Tuesday, March 31, 2009

Conficker... the usual April Fool's day scare, plus media hype

And obviously those in the media "reporting" about the worm known as Conficker (I can't help but see a German word in the last two syllables. Hint: it's similar to a heavy loaded insult in English) just keep copying and pasting the same blown out of proportion "story." When it comes to technology, computers, Internet and related subjects frankly few 'communicators' know what they're talking about. Look at what they did to Vista and all of them were wrong (maybe somehow right in winter 2007, but that was it). The public at large and some lazy IT staff would believe them... and would repeat the "rumors"... but enough about hot air. Not to belittle the actual threat I have to quote Microsoft: On October 23, 2008, Microsoft released a critical security update, MS08-067, to resolve a vulnerability in the Server service of Windows that, at the time of release, was facing targeted, limited attack. The vulnerability could allow an anonymous attacker to successfully take full control of a vulnerable system through a network-based attack, the sort of vectors typically associated with network "worms." Read everything related to Conficker directly from Microsoft: what could happen tomorrow, how to protect PCs from this worm, how to clean them once infected and a thorough timeline from November 2008 till present. I personally don't want to pay much attention to this, not only because I believe my iolo Antivirus and my built-in Windows Firewall are taking care of it, but also because it may be just another IT urban legend (c'mon! you're smart and you're not going to click on the "congratulations!" banner...). Besides, I like to read a refreshingly calm view cutting through the bull.... On the other hand, on Vista and Windows Server 2008, the combination of Address Space Layout Randomization (ASLR) and Data Execution Protection (DEP) will make the exploitation of this vulnerability more difficult. Windows 2000, XP and Server 2003 have it tougher. Read more...

No comments: