Free Republic
Browse · Search 		General/Chat
Topics · Post Article

To: Swordmaker

"Can't you read? The link you posted had 12,000 bad WINDOWS SERVERS in 45 minutes!"

Yes I can read but evidently you can't. The story is about how the small population of apple machines doesn't make them immune. Those were apple's.


83 posted on 01/08/2007 3:47:40 PM PST by driftdiver
[ Post Reply | Private Reply | To 82 | View Replies ]

To: driftdiver; zeugma
Yes I can read but evidently you can't. The story is about how the small population of apple machines doesn't make them immune. Those were apple's.

The story was offering proof that virus writers HAD INDEED written a virus attacking a very small population of vulnerable computers, thereby showing that "Security by Obscurity," is not an adequate explanation for Mac OS X's seeming immunity to malware.

It pointed out that a small population of approximately 12,000 Microsoft Windows computers running a firewall provided by Internet Security Systems (ISS), BlackICE Firewall, which was found to have an exploitable vulnerability. ISS does not make Macintosh software.

Microsoft Windows computers "protected" by BlackICE were infected by the Witty Worm virus even though ISS had provided a patch for the vulnerability a couple of weeks before the Witty Worm was released into the wild because 12,000 of them didn't bother to install the patch.

Every single vulnerable ISS BlackICE "protected" MIcrosoft Windows computer was infected within 45 minutes of the Witty Worm's release, regardless of where they were on the internet!

Symantec has this to say about the Witty Worm:

Discovered: March 20, 2004
Updated: March 22, 2004 03:11:14 PM PST
Also Known As: W32/Witty.worm [McAfee], WORM_WITTY.A [Trend]
Type: Worm
Infection Length: 660 bytes, may vary
Systems Affected: Windows 2000, Windows 95, Windows 98,
Windows Me, Windows NT, Windows Server 2003, Windows XP

W32.Witty.Worm uses a vulnerability in ICQ parsing by ISS products.
The worm sends itself to multiple IP addresses using UDP source port
4000 and a random destination port. The worm resides in memory only,
and does not create files on an infected computer. The worm also has a
payload that overwrites random sectors of a random hard disk.

Note: If your computer is not running a vulnerable version of one of the
affected products, then you will not be infected.

Products affected by this vulnerability are listed below:

BlackICE - Agent for Server 3.6 ebz, ecd, ece, ecf
BlackICE PC Protection 3.6 cbz, ccd, ccf
BlackICE Server Protection 3.6 cbz, ccd, ccf
RealSecure - Network 7.0, XPU 22.4 and 22.10
RealSecure Server Sensor 7.0 XPU 22.4 and 22.10
RealSecure Desktop 7.0 ebf, ebj, ebk, ebl
RealSecure Desktop 3.6 ebz, ecd, ece, ecf
RealSecure Guard 3.6 ebz, ecd, ece, ecf
RealSecure Sentry 3.6 ebz, ecd, ece, ecf

If you are running a product that has the vulnerability, which the worm
uses, we recommend that you apply the relevant patch as soon as possible.

Patches for this vulnerability are available at http://www.iss.net/download/."
- Source.

Now, driftdriver, do you see Macintosh or Apple listed ANYWHERE on that list?

84 posted on 01/08/2007 4:27:51 PM PST by Swordmaker (Remember, the proper pronunciation of IE is "AAAAIIIIIEEEEEEE!)
[ Post Reply | Private Reply | To 83 | View Replies ]

Free Republic
Browse · Search 		General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson