• On TechRepublic: 10 cool USB flash drive tricks
advertisementGet Smart about Business Spending
March 30, 2009 1:54 PM PDT

Conficker flaw reveals which computers are infected

by Elinor Mills
  • Font size
  • Print
  • 104 comments

Even worm creators write buggy software.

Once it infects a computer, the Conficker worm closes the hole in Windows that it used to get onto the system so no other malware can get in. This also makes it difficult for organizations to detect which computers have the legitimate Microsoft patch and which have the fake Conficker patch.

However, Conficker's "patch" has a weakness that can be used to distinguish between patched computers and infected computers that look patched, according to the nonprofit Honeynet Project.

Some of the researchers have released a proof-of-concept scanner that can be used to detect Conficker. The tool is being integrated into the free nMap vulnerability scanner, as well as scanning tools from companies including Qualys, nCircle, and Tenable. The tools are designed for use by network administrators at companies and not consumer users.

"What we've found is pretty cool: Conficker actually changes what Windows looks like on the network, and this change can be detected remotely, anonymously, and very, very quickly. You can literally ask a server if it's infected with Conficker, and it will tell you," Dan Kaminsky, director of penetration testing at IOActive who worked with The Honeynet Project, wrote on his blog. "We figured this out on Friday, and got code put together for Monday. It's been one heck of a weekend."

Qualys' remote-detection Conficker scanner is automatically available to its subscribers and will be available to others soon, said Wolfgang Kandek, Qualys' chief technology officer.

The worm has been around since November, but the most recent variant is programmed to connect to other computers on April 1 and as a result has triggered mass confusion and a media frenzy.

The worm exploits a vulnerability in Windows that Microsoft patched in October, as well as through network shares and removable storage devices like USB drives.

The latest variant shuts down security services, blocks connections to security Web sites, downloads a Trojan, and connects to other infected computers via peer-to-peer technology. It also includes a list of 50,000 different domains to reach out to for updated copies or instructions, but only 500 of those will be contacted on April 1. Earlier versions of the worm attempted to contact 250 domains.

A quick way to tell if your computer is infected is to try to access the Web site of a major antivirus vendor, which the worm blocks.

The U.S. Department of Homeland Security has released a Conficker detection tool for government agencies and state and local governments to use that ws developed by US-CERT.

The OpenDNS security services provider blocks access to the domains listed in the Conficker code. Microsoft has more information on its site, as does Symantec. The Web site of the Conficker Working Group, which is composed of companies allied to combat Conficker, also has information and worm removal tools.

Asked what impact the Conficker worm will have on Wednesday, Kandek said:

"I don't think anything is going to happen. Conficker authors are smart and determined people. They have a huge botnet in their hands, which they will try to get money from. It's better for them to fly under the radar and maintain as many machines from that botnet as possible. The real issue is this is a really good worm and...people are learning to write these things better and better."

Does that mean the next version will fix the flaw in the code?

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.
Topics:

Vulnerabilities & attacks

Tags:

Conficker,

worm,

detection,

flaw,

Kaminsky,

Honeynet Project

Share:
Digg
Del.icio.us
Reddit
advertisement
Click here!
Recent posts from Security
E-tailers snagged in marketing 'scam' blame customers
McAfee warns about '12 Scams of Christmas'
Cisco launches iPhone security app
Town to photograph every car that enters and leaves
New Firefox 3.6 beta aims to cut crashes
Facebook adopts new privacy policy
T-Mobile UK says workers sold customer data
FAQ: Recognizing phishing e-mails
Related
Phishing, worms spike this year, say Microsoft and McAfee
TrendMicro to 'protect the cloud'
Jailbreakers beware: iPhone malware evolves rapidly
Rickrolling iPhone worm is never gonna give you up
Apple plugs holes for domain spoofing, other attacks
Microsoft patches critical hole in Windows kernel
Rick Astley resurrected in iPhone worm
Defense Department to partially lift flash drive ban
Add a Comment (Log in or register) (104 Comments)
  • prev
  • 1
  • next
by The_happy_switcher March 30, 2009 2:44 PM PDT
I'm not infected, guess why. Windows suckers!
Reply to this comment
by Vegaman_Dan March 30, 2009 3:00 PM PDT
I would predict it is because your parents don't let you use a computer without their direct approval and observation. Either that, or you're still are using a Commodore VIC-20 complete with Datasette and 300 baud modem.

BTW, I use Windows, OS X, Liux, and Irix. I'm not infected either. Sorta ruins your whole argument right there.
by guest86 March 30, 2009 3:01 PM PDT
True. Not XP. Vista and older operating system(Windows 95 to ME) are sucks.
by The_happy_switcher March 30, 2009 3:27 PM PDT
You really need some new material, dude. I assumed long ago that most of your emails contain statements of projection and in fact YOU are the one living in your parents basement.
by 1363nd0f1337 March 30, 2009 3:39 PM PDT
Yeah, not infected here. Hell, I can't even remember the last attempted malware install that happened. Oh well, guess since I'm a Windows user I should go download this....damn. I can't. Stupid working AV software. I SAID RUN!!!!
by ZetaZeta_ March 30, 2009 3:49 PM PDT
AppleRocks1963: Are you running a bot that scans CNET articles for the word "Windows" and trolls them constantly?
by TheReaperD March 30, 2009 3:51 PM PDT
Would someone please write a Mac virus and send it to this FanBoy so that we won't have to hear from him again? Please!? I know it's not really a challenge and not really important enough to get noticed but, I think silence of this FanBoy might make it worth it.
by Vegaman_Dan March 30, 2009 4:11 PM PDT
@AppleRocks1963:

You are doing a fantastic job of convincing people to not use Apple. I don't know exactly why you are on this crusade to make Mac fans look like drooling idiots without a single thought in their head unless Steve Jobs puts it there, but.. .well, that's the impression you are giving people with every one of your posts.

If this is intentional- it's very impressive.

If this isn't your intent- oh my...perhaps you didn't know.
by pentest March 30, 2009 4:26 PM PDT
The amusing thing about the MS zealots saying they aren't infected is that it is BS. Conficker hides itself well enough that it won't be found by anti-malware software. Which is why the python based port scanner was written.
by 1363nd0f1337 March 30, 2009 4:39 PM PDT
Actually, the scan isn't for AV software, it's for enterprise level security scanning. Most enterprises don't run, or at least not from what I've seen, consumer AV programs on all of their workstations. And yes, it has been detected by AV software. There is a write up for it in Symantec's virus definitions. And the most recent Windows Malicious Software Removal Tool, downloadable from their website, scans for the W32.Conficker virus.

The following are the ones who are at risk for the virus:

Who is at risk?
Users whose computers are not configured to receive patches and updates from Microsoft and who are not running an up to date antivirus product are most at risk. Users who do not have a genuine version of Windows from Microsoft are most at risk since pirated system usually cannot get Microsoft updates and patches.
by DrStrangelove23 March 30, 2009 4:54 PM PDT
Hey A-Rocks, must be nice to have the $$$ to purchase an OS with a brand name label. I bet you have the apple window sticker on your Prius as well?
See more comment replies
by casperthedog March 30, 2009 2:59 PM PDT
Damn! Where can I get the patch to update my version of Conficker!
Reply to this comment
by BGXterra March 30, 2009 3:16 PM PDT
what? you didn't enable Conficker automatic updates?
by ZetaZeta_ March 30, 2009 3:50 PM PDT
When will a free and open source alternative to Conficker appear for linux platforms? I'm dying to try it out!
by 1363nd0f1337 March 30, 2009 4:13 PM PDT
Well, I've heard rumors that Linficker is in development as an open source virus platform for our brethren running their various flavors of Linux.
by kevsmail March 30, 2009 3:01 PM PDT
If only there were enough Apple computers in the wild for virus writers to give a damn about them... not that I'm wishing that would happen, mind you...
Reply to this comment
by Perry_Clease March 30, 2009 3:11 PM PDT
They give a damn, but they can't damn us as easily.
by The_happy_switcher March 30, 2009 3:26 PM PDT
Keep on using that tired old 'security through obscurity' myth to explain the lack of any noteworthy virii for the Mac, dude.
by Fire Balls March 30, 2009 3:30 PM PDT
So.. yeah man just write a hardware based virus.. they don't have the diversity that PC has in hardware. And they use standard BIOS Just write one that rewrites the BIOS and supports their small amount of hardware they have and it's GAME OVER
by The_happy_switcher March 30, 2009 3:32 PM PDT
@Fire Balls: Right, it's so easy. So go for it. Then they will erect monuments to your greatness and Windows fanboys will toss off in their bedrooms to your likeness.
by 1363nd0f1337 March 30, 2009 3:41 PM PDT
They already have trojans designed to go in and screw with the DNS settings on Macs that will route the network traffic through malicious servers where the coder/hacker/****** or whatever you prefer to call them, can siphon off data.

http://www.macfixit.com/article.php?story=20090326104010541
by Vegaman_Dan March 30, 2009 4:16 PM PDT
AppleRocks1963:

"Keep on using that tired old 'security through obscurity' myth to explain the lack of any noteworthy virii for the Mac, dude. "

No problem. Simply have Apple get 75-90% of the marketshare. Once you do that, then you can talk.

You seem *very* interested in this Conficker exploit, AppleRocks1963. A little bit *too* interested in it in my opinion. Makes me wonder if the feds shouldn't be looking towards you for a sour-

BWAAHAHAHAAHAHA! I just can't do it, folks. I almost wanted to give this fellow enough credit of intelligence to actually write such an exploit, but it's simply beyond his capabilities. Nah, he's just a troll.
by pentest March 30, 2009 4:28 PM PDT
That is such an ignorant comment, I am shocked people still use it.

Explain why OS9 had at least hundreds of viruses. Explain why the MS servers, which do not have the highest market share have the most exploits among servers.

Market share and security have nothing to do with each other. A secure program is secure with 1 users or 1 billion users.
by CrashPad63 March 31, 2009 7:58 AM PDT
Pentest that comment is again confirmed by the two guys who hacked Macs in the recent pwn2own contest. Look it up, and stop this ignorant blathering, you really look like a fool.
by Dalkorian March 31, 2009 3:08 PM PDT
The Mac's weren't hacked CrashPad63, the Safari browser was (as were most other browsers). To look intelligent, you first have to get the facts right, warping them to fit your desired delusion doesn't make you look smarter. You winblows apologists need to reread Pentest's last two sentences (you *DO* know what "sentences" are, right??) repeatedly until you begin to understand what he's saying.
by Seaspray0 March 31, 2009 3:22 PM PDT
Pentest and applerocks. Explain this...

http://news.cnet.com/8301-1009_3-10154662-83.html
The Macintosh and base Linux kernel operating systems have dominated the top spots for vulnerabilities by operating system over the past three years


http://news.cnet.com/8301-1009_3-10199652-83.html?tag=mncol;posts
Safari hole exploited in seconds at security conference
See more comment replies
by Perry_Clease March 30, 2009 3:42 PM PDT
Listen guys it is no secret that I am a Mac user and only an occasional Window user, but I don't want to see anyone get a virus, hacked, or whatever you want to call it. The real enemy isn't the wanker using this or that OS, but the rat bastards behind the conficker.
Reply to this comment
by TheReaperD March 30, 2009 3:54 PM PDT
I agree completely. Thank you for having a clear head and pointing that out.

It's just that FanBoys get under my skin I have the urge to squash them like a bug. I'm pretty sure that I am not alone in the sentiment.
by 1363nd0f1337 March 30, 2009 3:59 PM PDT
Yeah, you're not alone. And the only thing worse than a fanboy is a fanboy who's facts are wrong from an objective view.
by Vegaman_Dan March 30, 2009 4:18 PM PDT
Sad thing is that there very may be an Apple virus going around that nobody knows about because the creators on't want to have it detected and removed. Those systems owned by fanboys won't be running any sort of AV prodcut in the first place thinking themseves invulnerable and are in fact the prime targets.

Some people would call it 'Security through Obscurity." I would prefer to call it "Security through Ignorance."
by The_happy_switcher March 30, 2009 4:28 PM PDT
@Vega: Yeah, and while we're at why don't we start believing in goblins, too, because we can't disprove the existence of them, either.
by pentest March 30, 2009 4:30 PM PDT
The real enemy are the wankers that blindly use RPC and other such tools that widen their security profile. Those wankers work for MS.
by Vegaman_Dan March 30, 2009 9:09 PM PDT
AppleRocks1963 wrote:

"Yeah, and while we're at why don't we start believing in goblins, too, because we can't disprove the existence of them, either. "

Well, you're expecting people to believe in you... so....
by Dalkorian March 31, 2009 3:15 PM PDT
by Vegaman_Dan March 30, 2009 4:18 PM PDT
Sad thing is that there very may be an Apple virus going around that nobody knows about because the creators on't want to have it detected and removed.

--------------------------------------------------------------------------------

Reality check Dan - if nobody knows about it, what good will any AV software do? The virus/malware must first be known by somebody (the AV vendor specifically) for the AV software to be updated to handle it. Or do you think those daily updates your AV software makes are because it's lonely?

Predictably, your next "argument" will be something along the lines of "oh, but the AV vendor *will* know". Then why not tell the world, since it would shut up so many annoying Mac heads?

Please, just stop. Your argument will go nowhere because it's not based on any sense of reality.
by Seaspray0 March 31, 2009 3:28 PM PDT
I agree with you Perry Clease. With the internet being an international object, we really do need an international organization to police it. Well, in this case send hit squads to the virus writers.
by Renegade Knight April 2, 2009 11:21 AM PDT
True enough.
by The_dude_in_the_back March 30, 2009 4:48 PM PDT
OK, I own a MacBook pro. And I am telling you dude, that if you don't have virus protection on your mac, you should get some. It is obvious that you don't know anything about computers applerocks1963. If you did, you wouldn't say such ignorant things.
Reply to this comment
by 1363nd0f1337 March 30, 2009 4:51 PM PDT
Finally, some logic. No matter what OS you run, not using some form of security software is just asking for trouble.
by Vegaman_Dan March 30, 2009 9:13 PM PDT
There's plenty of scum out there counting on the arrogance of users like AppleRocks to make sure there are machines out there that they know can be exploited without their owner's knowledge because those same owners already 'know' that it's impossible to exploit their machines so they will never even look.
by Seaspray0 March 31, 2009 4:03 PM PDT
I agree, dude. Folks, the Titanic was unsinkable... until it sank. Be prepared, people. Use antivirus software to be safe.
by ralfthedog April 2, 2009 12:01 PM PDT
Some day a virus will exist for the Mac. Unfortunately, AV software will not do any good. As was stated above, AV software can't protect against threats that have yet to be seen. You can protect against new viruses if they are derived from old viruses. No AV software can protect against a totally new threat (Mac, Windows, or Linux).

The best advice for Mac or Linux users is to run a hardware firewall and use Open DNS.

Best advice for Windows users is to run a hardware firewall, use open DNS, run the best AV software you can get and pull your hard drive from time to time and scan it from a known good system.
by The_dude_in_the_back March 30, 2009 4:53 PM PDT
Again, I am typing this message on a MacbookPro. There is a common belief that windows is insecure. Well I mean that maybe true, relatively speaking. In that, there is about 87-90 percent market share for windows and thousands upon thousands of people out there writing malware for windows machines.

Apple has a relatively small market share and consequently has almost no one out there writing malware for it. The truth is, the mac machines are typically the first to fall in the pwn2own contest every year. More over, whoever said that most mac users who are infected probably are not aware of it are correct.

Any statements to the contrary are being made by foolish people with no understanding of cyber security.
Reply to this comment
by Lerianis3 March 30, 2009 7:28 PM PDT
Apple is much worse than Windows by far. Didn't you hear what the guy at the "Pwn2Own" event said: Safari was the bottom-line, by far, easiest to exploit, because after something bad got into Safari..... OSX had NO hoops to jump through like Vista has.
In fact, ConFicker CANNOT install itself on Vista PC's..... UAC would pop up a warning saying "Hey, do you want this to install!" and anyone getting that message for no reason would say "Of course not!"
by Vegaman_Dan March 30, 2009 9:15 PM PDT
@lerianis3:

The problem with the UAC is that people got too used to it and would click on 'accept/allow' without reading the message itself. The message may say something like 'Would you like to infect your computer now?' and people would be in too much of a hurry and click yes. Win7 has dialed that back a lot so now if it comes up, it really IS for something important that could affect your system adversely.

ConFicker also can't install itself on any PC that is or has been up to date on its OS updates for the last several months.
by Lerianis3 March 30, 2009 9:48 PM PDT
Vegaman_Dan, there comes a point where you have to say "User stupidity". If the user BLINDLY clicks through UAC prompts..... I think they got what they freaking deserved and were bucking for! It's also telling that the hole this thing uses was patched a long time ago, as you said, and some users STILL didn't have the patch!

The best thing that Microsoft could do: make automatic updates IMPOSSIBLE to turn off. Tell these companies that are using 'proprietary softwares' that seem to break with every single patch they put out..... to stop using those programs! I mean really, there comes a time when you have to say "This proprietary thing that I spent OODLES of money on..... makes it so that I cannot update Windows? DELETE, and call the company to DEMAND a refund!"
To be blunt.... that is just POOR SOFTWARE DESIGN when a small update wreaks havoc on a third-party program. I can understand a SERVICE PACK that changes a lot of things like SP2 and SP3 did doing that.... not small updates.

Also, I would start getting on the cases of people who are still using Windows XP. I told my cousin "Hello, it's time to update to Vista!" She tried giving me the 'whine' that "It will slow down my PC!"..... I got angry with her and fiesty, because I knew better from my own testing. Windows Vista does NOT slow down a computer in the slightest, from my testing, REAL-LIFE...... i.e. none of those rigged "Benchmarking" programs..... it's faster than Windows XP in many situations.
Network speed: faster. Disc access: faster. The only knock I have against it is that it uses a LEETLE more memory at idle with nothing installed but Windows Vista itself than Windows XP.... but considering her machine had 4GB's worth of RAM in it..... it wasn't anything noticeable.
by Perry_Clease March 31, 2009 5:33 AM PDT
"Apple is much worse than Windows by far. Didn't you hear what the guy at the "Pwn2Own" event said: Safari was the bottom-line, by far, easiest to exploit, because after something bad got into Safari..... OSX had NO hoops to jump through like Vista has. "

Did you also hear what computer he uses? It is a Mac. An ex NSA spook using an easy to exploit computer?
by odubtaig March 31, 2009 11:37 AM PDT
Lerianis3, you automatically fail basic psychology by dint of blaming flawed design on the user.

With that attitude, you could get a job at Ximian/Novell.

There is a reason why even systems controlled by experts only have certain (usually audible) alarms for critical events. When even Microsoft are saying "yes, we got it wrong", it's time for the foaming-at-the-mouth fanboys to sit up, shut their mouths and pay attention.
by Dalkorian March 31, 2009 3:27 PM PDT
I'm not even wasting my time reading the apologists comments, I'm sure they simply regurgitate the same old tired baseless arguments. But I had to remark on your two basic claims Dude:

1. OS 9 had many viruses written for it, most of them released in the wild. OS X hasn't had one virus. Try using your "market share" argument to explain that without laughing or telling bold faced lies. I dare you.

2. You're right that the Mac has fallen in the "pwn2own" contest the last 2 years, but that's a little deceptive. Notice the OS has NEVER ONCE fallen, it's always an application running within (Safari this year, which was one of a collection of browsers to fall). I'm not saying that's a perfect record by any means, but compare that to the history winblows has earned. Gee, what article are we commenting on again? Oh yeah, yet ANOTHER winblows virus attack. Some people don't even consider these news anymore.

Winblows is insecure (it's getting better though). That isn't a belief, it's a fact proven by an undeniable track record. All the "UAC" cheerleading in the world can't invalidate facts. Besides, if UAC was all that powerful, why did M$ have to issue a patch against Conficker for fista? HUH?
by 1363nd0f1337 March 31, 2009 4:47 PM PDT
Dalkorian:

The thing about the Mac falling int the pwn2own contest is that it fell *first*. And yes, another attack on Windows machines, why, because they're by far more prevalent. The likelihood of finding one without the security updates applied is far more likely than if they were to write a malicious program to go after a hole in OS X (yes they exist, all operating systems have holes) that had been found. If it had been found and patched the likelihood of finding an OS X based machine run across the right website without the patch applied would be low. Also, home users aren't going to be affected by this if they have the updates installed. That's why companies update their software, people find holes/ways to attack the software and they plug it up. With the prevalence of Windows based machines it's far easier for a coder to use one as a guinea pig and try to break it and the rewards from their attack will be bigger and yield greater results. To use an analogy here, if you're a predatory bird, you don't hang around the food source of your prey that's hard to get to and limited in number, you hang around the biggest, easiest to get to patch of food and wait, eventually one will slip up and expose themselves. That's what the attackers are doing. They hit the biggest, most exposed group (Windows) and just wait for someone to slip up and reveal themselves (get the worm) and then they get what they want.
by pentest April 2, 2009 6:26 PM PDT
Lerianis,

That you don't know what the difference is between a browser and OS is not surprising at all.
by pentest April 2, 2009 6:28 PM PDT
"ConFicker also can't install itself on any PC that is or has been up to date on its OS updates for the last several months."

This wins the ignorance award of the month.

It can and will get on a patched system because it can get on your system and run with other methods. Besides, having an OS use RPC is a literal open door.
by pentest April 2, 2009 6:29 PM PDT
"there comes a point where you have to say "User stupidity". If the user BLINDLY clicks through UAC prompts..... I think they got what they freaking deserved and were bucking for!"

I may have to rescind the award and give it to you.

Windows is insecure by default, its users are technically illiterate.

*** do you think is going to happen when you mix the two?

If you use a computer without understanding them like you and Dan clearly do not, and use Windows, you will get what you deserve.
by inachu1 March 30, 2009 7:12 PM PDT
Mr. and Mrs. sassy pants who say they can't do their job without a usb drive are the guilty party.
Reply to this comment
by Lerianis3 March 30, 2009 9:51 PM PDT
What are you talking about? ConFicker gets on by the INTERNET, not by USB drives. In fact, I've yet to see a virus that SOLELY uses USB drives, even USB flash drives, as it's means of entry into the system. Not one in my memory, dating back 10 years.
by TJ_Moose March 31, 2009 8:26 AM PDT
to: Lerianis3,

There is now a variant of Conficker, Variant "C" which introduces new tactics in response to some of the measures taken to combat Variants A & B. Amongst other things, Conficker C is capable of copying itself to removable media (such as USB flash drives), where it infects new hosts using Windows AutoRun. It is also capable of spreading infection through P2P connections. Conficker C was first spotted March 4, 2009.

As for Mr and Mrs Sassypants, I have no idea who those people are either.

http://en.wikipedia.org/wiki/Conficker#Initial_infection
by Dalkorian March 31, 2009 3:28 PM PDT
I think Lerianis prefers a world of delusions.
by Lumiseon March 31, 2009 5:43 AM PDT
My guess is AppleRocks1963 is a stupid, biased Apple fanboy. Windows doesn't suck, perse, it's just not open source. Not being open source doesn't make something bad, and XP is the most commonly used because it's ONE OF THE BETTER ONES. You can try denying that all you want, AppleFanboy1963, but most companies AROUND THE WORLD use it. I agree that Vista was a fluke, but they fixed it, and now have Windows 7, which is nothing short of awesome. It brings a lot of new stuff to the table, whereas Apple hasn't brought anything new to the table since you were living with you mom. Then again, you still are.

As for the Conficker thing, just unplug your internet on the days that it's supposed to update. It's that simple. No updates means it won't do anything bad.
Reply to this comment
by CrashPad63 March 31, 2009 8:09 AM PDT
Really your patched there is no worries. Why everyone is getting in a dither over this is stupid. The "infected computers" by and large are in Russia and Asia where by chance the largest saturation of pirated Windows machines are located. By chance this is also the area the conficker is originating from.
Applerocks, just shut the hell up. Your ranting has taken away all doubt, you are an idiot.
by artwerks March 31, 2009 7:43 AM PDT
Well, I can say this. I am not preaching the gospel of Apple or Mac OS X but, I have used Macs exclusively for 15 years and I have never had one crash, freeze, or contract any virus. Yes Apple only has a 4 to 5 percent share of the computer market but they are the third largest computer manufacturer. Macs do cost more but they work. Most of the TV shows, movies, and music that we all enjoy were edited or sometimes even created using Mac computers. Don't say that they are not relevant in the computer world. Virginia Tech University bout 1,100 Mac G5 computers just like the one's anyone could buy. They connected them all together in series and created the world's 3rd fastest supercomputer. All for a cost of less than 4 million dollars. Not bad for a home computer.
Reply to this comment
by 3rdalbum March 31, 2009 6:05 PM PDT
Not had one crash or freeze on the Mac OS, and you've been using Macs for 15 years? You're either not telling the truth, or you are only using the Calculator program. The classic Mac OS was very stable if you disabled all the bloatware, but was indeed crashable. Early versions of Mac OS X would kernel panic or SPOD at the drop of a hat, and even Leopard has problems that result in inevitable crashes under certain circumstances.

Assuming the "1,100 Mac G5" cluster existed, I'm sure it crashed all the time; a network outage can often bring down the Mac OS. And there's a known, unpatched problem with OS X Server that causes 100% CPU use after serving a certain amount of data to client computers; I wouldn't like to be the one with the job of rebooting all those machines!
by artwerks April 1, 2009 7:20 PM PDT
Sorry. I'm telling the truth. Maybe those were problems for some people but they never happened on any of our machines. I did keep up good disc management. As for the programs we ran, we used every publishing software imaginable. My wife owns a graphic design business and I'm a musician. I've used audio recording software since its introduction. As for the G% Cluster, go to Virginia Tech's website. You can read all about it there. I know this for a fact. Obviously, you don't. I have also used Windows-based machines on the job. I usually had toreboot them 4 to 5 times daily. I am saying calling one better than the other. All I am sharing is my experiences. By the way, here is the link for the Virginia Tech supercomputer story. http://www.vtnews.vt.edu/story.php?relyear=2004&itemno=517
by Renegade Knight April 2, 2009 11:28 AM PDT
Lucky you. I've crashed them all. I've never met an OS that performed flawlessely. They should hire me to beta test this stuff.

I'll likely do better on OS X when I learn the tricks of the trade for good disc managment as you call it. On Windows I know what needs done. Mac, I'm learning.
by artwerks April 2, 2009 12:15 PM PDT
Renegade Knight,

Everyone seems to talk about Norton Utilities but the one I've found that seems to work better for me is Disk Warrior. Just make sure you defragment often and a couple of times a week, I clear all internet files. I never use the form-fill feature on my Macs either. We use several hard drives. My wife has a different hard drive for each client. Some are larger than others. The ones that we have found work best for us are Lacie. Any of them other than the ones designed by F. A. Porsche. Good luck learning Macs. I started on Macs and once I started working with PCs, I found that Macs were easier. You can also run Macs with the Unix operating system since it is Unix based.
by AppleRules March 31, 2009 1:52 PM PDT
Alright my WIndows bretheren. There are actually people who are familiar with both Windows and Mac operating systems who have some insight into HOW the Conficker trojan (not worm, not virus) actually operates, and WHY it is dangerous. This information come from the Canadian Mac users' group ehMac.ca, so read it and use it at your own discretion. You have nothing to lose, except about 98% of your CPU processing power, should you be one of the unlucky ones?

Q: How exactly is this virus spread? The ol' email scam or file sharing?

Neither, since it isn't a virus, but a trojan. One has to navigate to the appropriate web site that is rigged with it, where it downloads "an important system update", places itself on the drive with the name svchost.exe (which is a program that Windoze uses), then makes a randomly named copy of itself, and installs itself as a DLL. It does this by taking avantage of a flaw in the way Windoze updates itself.

As for the results - there is lots of hype, but mostly, this worm will attempt to navigate to whatever sites you use and punches in passwords from a set list of about a hundred very weak passwords. If you use a weak password, then your e-mail or whatever can be exploited, by which the crackers will then purloin your e-mail in order to send out gobs of spam. If you do not have weak passwords, perhaps the worst thing is that "SVCHOST.EXE" ends up robbing 98% of your CPU in order to keep trying sites, once it has connected to the mothership to access a larger list of passwords.

There is not evidence that it will "wipe out your hard drive" or "make your monitor explode" - it will simply attempt to turn over all of your accounts that have weak passwords - so that they can spam even more people with endless spam about viagra/cialis, or whatever.

Two variants were quashed, but the patch enabled a third variant to become profuse. Fixing the third variant makes the system open to the original two variants; and since the performance reduction of the third variant is so pronounced, it is best to rid oneself of the first two (which are both smaller and harder to detect) than the third, which is a bit unwieldly (I have seen it drag a Core i7 Quad to a crawl yesterday, and I mean a crawl).

The third variant can be discerned by using a Find utility to look for SVCHOST.EXE, and any file with that name that is not in a directory called \SYSTEM32\ is the beast. If it is there, you will need to have the appropriate anti-viral to remove it, since it will have spawned off into a randomly named DLL file.

It can be passed by any media that is "autoloaded", especially if the preexisting and widely spread rootkit "Automatic Infant" is on the system, which makes spreading the beast easy-peasy. If one has all autoloading turned off, and takes care to avoid "Automatic Infant", it comes down to only one vector for infection, and that is to visit a site, click on an icon that downloads the executable trojan, and that the system also automatically runs anything that is downloaded. It can only infect a system through e-mail by the same means, by automatic or inadvertent execution of the trojan.

Unlike Windoze, there are no other OSes that automatically run arbitrary code - so a degree of social engineering would be required to trick the user into running it, or for a user to do anything as Admin and using weak (or no) passowrds at all.
Reply to this comment
by Seaspray0 March 31, 2009 3:53 PM PDT
"there are no other OSes that automatically run arbitrary code..." Wrong. All 3 major operating systems will run arbitrary code. I suggest you read the results of the last pwn2own competition. All the computers were eventually hacked.
by 1363nd0f1337 March 31, 2009 5:23 PM PDT
Charlie: I'll leave Linux out of the equation since I know my grandma couldn't run it. Between Mac and PC, I'd say that Macs are less secure for the reasons we've discussed here (lack of anti-exploitation technologies) but are more safe because there simply isn't much malware out there. For now, I'd still recommend Macs for typical users as the odds of something targeting them are so low that they might go years without seeing any malware, even though if an attacker cared to target them it would be easier for them.w

From Charlie Miller, winner of the pwn2own competition when asked what would he recommend, Windows, Linux or Mac.
by 1363nd0f1337 March 31, 2009 5:26 PM PDT
Another interesting excerpt from Charlie Miller's interview with Tom's Hardware:

Alan: Sure, the risk = threat x vulnerability x consequence concept. Macs have low threats but high vulnerability while Vista is the other way around. I recently switched to a Mac myself and wrote about it for Tom's Hardware (and had a lot of angry readers). Like you mentioned earlier, we want to support vendors with the most secure software, but it?s not easy to always figure out which software is the most secure and sometimes the real-world risk is lower with a vulnerable platform with fewer threats.

So for our readers, what are some tips for running a "secure" PC/Mac/Linux machine?

Charlie: For all OS's, make sure you keep your system up to date. That?s the best thing you can do. On a PC, I'd recommend running some AV software to help clean up when things go bad. Otherwise, just be smart, pay attention, and hope for the best. It is possible to really lock down your computer (running noscript for example) and make it safer, but in my opinion it?s not worth the trouble and the loss of functionality you experience.
by jtaylorhoopla April 1, 2009 2:51 PM PDT
Okay, My Mother(Who is Almost 50 Years Old) And I Use Ubuntu On A Daily Basis, I have to use windows For Photoshop and other programs, but Ubuntu is my default. My mom says that Ubuntu is much easier for her to use than windows. I plan on switching to a mac once I get the money, but I am not made of it.

My Point?
Linux really doesn't have to be that hard.
by Renegade Knight April 2, 2009 11:33 AM PDT
Good post.

After working with Linux and OS X I'm both liking and hating the mandatory password admin protection that should keep random programs from running. Windoze fix, don't play on your computer as an Admin unless you are doing Admin tasks. That's a different way of thinking for most. However after a local shop hacked my password on my Windows machine (to prove a point I think). I've been pondering security a lot more than I used too.
by ralfthedog April 2, 2009 12:28 PM PDT
You are saying that strong passwords are important? My password is izxdog256a. Is that a strong password? I don't want anyone to guess it.
by AppleRules March 31, 2009 2:53 PM PDT
Sure is quiet around here lately. Where did all my PC friends go, I wonder?
Reply to this comment
by 1363nd0f1337 March 31, 2009 4:29 PM PDT
I don't know about anyone else, but I was moving Crysis Warhead to my second HDD. Now I've got to move Crysis Wars to my second HDD.
by eyes_glazing_over March 31, 2009 3:16 PM PDT
yawn
Reply to this comment
by AppleFTW March 31, 2009 4:29 PM PDT
why are you all arguing about Mac?

i am seriously confused

Does this happen on Mac or not?

the scan doesn't apple for microsoft????


and is this real or not?
Reply to this comment
by 3rdalbum March 31, 2009 6:09 PM PDT
If you haven't updated your Windows computer since October last year, you have the security flaw that Conficker uses.

