewall, for example, he said.

"It gets inside an organization and then it bounces around and wreaks havoc," Cole said.

The New York Times has been hit by the virus, but the assault has not impacted the delivery of the news, said a spokeswoman for the publication.

"The Web site was not affected and newspaper production will not be affected," the representative said. The internal systems of the paper are "operational," the representative added, but she did not state what degree of impact the worm had had on its internal operations.

Walt Disney's ABC News and Time Warner's CNN confirmed in postings to their Web sites that their computers had been hit.

Which worm done it?
Experts have different opinions on the cause of the latest infections. The SANS Internet Storm Center, which tracks network threats, attributes Tuesday's trouble to Zotob, which keeps mutating and finding new victims. "As seen with prior TCP worms, it is reaching its peak around three days after the outbreak," SANS said on its Web site.

The security issue exploited by the worm also affects the newer Windows XP and Windows Server 2003, but only PCs running Windows 2000 are susceptible to a remote attack, Microsoft has said.

There are desktop and server versions of Windows 2000, which was released in 2000 for business users rather than consumers. More

[technewsjunkie]

Full LIVE coverage on CNN!

The funny thing is, they had just switched out thier Apple Displays
and computers to Dells within the last couple of days! What timing.

[zgamesforu]

CNN only complaining

CNN was the only ones complaining for like 4 hours. All other networks, incruding Reuters hav been silent. Strange isn't it?

[tbeckner]

But the new Dell machines are not infected

But the new Dell machines are not infected. This worm attack is only against older Windows 2000 boxes, which no longer have support from Microsoft, but had a patch released that somebody forgot to install.

[tbeckner]

CNN should be Embarrassed

I just watched a delayed broadcast that my TiVo recorded of the Live CNN report about the WORLDWIDE WORM INFECTION. CNN should be Embarrassed. Their IT people could have patched them last week. The funny thing and maybe not so funny is that they reported it as something big and the infection will only infect unpatched/unprotected Windows 2000 machines.

Again, CNN should be Embarrassed!

[cjohn17]

O' Glorious Day! The Revolution is Televised!

Oh how I luv it! Now MS virus attacks are now front and center,
not some nebulous debate in a nerdy forum.

If only FOX News had broadcast the issue live. With their larger
and much smarter audience (I mean that seriously, CNN is a
joke) Microsoft would never sell another copy of their crummy,
broken down OS.

O' Glorious Day!

[SteveBarry687]

Fox News

Larger okay (haven't looked at audience numbers lately), but smarter. Ha hah ah aha hahaha ahha aha hah aha ha ahha ah.

I guess you would see them as smarter if your a right winger. CNN is right wing too.

[d2r4]

Congrats. to the moronic masses!

I'd like to take this time to laugh at all those infected by the "W32.Zotob.D" virus... thats what you get for being morons, maybe you should update your software once in awhile.

Stop drooling and scratching your head, open up your eyes and learn about that which controls much of your life. Hopefully your raining ignorance does not destroy anything important in the mean time.

[cjohn17]

Hey Tron, Lighten Up

I luv these "PC experts" who rain down dripping sarcasim on the
"ignorant masses" because the lowly cattle are not smart to
manage their computer systems.

You know, many of these poor folks that you have such distain
for have jobs, families, you know, real lives. They don't have the
time to invest in PCs like lonely geeks do. Balding saps sitting
under a dim 40 watt bulb in your tattered underwear, playing
Doom all day long, and going through bags of Cheetos.

Did it ever occur to you that perhaps we should be feeling sorry
for you? Investing all your time and energy in a failed operating
system? Think different, Tron. Go outside and play. You're
looking awfully pale and the human race needs you.

[cjohn17]

Get a Life, Tron

That goes double for IT support too.

[libertyaikido]

Nice.

Apparently you have no idea what it takes to roll out updates to a corporate network when there are legal and technological considerations that must be addressed.

Only an idiot would activate Automatic Updates, on a Windows machine, on a corporate network (unless the updates are being pulled from a company controlled, local Windows Update server [after an intense, possibly long, period of testing]).

Thanks for playing. Try again.

[educateme]

Even with a warning Sign on it, some would still buy Windows

This is another one of the weekly, monthly, yearly, daily, hourly,
by the minute, reports about Windows with its high-tech
(insecure) bundling of Internet Explorer into the OS, and how it
has made eveyone pay for Microsofts greed. If they cant beat a
company like Netscape with good technology methods, then lets
screw our customers, since they dont know better anyway, and
mash the browser into the OS and let 'em fight for themselves. If
you keep buying into the next marketing ploy, or promise, of a
secure Microsoft system, you will keep fixing your PC jalopy,
while Bill Gates laughs all the way to the bank.

What can you do, you might ask? Perhaps buy a Mac, or build a
Linux PC, after all what is your time worth in life, if you can
avoid these constant (never ending) hassles with a troubled
Microsoft design that will keep milking you for life. With no end
in sight, get used to it, or get out of Windows. Now you know.

[tbeckner]

Funny thing, if everyone ran UNIX/Linux

Funny thing, if everyone ran UNIX/Linux, then the vitus writers would be attacking those machines. And if you don't think that UNIX/Linux has no security problems, then I guess your UNIX/Linux machine isn't patched. Even the noble MAC has security problems. It's just that it is too small of a market for the virus writers to attack.

[cjohn17]

There's an Idea!

I like the idea of a warning sign on the packaging! "May cause total
loss of data."

you need to read the article again

How is the security hole related to "mashing in IE with the OS"???

All of the worms exploit a security hole in the plug-and-play feature in the Windows 2000 operating system.

[wazzledoozle]

Just update morons

Of course they are going to be serious viru's when you have over %90 of the desktop market, everyone is targeting you with everything they have.

Microsoft needs to release a patch that turns on automatic updates permanently if it sees the computer hasnt been updated in over a month.

Microsoft needs to release a patch

This is exactly what MS needs to do for network enabled machines. If a machines patch level falls too far behind, disable it's ability to communicate on a network until the user commits too do the updates and then only allow a connection to Microsofts update service until it has been fully patched.

[cjohn17]

Better Idea

How about this... I think this would work even better. STOP
WRITING CRUMMY, SLOPPY, CODE.

That would solve everything.

[Andrew J Glina]

Ahghghghghghghghgh

I can feel it entering my computer, one transistor at a time.... With my last strength, I enter in A-P-P-L-E into the IE address bar and hit CTRL-ENTER. Must-Buy-Mac-Before-Too-Late......

Ooops. Just remembered. I have a firewall. Back to work.

[tbeckner]

CNN should be Embarrassed!

I just watched a delayed broadcast that my TiVo recorded of the Live CNN report about the WORLDWIDE WORM INFECTION. CNN should be Embarrassed. Their IT people could have patched them last week. The funny thing and maybe not so funny is that they reported it as something big and the infection will only infect unpatched/unprotected Windows 2000 machines.

Again, CNN should be Embarrassed!

[technewsjunkie]

Nice Try. A significant # of Businesses still using W2K

You are in Windows denial. Simply read the article again.
" ...but Windows 2000 remains popular. The operating system
ran on ***48 percent*** of business PCs during the first quarter
of 2005, according to a recent study by AssetMetrix."

Also it was CNN, New York Times, and ABC network that are
mentioned in the articel alone. How many more do you think
there are? Hint: There are still millions of W2k machines out
there, and these are typically not upated vigorously.

CNN was reporting LIVE giving quotes from Microsoft
representatives who claimed it was "low level". Do you think
these companies and others think it was "low level"?? MS means
its "low market share" so they can tell them to screw. Air time
costs hundreds of thousands, if not millions per minute of
broadcast time.

[cjohn17]

I Feel Bad for the Children and Eldery

Just re-read the article again. How Gates and Balmer get any sleep
every night is beyond me. These "critical" situations are affecting
people's lives in dramatic ways... oh, wait...

Fortuantely, it mostly IT wonks and MS apologists that are staying
up late securing these OS dinosaurs. Serves 'em right.

[catchall]

Totally incorrect

I run a Window's network, I patched last week. I am now sitting comfortably at home, glass of wine in hand, wondering why others did not.

[ledzep75]

I feel bad for C.J....

because Carl from GTA SA runs on Windows and he doesn't even know it!

[202578300049013666264380294439]

Yet another reason to Use Linux.

Thanks Microsoft, You just showed the entire World, Yet another reason to Use Linux.

[Bob Brinkman]

Maybe things have changed

It always amazes me that people that bash Microsoft and praise Linux have the time to read through Hardware compatibility lists to make sure they are going to be able to use their hardware, but turning on automatic updates or using a virus scanner is a hardship beyond bear.

Is there better hardware support then there was in these OSs then there used to be yet? Then they might be worth considering, but probably not since I still couldnt get half the apps I use to run on them.

[oo7curtis]

Golly I love my Macs

It's time like these that, well, no it's all the time. Yukkk on that
nasty windoze thang.

[Earl Benser]

Maybe....

.... this is an MS idea to get people to upgrade to XP or ellse??????

Who knows????? ;-)

[Christopher Hall]

Bingo

That's exactly what I was thinking when the story came out. Somehow, I doubt Microsoft would be above it. They do have some very talented programmers up their sleeves, after all.

Have you ever read the book "Jennifer Government" by Max Berry? The book (it's fiction) touches on the extent of corporate espionage and it's quite cleverly written. Although, in the book, Nike kills a few people to increase the value of some shoes. While not DIRECTLY correlated (yet!), it has a similar feel to it.

Snicker, Giggle

It amuses me that big media, the liberal bastions of "we're smarter
than you are", are being hit by this worm hard.

I guess I should serve them some humble pie. Perhaps their IT
groups could bring cutlery and juice.

MicroLinux

If only Microsoft would but a 1/10th of the money and energy they put toward Windows toward improving the user interface for Linux, their problems would be solved. A commercial version of Linux can work, and there will always be the free versions for us geeks.

As to the myth that the virus and worm writers target Windows because everyone uses it....thats BS! Viruses and worms are all about reputation in that world...no one gets paid to write a worm. The first person to write a sucessful Linux, Unix, or Mac virus would be famous. It has nothing to do with market share. If there was only one Ferrari in NYC, do you think it wouldn't get stolen because of market share? Viruses and worms don't exist for Linux, Unix, and Macs because they are all based on operating systems that were designed from the beginning not to allow them.

[Dandy55]

Virus-free OS? How naive...

Peter wrote:

"As to the myth that the virus and worm writers target Windows because everyone uses it....thats BS!"
"The first person to write a sucessful Linux, Unix, or Mac virus would be famous"...
"Viruses and worms don't exist for Linux, Unix, and Macs because they are all based on operating systems that were designed from the beginning not to allow them"...

Pardon me, but, using Peter's words, "thats BS!" - I mean, the myth that Linux, Unix, or Mac are inherently virus-free, and Windows is the sole vulnerable OS.

Here is just a couple of links for you - go and get some protection:

Virus protection for MAC OS:
<a class="jive-link-external" href="http://www.symantec.com/nav/nav_mac/" target="_newWindow">http://www.symantec.com/nav/nav_mac/</a>

... and for Linux:
<a class="jive-link-external" href="http://www.centralcommand.com/linux_server.html" target="_newWindow">http://www.centralcommand.com/linux_server.html</a>

[202578300049013666264380294439]

Ignorance is not bliss

The very first internet worm *ever* was written for Unix. Evidently Richard Morris isn't as famous as you think either since you evidently don't know about his worm and thus him.

[M C]

CNet a day late...maybe THEIR computers were infected?

Just wondering...

[ajbright]

BS

All this worm does is set up Win2K machines as spam bots, it doesn't shut down computers, it doesn't do anything except flood your net connection with outgoing spam.

