back to article Three in 10 Windows PCs still vulnerable to Conficker exploit

Three in ten systems remained unpatched against the exploit fueling the spread of the infamous Conficker worm, according to security tools firm Qualys. Conficker, aka Downadup, which began circulating in late November, exploits the MS08-067 vulnerability patched by Microsoft last October. The worm also spreads over network …

COMMENTS

This topic is closed for new posts.
  1. Pierre

    Ok, this is getting old

    "3/10 windoze PC vulnerable". Who cares. Not their owners apparently (afraid of the AdvantageOfDoom maybe?). Nor the (wise) sysadmin who has some control on his local network.

    And I'd bet the guys who run non-legit copies (and thus can't update -presumably-*) are not the less secure...

    * I really couldn't say, my win2k installs _are_ legit...

  2. Dave Silver badge
    Linux

    I wonder...

    "Conficker, aka Downadup, [...] exploits the MS08-067 vulnerability patched by Microsoft last October"

    and

    "The worm has been able to build the largest botnet on record largely because sys admins have been slow to cut down the vulnerability responsible for fueling its spread."

    And what's the betting that the majority of comments on this will be bashing MS (who fixed this) rather than the sysadmins (who didn't apply the fix)?

  3. Philip J.F. Quinlan
    Gates Horns

    OK, Windows has it's security problems

    But this update was flagged all over the net and even on the mainstream media, it's hard to believe that this is because sysadmins are failing to deploy the update.

    Personally I suspect that this is caused by machines that fail the WGA test and as a result can't get the patch.

    Is there any data on what machines they scanned?

  4. Evil Auditor Silver badge

    @Dave

    "the majority of comments on this will be bashing MS"

    You may be right. But I, for my part, am going to bash (literally) IT Ops and their management.

    Sometimes I love my job...

    EA

  5. Colin Millar
    Boffin

    WGA is not an issue

    pick your os and download

    http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

  6. Fred
    Coat

    More hassle than its worth

    Ha ha ha,

    Why are people paying for an operating system that need more money to be spent on anti-virus software that works, and then note that half of the time that their PC is on it has to scandisk/defrag/virus scan/spyware/scan/install patches, when their time would be better spent learing how to use a more secure operating system like, say Ubuntu? Perhaps they're not smart enough?

    Flame away, Wintards!

  7. Anonymous Coward
    Boffin

    @WGA is not an issue

    Manually downloading MS patches is not practical, unless you're an IT admin and it's your job. There's just too many of them, it's hard to figure out which ones are needed, they have to be applied in the right order, and they each require a reboot.

    Thankfully the Autopatcher project seems to be going again, after being temporarily shut down by a nastygram from MS's lawyers. That's the only easy way I know to download patches on my broadband connection, burn them to CD, and have them ready to apply to friend's PCs.

    However, I _believe_ that Automatic Updates works without WGA, it's just the windowsupdate web site that requires WGA.

  8. Anonymous Coward
    Stop

    You can lead an Admin to a patch

    but you can't make them install it.

    Probably because they would have to do it out of hours or on their lunch break.

    In fairness though, it's a shame that so many of Microsoft's patches require a restart to be applied, You would think that by now Microsoft could come up with a patch system could allow more patching to be done while the O/S is still running.

    I'm probably being really dumb here, but I think IIS is capable of upgrading .net web apps without a restart. The old process carries on running while there are connections to it, but the new version starts a separate process and accepts all new connections. Once the old process has no further connections, it dies.

    Shame the same treatment can't be given to the O/S.

    Mind you, there are users of Windows who actually tout that they don't have the latest service pack for example. Normally, they will go on to say that some gadget or piece of software stopped working as a reason. Sadly, people believe this and follow suit. I wonder how many people of this kind are omitting the fact that they have a illegal copy of the software that stopped working, or have failed to pay for continued support?

    Some software companies are also to blame, some see a change to the O/S that breaks their software or drivers as an excuse to force people into some upgrade they have to pay for.

    FFS apply the patch, it was issued for a reason!

  9. Anonymous Coward
    Anonymous Coward

    @Fred

    Because, Freetard, unless all you want to do on your PC is surf the web, send email, write a few documents and rip CDs, the software *may* not exist for Ubuntu.

  10. Schroeder

    @Microsoft AC: 22:45

    Congratulations, you just described 99% of the computer usage of the general public. Your point was?

  11. Anonymous Coward
    Anonymous Coward

    @Fred; @AC; @Schroeder

    And of those 99% of the personal computing general public, what percentage will be of the ilk who say "but that's not like the Windows that I'm used to and so I'm not going to use it" when you stick Ubuntu in front of them? And before anyone starts into the whole educate them thing, remember that most of these folks do not want to bother learning new things and don't have the same interests we do in terms of IT.

    If Linux wants mass adoption it needs a snazzier advertising campaign than "It's not Windows and cheaper than OSX" and subsequently sneering down their collectively snobby noses upon anyone else who asks about it. It might be better but it won't be successful until a significant proportion of the world adopts one of the family of distros and it can achieve the critical mass to challenge either of the other two big players. Of course, when and if it reaches such a level, I can see its popularity creating a nice legitimate target for malware writers to put serious effort into causing trouble for the user base which will have been converted with the belief that protection is no longer needed and we see the cycle start all over again...

  12. william henderson

    at al,unbuntubois an all

    if i could get a version of ubuntu/linux/whatever to install and actually run without the need for command line knowledge, as i can with windoze, then i would use it.

    that, however, has never happened.

    as i can re build any of my 5 pc's and be net ready in under 2 hours, I'll stick with windoze and leave linux to the dedicated geeks.

    ps; none of my pc's are patched and all are service pack 0, i just have good security ware and stay away from dodgy sites, it seems to work.

  13. Schroeder

    @ the last word shrills

    Yawn, give up with the out of date FUD will you. Tell Steve to give you a new script.

    William - here's a hint.

    Kubuntu standard install < 30 mins, including Open Office, Firefox and Nvidia's 3D drivers - No command line trickery needed, just a few simple questions answered and off you go.

    MS XP Pro install > 4hours, including updates, the need locate driver CD's or downloads. Oh and the requirement to install a 3rd party AV / firewall product before going on line for updates.

    Both done recently, on standard spec PCs.

    Your either FUDing or have been taken in by the FUD. As for keeping away from dodgy sites - you have read all the recent articles about malware gangs preferring to go the route of infected adds served off 'brand name' sites now haven't you? Maybe you DO need to do some patching, if you aren't just trolling.

    As for the 'it looks different - so they'll run away' AC. I guess that's why Microsoft has never changed the windows interface with each subsequent release?

    The real differences in computer GUIs have been so little, for so long, I'd compare it to the issue of getting a new car. Yes, the lights and other functions may move, but the steering wheel and pedals tend to stay in same place. But of course, you employer likes to make sure that idea is swamped by a mountain of FUD.

    And yes, I've put Linux installs ( way back to SuSE 6.4) in front of people who would qualify as 'uninterested in IT'. And they didn't comment about any differences, they just got on with what they were doing.

    You also reuse that other tired strawman, 'if it was popular, it would be targeted and be as vunerable' . It is popular, and it is targeted - on nice big juicy powerful web servers. And because it was designed with networking and security in mind in the first place, it's still far more secure than Windows, which is one of the reasons it popular for such tasks. ( and from what I gather it's the most popular OS base used in dedicated firewalls, even those run by Microsoft ).

    You know, most Linux users aren't after Linux monopolising the desktop in the way Bill so desperately wanted windows to ( 'A computer on every desk and windows on it' ). We like fair competition - it tends to ensure things improve over time. We just want to ensure that we are free to put the software we trust on OUR computers, without the need to pay a tax to prop up Microsoft. I guess that makes me a capitalist snob then?

    Unfortunately, serfs such as yourself feel so threatened by this, and so you happily flood any Linux related news stories with tired FUD, that was hardly accurate 10 years ago - windows also tended to require command line trickery then, and personally I tend to consider the registry hacks Microsoft pushes through it's knowledge base as even worse than the command line / config file hacks that MSCE's love to claim Linux always requires.

    So please give it a rest, we know who you are and its tiresome all the way down to the ' I must post AC' so my changing story can't be tracked MO.

  14. william henderson

    FUD? speak inglish

    what ever FUD is, i can re install a complete, net ready xp or 2k pc in around two hours.

    that's a 1.7ghz intel with 512meg ram and a 40gb, 7200 rpm drive.

    xp will usually run straight off without any real need for additional drivers, (never mind having the driver cd's ready to hand).

    what IS standard spec?

    sorry shroeder but no linux live cd ever went live on my machines, not that i haven't tried.

    ...and no, i haven't "read all the recent articles about malware gangs", i have friends and hobbies, I'm not a geek, nerd, troll or serf.

    in fact, i haven't read all the OLD articles about malware gangs etc. etc.

    i do know that windows works and i can fix it, untrained though i am, should the need arise.

    so thanks for the "looking down my nose at you" reply that i have come to expect from those such as you who belittle all those that dare to question the the glaringly obvious superiority of linux.

  15. Mark
    IT Angle

    "i can re install a complete, net ready xp or 2k pc in around two hours"

    You can? How? The OEM CD (which only has hardware for the original product and includes crapware you probably don't want)? Or do you have hardware so old and standard you don't need anything other than the built-in drivers (as poor as they are)?

    Now I can reinstall Linux (OS only, KDE only, no office apps, etc) in about 25 minutes if I keep a list of the things I don't want. That OS is as capable (nay, moreso) than XP, but at least comparable.

    Or take the defaults and install it in about 35-45 minutes and that gives me what I would have to install in order

    XP (Server Edition)

    Office

    PhotoShop Creative Suite

    WMP and codec updates

    Visual Basic IDE (and C, C#, .NET, ...)

    Exchange

    Dreamweaver

    Norton AV

    AVG (you need two because one will miss the other)

    (selection based on giving the functionality of doing it, not whether they are equivalent replacements: that doesn't change you need to install *something* and that these probably have the best behaved installers so will be most efficient and effective).

    NOTE: the nv driver included with Linux is more capable than the NVidia driver included with XP. As an example.

  16. william henderson

    "@ Mark Posted Friday 23rd January 2009 12:01 GMT

    norton......serves you right.

    i use eset nod32.

    i don't use oem discs, i have full licensed discs for xp and 2k.

    why i should accept criticism from a Norton user is beyond me......

    still and all, if my system works to my satisfaction WTF has it to do with you??

  17. william henderson

    "@ Mark Posted Friday 23rd January 2009 12:01 GMT

    xp server, i don't do file sharing.

    open office is free.

    arcsoft photo studio is 10% of the cost of photobloateware

    scamware is not my ting

    you need to prove something?

This topic is closed for new posts.

Other stories you might like