If you haven't updated your Macintosh computer since October last year, you have a security flaw that allows any user of your computer to install a rootkit using just one line of Applescript.

Moral of the story: Macintosh users should not be so smug.
by AppleRules March 31, 2009 10:50 PM PDT
You PC people are clueless. I gave you the goods about exactly what to look for, and not a single comment, not even an acknowledgement, not a thank you. Only Windows machines will be affected by this Conficker trojan (not a worm, not a virus). I use a Mac. I have absolutely no anti-virus software installed and continually running, because I don't need it. Mac OS X works fine as it is to keep out malware. I ran ClamXav earlier today and it cam back clean. That's after several MONTHS of use, and zero infected files. Believe what you want, but this is one of the most important reasons that Macs kick Windows butt. Good luck with Conficker.
by 1363nd0f1337 April 1, 2009 8:56 AM PDT
AppleRules, you aren't getting it. The problem just about doesn't exist in properly patched home computers. And you have no idea how many people scan their Windows machine after "several months of use" and have it come back clean. And probably the only reason yours did so is because you spend so much of your time trolling CNET and aren't out there pirating software and/or downloading dirty movies. If you would kindly give me your email address, I'll email you my security logs off of my desktop and my laptop.
by AppleRules April 1, 2009 9:45 AM PDT
Why is it that only the people who disagree with you are the trolls? Macs work better than Windows machines when it comes to security issues. Simple point. There's a reason that you can buy PC's for a cheaper price; because they ARE cheaper. Nuff said.
by 1363nd0f1337 April 1, 2009 10:02 AM PDT
No, not everyone who disagrees with me is a troll. People who continue to spew BS are trolls. Mac OS X is easier to hack. Again, from Charlie Miller, the guy who won the pwn2own competition:

Why Safari? Why didn?t you go after IE or Safari?

It?s really simple. Safari on the Mac is easier to exploit. The things that Windows do to make it harder (for an exploit to work), Macs don?t do. Hacking into Macs is so much easier. You don?t have to jump through hoops and deal with all the anti-exploit mitigations you?d find in Windows.