Deleting one file in safe mode fixes the problem.

The so-called patch does nothing to stop this worm, the only protection is to
1/turn off port 445 to stop it spreading to other computers,
2/delete the mousemb.exe file from system32
3/remove the two reg edits it makes (although these appear to be harmless, in fact they might even make your computer more secure)
4/Anti-virus software - it's the only thing that can prevent re-infection, as I said, the M$ patch does nothing. Patched machines are just as likely to be infected as those not patched.

What happened here is that some "expert" advised a CNN "reporter" to watch for suspicious activity, such as your PC rebooting - probably because this "expert" remembers a worm from about two years ago that did this.

This turned into the "worm reboots computers" - which spread like wildfire across cable news channels (pretty much the same thing as your average tabloid paper, but on TV - think Fox News, MSNBC, CNN - all do nothing except commentate on life, making up hysterical BS to make it appear more interesting).

[Bob Brinkman]

how are you so sure on the symptoms?

I just ask because my girlfriend shot me a page yesterday when this crap started saying everyone's work computer started rebooting randomly including hers, shortly after it was announced to the employees as being virus related. I'm in an XP enviroment so I haven't haven't seen any of the havock first hand. I just rely on what I read. If it matters she works for a large Gas utility company who's name I won't mention.

[Bill Dautrive]

Name one..

virus for and any *nix variant that has caused problems and spread itself.

just one, should be easy right?

otherwise don't spread your ignorance

[Andrew J Glina]

Like there is a point

I played your game last time when you wanted the panel to...

"Name one 'innovation' in longhorn that doesn't already exist elsewhere"

<a class="jive-link-external" href="http://news.com.com/5208-1016-0.html?forumID=1&#38;threadID=8183&#38;messageID=57023&#38;start=83" target="_newWindow">http://news.com.com/5208-1016-0.html?forumID=1&#38;threadID=8183&#38;messageID=57023&#38;start=83</a>

...and I gave two, yet you are still spouting the same anti-Microsoft garbage. You are not here to learn, you are here to lecture.

The fact is I have Win2K and broadband and I have not got this virus. Seems as overrated to me as UNIX virus, which do exist and you know it.

[aabcdefghij987654321]

The Morris Worm

<a class="jive-link-external" href="http://en.wikipedia.org/wiki/Morris_worm" target="_newWindow">http://en.wikipedia.org/wiki/Morris_worm</a>

The VERY FIRST worm. It was Unix based and spead from Unix system to Unix system causing a great deal of damage to the internet. In fact by percentages of internet systems infected, it was the most effective worm ever.

Don't make challenges based on your own ignorance.

[Llib Setag]

Give a cyber terrorist a window of opportunity...Use Microsith!

Have you ever noticed that when CNN shows the troops
capturing &#38; dragging suspected terrorists from the caves, they
frequently find their MS Windows PC laptops &#38; search for
terrorist activity on the hard drives? Coinsidence? Hugh amounts
of money &#38; they use MS PC Windows laptops?

US DOJ had their chance &#38; they agreed that Microsith is an illegal
monopoly, but refused to break the monopoly apart or control
their illegal activities worldwide. MS Monopoly money goes very
deep into the pockets of the U.S. Government in Washington
D.C.

U.S. Gov't has suggested that MS should be considered for a
national ID card for all citizens &#38; immigrants of the USA, as part
of their homeland security defense. Citizen Gates with the Dept.
of Homeland Security would "manage" all important data of all
citizens.

U.S. Gov't has recently suggested that MS Internet Explorer be
the ONLY Internet Browser of the Government. MS-OS control
battleships &#38; aircraft carrier computers.

But noooooooooo, the terriorist wouldn't think of taking
advantage of the structural weaknesses of the US-MS software
that is on the governments computers, the US military
computers, the US airports computers, the banking +
investment computers &#38; the majority of the US citizens
computers. Why would they want to do that...?

WAKE UP PEOPLE!
These worldwide cyber attacks are not just some smart punk
kids having a laugh. These attacks are effecting millions of
businesses &#38; costing them BILLIONS of dollars. These "phishing"
scams through IE Outlook are ripping off money from innocent
people &#38; growing identity theft is a major problem.

Don't make it easy for criminals / terrorists by using faulty
software full of security holes that Citizen Gates can't plug fast
enough.

[Christopher Hall]

This conspiracy theory brought to you by the letter "Q"

Really, thanks for coming out of the basement long enough to post that.

Really. Thanks.

[ajbright]

Win2K patch doesn't work, XP and Server2003 patches do.

The Win2K patch might work for one of the worms out there, but it doesn't stop the w32.esbot.a or any of it's variants.

Every Win2K PC we have has been infected, it wasn't until after we removed a certain file that even the anti-virus software would delete or quarantine any of the subsequent attacks.

Our WinXP and Server 2003 boxes have been completely unaffected by any of the worms - mostly because we have patch management software that can patch hundreds of networked computers instantly - without any kind of manual installation.

If we'd had to rely on automatic updates we'd have been screwed - because in a business environment you don't give normal users admin rights, therefore automatic updates won't work until an administrator logs on.

I don't know how any medium or large sized business can cope with keeping on top of patches without software that can remotely patch at least a 100 workstations at a time.

We don't even have to do a manual install of the patch management software (which the crap patch management packages force you to do on every workstation). All we have to do is scan for a new PC on any domain then apply the patches and remotely reboot it.

UpdateExpert has prevented every worm except w32.esbot from causing us any problems, and that only failed because there isn't a patch out there that prevents it from installing on Win2K PCs.

[W2Kuser]

Microsoft WGA = terrorist threat

The real story here is that Microsoft's new WGA policy of BLOCKING critical security updates of computers that are not verified as "genuine windows".

By intentionally blocking these critical security updates, Microsoft is now openly supporting not only annoying hackers, but also the more serious cyber-terrorism threats.

Forget Iran or Korea, Microsoft now poses a more serious, immediate threat to this country's security...

From the MSFT website

Q:Do security updates require validation?
A: Security updates are not part of WGA. Security updates can be installed using the Windows XP Automatic Updates feature, or downloaded from the Download Center.

<a class="jive-link-external" href="http://www.microsoft.com/genuine/downloads/FAQ.aspx?displaylang=en" target="_newWindow">http://www.microsoft.com/genuine/downloads/FAQ.aspx?displaylang=en</a>

Do your homework before you make ASSumptions and flame

MSFT has said all along the using the WGA is NOT a requriement to receive security updates, for the very reason you mention above. They would rather patch pirated versions than have them become infected.

[Mendz]

How sad...

It's no reason to be happy with Windows nor is it any reason to be happy with Linux or Mac. The point is, there are people who intends for this things to happen. I don't think Windows is the focus here. I agree with the article that the focus is statistics. Damage can be done and it so it is being done. Too bad, Windows is the easy target and the result can be great numbers.

[Had_to_be_said]

Does anybody else detect a distinctly-recognizable scent..?

Microsoft seems to be walking a tight-rope between having enough security-problems to convince people to accept the Draconian-measures inherent in "Trusted Computing", ...and trying to avoid a level of anger, and distrust, that would finally convince general-consumers just how unqualified Microsoft is to be allowed to "...lead the industry".

Thats why I find this particular "Win2k security-incident" to be so amazing.

First, it only affected a "retired" OS.

Oh, ...if only Microsoft had been able to force people and companies, to upgrade to new Microsoft-products when Microsoft wanted them to.

And, a "patch" had just been released, but not installed by many.

Oh, ...if only Microsoft could "update", and "reconfigure" consumers-computers, whether they wanted it, or not.

Also, Microsoft had just "publicly released" information of the "security-flaws" existences.

Oh, ...if only Microsoft could keep "Product-Flaws" secret from the "...public".

And finally, because of this highly-publicized incident, ...there are now so many "pundits" who are "spontaneously" calling for, exactly those elements of "Trusted Computing" and "public-policy" that Microsoft most wants to implement (and BTW are slated to be installed in "Vista", ...formerly "Longhorn").

Oh, ...if only, virtually the entire computer-industrys consumer-base would just stop fighting Microsofts clearly self-interested control, and "lock-in" regimes, ...Microsoft could finally roll-out the core of "Trusted Computing" and make computers "safe".


Of course, some ARE pointing out that, basically, Microsoft had created this situation in the first place by creating yet another UNSTABLE, UNSAFE product and selling it to millions of unsuspecting-consumers.

But, I will admit that all of this is probably just another "conspiracy theory". After all, Microsoft HAS NEVER actually been caught employing "...less than ethical tactics". And Microsoft HAS NEVER stooped to "...media", and "...public, manipulation". And, Microsoft has certainly NEVER catalyzed or intentionally-manufactured news-events, favorable to Microsoft alone, solely to confuse "public-opinion", ...to move it towards a Microsoft-goal.

Besides, I REALLY DO believe that Microsoft REALLY IS THIS INCOMPETENT. And I REALLY DO also believe that, Microsoft-products REALLY ARE THAT BADLY-DESIGNED.

So, maybe, ...it really IS just an amazing series of coincidences.

[Tui Pohutukawa]

Well this is the big question,

isn't it: Is it all just MS incompetence at work, or are the security
flaws on purpose.

Makes me wonder: What actually drives the MS apologists? Do
so many people really enjoy being abused, in that they are
forced to carry the entire burden of securing their OS, and
letting MS off the hook? Is it a case of group-sadomasochism?
MS = SM.

What A SHAME

Looks like they can't even figure out most of this is comming out of the USA not other places. Maybe they should concentrate more on the United States rather than trying to blame someone else. These people aren't from different countries - They ARE from here.. Wonder how I know that??? Well MIRC would tell you they are not as broken english as we think :P LMFAO LMFAO MS and the Government need to wake up and realize this stuff is happening from here and they are remotely exploiting european PC's to make it LOOK like it's comming from -- u guessed it.. Doesn't take a moron to realize this.

Ignorance is Bliss?

The ignorance exhibited by the CNN news team while 'breaking' the story made me ill. I cannot express more disrespect and illregard for CNN after this series of 'reporting'.
It started with one of their fools telling us to shut down our PC's and telling us to 'just let this pass'. Then the reporting turned into what one would coincide with a human virus outbreak. In my humble opinion anyone who doesn't upgrade and keep tabs on their infrastructure deserves the downtime. Organizations must realize the need for skilled in house technical specialists. It is most obvious that CNN, even as the conglomerate they are were unprepared. To me this shows a lack of resources or skill in the IT department. I suspect this is going to be a problem for many small business's and organizations as well.
It's ashame CNN didn't advise companies to ensure that there IT departments are doing their jobs!

PEBCAK?

I run update on both servers and workstations, running win2k, win2k3 and winxp pro (My Dads and Sisters machines seem to be fine and they run home).

Just to be sure yesterday I ran a patch audit on each of my machines at home (we already do it here at work) and I came up with completely updated machines. (Custom app based on MS qchain system) Much like our machines here at work do. Now all of my machines here at work get updated via internal systems (Mostly MOM) as we are on a 150K+ machine network, but I have machines in the lab that use auto-update. Both systems seem to work fine.

However I will admit that a certain amount of machines don't get updated when we do pushes for a large number of reasons (They are off, crashed, in use, laptops, etc) but we know which machines they are and easily run the updates on them at a latter date. They run great.

Now that I know you are talking about push system instead of using auto-update (Wise for a large corperate network) I wonder what you are using and if maybe you just have the wrong solution for the job at hand. Regardless, if you can't get your updates to your machines on your own network where you control the PCs, servers, routers and switches and the application you us, I don't think it would matter what OS you where using, it's PEBCAK.