It?s more about the operating system than the (target) program. Firefox on Mac is pretty easy too. The underlying OS doesn?t have anti-exploit stuff built into it.
by 1363nd0f1337 April 1, 2009 10:13 AM PDT
I mean, honestly, had you said "I prefer OS X because I like the UI and the layout and its features" I would have had no problem. But you simply refuse to accept the truth. And if you don't believe the word of a security researcher then you and Jobs need to have a crainial-rectalectemy.
by 1363nd0f1337 April 1, 2009 10:13 AM PDT
* cranial-rectalectemy. I misspelled cranial.
by hellomad March 31, 2009 7:47 PM PDT
you cant fix conficker unless you are infected. so? get conficker attack you somehow, then scratch where it itches and read all the post, and some rubbish from MAC OS users be it intel/ppc arch and ask every tom dick and harry and waste prescious time.
aargh.
you cant fix it mike if it aint broken.
solution 2
switch off power for your PC and networking appliance or best residence's power switch? and light the candle and pray to your favourite deity for all the sin you have committed till date and beg borrow or steal deity's mercy. and when you hear all is safe? get back online, and start the usual gibberish. jurrasic age. sheesh.
can we send MAC OS users be it intel/ppc to some outer planet/galaxy and label that planet as a hazardous zone and the tag "proceed at your own risk." because no matter what, be it windows, or linux/bsd/solaris, they are the max noise maker, like every other empty vessels all the time, while genuine mac user/dev's spend time developing new product(s).
i need an aspirin or some other headache pill. :-( this is ridiculous, sensationalization. bollocks! no wonder why divide by 0 is such a problematic problem.
yes, conficker will attack you and that will release the war heads and we all will die on 1 st of april (MAC users too).
"daddiiiiiiiiiiiiiiiiiiiiiiiiiiiiii i need a lolly pop."
ciao
Reply to this comment
by AppleRules March 31, 2009 10:54 PM PDT
Again, the ignorance here is astounding. You don't GET the malware on April 1; it is designed to BEGIN doing its damage on April 1. Chances are you waon't even notice it at first, until your CPU suddenly starts slowing down because of all the things going on behind the scenes. You can't fix what you don't understand, and hiding your head in the sand tomorrow will not make this trojan disappear for PC users. Good luck, and I mean that.
by hellomad April 1, 2009 6:05 AM PDT
frankly you got no 2 cheapest currency info/idea about how things work either. prolly you are an injured head uber moron. all the worms/virus/et al are written in assembly. and there been many instances where a cross platform cross arch worm can be devastating for any OS being used up. if you know how to tune up and get into the inside mechanics? then you will be least worried. heard this line? "better be safe, then security is a distant issue."
and if you again read the post than a BLUNT arguement? you will see i made a mockery of the so much hype about conficker worm/virus. world has more than 150,000 computers. and if thats so? that all the systems under windows are vulnerable? then how come so many more windows PC are still not infected? do those windows OS mutant variety even when online? like from some outer galaxy M$ merger with alien technology?
you need to stop playing games on your X-BOX and whine here about every mock post which you never understand. seriously IDIOTS NEEDS TO BE SHOT AT THE TIME OF THEIR BIRTH. this way we can solve 98% problems of this planet.
i have seen many ran windows non stop for more than 20 days w/o slowdown/reboot/virus attack? how is that possible? and i have seen many linux/bsd/unices ran for more than 2 years non stop, with advancements via loadable kernel modules than a new kernel a reboot? HOW?
and mac? mac is a mix of mach 3.0 and freebsd. so if you are asking to switch to MAC you are asking to move from windows and linux to freebsd. and since there is a port for freebsd ppc/ppc64? we might as well install freebsd for that port and carry our work. thus? WHINING AND ARGUING MAC USERS ARE USELESS AND NEEDS TO BE SHOT WITH A TRANQUALIZER WHENEVER ONLINE. and
You can't fix what you don't understand, and hiding your head in the sand tomorrow will not make this trojan disappear for PC users. Good luck, and I mean that.
oh oh oh, wow wow oooooooooo, you must be an alien. where is will smith and tommy lee jones when we need them most, else flash the memory eraser, i will take my glass off. i guess applerules is just a figment of my wild IT imagination.
in windows there is a nice tool from sysinternals where you can see how your file and filesystem and process and et all behaves, frikkin idiot. if you download those and install, if you run those utils and look at the console and not stare like how all whining mac users DO, you will see how your windows OS changes its behaviour when new software products are introduced. remember sysinternal's rootkit revealer? idiot. no wonder why any one sensible silently ignores MAC users comments to the dustbin of history. RETARD.
IGNORANT ABNORMAL MORON oh and here a bonus too, ABSOLUTE IDIOT.
by hellomad April 1, 2009 6:12 AM PDT
adding more fuel to this fiery post of mine, MAC got PPC/PPC64 and intel processors. now if MAC OSX is so kewl as per see of all abnormal internet goat herding MAC bloat users, how come they introduced intel processors? HUH? answer that. seriously applerules YAAFM. google YAAFM. when apart from publicity and advertisement and marketing mind playing words? all OS work in similar fashion? clearly it proves the point you know jack of what you are talking about. WHAT IS THE POINT YOU ARE TRYING TO PROVE? "I AM AN IDIOT." well, seeing from your post reply i already came to that conclusion. rest is history. i have decided to dump all your comments to the dustbin of history. PERIOD.
nanana nanananana
NOW WHO IS IGNORANT? ;-) ha ha ha ha! appleruled got pwned man!
by AppleRules April 1, 2009 9:39 AM PDT
Hellomad: you make no sense whatsover. I must presume English is not your first language. If it is, then the education system is in worse shape than I thought. Have a nice day.
by artwerks April 2, 2009 9:07 AM PDT
hellomad,
Do you think that Microsoft puts out Intel processors? If that is the case, then I suppose you think Motorola is owned by Apple. That is who put out the processors that Macs used for a long time. Apple switched to Intel for the same reason that most manufacturers switch components of the products they make. Usually, cost effectiveness. A processor can be used with any operating system. I could also ask why Michael Dell stated that he would use Mac OS X on all of his computers if Apple would sell the operating system to Dell? A computer is a computer. All operating systems have flaws. You have to remember when speaking about operating systems, you are not necessarily talking about the performance of the computer itself. In performance tests, most Macs perform better than most Windows-based machines. That doesn't mean that the operating system is better. Just the hardware. Windows-based computers that outperform Mac computers are out there but, usually cost way more than a stock Mac. When you see that a Mac cost $2500 compared to $899 for a Windows- based machine, it is easy to say that Macs are overpriced. If you look at the performance tests you will understand that stock Macs are better equipped than stock Windows computers. Once you upgrade a Windows computer to the performance of a Mac, you have spent the same amount or. in most cases, more than you would spend on a Mac.
by artwerks April 2, 2009 9:18 AM PDT
By the way hellomad, I believe in adding proof to posts where I claim something to be true. Here is a link that talks about Dell's interest in Mac OS X. http://www.theregister.co.uk/2005/06/16/dell_eyes_apple/

Also, if you go to Google, type in Dell Mac OS X, you will find several articles that talk about many people already using Mac OS X on a Dell Inspiron Mini 9.
by artwerks April 2, 2009 9:30 AM PDT
Once again, hellomad, here is proof of a claim. The url below will take you to a article describing a test between a 1986 Mac Plus computer and a 2007 AMD Dual -Core Windows machine. Guess which computer won 53% of the time. The old 1987 Mac Plus. That is why I use Macs. Not because their system software is better. Because their hardware works better.
by artwerks April 2, 2009 10:15 AM PDT
Sorry. I got interrupted and forgot to post the url.

http://hubpages.com/hub/_86_Mac_Plus_Vs_07_AMD_DualCore_You_Wont_Believe_Who_Wins
by ralfthedog April 2, 2009 12:39 PM PDT
Please don't give Hellomad a hard time. We should feel sorry for him. Rabies does not have a cure.

PS. Hellomad, Please try to keep hydrated. I know it hurts to swallow.
by AWuchner April 1, 2009 4:23 AM PDT
My team created a step by step instruction to identify and fix Conficker infections on all kind of systems including Windows domain controller. You can find the instruction on my blog at http://ITRiskSpace.com Positive feedback already available.

Enjoy
-Andreas
Reply to this comment
(104 Comments)
  • prev
  • 1
  • next

The 411 on early-termination fees

Verizon Wireless has doubled its early-termination fees for smartphones, but what does it mean for the rest of the industry?

Google has its own plan for Netbooks

No, the search giant isn't saying it will build a Netbook. But it sure knows what it would like one running Chrome OS to resemble, and that's a little different from the Netbook of today.
• Screenshot tour of Chrome OS

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET